github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-02-20 01:27:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add ability to pass computed values to cluster_security_group_id and worker_security_group_id (#186)

Browse Source 
* Add ability to pass computer values to cluster_security_group_id and worker_security_group_id

* Fix contributer name in CHANGELOG.md

* Format variables.tf file
This commit is contained in:
rmakram-ims
2018-12-13 11:00:48 -05:00
committed by Max Williams
parent 1822a677dc
commit 9d6740e116
5 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -23,6 +23,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
- `target_group_arns` to `worker_groups` input (by @zihaoyu)
- `force_detach_policies` to `aws_iam_role` `cluster` and `workers` (by @marky-mark)
- Added sleep while trying to apply the kubernetes configurations if failed, up to 50 seconds (by @rmakram-ims)
- `cluster_create_security_group` and `worker_create_security_group`. This allows using computed cluster and worker security groups. (by @rmakram-ims)
### Changed

2
README.md
View File

@@ -101,6 +101,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| cluster\_create\_security\_group | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | string | `true` | no |
| cluster\_create\_timeout | Timeout value when creating the EKS cluster. | string | `15m` | no |
| cluster\_delete\_timeout | Timeout value when deleting the EKS cluster. | string | `15m` | no |
| cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | - | yes |
@@ -124,6 +125,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| tags | A map of tags to add to all resources. | map | `<map>` | no |
| vpc\_id | VPC where the cluster and workers will be deployed. | string | - | yes |
| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | list | `<list>` | no |
| worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | string | `true` | no |
| worker\_group\_count | The number of maps contained within the worker_groups list. | string | `1` | no |
| worker\_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | `<list>` | no |
| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no |

6
cluster.tf
View File

@@ -24,7 +24,7 @@ resource "aws_security_group" "cluster" {
description = "EKS cluster security group."
vpc_id = "${var.vpc_id}"
tags = "${merge(var.tags, map("Name", "${var.cluster_name}-eks_cluster_sg"))}"
count = "${var.cluster_security_group_id == "" ? 1 : 0}"
count = "${var.cluster_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "cluster_egress_internet" {
@@ -35,7 +35,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
from_port = 0
to_port = 0
type = "egress"
count = "${var.cluster_security_group_id == "" ? 1 : 0}"
count = "${var.cluster_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "cluster_https_worker_ingress" {
@@ -46,7 +46,7 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
from_port = 443
to_port = 443
type = "ingress"
count = "${var.cluster_security_group_id == "" ? 1 : 0}"
count = "${var.cluster_create_security_group ? 1 : 0}"
}
resource "aws_iam_role" "cluster" {

10
variables.tf
View File

@@ -158,3 +158,13 @@ variable "local_exec_interpreter" {
type = "list"
default = ["/bin/sh", "-c"]
}
variable "cluster_create_security_group" {
description = "Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`."
default = true
}
variable "worker_create_security_group" {
description = "Whether to create a security group for the workers or attach the workers to `worker_security_group_id`."
default = true
}

10
workers.tf
View File

@@ -55,7 +55,7 @@ resource "aws_security_group" "workers" {
name_prefix = "${aws_eks_cluster.this.name}"
description = "Security group for all nodes in the cluster."
vpc_id = "${var.vpc_id}"
count = "${var.worker_security_group_id == "" ? 1 : 0}"
count = "${var.worker_create_security_group ? 1 : 0}"
tags = "${merge(var.tags, map("Name", "${aws_eks_cluster.this.name}-eks_worker_sg", "kubernetes.io/cluster/${aws_eks_cluster.this.name}", "owned"
))}"
}
@@ -68,7 +68,7 @@ resource "aws_security_group_rule" "workers_egress_internet" {
from_port = 0
to_port = 0
type = "egress"
count = "${var.worker_security_group_id == "" ? 1 : 0}"
count = "${var.worker_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "workers_ingress_self" {
@@ -79,7 +79,7 @@ resource "aws_security_group_rule" "workers_ingress_self" {
from_port = 0
to_port = 65535
type = "ingress"
count = "${var.worker_security_group_id == "" ? 1 : 0}"
count = "${var.worker_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "workers_ingress_cluster" {
@@ -90,7 +90,7 @@ resource "aws_security_group_rule" "workers_ingress_cluster" {
from_port = "${var.worker_sg_ingress_from_port}"
to_port = 65535
type = "ingress"
count = "${var.worker_security_group_id == "" ? 1 : 0}"
count = "${var.worker_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "workers_ingress_cluster_https" {
@@ -101,7 +101,7 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
from_port = 443
to_port = 443
type = "ingress"
count = "${var.worker_security_group_id == "" ? 1 : 0}"
count = "${var.worker_create_security_group ? 1 : 0}"
}
resource "aws_iam_role" "workers" {