From 4334f8e5d2530a07c21fa2fc52b862a43dd41ab8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Sat, 20 Jul 2024 00:04:26 -0400 Subject: [PATCH] update image to AL2023 --- main.tf | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 074159b..b6e11c2 100644 --- a/main.tf +++ b/main.tf @@ -72,7 +72,7 @@ locals { } module "cluster" { - source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.8.5" + source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.20.0" #version = "19.16.0" cluster_name = var.cluster_name @@ -99,6 +99,9 @@ module "cluster" { kube-proxy = { most_recent = true } + eks-pod-identity-agent = { + most_recent = true + } vpc-cni = { most_recent = true service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn @@ -114,10 +117,10 @@ module "cluster" { } eks_managed_node_group_defaults = { - ami_type = "AL2_x86_64" + ami_type = "AL2023_x86_64_STANDARD" } - node_security_group_enable_recommended_rules = false + node_security_group_enable_recommended_rules = true node_security_group_additional_rules = local.node_security_group_additional_rules @@ -141,14 +144,23 @@ module "cluster" { ebs = { volume_size = var.eks_instance_disk_size volume_type = "gp3" - iops = 3000 - throughput = 125 + # iops = 3000 + # throughput = 125 encrypted = true delete_on_termination = true kms_key_id = data.aws_kms_key.ebs_key.arn } } } + taints = { + # This Taint aims to keep just EKS Addons and Karpenter running on this MNG + # The pods that do not tolerate this taint should run on nodes created by Karpenter + addons = { + key = "CriticalAddonsOnly" + value = "true" + effect = "NO_SCHEDULE" + }, + } } }