chore: Update documentation related to default EKS node group settings and v18.x security group changes (#1760)

2026-03-20 00:23:46 +01:00 · 2022-01-10 11:57:23 -05:00
parent a1d28a721a
commit 7babe87775
5 changed files with 50 additions and 9 deletions
--- a/examples/eks_managed_node_group/README.md
+++ b/examples/eks_managed_node_group/README.md
@@ -32,6 +32,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.64 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 2.2 |

 ## Providers

@@ -39,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.64 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 2.2 |

 ## Modules

@@ -51,11 +53,13 @@ Note that this example may create resources which cost money. Run `terraform des

 | Name | Type |
 |------|------|
+| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
 | [aws_kms_key.ebs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 | [aws_kms_key.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 | [aws_launch_template.external](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
 | [aws_security_group.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [null_resource.patch](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 | [aws_iam_policy_document.ebs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
--- a/examples/eks_managed_node_group/main.tf
+++ b/examples/eks_managed_node_group/main.tf
@@ -68,10 +68,25 @@ module "eks" {

  eks_managed_node_groups = {
    # Default node group - as provided by AWS EKS
-    default_node_group = {}
+    default_node_group = {
+      # By default, the module creates a launch template to ensure tags are propagated to instances, etc.,
+      # so we need to disable it to use the default template provided by the AWS EKS managed node group service
+      create_launch_template = false
+      launch_template_name   = ""
+
+      # Remote access cannot be specified with a launch template
+      remote_access = {
+        ec2_ssh_key = aws_key_pair.this.key_name
+      }
+    }

    # Default node group - as provided by AWS EKS using Bottlerocket
    bottlerocket_default = {
+      # By default, the module creates a launch template to ensure tags are propagated to instances, etc.,
+      # so we need to disable it to use the default template provided by the AWS EKS managed node group service
+      create_launch_template = false
+      launch_template_name   = ""
+
      ami_type = "BOTTLEROCKET_x86_64"
      platform = "bottlerocket"
    }
@@ -122,20 +137,23 @@ module "eks" {

    # Use a custom AMI
    custom_ami = {
+      ami_type = "AL2_ARM_64"
      # Current default AMI used by managed node groups - pseudo "custom"
-      ami_id = "ami-0caf35bc73450c396"
+      ami_id = "ami-01dc0aa438e3214c2" # ARM

      # This will ensure the boostrap user data is used to join the node
      # By default, EKS managed node groups will not append bootstrap script;
      # this adds it back in using the default template provided by the module
      # Note: this assumes the AMI provided is an EKS optimized AMI derivative
      enable_bootstrap_user_data = true
+
+      instance_types = ["t4g.medium"]
    }

    # Complete
    complete = {
      name            = "complete-eks-mng"
-      use_name_prefix = false
+      use_name_prefix = true

      subnet_ids = module.vpc.private_subnets

@@ -173,10 +191,6 @@ module "eks" {
        }
      ]

-      remote_access = {
-        ec2_ssh_key = "my-ssh-key"
-      }
-
      update_config = {
        max_unavailable_percentage = 50 # or set `max_unavailable`
      }
@@ -475,6 +489,7 @@ resource "aws_launch_template" "external" {
    resource_type = "instance"

    tags = {
+      Name      = "external_lt"
      CustomTag = "Instance custom tag"
    }
  }
@@ -503,3 +518,14 @@ resource "aws_launch_template" "external" {
    create_before_destroy = true
  }
 }
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "aws_key_pair" "this" {
+  key_name_prefix = local.name
+  public_key      = tls_private_key.this.public_key_openssh
+
+  tags = local.tags
+}
--- a/examples/eks_managed_node_group/versions.tf
+++ b/examples/eks_managed_node_group/versions.tf
@@ -10,5 +10,9 @@ terraform {
      source  = "hashicorp/null"
      version = ">= 3.0"
    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 2.2"
+    }
  }
 }