Added support for eks v1.32 (#73) (#74)

Co-authored-by: ankush-sqops <ankush.upadhyay@squareops.com>

Added Support for EKS v1.32
Added option to enable or disbale vpc cni plugin

Author: ns-squareops

README.md

@@ -7,9 +7,9 @@
 
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
-This module simplifies the deployment of EKS clusters with dual stack mode for Cluster IP family like IPv6 and IPv4, allowing users to quickly create and manage a production-grade Kubernetes cluster on AWS. The module is highly configurable, allowing users to customize various aspects of the EKS cluster, such as the Kubernetes version, worker node instance type, number of worker nodes, and now with added support for EKS version 1.30.
+This module simplifies the deployment of EKS clusters with dual stack mode for Cluster IP family like IPv6 and IPv4, allowing users to quickly create and manage a production-grade Kubernetes cluster on AWS. The module is highly configurable, allowing users to customize various aspects of the EKS cluster, such as the Kubernetes version, worker node instance type, number of worker nodes, and now with added support for EKS version 1.32.
 <br>
-With this module, users can take advantage of the latest features and improvements offered by EKS 1.30 while maintaining the ease and convenience of automated deployment. The module provides a streamlined solution for setting up EKS clusters, reducing the manual effort required for setup and configuration.
+With this module, users can take advantage of the latest features and improvements offered by EKS 1.32 while maintaining the ease and convenience of automated deployment. The module provides a streamlined solution for setting up EKS clusters, reducing the manual effort required for setup and configuration.
 
 
 ## Usage Example
@@ -22,7 +22,7 @@ module "eks" {
   vpc_subnet_ids                           = [module.vpc.private_subnets[0]]
   environment                              = "prod"
   eks_kms_key_arn                          = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
-  eks_cluster_version                      = "1.30"
+  eks_cluster_version                      = "1.32"
   eks_cluster_log_types                    = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   eks_cluster_log_retention_in_days        = 30
   eks_cluster_endpoint_public_access       = true
@@ -56,7 +56,8 @@ module "eks" {
       cidr_blocks = ["10.10.0.0/16"]
     }
   }
-  vpc_cni_version = "v1.19.3-eksbuild.1"
+  enable_vpc_cni_addon = true
+  vpc_cni_version      = "v1.19.3-eksbuild.1"
 }
 
 module "managed_node_group_addons" {

examples/complete/README.md

@@ -26,8 +26,8 @@ This directory contains a complete example that demonstrates the usage of the Te
 | <a name="module_key_pair_vpn"></a> [key\_pair\_vpn](#module\_key\_pair\_vpn) | squareops/keypair/aws | 1.0.2 |
 | <a name="module_key_pair_eks"></a> [key\_pair\_eks](#module\_key\_pair\_eks) | squareops/keypair/aws | 1.0.2 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | 3.4.1 |
-| <a name="module_eks"></a> [eks](#module\_eks) | squareops/eks/aws | 5.4.1 |
-| <a name="module_managed_node_group_addons"></a> [managed\_node\_group\_addons](#module\_managed\_node\_group\_addons) | squareops/eks/aws//modules/managed-nodegroup | 5.4.1 |
+| <a name="module_eks"></a> [eks](#module\_eks) | squareops/eks/aws | 5.4.2 |
+| <a name="module_managed_node_group_addons"></a> [managed\_node\_group\_addons](#module\_managed\_node\_group\_addons) | squareops/eks/aws//modules/managed-nodegroup | 5.4.2 |
 | <a name="module_fargate_profle"></a> [fargate\_profle](#module\_fargate\_profle) | squareops/eks/aws//modules/fargate-profile | n/a |
 
 ## Resources

examples/complete/main.tf

@@ -18,7 +18,7 @@ locals {
   kms_user                             = null
   vpc_cidr                             = "10.10.0.0/16"
   vpn_server_enabled                   = false
-  cluster_version                      = "1.31"
+  cluster_version                      = "1.32"
   cluster_log_types                    = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   cluster_log_retention_in_days        = 30
   managed_ng_capacity_type             = "SPOT" # Choose the capacity type ("SPOT" or "ON_DEMAND")
@@ -139,7 +139,7 @@ module "vpc" {
 
 module "eks" {
   source               = "squareops/eks/aws"
-  version              = "5.4.1"
+  version              = "5.4.2"
   access_entry_enabled = true
   access_entries = {
     "example" = {
@@ -181,13 +181,14 @@ module "eks" {
       cidr_blocks = ["10.10.0.0/16"]
     }
   }
-  vpc_cni_version = "v1.19.3-eksbuild.1"
-  tags            = local.additional_aws_tags
+  enable_vpc_cni_addon = true
+  vpc_cni_version      = "v1.19.3-eksbuild.1"
+  tags                 = local.additional_aws_tags
 }
 
 module "managed_node_group_addons" {
   source                      = "squareops/eks/aws//modules/managed-nodegroup"
-  version                     = "5.4.1"
+  version                     = "5.4.2"
   depends_on                  = [module.vpc, module.eks]
   managed_ng_name             = "Infra"
   managed_ng_min_size         = 2

main.tf

@@ -38,12 +38,13 @@ module "eks" {
         }
         enableNetworkPolicy = "true"
       })
-      service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn
+      service_account_role_arn = module.vpc_cni_irsa_role[0].iam_role_arn
     }
   } : {}
 }
 
 module "vpc_cni_irsa_role" {
+  count                 = var.enable_vpc_cni_addon ? 1 : 0
   source                = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version               = "5.52.2"
   role_name             = format("%s-%s-%s", var.environment, var.name, "aws-node-irsa")
@@ -214,11 +215,13 @@ resource "aws_iam_role_policy_attachment" "worker_ecr_policy" {
 }
 
 resource "aws_iam_role_policy_attachment" "vpc_cni_addons_policy" {
-  role       = module.vpc_cni_irsa_role.iam_role_name
+  count      = var.enable_vpc_cni_addon ? 1 : 0
+  role       = module.vpc_cni_irsa_role[0].iam_role_name
   policy_arn = var.ipv6_enabled == false ? "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" : aws_iam_policy.cni_ipv6_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "kms_vpc_cni_policy_attachment" {
-  role       = module.vpc_cni_irsa_role.iam_role_name
+  count      = var.enable_vpc_cni_addon ? 1 : 0
+  role       = module.vpc_cni_irsa_role[0].iam_role_name
   policy_arn = aws_iam_policy.kubernetes_pvc_kms_policy.arn
 }