diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3a7d2a9..ac4b62b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,5 @@ -repos: - - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.7.4 - hooks: - - id: terraform_fmt - - id: terraform_docs - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.0.0 - hooks: - - id: check-merge-conflict - - id: trailing-whitespace - - id: check-yaml - - id: check-added-large-files +- repo: git://github.com/antonbabenko/pre-commit-terraform + rev: v1.16.0 + hooks: + - id: terraform_fmt + - id: terraform_docs diff --git a/CHANGELOG.md b/CHANGELOG.md index a1829f9..93a7cb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,19 @@ project adheres to [Semantic Versioning](http://semver.org/). ## Next release -## [[v5.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.2...HEAD)] - 2019-06-??] +## [[v5.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.0.0...HEAD)] - 2019-06-??] + +### Added + + - Write your awesome addition here (by @you) + +### Changed + + - Write your awesome change here (by @you) + +# History + +## [[v5.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.2...v5.0.0)] - 2019-05-07] ### Added @@ -25,9 +37,7 @@ project adheres to [Semantic Versioning](http://semver.org/). - Change override instance_types to list (by @nauxliu on behalf of RightCapital) - Fix toggle for IAM instance profile creation for mixed launch templates (by @jnozo) -# History - -## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07] +## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.1...v4.0.2)] - 2019-05-07] ### Changed diff --git a/README.md b/README.md index 3d15e26..fd2a79f 100644 --- a/README.md +++ b/README.md @@ -112,47 +112,47 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| cluster\_create\_security\_group | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | string | `"true"` | no | +| cluster\_create\_security\_group | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | bool | `"true"` | no | | cluster\_create\_timeout | Timeout value when creating the EKS cluster. | string | `"15m"` | no | | cluster\_delete\_timeout | Timeout value when deleting the EKS cluster. | string | `"15m"` | no | -| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list | `[]` | no | -| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | string | `"false"` | no | -| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | string | `"true"` | no | +| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | `[]` | no | +| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | bool | `"false"` | no | +| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | bool | `"true"` | no | | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no | -| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days | string | `"90"` | no | +| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | number | `"90"` | no | | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes | | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `""` | no | | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `"1.12"` | no | | config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Should end in a forward slash `/` . | string | `"./"` | no | | iam\_path | If provided, all IAM roles will be created on this path. | string | `"/"` | no | -| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list | `[]` | no | +| kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | list(string) | `[]` | no | | kubeconfig\_aws\_authenticator\_command | Command to use to fetch AWS EKS credentials. | string | `"aws-iam-authenticator"` | no | -| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list | `[]` | no | -| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map | `{}` | no | +| kubeconfig\_aws\_authenticator\_command\_args | Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]. | list(string) | `[]` | no | +| kubeconfig\_aws\_authenticator\_env\_variables | Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = "eks"}. | map(string) | `{}` | no | | kubeconfig\_name | Override the default name used for items kubeconfig. | string | `""` | no | -| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list | `[ "/bin/sh", "-c" ]` | no | +| local\_exec\_interpreter | Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice. | list(string) | `[ "/bin/sh", "-c" ]` | no | | manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no | -| manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | string | `"true"` | no | -| manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | string | `"true"` | no | -| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no | -| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no | -| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no | +| manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | bool | `"true"` | no | +| manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | bool | `"true"` | no | +| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(string) | `[]` | no | +| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(map(string)) | `[]` | no | +| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list(map(string)) | `[]` | no | | permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no | -| subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes | -| tags | A map of tags to add to all resources. | map | `{}` | no | +| subnets | A list of subnets to place the EKS cluster and workers within. | list(string) | n/a | yes | +| tags | A map of tags to add to all resources. | map(string) | `{}` | no | | vpc\_id | VPC where the cluster and workers will be deployed. | string | n/a | yes | -| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `[]` | no | +| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list(string) | `[]` | no | | worker\_ami\_name\_filter | Additional name filter for AWS EKS worker AMI. Default behaviour will get latest for the cluster_version but could be set to a release from amazon-eks-ami, e.g. "v20190220" | string | `"v*"` | no | -| worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | string | `"true"` | no | -| worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | -| worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | -| worker\_groups\_launch\_template\_mixed | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | +| worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | bool | `"true"` | no | +| worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys. | any | `[]` | no | +| worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | any | `[]` | no | +| worker\_groups\_launch\_template\_mixed | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | any | `[]` | no | | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `""` | no | -| worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `"1025"` | no | -| workers\_additional\_policies | Additional policies to be added to workers | list | `[]` | no | -| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | map | `{}` | no | -| write\_aws\_auth\_config | Whether to write the aws-auth configmap file. | string | `"true"` | no | -| write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `"true"` | no | +| worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | number | `"1025"` | no | +| workers\_additional\_policies | Additional policies to be added to workers | list(string) | `[]` | no | +| workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | any | `{}` | no | +| write\_aws\_auth\_config | Whether to write the aws-auth configmap file. | bool | `"true"` | no | +| write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | bool | `"true"` | no | ## Outputs diff --git a/cluster.tf b/cluster.tf index e39eaf5..e49fafb 100644 --- a/cluster.tf +++ b/cluster.tf @@ -1,8 +1,7 @@ resource "aws_cloudwatch_log_group" "this" { + count = length(var.cluster_enabled_log_types) > 0 ? 1 : 0 name = "/aws/eks/${var.cluster_name}/cluster" retention_in_days = var.cluster_log_retention_in_days - - count = length(var.cluster_enabled_log_types) > 0 ? 1 : 0 } resource "aws_eks_cluster" "this" { @@ -86,4 +85,3 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" { policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" role = aws_iam_role.cluster[0].name } - diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 9a25e4b..b2d3ac5 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -71,8 +71,8 @@ resource "aws_security_group" "all_worker_mgmt" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.6.0" + source = "terraform-aws-modules/vpc/aws" + version = "2.6.0" name = "test-vpc" cidr = "10.0.0.0/16" @@ -107,7 +107,7 @@ module "eks" { GithubOrg = "terraform-aws-modules" } - vpc_id = module.vpc.vpc_id + vpc_id = module.vpc.vpc_id worker_groups = [ { diff --git a/examples/launch_templates/main.tf b/examples/launch_templates/main.tf index 27414a8..edc18e2 100644 --- a/examples/launch_templates/main.tf +++ b/examples/launch_templates/main.tf @@ -24,8 +24,8 @@ resource "random_string" "suffix" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.6.0" + source = "terraform-aws-modules/vpc/aws" + version = "2.6.0" name = "test-vpc-lt" cidr = "10.0.0.0/16" @@ -38,10 +38,10 @@ module "vpc" { } module "eks" { - source = "../.." - cluster_name = local.cluster_name - subnets = module.vpc.public_subnets - vpc_id = module.vpc.vpc_id + source = "../.." + cluster_name = local.cluster_name + subnets = module.vpc.public_subnets + vpc_id = module.vpc.vpc_id worker_groups_launch_template = [ { diff --git a/examples/spot_instances/main.tf b/examples/spot_instances/main.tf index 9705be4..dc18c0e 100644 --- a/examples/spot_instances/main.tf +++ b/examples/spot_instances/main.tf @@ -24,8 +24,8 @@ resource "random_string" "suffix" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "2.6.0" + source = "terraform-aws-modules/vpc/aws" + version = "2.6.0" name = "test-vpc-spot" cidr = "10.0.0.0/16" @@ -38,20 +38,20 @@ module "vpc" { } module "eks" { - source = "../.." - cluster_name = local.cluster_name - subnets = module.vpc.public_subnets - vpc_id = module.vpc.vpc_id + source = "../.." + cluster_name = local.cluster_name + subnets = module.vpc.public_subnets + vpc_id = module.vpc.vpc_id worker_groups_launch_template_mixed = [ { - name = "spot-1" - override_instance_types = ["m5.large", "c5.large", "t3.large", "r5.large"] - spot_instance_pools = 4 - asg_max_size = 5 - asg_desired_capacity = 5 - kubelet_extra_args = "--node-labels=kubernetes.io/lifecycle=spot" - public_ip = true + name = "spot-1" + override_instance_types = ["m5.large", "c5.large", "t3.large", "r5.large"] + spot_instance_pools = 4 + asg_max_size = 5 + asg_desired_capacity = 5 + kubelet_extra_args = "--node-labels=kubernetes.io/lifecycle=spot" + public_ip = true }, ] } diff --git a/version b/version index bda368d..d3845ad 100644 --- a/version +++ b/version @@ -1 +1 @@ -v4.0.2 +v5.0.0