Create node group user data from given template

Prior to this commit, user data for node groups was generated from a
prescribed template, and user data in other formats (such as the TOML
used to configure Bottlerocket instances, see link) was not supported.

This change allows a node_group to specify its own user data template
file, the template's extra arguments and the user data's mime type;
this in turn supports alternative forms of user data as required by any
given AMI.

https://github.com/bottlerocket-os/bottlerocket#using-user-data

modules/node_groups/README.md

@@ -54,6 +54,10 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | taints | Kubernetes node taints | list(map) | empty |
 | timeouts | A map of timeouts for create/update/delete operations. | `map(string)` | Provider default behavior |
 | update_default_version | Whether or not to set the new launch template version the Default | bool | `true` |
+| user\_data | Alternative `user_data` templating information.  If `user_data` is specified, `user_data.template_file` is required. | `map` (details below) | (see below) |
+| user\_data.mime\_type | Alternative MIME type for the user data. | `string` | `"text/x-shellscript"` |
+| user\_data.template\_extra\_args | Additional variables to make available to the user data template. | `map(string)` | `{}` |
+| user\_data.template\_file | (Required) Alternative template file from which to generate the user data. | `string` | `"${path.module}/templates/userdata.sh.tpl"` |
 | metadata_http_endpoint | The state of the instance metadata service. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_endpoint]` |
 | metadata_http_tokens | If session tokens are required. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_tokens]` |
 | metadata_http_put_response_hop_limit | The desired HTTP PUT response hop limit for instance metadata requests. Requires `create_launch_template` to be `true` | number | `var.workers_group_defaults[metadata_http_put_response_hop_limit]` |

modules/node_groups/launch_template.tf

@@ -6,9 +6,9 @@ data "cloudinit_config" "workers_userdata" {
   boundary      = "//"
 
   part {
-    content_type = "text/x-shellscript"
-    content = templatefile("${path.module}/templates/userdata.sh.tpl",
-      {
+    content_type = lookup(each.value["user_data"], "mime_type", "text/x-shellscript")
+    content = templatefile(each.value["user_data"]["template_file"],
+      merge({
         kubelet_extra_args   = each.value["kubelet_extra_args"]
         pre_userdata         = each.value["pre_userdata"]
         ami_id               = lookup(each.value, "ami_id", "")
@@ -18,7 +18,7 @@ data "cloudinit_config" "workers_userdata" {
         cluster_auth_base64  = var.cluster_auth_base64
         capacity_type        = lookup(each.value, "capacity_type", "ON_DEMAND")
         append_labels        = length(lookup(each.value, "k8s_labels", {})) > 0 ? ",${join(",", [for k, v in lookup(each.value, "k8s_labels", {}) : "${k}=${v}"])}" : ""
-      }
+      }, lookup(each.value["user_data"], "template_extra_args", {}))
     )
   }
 }

modules/node_groups/locals.tf

@@ -33,6 +33,11 @@ locals {
       metadata_http_tokens                 = var.workers_group_defaults["metadata_http_tokens"]
       metadata_http_put_response_hop_limit = var.workers_group_defaults["metadata_http_put_response_hop_limit"]
       ami_is_eks_optimized                 = true
+      user_data = {
+        mime_type           = "text/x-shellscript"
+        template_extra_args = lookup(var.workers_group_defaults, "userdata_template_file", {})
+        template_file       = lookup(var.workers_group_defaults, "userdata_template_file", "${path.module}/templates/userdata.sh.tpl")
+      }
     },
     var.node_groups_defaults,
     v,