Adding new mixed type of worker group with instance overrides and mixed instances policy (#371)

* Adding new mixed type of worker group with instance overrides and mixed instances policy * moving all count and lifecycle rule parameters to top/bottom * adding custom IAM parts * updating doc with new options * fixes for spot instances
2026-03-17 23:13:46 +01:00 · 2019-05-07 16:50:42 +02:00
parent 2439c25771
commit ae2f8e58db
13 changed files with 285 additions and 117 deletions
--- a/cluster.tf
+++ b/cluster.tf
@@ -23,14 +23,15 @@ resource "aws_eks_cluster" "this" {
 }

 resource "aws_security_group" "cluster" {
+  count       = "${var.cluster_create_security_group ? 1 : 0}"
  name_prefix = "${var.cluster_name}"
  description = "EKS cluster security group."
  vpc_id      = "${var.vpc_id}"
  tags        = "${merge(var.tags, map("Name", "${var.cluster_name}-eks_cluster_sg"))}"
-  count       = "${var.cluster_create_security_group ? 1 : 0}"
 }

 resource "aws_security_group_rule" "cluster_egress_internet" {
+  count             = "${var.cluster_create_security_group ? 1 : 0}"
  description       = "Allow cluster egress access to the Internet."
  protocol          = "-1"
  security_group_id = "${aws_security_group.cluster.id}"
@@ -38,10 +39,10 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
  from_port         = 0
  to_port           = 0
  type              = "egress"
-  count             = "${var.cluster_create_security_group ? 1 : 0}"
 }

 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
+  count                    = "${var.cluster_create_security_group ? 1 : 0}"
  description              = "Allow pods to communicate with the EKS cluster API."
  protocol                 = "tcp"
  security_group_id        = "${aws_security_group.cluster.id}"
@@ -49,26 +50,25 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" {
  from_port                = 443
  to_port                  = 443
  type                     = "ingress"
-  count                    = "${var.cluster_create_security_group ? 1 : 0}"
 }

 resource "aws_iam_role" "cluster" {
+  count                 = "${var.manage_cluster_iam_resources ? 1 : 0}"
  name_prefix           = "${var.cluster_name}"
  assume_role_policy    = "${data.aws_iam_policy_document.cluster_assume_role_policy.json}"
  permissions_boundary  = "${var.permissions_boundary}"
  path                  = "${var.iam_path}"
  force_detach_policies = true
-  count                 = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }

 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" {
+  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = "${aws_iam_role.cluster.name}"
-  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }

 resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" {
+  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
  role       = "${aws_iam_role.cluster.name}"
-  count      = "${var.manage_cluster_iam_resources ? 1 : 0}"
 }