diff --git a/README.md b/README.md index 8ddbbe9..b15158a 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ | Name | Version | |------|---------| -| [aws](#requirement\_aws) | ~> 3.0 | +| [aws](#requirement\_aws) | ~> 4.0 | | [helm](#requirement\_helm) | ~> 2.0 | | [kubectl](#requirement\_kubectl) | ~> 1.14 | | [kubernetes](#requirement\_kubernetes) | ~> 2.0 | @@ -50,8 +50,8 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.76.1 | -| [helm](#provider\_helm) | 2.10.1 | +| [aws](#provider\_aws) | 4.67.0 | +| [helm](#provider\_helm) | 2.11.0 | | [kubectl](#provider\_kubectl) | 1.14.0 | | [kubernetes](#provider\_kubernetes) | 2.23.0 | | [tls](#provider\_tls) | 3.1.0 | @@ -65,6 +65,16 @@ No modules. | Name | Type | |------|------| | [aws_api_gateway_vpc_link.nlb](https://registry.terraform.io/providers/aws/latest/docs/resources/api_gateway_vpc_link) | resource | +| [aws_cloudwatch_event_rule.node_termination_handler_instance_terminate](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_rule.node_termination_handler_rebalance](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_rule.node_termination_handler_scheduled_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_rule.node_termination_handler_spot_termination](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_rule.node_termination_handler_state_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_target.node_termination_handler_instance_terminate](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_event_target.node_termination_handler_rebalance](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_event_target.node_termination_handler_scheduled_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_event_target.node_termination_handler_spot_termination](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_event_target.node_termination_handler_state_change](https://registry.terraform.io/providers/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_eip.vpc_iep](https://registry.terraform.io/providers/aws/latest/docs/resources/eip) | resource | | [aws_eks_addon.cni](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource | | [aws_eks_addon.coredns](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource | @@ -72,19 +82,26 @@ No modules. | [aws_eks_addon.kubeproxy](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_addon) | resource | | [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_cluster) | resource | | [aws_eks_node_group.cluster](https://registry.terraform.io/providers/aws/latest/docs/resources/eks_node_group) | resource | +| [aws_iam_instance_profile.nodes](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_instance_profile) | resource | | [aws_iam_openid_connect_provider.eks](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_openid_connect_provider) | resource | | [aws_iam_policy.aws_load_balancer_controller_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.aws_node_termination_handler_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.cluster_autoscaler_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.csi_driver](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.karpenter_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.keda_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy_attachment.aws_load_balancer_controller_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.aws_node_termination_handler_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | | [aws_iam_policy_attachment.cluster_autoscaler](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | | [aws_iam_policy_attachment.csi_driver](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_attachment.karpenter_policy](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | | [aws_iam_policy_attachment.keda](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_policy_attachment) | resource | | [aws_iam_role.alb_controller](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.aws_node_termination_handler_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role.cluster_autoscaler_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role.eks_cluster_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role.eks_nodes_roles](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.karpenter_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role.keda_role](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.cloudwatch](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.cni](https://registry.terraform.io/providers/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -96,6 +113,7 @@ No modules. | [aws_internet_gateway.gw](https://registry.terraform.io/providers/aws/latest/docs/resources/internet_gateway) | resource | | [aws_kms_alias.eks](https://registry.terraform.io/providers/aws/latest/docs/resources/kms_alias) | resource | | [aws_kms_key.eks](https://registry.terraform.io/providers/aws/latest/docs/resources/kms_key) | resource | +| [aws_launch_template.karpenter](https://registry.terraform.io/providers/aws/latest/docs/resources/launch_template) | resource | | [aws_lb.ingress](https://registry.terraform.io/providers/aws/latest/docs/resources/lb) | resource | | [aws_lb_listener.ingress_443](https://registry.terraform.io/providers/aws/latest/docs/resources/lb_listener) | resource | | [aws_lb_listener.ingress_80](https://registry.terraform.io/providers/aws/latest/docs/resources/lb_listener) | resource | @@ -123,6 +141,8 @@ No modules. | [aws_security_group_rule.nodeport](https://registry.terraform.io/providers/aws/latest/docs/resources/security_group_rule) | resource | | [aws_security_group_rule.nodeport_cluster](https://registry.terraform.io/providers/aws/latest/docs/resources/security_group_rule) | resource | | [aws_security_group_rule.nodeport_cluster_udp](https://registry.terraform.io/providers/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_sqs_queue.node_termination_handler](https://registry.terraform.io/providers/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue_policy.node_termination_handler](https://registry.terraform.io/providers/aws/latest/docs/resources/sqs_queue_policy) | resource | | [aws_subnet.pods_subnet_1a](https://registry.terraform.io/providers/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.pods_subnet_1b](https://registry.terraform.io/providers/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.pods_subnet_1c](https://registry.terraform.io/providers/aws/latest/docs/resources/subnet) | resource | @@ -143,10 +163,12 @@ No modules. | [helm_release.istio_ingress](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.istiod](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.jaeger](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | +| [helm_release.karpenter](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.keda](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.kiali-server](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.kube_state_metrics](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.metrics_server](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | +| [helm_release.node_termination_handler](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus](https://registry.terraform.io/providers/helm/latest/docs/resources/release) | resource | | [kubectl_manifest.grafana_gateway](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.grafana_service](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | @@ -154,6 +176,8 @@ No modules. | [kubectl_manifest.istio_target_group_binding_https](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.jaeger_gateway](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.jaeger_virtual_service](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.karpenter_provisioner](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.karpenter_template](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.kiali_gateway](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.kiali_virtual_service](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubernetes_config_map.aws-auth](https://registry.terraform.io/providers/kubernetes/latest/docs/resources/config_map) | resource | @@ -161,28 +185,33 @@ No modules. | [aws_eks_cluster_auth.default](https://registry.terraform.io/providers/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | [aws_iam_policy_document.aws_load_balancer_controller_assume_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.aws_load_balancer_controller_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.aws_node_termination_handler_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.aws_node_termination_handler_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.cluster_autoscaler_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.cluster_autoscaler_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.csi_driver](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.eks_cluster_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.eks_nodes_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.karpenter_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.karpenter_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.keda_policy](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.keda_role](https://registry.terraform.io/providers/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_ssm_parameter.eks](https://registry.terraform.io/providers/aws/latest/docs/data-sources/ssm_parameter) | data source | | [tls_certificate.eks](https://registry.terraform.io/providers/tls/latest/docs/data-sources/certificate) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [addon\_cni\_version](#input\_addon\_cni\_version) | VPC CNI Version | `string` | `"v1.12.6-eksbuild.1"` | no | -| [addon\_coredns\_version](#input\_addon\_coredns\_version) | CoreDNS Version | `string` | `"v1.10.1-eksbuild.2"` | no | -| [addon\_csi\_version](#input\_addon\_csi\_version) | CSI Version | `string` | `"v1.17.0-eksbuild.1"` | no | -| [addon\_kubeproxy\_version](#input\_addon\_kubeproxy\_version) | Kubeproxy Version | `string` | `"v1.27.3-eksbuild.2"` | no | +| [addon\_cni\_version](#input\_addon\_cni\_version) | VPC CNI Version | `string` | `"v1.14.1-eksbuild.1"` | no | +| [addon\_coredns\_version](#input\_addon\_coredns\_version) | CoreDNS Version | `string` | `"v1.10.1-eksbuild.4"` | no | +| [addon\_csi\_version](#input\_addon\_csi\_version) | CSI Version | `string` | `"v1.24.0-eksbuild.1"` | no | +| [addon\_kubeproxy\_version](#input\_addon\_kubeproxy\_version) | Kubeproxy Version | `string` | `"v1.28.1-eksbuild.1"` | no | | [argo\_rollouts\_toggle](#input\_argo\_rollouts\_toggle) | Enable Argo Rollouts Installation | `bool` | `true` | no | | [auto\_scale\_options](#input\_auto\_scale\_options) | n/a | `map` |
{
"desired": 6,
"max": 10,
"min": 4
}
| no | | [aws\_region](#input\_aws\_region) | n/a | `string` | `"us-east-1"` | no | | [chaos\_mesh\_toggle](#input\_chaos\_mesh\_toggle) | Enable Chaos Mesh Installation | `bool` | `false` | no | -| [cluster\_autoscaler\_toggle](#input\_cluster\_autoscaler\_toggle) | Enable Cluster Autoscaler Installation | `bool` | `true` | no | +| [cluster\_autoscaler\_toggle](#input\_cluster\_autoscaler\_toggle) | Enable Cluster Autoscaler Installation | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | n/a | `string` | `"eks-cluster"` | no | | [cluster\_private\_zone](#input\_cluster\_private\_zone) | n/a | `string` | `"k8s.cluster"` | no | | [default\_tags](#input\_default\_tags) | n/a | `map` |
{
"Environment": "prod",
"Foo": "Bar",
"Ping": "Pong"
}
| no | @@ -192,13 +221,18 @@ No modules. | [istio\_ingress\_max\_pods](#input\_istio\_ingress\_max\_pods) | Maximum pods for istio-ingress-gateway | `number` | `9` | no | | [istio\_ingress\_min\_pods](#input\_istio\_ingress\_min\_pods) | Minimum pods for istio-ingress-gateway | `number` | `3` | no | | [jaeger\_virtual\_service\_host](#input\_jaeger\_virtual\_service\_host) | n/a | `string` | `"jaeger.k8s.raj.ninja"` | no | -| [k8s\_version](#input\_k8s\_version) | n/a | `string` | `"1.27"` | no | +| [k8s\_version](#input\_k8s\_version) | n/a | `string` | `"1.28"` | no | +| [karpenter\_availability\_zones](#input\_karpenter\_availability\_zones) | Availability zones to launch nodes | `list` |
[
"us-east-1a",
"us-east-1b",
"us-east-1c"
]
| no | +| [karpenter\_capacity\_type](#input\_karpenter\_capacity\_type) | Capacity Type; Ex spot, on\_demand | `list` |
[
"spot"
]
| no | +| [karpenter\_instance\_family](#input\_karpenter\_instance\_family) | Instance family list to launch on karpenter | `list` |
[
"c6",
"c6a",
"c5"
]
| no | +| [karpenter\_instance\_sizes](#input\_karpenter\_instance\_sizes) | Instance sizes to diversify into instance family | `list` |
[
"large",
"2xlarge"
]
| no | +| [karpenter\_toggle](#input\_karpenter\_toggle) | Enable Karpenter Installation | `bool` | `true` | no | | [keda\_toggle](#input\_keda\_toggle) | Enable Keda Installation | `bool` | `true` | no | | [kiali\_virtual\_service\_host](#input\_kiali\_virtual\_service\_host) | n/a | `string` | `"kiali.k8s.raj.ninja"` | no | | [nlb\_ingress\_enable\_termination\_protection](#input\_nlb\_ingress\_enable\_termination\_protection) | n/a | `bool` | `false` | no | | [nlb\_ingress\_internal](#input\_nlb\_ingress\_internal) | n/a | `bool` | `false` | no | | [nlb\_ingress\_type](#input\_nlb\_ingress\_type) | n/a | `string` | `"network"` | no | -| [node\_termination\_handler\_toggle](#input\_node\_termination\_handler\_toggle) | Enable AWS Node Termination Handler Setup | `bool` | `false` | no | +| [node\_termination\_handler\_toggle](#input\_node\_termination\_handler\_toggle) | Enable AWS Node Termination Handler Setup | `bool` | `true` | no | | [nodes\_instances\_sizes](#input\_nodes\_instances\_sizes) | n/a | `list` |
[
"t3.large"
]
| no | | [proxy\_protocol\_v2](#input\_proxy\_protocol\_v2) | n/a | `bool` | `false` | no | diff --git a/data.tf b/data.tf index 1f21d69..b7a58cd 100644 --- a/data.tf +++ b/data.tf @@ -3,3 +3,7 @@ data "aws_eks_cluster_auth" "default" { } data "aws_caller_identity" "current" {} + +data "aws_ssm_parameter" "eks" { + name = format("/aws/service/eks/optimized-ami/%s/amazon-linux-2/recommended/image_id", var.k8s_version) +} diff --git a/helm/karpenter/templates/provisioner.yml.tpl b/helm/karpenter/templates/provisioner.yml.tpl new file mode 100644 index 0000000..4dd74c2 --- /dev/null +++ b/helm/karpenter/templates/provisioner.yml.tpl @@ -0,0 +1,39 @@ +apiVersion: karpenter.sh/v1alpha5 +kind: Provisioner +metadata: + name: ${EKS_CLUSTER} +spec: +# consolidation: +# enabled: true + ttlSecondsAfterEmpty: 30 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "topology.kubernetes.io/zone" + whenUnsatisfiable: ScheduleAnyway + requirements: + - key: karpenter.k8s.aws/instance-family + operator: In + values: +%{ for ifm in INSTANCE_FAMILY ~} + - ${ifm} +%{ endfor ~} + - key: karpenter.sh/capacity-type + operator: In + values: +%{ for cpct in CAPACITY_TYPE ~} + - ${cpct} +%{ endfor ~} + - key: karpenter.k8s.aws/instance-size + operator: In + values: +%{ for ifs in INSTANCE_SIZES ~} + - ${ifs} +%{ endfor ~} + - key: "topology.kubernetes.io/zone" + operator: In + values: +%{ for az in AVAILABILITY_ZONES ~} + - ${az} +%{ endfor ~} + providerRef: + name: ${EKS_CLUSTER} \ No newline at end of file diff --git a/helm/karpenter/templates/template.yml.tpl b/helm/karpenter/templates/template.yml.tpl new file mode 100644 index 0000000..6e247eb --- /dev/null +++ b/helm/karpenter/templates/template.yml.tpl @@ -0,0 +1,8 @@ +apiVersion: karpenter.k8s.aws/v1alpha1 +kind: AWSNodeTemplate +metadata: + name: ${EKS_CLUSTER} +spec: + subnetSelector: + aws-ids: ${EKS_SUBNETS} + launchTemplate: ${LAUNCH_TEMPLATE} \ No newline at end of file diff --git a/helm/karpenter/templates/user-data.sh.tpl b/helm/karpenter/templates/user-data.sh.tpl new file mode 100644 index 0000000..a92c739 --- /dev/null +++ b/helm/karpenter/templates/user-data.sh.tpl @@ -0,0 +1,4 @@ +#!/bin/bash +set -ex + +/etc/eks/bootstrap.sh ${CLUSTER_ID} --b64-cluster-ca ${B64_CLUSTER_CA} --apiserver-endpoint ${APISERVER_ENDPOINT} \ No newline at end of file diff --git a/helm_cluster_autoscaler.tf b/helm_cluster_autoscaler.tf index 2828cf1..a86432b 100644 --- a/helm_cluster_autoscaler.tf +++ b/helm_cluster_autoscaler.tf @@ -28,7 +28,7 @@ resource "helm_release" "cluster_autoscaler" { set { name = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = aws_iam_role.cluster_autoscaler_role.arn + value = aws_iam_role.cluster_autoscaler_role[count.index].arn } set { diff --git a/helm_karpenter.tf b/helm_karpenter.tf new file mode 100644 index 0000000..803e818 --- /dev/null +++ b/helm_karpenter.tf @@ -0,0 +1,105 @@ +resource "helm_release" "karpenter" { + count = var.karpenter_toggle ? 1 : 0 + namespace = "karpenter" + create_namespace = true + + name = "karpenter" + repository = "https://charts.karpenter.sh" + chart = "karpenter" + version = "v0.15.0" + + set { + name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = aws_iam_role.karpenter_role[count.index].arn + } + + set { + name = "clusterName" + value = var.cluster_name + } + + set { + name = "clusterEndpoint" + value = aws_eks_cluster.eks_cluster.endpoint + } + + set { + name = "aws.defaultInstanceProfile" + value = aws_iam_instance_profile.nodes.name + } + + depends_on = [ + aws_eks_cluster.eks_cluster, + kubernetes_config_map.aws-auth, + ] + +} + +resource "kubectl_manifest" "karpenter_provisioner" { + count = var.karpenter_toggle ? 1 : 0 + yaml_body = templatefile( + "${path.module}/helm/karpenter/templates/provisioner.yml.tpl", { + EKS_CLUSTER = var.cluster_name, + CAPACITY_TYPE = var.karpenter_capacity_type + INSTANCE_FAMILY = var.karpenter_instance_family + INSTANCE_SIZES = var.karpenter_instance_sizes + AVAILABILITY_ZONES = var.karpenter_availability_zones + }) + + depends_on = [ + helm_release.karpenter + ] +} + +resource "kubectl_manifest" "karpenter_template" { + count = var.karpenter_toggle ? 1 : 0 + yaml_body = templatefile( + "${path.module}/helm/karpenter/templates/template.yml.tpl", { + EKS_CLUSTER = var.cluster_name, + EKS_SUBNETS = join(", ", [ + aws_subnet.private_subnet_1a.id, + aws_subnet.private_subnet_1b.id, + aws_subnet.private_subnet_1c.id + ]) + LAUNCH_TEMPLATE = format("%s-karpenter", var.cluster_name) + }) + + depends_on = [ + helm_release.karpenter + ] +} + +resource "aws_launch_template" "karpenter" { + count = var.karpenter_toggle ? 1 : 0 + image_id = data.aws_ssm_parameter.eks.value + name = format("%s-karpenter", var.cluster_name) + + update_default_version = true + + vpc_security_group_ids = [ + aws_eks_cluster.eks_cluster.vpc_config[0].cluster_security_group_id + ] + + user_data = base64encode(templatefile( + "${path.module}/helm/karpenter/templates/user-data.sh.tpl", + { + CLUSTER_NAME = var.cluster_name, + CLUSTER_ID = var.cluster_name, + APISERVER_ENDPOINT = aws_eks_cluster.eks_cluster.endpoint, + B64_CLUSTER_CA = aws_eks_cluster.eks_cluster.certificate_authority.0.data + } + )) + + iam_instance_profile { + name = aws_iam_instance_profile.nodes.name + } + + tag_specifications { + resource_type = "instance" + + tags = { + "Name" : format("%s-karpanter", var.cluster_name) + "aws-node-termination-handler/managed" = "true" + } + } +} diff --git a/helm_node_termination_handler.tf b/helm_node_termination_handler.tf new file mode 100644 index 0000000..b3f692a --- /dev/null +++ b/helm_node_termination_handler.tf @@ -0,0 +1,203 @@ +resource "helm_release" "node_termination_handler" { + count = var.node_termination_handler_toggle ? 1 : 0 + name = "aws-node-termination-handler" + namespace = "kube-system" + + chart = "aws-node-termination-handler" + repository = "https://aws.github.io/eks-charts/" + version = "0.21.0" + + set { + name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = aws_iam_role.aws_node_termination_handler_role[count.index].arn + } + + set { + name = "awsRegion" + value = var.aws_region + } + + set { + name = "queueURL" + value = aws_sqs_queue.node_termination_handler[count.index].url + } + + set { + name = "enableSqsTerminationDraining" + value = true + } + + set { + name = "enableSpotInterruptionDraining" + value = true + } + + set { + name = "enableRebalanceMonitoring" + value = true + } + + set { + name = "enableRebalanceDraining" + value = true + } + + set { + name = "enableScheduledEventDraining" + value = true + } + + set { + name = "deleteSqsMsgIfNodeNotFound" + value = true + } + + set { + name = "checkTagBeforeDraining" + value = false + } + +} + +resource "aws_sqs_queue" "node_termination_handler" { + count = var.node_termination_handler_toggle ? 1 : 0 + name = format("%s-aws-node-termination-handler", var.cluster_name) + delay_seconds = 0 + max_message_size = 2048 + message_retention_seconds = 86400 + receive_wait_time_seconds = 10 + visibility_timeout_seconds = 60 +} + +resource "aws_sqs_queue_policy" "node_termination_handler" { + count = var.node_termination_handler_toggle ? 1 : 0 + queue_url = aws_sqs_queue.node_termination_handler[count.index].id + policy = <