Upgrading eks default version from 1.28 -> 1.33 (Not tested)

README.md

@@ -557,9 +557,12 @@ The following inputs can be used as `step.with` keys
 | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `api,audit,authenticator`. |
 | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | 
 | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. |
-| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.28` |
+| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.32` |
+| `aws_eks_create_bk_node_group` | Boolean | Creates a backup node group in order to migrate the main one. Any changes after creation of it will be ignored. (For safety reasons) |
 | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. |
-| `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. |
+| `aws_eks_instance_ami_type` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. See [here](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for options. Defaults to `AL2_x86_64.` (Legacy reasons)|
+| `aws_eks_instance_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. |
+| `aws_eks_instance_ami_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. |
 | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. |
 | `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. |
 | `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. |

action.yaml

@@ -1137,12 +1137,21 @@ inputs:
     required: false
   aws_eks_cluster_version:
     description: 'Specify the k8s cluster version'
-    required: false 
+    required: false
+  aws_eks_create_bk_node_group:
+    description: 'Create a backup node group'
+    required: false
   aws_eks_instance_type:
     description: 'enter the aws instance type'
     required: false 
-  aws_eks_instance_ami_id:
-    description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.'
+  aws_eks_instance_ami_type:
+    description: 'Type of AMI to use. Defaults to AL2_x86_64'
+    required: false
+  aws_eks_instance_type_bk:
+    description: 'enter the aws instance type'
+    required: false 
+  aws_eks_instance_ami_type_bk:
+    description: 'Type of AMI to use. Defaults to AL2_x86_64'
     required: false
   aws_eks_instance_user_data_file:
     description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.'
@@ -1681,7 +1690,7 @@ runs:
         AWS_ECR_REGISTRY_POLICY_INPUT: ${{ inputs.aws_ecr_registry_policy_input }}
         AWS_ECR_ADDITIONAL_TAGS: ${{ inputs.aws_ecr_additional_tags }}
 
-        # AWS EKS
+        # EKS
         AWS_EKS_CREATE: ${{ inputs.aws_eks_create }}
         AWS_EKS_SECURITY_GROUP_NAME_CLUSTER: ${{ inputs.aws_eks_security_group_name_cluster }}
         AWS_EKS_SECURITY_GROUP_NAME_NODE: ${{ inputs.aws_eks_security_group_name_node }}
@@ -1695,8 +1704,11 @@ runs:
         AWS_EKS_CLUSTER_LOG_RETENTION_DAYS: ${{ inputs.aws_eks_cluster_log_retention_days }}
         AWS_EKS_CLUSTER_LOG_SKIP_DESTROY: ${{ inputs.aws_eks_cluster_log_skip_destroy }}
         AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }}
+        AWS_EKS_CREATE_BK_NODE_GROUP: ${{ inputs.aws_eks_create_bk_node_group }}
         AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }}
-        AWS_EKS_INSTANCE_AMI_ID: ${{ inputs.aws_eks_instance_ami_id }}
+        AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }}
+        AWS_EKS_INSTANCE_TYPE_BK: ${{ inputs.aws_eks_instance_type_bk }}
+        AWS_EKS_INSTANCE_AMI_TYPE_BK: ${{ inputs.aws_eks_instance_ami_type_bk }}
         AWS_EKS_INSTANCE_USER_DATA_FILE: ${{ inputs.aws_eks_instance_user_data_file }}
         AWS_EKS_EC2_KEY_PAIR: ${{ inputs.aws_eks_ec2_key_pair }}
         AWS_EKS_STORE_KEYPAIR_SM: ${{ inputs.aws_eks_store_keypair_sm }}

operations/_scripts/generate/generate_vars_terraform.sh

@@ -437,8 +437,11 @@ if [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then
   aws_eks_cluster_log_retention_days=$(generate_var aws_eks_cluster_log_retention_days $AWS_EKS_CLUSTER_LOG_RETENTION_DAYS)
   aws_eks_cluster_log_skip_destroy=$(generate_var aws_eks_cluster_log_skip_destroy $AWS_EKS_CLUSTER_LOG_SKIP_DESTROY)
   aws_eks_cluster_version=$(generate_var aws_eks_cluster_version $AWS_EKS_CLUSTER_VERSION)
+  aws_eks_create_bk_node_group=$(generate_var aws_eks_create_bk_node_group $AWS_EKS_CREATE_BK_NODE_GROUP)
   aws_eks_instance_type=$(generate_var aws_eks_instance_type $AWS_EKS_INSTANCE_TYPE)
-  aws_eks_instance_ami_id=$(generate_var aws_eks_instance_ami_id $AWS_EKS_INSTANCE_AMI_ID)
+  aws_eks_instance_ami_type=$(generate_var aws_eks_instance_ami_type $AWS_EKS_INSTANCE_AMI_TYPE)
+  aws_eks_instance_type_bk=$(generate_var aws_eks_instance_type_bk $AWS_EKS_INSTANCE_TYPE_BK)
+  aws_eks_instance_ami_type_bk=$(generate_var aws_eks_instance_ami_type_bk $AWS_EKS_INSTANCE_AMI_TYPE_BK)
   aws_eks_instance_user_data_file=$(generate_var aws_eks_instance_user_data_file $AWS_EKS_INSTANCE_USER_DATA_FILE)
   aws_eks_ec2_key_pair=$(generate_var aws_eks_ec2_key_pair $AWS_EKS_EC2_KEY_PAIR)
   aws_eks_store_keypair_sm=$(generate_var aws_eks_store_keypair_sm $AWS_EKS_STORE_KEYPAIR_SM)
@@ -830,8 +833,11 @@ $aws_eks_cluster_log_types
 $aws_eks_cluster_log_retention_days
 $aws_eks_cluster_log_skip_destroy
 $aws_eks_cluster_version
+$aws_eks_create_bk_node_group
 $aws_eks_instance_type
-$aws_eks_instance_ami_id
+$aws_eks_instance_ami_type
+$aws_eks_instance_type_bk
+$aws_eks_instance_ami_type_bk
 $aws_eks_instance_user_data_file
 $aws_eks_ec2_key_pair
 $aws_eks_store_keypair_sm

operations/deployment/terraform/aws/aws_variables.tf

@@ -1984,7 +1984,7 @@ variable "aws_eks_cluster_log_types" {
 }
 
 variable "aws_eks_cluster_log_retention_days" {
-  description = "enter the kubernetes version"
+  description = "Log retention days"
   type        = string
   default     = "7"
 }
@@ -1997,8 +1997,14 @@ variable "aws_eks_cluster_log_skip_destroy" {
 
 variable "aws_eks_cluster_version" {
   description = "enter the kubernetes version"
-  type        = number
-  default     = "1.28"
+  type        = string
+  default     = 1.28
+}
+
+variable "aws_eks_create_bk_node_group" {
+  description = "create a backup node group"
+  type        = bool
+  default     = false
 }
 
 variable "aws_eks_instance_type" {
@@ -2007,8 +2013,20 @@ variable "aws_eks_instance_type" {
   default     = "t3a.medium"
 }
 
-variable "aws_eks_instance_ami_id" {
-  description = "AWS AMI ID"
+variable "aws_eks_instance_type_bk" {
+  description = "enter the aws instance type"
+  type        = string
+  default     = ""
+}
+
+variable "aws_eks_instance_ami_type" {
+  description = "Type of AMI to use. Defaults to AL2_x86_64"
+  type        = string
+  default     = "AL2_x86_64"
+}
+
+variable "aws_eks_instance_ami_type_bk" {
+  description = "Type of AMI to use. Defaults to AL2_x86_64"
   type        = string
   default     = ""
 }

operations/deployment/terraform/aws/bitovi_main.tf

@@ -723,8 +723,11 @@ module "eks" {
   aws_eks_cluster_log_retention_days  = var.aws_eks_cluster_log_retention_days
   aws_eks_cluster_log_skip_destroy    = var.aws_eks_cluster_log_skip_destroy
   aws_eks_cluster_version             = var.aws_eks_cluster_version
+  aws_eks_create_bk_node_group        = var.aws_eks_create_bk_node_group
   aws_eks_instance_type               = var.aws_eks_instance_type
-  aws_eks_instance_ami_id             = var.aws_eks_instance_ami_id
+  aws_eks_instance_ami_type           = var.aws_eks_instance_ami_type
+  aws_eks_instance_type_bk            = var.aws_eks_instance_type_bk != "" ? var.aws_eks_instance_type_bk : var.aws_eks_instance_type
+  aws_eks_instance_ami_type_bk        = var.aws_eks_instance_ami_type_bk != "" ? var.aws_eks_instance_ami_type_bk : var.aws_eks_instance_ami_type
   aws_eks_instance_user_data_file     = var.aws_eks_instance_user_data_file
   aws_eks_ec2_key_pair                = var.aws_eks_ec2_key_pair
   aws_eks_store_keypair_sm            = var.aws_eks_store_keypair_sm

operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf

@@ -13,6 +13,14 @@ resource "aws_eks_cluster" "main" {
   name     = var.aws_eks_cluster_name # Cluster name is defined during the code-generation phase
   version  = var.aws_eks_cluster_version
   role_arn = aws_iam_role.iam_role_cluster.arn
+
+  access_config {
+    #authentication_mode                         = var.aws_eks_cluster_authentication_mode
+    #bootstrap_cluster_creator_admin_permissions = var.aws_eks_bootstrap_cluster_creator_admin_permissions
+    authentication_mode                         = "API_AND_CONFIG_MAP"
+    bootstrap_cluster_creator_admin_permissions = true
+  }
+
   vpc_config {
     security_group_ids      = [aws_security_group.eks_security_group_cluster.id]
     subnet_ids              = data.aws_subnets.public.ids
@@ -72,7 +80,7 @@ resource "aws_eks_node_group" "node_nodes" {
     max_unavailable = 1
   }
 
-  ami_type       = "AL2_x86_64"
+  ami_type       = var.aws_eks_instance_ami_type
   instance_types = [var.aws_eks_instance_type]
 
   remote_access {
@@ -92,6 +100,51 @@ resource "aws_eks_node_group" "node_nodes" {
   tags_all = {
     "Name" = "${aws_eks_cluster.main.name}-node"
   }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_eks_node_group" "bk_node_nodes" {
+  count           = var.aws_eks_create_bk_node_group ? 1 : 0
+  cluster_name    = aws_eks_cluster.main.name
+  node_group_name = "${var.aws_resource_identifier}-bk"
+  node_role_arn   = aws_iam_role.iam_role_node.arn
+  subnet_ids      = data.aws_subnets.private.ids
+
+  scaling_config {
+    desired_size = var.aws_eks_desired_capacity
+    max_size     = var.aws_eks_max_size
+    min_size     = var.aws_eks_min_size
+  }
+
+  update_config {
+    max_unavailable = 1
+  }
+
+  ami_type       = var.aws_eks_instance_ami_type_bk
+  instance_types = [var.aws_eks_instance_type_bk]
+
+  remote_access {
+    ec2_ssh_key = var.aws_eks_ec2_key_pair != "" ? var.aws_eks_ec2_key_pair : aws_key_pair.aws_key[0].id
+  }
+
+  depends_on = [
+    aws_iam_role.iam_role_node,
+    aws_iam_role.iam_role_cluster,
+    aws_eks_cluster.main,
+    aws_security_group.eks_security_group_cluster,
+    aws_security_group.eks_security_group_node
+  ]
+  tags = {
+    "Name" = "${aws_eks_cluster.main.name}-node-bk"
+  }
+  tags_all = {
+    "Name" = "${aws_eks_cluster.main.name}-node-bk"
+  }
+  lifecycle {
+    ignore_changes = all
+  }
 }
 
 data "aws_caller_identity" "current" {}
@@ -120,26 +173,27 @@ locals {
 }
 
 
-resource "terraform_data" "replacement" {
-  input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles)))
-}
-
-resource "kubernetes_config_map" "aws_auth" {
-  metadata {
-    name      = "aws-auth"
-    namespace = "kube-system"
-  }
-
-  data = {
-    mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles)))
-    #mapUsers    = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote)
-    mapAccounts = "${data.aws_caller_identity.current.account_id}"
-  }
-
-  lifecycle {
-    replace_triggered_by = [terraform_data.replacement]
-  }
-}
+#resource "terraform_data" "replacement" {
+#  input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles)))
+#}
+#
+#resource "kubernetes_config_map" "aws_auth" {
+#  metadata {
+#    name      = "aws-auth"
+#    namespace = "kube-system"
+#  }
+#
+#  data = {
+#    mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles)))
+#    #mapUsers    = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote)
+#    mapAccounts = "${data.aws_caller_identity.current.account_id}"
+#  }
+#
+#  lifecycle {
+#    #replace_triggered_by = [terraform_data.replacement]
+#    ignore_changes       = [*]
+#  }
+#}
 
 output "eks_kubernetes_provider_config" {
   value = {

operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf

@@ -10,8 +10,11 @@ variable "aws_eks_cluster_log_types" {}
 variable "aws_eks_cluster_log_retention_days" {}
 variable "aws_eks_cluster_log_skip_destroy" {}
 variable "aws_eks_cluster_version" {}
+variable "aws_eks_create_bk_node_group" {}
 variable "aws_eks_instance_type" {}
-variable "aws_eks_instance_ami_id" {}
+variable "aws_eks_instance_ami_type" {}
+variable "aws_eks_instance_type_bk" {}
+variable "aws_eks_instance_ami_type_bk" {}
 variable "aws_eks_instance_user_data_file" {}
 variable "aws_eks_ec2_key_pair" {}
 variable "aws_eks_store_keypair_sm" {}