fix: Move prefix delegation env var code from eks module to kubernetes terraform. Also bump up the kubernetes provider version and make a few related tweaks. (#222)

bmonkman · web-flow · commit 5f9847b9c16e · 2021-08-26T15:33:25.000-07:00
diff --git a/templates/kubernetes/terraform/modules/kubernetes/logging/cloudwatch/cloudwatch_agent.tf b/templates/kubernetes/terraform/modules/kubernetes/logging/cloudwatch/cloudwatch_agent.tf
@@ -170,11 +170,11 @@ resource "kubernetes_daemonset" "cloudwatch_agent" {
             value = "k8s/1.0.0"
           }
           resources {
-            limits {
+            limits = {
               cpu    = "200m"
               memory = "200Mi"
             }
-            requests {
+            requests = {
               memory = "200Mi"
               cpu    = "200m"
             }
diff --git a/templates/kubernetes/terraform/modules/kubernetes/logging/cloudwatch/fluentd.tf b/templates/kubernetes/terraform/modules/kubernetes/logging/cloudwatch/fluentd.tf
@@ -183,10 +183,10 @@ resource "kubernetes_daemonset" "fluentd_cloudwatch" {
             value = "-q"
           }
           resources {
-            limits {
+            limits = {
               memory = "200Mi"
             }
-            requests {
+            requests = {
               cpu    = "100m"
               memory = "200Mi"
             }
diff --git a/templates/kubernetes/terraform/modules/kubernetes/logging/kibana/fluentd.tf b/templates/kubernetes/terraform/modules/kubernetes/logging/kibana/fluentd.tf
@@ -144,10 +144,10 @@ resource "kubernetes_daemonset" "fluentd" {
           # }
 
           resources {
-            limits {
+            limits = {
               memory = "200Mi"
             }
-            requests {
+            requests = {
               cpu    = "100m"
               memory = "200Mi"
             }
diff --git a/templates/kubernetes/terraform/modules/kubernetes/main.tf b/templates/kubernetes/terraform/modules/kubernetes/main.tf
@@ -39,3 +39,19 @@ resource "kubernetes_namespace" "app_namespace" {
     name = var.project
   }
 }
+
+
+# Enable prefix delegation - this will enable many more IPs to be allocated per-node.
+# See https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
+resource "null_resource" "enable_prefix_delegation" {
+
+  # This is a static value so it won't be run multiple times.
+  # If these env vars get removed somehow, this value can just be incremented.
+  triggers = {
+    "version" = "1"
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl set env daemonset aws-node ${local.k8s_exec_context} -n kube-system ENABLE_PREFIX_DELEGATION=true WARM_PREFIX_TARGET=1"
+  }
+}
diff --git a/templates/kubernetes/terraform/modules/kubernetes/provider.tf b/templates/kubernetes/terraform/modules/kubernetes/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "~> 1.11"
+      version = "~> 2.4"
     }
   }
 }
@@ -46,7 +46,6 @@ provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-  load_config_file       = false
 }
 
 provider "helm" {
diff --git a/templates/kubernetes/terraform/modules/kubernetes/vpn.tf b/templates/kubernetes/terraform/modules/kubernetes/vpn.tf
@@ -186,11 +186,11 @@ resource "kubernetes_deployment" "wireguard" {
           }
 
           resources {
-            limits {
+            limits = {
               memory = "256Mi"
             }
 
-            requests {
+            requests = {
               cpu    = "100m"
               memory = "64Mi"
             }
diff --git a/templates/terraform/modules/environment/main.tf b/templates/terraform/modules/environment/main.tf
@@ -56,7 +56,7 @@ data "aws_caller_identity" "current" {}
 # Provision the EKS cluster
 module "eks" {
   source  = "commitdev/zero/aws//modules/eks"
-  version = "0.5.0"
+  version = "0.5.1"
   providers = {
     aws = aws.for_eks
   }
diff --git a/templates/terraform/modules/environment/provider.tf b/templates/terraform/modules/environment/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "~> 1.11"
+      version = "~> 2.4"
     }
   }
 }
@@ -44,5 +44,4 @@ provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-  load_config_file       = false
 }

Original file line number	Diff line number	Diff line change
`@@ -170,11 +170,11 @@ resource "kubernetes_daemonset" "cloudwatch_agent" {`
`170`	`170`	`value = "k8s/1.0.0"`
`171`	`171`	`}`
`172`	`172`	`resources {`
`173`		`- limits {`
	`173`	`+ limits = {`
`174`	`174`	`cpu = "200m"`
`175`	`175`	`memory = "200Mi"`
`176`	`176`	`}`
`177`		`- requests {`
	`177`	`+ requests = {`
`178`	`178`	`memory = "200Mi"`
`179`	`179`	`cpu = "200m"`
`180`	`180`	`}`
Original file line number	Diff line number	Diff line change
`@@ -183,10 +183,10 @@ resource "kubernetes_daemonset" "fluentd_cloudwatch" {`
`183`	`183`	`value = "-q"`
`184`	`184`	`}`
`185`	`185`	`resources {`
`186`		`- limits {`
	`186`	`+ limits = {`
`187`	`187`	`memory = "200Mi"`
`188`	`188`	`}`
`189`		`- requests {`
	`189`	`+ requests = {`
`190`	`190`	`cpu = "100m"`
`191`	`191`	`memory = "200Mi"`
`192`	`192`	`}`
Original file line number	Diff line number	Diff line change
`@@ -144,10 +144,10 @@ resource "kubernetes_daemonset" "fluentd" {`
`144`	`144`	`# }`
`145`	`145`
`146`	`146`	`resources {`
`147`		`- limits {`
	`147`	`+ limits = {`
`148`	`148`	`memory = "200Mi"`
`149`	`149`	`}`
`150`		`- requests {`
	`150`	`+ requests = {`
`151`	`151`	`cpu = "100m"`
`152`	`152`	`memory = "200Mi"`
`153`	`153`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`kubernetes = {`
`4`	`4`	`source = "hashicorp/kubernetes"`
`5`		`- version = "~> 1.11"`
	`5`	`+ version = "~> 2.4"`
`6`	`6`	`}`
`7`	`7`	`}`
`8`	`8`	`}`
`@@ -46,7 +46,6 @@ provider "kubernetes" {`
`46`	`46`	`host = data.aws_eks_cluster.cluster.endpoint`
`47`	`47`	`cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)`
`48`	`48`	`token = data.aws_eks_cluster_auth.cluster.token`
`49`		`- load_config_file = false`
`50`	`49`	`}`
`51`	`50`
`52`	`51`	`provider "helm" {`
Original file line number	Diff line number	Diff line change
`@@ -186,11 +186,11 @@ resource "kubernetes_deployment" "wireguard" {`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`resources {`
`189`		`- limits {`
	`189`	`+ limits = {`
`190`	`190`	`memory = "256Mi"`
`191`	`191`	`}`
`192`	`192`
`193`		`- requests {`
	`193`	`+ requests = {`
`194`	`194`	`cpu = "100m"`
`195`	`195`	`memory = "64Mi"`
`196`	`196`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ data "aws_caller_identity" "current" {}`
`56`	`56`	`# Provision the EKS cluster`
`57`	`57`	`module "eks" {`
`58`	`58`	`source = "commitdev/zero/aws//modules/eks"`
`59`		`- version = "0.5.0"`
	`59`	`+ version = "0.5.1"`
`60`	`60`	`providers = {`
`61`	`61`	`aws = aws.for_eks`
`62`	`62`	`}`