workers can now be specified as multiple asgs of different flavors. BYO security group now possible for both workers and cluster

modules/worker_groups/data.tf

@@ -1,9 +0,0 @@
-data "aws_ami" "eks_worker" {
-  filter {
-    name   = "name"
-    values = ["eks-worker-*"]
-  }
-
-  most_recent = true
-  owners      = ["602401143452"] # Amazon
-}

modules/worker_groups/local.tf

@@ -1,170 +0,0 @@
-locals {
-  asg_tags = ["${null_resource.tags_as_list_of_maps.*.triggers}"]
-
-  # Mapping from the node type that we selected and the max number of pods that it can run
-  # Taken from https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml
-  max_pod_per_node = {
-    c4.large    = 29
-    c4.xlarge   = 58
-    c4.2xlarge  = 58
-    c4.4xlarge  = 234
-    c4.8xlarge  = 234
-    c5.large    = 29
-    c5.xlarge   = 58
-    c5.2xlarge  = 58
-    c5.4xlarge  = 234
-    c5.9xlarge  = 234
-    c5.18xlarge = 737
-    i3.large    = 29
-    i3.xlarge   = 58
-    i3.2xlarge  = 58
-    i3.4xlarge  = 234
-    i3.8xlarge  = 234
-    i3.16xlarge = 737
-    m3.medium   = 12
-    m3.large    = 29
-    m3.xlarge   = 58
-    m3.2xlarge  = 118
-    m4.large    = 20
-    m4.xlarge   = 58
-    m4.2xlarge  = 58
-    m4.4xlarge  = 234
-    m4.10xlarge = 234
-    m5.large    = 29
-    m5.xlarge   = 58
-    m5.2xlarge  = 58
-    m5.4xlarge  = 234
-    m5.12xlarge = 234
-    m5.24xlarge = 737
-    p2.xlarge   = 58
-    p2.8xlarge  = 234
-    p2.16xlarge = 234
-    p3.2xlarge  = 58
-    p3.8xlarge  = 234
-    p3.16xlarge = 234
-    r3.xlarge   = 58
-    r3.2xlarge  = 58
-    r3.4xlarge  = 234
-    r3.8xlarge  = 234
-    r4.large    = 29
-    r4.xlarge   = 58
-    r4.2xlarge  = 58
-    r4.4xlarge  = 234
-    r4.8xlarge  = 234
-    r4.16xlarge = 737
-    t2.small    = 8
-    t2.medium   = 17
-    t2.large    = 35
-    t2.xlarge   = 44
-    t2.2xlarge  = 44
-    x1.16xlarge = 234
-    x1.32xlarge = 234
-  }
-
-  ebs_optimized_types = {
-    "c4.large"     = true
-    "c4.xlarge"    = true
-    "c4.2xlarge"   = true
-    "c4.4xlarge"   = true
-    "c4.8xlarge"   = true
-    "c5.large"     = true
-    "c5.xlarge"    = true
-    "c5.2xlarge"   = true
-    "c5.4xlarge"   = true
-    "c5.9xlarge"   = true
-    "c5.18xlarge"  = true
-    "c5d.large"    = true
-    "c5d.xlarge"   = true
-    "c5d.2xlarge"  = true
-    "c5d.4xlarge"  = true
-    "c5d.9xlarge"  = true
-    "c5d.18xlarge" = true
-    "d2.xlarge"    = true
-    "d2.2xlarge"   = true
-    "d2.4xlarge"   = true
-    "d2.8xlarge"   = true
-    "f1.2xlarge"   = true
-    "f1.16xlarge"  = true
-    "g3.4xlarge"   = true
-    "g3.8xlarge"   = true
-    "g3.16xlarge"  = true
-    "h1.2xlarge"   = true
-    "h1.4xlarge"   = true
-    "h1.8xlarge"   = true
-    "h1.16xlarge"  = true
-    "i3.large"     = true
-    "i3.xlarge"    = true
-    "i3.2xlarge"   = true
-    "i3.4xlarge"   = true
-    "i3.8xlarge"   = true
-    "i3.16xlarge"  = true
-    "i3.metal"     = true
-    "m4.large"     = true
-    "m4.xlarge"    = true
-    "m4.2xlarge"   = true
-    "m4.4xlarge"   = true
-    "m4.10xlarge"  = true
-    "m4.16xlarge"  = true
-    "m5.large"     = true
-    "m5.xlarge"    = true
-    "m5.2xlarge"   = true
-    "m5.4xlarge"   = true
-    "m5.12xlarge"  = true
-    "m5.24xlarge"  = true
-    "m5d.large"    = true
-    "m5d.xlarge"   = true
-    "m5d.2xlarge"  = true
-    "m5d.4xlarge"  = true
-    "m5d.12xlarge" = true
-    "m5d.24xlarge" = true
-    "p2.xlarge"    = true
-    "p2.8xlarge"   = true
-    "p2.16xlarge"  = true
-    "p3.2xlarge"   = true
-    "p3.8xlarge"   = true
-    "p3.16xlarge"  = true
-    "r4.large"     = true
-    "r4.xlarge"    = true
-    "r4.2xlarge"   = true
-    "r4.4xlarge"   = true
-    "r4.8xlarge"   = true
-    "r4.16xlarge"  = true
-    "x1.16xlarge"  = true
-    "x1.32xlarge"  = true
-    "x1e.xlarge"   = true
-    "x1e.2xlarge"  = true
-    "x1e.4xlarge"  = true
-    "x1e.8xlarge"  = true
-    "x1e.16xlarge" = true
-    "x1e.32xlarge" = true
-    "c5.large"     = true
-    "c5.xlarge"    = true
-    "c5.2xlarge"   = true
-    "c5d.large"    = true
-    "c5d.xlarge"   = true
-    "c5d.2xlarge"  = true
-    "m5.large"     = true
-    "m5.xlarge"    = true
-    "m5.2xlarge"   = true
-    "m5d.large"    = true
-    "m5d.xlarge"   = true
-    "m5d.2xlarge"  = true
-    "c1.xlarge"    = true
-    "c3.xlarge"    = true
-    "c3.2xlarge"   = true
-    "c3.4xlarge"   = true
-    "g2.2xlarge"   = true
-    "i2.xlarge"    = true
-    "i2.2xlarge"   = true
-    "i2.4xlarge"   = true
-    "m1.large"     = true
-    "m1.xlarge"    = true
-    "m2.2xlarge"   = true
-    "m2.4xlarge"   = true
-    "m3.xlarge"    = true
-    "m3.2xlarge"   = true
-    "r3.xlarge"    = true
-    "r3.2xlarge"   = true
-    "r3.4xlarge"   = true
-  }
-}

modules/worker_groups/main.tf

@@ -1,61 +0,0 @@
-resource "aws_autoscaling_group" "workers" {
-  name_prefix          = "${lookup(var.worker_groups[count.index], "name")}.${var.cluster_name}"
-  launch_configuration = "${element(aws_launch_configuration.workers.*.id, count.index)}"
-  desired_capacity     = "${lookup(var.worker_groups[count.index], "asg_desired_capacity")}"
-  max_size             = "${lookup(var.worker_groups[count.index], "asg_max_size")}"
-  min_size             = "${lookup(var.worker_groups[count.index], "asg_min_size")}"
-  vpc_zone_identifier  = ["${var.subnets}"]
-  count                = "${length(var.worker_groups)}"
-
-  tags = ["${concat(
-    list(
-      map("key", "Name", "value", "${lookup(var.worker_groups[count.index], "name")}.${var.cluster_name}-eks_asg", "propagate_at_launch", true),
-      map("key", "kubernetes.io/cluster/${var.cluster_name}", "value", "owned", "propagate_at_launch", true),
-    ),
-    local.asg_tags)
-  }"]
-}
-
-resource "aws_launch_configuration" "workers" {
-  name_prefix                 = "${lookup(var.worker_groups[count.index], "name")}.${lookup(var.worker_groups[count.index], "name")}.${var.cluster_name}"
-  associate_public_ip_address = true
-  iam_instance_profile        = "${var.iam_instance_profile}"
-  image_id                    = "${lookup(var.worker_groups[count.index], "ami_id") == "" ? data.aws_ami.eks_worker.id : lookup(var.worker_groups[count.index], "ami_id")}"
-  instance_type               = "${lookup(var.worker_groups[count.index], "instance_type")}"
-  security_groups             = ["${var.security_group_id}"]
-  user_data_base64            = "${base64encode(element(data.template_file.userdata.*.rendered, count.index))}"
-  ebs_optimized               = "${var.ebs_optimized_workers ? lookup(local.ebs_optimized_types, lookup(var.worker_groups[count.index], "instance_type"), false) : false}"
-  count                       = "${length(var.worker_groups)}"
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  root_block_device {
-    delete_on_termination = true
-  }
-}
-
-data template_file userdata {
-  template = "${file("${path.module}/templates/userdata.sh.tpl")}"
-  count    = "${length(var.worker_groups)}"
-
-  vars {
-    region              = "${var.aws_region}"
-    max_pod_count       = "${lookup(local.max_pod_per_node, lookup(var.worker_groups[count.index], "instance_type"))}"
-    cluster_name        = "${var.cluster_name}"
-    endpoint            = "${var.endpoint}"
-    cluster_auth_base64 = "${var.certificate_authority}"
-    additional_userdata = "${var.additional_userdata}"
-  }
-}
-
-resource "null_resource" "tags_as_list_of_maps" {
-  count = "${length(keys(var.tags))}"
-
-  triggers = "${map(
-    "key", "${element(keys(var.tags), count.index)}",
-    "value", "${element(values(var.tags), count.index)}",
-    "propagate_at_launch", "true"
-  )}"
-}

modules/worker_groups/templates/userdata.sh.tpl

@@ -1,30 +0,0 @@
-#!/bin/bash -xe
-
-# Certificate Authority config
-CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
-CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
-mkdir -p $CA_CERTIFICATE_DIRECTORY
-echo "${cluster_auth_base64}" | base64 -d >$CA_CERTIFICATE_FILE_PATH
-
-# Authenticatoin
-INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
-sed -i s,MASTER_ENDPOINT,${endpoint},g /var/lib/kubelet/kubeconfig
-sed -i s,CLUSTER_NAME,${cluster_name},g /var/lib/kubelet/kubeconfig
-sed -i s,REGION,${region},g /etc/systemd/system/kubelet.service
-sed -i s,MAX_PODS,${max_pod_count},g /etc/systemd/system/kubelet.service
-sed -i s,MASTER_ENDPOINT,${endpoint},g /etc/systemd/system/kubelet.service
-sed -i s,INTERNAL_IP,$INTERNAL_IP,g /etc/systemd/system/kubelet.service
-
-# DNS cluster configuration
-DNS_CLUSTER_IP=10.100.0.10
-if [[ $INTERNAL_IP == 10.* ]]; then DNS_CLUSTER_IP=172.20.0.10; fi
-sed -i s,DNS_CLUSTER_IP,$DNS_CLUSTER_IP,g /etc/systemd/system/kubelet.service
-sed -i s,CERTIFICATE_AUTHORITY_FILE,$CA_CERTIFICATE_FILE_PATH,g /var/lib/kubelet/kubeconfig
-sed -i s,CLIENT_CA_FILE,$CA_CERTIFICATE_FILE_PATH,g /etc/systemd/system/kubelet.service
-
-# start services
-systemctl daemon-reload
-systemctl restart kubelet kube-proxy
-
-# Allow user supplied userdata code
-${additional_userdata}

modules/worker_groups/variables.tf

@@ -1,64 +0,0 @@
-variable "additional_userdata" {
-  description = "Extra lines of userdata (bash) which are appended to the default userdata code."
-  default     = ""
-}
-
-variable "aws_region" {
-  description = "The AWS region where the cluster resides."
-}
-
-variable "certificate_authority" {
-  description = "Base64 encoded certificate authority of the cluster."
-}
-
-variable "cluster_name" {
-  description = "Name of the EKS cluster which is also used as a prefix in names of related resources."
-}
-
-variable "ebs_optimized_workers" {
-  description = "If left at default of true, will use ebs optimization if available on the given instance type."
-  default     = true
-}
-
-variable "endpoint" {
-  description = "API endpoint of the cluster."
-}
-
-variable "iam_instance_profile" {
-  description = "Worker IAM instance profile name."
-}
-
-variable "security_group_id" {
-  description = "Worker security group ID."
-}
-
-variable "subnets" {
-  description = "A list of subnets to associate with the cluster's underlying instances."
-  type        = "list"
-}
-
-variable "tags" {
-  description = "A map of tags to add to all resources."
-  default     = {}
-}
-
-variable "workers_ami_id" {
-  description = "AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI."
-  default     = ""
-}
-
-variable "worker_groups" {
-  description = "A list of maps defining worker group configurations."
-  type        = "list"
-
-  default = [
-    {
-      name                 = "nodes"    # Name of the worker group.
-      ami_id               = ""         # AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI.
-      asg_desired_capacity = "1"        # Desired worker capacity in the autoscaling group.
-      asg_max_size         = "3"        # Maximum worker capacity in the autoscaling group.
-      asg_min_size         = "1"        # Minimum worker capacity in the autoscaling group.
-      instance_type        = "m4.large" # Size of the workers instances.
-    },
-  ]
-}