diff --git a/README.md b/README.md index efd0ef60d..ff35b6b6b 100644 --- a/README.md +++ b/README.md @@ -557,9 +557,12 @@ The following inputs can be used as `step.with` keys | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `api,audit,authenticator`. | | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. | -| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.28` | +| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.32` | +| `aws_eks_create_bk_node_group` | Boolean | Creates a backup node group in order to migrate the main one. Any changes after creation of it will be ignored. (For safety reasons) | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | -| `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. | +| `aws_eks_instance_ami_type` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. See [here](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for options. Defaults to `AL2_x86_64.` (Legacy reasons)| +| `aws_eks_instance_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | +| `aws_eks_instance_ami_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. | | `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. | | `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. | diff --git a/action.yaml b/action.yaml index 2ee4856e3..95187dc28 100644 --- a/action.yaml +++ b/action.yaml @@ -1137,12 +1137,21 @@ inputs: required: false aws_eks_cluster_version: description: 'Specify the k8s cluster version' - required: false + required: false + aws_eks_create_bk_node_group: + description: 'Create a backup node group' + required: false aws_eks_instance_type: description: 'enter the aws instance type' required: false - aws_eks_instance_ami_id: - description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.' + aws_eks_instance_ami_type: + description: 'Type of AMI to use. Defaults to AL2_x86_64' + required: false + aws_eks_instance_type_bk: + description: 'enter the aws instance type' + required: false + aws_eks_instance_ami_type_bk: + description: 'Type of AMI to use. Defaults to AL2_x86_64' required: false aws_eks_instance_user_data_file: description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.' @@ -1681,7 +1690,7 @@ runs: AWS_ECR_REGISTRY_POLICY_INPUT: ${{ inputs.aws_ecr_registry_policy_input }} AWS_ECR_ADDITIONAL_TAGS: ${{ inputs.aws_ecr_additional_tags }} - # AWS EKS + # EKS AWS_EKS_CREATE: ${{ inputs.aws_eks_create }} AWS_EKS_SECURITY_GROUP_NAME_CLUSTER: ${{ inputs.aws_eks_security_group_name_cluster }} AWS_EKS_SECURITY_GROUP_NAME_NODE: ${{ inputs.aws_eks_security_group_name_node }} @@ -1695,8 +1704,11 @@ runs: AWS_EKS_CLUSTER_LOG_RETENTION_DAYS: ${{ inputs.aws_eks_cluster_log_retention_days }} AWS_EKS_CLUSTER_LOG_SKIP_DESTROY: ${{ inputs.aws_eks_cluster_log_skip_destroy }} AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }} + AWS_EKS_CREATE_BK_NODE_GROUP: ${{ inputs.aws_eks_create_bk_node_group }} AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }} - AWS_EKS_INSTANCE_AMI_ID: ${{ inputs.aws_eks_instance_ami_id }} + AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }} + AWS_EKS_INSTANCE_TYPE_BK: ${{ inputs.aws_eks_instance_type_bk }} + AWS_EKS_INSTANCE_AMI_TYPE_BK: ${{ inputs.aws_eks_instance_ami_type_bk }} AWS_EKS_INSTANCE_USER_DATA_FILE: ${{ inputs.aws_eks_instance_user_data_file }} AWS_EKS_EC2_KEY_PAIR: ${{ inputs.aws_eks_ec2_key_pair }} AWS_EKS_STORE_KEYPAIR_SM: ${{ inputs.aws_eks_store_keypair_sm }} diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh index 5956e47e8..236c0f6e5 100644 --- a/operations/_scripts/generate/generate_vars_terraform.sh +++ b/operations/_scripts/generate/generate_vars_terraform.sh @@ -437,8 +437,11 @@ if [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then aws_eks_cluster_log_retention_days=$(generate_var aws_eks_cluster_log_retention_days $AWS_EKS_CLUSTER_LOG_RETENTION_DAYS) aws_eks_cluster_log_skip_destroy=$(generate_var aws_eks_cluster_log_skip_destroy $AWS_EKS_CLUSTER_LOG_SKIP_DESTROY) aws_eks_cluster_version=$(generate_var aws_eks_cluster_version $AWS_EKS_CLUSTER_VERSION) + aws_eks_create_bk_node_group=$(generate_var aws_eks_create_bk_node_group $AWS_EKS_CREATE_BK_NODE_GROUP) aws_eks_instance_type=$(generate_var aws_eks_instance_type $AWS_EKS_INSTANCE_TYPE) - aws_eks_instance_ami_id=$(generate_var aws_eks_instance_ami_id $AWS_EKS_INSTANCE_AMI_ID) + aws_eks_instance_ami_type=$(generate_var aws_eks_instance_ami_type $AWS_EKS_INSTANCE_AMI_TYPE) + aws_eks_instance_type_bk=$(generate_var aws_eks_instance_type_bk $AWS_EKS_INSTANCE_TYPE_BK) + aws_eks_instance_ami_type_bk=$(generate_var aws_eks_instance_ami_type_bk $AWS_EKS_INSTANCE_AMI_TYPE_BK) aws_eks_instance_user_data_file=$(generate_var aws_eks_instance_user_data_file $AWS_EKS_INSTANCE_USER_DATA_FILE) aws_eks_ec2_key_pair=$(generate_var aws_eks_ec2_key_pair $AWS_EKS_EC2_KEY_PAIR) aws_eks_store_keypair_sm=$(generate_var aws_eks_store_keypair_sm $AWS_EKS_STORE_KEYPAIR_SM) @@ -830,8 +833,11 @@ $aws_eks_cluster_log_types $aws_eks_cluster_log_retention_days $aws_eks_cluster_log_skip_destroy $aws_eks_cluster_version +$aws_eks_create_bk_node_group $aws_eks_instance_type -$aws_eks_instance_ami_id +$aws_eks_instance_ami_type +$aws_eks_instance_type_bk +$aws_eks_instance_ami_type_bk $aws_eks_instance_user_data_file $aws_eks_ec2_key_pair $aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 9c4a44078..d5dead27f 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1984,7 +1984,7 @@ variable "aws_eks_cluster_log_types" { } variable "aws_eks_cluster_log_retention_days" { - description = "enter the kubernetes version" + description = "Log retention days" type = string default = "7" } @@ -1997,8 +1997,14 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" - type = number - default = "1.28" + type = string + default = 1.28 +} + +variable "aws_eks_create_bk_node_group" { + description = "create a backup node group" + type = bool + default = false } variable "aws_eks_instance_type" { @@ -2007,8 +2013,20 @@ variable "aws_eks_instance_type" { default = "t3a.medium" } -variable "aws_eks_instance_ami_id" { - description = "AWS AMI ID" +variable "aws_eks_instance_type_bk" { + description = "enter the aws instance type" + type = string + default = "" +} + +variable "aws_eks_instance_ami_type" { + description = "Type of AMI to use. Defaults to AL2_x86_64" + type = string + default = "AL2_x86_64" +} + +variable "aws_eks_instance_ami_type_bk" { + description = "Type of AMI to use. Defaults to AL2_x86_64" type = string default = "" } diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf index cdbf2b846..e69e4a9aa 100644 --- a/operations/deployment/terraform/aws/bitovi_main.tf +++ b/operations/deployment/terraform/aws/bitovi_main.tf @@ -723,8 +723,11 @@ module "eks" { aws_eks_cluster_log_retention_days = var.aws_eks_cluster_log_retention_days aws_eks_cluster_log_skip_destroy = var.aws_eks_cluster_log_skip_destroy aws_eks_cluster_version = var.aws_eks_cluster_version + aws_eks_create_bk_node_group = var.aws_eks_create_bk_node_group aws_eks_instance_type = var.aws_eks_instance_type - aws_eks_instance_ami_id = var.aws_eks_instance_ami_id + aws_eks_instance_ami_type = var.aws_eks_instance_ami_type + aws_eks_instance_type_bk = var.aws_eks_instance_type_bk != "" ? var.aws_eks_instance_type_bk : var.aws_eks_instance_type + aws_eks_instance_ami_type_bk = var.aws_eks_instance_ami_type_bk != "" ? var.aws_eks_instance_ami_type_bk : var.aws_eks_instance_ami_type aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 1cb171b23..4786d6ba4 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -13,6 +13,14 @@ resource "aws_eks_cluster" "main" { name = var.aws_eks_cluster_name # Cluster name is defined during the code-generation phase version = var.aws_eks_cluster_version role_arn = aws_iam_role.iam_role_cluster.arn + + access_config { + #authentication_mode = var.aws_eks_cluster_authentication_mode + #bootstrap_cluster_creator_admin_permissions = var.aws_eks_bootstrap_cluster_creator_admin_permissions + authentication_mode = "API_AND_CONFIG_MAP" + bootstrap_cluster_creator_admin_permissions = true + } + vpc_config { security_group_ids = [aws_security_group.eks_security_group_cluster.id] subnet_ids = data.aws_subnets.public.ids @@ -72,7 +80,7 @@ resource "aws_eks_node_group" "node_nodes" { max_unavailable = 1 } - ami_type = "AL2_x86_64" + ami_type = var.aws_eks_instance_ami_type instance_types = [var.aws_eks_instance_type] remote_access { @@ -92,6 +100,51 @@ resource "aws_eks_node_group" "node_nodes" { tags_all = { "Name" = "${aws_eks_cluster.main.name}-node" } + lifecycle { + create_before_destroy = true + } +} + +resource "aws_eks_node_group" "bk_node_nodes" { + count = var.aws_eks_create_bk_node_group ? 1 : 0 + cluster_name = aws_eks_cluster.main.name + node_group_name = "${var.aws_resource_identifier}-bk" + node_role_arn = aws_iam_role.iam_role_node.arn + subnet_ids = data.aws_subnets.private.ids + + scaling_config { + desired_size = var.aws_eks_desired_capacity + max_size = var.aws_eks_max_size + min_size = var.aws_eks_min_size + } + + update_config { + max_unavailable = 1 + } + + ami_type = var.aws_eks_instance_ami_type_bk + instance_types = [var.aws_eks_instance_type_bk] + + remote_access { + ec2_ssh_key = var.aws_eks_ec2_key_pair != "" ? var.aws_eks_ec2_key_pair : aws_key_pair.aws_key[0].id + } + + depends_on = [ + aws_iam_role.iam_role_node, + aws_iam_role.iam_role_cluster, + aws_eks_cluster.main, + aws_security_group.eks_security_group_cluster, + aws_security_group.eks_security_group_node + ] + tags = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + tags_all = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + lifecycle { + ignore_changes = all + } } data "aws_caller_identity" "current" {} @@ -120,26 +173,27 @@ locals { } -resource "terraform_data" "replacement" { - input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) -} - -resource "kubernetes_config_map" "aws_auth" { - metadata { - name = "aws-auth" - namespace = "kube-system" - } - - data = { - mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) - #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) - mapAccounts = "${data.aws_caller_identity.current.account_id}" - } - - lifecycle { - replace_triggered_by = [terraform_data.replacement] - } -} +#resource "terraform_data" "replacement" { +# input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) +#} +# +#resource "kubernetes_config_map" "aws_auth" { +# metadata { +# name = "aws-auth" +# namespace = "kube-system" +# } +# +# data = { +# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) +# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) +# mapAccounts = "${data.aws_caller_identity.current.account_id}" +# } +# +# lifecycle { +# #replace_triggered_by = [terraform_data.replacement] +# ignore_changes = [*] +# } +#} output "eks_kubernetes_provider_config" { value = { diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf index 958cdb7e8..0c4ae5832 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf @@ -10,8 +10,11 @@ variable "aws_eks_cluster_log_types" {} variable "aws_eks_cluster_log_retention_days" {} variable "aws_eks_cluster_log_skip_destroy" {} variable "aws_eks_cluster_version" {} +variable "aws_eks_create_bk_node_group" {} variable "aws_eks_instance_type" {} -variable "aws_eks_instance_ami_id" {} +variable "aws_eks_instance_ami_type" {} +variable "aws_eks_instance_type_bk" {} +variable "aws_eks_instance_ami_type_bk" {} variable "aws_eks_instance_user_data_file" {} variable "aws_eks_ec2_key_pair" {} variable "aws_eks_store_keypair_sm" {}