Attach EBS volumes to worker nodes #233

[szpuni]

PR o'clock

Description

This PR updates functionality of ASG to allow external Launch Configuration to be used rather than one provided by module.
This was requested in #233

Checklist

• terraform fmt and terraform validate both work from the root and examples/* directories
• CI tests are passing
• I've added my change to CHANGELOG.md and highlighted any breaking changes
• README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-eks/#doc-generation

[szpuni]

I'm not sure if solution provided by @max-rocket-internet will work here. I'm trying to use it and I'm getting Cycle Errors on plan.

I'm trying to reuse some of outputs from cluster like Instance profile, cluster name etc.
As soon as I try to use this feature I get issues:
Error: Cycle: module.eks.aws_iam_instance_profile.workers, module.eks.output.worker_iam_instance_profile_names, module.eks.local.worker_group_count, module.eks.data.template_file.userdata, module.eks.output.workers_user_data, aws_launch_configuration.application, module.eks.var.worker_groups

I guess it's better off to hold this change since it might not actually work.
Idea here is to have easy option to add additional EBS volumes when needed and seems like creating LC outside module is not as easy as one would think.

LC used for test:

resource "aws_launch_configuration" "application" {
  # Below is new option supported by AWS where they use parameter store for releasing new AMI
  image_id                    = jsondecode(data.aws_ssm_parameter.eks_node_ami.value)["image_id"]
  instance_type               = "t2.large"
  associate_public_ip_address = false
  ebs_optimized               = false
  enable_monitoring           = true
  iam_instance_profile        = module.eks.worker_iam_instance_profile_names[0]
  name_prefix                 = module.eks.cluster_id
  key_name                    = "infra-dev-key"
  user_data                   = module.eks.workers_user_data[0]
  security_groups             = [aws_security_group.all_worker_mgmt.id, module.eks.worker_security_group_id]
  root_block_device {
    delete_on_termination = true
    encrypted             = false
    iops                  = 0
    volume_size           = 100
    volume_type           = "gp2"
  }
  ebs_block_device {
    device_name           = "/dev/xvda"
    volume_size           = 100
    volume_type           = "gp2"
    delete_on_termination = true
    encrypted             = false
  }
}

Worker portion used for test:

    {
      name                          = "test"
      asg_desired_capacity          = 1
      subnets                       = data.aws_subnet_ids.private.ids
      kubelet_extra_args            = "--node-labels=cluster=test"
      launch_configuration = aws_launch_configuration.application.name
    },

I think my problem is with calls to child module for data. Opinions welcome.
Maybe I'm missing something pretty obvious.

[szpuni]

I think there might be better way of doing this with help of Dynamic block.

variable "ebs" {
  default = ["/dev/sdf"]
}

  dynamic ebs_block_device {
    for_each = var.ebs
    content {
      device_name = ebs_block_device.value
      volume_size = "8"
      delete_on_termination = true
      volume_type = "gp2"
    }

I was goofing around and found that if you run above code with single instance you will get Root and EBS volume. If you give empty list to above then plan will show that EBS will be created but there is only Root device is created in AWS.

This might be a good solution to this problem with small enough changes to code.

Ideas?

[max-rocket-internet]

I think there might be better way of doing this with help of Dynamic block

Agreed.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.