fix: set an ASG's launch template version to an explicit version to automatically trigger instance refresh (#1370)

NOTES: Set an ASG's launch template version to an explicit version automatically. This will ensure that an instance refresh will be triggered whenever the launch template changes. The default `launch_template_version` is now used to determine the latest or default version of the created launch template for self-managed worker groups. Signed-off-by: Benjamin Ash <bash@intelerad.com> Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
2026-03-11 21:11:32 +01:00 · 2021-05-19 10:34:59 -04:00
parent a639cf5138
commit a2761ad685
3 changed files with 27 additions and 7 deletions
--- a/examples/instance_refresh/main.tf
+++ b/examples/instance_refresh/main.tf
@@ -217,10 +217,9 @@ resource "helm_release" "aws_node_termination_handler" {
 # ensures that node termination does not require the lifecycle action to be completed,
 # and thus allows the ASG to be destroyed cleanly.
 resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" {
-  for_each = toset(module.eks.workers_asg_names)
-
+  count                  = length(module.eks.workers_asg_names)
  name                   = "aws-node-termination-handler"
-  autoscaling_group_name = each.value
+  autoscaling_group_name = module.eks.workers_asg_names[count.index]
  lifecycle_transition   = "autoscaling:EC2_INSTANCE_TERMINATING"
  heartbeat_timeout      = 300
  default_result         = "CONTINUE"
@@ -239,9 +238,11 @@ module "eks" {
      asg_max_size                         = 2
      asg_desired_capacity                 = 2
      instance_refresh_enabled             = true
-      instance_refresh_triggers            = ["tag"]
+      instance_refresh_instance_warmup     = 60
      public_ip                            = true
      metadata_http_put_response_hop_limit = 3
+      update_default_version               = true
+      instance_refresh_triggers            = ["tag"]
      tags = [
        {
          key                 = "aws-node-termination-handler/managed"
--- a/local.tf
+++ b/local.tf
@@ -75,7 +75,8 @@ locals {
    root_block_device_name               = data.aws_ami.eks_worker.root_device_name # Root device name for workers. If non is provided, will assume default AMI was used.
    root_kms_key_id                      = ""                                       # The KMS key to use when encrypting the root storage device
    launch_template_id                   = null                                     # The id of the launch template used for managed node_groups
-    launch_template_version              = "$Latest"                                # The lastest version of the launch template to use in the autoscaling group
+    launch_template_version              = "$Latest"                                # The latest version of the launch template to use in the autoscaling group
+    update_default_version               = false                                    # Update the autoscaling group launch template's default version upon each update
    launch_template_placement_tenancy    = "default"                                # The placement tenancy for instances
    launch_template_placement_group      = null                                     # The name of the placement group into which to launch the instances, if any.
    root_encrypted                       = false                                    # Whether the volume should be encrypted or not
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -141,7 +141,13 @@ resource "aws_autoscaling_group" "workers_launch_template" {
          version = lookup(
            var.worker_groups_launch_template[count.index],
            "launch_template_version",
-            local.workers_group_defaults["launch_template_version"],
+            lookup(
+              var.worker_groups_launch_template[count.index],
+              "launch_template_version",
+              local.workers_group_defaults["launch_template_version"]
+            ) == "$Latest"
+            ? aws_launch_template.workers_launch_template.*.latest_version[count.index]
+            : aws_launch_template.workers_launch_template.*.default_version[count.index]
          )
        }

@@ -169,7 +175,13 @@ resource "aws_autoscaling_group" "workers_launch_template" {
      version = lookup(
        var.worker_groups_launch_template[count.index],
        "launch_template_version",
-        local.workers_group_defaults["launch_template_version"],
+        lookup(
+          var.worker_groups_launch_template[count.index],
+          "launch_template_version",
+          local.workers_group_defaults["launch_template_version"]
+        ) == "$Latest"
+        ? aws_launch_template.workers_launch_template.*.latest_version[count.index]
+        : aws_launch_template.workers_launch_template.*.default_version[count.index]
      )
    }
  }
@@ -278,6 +290,12 @@ resource "aws_launch_template" "workers_launch_template" {
    count.index,
  )}"

+  update_default_version = lookup(
+    var.worker_groups_launch_template[count.index],
+    "update_default_version",
+    local.workers_group_defaults["update_default_version"],
+  )
+
  network_interfaces {
    associate_public_ip_address = lookup(
      var.worker_groups_launch_template[count.index],