github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-24 02:11:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a6a57a9bb1c6563608985bbdbfb7f47eec971df
terraform-aws-eks/examples/eks-hybrid-nodes/ami/amazon-eks-ubuntu.pkr.hcl
Bryant Biggs 3b974d33ad feat: Add support for EKS Auto Mode and EKS Hybrid nodes (#3225) 
* feat: Add support for EKS hybrid nodes

* feat: Add support for EKS Auto Mode

* chore: Update test directory names

* chore: Clean up examples and tests

* fix: Clean up and last minute changes for GA

* chore: Formatting

* chore: Bump min required version for new features

* fix: Corrects from test/validation on existing clusters

* feat: Add policy for custom tags on EKS Auto Mode, validate examples

* chore: Expand on `CAM` acronym

* chore: Update README to match examples
2024-12-04 09:24:21 -06:00

321 lines
12 KiB
HCL
Raw Blame History

locals {
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
ami_name = "${var.ami_name_prefix}-${var.eks_version}-amd64-${local.timestamp}"
tags = {
SourceAMI = "{{ .SourceAMI }}"
Name = local.ami_name
Architecture = "amd64"
}
}
data "amazon-parameterstore" "this" {
name = "/aws/service/canonical/ubuntu/server-minimal/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id"
region = var.region
}
################################################################################
# EBS Source
################################################################################
source "amazon-ebs" "this" {
# AMI Configuration
dynamic "ami_block_device_mappings" {
for_each = var.ami_block_device_mappings
content {
delete_on_termination = try(ami_block_device_mappings.value.delete_on_termination, true)
device_name = try(ami_block_device_mappings.value.device_name, null)
encrypted = try(ami_block_device_mappings.value.encrypted, null)
iops = try(ami_block_device_mappings.value.iops, null)
no_device = try(ami_block_device_mappings.value.no_device, null)
snapshot_id = try(ami_block_device_mappings.value.snapshot_id, null)
throughput = try(ami_block_device_mappings.value.throughput, null)
virtual_name = try(ami_block_device_mappings.value.virtual_name, null)
volume_size = try(ami_block_device_mappings.value.volume_size, 4)
volume_type = try(ami_block_device_mappings.value.volume_type, "gp3")
kms_key_id = try(ami_block_device_mappings.value.kms_key_id, null)
}
}
ami_description = var.ami_description
ami_groups = var.ami_groups
ami_name = local.ami_name
ami_org_arns = var.ami_org_arns
ami_ou_arns = var.ami_ou_arns
ami_regions = var.ami_regions
ami_users = var.ami_users
ami_virtualization_type = var.ami_virtualization_type
deprecate_at = var.deprecate_at
ena_support = var.ena_support
encrypt_boot = var.encrypt_boot
force_deregister = var.force_deregister
force_delete_snapshot = var.force_delete_snapshot
imds_support = var.imds_support
kms_key_id = var.kms_key_id
dynamic "launch_block_device_mappings" {
for_each = length(var.launch_block_device_mappings) > 0 ? var.launch_block_device_mappings : var.ami_block_device_mappings
content {
delete_on_termination = try(launch_block_device_mappings.value.delete_on_termination, true)
device_name = try(launch_block_device_mappings.value.device_name, null)
encrypted = try(launch_block_device_mappings.value.encrypted, null)
iops = try(launch_block_device_mappings.value.iops, null)
no_device = try(launch_block_device_mappings.value.no_device, null)
snapshot_id = try(launch_block_device_mappings.value.snapshot_id, null)
throughput = try(launch_block_device_mappings.value.throughput, null)
virtual_name = try(launch_block_device_mappings.value.virtual_name, null)
volume_size = try(launch_block_device_mappings.value.volume_size, 4)
volume_type = try(launch_block_device_mappings.value.volume_type, "gp3")
}
}
region_kms_key_ids = var.region_kms_key_ids
run_volume_tags = var.run_volume_tags
skip_create_ami = var.skip_create_ami
skip_region_validation = var.skip_region_validation
skip_save_build_region = var.skip_save_build_region
sriov_support = var.sriov_support
snapshot_groups = var.snapshot_groups
snapshot_tags = var.snapshot_tags
snapshot_users = var.snapshot_users
tags = merge(local.tags, var.tags)
# Access Configuration
access_key = var.access_key
dynamic "assume_role" {
for_each = length(var.assume_role) > 0 ? [var.assume_role] : []
content {
duration_seconds = try(assume_role.value.duration_seconds, null)
external_id = try(assume_role.value.external_id, null)
policy = try(assume_role.value.policy, null)
policy_arns = try(assume_role.value.policy_arns, null)
role_arn = try(assume_role.value.role_arn, null)
session_name = try(assume_role.value.session_name, null)
tag = try(assume_role.value.tag, null)
transitive_tag_keys = try(assume_role.value.transitive_tag_keys, null)
}
}
dynamic "aws_polling" {
for_each = length(var.aws_polling) > 0 ? [var.aws_polling] : []
content {
delay_seconds = try(aws_polling.value.delay_seconds, null)
max_attempts = try(aws_polling.value.max_attempts, null)
}
}
custom_endpoint_ec2 = var.custom_endpoint_ec2
decode_authorization_messages = var.decode_authorization_messages
insecure_skip_tls_verify = var.insecure_skip_tls_verify
max_retries = var.max_retries
mfa_code = var.mfa_code
profile = var.profile
region = var.region
secret_key = var.secret_key
shared_credentials_file = var.shared_credentials_file
skip_credential_validation = var.skip_credential_validation
skip_metadata_api_check = var.skip_metadata_api_check
token = var.token
# Communicator
communicator = var.communicator
pause_before_connecting = var.pause_before_connecting
ssh_agent_auth = var.ssh_agent_auth
ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
ssh_bastion_certificate_file = var.ssh_bastion_certificate_file
ssh_bastion_host = var.ssh_bastion_host
ssh_bastion_interactive = var.ssh_bastion_interactive
ssh_bastion_password = var.ssh_bastion_password
ssh_bastion_port = var.ssh_bastion_port
ssh_bastion_private_key_file = var.ssh_bastion_private_key_file
ssh_bastion_username = var.ssh_bastion_username
ssh_ciphers = var.ssh_ciphers
ssh_certificate_file = var.ssh_certificate_file
ssh_clear_authorized_keys = var.ssh_clear_authorized_keys
ssh_disable_agent_forwarding = var.ssh_disable_agent_forwarding
ssh_file_transfer_method = var.ssh_file_transfer_method
ssh_handshake_attempts = var.ssh_handshake_attempts
ssh_host = var.ssh_host
ssh_interface = var.ssh_interface # "public_dns"
ssh_keep_alive_interval = var.ssh_keep_alive_interval
ssh_key_exchange_algorithms = var.ssh_key_exchange_algorithms
ssh_keypair_name = var.ssh_keypair_name
ssh_local_tunnels = var.ssh_local_tunnels
ssh_password = var.ssh_password
ssh_port = var.ssh_port
ssh_private_key_file = var.ssh_private_key_file
ssh_proxy_host = var.ssh_proxy_host
ssh_proxy_password = var.ssh_proxy_password
ssh_proxy_port = var.ssh_proxy_port
ssh_proxy_username = var.ssh_proxy_username
ssh_pty = var.ssh_pty
ssh_read_write_timeout = var.ssh_read_write_timeout
ssh_remote_tunnels = var.ssh_remote_tunnels
ssh_timeout = var.ssh_timeout
ssh_username = var.ssh_username
temporary_key_pair_bits = var.temporary_key_pair_bits
temporary_key_pair_type = var.temporary_key_pair_type
# Run Configuration
associate_public_ip_address = var.associate_public_ip_address
capacity_reservation_preference = var.capacity_reservation_preference
capacity_reservation_group_arn = var.capacity_reservation_group_arn
capacity_reservation_id = var.capacity_reservation_id
disable_stop_instance = var.disable_stop_instance
ebs_optimized = var.ebs_optimized
enable_nitro_enclave = var.enable_nitro_enclave
enable_unlimited_credits = var.enable_unlimited_credits
iam_instance_profile = var.iam_instance_profile
instance_type = var.instance_type
fleet_tags = var.fleet_tags
pause_before_ssm = var.pause_before_ssm
dynamic "placement" {
for_each = length(var.placement) > 0 ? [var.placement] : []
content {
host_resource_group_arn = try(placement.value.host_resource_group_arn, null)
tenancy = try(placement.value.tenancy, null)
}
}
run_tags = merge(local.tags, var.run_tags)
security_group_ids = var.security_group_ids
dynamic "security_group_filter" {
for_each = length(var.security_group_filter) > 0 ? var.security_group_filter : []
content {
filters = try(security_group_filter.value.filters, null)
}
}
session_manager_port = var.session_manager_port
shutdown_behavior = var.shutdown_behavior
skip_profile_validation = var.skip_profile_validation
source_ami = data.amazon-parameterstore.this.value
dynamic "subnet_filter" {
for_each = length(var.subnet_filter) > 0 ? [var.subnet_filter] : []
content {
filters = try(subnet_filter.value.filters, null)
most_free = try(subnet_filter.value.most_free, null)
random = try(subnet_filter.value.random, null)
}
}
subnet_id = var.subnet_id
dynamic "temporary_iam_instance_profile_policy_document" {
for_each = length(var.temporary_iam_instance_profile_policy_document) > 0 ? [var.temporary_iam_instance_profile_policy_document] : []
content {
dynamic "Statement" {
for_each = temporary_iam_instance_profile_policy_document.value
content {
Action = try(Statement.value.Action, [])
Effect = try(Statement.value.Effect, "Allow")
Resource = try(Statement.value.Resource, ["*"])
}
}
Version = "2012-10-17"
}
}
temporary_security_group_source_cidrs = var.temporary_security_group_source_cidrs
temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip
user_data = var.user_data
user_data_file = var.user_data_file
dynamic "vpc_filter" {
for_each = length(var.vpc_filter) > 0 ? var.vpc_filter : []
content {
filters = try(vpc_filter.value.filters, null)
}
}
vpc_id = var.vpc_id
dynamic "metadata_options" {
for_each = length(var.metadata_options) > 0 ? [var.metadata_options] : []
content {
http_endpoint = try(metadata_options.value.http_endpoint, null)
http_put_response_hop_limit = try(metadata_options.value.http_put_response_hop_limit, null)
http_tokens = try(metadata_options.value.http_tokens, null)
instance_metadata_tags = try(metadata_options.value.instance_metadata_tags, null)
}
}
}
################################################################################
# Build
################################################################################
build {
sources = ["source.amazon-ebs.this"]
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
env = {
DEBIAN_FRONTEND = "noninteractive"
}
expect_disconnect = true
inline = [
"cloud-init status --wait",
"apt update",
"apt upgrade -y",
"apt install iptables conntrack -y",
"systemctl reboot",
]
pause_after = "15s"
}
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
env = {
DEBIAN_FRONTEND = "noninteractive"
}
inline = [
"snap install aws-cli --classic",
"snap switch --channel=candidate amazon-ssm-agent",
"curl -OL 'https://hybrid-assets.eks.amazonaws.com/releases/latest/bin/linux/amd64/nodeadm'",
"mv nodeadm /usr/bin/nodeadm",
"chmod +x /usr/bin/nodeadm",
"nodeadm install ${var.eks_version} --credential-provider ${var.credential_provider}",
]
}
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
env = {
DEBIAN_FRONTEND = "noninteractive"
}
inline = [
"apt --purge autoremove -y",
"cloud-init clean --logs --machine-id",
"mkdir -p /etc/amazon/ssm",
"cp $(find / -name '*seelog.xml.template') /etc/amazon/ssm/seelog.xml",
]
}
}
Reference in New Issue View Git Blame Copy Permalink