fix: Rebuild examples (#1625)

examples/instance_refresh/README.md

@@ -0,0 +1,82 @@
+# Instance refresh example
+
+This is EKS example using [instance refresh](https://aws.amazon.com/blogs/compute/introducing-instance-refresh-for-ec2-auto-scaling/) feature for worker groups.
+
+See [the official documentation](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) for more details.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.22.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.4 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.22.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws_node_termination_handler_role"></a> [aws\_node\_termination\_handler\_role](#module\_aws\_node\_termination\_handler\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 4.1.0 |
+| <a name="module_aws_node_termination_handler_sqs"></a> [aws\_node\_termination\_handler\_sqs](#module\_aws\_node\_termination\_handler\_sqs) | terraform-aws-modules/sqs/aws | ~> 3.0.0 |
+| <a name="module_eks"></a> [eks](#module\_eks) | ../.. |  |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_autoscaling_lifecycle_hook.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_lifecycle_hook) | resource |
+| [aws_cloudwatch_event_rule.aws_node_termination_handler_asg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_rule.aws_node_termination_handler_spot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_target.aws_node_termination_handler_asg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_event_target.aws_node_termination_handler_spot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_iam_policy.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [helm_release.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_iam_policy_document.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.aws_node_termination_handler_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cluster_endpoint"></a> [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for EKS control plane. |
+| <a name="output_cluster_security_group_id"></a> [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. |
+| <a name="output_config_map_aws_auth"></a> [config\_map\_aws\_auth](#output\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. |
+| <a name="output_kubectl_config"></a> [kubectl\_config](#output\_kubectl\_config) | kubectl config as generated by the module. |
+| <a name="output_sqs_queue_asg_notification_arn"></a> [sqs\_queue\_asg\_notification\_arn](#output\_sqs\_queue\_asg\_notification\_arn) | SQS queue ASG notification ARN |
+| <a name="output_sqs_queue_asg_notification_url"></a> [sqs\_queue\_asg\_notification\_url](#output\_sqs\_queue\_asg\_notification\_url) | SQS queue ASG notification URL |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/instance_refresh/main.tf

@@ -1,24 +1,18 @@
-# Based on the official aws-node-termination-handler setup guide at https://github.com/aws/aws-node-termination-handler#infrastructure-setup
-
 provider "aws" {
   region = local.region
 }
 
-data "aws_caller_identity" "current" {}
-
-data "aws_eks_cluster" "cluster" {
-  name = module.eks.cluster_id
+locals {
+  name            = "instance_refresh-${random_string.suffix.result}"
+  cluster_version = "1.20"
+  region          = "eu-west-1"
 }
 
-data "aws_eks_cluster_auth" "cluster" {
-  name = module.eks.cluster_id
-}
+################################################################################
+# EKS Module
+################################################################################
 
-provider "kubernetes" {
-  host                   = data.aws_eks_cluster.cluster.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
-  token                  = data.aws_eks_cluster_auth.cluster.token
-}
+# Based on the official aws-node-termination-handler setup guide at https://github.com/aws/aws-node-termination-handler#infrastructure-setup
 
 provider "helm" {
   kubernetes {
@@ -28,29 +22,7 @@ provider "helm" {
   }
 }
 
-data "aws_availability_zones" "available" {
-}
-
-locals {
-  cluster_name = "test-refresh-${random_string.suffix.result}"
-  region       = "eu-west-1"
-}
-
-resource "random_string" "suffix" {
-  length  = 8
-  special = false
-}
-
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0.0"
-
-  name                 = local.cluster_name
-  cidr                 = "10.0.0.0/16"
-  azs                  = data.aws_availability_zones.available.names
-  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
-  enable_dns_hostnames = true
-}
+data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "aws_node_termination_handler" {
   statement {
@@ -84,10 +56,12 @@ data "aws_iam_policy_document" "aws_node_termination_handler" {
 }
 
 resource "aws_iam_policy" "aws_node_termination_handler" {
-  name   = "${local.cluster_name}-aws-node-termination-handler"
+  name   = "${local.name}-aws-node-termination-handler"
   policy = data.aws_iam_policy_document.aws_node_termination_handler.json
 }
 
+data "aws_region" "current" {}
+
 data "aws_iam_policy_document" "aws_node_termination_handler_events" {
   statement {
     effect = "Allow"
@@ -102,7 +76,7 @@ data "aws_iam_policy_document" "aws_node_termination_handler_events" {
       "sqs:SendMessage",
     ]
     resources = [
-      "arn:aws:sqs:${local.region}:${data.aws_caller_identity.current.account_id}:${local.cluster_name}",
+      "arn:aws:sqs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${local.name}",
     ]
   }
 }
@@ -110,13 +84,13 @@ data "aws_iam_policy_document" "aws_node_termination_handler_events" {
 module "aws_node_termination_handler_sqs" {
   source                    = "terraform-aws-modules/sqs/aws"
   version                   = "~> 3.0.0"
-  name                      = local.cluster_name
+  name                      = local.name
   message_retention_seconds = 300
   policy                    = data.aws_iam_policy_document.aws_node_termination_handler_events.json
 }
 
 resource "aws_cloudwatch_event_rule" "aws_node_termination_handler_asg" {
-  name        = "${local.cluster_name}-asg-termination"
+  name        = "${local.name}-asg-termination"
   description = "Node termination event rule"
   event_pattern = jsonencode(
     {
@@ -132,13 +106,13 @@ resource "aws_cloudwatch_event_rule" "aws_node_termination_handler_asg" {
 }
 
 resource "aws_cloudwatch_event_target" "aws_node_termination_handler_asg" {
-  target_id = "${local.cluster_name}-asg-termination"
+  target_id = "${local.name}-asg-termination"
   rule      = aws_cloudwatch_event_rule.aws_node_termination_handler_asg.name
   arn       = module.aws_node_termination_handler_sqs.sqs_queue_arn
 }
 
 resource "aws_cloudwatch_event_rule" "aws_node_termination_handler_spot" {
-  name        = "${local.cluster_name}-spot-termination"
+  name        = "${local.name}-spot-termination"
   description = "Node termination event rule"
   event_pattern = jsonencode(
     {
@@ -154,7 +128,7 @@ resource "aws_cloudwatch_event_rule" "aws_node_termination_handler_spot" {
 }
 
 resource "aws_cloudwatch_event_target" "aws_node_termination_handler_spot" {
-  target_id = "${local.cluster_name}-spot-termination"
+  target_id = "${local.name}-spot-termination"
   rule      = aws_cloudwatch_event_rule.aws_node_termination_handler_spot.name
   arn       = module.aws_node_termination_handler_sqs.sqs_queue_arn
 }
@@ -163,11 +137,11 @@ module "aws_node_termination_handler_role" {
   source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
   version                       = "4.1.0"
   create_role                   = true
-  role_description              = "IRSA role for ANTH, cluster ${local.cluster_name}"
-  role_name_prefix              = local.cluster_name
+  role_description              = "IRSA role for ANTH, cluster ${local.name}"
+  role_name_prefix              = local.name
   provider_url                  = replace(module.eks.cluster_oidc_issuer_url, "https://", "")
   role_policy_arns              = [aws_iam_policy.aws_node_termination_handler.arn]
-  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.serviceaccount}"]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:aws-node-termination-handler"]
 }
 
 resource "helm_release" "aws_node_termination_handler" {
@@ -176,19 +150,19 @@ resource "helm_release" "aws_node_termination_handler" {
   ]
 
   name             = "aws-node-termination-handler"
-  namespace        = var.namespace
+  namespace        = "kube-system"
   repository       = "https://aws.github.io/eks-charts"
   chart            = "aws-node-termination-handler"
-  version          = var.aws_node_termination_handler_chart_version
+  version          = "0.15.0"
   create_namespace = true
 
   set {
     name  = "awsRegion"
-    value = local.region
+    value = data.aws_region.current.name
   }
   set {
     name  = "serviceAccount.name"
-    value = var.serviceaccount
+    value = "aws-node-termination-handler"
   }
   set {
     name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
@@ -226,12 +200,18 @@ resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" {
 }
 
 module "eks" {
-  source          = "../.."
-  cluster_name    = local.cluster_name
-  cluster_version = "1.20"
-  subnets         = module.vpc.public_subnets
-  vpc_id          = module.vpc.vpc_id
-  enable_irsa     = true
+  source = "../.."
+
+  cluster_name    = local.name
+  cluster_version = local.cluster_version
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.private_subnets
+
+  cluster_endpoint_private_access = true
+  cluster_endpoint_public_access  = true
+
+  enable_irsa = true
   worker_groups_launch_template = [
     {
       name                                 = "refresh"
@@ -257,4 +237,70 @@ module "eks" {
       ]
     }
   ]
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}
+
+################################################################################
+# Kubernetes provider configuration
+################################################################################
+
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+data "aws_availability_zones" "available" {
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 3.0"
+
+  name                 = local.name
+  cidr                 = "10.0.0.0/16"
+  azs                  = data.aws_availability_zones.available.names
+  private_subnets      = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.name}" = "shared"
+    "kubernetes.io/role/elb"              = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.name}" = "shared"
+    "kubernetes.io/role/internal-elb"     = "1"
+  }
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }

examples/instance_refresh/variables.tf

@@ -1,17 +0,0 @@
-variable "aws_node_termination_handler_chart_version" {
-  description = "Version of the aws-node-termination-handler Helm chart to install."
-  type        = string
-  default     = "0.15.0"
-}
-
-variable "namespace" {
-  description = "Namespace for the aws-node-termination-handler."
-  type        = string
-  default     = "kube-system"
-}
-
-variable "serviceaccount" {
-  description = "Serviceaccount for the aws-node-termination-handler."
-  type        = string
-  default     = "aws-node-termination-handler"
-}

examples/instance_refresh/versions.tf

@@ -5,7 +5,7 @@ terraform {
     aws        = ">= 3.22.0"
     local      = ">= 1.4"
     random     = ">= 2.1"
-    kubernetes = "~> 1.11"
-    helm       = "~> 2.1.2"
+    kubernetes = "~> 2.0"
+    helm       = "~> 2.0"
   }
 }