Merge pull request #5 from zachrundle/eks

update eks
zachrundle · Aug 18, 2024 · 31b2b4c · 31b2b4c
2 parents 561ed82 + a5cdaca
commit 31b2b4c
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 77 deletions.
diff --git a/main.tf b/main.tf
@@ -12,67 +12,4 @@ module "eks" {
 
   subnet_ids               = module.network.private_subnet_ids
   control_plane_subnet_ids = module.network.private_subnet_ids
-}
-
-
-# module "eks" {
-#   source  = "terraform-aws-modules/eks/aws"
-#   version = "~> 20.0"
-
-#   cluster_name    = "${var.name}-cluster"
-#   cluster_version = "1.30"
-
-#   cluster_endpoint_public_access  = true
-
-#   cluster_addons = {
-#     coredns                = {}
-#     eks-pod-identity-agent = {}
-#     kube-proxy             = {}
-#     vpc-cni                = {}
-#   }
-
-#   vpc_id                   = module.network.vpc
-#   subnet_ids               = module.network.private_subnet_ids
-#   control_plane_subnet_ids = module.network.private_subnet_ids
-
-#   # EKS Managed Node Group(s)
-#   eks_managed_node_group_defaults = {
-#     instance_types = ["m6i.large", "m5.large", "m5n.large", "m5zn.large"]
-#   }
-
-#   eks_managed_node_groups = {
-#     example = {
-#       # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
-#       ami_type       = "AL2023_x86_64_STANDARD"
-#       instance_types = ["m5.xlarge"]
-
-#       min_size     = 1
-#       max_size     = 10
-#       desired_size = 1
-#     }
-#   }
-
-#   # Cluster access entry
-#   # To add the current caller identity as an administrator
-#   enable_cluster_creator_admin_permissions = true
-
-#   access_entries = {
-#     # One access entry with a policy associated
-#     example = {
-#       policy_associations = {
-#         example = {
-#           policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
-#           access_scope = {
-#             namespaces = ["default"]
-#             type       = "namespace"
-#           }
-#         }
-#       }
-#     }
-#   }
-
-#   tags = {
-#     Environment = "dev"
-#     Terraform   = "true"
-#   }
-# }
+}
diff --git a/modules/eks/eks_roles.tf b/modules/eks/eks_roles.tf
@@ -11,19 +11,20 @@ data "aws_iam_policy_document" "assume_role" {
   }
 }
 
-resource "aws_iam_role" "example" {
-  name               = "eks-cluster-example"
+# IAM role to allow the Kubernetes control plane to manage AWS resources on your behalf. This property cannot be changed after the cluster is created.
+resource "aws_iam_role" "this" {
+  name               = "eks-cluster"
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 }
 
-resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
-  role       = aws_iam_role.example.name
+  role       = aws_iam_role.this.name
 }
 
 # Optionally, enable Security Groups for Pods
 # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
-resource "aws_iam_role_policy_attachment" "example-AmazonEKSVPCResourceController" {
+resource "aws_iam_role_policy_attachment" "AmazonEKSVPCResourceController" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
-  role       = aws_iam_role.example.name
+  role       = aws_iam_role.this.name
 }
diff --git a/modules/eks/main.tf b/modules/eks/main.tf
@@ -1,18 +1,24 @@
 resource "aws_eks_cluster" "this" {
   name     = var.cluster_name
-  role_arn = aws_iam_role.example.arn
+  role_arn = aws_iam_role.this.arn
   count    = var.create_eks ? 1 : 0
   version  = var.cluster_version
 
   vpc_config {
     subnet_ids = coalescelist(var.control_plane_subnet_ids, var.subnet_ids)
   }
 
+  access_config {
+    authentication_mode                         = var.authentication_mode
+    bootstrap_cluster_creator_admin_permissions = true
+  }
+
+
   # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
   # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
   depends_on = [
-    aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
-    aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSVPCResourceController,
   ]
 }
 
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
@@ -15,12 +15,18 @@ variable "cluster_version" {
   default     = null
 }
 
-# variable "authentication_mode" {
-#   description = "The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`"
-#   type        = string
-#   default     = "API_AND_CONFIG_MAP"
+# variable "upgrade_policy" {
+#     description = "Choose whether you want the standard or extended upgrade policy. Extended does have an additional cost"
+#     type = string
+#     default = "STANDARD"
 # }
 
+variable "authentication_mode" {
+  description = "The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`"
+  type        = string
+  default     = "API_AND_CONFIG_MAP"
+}
+
 variable "control_plane_subnet_ids" {
   description = "A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane"
   type        = list(string)