diff --git a/README.md b/README.md
index 519c385..bbac286 100644
--- a/README.md
+++ b/README.md
@@ -8,13 +8,6 @@ The module configures an eks cluster with additional components after the cluste
- A gp2-encrypted storage class is created
- An efs storage class is created
- This storage class is returned as the `rwx_storage_class`
-- cluster-autoscaler
- - Monitors cpu/memory usage by components being deployed to the clsuter.
- - When the cluster is out of capacity, the autoscaler will add nodes to the cluster up to the maximum size of the node group.
- - When the autoscaler detects excess capacity, the autoscaler will cause EKS to migrate pods running on the node to a different node and then remove the node from the cluster.
-
-When selecting which version of the cluster-autoscaler to install, use the one that is closest to the same version as the `cluster_version` or slightly higher.
-The cluster-autoscaler uses the kuberentes scheduling algorithm to appropriate scale the cluster, and if the autoscaler version sufficiently divirges from the kubernetes version, the autoscaler will scale the node groups incorrectly.
A successful apply will yield:
Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
@@ -45,7 +38,6 @@ sys 0m2.015s
| [terraform](#requirement\_terraform) | >= 0.13 |
| [aws](#requirement\_aws) | >= 5.14.0 |
| [http](#requirement\_http) | >= 2.1.0 |
-| [kubectl](#requirement\_kubectl) | >= 1.14.0 |
| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
## Providers
@@ -54,7 +46,6 @@ sys 0m2.015s
|------|---------|
| [aws](#provider\_aws) | 5.73.0 |
| [http](#provider\_http) | 3.4.5 |
-| [kubectl](#provider\_kubectl) | 1.14.0 |
| [kubernetes](#provider\_kubernetes) | 2.33.0 |
## Modules
@@ -62,13 +53,12 @@ sys 0m2.015s
| Name | Source | Version |
|------|--------|---------|
| [efs](#module\_efs) | git@github.e.it.census.gov:terraform-modules/aws-efs.git | master |
-| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
## Resources
| Name | Type |
|------|------|
-| [kubectl_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -76,18 +66,13 @@ sys 0m2.015s
| [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
| [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.access_documents](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#input\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | `list(string)` | n/a | yes |
-| [kubectl\_image\_tag](#input\_kubectl\_image\_tag) | The version of bitnami/kubectl image to use. | `string` | `"1.30.4"` | no |
-| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | `string` | n/a | yes |
| [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no |
-| [profile](#input\_profile) | AWS config profile | `string` | `""` | no |
| [region](#input\_region) | AWS region | `string` | n/a | yes |
| [security\_group\_all\_worker\_mgmt\_id](#input\_security\_group\_all\_worker\_mgmt\_id) | The security group representing all of the worker nodes in the cluster. | `string` | n/a | yes |
| [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes |
@@ -99,10 +84,6 @@ sys 0m2.015s
| Name | Description |
|------|-------------|
-| [kubectl\_image\_full\_path](#output\_kubectl\_image\_full\_path) | The full URI to access the kubectl image including the registry/repository:tag |
-| [kubectl\_image\_registry](#output\_kubectl\_image\_registry) | The registry portion of the URI to access the kubectl image |
-| [kubectl\_image\_repository](#output\_kubectl\_image\_repository) | The repository portion of the URI to access the kubectl image |
-| [kubectl\_image\_tag](#output\_kubectl\_image\_tag) | The tag portion of the URI to access the kubectl image |
| [module\_name](#output\_module\_name) | The name of this module. |
| [module\_version](#output\_module\_version) | The version of this module. |
| [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
diff --git a/aws_data.tf b/aws_data.tf
new file mode 100644
index 0000000..96cd77c
--- /dev/null
+++ b/aws_data.tf
@@ -0,0 +1,5 @@
+data "aws_ebs_default_kms_key" "current" {}
+
+data "aws_kms_key" "ebs_key" {
+ key_id = data.aws_ebs_default_kms_key.current.key_arn
+}
diff --git a/copy_images.tf b/copy_images.tf.off
similarity index 51%
rename from copy_images.tf
rename to copy_images.tf.off
index b3c0dcd..dccba9e 100644
--- a/copy_images.tf
+++ b/copy_images.tf.off
@@ -1,17 +1,7 @@
locals {
- # autoscaler_key = format("%v#%v", "cluster-autoscaler", var.cluster_autoscaler_tag)
kubectl_key = format("%v#%v", "kubectl", var.kubectl_image_tag)
image_config = [
- # {
- # enabled = true
- # dest_path = null
- # name = "cluster-autoscaler"
- # source_image = "autoscaling/cluster-autoscaler"
- # source_registry = "registry.k8s.io"
- # source_tag = null
- # tag = var.cluster_autoscaler_tag
- # },
{
enabled = true
dest_path = null
@@ -20,7 +10,7 @@ locals {
source_registry = "docker.io"
source_tag = var.kubectl_image_tag
tag = var.kubectl_image_tag
- },
+ }
]
}
@@ -32,18 +22,8 @@ module "images" {
image_config = local.image_config
tags = {}
- ### optional
- ## account_alias = ""
- ## account_id = ""
- ## destination_password = ""
- ## destination_username = ""
- ## override_prefixes = {}
- ## region = ""
- ## source_password = ""
- ## source_username = ""
-
enable_lifecycle_policy = true
lifecycle_policy_all = true
force_delete = true
-
+ lifecycle_policy_keep_count = 3
}
diff --git a/eks_console_access.tf b/eks_console_access.tf
index a8a0637..744b81c 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -25,30 +25,22 @@ locals {
},
]
cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr }
+ all_access_documents = flatten([
+ for cr_name, cr_data in local.cluster_roles_map : [
+ yamldecode(data.http.cluster_roles[cr_name].body)
+ ] if cr_data.enabled
+ ])
}
-
+# Fetch the YAML files from the specified URLs
data "http" "cluster_roles" {
for_each = local.cluster_roles_map
url = each.value.url
}
-data "kubectl_file_documents" "access_documents" {
- for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-
- content = data.http.cluster_roles[each.key].body
-}
-
-locals {
- all_access_documents = flatten([
- for cr_name, cr_data in local.cluster_roles_map : [
- for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc
- ] if cr_data.enabled
- ])
-}
-
-resource "kubectl_manifest" "deploy_cluster_roles" {
- count = length(local.all_access_documents)
+# Apply the Kubernetes manifests to the cluster
+resource "kubernetes_manifest" "deploy_cluster_roles" {
+ for_each = { for idx, doc in local.all_access_documents : idx => doc }
- yaml_body = local.all_access_documents[count.index]
+ manifest = each.value
}
diff --git a/main.tf b/main.tf
index 09b0604..dfa9dc5 100644
--- a/main.tf
+++ b/main.tf
@@ -1,9 +1,3 @@
-data "aws_ebs_default_kms_key" "current" {}
-
-data "aws_kms_key" "ebs_key" {
- key_id = data.aws_ebs_default_kms_key.current.key_arn
-}
-
locals {
base_tags = {
"eks-cluster-name" = var.cluster_name
diff --git a/outputs.tf b/outputs.tf
index ab60443..e221d4e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -26,26 +26,26 @@ output "rwx_storage_class" {
value = kubernetes_storage_class.efs_sc.metadata[0].name
}
-################################################################################
-# Details about kubectl image
-################################################################################
-
-output "kubectl_image_full_path" {
- description = "The full URI to access the kubectl image including the registry/repository:tag"
- value = module.images.images[local.kubectl_key].dest_full_path
-}
-
-output "kubectl_image_registry" {
- description = "The registry portion of the URI to access the kubectl image"
- value = module.images.images[local.kubectl_key].dest_registry
-}
-
-output "kubectl_image_repository" {
- description = "The repository portion of the URI to access the kubectl image"
- value = module.images.images[local.kubectl_key].dest_repository
-}
-
-output "kubectl_image_tag" {
- description = "The tag portion of the URI to access the kubectl image"
- value = module.images.images[local.kubectl_key].tag
-}
+# ################################################################################
+# # Details about kubectl image
+# ################################################################################
+
+# output "kubectl_image_full_path" {
+# description = "The full URI to access the kubectl image including the registry/repository:tag"
+# value = module.images.images[local.kubectl_key].dest_full_path
+# }
+
+# output "kubectl_image_registry" {
+# description = "The registry portion of the URI to access the kubectl image"
+# value = module.images.images[local.kubectl_key].dest_registry
+# }
+
+# output "kubectl_image_repository" {
+# description = "The repository portion of the URI to access the kubectl image"
+# value = module.images.images[local.kubectl_key].dest_repository
+# }
+
+# output "kubectl_image_tag" {
+# description = "The tag portion of the URI to access the kubectl image"
+# value = module.images.images[local.kubectl_key].tag
+# }
diff --git a/requirements.tf b/requirements.tf
index 48cbf58..871794c 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -10,10 +10,6 @@ terraform {
source = "hashicorp/http"
version = ">= 2.1.0"
}
- kubectl = {
- source = "gavinbunney/kubectl"
- version = ">= 1.14.0"
- }
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.23.0"
diff --git a/variables.tf b/variables.tf
index 5c4c702..c2d1be1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,12 +9,6 @@ variable "region" {
type = string
}
-variable "profile" {
- description = "AWS config profile"
- type = string
- default = ""
-}
-
variable "vpc_id" {
description = "Specify the VPC id that is used by this cluster"
type = string
@@ -30,17 +24,17 @@ variable "security_group_all_worker_mgmt_id" {
type = string
}
-# tflint-ignore: terraform_unused_declarations
-variable "eks_managed_node_groups_autoscaling_group_names" {
- description = "List of the autoscaling group names created by EKS managed node groups"
- type = list(string)
-}
+# # tflint-ignore: terraform_unused_declarations
+# variable "eks_managed_node_groups_autoscaling_group_names" {
+# description = "List of the autoscaling group names created by EKS managed node groups"
+# type = list(string)
+# }
-# tflint-ignore: terraform_unused_declarations
-variable "oidc_provider_arn" {
- description = "The ARN of the OIDC Provider if `enable_irsa = true`"
- type = string
-}
+# # tflint-ignore: terraform_unused_declarations
+# variable "oidc_provider_arn" {
+# description = "The ARN of the OIDC Provider if `enable_irsa = true`"
+# type = string
+# }
variable "operators_ns" {
description = "Namespace to create where operators will be installed."
@@ -60,23 +54,8 @@ variable "tags" {
default = {}
}
-variable "kubectl_image_tag" {
- description = "The version of bitnami/kubectl image to use."
- type = string
- default = "1.30.4"
-}
-
-# # helm add repo autoscaler "https://kubernetes.github.io/autoscaler"
-# # helm search repo -l autoscaler/cluster-autoscaler
-# variable "cluster_autoscaler_chart_version" {
-# description = "The helm chart of the cluster-autoscaler most closely matching the Kuberentes version. Review output of `helm add repo autoscaler 'https://kubernetes.github.io/autoscaler'` (if the repo hasn't been added previously) and `helm search repo -l autoscaler/cluster-autoscaler`"
-# type = string
-# default = "9.37.0"
-# }
-
-# # helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:
-# variable "cluster_autoscaler_tag" {
-# description = "Image tag of cluster-autoscaler associated with the cluster_autoscaler_chart_version helm chart. `helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:`"
+# variable "kubectl_image_tag" {
+# description = "The version of bitnami/kubectl image to use."
# type = string
-# default = "v1.30.0"
+# default = "1.30.4"
# }