Skip to content

Commit

Permalink
chore: Update examples for Fargate high availability (#2378)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bryantbiggs
bryantbiggs authored Jan 5, 2023
1 parent 460e43d commit 21e26e9
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 56 deletions.
68 changes: 36 additions & 32 deletions examples/fargate_profile/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,44 +54,48 @@ module "eks" {
}
}

fargate_profiles = {
example = {
name = "example"
selectors = [
{
namespace = "backend"
labels = {
Application = "backend"
fargate_profiles = merge(
{
example = {
name = "example"
selectors = [
{
namespace = "backend"
labels = {
Application = "backend"
}
},
{
namespace = "app-*"
labels = {
Application = "app-wildcard"
}
}
},
{
namespace = "app-*"
labels = {
Application = "app-wildcard"
}
}
]
]

# Using specific subnets instead of the subnets supplied for the cluster itself
subnet_ids = [module.vpc.private_subnets[1]]
# Using specific subnets instead of the subnets supplied for the cluster itself
subnet_ids = [module.vpc.private_subnets[1]]

tags = {
Owner = "secondary"
}
tags = {
Owner = "secondary"
}

timeouts = {
create = "20m"
delete = "20m"
timeouts = {
create = "20m"
delete = "20m"
}
}
},
{ for i in range(3) :
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
selectors = [
{ namespace = "kube-system" }
]
# We want to create a profile per AZ for high availability
subnet_ids = element(module.vpc.private_subnets, i)
}
}

kube_system = {
name = "kube-system"
selectors = [
{ namespace = "kube-system" }
]
}
}
)

tags = local.tags
}
Expand Down
41 changes: 25 additions & 16 deletions examples/karpenter/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,10 @@ module "eks" {
subnet_ids = module.vpc.private_subnets
control_plane_subnet_ids = module.vpc.intra_subnets

# Fargate profiles use the cluster primary security group so these are not utilized
create_cluster_security_group = false
create_node_security_group = false

manage_aws_auth_configmap = true
aws_auth_roles = [
# We need to add in the Karpenter node IAM role for nodes launched by Karpenter
Expand All @@ -105,21 +109,26 @@ module "eks" {
},
]

fargate_profiles = {
kube_system = {
name = "kube-system"
selectors = [
{ namespace = "kube-system" }
]
}

karpenter = {
name = "karpenter"
selectors = [
{ namespace = "karpenter" }
]
}
}
fargate_profiles = merge(
{ for i in range(3) :
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
selectors = [
{ namespace = "kube-system" }
]
# We want to create a profile per AZ for high availability
subnet_ids = [element(module.vpc.private_subnets, i)]
}
},
{ for i in range(3) :
"karpenter-${element(split("-", local.azs[i]), 2)}" => {
selectors = [
{ namespace = "karpenter" }
]
# We want to create a profile per AZ for high availability
subnet_ids = [element(module.vpc.private_subnets, i)]
}
},
)

tags = merge(local.tags, {
# NOTE - if creating multiple security groups with this module, only tag the
Expand Down Expand Up @@ -151,7 +160,7 @@ resource "helm_release" "karpenter" {
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
repository_password = data.aws_ecrpublic_authorization_token.token.password
chart = "karpenter"
version = "v0.19.3"
version = "v0.21.1"

set {
name = "settings.aws.clusterName"
Expand Down
8 changes: 0 additions & 8 deletions examples/outposts/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,6 @@ module "eks" {
}
}

self_managed_node_group_defaults = {
attach_cluster_primary_security_group = true

iam_role_additional_policies = {
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
}

self_managed_node_groups = {
outpost = {
name = local.name
Expand Down

0 comments on commit 21e26e9

Please sign in to comment.