fix: removing unused node groups

caiocsgomes · Apr 29, 2024 · cdbfa40 · cdbfa40
1 parent 29dc672
commit cdbfa40
Showing 1 changed file with 3 additions and 202 deletions.
diff --git a/terraform/environments/prod/eks.tf b/terraform/environments/prod/eks.tf
@@ -62,34 +62,7 @@ module "eks" {
  vpc_id = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets
 
- eks_managed_node_group_defaults = {
- ami_type = "AL2_x86_64"
- instance_types = var.instance_types
-
- # We are using the IRSA created below for permissions
- # However, we have to deploy with the policy attached FIRST (when creating a fresh cluster)
- # and then turn this off after the cluster/node group is created. Without this initial policy,
- # the VPC CNI fails to assign IPs and nodes cannot join the cluster
- # See https://github.com/aws/containers-roadmap/issues/1666 for more context
- iam_role_attach_cni_policy = true
- }
-
  eks_managed_node_groups = {
- # Default node group - as provided by AWS EKS
- default_node_group = {
- # By default, the module creates a launch template to ensure tags are propagated to instances, etc.,
- # so we need to disable it to use the default template provided by the AWS EKS managed node group service
- use_custom_launch_template = false
-
- disk_size = var.disk_size
-
- # Remote access cannot be specified with a launch template
- remote_access = {
- ec2_ssh_key = module.key_pair.key_pair_name
- source_security_group_ids = [aws_security_group.remote_access.id]
- }
- }
-
  # Default node group - as provided by AWS EKS using Bottlerocket
  bottlerocket_default = {
  # By default, the module creates a launch template to ensure tags are propagated to instances, etc.,
@@ -99,179 +72,7 @@ module "eks" {
  ami_type = "BOTTLEROCKET_x86_64"
  platform = "bottlerocket"
  }
-
- # Adds to the AWS provided user data
- bottlerocket_add = {
- ami_type = "BOTTLEROCKET_x86_64"
- platform = "bottlerocket"
-
- # This will get added to what AWS provides
- bootstrap_extra_args = <<-EOT
- # extra args added
- [settings.kernel]
- lockdown = "integrity"
- EOT
- }
-
- # Custom AMI, using module provided bootstrap data
- bottlerocket_custom = {
- # Current bottlerocket AMI
- ami_id = data.aws_ami.eks_default_bottlerocket.image_id
- platform = "bottlerocket"
-
- # Use module user data template to bootstrap
- enable_bootstrap_user_data = true
- # This will get added to the template
- bootstrap_extra_args = <<-EOT
- # The admin host container provides SSH access and runs with "superpowers".
- # It is disabled by default, but can be disabled explicitly.
- [settings.host-containers.admin]
- enabled = false
-
- # The control host container provides out-of-band access via SSM.
- # It is enabled by default, and can be disabled if you do not expect to use SSM.
- # This could leave you with no way to access the API and change settings on an existing node!
- [settings.host-containers.control]
- enabled = true
-
- # extra args added
- [settings.kernel]
- lockdown = "integrity"
-
- [settings.kubernetes.node-labels]
- label1 = "foo"
- label2 = "bar"
-
- [settings.kubernetes.node-taints]
- dedicated = "experimental:PreferNoSchedule"
- special = "true:NoSchedule"
- EOT
- }
-
- # Use a custom AMI
- custom_ami = {
- ami_type = "AL2_ARM_64"
- # Current default AMI used by managed node groups - pseudo "custom"
- ami_id = data.aws_ami.eks_default_arm.image_id
-
- # This will ensure the bootstrap user data is used to join the node
- # By default, EKS managed node groups will not append bootstrap script;
- # this adds it back in using the default template provided by the module
- # Note: this assumes the AMI provided is an EKS optimized AMI derivative
- enable_bootstrap_user_data = true
-
- instance_types = ["t4g.medium"]
- }
-
- # Complete
- complete = {
- name = "complete-eks-mng"
- use_name_prefix = true
-
- subnet_ids = module.vpc.private_subnets
-
- min_size = 1
- max_size = 2
- desired_size = 1
-
- ami_id = data.aws_ami.eks_default.image_id
- enable_bootstrap_user_data = true
-
- pre_bootstrap_user_data = <<-EOT
- export FOO=bar
- EOT
-
- post_bootstrap_user_data = <<-EOT
- echo "you are free little kubelet!"
- EOT
-
- capacity_type = "ON_DEMAND"
- force_update_version = true
- instance_types = var.instance_types
- labels = {
- GithubRepo = "terraform-aws-eks"
- GithubOrg = "terraform-aws-modules"
- }
-
- taints = [
- {
- key = "dedicated"
- value = "gpuGroup"
- effect = "NO_SCHEDULE"
- }
- ]
-
- update_config = {
- max_unavailable_percentage = 33 # or set `max_unavailable`
- }
-
- description = "EKS managed node group example launch template"
-
- ebs_optimized = true
- disable_api_termination = false
- enable_monitoring = true
-
- block_device_mappings = {
- xvda = {
- device_name = "/dev/xvda"
- ebs = {
- volume_size = 75
- volume_type = "gp3"
- iops = 3000
- throughput = 150
- encrypted = true
- kms_key_id = module.ebs_kms_key.key_arn
- delete_on_termination = true
- }
- }
- }
-
- metadata_options = {
- http_endpoint = "enabled"
- http_tokens = "required"
- http_put_response_hop_limit = 2
- instance_metadata_tags = "disabled"
- }
-
- create_iam_role = true
- iam_role_name = "eks-managed-node-group-complete-example"
- iam_role_use_name_prefix = false
- iam_role_description = "EKS managed node group complete example role"
- iam_role_tags = {
- Purpose = "Protector of the kubelet"
- }
- iam_role_additional_policies = {
- AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
- additional = aws_iam_policy.node_additional.arn
- }
-
- schedules = {
- scale-up = {
- min_size = 2
- max_size = "-1" # Retains current max size
- desired_size = 2
- start_time = "2023-03-05T00:00:00Z"
- end_time = "2024-03-05T00:00:00Z"
- time_zone = "Etc/GMT+0"
- recurrence = "0 0 * * *"
- },
- scale-down = {
- min_size = 0
- max_size = "-1" # Retains current max size
- desired_size = 0
- start_time = "2023-03-05T12:00:00Z"
- end_time = "2024-03-05T12:00:00Z"
- time_zone = "Etc/GMT+0"
- recurrence = "0 12 * * *"
- }
- }
-
- tags = {
- ExtraTag = "EKS managed node group complete"
- }
- }
  }
-
  tags = local.tags
 }
 
@@ -280,7 +81,7 @@ module "eks" {
 ################################################################################
 
 module "vpc_cni_irsa" {
- source  = "github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-role-for-service-accounts-eks?ref=v5.39.0"
+ source = "github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-role-for-service-accounts-eks?ref=v5.39.0"
 
  role_name_prefix = "VPC-CNI-IRSA"
  attach_vpc_cni_policy = true
@@ -298,7 +99,7 @@ module "vpc_cni_irsa" {
 }
 
 module "ebs_kms_key" {
- source  = "github.com/terraform-aws-modules/terraform-aws-kms?ref=v2.2.1"
+ source = "github.com/terraform-aws-modules/terraform-aws-kms?ref=v2.2.1"
 
  description = "Customer managed key to encrypt EKS managed node group volumes"
 
@@ -321,7 +122,7 @@ module "ebs_kms_key" {
 }
 
 module "key_pair" {
- source  = "github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v2.0.3"
+ source = "github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v2.0.3"
 
  key_name_prefix = local.name
  create_private_key = true