terraform-aws-eks/modules/self-managed-node-group/README.md

Self Managed Node Group Module

Configuration in this directory creates a Self Managed Node Group (AutoScaling Group) along with an IAM role, security group, and launch template

Usage

module "self_managed_node_group" {
  source = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"

  name                = "separate-self-mng"
  cluster_name        = "my-cluster"
  cluster_version     = "1.21"
  cluster_endpoint    = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com"
  cluster_auth_base64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="

  vpc_id     = "vpc-1234556abcdef"
  subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
  vpc_security_group_ids = [
    # cluster_security_group_id,
  ]

  min_size     = 1
  max_size     = 10
  desired_size = 1

  launch_template_name   = "separate-self-mng"
  instance_type          = "m5.large"

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Requirements

Name	Version
terraform	>= 0.13.1
aws	>= 3.72
cloudinit	>= 2.0

Providers

Name	Version
aws	>= 3.72

Modules

Name	Source	Version
user_data	../_user_data	n/a

Resources

Name	Type
aws_autoscaling_group.this	resource
aws_autoscaling_schedule.this	resource
aws_iam_instance_profile.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.this	resource
aws_launch_template.this	resource
aws_security_group.this	resource
aws_security_group_rule.this	resource
aws_ami.eks_default	data source
aws_caller_identity.current	data source
aws_iam_policy_document.assume_role_policy	data source
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
ami_id	The AMI from which to launch the instance	string	""	no
availability_zones	A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with subnet_ids argument. Conflicts with subnet_ids	list(string)	null	no
block_device_mappings	Specify volumes to attach to the instance besides the volumes specified by the AMI	any	{}	no
bootstrap_extra_args	Additional arguments passed to the bootstrap script. When platform = bottlerocket; these are additional settings that are provided to the Bottlerocket user data	string	""	no
capacity_rebalance	Indicates whether capacity rebalance is enabled	bool	null	no
capacity_reservation_specification	Targeting for EC2 capacity reservations	any	null	no
cluster_auth_base64	Base64 encoded CA of associated EKS cluster	string	""	no
cluster_endpoint	Endpoint of associated EKS cluster	string	""	no
cluster_ip_family	The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6	string	null	no
cluster_name	Name of associated EKS cluster	string	null	no
cluster_security_group_id	Cluster control plane security group ID	string	null	no
cluster_version	Kubernetes cluster version - used to lookup default AMI ID if one is not provided	string	null	no
cpu_options	The CPU options for the instance	map(string)	null	no
create	Determines whether to create self managed node group or not	bool	true	no
create_iam_instance_profile	Determines whether an IAM instance profile is created or to use an existing IAM instance profile	bool	true	no
create_launch_template	Determines whether to create launch template or not	bool	true	no
create_schedule	Determines whether to create autoscaling group schedule or not	bool	true	no
create_security_group	Determines whether to create a security group	bool	true	no
credit_specification	Customize the credit specification of the instance	map(string)	null	no
default_cooldown	The amount of time, in seconds, after a scaling activity completes before another scaling activity can start	number	null	no
delete_timeout	Delete timeout to wait for destroying autoscaling group	string	null	no
desired_size	The number of Amazon EC2 instances that should be running in the autoscaling group	number	1	no
disable_api_termination	If true, enables EC2 instance termination protection	bool	null	no
ebs_optimized	If true, the launched EC2 instance will be EBS-optimized	bool	null	no
elastic_gpu_specifications	The elastic GPU to attach to the instance	map(string)	null	no
elastic_inference_accelerator	Configuration block containing an Elastic Inference Accelerator to attach to the instance	map(string)	null	no
enable_monitoring	Enables/disables detailed monitoring	bool	true	no
enabled_metrics	A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances	list(string)	null	no
enclave_options	Enable Nitro Enclaves on launched instances	map(string)	null	no
force_delete	Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling	bool	null	no
health_check_grace_period	Time (in seconds) after instance comes into service before checking health	number	null	no
health_check_type	EC2 or ELB. Controls how health checking is done	string	null	no
hibernation_options	The hibernation options for the instance	map(string)	null	no
iam_instance_profile_arn	Amazon Resource Name (ARN) of an existing IAM instance profile that provides permissions for the node group. Required if create_iam_instance_profile = false	string	null	no
iam_role_additional_policies	Additional policies to be added to the IAM role	list(string)	[]	no
iam_role_attach_cni_policy	Whether to attach the AmazonEKS_CNI_Policy/AmazonEKS_CNI_IPv6_Policy IAM policy to the IAM IAM role. WARNING: If set false the permissions must be assigned to the aws-node DaemonSet pods via another method or nodes will not be able to join the cluster	bool	true	no
iam_role_description	Description of the role	string	null	no
iam_role_name	Name to use on IAM role created	string	null	no
iam_role_path	IAM role path	string	null	no
iam_role_permissions_boundary	ARN of the policy that is used to set the permissions boundary for the IAM role	string	null	no
iam_role_tags	A map of additional tags to add to the IAM role created	map(string)	{}	no
iam_role_use_name_prefix	Determines whether cluster IAM role name (iam_role_name) is used as a prefix	string	true	no
initial_lifecycle_hooks	One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate aws_autoscaling_lifecycle_hook resource, without the autoscaling_group_name attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use aws_autoscaling_lifecycle_hook resource	list(map(string))	[]	no
instance_initiated_shutdown_behavior	Shutdown behavior for the instance. Can be stop or terminate. (Default: stop)	string	null	no
instance_market_options	The market (purchasing) option for the instance	any	null	no
instance_refresh	If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated	any	null	no
instance_type	The type of the instance to launch	string	""	no
kernel_id	The kernel ID	string	null	no
key_name	The key name that should be used for the instance	string	null	no
launch_template_default_version	Default Version of the launch template	string	null	no
launch_template_description	Description of the launch template	string	null	no
launch_template_name	Launch template name - either to be created (var.create_launch_template = true) or existing (var.create_launch_template = false)	string	null	no
launch_template_use_name_prefix	Determines whether to use launch_template_name as is or create a unique name beginning with the launch_template_name as the prefix	bool	true	no
launch_template_version	Launch template version. Can be version number, $Latest, or $Default	string	null	no
license_specifications	A list of license specifications to associate with	map(string)	null	no
max_instance_lifetime	The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds	number	null	no
max_size	The maximum size of the autoscaling group	number	3	no
metadata_options	Customize the metadata options for the instance	map(string)	{ "http_endpoint": "enabled", "http_put_response_hop_limit": 2, "http_tokens": "required" }	no
metrics_granularity	The granularity to associate with the metrics to collect. The only valid value is 1Minute	string	null	no
min_elb_capacity	Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes	number	null	no
min_size	The minimum size of the autoscaling group	number	0	no
mixed_instances_policy	Configuration block containing settings to define launch targets for Auto Scaling groups	any	null	no
name	Name of the Self managed Node Group	string	""	no
network_interfaces	Customize network interfaces to be attached at instance boot time	list(any)	[]	no
placement	The placement of the instance	map(string)	null	no
placement_group	The name of the placement group into which you'll launch your instances, if any	string	null	no
platform	Identifies if the OS platform is bottlerocket, linux, or windows based	string	"linux"	no
post_bootstrap_user_data	User data that is appended to the user data script after of the EKS bootstrap script. Not used when platform = bottlerocket	string	""	no
pre_bootstrap_user_data	User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when platform = bottlerocket	string	""	no
propagate_tags	A list of tag blocks. Each element should have keys named key, value, and propagate_at_launch	list(map(string))	[]	no
protect_from_scale_in	Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events.	bool	false	no
ram_disk_id	The ID of the ram disk	string	null	no
schedules	Map of autoscaling group schedule to create	map(any)	{}	no
security_group_description	Description for the security group created	string	"EKS self-managed node group security group"	no
security_group_name	Name to use on security group created	string	null	no
security_group_rules	List of security group rules to add to the security group created	any	{}	no
security_group_tags	A map of additional tags to add to the security group created	map(string)	{}	no
security_group_use_name_prefix	Determines whether the security group name (security_group_name) is used as a prefix	string	true	no
service_linked_role_arn	The ARN of the service-linked role that the ASG will use to call other AWS services	string	null	no
subnet_ids	A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with availability_zones	list(string)	null	no
suspended_processes	A list of processes to suspend for the Auto Scaling Group. The allowed values are Launch, Terminate, HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification, ScheduledActions, AddToLoadBalancer. Note that if you suspend either the Launch or Terminate process types, it can prevent your Auto Scaling Group from functioning properly	list(string)	null	no
tags	A map of tags to add to all resources	map(string)	{}	no
target_group_arns	A set of aws_alb_target_group ARNs, for use with Application or Network Load Balancing	list(string)	[]	no
termination_policies	A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy, Default	list(string)	null	no
update_launch_template_default_version	Whether to update Default Version each update. Conflicts with launch_template_default_version	bool	true	no
use_mixed_instances_policy	Determines whether to use a mixed instances policy in the autoscaling group or not	bool	false	no
use_name_prefix	Determines whether to use name as is or create a unique name beginning with the name as the prefix	bool	true	no
user_data_template_path	Path to a local, custom user data template file to use when rendering user data	string	""	no
vpc_id	ID of the VPC where the security group/nodes will be provisioned	string	null	no
vpc_security_group_ids	A list of security group IDs to associate	list(string)	[]	no
wait_for_capacity_timeout	A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior.	string	null	no
wait_for_elb_capacity	Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over min_elb_capacity behavior.	number	null	no
warm_pool	If this block is configured, add a Warm Pool to the specified Auto Scaling group	any	null	no

Outputs

Name	Description
autoscaling_group_arn	The ARN for this autoscaling group
autoscaling_group_availability_zones	The availability zones of the autoscaling group
autoscaling_group_default_cooldown	Time between a scaling activity and the succeeding scaling activity
autoscaling_group_desired_capacity	The number of Amazon EC2 instances that should be running in the group
autoscaling_group_health_check_grace_period	Time after instance comes into service before checking health
autoscaling_group_health_check_type	EC2 or ELB. Controls how health checking is done
autoscaling_group_id	The autoscaling group id
autoscaling_group_max_size	The maximum size of the autoscaling group
autoscaling_group_min_size	The minimum size of the autoscaling group
autoscaling_group_name	The autoscaling group name
autoscaling_group_schedule_arns	ARNs of autoscaling group schedules
autoscaling_group_vpc_zone_identifier	The VPC zone identifier
iam_instance_profile_arn	ARN assigned by AWS to the instance profile
iam_instance_profile_id	Instance profile's ID
iam_instance_profile_unique	Stable and unique string identifying the IAM instance profile
iam_role_arn	The Amazon Resource Name (ARN) specifying the IAM role
iam_role_name	The name of the IAM role
iam_role_unique_id	Stable and unique string identifying the IAM role
launch_template_arn	The ARN of the launch template
launch_template_id	The ID of the launch template
launch_template_latest_version	The latest version of the launch template
platform	Identifies if the OS platform is bottlerocket, linux, or windows based
security_group_arn	Amazon Resource Name (ARN) of the security group
security_group_id	ID of the security group