diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 395404e..9eda307 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.88.0
+ rev: v1.88.1
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index a640a1a..124c57a 100644
--- a/README.md
+++ b/README.md
@@ -188,7 +188,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
| [time](#requirement\_time) | >= 0.9 |
| [tls](#requirement\_tls) | >= 3.0 |
@@ -352,12 +352,14 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
| [cluster\_iam\_role\_unique\_id](#output\_cluster\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts |
| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled |
+| [cluster\_ip\_family](#output\_cluster\_ip\_family) | The IP family used by the cluster (e.g. `ipv4` or `ipv6`) |
| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster |
| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |
| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster |
| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |
| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |
| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |
+| [cluster\_service\_cidr](#output\_cluster\_service\_cidr) | The CIDR block where Kubernetes pod and service IP addresses are assigned from |
| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |
| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate |
| [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster |
diff --git a/examples/eks_managed_node_group/README.md b/examples/eks_managed_node_group/README.md
index f57a972..26f24bd 100644
--- a/examples/eks_managed_node_group/README.md
+++ b/examples/eks_managed_node_group/README.md
@@ -29,7 +29,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/examples/eks_managed_node_group/main.tf b/examples/eks_managed_node_group/main.tf
index e62b7a2..2f828ec 100644
--- a/examples/eks_managed_node_group/main.tf
+++ b/examples/eks_managed_node_group/main.tf
@@ -357,9 +357,10 @@ module "disabled_eks" {
module "eks_managed_node_group" {
source = "../../modules/eks-managed-node-group"
- name = "separate-eks-mng"
- cluster_name = module.eks.cluster_name
- cluster_version = module.eks.cluster_version
+ name = "separate-eks-mng"
+ cluster_name = module.eks.cluster_name
+ cluster_ip_family = module.eks.cluster_ip_family
+ cluster_service_cidr = module.eks.cluster_service_cidr
subnet_ids = module.vpc.private_subnets
cluster_primary_security_group_id = module.eks.cluster_primary_security_group_id
diff --git a/examples/eks_managed_node_group/versions.tf b/examples/eks_managed_node_group/versions.tf
index 876adbd..6f83215 100644
--- a/examples/eks_managed_node_group/versions.tf
+++ b/examples/eks_managed_node_group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/fargate_profile/README.md b/examples/fargate_profile/README.md
index 6f33b44..59b4b98 100644
--- a/examples/fargate_profile/README.md
+++ b/examples/fargate_profile/README.md
@@ -19,7 +19,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/examples/fargate_profile/versions.tf b/examples/fargate_profile/versions.tf
index 876adbd..6f83215 100644
--- a/examples/fargate_profile/versions.tf
+++ b/examples/fargate_profile/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index 97d5f96..69d7094 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -43,7 +43,9 @@ kubectl delete node -l karpenter.sh/provisioner-name=default
```bash
# Necessary to avoid removing Terraform's permissions too soon before its finished
# cleaning up the resources it deployed inside the cluster
-terraform state rm 'module.eks.aws_eks_access_entry.this["cluster_creator_admin"]' || true
+terraform state rm 'module.eks.aws_eks_access_entry.this["cluster_creator"]' || true
+terraform state rm 'module.eks.aws_eks_access_policy_association.this["cluster_creator_admin"]' || true
+
terraform destroy
```
@@ -54,7 +56,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
| [helm](#requirement\_helm) | >= 2.7 |
| [kubectl](#requirement\_kubectl) | >= 2.0 |
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index e48f04a..9247d6e 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -169,7 +169,7 @@ resource "helm_release" "karpenter" {
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
repository_password = data.aws_ecrpublic_authorization_token.token.password
chart = "karpenter"
- version = "v0.34.0"
+ version = "0.35.1"
wait = false
values = [
diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf
index 9cdb812..a43b64f 100644
--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/outposts/README.md b/examples/outposts/README.md
index e1daea0..6558d6b 100644
--- a/examples/outposts/README.md
+++ b/examples/outposts/README.md
@@ -48,7 +48,7 @@ terraform destroy
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
| [kubernetes](#requirement\_kubernetes) | >= 2.20 |
diff --git a/examples/outposts/prerequisites/versions.tf b/examples/outposts/prerequisites/versions.tf
index 876adbd..6f83215 100644
--- a/examples/outposts/prerequisites/versions.tf
+++ b/examples/outposts/prerequisites/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/outposts/versions.tf b/examples/outposts/versions.tf
index 6ff0747..2ac7910 100644
--- a/examples/outposts/versions.tf
+++ b/examples/outposts/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/self_managed_node_group/README.md b/examples/self_managed_node_group/README.md
index 7aea278..1307f18 100644
--- a/examples/self_managed_node_group/README.md
+++ b/examples/self_managed_node_group/README.md
@@ -25,7 +25,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/examples/self_managed_node_group/main.tf b/examples/self_managed_node_group/main.tf
index a9f228e..c18f29e 100644
--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -309,6 +309,9 @@ module "disabled_self_managed_node_group" {
source = "../../modules/self-managed-node-group"
create = false
+
+ # Hard requirement
+ cluster_service_cidr = ""
}
################################################################################
diff --git a/examples/self_managed_node_group/versions.tf b/examples/self_managed_node_group/versions.tf
index 876adbd..6f83215 100644
--- a/examples/self_managed_node_group/versions.tf
+++ b/examples/self_managed_node_group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/examples/user_data/README.md b/examples/user_data/README.md
index a84b75a..de9b419 100644
--- a/examples/user_data/README.md
+++ b/examples/user_data/README.md
@@ -17,7 +17,7 @@ $ terraform apply
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [local](#requirement\_local) | >= 2.4 |
## Providers
@@ -36,7 +36,9 @@ $ terraform apply
| [eks\_mng\_al2023\_no\_op](#module\_eks\_mng\_al2023\_no\_op) | ../../modules/_user_data | n/a |
| [eks\_mng\_al2\_additional](#module\_eks\_mng\_al2\_additional) | ../../modules/_user_data | n/a |
| [eks\_mng\_al2\_custom\_ami](#module\_eks\_mng\_al2\_custom\_ami) | ../../modules/_user_data | n/a |
+| [eks\_mng\_al2\_custom\_ami\_ipv6](#module\_eks\_mng\_al2\_custom\_ami\_ipv6) | ../../modules/_user_data | n/a |
| [eks\_mng\_al2\_custom\_template](#module\_eks\_mng\_al2\_custom\_template) | ../../modules/_user_data | n/a |
+| [eks\_mng\_al2\_disabled](#module\_eks\_mng\_al2\_disabled) | ../../modules/_user_data | n/a |
| [eks\_mng\_al2\_no\_op](#module\_eks\_mng\_al2\_no\_op) | ../../modules/_user_data | n/a |
| [eks\_mng\_bottlerocket\_additional](#module\_eks\_mng\_bottlerocket\_additional) | ../../modules/_user_data | n/a |
| [eks\_mng\_bottlerocket\_custom\_ami](#module\_eks\_mng\_bottlerocket\_custom\_ami) | ../../modules/_user_data | n/a |
@@ -50,6 +52,7 @@ $ terraform apply
| [self\_mng\_al2023\_custom\_template](#module\_self\_mng\_al2023\_custom\_template) | ../../modules/_user_data | n/a |
| [self\_mng\_al2023\_no\_op](#module\_self\_mng\_al2023\_no\_op) | ../../modules/_user_data | n/a |
| [self\_mng\_al2\_bootstrap](#module\_self\_mng\_al2\_bootstrap) | ../../modules/_user_data | n/a |
+| [self\_mng\_al2\_bootstrap\_ipv6](#module\_self\_mng\_al2\_bootstrap\_ipv6) | ../../modules/_user_data | n/a |
| [self\_mng\_al2\_custom\_template](#module\_self\_mng\_al2\_custom\_template) | ../../modules/_user_data | n/a |
| [self\_mng\_al2\_no\_op](#module\_self\_mng\_al2\_no\_op) | ../../modules/_user_data | n/a |
| [self\_mng\_bottlerocket\_bootstrap](#module\_self\_mng\_bottlerocket\_bootstrap) | ../../modules/_user_data | n/a |
@@ -69,6 +72,7 @@ $ terraform apply
| [local_file.eks_mng_al2023_no_op](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.eks_mng_al2_additional](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.eks_mng_al2_custom_ami](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.eks_mng_al2_custom_ami_ipv6](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.eks_mng_al2_custom_template](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.eks_mng_al2_no_op](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.eks_mng_bottlerocket_additional](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
@@ -83,6 +87,7 @@ $ terraform apply
| [local_file.self_mng_al2023_custom_template](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.self_mng_al2023_no_op](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.self_mng_al2_bootstrap](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.self_mng_al2_bootstrap_ipv6](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.self_mng_al2_custom_template](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.self_mng_al2_no_op](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.self_mng_bottlerocket_bootstrap](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
diff --git a/examples/user_data/main.tf b/examples/user_data/main.tf
index 35b1530..580b3d5 100644
--- a/examples/user_data/main.tf
+++ b/examples/user_data/main.tf
@@ -4,6 +4,7 @@ locals {
cluster_endpoint = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com"
cluster_auth_base64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
cluster_service_ipv4_cidr = "172.16.0.0/16"
+ cluster_service_ipv6_cidr = "fdd3:7636:68bc::/108"
cluster_service_cidr = "192.168.0.0/16"
}
@@ -11,13 +12,25 @@ locals {
# EKS managed node group - AL2
################################################################################
+module "eks_mng_al2_disabled" {
+ source = "../../modules/_user_data"
+
+ create = false
+}
+
module "eks_mng_al2_no_op" {
source = "../../modules/_user_data"
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "eks_mng_al2_additional" {
source = "../../modules/_user_data"
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
+
pre_bootstrap_user_data = <<-EOT
export USE_MAX_PODS=false
EOT
@@ -26,10 +39,32 @@ module "eks_mng_al2_additional" {
module "eks_mng_al2_custom_ami" {
source = "../../modules/_user_data"
- cluster_name = local.name
- cluster_endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_service_cidr = local.cluster_service_ipv4_cidr
+
+ enable_bootstrap_user_data = true
+
+ pre_bootstrap_user_data = <<-EOT
+ export FOO=bar
+ EOT
+
+ bootstrap_extra_args = "--kubelet-extra-args '--instance-type t3a.large'"
+
+ post_bootstrap_user_data = <<-EOT
+ echo "All done"
+ EOT
+}
+
+module "eks_mng_al2_custom_ami_ipv6" {
+ source = "../../modules/_user_data"
+
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_ip_family = "ipv6"
+ cluster_service_cidr = local.cluster_service_ipv6_cidr
enable_bootstrap_user_data = true
@@ -47,9 +82,10 @@ module "eks_mng_al2_custom_ami" {
module "eks_mng_al2_custom_template" {
source = "../../modules/_user_data"
- cluster_name = local.name
- cluster_endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_service_cidr = local.cluster_service_ipv4_cidr
user_data_template_path = "${path.module}/templates/linux_custom.tpl"
@@ -73,6 +109,9 @@ module "eks_mng_al2023_no_op" {
source = "../../modules/_user_data"
platform = "al2023"
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "eks_mng_al2023_additional" {
@@ -80,6 +119,9 @@ module "eks_mng_al2023_additional" {
platform = "al2023"
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
+
cloudinit_pre_nodeadm = [{
content = <<-EOT
---
@@ -106,9 +148,6 @@ module "eks_mng_al2023_custom_ami" {
cluster_auth_base64 = local.cluster_auth_base64
cluster_service_cidr = local.cluster_service_cidr
- # Should do nothing
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
-
enable_bootstrap_user_data = true
cloudinit_pre_nodeadm = [{
@@ -178,15 +217,16 @@ module "eks_mng_bottlerocket_no_op" {
source = "../../modules/_user_data"
platform = "bottlerocket"
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "eks_mng_bottlerocket_additional" {
source = "../../modules/_user_data"
- platform = "bottlerocket"
-
- # Should do nothing
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
+ platform = "bottlerocket"
+ cluster_service_cidr = local.cluster_service_cidr
bootstrap_extra_args = <<-EOT
# extra args added
@@ -200,9 +240,10 @@ module "eks_mng_bottlerocket_custom_ami" {
platform = "bottlerocket"
- cluster_name = local.name
- cluster_endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_service_cidr = local.cluster_service_cidr
enable_bootstrap_user_data = true
@@ -221,6 +262,8 @@ module "eks_mng_bottlerocket_custom_template" {
cluster_name = local.name
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
user_data_template_path = "${path.module}/templates/bottlerocket_custom.tpl"
@@ -239,6 +282,9 @@ module "eks_mng_windows_no_op" {
source = "../../modules/_user_data"
platform = "windows"
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "eks_mng_windows_additional" {
@@ -246,8 +292,8 @@ module "eks_mng_windows_additional" {
platform = "windows"
- # Should do nothing
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
pre_bootstrap_user_data = <<-EOT
[string]$Something = 'IDoNotKnowAnyPowerShell ¯\_(ツ)_/¯'
@@ -262,6 +308,8 @@ module "eks_mng_windows_custom_ami" {
cluster_name = local.name
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
enable_bootstrap_user_data = true
@@ -285,6 +333,9 @@ module "eks_mng_windows_custom_template" {
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
+
enable_bootstrap_user_data = true
user_data_template_path = "${path.module}/templates/windows_custom.tpl"
@@ -308,6 +359,9 @@ module "self_mng_al2_no_op" {
source = "../../modules/_user_data"
is_eks_managed_node_group = false
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "self_mng_al2_bootstrap" {
@@ -316,9 +370,34 @@ module "self_mng_al2_bootstrap" {
enable_bootstrap_user_data = true
is_eks_managed_node_group = false
- cluster_name = local.name
- cluster_endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_service_cidr = local.cluster_service_ipv4_cidr
+
+ pre_bootstrap_user_data = <<-EOT
+ echo "foo"
+ export FOO=bar
+ EOT
+
+ bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'"
+
+ post_bootstrap_user_data = <<-EOT
+ echo "All done"
+ EOT
+}
+
+module "self_mng_al2_bootstrap_ipv6" {
+ source = "../../modules/_user_data"
+
+ enable_bootstrap_user_data = true
+ is_eks_managed_node_group = false
+
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_ip_family = "ipv6"
+ cluster_service_cidr = local.cluster_service_ipv6_cidr
pre_bootstrap_user_data = <<-EOT
echo "foo"
@@ -338,9 +417,10 @@ module "self_mng_al2_custom_template" {
enable_bootstrap_user_data = true
is_eks_managed_node_group = false
- cluster_name = local.name
- cluster_endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
+ cluster_name = local.name
+ cluster_endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ cluster_service_cidr = local.cluster_service_ipv4_cidr
user_data_template_path = "${path.module}/templates/linux_custom.tpl"
@@ -366,6 +446,9 @@ module "self_mng_al2023_no_op" {
platform = "al2023"
is_eks_managed_node_group = false
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "self_mng_al2023_bootstrap" {
@@ -452,6 +535,9 @@ module "self_mng_bottlerocket_no_op" {
platform = "bottlerocket"
is_eks_managed_node_group = false
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "self_mng_bottlerocket_bootstrap" {
@@ -466,8 +552,8 @@ module "self_mng_bottlerocket_bootstrap" {
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
- # Should do nothing
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
bootstrap_extra_args = <<-EOT
# extra args added
@@ -488,6 +574,9 @@ module "self_mng_bottlerocket_custom_template" {
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
+
user_data_template_path = "${path.module}/templates/bottlerocket_custom.tpl"
bootstrap_extra_args = <<-EOT
@@ -507,6 +596,9 @@ module "self_mng_windows_no_op" {
platform = "windows"
is_eks_managed_node_group = false
+
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
}
module "self_mng_windows_bootstrap" {
@@ -521,8 +613,8 @@ module "self_mng_windows_bootstrap" {
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
- # Should do nothing
- cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
pre_bootstrap_user_data = <<-EOT
[string]$Something = 'IDoNotKnowAnyPowerShell ¯\_(ツ)_/¯'
@@ -547,6 +639,9 @@ module "self_mng_windows_custom_template" {
cluster_endpoint = local.cluster_endpoint
cluster_auth_base64 = local.cluster_auth_base64
+ # Hard requirement
+ cluster_service_cidr = local.cluster_service_cidr
+
user_data_template_path = "${path.module}/templates/windows_custom.tpl"
pre_bootstrap_user_data = <<-EOT
diff --git a/examples/user_data/outputs.tf b/examples/user_data/outputs.tf
index b407cce..dade25a 100644
--- a/examples/user_data/outputs.tf
+++ b/examples/user_data/outputs.tf
@@ -25,6 +25,11 @@ resource "local_file" "eks_mng_al2_custom_ami" {
filename = "${path.module}/rendered/al2/eks-mng-custom-ami.sh"
}
+resource "local_file" "eks_mng_al2_custom_ami_ipv6" {
+ content = base64decode(module.eks_mng_al2_custom_ami_ipv6.user_data)
+ filename = "${path.module}/rendered/al2/eks-mng-custom-ami-ipv6.sh"
+}
+
resource "local_file" "eks_mng_al2_custom_template" {
content = base64decode(module.eks_mng_al2_custom_template.user_data)
filename = "${path.module}/rendered/al2/eks-mng-custom-template.sh"
@@ -116,6 +121,11 @@ resource "local_file" "self_mng_al2_bootstrap" {
filename = "${path.module}/rendered/al2/self-mng-bootstrap.sh"
}
+resource "local_file" "self_mng_al2_bootstrap_ipv6" {
+ content = base64decode(module.self_mng_al2_bootstrap_ipv6.user_data)
+ filename = "${path.module}/rendered/al2/self-mng-bootstrap-ipv6.sh"
+}
+
resource "local_file" "self_mng_al2_custom_template" {
content = base64decode(module.self_mng_al2_custom_template.user_data)
filename = "${path.module}/rendered/al2/self-mng-custom-template.sh"
diff --git a/examples/user_data/rendered/al2/eks-mng-custom-ami-ipv6.sh b/examples/user_data/rendered/al2/eks-mng-custom-ami-ipv6.sh
new file mode 100755
index 0000000..fceb7e3
--- /dev/null
+++ b/examples/user_data/rendered/al2/eks-mng-custom-ami-ipv6.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+export FOO=bar
+B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--instance-type t3a.large' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv6 --service-ipv6-cidr fdd3:7636:68bc::/108
+echo "All done"
diff --git a/examples/user_data/rendered/al2/eks-mng-custom-ami.sh b/examples/user_data/rendered/al2/eks-mng-custom-ami.sh
index 4be9d96..c7d92a7 100755
--- a/examples/user_data/rendered/al2/eks-mng-custom-ami.sh
+++ b/examples/user_data/rendered/al2/eks-mng-custom-ami.sh
@@ -1,8 +1,8 @@
#!/bin/bash
set -e
export FOO=bar
-export SERVICE_IPV4_CIDR=172.16.0.0/16
B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
-/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--instance-type t3a.large' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--instance-type t3a.large' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv4 --service-ipv4-cidr 172.16.0.0/16
echo "All done"
diff --git a/examples/user_data/rendered/al2/eks-mng-custom-template.sh b/examples/user_data/rendered/al2/eks-mng-custom-template.sh
index d27a40a..e18460f 100755
--- a/examples/user_data/rendered/al2/eks-mng-custom-template.sh
+++ b/examples/user_data/rendered/al2/eks-mng-custom-template.sh
@@ -7,5 +7,6 @@ export FOO=bar
# Custom user data template provided for rendering
B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
-/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv4 --service-ipv4-cidr 172.16.0.0/16
echo "All done"
diff --git a/examples/user_data/rendered/al2/self-mng-bootstrap-ipv6.sh b/examples/user_data/rendered/al2/self-mng-bootstrap-ipv6.sh
new file mode 100755
index 0000000..b6fd557
--- /dev/null
+++ b/examples/user_data/rendered/al2/self-mng-bootstrap-ipv6.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+echo "foo"
+export FOO=bar
+B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv6 --service-ipv6-cidr fdd3:7636:68bc::/108
+echo "All done"
diff --git a/examples/user_data/rendered/al2/self-mng-bootstrap.sh b/examples/user_data/rendered/al2/self-mng-bootstrap.sh
index 5dea4bf..7fcd819 100755
--- a/examples/user_data/rendered/al2/self-mng-bootstrap.sh
+++ b/examples/user_data/rendered/al2/self-mng-bootstrap.sh
@@ -4,5 +4,6 @@ echo "foo"
export FOO=bar
B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
-/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv4 --service-ipv4-cidr 172.16.0.0/16
echo "All done"
diff --git a/examples/user_data/rendered/al2/self-mng-custom-template.sh b/examples/user_data/rendered/al2/self-mng-custom-template.sh
index d27a40a..e18460f 100755
--- a/examples/user_data/rendered/al2/self-mng-custom-template.sh
+++ b/examples/user_data/rendered/al2/self-mng-custom-template.sh
@@ -7,5 +7,6 @@ export FOO=bar
# Custom user data template provided for rendering
B64_CLUSTER_CA=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
API_SERVER_URL=https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com
-/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ex-user-data --kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ipv4 --service-ipv4-cidr 172.16.0.0/16
echo "All done"
diff --git a/examples/user_data/rendered/bottlerocket/eks-mng-custom-ami.toml b/examples/user_data/rendered/bottlerocket/eks-mng-custom-ami.toml
index a1bac20..5c29a51 100755
--- a/examples/user_data/rendered/bottlerocket/eks-mng-custom-ami.toml
+++ b/examples/user_data/rendered/bottlerocket/eks-mng-custom-ami.toml
@@ -2,6 +2,7 @@
"cluster-name" = "ex-user-data"
"api-server" = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com"
"cluster-certificate" = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
+"cluster-dns-ip" = "192.168.0.10"
# extra args added
[settings.kernel]
lockdown = "integrity"
diff --git a/examples/user_data/rendered/bottlerocket/self-mng-bootstrap.toml b/examples/user_data/rendered/bottlerocket/self-mng-bootstrap.toml
index a1bac20..5c29a51 100755
--- a/examples/user_data/rendered/bottlerocket/self-mng-bootstrap.toml
+++ b/examples/user_data/rendered/bottlerocket/self-mng-bootstrap.toml
@@ -2,6 +2,7 @@
"cluster-name" = "ex-user-data"
"api-server" = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com"
"cluster-certificate" = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
+"cluster-dns-ip" = "192.168.0.10"
# extra args added
[settings.kernel]
lockdown = "integrity"
diff --git a/examples/user_data/templates/linux_custom.tpl b/examples/user_data/templates/linux_custom.tpl
index bfe21f1..b3cb73a 100644
--- a/examples/user_data/templates/linux_custom.tpl
+++ b/examples/user_data/templates/linux_custom.tpl
@@ -6,5 +6,6 @@ ${pre_bootstrap_user_data ~}
# Custom user data template provided for rendering
B64_CLUSTER_CA=${cluster_auth_base64}
API_SERVER_URL=${cluster_endpoint}
-/etc/eks/bootstrap.sh ${cluster_name} ${bootstrap_extra_args} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ${cluster_name} ${bootstrap_extra_args} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ${cluster_ip_family} --service-${cluster_ip_family}-cidr ${cluster_service_cidr}
${post_bootstrap_user_data ~}
diff --git a/examples/user_data/versions.tf b/examples/user_data/versions.tf
index af91653..31969d6 100644
--- a/examples/user_data/versions.tf
+++ b/examples/user_data/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
local = {
diff --git a/modules/_user_data/README.md b/modules/_user_data/README.md
index 541f2f8..0983b12 100644
--- a/modules/_user_data/README.md
+++ b/modules/_user_data/README.md
@@ -9,14 +9,16 @@ See [`examples/user_data/`](https://github.com/terraform-aws-modules/terraform-a
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [cloudinit](#requirement\_cloudinit) | >= 2.0 |
+| [null](#requirement\_null) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
| [cloudinit](#provider\_cloudinit) | >= 2.0 |
+| [null](#provider\_null) | >= 3.0 |
## Modules
@@ -26,6 +28,7 @@ No modules.
| Name | Type |
|------|------|
+| [null_resource.validate_cluster_service_cidr](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [cloudinit_config.al2023_eks_managed_node_group](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |
| [cloudinit_config.linux_eks_managed_node_group](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |
@@ -38,9 +41,10 @@ No modules.
| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | list(object({
content = string
content_type = optional(string)
filename = optional(string)
merge_type = optional(string)
})) | `[]` | no |
| [cluster\_auth\_base64](#input\_cluster\_auth\_base64) | Base64 encoded CA of associated EKS cluster | `string` | `""` | no |
| [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint of associated EKS cluster | `string` | `""` | no |
+| [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `"ipv4"` | no |
| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no |
-| [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
+| [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | [Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
| [create](#input\_create) | Determines whether to create user-data or not | `bool` | `true` | no |
| [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template | `bool` | `false` | no |
| [is\_eks\_managed\_node\_group](#input\_is\_eks\_managed\_node\_group) | Determines whether the user data is used on nodes in an EKS managed node group. Used to determine if user data will be appended or not | `bool` | `true` | no |
diff --git a/modules/_user_data/main.tf b/modules/_user_data/main.tf
index ad3c4e2..6e44e9b 100644
--- a/modules/_user_data/main.tf
+++ b/modules/_user_data/main.tf
@@ -1,3 +1,17 @@
+# The `cluster_service_cidr` is required when `create == true`
+# This is a hacky way to make that logic work, otherwise Terraform always wants a value
+# and supplying any old value like `""` or `null` is not valid and will silently
+# fail to join nodes to the cluster
+resource "null_resource" "validate_cluster_service_cidr" {
+ lifecycle {
+ precondition {
+ # The length 6 is currently arbitrary, but it's a safe bet that the CIDR will be longer than that
+ # The main point is that a value needs to be provided when `create = true`
+ condition = var.create ? length(local.cluster_service_cidr) > 6 : true
+ error_message = "`cluster_service_cidr` is required when `create = true`."
+ }
+ }
+}
locals {
template_path = {
@@ -7,6 +21,8 @@ locals {
windows = "${path.module}/../../templates/windows_user_data.tpl"
}
+ cluster_service_cidr = try(coalesce(var.cluster_service_ipv4_cidr, var.cluster_service_cidr), "")
+
user_data = base64encode(templatefile(
coalesce(var.user_data_template_path, local.template_path[var.platform]),
{
@@ -18,14 +34,15 @@ locals {
cluster_endpoint = var.cluster_endpoint
cluster_auth_base64 = var.cluster_auth_base64
- # Required by AL2023
- cluster_service_cidr = var.cluster_service_cidr
+ cluster_service_cidr = local.cluster_service_cidr
+ cluster_ip_family = var.cluster_ip_family
+ # Bottlerocket
+ cluster_dns_ip = try(cidrhost(local.cluster_service_cidr, 10), "")
# Optional
- cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr != null ? var.cluster_service_ipv4_cidr : ""
- bootstrap_extra_args = var.bootstrap_extra_args
- pre_bootstrap_user_data = var.pre_bootstrap_user_data
- post_bootstrap_user_data = var.post_bootstrap_user_data
+ bootstrap_extra_args = var.bootstrap_extra_args
+ pre_bootstrap_user_data = var.pre_bootstrap_user_data
+ post_bootstrap_user_data = var.post_bootstrap_user_data
}
))
diff --git a/modules/_user_data/variables.tf b/modules/_user_data/variables.tf
index d3d8082..587485a 100644
--- a/modules/_user_data/variables.tf
+++ b/modules/_user_data/variables.tf
@@ -40,16 +40,21 @@ variable "cluster_auth_base64" {
default = ""
}
-# Currently only used by AL2023 since it can be IPv4 or IPv6
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
}
-# Not used by AL2023
+variable "cluster_ip_family" {
+ description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
+ type = string
+ default = "ipv4"
+}
+
+# TODO - remove at next breaking change
variable "cluster_service_ipv4_cidr" {
- description = "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ description = "[Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
type = string
default = null
}
diff --git a/modules/_user_data/versions.tf b/modules/_user_data/versions.tf
index 00dcffe..9219add 100644
--- a/modules/_user_data/versions.tf
+++ b/modules/_user_data/versions.tf
@@ -1,10 +1,14 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
cloudinit = {
source = "hashicorp/cloudinit"
version = ">= 2.0"
}
+ null = {
+ source = "hashicorp/null"
+ version = ">= 3.0"
+ }
}
}
diff --git a/modules/aws-auth/README.md b/modules/aws-auth/README.md
index d66aa9f..5ba490b 100644
--- a/modules/aws-auth/README.md
+++ b/modules/aws-auth/README.md
@@ -44,7 +44,7 @@ module "eks" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [kubernetes](#requirement\_kubernetes) | >= 2.20 |
## Providers
diff --git a/modules/aws-auth/versions.tf b/modules/aws-auth/versions.tf
index 8ddb07f..f330045 100644
--- a/modules/aws-auth/versions.tf
+++ b/modules/aws-auth/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
kubernetes = {
diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md
index 856b014..dbd033b 100644
--- a/modules/eks-managed-node-group/README.md
+++ b/modules/eks-managed-node-group/README.md
@@ -63,7 +63,7 @@ module "eks_managed_node_group" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
@@ -114,7 +114,7 @@ module "eks_managed_node_group" {
| [cluster\_name](#input\_cluster\_name) | Name of associated EKS cluster | `string` | `null` | no |
| [cluster\_primary\_security\_group\_id](#input\_cluster\_primary\_security\_group\_id) | The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service | `string` | `null` | no |
| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no |
-| [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
+| [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | [Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
| [cluster\_version](#input\_cluster\_version) | Kubernetes version. Defaults to EKS Cluster Kubernetes version | `string` | `null` | no |
| [cpu\_options](#input\_cpu\_options) | The CPU options for the instance | `map(string)` | `{}` | no |
| [create](#input\_create) | Determines whether to create EKS managed node group or not | `bool` | `true` | no |
diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf
index 10b7fbe..3dc56ca 100644
--- a/modules/eks-managed-node-group/main.tf
+++ b/modules/eks-managed-node-group/main.tf
@@ -11,12 +11,11 @@ module "user_data" {
create = var.create
platform = var.platform
- cluster_name = var.cluster_name
- cluster_endpoint = var.cluster_endpoint
- cluster_auth_base64 = var.cluster_auth_base64
-
- cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr
- cluster_service_cidr = var.cluster_service_cidr
+ cluster_name = var.cluster_name
+ cluster_endpoint = var.cluster_endpoint
+ cluster_auth_base64 = var.cluster_auth_base64
+ cluster_ip_family = var.cluster_ip_family
+ cluster_service_cidr = try(coalesce(var.cluster_service_cidr, var.cluster_service_ipv4_cidr), "")
enable_bootstrap_user_data = var.enable_bootstrap_user_data
pre_bootstrap_user_data = var.pre_bootstrap_user_data
@@ -468,13 +467,21 @@ resource "aws_eks_node_group" "this" {
################################################################################
locals {
+ create_iam_role = var.create && var.create_iam_role
+
iam_role_name = coalesce(var.iam_role_name, "${var.name}-eks-node-group")
iam_role_policy_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
- cni_policy = var.cluster_ip_family == "ipv6" ? "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" : "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+
+ ipv4_cni_policy = { for k, v in {
+ AmazonEKS_CNI_Policy = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" }
+ ipv6_cni_policy = { for k, v in {
+ AmazonEKS_CNI_IPv6_Policy = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" }
}
data "aws_iam_policy_document" "assume_role_policy" {
- count = var.create && var.create_iam_role ? 1 : 0
+ count = local.create_iam_role ? 1 : 0
statement {
sid = "EKSNodeAssumeRole"
@@ -488,7 +495,7 @@ data "aws_iam_policy_document" "assume_role_policy" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_iam_role ? 1 : 0
+ count = local.create_iam_role ? 1 : 0
name = var.iam_role_use_name_prefix ? null : local.iam_role_name
name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
@@ -504,19 +511,21 @@ resource "aws_iam_role" "this" {
# Policies attached ref https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group
resource "aws_iam_role_policy_attachment" "this" {
- for_each = { for k, v in {
- AmazonEKSWorkerNodePolicy = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
- AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
- AmazonEKS_CNI_IPv6_Policy = var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" ? local.cni_policy : ""
- AmazonEKS_CNI_Policy = var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" ? local.cni_policy : ""
- } : k => v if var.create && var.create_iam_role && v != "" }
+ for_each = { for k, v in merge(
+ {
+ AmazonEKSWorkerNodePolicy = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
+ AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
+ },
+ local.ipv4_cni_policy,
+ local.ipv6_cni_policy
+ ) : k => v if local.create_iam_role }
policy_arn = each.value
role = aws_iam_role.this[0].name
}
resource "aws_iam_role_policy_attachment" "additional" {
- for_each = { for k, v in var.iam_role_additional_policies : k => v if var.create && var.create_iam_role }
+ for_each = { for k, v in var.iam_role_additional_policies : k => v if local.create_iam_role }
policy_arn = each.value
role = aws_iam_role.this[0].name
diff --git a/modules/eks-managed-node-group/variables.tf b/modules/eks-managed-node-group/variables.tf
index e0f8812..43f17f9 100644
--- a/modules/eks-managed-node-group/variables.tf
+++ b/modules/eks-managed-node-group/variables.tf
@@ -44,16 +44,15 @@ variable "cluster_auth_base64" {
default = ""
}
-# Currently only used by AL2023 since it can be IPv4 or IPv6
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
}
-# Not used by AL2023
+# TODO - remove at next breaking change
variable "cluster_service_ipv4_cidr" {
- description = "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
+ description = "[Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
type = string
default = null
}
diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf
index 876adbd..6f83215 100644
--- a/modules/eks-managed-node-group/versions.tf
+++ b/modules/eks-managed-node-group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md
index 5c2c882..0ec6ea0 100644
--- a/modules/fargate-profile/README.md
+++ b/modules/fargate-profile/README.md
@@ -28,7 +28,7 @@ module "fargate_profile" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/modules/fargate-profile/main.tf b/modules/fargate-profile/main.tf
index de9dd2d..7611e22 100644
--- a/modules/fargate-profile/main.tf
+++ b/modules/fargate-profile/main.tf
@@ -2,9 +2,17 @@ data "aws_partition" "current" {}
data "aws_caller_identity" "current" {}
locals {
+ create_iam_role = var.create && var.create_iam_role
+
iam_role_name = coalesce(var.iam_role_name, var.name, "fargate-profile")
iam_role_policy_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
- cni_policy = var.cluster_ip_family == "ipv6" ? "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" : "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+
+ ipv4_cni_policy = { for k, v in {
+ AmazonEKS_CNI_Policy = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" }
+ ipv6_cni_policy = { for k, v in {
+ AmazonEKS_CNI_IPv6_Policy = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" }
}
################################################################################
@@ -12,7 +20,7 @@ locals {
################################################################################
data "aws_iam_policy_document" "assume_role_policy" {
- count = var.create && var.create_iam_role ? 1 : 0
+ count = local.create_iam_role ? 1 : 0
statement {
effect = "Allow"
@@ -26,7 +34,7 @@ data "aws_iam_policy_document" "assume_role_policy" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_iam_role ? 1 : 0
+ count = local.create_iam_role ? 1 : 0
name = var.iam_role_use_name_prefix ? null : local.iam_role_name
name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
@@ -41,17 +49,20 @@ resource "aws_iam_role" "this" {
}
resource "aws_iam_role_policy_attachment" "this" {
- for_each = { for k, v in toset(compact([
- "${local.iam_role_policy_prefix}/AmazonEKSFargatePodExecutionRolePolicy",
- var.iam_role_attach_cni_policy ? local.cni_policy : "",
- ])) : k => v if var.create && var.create_iam_role }
+ for_each = { for k, v in merge(
+ {
+ AmazonEKSFargatePodExecutionRolePolicy = "${local.iam_role_policy_prefix}/AmazonEKSFargatePodExecutionRolePolicy"
+ },
+ local.ipv4_cni_policy,
+ local.ipv6_cni_policy
+ ) : k => v if local.create_iam_role }
policy_arn = each.value
role = aws_iam_role.this[0].name
}
resource "aws_iam_role_policy_attachment" "additional" {
- for_each = { for k, v in var.iam_role_additional_policies : k => v if var.create && var.create_iam_role }
+ for_each = { for k, v in var.iam_role_additional_policies : k => v if local.create_iam_role }
policy_arn = each.value
role = aws_iam_role.this[0].name
diff --git a/modules/fargate-profile/migrations.tf b/modules/fargate-profile/migrations.tf
new file mode 100644
index 0000000..02494f6
--- /dev/null
+++ b/modules/fargate-profile/migrations.tf
@@ -0,0 +1,15 @@
+################################################################################
+# Migrations: v20.8 -> v20.9
+################################################################################
+
+# Node IAM role policy attachment
+# Commercial partition only - `moved` does now allow multiple moves to same target
+moved {
+ from = aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"]
+ to = aws_iam_role_policy_attachment.this["AmazonEKSFargatePodExecutionRolePolicy"]
+}
+
+moved {
+ from = aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"]
+ to = aws_iam_role_policy_attachment.this["AmazonEKS_CNI_Policy"]
+}
diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf
index 876adbd..6f83215 100644
--- a/modules/fargate-profile/versions.tf
+++ b/modules/fargate-profile/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 9d78640..ae39e6c 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -84,7 +84,7 @@ module "karpenter" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 6ce53f9..5d82475 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -530,7 +530,13 @@ locals {
node_iam_role_name = coalesce(var.node_iam_role_name, "Karpenter-${var.cluster_name}")
node_iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy"
- cni_policy = var.cluster_ip_family == "ipv6" ? "arn:${local.partition}:iam::${local.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" : "${local.node_iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+
+ ipv4_cni_policy = { for k, v in {
+ AmazonEKS_CNI_Policy = "${local.node_iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+ } : k => v if var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" }
+ ipv6_cni_policy = { for k, v in {
+ AmazonEKS_CNI_IPv6_Policy = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy"
+ } : k => v if var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" }
}
data "aws_iam_policy_document" "node_assume_role" {
@@ -565,12 +571,14 @@ resource "aws_iam_role" "node" {
# Policies attached ref https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group
resource "aws_iam_role_policy_attachment" "node" {
- for_each = { for k, v in {
- AmazonEKSWorkerNodePolicy = "${local.node_iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
- AmazonEC2ContainerRegistryReadOnly = "${local.node_iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
- AmazonEKS_CNI_IPv6_Policy = var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" ? local.cni_policy : ""
- AmazonEKS_CNI_Policy = var.node_iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" ? local.cni_policy : ""
- } : k => v if local.create_node_iam_role && v != "" }
+ for_each = { for k, v in merge(
+ {
+ AmazonEKSWorkerNodePolicy = "${local.node_iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
+ AmazonEC2ContainerRegistryReadOnly = "${local.node_iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
+ },
+ local.ipv4_cni_policy,
+ local.ipv6_cni_policy
+ ) : k => v if local.create_node_iam_role }
policy_arn = each.value
role = aws_iam_role.node[0].name
diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf
index 876adbd..6f83215 100644
--- a/modules/karpenter/versions.tf
+++ b/modules/karpenter/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md
index eb39752..1be32f1 100644
--- a/modules/self-managed-node-group/README.md
+++ b/modules/self-managed-node-group/README.md
@@ -42,7 +42,7 @@ module "self_managed_node_group" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.40 |
## Providers
diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf
index c7e5ea6..7789358 100644
--- a/modules/self-managed-node-group/main.tf
+++ b/modules/self-managed-node-group/main.tf
@@ -27,6 +27,7 @@ module "user_data" {
cluster_name = var.cluster_name
cluster_endpoint = var.cluster_endpoint
cluster_auth_base64 = var.cluster_auth_base64
+ cluster_ip_family = var.cluster_ip_family
cluster_service_cidr = var.cluster_service_cidr
enable_bootstrap_user_data = true
@@ -41,12 +42,14 @@ module "user_data" {
################################################################################
data "aws_ec2_instance_type" "this" {
- count = var.create && var.enable_efa_support && local.instance_type_provided ? 1 : 0
+ count = local.enable_efa_support ? 1 : 0
instance_type = var.instance_type
}
locals {
+ enable_efa_support = var.create && var.enable_efa_support && local.instance_type_provided
+
instance_type_provided = var.instance_type != ""
num_network_cards = try(data.aws_ec2_instance_type.this[0].maximum_network_cards, 0)
@@ -60,7 +63,7 @@ locals {
}
]
- network_interfaces = var.enable_efa_support && local.instance_type_provided ? local.efa_network_interfaces : var.network_interfaces
+ network_interfaces = local.enable_efa_support ? local.efa_network_interfaces : var.network_interfaces
}
################################################################################
@@ -71,7 +74,7 @@ locals {
launch_template_name = coalesce(var.launch_template_name, "${var.name}-node-group")
security_group_ids = compact(concat([var.cluster_primary_security_group_id], var.vpc_security_group_ids))
- placement = var.create && var.enable_efa_support ? { group_name = aws_placement_group.this[0].name } : var.placement
+ placement = local.enable_efa_support ? { group_name = aws_placement_group.this[0].name } : var.placement
}
resource "aws_launch_template" "this" {
@@ -695,7 +698,7 @@ resource "aws_autoscaling_group" "this" {
target_group_arns = var.target_group_arns
termination_policies = var.termination_policies
- vpc_zone_identifier = var.enable_efa_support ? data.aws_subnets.efa[0].ids : var.subnet_ids
+ vpc_zone_identifier = local.enable_efa_support ? data.aws_subnets.efa[0].ids : var.subnet_ids
wait_for_capacity_timeout = var.wait_for_capacity_timeout
wait_for_elb_capacity = var.wait_for_elb_capacity
@@ -734,13 +737,21 @@ resource "aws_autoscaling_group" "this" {
################################################################################
locals {
+ create_iam_instance_profile = var.create && var.create_iam_instance_profile
+
iam_role_name = coalesce(var.iam_role_name, "${var.name}-node-group")
iam_role_policy_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
- cni_policy = var.cluster_ip_family == "ipv6" ? "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy" : "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+
+ ipv4_cni_policy = { for k, v in {
+ AmazonEKS_CNI_Policy = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" }
+ ipv6_cni_policy = { for k, v in {
+ AmazonEKS_CNI_IPv6_Policy = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/AmazonEKS_CNI_IPv6_Policy"
+ } : k => v if var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" }
}
data "aws_iam_policy_document" "assume_role_policy" {
- count = var.create && var.create_iam_instance_profile ? 1 : 0
+ count = local.create_iam_instance_profile ? 1 : 0
statement {
sid = "EKSNodeAssumeRole"
@@ -754,7 +765,7 @@ data "aws_iam_policy_document" "assume_role_policy" {
}
resource "aws_iam_role" "this" {
- count = var.create && var.create_iam_instance_profile ? 1 : 0
+ count = local.create_iam_instance_profile ? 1 : 0
name = var.iam_role_use_name_prefix ? null : local.iam_role_name
name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
@@ -770,26 +781,28 @@ resource "aws_iam_role" "this" {
# Policies attached ref https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group
resource "aws_iam_role_policy_attachment" "this" {
- for_each = { for k, v in {
- AmazonEKSWorkerNodePolicy = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
- AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
- AmazonEKS_CNI_IPv6_Policy = var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv6" ? local.cni_policy : ""
- AmazonEKS_CNI_Policy = var.iam_role_attach_cni_policy && var.cluster_ip_family == "ipv4" ? local.cni_policy : ""
- } : k => v if var.create && var.create_iam_instance_profile && v != "" }
+ for_each = { for k, v in merge(
+ {
+ AmazonEKSWorkerNodePolicy = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy"
+ AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly"
+ },
+ local.ipv4_cni_policy,
+ local.ipv6_cni_policy
+ ) : k => v if local.create_iam_instance_profile }
policy_arn = each.value
role = aws_iam_role.this[0].name
}
resource "aws_iam_role_policy_attachment" "additional" {
- for_each = { for k, v in var.iam_role_additional_policies : k => v if var.create && var.create_iam_instance_profile }
+ for_each = { for k, v in var.iam_role_additional_policies : k => v if local.create_iam_instance_profile }
policy_arn = each.value
role = aws_iam_role.this[0].name
}
resource "aws_iam_instance_profile" "this" {
- count = var.create && var.create_iam_instance_profile ? 1 : 0
+ count = local.create_iam_instance_profile ? 1 : 0
role = aws_iam_role.this[0].name
@@ -809,7 +822,7 @@ resource "aws_iam_instance_profile" "this" {
################################################################################
resource "aws_placement_group" "this" {
- count = var.create && var.enable_efa_support ? 1 : 0
+ count = local.enable_efa_support ? 1 : 0
name = "${var.cluster_name}-${var.name}"
strategy = "cluster"
@@ -828,7 +841,7 @@ resource "aws_placement_group" "this" {
# Find the availability zones supported by the instance type
data "aws_ec2_instance_type_offerings" "this" {
- count = var.create && var.enable_efa_support ? 1 : 0
+ count = local.enable_efa_support ? 1 : 0
filter {
name = "instance-type"
@@ -841,7 +854,7 @@ data "aws_ec2_instance_type_offerings" "this" {
# Reverse the lookup to find one of the subnets provided based on the availability
# availability zone ID of the queried instance type (supported)
data "aws_subnets" "efa" {
- count = var.create && var.enable_efa_support ? 1 : 0
+ count = local.enable_efa_support ? 1 : 0
filter {
name = "subnet-id"
diff --git a/modules/self-managed-node-group/variables.tf b/modules/self-managed-node-group/variables.tf
index 7c93702..67599a2 100644
--- a/modules/self-managed-node-group/variables.tf
+++ b/modules/self-managed-node-group/variables.tf
@@ -38,13 +38,18 @@ variable "cluster_auth_base64" {
default = ""
}
-# Currently only used by AL2023 since it can be IPv4 or IPv6
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
}
+variable "cluster_ip_family" {
+ description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
+ type = string
+ default = "ipv4"
+}
+
variable "pre_bootstrap_user_data" {
description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`"
type = string
@@ -546,12 +551,6 @@ variable "create_iam_instance_profile" {
default = true
}
-variable "cluster_ip_family" {
- description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
- type = string
- default = "ipv4"
-}
-
variable "iam_instance_profile_arn" {
description = "Amazon Resource Name (ARN) of an existing IAM instance profile that provides permissions for the node group. Required if `create_iam_instance_profile` = `false`"
type = string
diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf
index 876adbd..6f83215 100644
--- a/modules/self-managed-node-group/versions.tf
+++ b/modules/self-managed-node-group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {
diff --git a/node_groups.tf b/node_groups.tf
index 26d5ed7..f5ec719 100644
--- a/node_groups.tf
+++ b/node_groups.tf
@@ -17,6 +17,8 @@ locals {
min_healthy_percentage = 66
}
}
+
+ kubernetes_network_config = try(aws_eks_cluster.this[0].kubernetes_network_config[0], {})
}
# This sleep resource is used to provide a timed gap between the cluster creation and the downstream dependencies
@@ -33,7 +35,7 @@ resource "time_sleep" "this" {
cluster_name = aws_eks_cluster.this[0].name
cluster_endpoint = aws_eks_cluster.this[0].endpoint
cluster_version = aws_eks_cluster.this[0].version
- cluster_service_cidr = var.cluster_ip_family == "ipv6" ? aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv6_cidr : aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv4_cidr
+ cluster_service_cidr = var.cluster_ip_family == "ipv6" ? try(local.kubernetes_network_config.service_ipv6_cidr, "") : try(local.kubernetes_network_config.service_ipv4_cidr, "")
cluster_certificate_authority_data = aws_eks_cluster.this[0].certificate_authority[0].data
}
@@ -296,9 +298,8 @@ module "eks_managed_node_group" {
create = try(each.value.create, true)
- cluster_name = time_sleep.this[0].triggers["cluster_name"]
- cluster_version = try(each.value.cluster_version, var.eks_managed_node_group_defaults.cluster_version, time_sleep.this[0].triggers["cluster_version"])
- cluster_ip_family = var.cluster_ip_family
+ cluster_name = time_sleep.this[0].triggers["cluster_name"]
+ cluster_version = try(each.value.cluster_version, var.eks_managed_node_group_defaults.cluster_version, time_sleep.this[0].triggers["cluster_version"])
# EKS Managed Node Group
name = try(each.value.name, each.key)
@@ -331,6 +332,7 @@ module "eks_managed_node_group" {
cluster_endpoint = try(time_sleep.this[0].triggers["cluster_endpoint"], "")
cluster_auth_base64 = try(time_sleep.this[0].triggers["cluster_certificate_authority_data"], "")
cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr
+ cluster_ip_family = var.cluster_ip_family
cluster_service_cidr = try(time_sleep.this[0].triggers["cluster_service_cidr"], "")
enable_bootstrap_user_data = try(each.value.enable_bootstrap_user_data, var.eks_managed_node_group_defaults.enable_bootstrap_user_data, false)
pre_bootstrap_user_data = try(each.value.pre_bootstrap_user_data, var.eks_managed_node_group_defaults.pre_bootstrap_user_data, "")
@@ -412,8 +414,7 @@ module "self_managed_node_group" {
create = try(each.value.create, true)
- cluster_name = time_sleep.this[0].triggers["cluster_name"]
- cluster_ip_family = var.cluster_ip_family
+ cluster_name = time_sleep.this[0].triggers["cluster_name"]
# Autoscaling Group
create_autoscaling_group = try(each.value.create_autoscaling_group, var.self_managed_node_group_defaults.create_autoscaling_group, true)
@@ -466,6 +467,7 @@ module "self_managed_node_group" {
cluster_endpoint = try(time_sleep.this[0].triggers["cluster_endpoint"], "")
cluster_auth_base64 = try(time_sleep.this[0].triggers["cluster_certificate_authority_data"], "")
cluster_service_cidr = try(time_sleep.this[0].triggers["cluster_service_cidr"], "")
+ cluster_ip_family = var.cluster_ip_family
pre_bootstrap_user_data = try(each.value.pre_bootstrap_user_data, var.self_managed_node_group_defaults.pre_bootstrap_user_data, "")
post_bootstrap_user_data = try(each.value.post_bootstrap_user_data, var.self_managed_node_group_defaults.post_bootstrap_user_data, "")
bootstrap_extra_args = try(each.value.bootstrap_extra_args, var.self_managed_node_group_defaults.bootstrap_extra_args, "")
diff --git a/outputs.tf b/outputs.tf
index 7621ae8..4891ecb 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -52,6 +52,16 @@ output "cluster_primary_security_group_id" {
value = try(aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id, null)
}
+output "cluster_service_cidr" {
+ description = "The CIDR block where Kubernetes pod and service IP addresses are assigned from"
+ value = try(aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv4_cidr, aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv6_cidr, null)
+}
+
+output "cluster_ip_family" {
+ description = "The IP family used by the cluster (e.g. `ipv4` or `ipv6`)"
+ value = try(aws_eks_cluster.this[0].kubernetes_network_config[0].ip_family, null)
+}
+
################################################################################
# Access Entry
################################################################################
diff --git a/templates/bottlerocket_user_data.tpl b/templates/bottlerocket_user_data.tpl
index 640c801..810ee86 100644
--- a/templates/bottlerocket_user_data.tpl
+++ b/templates/bottlerocket_user_data.tpl
@@ -3,5 +3,6 @@
"cluster-name" = "${cluster_name}"
"api-server" = "${cluster_endpoint}"
"cluster-certificate" = "${cluster_auth_base64}"
+"cluster-dns-ip" = "${cluster_dns_ip}"
%{ endif ~}
${bootstrap_extra_args ~}
diff --git a/templates/linux_user_data.tpl b/templates/linux_user_data.tpl
index 14acbd2..d75d549 100644
--- a/templates/linux_user_data.tpl
+++ b/templates/linux_user_data.tpl
@@ -3,12 +3,10 @@
set -e
%{ endif ~}
${pre_bootstrap_user_data ~}
-%{ if length(cluster_service_ipv4_cidr) > 0 ~}
-export SERVICE_IPV4_CIDR=${cluster_service_ipv4_cidr}
-%{ endif ~}
%{ if enable_bootstrap_user_data ~}
B64_CLUSTER_CA=${cluster_auth_base64}
API_SERVER_URL=${cluster_endpoint}
-/etc/eks/bootstrap.sh ${cluster_name} ${bootstrap_extra_args} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL
+/etc/eks/bootstrap.sh ${cluster_name} ${bootstrap_extra_args} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL \
+ --ip-family ${cluster_ip_family} --service-${cluster_ip_family}-cidr ${cluster_service_cidr}
${post_bootstrap_user_data ~}
%{ endif ~}
diff --git a/versions.tf b/versions.tf
index f759dee..d0f347a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = {