Fix CoreDNS PDB issue conflicting values (#78)

* Set module default verison * Fix PDB problem due to eks addon now includes PDB * edit description * Add variable for flag to create pdb, now that pdb is managed by the eks addon --------- Co-authored-by: Poh Peng <thepoppingone@users.noreply.github.com>
SPHTech-Platform · Jun 30, 2023 · d0c3f54 · d0c3f54
1 parent 7c1bfde
commit d0c3f54
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 6 deletions.
diff --git a/modules/eks_managed_nodes/README.md b/modules/eks_managed_nodes/README.md
@@ -33,7 +33,7 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS Cluster name | `string` | n/a | yes |
 | <a name="input_cluster_service_ipv4_cidr"></a> [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
-| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | EKS Cluster Version | `string` | `"1.25"` | no |
+| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | EKS Cluster Version | `string` | `"1.27"` | no |
 | <a name="input_eks_managed_node_group_defaults"></a> [eks\_managed\_node\_group\_defaults](#input\_eks\_managed\_node\_group\_defaults) | Map of EKS managed node group default configurations | `any` | <pre>{<br> "create_iam_role": false,<br> "ebs_optimized": true,<br> "enable_monitoring": true,<br> "protect_from_scale_in": false,<br> "update_launch_template_default_version": true<br>}</pre> | no |
 | <a name="input_eks_managed_node_groups"></a> [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | Map of EKS managed node group definitions to create | `any` | `{}` | no |
 | <a name="input_force_imdsv2"></a> [force\_imdsv2](#input\_force\_imdsv2) | Force IMDSv2 metadata server. | `bool` | `true` | no |

diff --git a/modules/eks_managed_nodes/variables.tf b/modules/eks_managed_nodes/variables.tf
@@ -9,7 +9,7 @@ variable "cluster_name" {
 variable "cluster_version" {
  description = "EKS Cluster Version"
  type = string
- default = "1.25"
+ default = "1.27"
 }
 
 variable "worker_iam_role_arn" {

diff --git a/modules/essentials/README.md b/modules/essentials/README.md
@@ -178,8 +178,9 @@ module "eks_essentials" {
 | <a name="input_cluster_resource_namespace"></a> [cluster\_resource\_namespace](#input\_cluster\_resource\_namespace) | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart. | `string` | `""` | no |
 | <a name="input_configure_ecr_pull_through"></a> [configure\_ecr\_pull\_through](#input\_configure\_ecr\_pull\_through) | Configure ECR Pull Through Cache. | `bool` | `true` | no |
 | <a name="input_container_security_context"></a> [container\_security\_context](#input\_container\_security\_context) | Configure container security context | `map(string)` | `{}` | no |
-| <a name="input_coredns_pdb_min_available"></a> [coredns\_pdb\_min\_available](#input\_coredns\_pdb\_min\_available) | PDB min available CoreDNS pods. | `number` | `1` | no |
+| <a name="input_coredns_pdb_max_unavailable"></a> [coredns\_pdb\_max\_unavailable](#input\_coredns\_pdb\_max\_unavailable) | PDB max unavailable CoreDNS pods. | `number` | `1` | no |
 | <a name="input_create_node_termination_handler_sqs"></a> [create\_node\_termination\_handler\_sqs](#input\_create\_node\_termination\_handler\_sqs) | Whether to create node\_termination\_handler\_sqs. | `bool` | `false` | no |
+| <a name="input_create_pdb_for_coredns"></a> [create\_pdb\_for\_coredns](#input\_create\_pdb\_for\_coredns) | Create PDB for CoreDNS | `bool` | `false` | no |
 | <a name="input_csi_allow_volume_expansion"></a> [csi\_allow\_volume\_expansion](#input\_csi\_allow\_volume\_expansion) | Allow volume expansion in the StorageClass for CSI. Can be true or false | `bool` | `true` | no |
 | <a name="input_csi_default_storage_class"></a> [csi\_default\_storage\_class](#input\_csi\_default\_storage\_class) | Set the CSI StorageClass as the default storage class | `bool` | `true` | no |
 | <a name="input_csi_encryption_enable"></a> [csi\_encryption\_enable](#input\_csi\_encryption\_enable) | Enable encryption for CSI Storage Class | `bool` | `true` | no |

diff --git a/modules/essentials/coredns.tf b/modules/essentials/coredns.tf
@@ -1,5 +1,8 @@
 # CoreDNS does not come with a PDB defined. We need to define this to prevent downtimes
 resource "kubernetes_pod_disruption_budget_v1" "coredns" {
+
+ count = var.create_pdb_for_coredns ? 1 : 0
+
  metadata {
  name = "coredns"
  namespace = "kube-system"
@@ -8,7 +11,7 @@ resource "kubernetes_pod_disruption_budget_v1" "coredns" {
  labels = var.kubernetes_labels
  }
  spec {
- min_available = var.coredns_pdb_min_available
+ max_unavailable = var.coredns_pdb_max_unavailable
  selector {
  match_labels = {
  "eks.amazonaws.com/component" = "coredns"

diff --git a/modules/essentials/variables.tf b/modules/essentials/variables.tf
@@ -207,6 +207,12 @@ variable "cluster_autoscaler_pdb" {
  }
 }
 
+variable "create_pdb_for_coredns" {
+ description = "Create PDB for CoreDNS"
+ type = bool
+ default = false
+}
+
 variable "cluster_autoscaler_priority_class" {
  description = "Priority class for Cluster Autoscaler"
  type = string
@@ -254,8 +260,8 @@ variable "cluster_autoscaler_service_annotations" {
 #####################
 # CoreDNS PDB
 #####################
-variable "coredns_pdb_min_available" {
- description = "PDB min available CoreDNS pods."
+variable "coredns_pdb_max_unavailable" {
+ description = "PDB max unavailable CoreDNS pods."
  type = number
  default = 1
 }