Merge pull request #11 from cmdlabs/dean-resolve-issues

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.4.0] - 2019-03-26
+### Breaking
+- Removed instance_type_3 support. This was hard to use in practice as cluster-autoscaler expects all instances in an ASG to have the same CPU/Memory characteristics. instance_type_2 has been left as for most instance types Amazon has the previous instance generation available which has the same CPU/Memory characteristics. For example M4/M5 Large instances both have 2 vCPU and 8GB of memory available so can share an ASG without impacting cluster-autoscaler. 
+
+### Fixed 
+- Add cluster owned tag on the default worker security group so the ELB controller is able to find it when multiple security groups are applied to nodes
+
+### Added
+- Add support for EKS Public/Private endpoint configuration
+- Add support for specifying subnets per ASG to work around PV scheduling limitations
+
 ## [0.3.0] - 2019-03-15
 ### Added
 - suspended_processes on worker groups

README.md

@@ -20,6 +20,8 @@ This module implementes an EKS cluster and associated worker groups. It utilised
 | vpc\_id | VPC ID for EKS Cluster | string | n/a | yes |
 | worker\_group\_count | Count of worker groups. Set to 0 to disable worker creation | string | `"1"` | no |
 | workers | List of worker groups options objects | list | n/a | yes |
+| cluster_endpoint_private_access | Enable Amazon EKS private API server endpoint | string | `"false"` | no |
+| cluster_endpoint_public_access | Enable Amazon EKS public API server endpoint | string | `"true"` | no |
 
 ## Worker Group Options
 It is possible to customise individual parameters on the the workers list. 
@@ -41,13 +43,13 @@ It is possible to customise individual parameters on the the workers list.
 | spot\_instance\_pools | Number of Spot pools per availability zone to allocate capacity | string | `"10"` | no |
 | spot\_max\_price | Maximum price youre willing to pay for spot instances. Defaults to the on demand price if blank | string | `""` | no |
 | instance\_type\_1 | First instance type used by the ASG | string | `"m5.large"` | no |
-| instance\_type\_2 | Second instance type used by the ASG | string | `"c5.large"` | no |
-| instance\_type\_3 | Third instance type used by the ASG | string | `"r5.large"` | no |
+| instance\_type\_2 | Second instance type used by the ASG | string | `"m4.large"` | no |
 | detailed\_monitoring | Enable EC2 detailed monitoring | string | `"false"` | no |
 | iam\_role\_name | Override the role that this module generates | string | `""` | no |
 | kubelet\_extra\_args | Additional arguments to pass to the kubelet | string| `""` | no |
 | pre\_userdata | Userdata to prepend to the standard userdata | string | `""` | no |
 | additional\_userdata | Userdata to append to the standard userdata | string | `""` | no |
+| vpc\_subnets | A comma seperated string of subnets for the ASG to place instances in | string | `var.private_subnets` | no
 
 ## Outputs
 | Name | Description |

cluster.tf

@@ -7,6 +7,9 @@ resource "aws_eks_cluster" "this" {
   vpc_config = {
     security_group_ids = ["${aws_security_group.cluster.id}"]
     subnet_ids         = ["${var.private_subnets}"]
+
+    endpoint_private_access = "${var.cluster_endpoint_private_access}"
+    endpoint_public_access  = "${var.cluster_endpoint_public_access}"
   }
 
   depends_on = [

examples/main.tf

@@ -17,15 +17,16 @@ module "eks-cluster" {
       asg_min_size         = 0
       asg_max_size         = 5
 
+      vpc_subnets = "subnet-457ee522,subnet-c0b82c89,subnet-2cc22074"
+
       on_demand_allocation_strategy            = "prioritized"
       on_demand_base_capacity                  = 0
       on_demand_percentage_above_base_capacity = 0
       spot_allocation_strategy                 = "lowest-price"
       spot_max_price                           = ""
 
       instance_type_1 = "m5.large"
-      instance_type_2 = "c5.large"
-      instance_type_3 = "r5.large"
+      instance_type_2 = "m4.large"
 
       root_volume_size = 100
 
@@ -43,9 +44,8 @@ module "eks-cluster" {
       spot_allocation_strategy                 = "lowest-price"
       spot_max_price                           = ""
 
-      instance_type_1 = "m4.large"
-      instance_type_2 = "c4.large"
-      instance_type_3 = "r4.large"
+      instance_type_1 = "r5.large"
+      instance_type_2 = "r4.large"
 
       root_volume_size = 100
 

examples/provider.tf

@@ -1,3 +1,4 @@
 provider "aws" {
   region = "ap-southeast-2"
+  version = "~> 2.3.0"
 }

variables.tf

@@ -69,3 +69,13 @@ variable "worker_group_count" {
 variable "vpc_id" {
   description = "VPC ID for EKS Cluster"
 }
+
+variable "cluster_endpoint_private_access" {
+  description = "Enable Amazon EKS private API server endpoint."
+  default     = false
+}
+
+variable "cluster_endpoint_public_access" {
+  description = "Enable Amazon EKS public API server endpoint."
+  default     = true
+}

workers.tf

@@ -4,7 +4,7 @@ resource "aws_autoscaling_group" "workers" {
   desired_capacity    = "${lookup(var.workers[count.index], "asg_desired_capacity", 1)}"
   min_size            = "${lookup(var.workers[count.index], "asg_min_size", 1)}"
   max_size            = "${lookup(var.workers[count.index], "asg_max_size", 10)}"
-  vpc_zone_identifier = ["${var.private_subnets}"]
+  vpc_zone_identifier = ["${split(",", coalesce(lookup(var.workers[count.index], "vpc_subnets", ""), join(",", var.private_subnets)))}"]
 
   suspended_processes = ["${compact(split(",", lookup(var.workers[count.index], "suspended_processes", "")))}"]
   enabled_metrics = ["${compact(split(",", lookup(var.workers[count.index], "enabled_metrics", "")))}"]
@@ -30,12 +30,9 @@ resource "aws_autoscaling_group" "workers" {
       }
 
       override {
-        instance_type = "${lookup(var.workers[count.index], "instance_type_2", "c5.large")}"
+        instance_type = "${lookup(var.workers[count.index], "instance_type_2", "m4.large")}"
       }
 
-      override {
-        instance_type = "${lookup(var.workers[count.index], "instance_type_3", "r5.large")}"
-      }
     }
   }
 
@@ -94,6 +91,8 @@ resource "aws_security_group" "workers" {
   name        = "eks-${var.cluster_name}-workers"
   description = "Security group for worker nodes of cluster ${var.cluster_name}"
   vpc_id      = "${var.vpc_id}"
+
+  tags = "${map("kubernetes.io/cluster/${var.cluster_name}", "owned")}"
 }
 
 resource "aws_security_group_rule" "worker_to_worker" {