Cleaning up and deduplicating launch template related code (#370)

* cleaning up launch template code

* update changelog

* Remove variable worker_group_launch_template_tags

* misc fixes

* fixing and simplifying example

Author: max-rocket-internet

CHANGELOG.md

@@ -21,6 +21,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
  - Set default suspended processes for ASG to `AZRebalance` (by @max-rocket-internet)
  - 4 small changes to `aws_launch_template` resource (by @max-rocket-internet)
+ - (Breaking Change) Rewritten and de-duplicated code related to Launch Templates (by @max-rocket-internet)
  - Add .prettierignore file (by @rothandrew)
  - Switch to https for the pre-commit repos (by @rothandrew)
  - Add instructions on how to enable the docker bridge network (by @rothandrew)

README.md

@@ -148,7 +148,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | string | `"true"` | no |
 | worker\_group\_count | The number of maps contained within the worker_groups list. | string | `"1"` | no |
 | worker\_group\_launch\_template\_count | The number of maps contained within the worker_groups_launch_template list. | string | `"0"` | no |
-| worker\_group\_launch\_template\_tags | A map defining extra tags to be applied to the worker group template ASG. | map | `{ "default": [] }` | no |
 | worker\_group\_tags | A map defining extra tags to be applied to the worker group ASG. | map | `{ "default": [] }` | no |
 | worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no |
 | worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no |
@@ -157,14 +156,14 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | workers\_additional\_policies | Additional policies to be added to workers | list | `[]` | no |
 | workers\_additional\_policies\_count |  | string | `"0"` | no |
 | workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | map | `{}` | no |
-| workers\_group\_launch\_template\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | map | `{}` | no |
 | write\_aws\_auth\_config | Whether to write the aws-auth configmap file. | string | `"true"` | no |
 | write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `"true"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| cluster\_arn | The Amazon Resource Name (ARN) of the cluster. |
 | cluster\_certificate\_authority\_data | Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster. |
 | cluster\_endpoint | The endpoint for your EKS Kubernetes API. |
 | cluster\_iam\_role\_arn | IAM role ARN of the EKS cluster. |
@@ -183,9 +182,9 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | workers\_asg\_arns | IDs of the autoscaling groups containing workers. |
 | workers\_asg\_names | Names of the autoscaling groups containing workers. |
 | workers\_default\_ami\_id | ID of the default worker group AMI |
-| workers\_user\_data | User data of worker groups |
 | workers\_launch\_template\_arns | ARNs of the worker launch templates. |
 | workers\_launch\_template\_ids | IDs of the worker launch templates. |
 | workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. |
+| workers\_user\_data | User data of worker groups |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

data.tf

@@ -94,10 +94,10 @@ data "template_file" "launch_template_userdata" {
     cluster_name         = "${aws_eks_cluster.this.name}"
     endpoint             = "${aws_eks_cluster.this.endpoint}"
     cluster_auth_base64  = "${aws_eks_cluster.this.certificate_authority.0.data}"
-    pre_userdata         = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_launch_template_defaults["pre_userdata"])}"
-    additional_userdata  = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_launch_template_defaults["additional_userdata"])}"
-    bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_launch_template_defaults["bootstrap_extra_args"])}"
-    kubelet_extra_args   = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_launch_template_defaults["kubelet_extra_args"])}"
+    pre_userdata         = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
+    additional_userdata  = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
+    bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
+    kubelet_extra_args   = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
   }
 }
 
@@ -112,6 +112,6 @@ data "aws_iam_instance_profile" "custom_worker_group_iam_instance_profile" {
 }
 
 data "aws_iam_instance_profile" "custom_worker_group_launch_template_iam_instance_profile" {
-  name  = "${lookup(var.worker_groups_launch_template[count.index], "iam_instance_profile_name", local.workers_group_launch_template_defaults["iam_instance_profile_name"])}"
+  name  = "${lookup(var.worker_groups_launch_template[count.index], "iam_instance_profile_name", local.workers_group_defaults["iam_instance_profile_name"])}"
   count = "${var.manage_worker_iam_resources ? 0 : var.worker_group_launch_template_count}"
 }

examples/eks_test_fixture/main.tf

@@ -61,24 +61,17 @@ locals {
 
   worker_groups = [
     {
-      # This will launch an autoscaling group with only On-Demand instances
       instance_type        = "t2.small"
       additional_userdata  = "echo foo bar"
-      subnets              = "${join(",", module.vpc.private_subnets)}"
-      asg_desired_capacity = "2"
+      asg_desired_capacity = 2
     },
   ]
   worker_groups_launch_template = [
     {
-      # This will launch an autoscaling group with only Spot Fleet instances
-      instance_type                            = "t2.small"
-      additional_userdata                      = "echo foo bar"
-      subnets                                  = "${join(",", module.vpc.private_subnets)}"
-      additional_security_group_ids            = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
-      override_instance_type                   = "t3.small"
-      asg_desired_capacity                     = "2"
-      spot_instance_pools                      = 10
-      on_demand_percentage_above_base_capacity = "0"
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
+      asg_desired_capacity          = 2
     },
   ]
   tags = {
@@ -163,8 +156,8 @@ module "eks" {
   vpc_id                               = "${module.vpc.vpc_id}"
   worker_groups                        = "${local.worker_groups}"
   worker_groups_launch_template        = "${local.worker_groups_launch_template}"
-  worker_group_count                   = "1"
-  worker_group_launch_template_count   = "1"
+  worker_group_count                   = 1
+  worker_group_launch_template_count   = 1
   worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
   map_roles                            = "${var.map_roles}"
   map_roles_count                      = "${var.map_roles_count}"

local.tf

@@ -43,56 +43,19 @@ locals {
     target_group_arns             = ""                              # A comma delimited list of ALB target group ARNs to be associated to the ASG
     enabled_metrics               = ""                              # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity
     placement_group               = ""                              # The name of the placement group into which to launch the instances, if any.
-  }
-
-  workers_group_defaults = "${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}"
+    service_linked_role_arn       = ""                              # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS
 
-  workers_group_launch_template_defaults_defaults = {
-    name                                     = "count.index"                                 # Name of the worker group. Literal count.index will never be used but if name is not set, the count.index interpolation will be used.
-    ami_id                                   = "${data.aws_ami.eks_worker.id}"               # AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI.
-    root_block_device_id                     = "${data.aws_ami.eks_worker.root_device_name}" # Root device name for workers. If non is provided, will assume default AMI was used.
-    asg_desired_capacity                     = "1"                                           # Desired worker capacity in the autoscaling group.
-    asg_max_size                             = "3"                                           # Maximum worker capacity in the autoscaling group.
-    asg_min_size                             = "1"                                           # Minimum worker capacity in the autoscaling group.
-    asg_force_delete                         = false                                         # Enable forced deletion for the autoscaling group.
-    instance_type                            = "m4.large"                                    # Size of the workers instances.
-    override_instance_type                   = "t3.large"                                    # Need to specify at least one additional instance type for mixed instances policy. The instance_type holds  higher priority for on demand instances.
-    on_demand_allocation_strategy            = "prioritized"                                 # Strategy to use when launching on-demand instances. Valid values: prioritized.
-    on_demand_base_capacity                  = "0"                                           # Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances
-    on_demand_percentage_above_base_capacity = "100"                                         # Percentage split between on-demand and Spot instances above the base on-demand capacity
-    spot_allocation_strategy                 = "lowest-price"                                # The only valid value is lowest-price, which is also the default value. The Auto Scaling group selects the cheapest Spot pools and evenly allocates your Spot capacity across the number of Spot pools that you specify.
-    spot_instance_pools                      = 10                                            # "Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify."
-    spot_max_price                           = ""                                            # Maximum price per unit hour that the user is willing to pay for the Spot instances. Default is the on-demand price
-    spot_price                               = ""                                            # Cost of spot instance.
-    placement_tenancy                        = "default"                                     # The tenancy of the instance. Valid values are "default" or "dedicated".
-    root_volume_size                         = "100"                                         # root volume size of workers instances.
-    root_volume_type                         = "gp2"                                         # root volume type of workers instances, can be 'standard', 'gp2', or 'io1'
-    root_iops                                = "0"                                           # The amount of provisioned IOPS. This must be set with a volume_type of "io1".
-    root_encrypted                           = ""                                            # root volume encryption for workers.
-    kms_key_id                               = ""                                            # KMS key ID used for encrypted block device. ASG must have access to this key. If not specified, the default KMS key will be used.
-    key_name                                 = ""                                            # The key name that should be used for the instances in the autoscaling group
-    pre_userdata                             = ""                                            # userdata to pre-append to the default userdata.
-    bootstrap_extra_args                     = ""                                            # Extra arguments passed to the bootstrap.sh script from the EKS AMI.
-    additional_userdata                      = ""                                            # userdata to append to the default userdata.
-    ebs_optimized                            = true                                          # sets whether to use ebs optimization on supported types.
-    enable_monitoring                        = true                                          # Enables/disables detailed monitoring.
-    public_ip                                = false                                         # Associate a public ip address with a worker
-    eni_delete                               = true                                          # Delete the ENI on termination (if set to false you will have to manually delete before destroying)
-    kubelet_extra_args                       = ""                                            # This string is passed directly to kubelet if set. Useful for adding labels or taints.
-    subnets                                  = "${join(",", var.subnets)}"                   # A comma delimited string of subnets to place the worker nodes in. i.e. subnet-123,subnet-456,subnet-789
-    autoscaling_enabled                      = false                                         # Sets whether policy and matching tags will be added to allow autoscaling.
-    additional_security_group_ids            = ""                                            # A comma delimited list of additional security group ids to include in worker launch config
-    protect_from_scale_in                    = false                                         # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible.
-    iam_instance_profile_name                = ""                                            # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id.
-    iam_role_id                              = "${local.default_iam_role_id}"                # A custom IAM role id. Incompatible with iam_instance_profile_name.
-    suspended_processes                      = "AZRebalance"                                 # A comma delimited string of processes to to suspend. i.e. AZRebalance,HealthCheck,ReplaceUnhealthy
-    target_group_arns                        = ""                                            # A comma delimited list of ALB target group ARNs to be associated to the ASG
-    enabled_metrics                          = ""                                            # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity
-    placement_group                          = ""                                            # The name of the placement group into which to launch the instances, if any.
-    service_linked_role_arn                  = ""                                            # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS
+    # Settings for launch templates
+    root_block_device_name            = "${data.aws_ami.eks_worker.root_device_name}" # Root device name for workers. If non is provided, will assume default AMI was used.
+    root_kms_key_id                   = ""                                            # The KMS key to use when encrypting the root storage device
+    launch_template_version           = "$Latest"                                     # The lastest version of the launch template to use in the autoscaling group
+    launch_template_placement_tenancy = "default"                                     # The placement tenancy for instances
+    launch_template_placement_group   = ""                                            # The name of the placement group into which to launch the instances, if any.
+    root_encrypted                    = ""                                            # Whether the volume should be encrypted or not
+    eni_delete                        = true                                          # Delete the ENI on termination (if set to false you will have to manually delete before destroying)
   }
 
-  workers_group_launch_template_defaults = "${merge(local.workers_group_launch_template_defaults_defaults, var.workers_group_launch_template_defaults)}"
+  workers_group_defaults = "${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}"
 
   ebs_optimized = {
     "c1.medium"    = false

variables.tf

@@ -138,21 +138,6 @@ variable "worker_group_launch_template_count" {
   default     = "0"
 }
 
-variable "workers_group_launch_template_defaults" {
-  description = "Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys."
-  type        = "map"
-  default     = {}
-}
-
-variable "worker_group_launch_template_tags" {
-  description = "A map defining extra tags to be applied to the worker group template ASG."
-  type        = "map"
-
-  default = {
-    default = []
-  }
-}
-
 variable "worker_security_group_id" {
   description = "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster."
   default     = ""