Test node group changes

aws · Sep 16, 2023 · 3d2ab06 · 3d2ab06
1 parent 6f1135c
commit 3d2ab06
Showing 1 changed file with 69 additions and 40 deletions.
diff --git a/integration-tests/terraform/eks/beta/main.tf b/integration-tests/terraform/eks/beta/main.tf
@@ -23,61 +23,90 @@ resource "aws_eks_cluster" "this" {
   }
 }
 
-resource "null_resource" "kubectl" {
+# EKS Node Groups
+resource "aws_eks_node_group" "this" {
+  cluster_name    = aws_eks_cluster.this.name
+  node_group_name = "cwagent-operator-eks-integ-node"
+  node_role_arn   = aws_iam_role.node_role.arn
+  subnet_ids      = module.basic_components.public_subnet_ids
+
+  scaling_config {
+    desired_size = 1
+    max_size     = 1
+    min_size     = 1
+  }
+
+  ami_type       = "AL2_x86_64"
+  capacity_type  = "ON_DEMAND"
+  disk_size      = 20
+  instance_types = ["t3.medium"]
+
   depends_on = [
-    aws_eks_cluster.this
+    aws_iam_role_policy_attachment.node_AmazonEC2ContainerRegistryReadOnly,
+    aws_iam_role_policy_attachment.node_AmazonEKS_CNI_Policy,
+    aws_iam_role_policy_attachment.node_AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.node_CloudWatchAgentServerPolicy
   ]
-  provisioner "local-exec" {
-    command = <<-EOT
-      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} update-kubeconfig --name ${aws_eks_cluster.this.name}
-      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} list-clusters --output text
-      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} describe-cluster --name ${aws_eks_cluster.this.name} --output text
-    EOT
-  }
 }
 
-resource "aws_cloudformation_stack" "node-stack" {
-  name          = "${aws_eks_cluster.this.name}-nodegroup"
-  capabilities  = ["CAPABILITY_IAM"]
-  template_body = file("${path.module}/amazon-eks-nodegroup.yaml")
-  parameters    = {
-    NodeInstanceType                    = "t3.medium"
-    NodeAutoScalingGroupMinSize         = 1
-    NodeAutoScalingGroupMaxSize         = 1
-    NodeAutoScalingGroupDesiredCapacity = 1
-    NodeImageId                         = "ami-015a336f2a25fc752"
-    ClusterName                         = aws_eks_cluster.this.name
-    NodeGroupName                       = "${aws_eks_cluster.this.name}-nodegroup"
-    ClusterControlPlaneSecurityGroup    = module.basic_components.security_group
-    VpcId                               = module.basic_components.vpc_id
-    DisableIMDSv1                       = true
-    Subnets                             = join(",", module.basic_components.public_subnet_ids)
-  }
-  depends_on = [
-    aws_eks_cluster.this
+# EKS Node IAM Role
+resource "aws_iam_role" "node_role" {
+  name = "cwagent-operator-eks-Worker-Role-${module.common.testing_id}"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
   ]
 }
+POLICY
+}
 
-resource "null_resource" "apply_auth" {
+resource "aws_iam_role_policy_attachment" "node_AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.node_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "node_AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.node_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "node_AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.node_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "node_CloudWatchAgentServerPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+  role       = aws_iam_role.node_role.name
+}
+
+resource "null_resource" "kubectl" {
   depends_on = [
-    aws_cloudformation_stack.node-stack,
-    null_resource.kubectl
+    aws_eks_cluster.this,
+    aws_eks_node_group.this
   ]
   provisioner "local-exec" {
-    command     = "auth_config.sh"
-    interpreter = ["/bin/bash"]
-    working_dir = path.module
-    environment = {
-      NODE_ROLE   = aws_cloudformation_stack.node-stack.outputs.NodeInstanceRole
-      CLUSTER_ARN = aws_eks_cluster.this.arn
-    }
+    command = <<-EOT
+      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} update-kubeconfig --name ${aws_eks_cluster.this.name}
+      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} update-kubeconfig --name ${aws_eks_cluster.this.name}
+      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} list-clusters --output text
+      aws eks --endpoint ${var.beta_endpoint} --region ${var.region} describe-cluster --name ${aws_eks_cluster.this.name} --output text
+    EOT
   }
 }
 
 resource "aws_eks_addon" "this" {
   depends_on = [
-    aws_cloudformation_stack.node-stack,
-    null_resource.apply_auth
+    null_resource.kubectl
   ]
   addon_name   = var.addon
   cluster_name = aws_eks_cluster.this.name