fix: Ensure isra_tag_values can be tried before defaulting to cluster_name on Karpenter module (#2631)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2026-05-02 13:24:28 +02:00 · 2023-05-30 17:55:40 -05:00
parent f741db1b2c
commit 6c56e2ad20
22 changed files with 51 additions and 76 deletions
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -54,9 +54,9 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
 | <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | ../../modules/eks-managed-node-group | n/a |
 | <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | ../../modules/fargate-profile | n/a |
-| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | 1.1.0 |
+| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.5 |
 | <a name="module_self_managed_node_group"></a> [self\_managed\_node\_group](#module\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |

 ## Resources

--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -397,7 +397,7 @@ module "disabled_self_managed_node_group" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"

  name = local.name
  cidr = local.vpc_cidr
@@ -407,13 +407,8 @@ module "vpc" {
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
+  enable_nat_gateway = true
+  single_nat_gateway = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
@@ -463,7 +458,7 @@ resource "aws_iam_policy" "additional" {

 module "kms" {
  source  = "terraform-aws-modules/kms/aws"
-  version = "1.1.0"
+  version = "~> 1.5"

  aliases               = ["eks/${local.name}"]
  description           = "${local.name} cluster encryption key"
--- a/examples/eks_managed_node_group/README.md
+++ b/examples/eks_managed_node_group/README.md
@@ -46,7 +46,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="module_ebs_kms_key"></a> [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 1.5 |
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
 | <a name="module_key_pair"></a> [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | ~> 2.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
 | <a name="module_vpc_cni_irsa"></a> [vpc\_cni\_irsa](#module\_vpc\_cni\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 |

 ## Resources
--- a/examples/eks_managed_node_group/main.tf
+++ b/examples/eks_managed_node_group/main.tf
@@ -19,7 +19,7 @@ data "aws_availability_zones" "available" {}

 locals {
  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  cluster_version = "1.24"
+  cluster_version = "1.27"
  region          = "eu-west-1"

  vpc_cidr = "10.0.0.0/16"
@@ -300,7 +300,7 @@ module "eks" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"

  name = local.name
  cidr = local.vpc_cidr
@@ -310,21 +310,17 @@ module "vpc" {
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

-  enable_ipv6                     = true
-  assign_ipv6_address_on_creation = true
-  create_egress_only_igw          = true
+  enable_nat_gateway     = true
+  single_nat_gateway     = true
+  enable_ipv6            = true
+  create_egress_only_igw = true

-  public_subnet_ipv6_prefixes  = [0, 1, 2]
-  private_subnet_ipv6_prefixes = [3, 4, 5]
-  intra_subnet_ipv6_prefixes   = [6, 7, 8]
-
-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
+  public_subnet_ipv6_prefixes                    = [0, 1, 2]
+  public_subnet_assign_ipv6_address_on_creation  = true
+  private_subnet_ipv6_prefixes                   = [3, 4, 5]
+  private_subnet_assign_ipv6_address_on_creation = true
+  intra_subnet_ipv6_prefixes                     = [6, 7, 8]
+  intra_subnet_assign_ipv6_address_on_creation   = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
--- a/examples/fargate_profile/README.md
+++ b/examples/fargate_profile/README.md
@@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |

 ## Resources

--- a/examples/fargate_profile/main.tf
+++ b/examples/fargate_profile/main.tf
@@ -6,7 +6,7 @@ data "aws_availability_zones" "available" {}

 locals {
  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  cluster_version = "1.24"
+  cluster_version = "1.27"
  region          = "eu-west-1"

  vpc_cidr = "10.0.0.0/16"
@@ -106,7 +106,7 @@ module "eks" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"

  name = local.name
  cidr = local.vpc_cidr
@@ -116,13 +116,8 @@ module "vpc" {
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
+  enable_nat_gateway = true
+  single_nat_gateway = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -73,7 +73,7 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
 | <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | ../../modules/karpenter | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |

 ## Resources

--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -54,7 +54,7 @@ data "aws_ecrpublic_authorization_token" "token" {

 locals {
  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  cluster_version = "1.24"
+  cluster_version = "1.27"
  region          = "eu-west-1"

  vpc_cidr = "10.0.0.0/16"
@@ -286,7 +286,7 @@ resource "kubectl_manifest" "karpenter_example_deployment" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"

  name = local.name
  cidr = local.vpc_cidr
@@ -296,13 +296,8 @@ module "vpc" {
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
+  enable_nat_gateway = true
+  single_nat_gateway = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
--- a/examples/outposts/main.tf
+++ b/examples/outposts/main.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {

 locals {
  name            = "ex-${basename(path.cwd)}"
-  cluster_version = "1.21" # Required by EKS on Outposts
+  cluster_version = "1.27" # Required by EKS on Outposts

  outpost_arn   = element(tolist(data.aws_outposts_outposts.this.arns), 0)
  instance_type = element(tolist(data.aws_outposts_outpost_instance_types.this.instance_types), 0)
--- a/examples/outposts/prerequisites/main.tf
+++ b/examples/outposts/prerequisites/main.tf
@@ -56,7 +56,7 @@ module "ssm_bastion_ec2" {
    rm terraform_${local.terraform_version}_linux_amd64.zip 2> /dev/null

    # Install kubectl
-    curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl
+    curl -LO https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl
    install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

    # Remove default awscli which is v1 - we want latest v2
@@ -66,9 +66,8 @@ module "ssm_bastion_ec2" {
    ./aws/install

    # Clone repo
-    git clone https://github.com/bryantbiggs/terraform-aws-eks.git \
-    && cd /home/ssm-user/terraform-aws-eks \
-    && git checkout refactor/v19
+    git clone https://github.com/terraform-aws-modules/terraform-aws-eks.git \
+    && cd /home/ssm-user/terraform-aws-eks

    chown -R ssm-user:ssm-user /home/ssm-user/
  EOT
--- a/examples/self_managed_node_group/README.md
+++ b/examples/self_managed_node_group/README.md
@@ -42,7 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="module_ebs_kms_key"></a> [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 1.5 |
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
 | <a name="module_key_pair"></a> [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | ~> 2.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |

 ## Resources

--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -19,7 +19,7 @@ data "aws_availability_zones" "available" {}

 locals {
  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  cluster_version = "1.24"
+  cluster_version = "1.27"
  region          = "eu-west-1"

  vpc_cidr = "10.0.0.0/16"
@@ -256,7 +256,7 @@ module "eks" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"

  name = local.name
  cidr = local.vpc_cidr
@@ -266,13 +266,8 @@ module "vpc" {
  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
+  enable_nat_gateway = true
+  single_nat_gateway = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1