Merge branch 'master' into aws-auth_enhancemnts

max-rocket-internet · max-rocket-internet · commit 404645501dc6 · 2018-07-11T10:57:58.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 
 - kubelet_node_labels worker group option allows setting --node-labels= in kubelet. (Hat-tip, @bshelton229 👒)
+- `worker_iam_role_arn` added to outputs. Sweet, @hatemosphere 🔥
 
 ### Changed
 
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ Read the [AWS docs on EKS to get connected to the k8s dashboard](https://docs.aw
 * You want to create an EKS cluster and an autoscaling group of workers for the cluster.
 * You want these resources to exist within security groups that allow communication and coordination. These can be user provided or created within the module.
 * You've created a Virtual Private Cloud (VPC) and subnets where you intend to put the EKS resources.
-* If using the default variable value (`true`) for `configure_kubectl_session`, it's required that both [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) (>=1.10) and [`heptio-authenticator-aws`](https://github.com/heptio/authenticator#4-set-up-kubectl-to-use-heptio-authenticator-for-aws-tokens) are installed and on your shell's PATH.
+* If using the default variable value (`true`) for `configure_kubectl_session`, it's required that both [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) (>=1.10) and [`aws-iam-authenticator`](https://github.com/kubernetes-sigs/aws-iam-authenticator#4-set-up-kubectl-to-use-authentication-tokens-provided-by-aws-iam-authenticator-for-kubernetes) are installed and on your shell's PATH.
 
 ## Usage example
 
@@ -128,5 +128,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | config_map_aws_auth | A kubernetes configuration to authenticate to this EKS cluster. |
 | kubeconfig | kubectl config file contents for this EKS cluster. |
 | worker_iam_role_name | IAM role name attached to EKS workers |
+| worker_iam_role_arn | IAM role ID attached to EKS workers |
 | worker_security_group_id | Security group ID attached to the EKS workers. |
 | workers_asg_arns | IDs of the autoscaling groups containing workers. |
diff --git a/aws_auth.tf b/aws_auth.tf
@@ -13,7 +13,7 @@ resource "null_resource" "update_config_map_aws_auth" {
     config_map_rendered = "${data.template_file.config_map_aws_auth.rendered}"
   }
 
-  count = "${var.configure_kubectl_session ? 1 : 0}"
+  count = "${var.manage_aws_auth ? 1 : 0}"
 }
 
 data "template_file" "config_map_aws_auth" {
diff --git a/main.tf b/main.tf
@@ -16,7 +16,7 @@
 ** You want to create an EKS cluster and an autoscaling group of workers for the cluster.
 ** You want these resources to exist within security groups that allow communication and coordination. These can be user provided or created within the module.
 ** You've created a Virtual Private Cloud (VPC) and subnets where you intend to put the EKS resources.
-** If using the default variable value (`true`) for `configure_kubectl_session`, it's required that both [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) (>=1.10) and [`heptio-authenticator-aws`](https://github.com/heptio/authenticator#4-set-up-kubectl-to-use-heptio-authenticator-for-aws-tokens) are installed and on your shell's PATH.
+** If using the default variable value (`true`) for `configure_kubectl_session`, it's required that both [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) (>=1.10) and [`aws-iam-authenticator`](https://github.com/kubernetes-sigs/aws-iam-authenticator#4-set-up-kubectl-to-use-authentication-tokens-provided-by-aws-iam-authenticator-for-kubernetes) are installed and on your shell's PATH.
 
 * ## Usage example
 
diff --git a/outputs.tf b/outputs.tf
@@ -53,3 +53,8 @@ output "worker_iam_role_name" {
   description = "IAM role name attached to EKS workers"
   value       = "${aws_iam_role.workers.name}"
 }
+
+output "worker_iam_role_arn" {
+  description = "IAM role ID attached to EKS workers"
+  value       = "${aws_iam_role.workers.arn}"
+}
diff --git a/variables.tf b/variables.tf
@@ -106,7 +106,7 @@ variable "worker_sg_ingress_from_port" {
 
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to to fetch AWS EKS credentials"
-  default     = "heptio-authenticator-aws"
+  default     = "aws-iam-authenticator"
 }
 
 variable "kubeconfig_aws_authenticator_additional_args" {

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ resource "null_resource" "update_config_map_aws_auth" {`
`13`	`13`	`config_map_rendered = "${data.template_file.config_map_aws_auth.rendered}"`
`14`	`14`	`}`
`15`	`15`
`16`		`- count = "${var.configure_kubectl_session ? 1 : 0}"`
	`16`	`+ count = "${var.manage_aws_auth ? 1 : 0}"`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`data "template_file" "config_map_aws_auth" {`
Original file line number	Diff line number	Diff line change
`@@ -53,3 +53,8 @@ output "worker_iam_role_name" {`
`53`	`53`	`description = "IAM role name attached to EKS workers"`
`54`	`54`	`value = "${aws_iam_role.workers.name}"`
`55`	`55`	`}`
	`56`	`+`
	`57`	`+output "worker_iam_role_arn" {`
	`58`	`+ description = "IAM role ID attached to EKS workers"`
	`59`	`+ value = "${aws_iam_role.workers.arn}"`
	`60`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ variable "worker_sg_ingress_from_port" {`
`106`	`106`
`107`	`107`	`variable "kubeconfig_aws_authenticator_command" {`
`108`	`108`	`description = "Command to use to to fetch AWS EKS credentials"`
`109`		`- default = "heptio-authenticator-aws"`
	`109`	`+ default = "aws-iam-authenticator"`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`variable "kubeconfig_aws_authenticator_additional_args" {`