add secondary subnet config

Oded Simon · Oded Simon · commit 402e0ca7c216 · 2025-03-02T07:42:36.000+02:00
diff --git a/main.tf b/main.tf
@@ -26,6 +26,8 @@ locals {
   enable_cluster_encryption_config = length(var.cluster_encryption_config) > 0 && !local.create_outposts_local_cluster
 
   auto_mode_enabled = try(var.cluster_compute_config.enabled, false)
+  optional_pod_subnet_count = length(var.secondary_subnet_ids)
+  eks_cluster_subnet_count = length(var.subnet_ids)
 }
 
 ################################################################################
@@ -186,6 +188,24 @@ resource "aws_eks_cluster" "this" {
   }
 }
 
+resource "kubectl_manifest" "eni_config" {
+  for_each = local.optional_pod_subnet_count > 0 ? zipmap(var.azs, slice(var.subnet_ids, local.eks_cluster_subnet_count, sum([local.eks_cluster_subnet_count, local.optional_pod_subnet_count]))) : {}
+
+  yaml_body = yamlencode({
+    apiVersion = "crd.k8s.amazonaws.com/v1alpha1"
+    kind       = "ENIConfig"
+    metadata = {
+      name = each.key
+    }
+    spec = {
+      securityGroups = [
+        module.eks.cluster_primary_security_group_id,
+      ]
+      subnet = each.value
+    }
+  })
+}
+
 resource "aws_ec2_tag" "cluster_primary_security_group" {
   # This should not affect the name of the cluster primary security group
   # Ref: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2006
diff --git a/variables.tf b/variables.tf
@@ -86,6 +86,17 @@ variable "subnet_ids" {
   default     = []
 }
 
+variable "azs" {
+  description = "A list of availability zones in the region"
+  type        = list(string)
+}
+
+variable "secondary_subnet_ids" {
+  description = "Optional list of subnets to use for pods.If list is empty, pods will be placed in the subnet_ids subnets. Must be the length of the number of availability zones"
+  type        = list(string)
+  default     = []
+}
+
 variable "cluster_endpoint_private_access" {
   description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled"
   type        = bool
diff --git a/versions.tf b/versions.tf
@@ -14,5 +14,9 @@ terraform {
       source  = "hashicorp/time"
       version = ">= 0.9"
     }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.18"
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,9 @@ terraform {`
`14`	`14`	`source = "hashicorp/time"`
`15`	`15`	`version = ">= 0.9"`
`16`	`16`	`}`
	`17`	`+ kubectl = {`
	`18`	`+ source = "gavinbunney/kubectl"`
	`19`	`+ version = ">= 1.18"`
	`20`	`+ }`
`17`	`21`	`}`
`18`	`22`	`}`