From 98ede7cca6026ffad09e652212390a016d192e1d Mon Sep 17 00:00:00 2001 From: jimbecker Date: Wed, 27 Jun 2018 13:12:14 -0400 Subject: [PATCH 1/5] Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32. --- README.md | 1 + cluster.tf | 2 +- local.tf | 1 + variables.tf | 5 +++++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a17ff9d..009b995 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker_security_group_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no | | worker_sg_ingress_from_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `1025` | no | | workers_group_defaults | Default values for target groups as defined by the list of maps. | map | `` | no | +| workstation-cidr | Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32. | string | - | no | ## Outputs diff --git a/cluster.tf b/cluster.tf index 03fe7aa..87ad721 100644 --- a/cluster.tf +++ b/cluster.tf @@ -45,7 +45,7 @@ resource "aws_security_group_rule" "cluster_https_worker_ingress" { } resource "aws_security_group_rule" "cluster_https_cidr_ingress" { - cidr_blocks = ["${local.workstation_external_cidr}"] + cidr_blocks = ["${local.workstation_cidr}"] description = "Allow kubectl communication with the EKS cluster API." protocol = "tcp" security_group_id = "${aws_security_group.cluster.id}" diff --git a/local.tf b/local.tf index 6c3249d..bca7aef 100644 --- a/local.tf +++ b/local.tf @@ -3,6 +3,7 @@ locals { cluster_security_group_id = "${var.cluster_security_group_id == "" ? aws_security_group.cluster.id : var.cluster_security_group_id}" worker_security_group_id = "${var.worker_security_group_id == "" ? aws_security_group.workers.id : var.worker_security_group_id}" workstation_external_cidr = "${chomp(data.http.workstation_external_ip.body)}/32" + workstation_cidr = "${coalesce(var.workstation_cidr, local.workstation_external_cidr)}" # Mapping from the node type that we selected and the max number of pods that it can run # Taken from https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml diff --git a/variables.tf b/variables.tf index 245211d..41a1dc5 100644 --- a/variables.tf +++ b/variables.tf @@ -7,6 +7,11 @@ variable "cluster_security_group_id" { default = "" } +variable "workstation_cidr" { + description = "Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32. " + default = "" +} + variable "cluster_version" { description = "Kubernetes version to use for the EKS cluster." default = "1.10" From 2bdab8730da2aa8f719162b42293dc66f9eacd56 Mon Sep 17 00:00:00 2001 From: jimbecker Date: Wed, 27 Jun 2018 13:44:26 -0400 Subject: [PATCH 2/5] fixed formatting issue... --- local.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/local.tf b/local.tf index bca7aef..5f6dcdc 100644 --- a/local.tf +++ b/local.tf @@ -3,7 +3,7 @@ locals { cluster_security_group_id = "${var.cluster_security_group_id == "" ? aws_security_group.cluster.id : var.cluster_security_group_id}" worker_security_group_id = "${var.worker_security_group_id == "" ? aws_security_group.workers.id : var.worker_security_group_id}" workstation_external_cidr = "${chomp(data.http.workstation_external_ip.body)}/32" - workstation_cidr = "${coalesce(var.workstation_cidr, local.workstation_external_cidr)}" + workstation_cidr = "${coalesce(var.workstation_cidr, local.workstation_external_cidr)}" # Mapping from the node type that we selected and the max number of pods that it can run # Taken from https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml From 3d25013d1287124e14202ff6c921bf2ba6cbcd93 Mon Sep 17 00:00:00 2001 From: jimbecker Date: Wed, 27 Jun 2018 19:57:43 -0400 Subject: [PATCH 3/5] fixed typo in readme for workstation_cdir --- README.md | 2 +- templates/kubeconfig.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 009b995..ee9bc2d 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker_security_group_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no | | worker_sg_ingress_from_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | string | `1025` | no | | workers_group_defaults | Default values for target groups as defined by the list of maps. | map | `` | no | -| workstation-cidr | Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32. | string | - | no | +| workstation_cidr | Override the default ingress rule that allows communication with the EKS cluster API. If not given, will use current IP/32. | string | - | no | ## Outputs diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl index 9f9dc78..8fcbf3c 100644 --- a/templates/kubeconfig.tpl +++ b/templates/kubeconfig.tpl @@ -10,7 +10,7 @@ clusters: contexts: - context: - cluster: kubernetes + cluster: ${cluster_name} user: aws name: aws current-context: aws From 120034599c37687cd4ebfd4f46926f8dd58f54a6 Mon Sep 17 00:00:00 2001 From: Steve D Date: Fri, 29 Jun 2018 13:12:47 -0400 Subject: [PATCH 4/5] Don't mismatch cluster names --- templates/kubeconfig.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl index 8fcbf3c..9f9dc78 100644 --- a/templates/kubeconfig.tpl +++ b/templates/kubeconfig.tpl @@ -10,7 +10,7 @@ clusters: contexts: - context: - cluster: ${cluster_name} + cluster: kubernetes user: aws name: aws current-context: aws From 4dacb1af0776980d060596446981cb78bf67e103 Mon Sep 17 00:00:00 2001 From: Kamil Hristov Date: Sat, 30 Jun 2018 02:42:57 +0300 Subject: [PATCH 5/5] Omit module version in usage example --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index a17ff9d..d33bb6f 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,6 @@ A full example leveraging other community modules is contained in the [examples/ ```hcl module "eks" { source = "terraform-aws-modules/eks/aws" - version = "0.1.0" cluster_name = "test-eks-cluster" subnets = ["subnet-abcde012", "subnet-bcde012a"] tags = "${map("Environment", "test")}"