From 9b8a666d19bc94a24767f65e1829f7ada7bfb223 Mon Sep 17 00:00:00 2001 From: "derek.howard" Date: Thu, 18 Jul 2024 20:02:53 -0400 Subject: [PATCH 1/5] add missing pod identity logic --- eks.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/eks.tf b/eks.tf index 5b82c86..ed31255 100644 --- a/eks.tf +++ b/eks.tf @@ -340,6 +340,7 @@ module "aws_lb_controller_pod_identity" { } module "aws_cloudwatch_observability_pod_identity" { + count = var.enable_eks_pod_identities ? 1 : 0 source = "terraform-aws-modules/eks-pod-identity/aws" name = "aws-cloudwatch-observability-${module.eks.cluster_name}" From d8393db1211528fc24df555232f52c3654f55728 Mon Sep 17 00:00:00 2001 From: "derek.howard" Date: Thu, 18 Jul 2024 20:03:19 -0400 Subject: [PATCH 2/5] Fix issues with outputs --- outputs.tf | 112 ++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/outputs.tf b/outputs.tf index ae7f4dd..ff99822 100644 --- a/outputs.tf +++ b/outputs.tf @@ -487,162 +487,162 @@ output "ssm_kms_key_policy" { output "cloudwatch_observability_pod_identity_associations" { description = "CloudWatch observability pod identity associations" - value = module.aws_cloudwatch_observability_pod_identity.associations + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].associations : {} } output "cloudwatch_observability_pod_identity_iam_policy_arn" { description = "CloudWatch observability pod identity IAM policy ARN" - value = module.aws_cloudwatch_observability_pod_identity.iam_policy_arn + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_policy_arn : "" } output "cloudwatch_observability_pod_identity_iam_policy_id" { description = "CloudWatch observability pod identity IAM policy ID" - value = module.aws_cloudwatch_observability_pod_identity.iam_policy_id + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_policy_id : "" } output "cloudwatch_observability_pod_identity_iam_policy_name" { description = "CloudWatch observability pod identity IAM policy name" - value = module.aws_cloudwatch_observability_pod_identity.iam_policy_name + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_policy_name : "" } output "cloudwatch_observability_pod_identity_iam_role_arn" { description = "CloudWatch observability pod identity IAM role ARN" - value = module.aws_cloudwatch_observability_pod_identity.iam_role_arn + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_role_arn : "" } output "cloudwatch_observability_pod_identity_iam_role_name" { description = "CloudWatch observability pod identity IAM role name" - value = module.aws_cloudwatch_observability_pod_identity.iam_role_name + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_role_name : "" } output "cloudwatch_observability_pod_identity_iam_role_path" { description = "CloudWatch observability pod identity IAM role path" - value = module.aws_cloudwatch_observability_pod_identity.iam_role_path + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_role_path : "" } output "cloudwatch_observability_pod_identity_iam_role_unique_id" { description = "CloudWatch observability pod identity IAM role unique ID" - value = module.aws_cloudwatch_observability_pod_identity.iam_role_unique_id + value = var.enable_eks_pod_identities ? module.aws_cloudwatch_observability_pod_identity[0].iam_role_unique_id : "" } output "ebs_csi_pod_identity_associations" { description = "EBS CSI pod identity associations" - value = module.aws_ebs_csi_pod_identity.associations + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].associations : {} } output "ebs_csi_pod_identity_iam_policy_arn" { description = "EBS CSI pod identity IAM policy ARN" - value = module.aws_ebs_csi_pod_identity.iam_policy_arn + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_policy_arn : "" } output "ebs_csi_pod_identity_iam_policy_id" { description = "EBS CSI pod identity IAM policy ID" - value = module.aws_ebs_csi_pod_identity.iam_policy_id + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_policy_id : "" } output "ebs_csi_pod_identity_iam_policy_name" { description = "EBS CSI pod identity IAM policy name" - value = module.aws_ebs_csi_pod_identity.iam_policy_name + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_policy_name : "" } output "ebs_csi_pod_identity_iam_role_arn" { description = "EBS CSI pod identity IAM role ARN" - value = module.aws_ebs_csi_pod_identity.iam_role_arn + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_role_arn : "" } output "ebs_csi_pod_identity_iam_role_name" { description = "EBS CSI pod identity IAM role name" - value = module.aws_ebs_csi_pod_identity.iam_role_name + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_role_name : "" } output "ebs_csi_pod_identity_iam_role_path" { description = "EBS CSI pod identity IAM role path" - value = module.aws_ebs_csi_pod_identity.iam_role_path + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_role_path : "" } output "ebs_csi_pod_identity_iam_role_unique_id" { description = "EBS CSI pod identity IAM role unique ID" - value = module.aws_ebs_csi_pod_identity.iam_role_unique_id + value = var.enable_eks_pod_identities ? module.aws_ebs_csi_pod_identity[0].iam_role_unique_id : "" } output "efs_csi_pod_identity_associations" { description = "EFS CSI pod identity associations" - value = module.aws_efs_csi_pod_identity.associations + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].associations : {} } output "efs_csi_pod_identity_iam_policy_arn" { description = "EFS CSI pod identity IAM policy ARN" - value = module.aws_efs_csi_pod_identity.iam_policy_arn + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_policy_arn : "" } output "efs_csi_pod_identity_iam_policy_id" { description = "EFS CSI pod identity IAM policy ID" - value = module.aws_efs_csi_pod_identity.iam_policy_id + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_policy_id : "" } output "efs_csi_pod_identity_iam_policy_name" { description = "EFS CSI pod identity IAM policy name" - value = module.aws_efs_csi_pod_identity.iam_policy_name + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_policy_name : "" } output "efs_csi_pod_identity_iam_role_arn" { description = "EFS CSI pod identity IAM role ARN" - value = module.aws_efs_csi_pod_identity.iam_role_arn + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_role_arn : "" } output "efs_csi_pod_identity_iam_role_name" { description = "EFS CSI pod identity IAM role name" - value = module.aws_efs_csi_pod_identity.iam_role_name + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_role_name : "" } output "efs_csi_pod_identity_iam_role_path" { description = "EFS CSI pod identity IAM role path" - value = module.aws_efs_csi_pod_identity.iam_role_path + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_role_path : "" } output "efs_csi_pod_identity_iam_role_unique_id" { description = "EFS CSI pod identity IAM role unique ID" - value = module.aws_efs_csi_pod_identity.iam_role_unique_id + value = var.enable_eks_pod_identities ? module.aws_efs_csi_pod_identity[0].iam_role_unique_id : "" } output "lb_controller_pod_identity_associations" { description = "LB controller pod identity associations" - value = module.aws_lb_controller_pod_identity.associations + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].associations : {} } output "lb_controller_pod_identity_iam_policy_arn" { description = "LB controller pod identity IAM policy ARN" - value = module.aws_lb_controller_pod_identity.iam_policy_arn + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_policy_arn : "" } output "lb_controller_pod_identity_iam_policy_id" { description = "LB controller pod identity IAM policy ID" - value = module.aws_lb_controller_pod_identity.iam_policy_id + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_policy_id : "" } output "lb_controller_pod_identity_iam_policy_name" { description = "LB controller pod identity IAM policy name" - value = module.aws_lb_controller_pod_identity.iam_policy_name + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_policy_name : "" } output "lb_controller_pod_identity_iam_role_arn" { description = "LB controller pod identity IAM role ARN" - value = module.aws_lb_controller_pod_identity.iam_role_arn + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_role_arn : "" } output "lb_controller_pod_identity_iam_role_name" { description = "LB controller pod identity IAM role name" - value = module.aws_lb_controller_pod_identity.iam_role_name + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_role_name : "" } output "lb_controller_pod_identity_iam_role_path" { description = "LB controller pod identity IAM role path" - value = module.aws_lb_controller_pod_identity.iam_role_path + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_role_path : "" } output "lb_controller_pod_identity_iam_role_unique_id" { description = "LB controller pod identity IAM role unique ID" - value = module.aws_lb_controller_pod_identity.iam_role_unique_id + value = var.enable_eks_pod_identities ? module.aws_lb_controller_pod_identity[0].iam_role_unique_id : "" } ################################################################################# @@ -723,42 +723,42 @@ output "efs_file_system_tags_all" { value = aws_efs_file_system.main.tags_all } -output "efs_mount_target_availability_zone_id" { - description = "EFS mount target availability zone ID" - value = aws_efs_mount_target.main.availability_zone_id +output "efs_mount_target_availability_zone_ids" { + description = "EFS mount target availability zone IDs" + value = [ for resource in aws_efs_mount_target.main : resource.availability_zone_id ] } -output "efs_mount_target_availability_zone_name" { - description = "EFS mount target availability zone name" - value = aws_efs_mount_target.main.availability_zone_name +output "efs_mount_target_availability_zone_names" { + description = "EFS mount target availability zone names" + value = [ for resource in aws_efs_mount_target.main : resource.availability_zone_name ] } -output "efs_mount_target_dns_name" { - description = "EFS mount target DNS name" - value = aws_efs_mount_target.main.dns_name +output "efs_mount_target_dns_names" { + description = "EFS mount target DNS names" + value = [ for resource in aws_efs_mount_target.main : resource.dns_name ] } -output "efs_mount_target_file_system_id" { - description = "EFS mount target file system ID" - value = aws_efs_mount_target.main.file_system_id +output "efs_mount_target_file_system_ids" { + description = "EFS mount target file system IDs" + value = [ for resource in aws_efs_mount_target.main : resource.file_system_id ] } -output "efs_mount_target_id" { - description = "EFS mount target ID" - value = aws_efs_mount_target.main.id +output "efs_mount_target_ids" { + description = "EFS mount target IDs" + value = [ for resource in aws_efs_mount_target.main : resource.id ] } -output "efs_mount_target_file_system_arn" { - description = "EFS mount target file system ARN" - value = aws_efs_mount_target.main.file_system_arn +output "efs_mount_target_file_system_arns" { + description = "EFS mount target file system ARNs" + value = [ for resource in aws_efs_mount_target.main : resource.file_system_arn ] } -output "efs_mount_target_network_interface_id" { - description = "EFS mount target network interface ID" - value = aws_efs_mount_target.main.network_interface_id +output "efs_mount_target_network_interface_ids" { + description = "EFS mount target network interface IDs" + value = [ for resource in aws_efs_mount_target.main : resource.network_interface_id ] } -output "efs_mount_target_owner_id" { - description = "EFS mount target owner ID" - value = aws_efs_mount_target.main.owner_id +output "efs_mount_target_owner_ids" { + description = "EFS mount target owner IDs" + value = [ for resource in aws_efs_mount_target.main : resource.owner_id ] } \ No newline at end of file From ce35e82ad2d81d46a4571502099aabee82261911 Mon Sep 17 00:00:00 2001 From: "derek.howard" Date: Thu, 18 Jul 2024 20:03:36 -0400 Subject: [PATCH 3/5] Update the default version of EKS to 1.30 --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 7411f8c..1c40ac1 100644 --- a/variables.tf +++ b/variables.tf @@ -145,7 +145,7 @@ variable "eks_security_group_additional_rules" { variable "eks_version" { description = "The version of the EKS cluster" type = string - default = "1.29" + default = "1.30" } variable "node_bootstrap_extra_args" { From 3c75ab10af38924d32e99cc19f8f3deeb27fb4d6 Mon Sep 17 00:00:00 2001 From: "derek.howard" Date: Thu, 18 Jul 2024 20:03:59 -0400 Subject: [PATCH 4/5] update docs for all changes --- releases/3.0.3.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/releases/3.0.3.md b/releases/3.0.3.md index 84de260..14fb674 100644 --- a/releases/3.0.3.md +++ b/releases/3.0.3.md @@ -3,4 +3,14 @@ ## [Version 3.0.3] - 2024-07-18 ### New Features -- Additions of outputs for export from module \ No newline at end of file +- Additions of outputs for export from module + +### Improvements +- Update the default version of EKS to 1.30 + +### Bug Fixes +- Add missing pod identity logic +- Fix issues with outputs + +### Known Issues +- Current cluster name needs to be truncated. Will be addressed in 3.0.4 \ No newline at end of file From c16403c632802b44e3f766730b893c3858a99e77 Mon Sep 17 00:00:00 2001 From: "derek.howard" Date: Thu, 18 Jul 2024 20:12:40 -0400 Subject: [PATCH 5/5] change eks main nodes defaults --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 1c40ac1..bd4792a 100644 --- a/variables.tf +++ b/variables.tf @@ -110,7 +110,7 @@ variable "eks_main_node_instance_types" { variable "eks_main_nodes_max_size" { description = "The max size of the main EKS node group" type = number - default = 6 + default = 3 } variable "eks_main_nodes_min_size" {