Merge pull request #9 from terraform-aws-modules/master

v8.2.0 update
binbashar · Jan 30, 2020 · 521826b · 521826b
2 parents cd9be61 + dd06c59
commit 521826b
Show file tree

Hide file tree

Showing 9 changed files with 139 additions and 106 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - uses: actions/checkout@master
       - name: Install Deps
-        run: brew install pre-commit terraform-docs terraform
+        run: brew update && brew install pre-commit terraform-docs terraform
       - name: Check Docs
         run: pre-commit run --show-diff-on-failure --all-files terraform_docs
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,9 +1,8 @@
 repos:
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.22.0
+  rev: v1.24.0
   hooks:
     - id: terraform_fmt
     - id: terraform_docs
-      args: [--args=--with-aggregate-type-defaults --no-escape]
     - id: terraform_validate
     - id: terraform_tflint
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,12 +7,18 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ## Next release
 
-## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.1.0...HEAD)] - YYYY-MM-DD]
+## [[v8.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.2.0...HEAD)] - 2020-xx-xx]
 
 - Write your awesome change here (by @you)
 
 # History
 
+## [[v8.2.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.1.0...v8.2.0)] - 2020-01-29]
+
+- Include ability to configure custom os-specific command for waiting until kube cluster is healthy (@sanjeevgiri)
+- Disable creation of ingress rules if worker nodes security groups are exists (@andjelx)
+- [CI] Update pre-commit and re-generate docs to work with terraform-docs >= 0.8.1 (@barryib)
+
 ## [[v8.1.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v8.0.0...v8.1.0)] - 2020-01-17]
 
 - Fix index reference on destroy for output `oidc_provider_arn` (@stevie-)

diff --git a/README.md b/README.md
diff --git a/aws_auth.tf b/aws_auth.tf
@@ -50,8 +50,8 @@ data "template_file" "node_group_arns" {
 }
 
 resource "kubernetes_config_map" "aws_auth" {
-  depends_on = [aws_eks_cluster.this]
   count      = var.create_eks && var.manage_aws_auth ? 1 : 0
+  depends_on = [null_resource.wait_for_cluster[0]]
 
   metadata {
     name      = "aws-auth"

diff --git a/cluster.tf b/cluster.tf
@@ -32,10 +32,20 @@ resource "aws_eks_cluster" "this" {
     aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,
     aws_cloudwatch_log_group.this
   ]
+}
+
+resource "null_resource" "wait_for_cluster" {
+  count = var.manage_aws_auth ? 1 : 0
+
+  depends_on = [
+    aws_eks_cluster.this[0]
+  ]
+
   provisioner "local-exec" {
-    command = <<EOT
-    until curl -k -s ${aws_eks_cluster.this[0].endpoint}/healthz >/dev/null; do sleep 4; done
-  EOT
+    command = var.wait_for_cluster_cmd
+    environment = {
+      ENDPOINT = aws_eks_cluster.this[0].endpoint
+    }
   }
 }
 
@@ -64,7 +74,7 @@ resource "aws_security_group_rule" "cluster_egress_internet" {
 }
 
 resource "aws_security_group_rule" "cluster_https_worker_ingress" {
-  count                    = var.create_eks ? 1 : 0
+  count                    = var.worker_security_group_id == "" && var.create_eks ? 1 : 0
   description              = "Allow pods to communicate with the EKS cluster API."
   protocol                 = "tcp"
   security_group_id        = local.cluster_security_group_id

diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
@@ -33,23 +33,30 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | version | Kubernetes version | string | Provider default behavior |
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+| random | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| cluster_name | Name of parent cluster | string | n/a | yes |
-| create_eks | Controls if EKS resources should be created (it affects almost all resources) | bool | `"true"` | no |
-| default_iam_role_arn | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | string | n/a | yes |
-| node_groups | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | any | `{}` | no |
-| node_groups_defaults | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | any | n/a | yes |
-| tags | A map of tags to add to all resources | map(string) | n/a | yes |
-| workers_group_defaults | Workers group defaults from parent | any | n/a | yes |
+|------|-------------|------|---------|:-----:|
+| cluster\_name | Name of parent cluster | `string` | n/a | yes |
+| create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no |
+| default\_iam\_role\_arn | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | `string` | n/a | yes |
+| node\_groups | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no |
+| node\_groups\_defaults | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes |
+| tags | A map of tags to add to all resources | `map(string)` | n/a | yes |
+| workers\_group\_defaults | Workers group defaults from parent | `any` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| aws_auth_roles | Roles for use in aws-auth ConfigMap |
-| node_groups | Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values |
+| aws\_auth\_roles | Roles for use in aws-auth ConfigMap |
+| node\_groups | Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/variables.tf b/variables.tf
@@ -198,10 +198,10 @@ variable "cluster_delete_timeout" {
   default     = "15m"
 }
 
-variable "local_exec_interpreter" {
-  description = "Command to run for local-exec resources. Must be a shell-style interpreter. If you are on Windows Git Bash is a good choice."
-  type        = list(string)
-  default     = ["/bin/sh", "-c"]
+variable "wait_for_cluster_cmd" {
+  description = "Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT"
+  type        = string
+  default     = "until curl -k -s $ENDPOINT/healthz >/dev/null; do sleep 4; done"
 }
 
 variable "worker_create_initial_lifecycle_hooks" {

diff --git a/version b/version
@@ -1 +1 @@
-v8.1.0
+v8.2.0