From dfe41141c2385db783d97494792c8f2e227cfc7c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 8 Mar 2024 15:25:14 -0500 Subject: [PATCH] fix: Update AWS provider version to support `AL2023_*` AMI types; ensure AL2023 user data receives cluster service CIDR (#2960) * fix: Update AWS provider version to support `AL2023_*` AMI types * fix: Ensure the cluster service CIDR is passed to the AL2023 user data where its required --- README.md | 4 +-- examples/eks_managed_node_group/README.md | 4 +-- examples/eks_managed_node_group/main.tf | 1 + examples/eks_managed_node_group/versions.tf | 2 +- examples/fargate_profile/README.md | 4 +-- examples/fargate_profile/versions.tf | 2 +- examples/karpenter/README.md | 6 ++-- examples/karpenter/versions.tf | 2 +- examples/outposts/README.md | 4 +-- examples/outposts/prerequisites/versions.tf | 2 +- examples/outposts/versions.tf | 2 +- examples/self_managed_node_group/README.md | 4 +-- examples/self_managed_node_group/versions.tf | 2 +- examples/user_data/main.tf | 31 ++++++++++++------- .../rendered/al2023/eks-mng-custom-ami.sh | 2 +- .../al2023/eks-mng-custom-template.sh | 1 + .../rendered/al2023/self-mng-bootstrap.sh | 1 + .../al2023/self-mng-custom-template.sh | 1 + .../user_data/templates/al2023_custom.tpl | 1 + modules/_user_data/README.md | 1 + modules/_user_data/main.tf | 3 ++ modules/_user_data/variables.tf | 8 +++++ modules/eks-managed-node-group/README.md | 5 +-- modules/eks-managed-node-group/main.tf | 3 +- modules/eks-managed-node-group/variables.tf | 8 +++++ modules/eks-managed-node-group/versions.tf | 2 +- modules/fargate-profile/README.md | 4 +-- modules/fargate-profile/versions.tf | 2 +- modules/karpenter/README.md | 4 +-- modules/karpenter/versions.tf | 2 +- modules/self-managed-node-group/README.md | 5 +-- modules/self-managed-node-group/main.tf | 7 +++-- modules/self-managed-node-group/variables.tf | 7 +++++ modules/self-managed-node-group/versions.tf | 2 +- node_groups.tf | 9 ++++-- templates/al2023_user_data.tpl | 4 +-- versions.tf | 2 +- 37 files changed, 99 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 1b763ec..a3fbd76 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | | [time](#requirement\_time) | >= 0.9 | | [tls](#requirement\_tls) | >= 3.0 | @@ -197,7 +197,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | | [time](#provider\_time) | >= 0.9 | | [tls](#provider\_tls) | >= 3.0 | diff --git a/examples/eks_managed_node_group/README.md b/examples/eks_managed_node_group/README.md index 1772d13..f57a972 100644 --- a/examples/eks_managed_node_group/README.md +++ b/examples/eks_managed_node_group/README.md @@ -30,13 +30,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules diff --git a/examples/eks_managed_node_group/main.tf b/examples/eks_managed_node_group/main.tf index e464ca7..f2f8b13 100644 --- a/examples/eks_managed_node_group/main.tf +++ b/examples/eks_managed_node_group/main.tf @@ -89,6 +89,7 @@ module "eks" { # AL2023 node group utilizing new user data format which utilizes nodeadm # to join nodes to the cluster (instead of /etc/eks/bootstrap.sh) al2023_nodeadm = { + ami_type = "AL2023_x86_64_STANDARD" platform = "al2023" cloudinit_pre_nodeadm = [ diff --git a/examples/eks_managed_node_group/versions.tf b/examples/eks_managed_node_group/versions.tf index fb651ab..876adbd 100644 --- a/examples/eks_managed_node_group/versions.tf +++ b/examples/eks_managed_node_group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/examples/fargate_profile/README.md b/examples/fargate_profile/README.md index 55e303c..6f33b44 100644 --- a/examples/fargate_profile/README.md +++ b/examples/fargate_profile/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules diff --git a/examples/fargate_profile/versions.tf b/examples/fargate_profile/versions.tf index fb651ab..876adbd 100644 --- a/examples/fargate_profile/versions.tf +++ b/examples/fargate_profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md index f36f22c..97d5f96 100644 --- a/examples/karpenter/README.md +++ b/examples/karpenter/README.md @@ -55,7 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | | [helm](#requirement\_helm) | >= 2.7 | | [kubectl](#requirement\_kubectl) | >= 2.0 | @@ -63,8 +63,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | -| [aws.virginia](#provider\_aws.virginia) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | +| [aws.virginia](#provider\_aws.virginia) | >= 5.40 | | [helm](#provider\_helm) | >= 2.7 | | [kubectl](#provider\_kubectl) | >= 2.0 | diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf index 711da76..9cdb812 100644 --- a/examples/karpenter/versions.tf +++ b/examples/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } helm = { source = "hashicorp/helm" diff --git a/examples/outposts/README.md b/examples/outposts/README.md index 87bdafa..e1daea0 100644 --- a/examples/outposts/README.md +++ b/examples/outposts/README.md @@ -49,14 +49,14 @@ terraform destroy | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | | [kubernetes](#requirement\_kubernetes) | >= 2.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | | [kubernetes](#provider\_kubernetes) | >= 2.20 | ## Modules diff --git a/examples/outposts/prerequisites/versions.tf b/examples/outposts/prerequisites/versions.tf index fb651ab..876adbd 100644 --- a/examples/outposts/prerequisites/versions.tf +++ b/examples/outposts/prerequisites/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/examples/outposts/versions.tf b/examples/outposts/versions.tf index 73a045b..6ff0747 100644 --- a/examples/outposts/versions.tf +++ b/examples/outposts/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/examples/self_managed_node_group/README.md b/examples/self_managed_node_group/README.md index 2566c3d..7aea278 100644 --- a/examples/self_managed_node_group/README.md +++ b/examples/self_managed_node_group/README.md @@ -26,13 +26,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules diff --git a/examples/self_managed_node_group/versions.tf b/examples/self_managed_node_group/versions.tf index fb651ab..876adbd 100644 --- a/examples/self_managed_node_group/versions.tf +++ b/examples/self_managed_node_group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/examples/user_data/main.tf b/examples/user_data/main.tf index 6a90081..35b1530 100644 --- a/examples/user_data/main.tf +++ b/examples/user_data/main.tf @@ -4,6 +4,7 @@ locals { cluster_endpoint = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com" cluster_auth_base64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" cluster_service_ipv4_cidr = "172.16.0.0/16" + cluster_service_cidr = "192.168.0.0/16" } ################################################################################ @@ -100,9 +101,12 @@ module "eks_mng_al2023_custom_ami" { platform = "al2023" - cluster_name = local.name - cluster_endpoint = local.cluster_endpoint - cluster_auth_base64 = local.cluster_auth_base64 + cluster_name = local.name + cluster_endpoint = local.cluster_endpoint + cluster_auth_base64 = local.cluster_auth_base64 + cluster_service_cidr = local.cluster_service_cidr + + # Should do nothing cluster_service_ipv4_cidr = local.cluster_service_ipv4_cidr enable_bootstrap_user_data = true @@ -135,9 +139,10 @@ module "eks_mng_al2023_custom_template" { platform = "al2023" - cluster_name = local.name - cluster_endpoint = local.cluster_endpoint - cluster_auth_base64 = local.cluster_auth_base64 + cluster_name = local.name + cluster_endpoint = local.cluster_endpoint + cluster_auth_base64 = local.cluster_auth_base64 + cluster_service_cidr = local.cluster_service_cidr enable_bootstrap_user_data = true user_data_template_path = "${path.module}/templates/al2023_custom.tpl" @@ -371,9 +376,10 @@ module "self_mng_al2023_bootstrap" { enable_bootstrap_user_data = true is_eks_managed_node_group = false - cluster_name = local.name - cluster_endpoint = local.cluster_endpoint - cluster_auth_base64 = local.cluster_auth_base64 + cluster_name = local.name + cluster_endpoint = local.cluster_endpoint + cluster_auth_base64 = local.cluster_auth_base64 + cluster_service_cidr = local.cluster_service_cidr cloudinit_pre_nodeadm = [{ content = <<-EOT @@ -406,9 +412,10 @@ module "self_mng_al2023_custom_template" { enable_bootstrap_user_data = true is_eks_managed_node_group = false - cluster_name = local.name - cluster_endpoint = local.cluster_endpoint - cluster_auth_base64 = local.cluster_auth_base64 + cluster_name = local.name + cluster_endpoint = local.cluster_endpoint + cluster_auth_base64 = local.cluster_auth_base64 + cluster_service_cidr = local.cluster_service_cidr user_data_template_path = "${path.module}/templates/al2023_custom.tpl" diff --git a/examples/user_data/rendered/al2023/eks-mng-custom-ami.sh b/examples/user_data/rendered/al2023/eks-mng-custom-ami.sh index fe8f07a..676edd1 100755 --- a/examples/user_data/rendered/al2023/eks-mng-custom-ami.sh +++ b/examples/user_data/rendered/al2023/eks-mng-custom-ami.sh @@ -29,7 +29,7 @@ spec: name: ex-user-data apiServerEndpoint: https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com certificateAuthority: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - cidr: 172.16.0.0/16 + cidr: 192.168.0.0/16 --MIMEBOUNDARY Content-Transfer-Encoding: 7bit diff --git a/examples/user_data/rendered/al2023/eks-mng-custom-template.sh b/examples/user_data/rendered/al2023/eks-mng-custom-template.sh index 6267b85..3fe9756 100755 --- a/examples/user_data/rendered/al2023/eks-mng-custom-template.sh +++ b/examples/user_data/rendered/al2023/eks-mng-custom-template.sh @@ -29,6 +29,7 @@ spec: name: ex-user-data apiServerEndpoint: https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com certificateAuthority: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + cidr: 192.168.0.0/16 containerd: config: | [plugins."io.containerd.grpc.v1.cri".containerd] diff --git a/examples/user_data/rendered/al2023/self-mng-bootstrap.sh b/examples/user_data/rendered/al2023/self-mng-bootstrap.sh index 9ea0084..676edd1 100755 --- a/examples/user_data/rendered/al2023/self-mng-bootstrap.sh +++ b/examples/user_data/rendered/al2023/self-mng-bootstrap.sh @@ -29,6 +29,7 @@ spec: name: ex-user-data apiServerEndpoint: https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com certificateAuthority: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + cidr: 192.168.0.0/16 --MIMEBOUNDARY Content-Transfer-Encoding: 7bit diff --git a/examples/user_data/rendered/al2023/self-mng-custom-template.sh b/examples/user_data/rendered/al2023/self-mng-custom-template.sh index 6267b85..3fe9756 100755 --- a/examples/user_data/rendered/al2023/self-mng-custom-template.sh +++ b/examples/user_data/rendered/al2023/self-mng-custom-template.sh @@ -29,6 +29,7 @@ spec: name: ex-user-data apiServerEndpoint: https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com certificateAuthority: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + cidr: 192.168.0.0/16 containerd: config: | [plugins."io.containerd.grpc.v1.cri".containerd] diff --git a/examples/user_data/templates/al2023_custom.tpl b/examples/user_data/templates/al2023_custom.tpl index a33aa44..34c566c 100644 --- a/examples/user_data/templates/al2023_custom.tpl +++ b/examples/user_data/templates/al2023_custom.tpl @@ -7,6 +7,7 @@ spec: name: ${cluster_name} apiServerEndpoint: ${cluster_endpoint} certificateAuthority: ${cluster_auth_base64} + cidr: ${cluster_service_cidr} containerd: config: | [plugins."io.containerd.grpc.v1.cri".containerd] diff --git a/modules/_user_data/README.md b/modules/_user_data/README.md index 89edf25..541f2f8 100644 --- a/modules/_user_data/README.md +++ b/modules/_user_data/README.md @@ -39,6 +39,7 @@ No modules. | [cluster\_auth\_base64](#input\_cluster\_auth\_base64) | Base64 encoded CA of associated EKS cluster | `string` | `""` | no | | [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint of associated EKS cluster | `string` | `""` | no | | [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no | +| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no | | [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no | | [create](#input\_create) | Determines whether to create user-data or not | `bool` | `true` | no | | [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template | `bool` | `false` | no | diff --git a/modules/_user_data/main.tf b/modules/_user_data/main.tf index b70279b..ad3c4e2 100644 --- a/modules/_user_data/main.tf +++ b/modules/_user_data/main.tf @@ -18,6 +18,9 @@ locals { cluster_endpoint = var.cluster_endpoint cluster_auth_base64 = var.cluster_auth_base64 + # Required by AL2023 + cluster_service_cidr = var.cluster_service_cidr + # Optional cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr != null ? var.cluster_service_ipv4_cidr : "" bootstrap_extra_args = var.bootstrap_extra_args diff --git a/modules/_user_data/variables.tf b/modules/_user_data/variables.tf index 96c1b07..d3d8082 100644 --- a/modules/_user_data/variables.tf +++ b/modules/_user_data/variables.tf @@ -40,6 +40,14 @@ variable "cluster_auth_base64" { default = "" } +# Currently only used by AL2023 since it can be IPv4 or IPv6 +variable "cluster_service_cidr" { + description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself" + type = string + default = "" +} + +# Not used by AL2023 variable "cluster_service_ipv4_cidr" { description = "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks" type = string diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index 708f7ad..7685237 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -64,13 +64,13 @@ module "eks_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules @@ -112,6 +112,7 @@ module "eks_managed_node_group" { | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `null` | no | | [cluster\_name](#input\_cluster\_name) | Name of associated EKS cluster | `string` | `null` | no | | [cluster\_primary\_security\_group\_id](#input\_cluster\_primary\_security\_group\_id) | The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service | `string` | `null` | no | +| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no | | [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no | | [cluster\_version](#input\_cluster\_version) | Kubernetes version. Defaults to EKS Cluster Kubernetes version | `string` | `null` | no | | [cpu\_options](#input\_cpu\_options) | The CPU options for the instance | `map(string)` | `{}` | no | diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf index 75ee289..3e9ce1d 100644 --- a/modules/eks-managed-node-group/main.tf +++ b/modules/eks-managed-node-group/main.tf @@ -16,6 +16,7 @@ module "user_data" { cluster_auth_base64 = var.cluster_auth_base64 cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr + cluster_service_cidr = var.cluster_service_cidr enable_bootstrap_user_data = var.enable_bootstrap_user_data pre_bootstrap_user_data = var.pre_bootstrap_user_data @@ -29,7 +30,7 @@ module "user_data" { ################################################################################ data "aws_ec2_instance_type" "this" { - count = var.enable_efa_support ? 1 : 0 + count = var.create && var.enable_efa_support ? 1 : 0 instance_type = local.efa_instance_type } diff --git a/modules/eks-managed-node-group/variables.tf b/modules/eks-managed-node-group/variables.tf index 1929808..eb4cc86 100644 --- a/modules/eks-managed-node-group/variables.tf +++ b/modules/eks-managed-node-group/variables.tf @@ -44,6 +44,14 @@ variable "cluster_auth_base64" { default = "" } +# Currently only used by AL2023 since it can be IPv4 or IPv6 +variable "cluster_service_cidr" { + description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself" + type = string + default = "" +} + +# Not used by AL2023 variable "cluster_service_ipv4_cidr" { description = "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks" type = string diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf index fb651ab..876adbd 100644 --- a/modules/eks-managed-node-group/versions.tf +++ b/modules/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md index 1fb59c4..fb4e44a 100644 --- a/modules/fargate-profile/README.md +++ b/modules/fargate-profile/README.md @@ -29,13 +29,13 @@ module "fargate_profile" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf index fb651ab..876adbd 100644 --- a/modules/fargate-profile/versions.tf +++ b/modules/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md index d6f27bf..5faac77 100644 --- a/modules/karpenter/README.md +++ b/modules/karpenter/README.md @@ -85,13 +85,13 @@ module "karpenter" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf index fb651ab..876adbd 100644 --- a/modules/karpenter/versions.tf +++ b/modules/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index 6fe6e43..be861a0 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -43,13 +43,13 @@ module "self_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.38 | +| [aws](#requirement\_aws) | >= 5.40 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.38 | +| [aws](#provider\_aws) | >= 5.40 | ## Modules @@ -94,6 +94,7 @@ module "self_managed_node_group" { | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `null` | no | | [cluster\_name](#input\_cluster\_name) | Name of associated EKS cluster | `string` | `""` | no | | [cluster\_primary\_security\_group\_id](#input\_cluster\_primary\_security\_group\_id) | The ID of the EKS cluster primary security group to associate with the instance(s). This is the security group that is automatically created by the EKS service | `string` | `null` | no | +| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no | | [cluster\_version](#input\_cluster\_version) | Kubernetes cluster version - used to lookup default AMI ID if one is not provided | `string` | `null` | no | | [context](#input\_context) | Reserved | `string` | `null` | no | | [cpu\_options](#input\_cpu\_options) | The CPU options for the instance | `map(string)` | `{}` | no | diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf index bb1eea0..8b0f75a 100644 --- a/modules/self-managed-node-group/main.tf +++ b/modules/self-managed-node-group/main.tf @@ -24,9 +24,10 @@ module "user_data" { platform = var.platform is_eks_managed_node_group = false - cluster_name = var.cluster_name - cluster_endpoint = var.cluster_endpoint - cluster_auth_base64 = var.cluster_auth_base64 + cluster_name = var.cluster_name + cluster_endpoint = var.cluster_endpoint + cluster_auth_base64 = var.cluster_auth_base64 + cluster_service_cidr = var.cluster_service_cidr enable_bootstrap_user_data = true pre_bootstrap_user_data = var.pre_bootstrap_user_data diff --git a/modules/self-managed-node-group/variables.tf b/modules/self-managed-node-group/variables.tf index 54bded5..0449678 100644 --- a/modules/self-managed-node-group/variables.tf +++ b/modules/self-managed-node-group/variables.tf @@ -38,6 +38,13 @@ variable "cluster_auth_base64" { default = "" } +# Currently only used by AL2023 since it can be IPv4 or IPv6 +variable "cluster_service_cidr" { + description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself" + type = string + default = "" +} + variable "pre_bootstrap_user_data" { description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `platform` = `bottlerocket`" type = string diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf index fb651ab..876adbd 100644 --- a/modules/self-managed-node-group/versions.tf +++ b/modules/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } } } diff --git a/node_groups.tf b/node_groups.tf index a225bb8..34a0735 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -30,9 +30,10 @@ resource "time_sleep" "this" { create_duration = var.dataplane_wait_duration triggers = { - cluster_name = aws_eks_cluster.this[0].name - cluster_endpoint = aws_eks_cluster.this[0].endpoint - cluster_version = aws_eks_cluster.this[0].version + cluster_name = aws_eks_cluster.this[0].name + cluster_endpoint = aws_eks_cluster.this[0].endpoint + cluster_version = aws_eks_cluster.this[0].version + cluster_service_cidr = var.cluster_ip_family == "ipv6" ? aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv6_cidr : aws_eks_cluster.this[0].kubernetes_network_config[0].service_ipv4_cidr cluster_certificate_authority_data = aws_eks_cluster.this[0].certificate_authority[0].data } @@ -329,6 +330,7 @@ module "eks_managed_node_group" { cluster_endpoint = try(time_sleep.this[0].triggers["cluster_endpoint"], "") cluster_auth_base64 = try(time_sleep.this[0].triggers["cluster_certificate_authority_data"], "") cluster_service_ipv4_cidr = var.cluster_service_ipv4_cidr + cluster_service_cidr = try(time_sleep.this[0].triggers["cluster_service_cidr"], "") enable_bootstrap_user_data = try(each.value.enable_bootstrap_user_data, var.eks_managed_node_group_defaults.enable_bootstrap_user_data, false) pre_bootstrap_user_data = try(each.value.pre_bootstrap_user_data, var.eks_managed_node_group_defaults.pre_bootstrap_user_data, "") post_bootstrap_user_data = try(each.value.post_bootstrap_user_data, var.eks_managed_node_group_defaults.post_bootstrap_user_data, "") @@ -460,6 +462,7 @@ module "self_managed_node_group" { platform = try(each.value.platform, var.self_managed_node_group_defaults.platform, "linux") cluster_endpoint = try(time_sleep.this[0].triggers["cluster_endpoint"], "") cluster_auth_base64 = try(time_sleep.this[0].triggers["cluster_certificate_authority_data"], "") + cluster_service_cidr = try(time_sleep.this[0].triggers["cluster_service_cidr"], "") pre_bootstrap_user_data = try(each.value.pre_bootstrap_user_data, var.self_managed_node_group_defaults.pre_bootstrap_user_data, "") post_bootstrap_user_data = try(each.value.post_bootstrap_user_data, var.self_managed_node_group_defaults.post_bootstrap_user_data, "") bootstrap_extra_args = try(each.value.bootstrap_extra_args, var.self_managed_node_group_defaults.bootstrap_extra_args, "") diff --git a/templates/al2023_user_data.tpl b/templates/al2023_user_data.tpl index 820223f..cc360e6 100644 --- a/templates/al2023_user_data.tpl +++ b/templates/al2023_user_data.tpl @@ -7,7 +7,5 @@ spec: name: ${cluster_name} apiServerEndpoint: ${cluster_endpoint} certificateAuthority: ${cluster_auth_base64} -%{ if length(cluster_service_ipv4_cidr) > 0 ~} - cidr: ${cluster_service_ipv4_cidr} -%{ endif ~} + cidr: ${cluster_service_cidr} %{ endif ~} diff --git a/versions.tf b/versions.tf index 4d006cb..f759dee 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.38" + version = ">= 5.40" } tls = { source = "hashicorp/tls"