From 402e0ca7c216999e9b6194bfc532887b6e630c78 Mon Sep 17 00:00:00 2001 From: Oded Simon Date: Sun, 2 Mar 2025 07:42:36 +0200 Subject: [PATCH 1/2] add secondary subnet config --- main.tf | 20 ++++++++++++++++++++ variables.tf | 11 +++++++++++ versions.tf | 4 ++++ 3 files changed, 35 insertions(+) diff --git a/main.tf b/main.tf index 18933422f5..2011166bc6 100644 --- a/main.tf +++ b/main.tf @@ -26,6 +26,8 @@ locals { enable_cluster_encryption_config = length(var.cluster_encryption_config) > 0 && !local.create_outposts_local_cluster auto_mode_enabled = try(var.cluster_compute_config.enabled, false) + optional_pod_subnet_count = length(var.secondary_subnet_ids) + eks_cluster_subnet_count = length(var.subnet_ids) } ################################################################################ @@ -186,6 +188,24 @@ resource "aws_eks_cluster" "this" { } } +resource "kubectl_manifest" "eni_config" { + for_each = local.optional_pod_subnet_count > 0 ? zipmap(var.azs, slice(var.subnet_ids, local.eks_cluster_subnet_count, sum([local.eks_cluster_subnet_count, local.optional_pod_subnet_count]))) : {} + + yaml_body = yamlencode({ + apiVersion = "crd.k8s.amazonaws.com/v1alpha1" + kind = "ENIConfig" + metadata = { + name = each.key + } + spec = { + securityGroups = [ + module.eks.cluster_primary_security_group_id, + ] + subnet = each.value + } + }) +} + resource "aws_ec2_tag" "cluster_primary_security_group" { # This should not affect the name of the cluster primary security group # Ref: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2006 diff --git a/variables.tf b/variables.tf index 855c2133ec..ecac4a6652 100644 --- a/variables.tf +++ b/variables.tf @@ -86,6 +86,17 @@ variable "subnet_ids" { default = [] } +variable "azs" { + description = "A list of availability zones in the region" + type = list(string) +} + +variable "secondary_subnet_ids" { + description = "Optional list of subnets to use for pods.If list is empty, pods will be placed in the subnet_ids subnets. Must be the length of the number of availability zones" + type = list(string) + default = [] +} + variable "cluster_endpoint_private_access" { description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled" type = bool diff --git a/versions.tf b/versions.tf index 4466790686..464c7f58af 100644 --- a/versions.tf +++ b/versions.tf @@ -14,5 +14,9 @@ terraform { source = "hashicorp/time" version = ">= 0.9" } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.18" + } } } From 02a5d02178e2e62df62b5d122427f3f1a06762df Mon Sep 17 00:00:00 2001 From: Oded Simon Date: Sun, 2 Mar 2025 11:00:33 +0200 Subject: [PATCH 2/2] change var names --- main.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 2011166bc6..c52b3d337c 100644 --- a/main.tf +++ b/main.tf @@ -189,7 +189,7 @@ resource "aws_eks_cluster" "this" { } resource "kubectl_manifest" "eni_config" { - for_each = local.optional_pod_subnet_count > 0 ? zipmap(var.azs, slice(var.subnet_ids, local.eks_cluster_subnet_count, sum([local.eks_cluster_subnet_count, local.optional_pod_subnet_count]))) : {} + for_each = local.optional_pod_subnet_count > 0 ? zipmap(var.availability_zones, slice(var.subnet_ids, local.eks_cluster_subnet_count, sum([local.eks_cluster_subnet_count, local.optional_pod_subnet_count]))) : {} yaml_body = yamlencode({ apiVersion = "crd.k8s.amazonaws.com/v1alpha1" diff --git a/variables.tf b/variables.tf index ecac4a6652..da9d59d685 100644 --- a/variables.tf +++ b/variables.tf @@ -86,7 +86,7 @@ variable "subnet_ids" { default = [] } -variable "azs" { +variable "availability_zones" { description = "A list of availability zones in the region" type = list(string) }