From cdbfa402a8018b70f9af6fd687637aefaa429de3 Mon Sep 17 00:00:00 2001 From: Caio Gomes Date: Mon, 29 Apr 2024 17:44:57 -0300 Subject: [PATCH] fix: removing unused node groups --- terraform/environments/prod/eks.tf | 205 +---------------------------- 1 file changed, 3 insertions(+), 202 deletions(-) diff --git a/terraform/environments/prod/eks.tf b/terraform/environments/prod/eks.tf index 7dc5e37..5dc14c8 100644 --- a/terraform/environments/prod/eks.tf +++ b/terraform/environments/prod/eks.tf @@ -62,34 +62,7 @@ module "eks" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - eks_managed_node_group_defaults = { - ami_type = "AL2_x86_64" - instance_types = var.instance_types - - # We are using the IRSA created below for permissions - # However, we have to deploy with the policy attached FIRST (when creating a fresh cluster) - # and then turn this off after the cluster/node group is created. Without this initial policy, - # the VPC CNI fails to assign IPs and nodes cannot join the cluster - # See https://github.com/aws/containers-roadmap/issues/1666 for more context - iam_role_attach_cni_policy = true - } - eks_managed_node_groups = { - # Default node group - as provided by AWS EKS - default_node_group = { - # By default, the module creates a launch template to ensure tags are propagated to instances, etc., - # so we need to disable it to use the default template provided by the AWS EKS managed node group service - use_custom_launch_template = false - - disk_size = var.disk_size - - # Remote access cannot be specified with a launch template - remote_access = { - ec2_ssh_key = module.key_pair.key_pair_name - source_security_group_ids = [aws_security_group.remote_access.id] - } - } - # Default node group - as provided by AWS EKS using Bottlerocket bottlerocket_default = { # By default, the module creates a launch template to ensure tags are propagated to instances, etc., @@ -99,179 +72,7 @@ module "eks" { ami_type = "BOTTLEROCKET_x86_64" platform = "bottlerocket" } - - # Adds to the AWS provided user data - bottlerocket_add = { - ami_type = "BOTTLEROCKET_x86_64" - platform = "bottlerocket" - - # This will get added to what AWS provides - bootstrap_extra_args = <<-EOT - # extra args added - [settings.kernel] - lockdown = "integrity" - EOT - } - - # Custom AMI, using module provided bootstrap data - bottlerocket_custom = { - # Current bottlerocket AMI - ami_id = data.aws_ami.eks_default_bottlerocket.image_id - platform = "bottlerocket" - - # Use module user data template to bootstrap - enable_bootstrap_user_data = true - # This will get added to the template - bootstrap_extra_args = <<-EOT - # The admin host container provides SSH access and runs with "superpowers". - # It is disabled by default, but can be disabled explicitly. - [settings.host-containers.admin] - enabled = false - - # The control host container provides out-of-band access via SSM. - # It is enabled by default, and can be disabled if you do not expect to use SSM. - # This could leave you with no way to access the API and change settings on an existing node! - [settings.host-containers.control] - enabled = true - - # extra args added - [settings.kernel] - lockdown = "integrity" - - [settings.kubernetes.node-labels] - label1 = "foo" - label2 = "bar" - - [settings.kubernetes.node-taints] - dedicated = "experimental:PreferNoSchedule" - special = "true:NoSchedule" - EOT - } - - # Use a custom AMI - custom_ami = { - ami_type = "AL2_ARM_64" - # Current default AMI used by managed node groups - pseudo "custom" - ami_id = data.aws_ami.eks_default_arm.image_id - - # This will ensure the bootstrap user data is used to join the node - # By default, EKS managed node groups will not append bootstrap script; - # this adds it back in using the default template provided by the module - # Note: this assumes the AMI provided is an EKS optimized AMI derivative - enable_bootstrap_user_data = true - - instance_types = ["t4g.medium"] - } - - # Complete - complete = { - name = "complete-eks-mng" - use_name_prefix = true - - subnet_ids = module.vpc.private_subnets - - min_size = 1 - max_size = 2 - desired_size = 1 - - ami_id = data.aws_ami.eks_default.image_id - enable_bootstrap_user_data = true - - pre_bootstrap_user_data = <<-EOT - export FOO=bar - EOT - - post_bootstrap_user_data = <<-EOT - echo "you are free little kubelet!" - EOT - - capacity_type = "ON_DEMAND" - force_update_version = true - instance_types = var.instance_types - labels = { - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-modules" - } - - taints = [ - { - key = "dedicated" - value = "gpuGroup" - effect = "NO_SCHEDULE" - } - ] - - update_config = { - max_unavailable_percentage = 33 # or set `max_unavailable` - } - - description = "EKS managed node group example launch template" - - ebs_optimized = true - disable_api_termination = false - enable_monitoring = true - - block_device_mappings = { - xvda = { - device_name = "/dev/xvda" - ebs = { - volume_size = 75 - volume_type = "gp3" - iops = 3000 - throughput = 150 - encrypted = true - kms_key_id = module.ebs_kms_key.key_arn - delete_on_termination = true - } - } - } - - metadata_options = { - http_endpoint = "enabled" - http_tokens = "required" - http_put_response_hop_limit = 2 - instance_metadata_tags = "disabled" - } - - create_iam_role = true - iam_role_name = "eks-managed-node-group-complete-example" - iam_role_use_name_prefix = false - iam_role_description = "EKS managed node group complete example role" - iam_role_tags = { - Purpose = "Protector of the kubelet" - } - iam_role_additional_policies = { - AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - additional = aws_iam_policy.node_additional.arn - } - - schedules = { - scale-up = { - min_size = 2 - max_size = "-1" # Retains current max size - desired_size = 2 - start_time = "2023-03-05T00:00:00Z" - end_time = "2024-03-05T00:00:00Z" - time_zone = "Etc/GMT+0" - recurrence = "0 0 * * *" - }, - scale-down = { - min_size = 0 - max_size = "-1" # Retains current max size - desired_size = 0 - start_time = "2023-03-05T12:00:00Z" - end_time = "2024-03-05T12:00:00Z" - time_zone = "Etc/GMT+0" - recurrence = "0 12 * * *" - } - } - - tags = { - ExtraTag = "EKS managed node group complete" - } - } } - tags = local.tags } @@ -280,7 +81,7 @@ module "eks" { ################################################################################ module "vpc_cni_irsa" { - source = "github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-role-for-service-accounts-eks?ref=v5.39.0" + source = "github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-role-for-service-accounts-eks?ref=v5.39.0" role_name_prefix = "VPC-CNI-IRSA" attach_vpc_cni_policy = true @@ -298,7 +99,7 @@ module "vpc_cni_irsa" { } module "ebs_kms_key" { - source = "github.com/terraform-aws-modules/terraform-aws-kms?ref=v2.2.1" + source = "github.com/terraform-aws-modules/terraform-aws-kms?ref=v2.2.1" description = "Customer managed key to encrypt EKS managed node group volumes" @@ -321,7 +122,7 @@ module "ebs_kms_key" { } module "key_pair" { - source = "github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v2.0.3" + source = "github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v2.0.3" key_name_prefix = local.name create_private_key = true