feat: Add metadata_options for node_groups

terraform-aws-modules · Sep 8, 2021 · fe14810 · fe14810
1 parent 95237e9
commit fe14810
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 25 deletions.
diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md
@@ -53,6 +53,9 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In
 | taints | Kubernetes node taints | list(map) | empty |
 | timeouts | A map of timeouts for create/update/delete operations. | `map(string)` | Provider default behavior |
 | update_default_version | Whether or not to set the new launch template version the Default | bool | `true` |
+| metadata_http_endpoint | The state of the instance metadata service. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_endpoint]` |
+| metadata_http_tokens | If session tokens are required. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_tokens]` |
+| metadata_http_put_response_hop_limit | The desired HTTP PUT response hop limit for instance metadata requests. Requires `create_launch_template` to be `true` | number | `var.workers_group_defaults[metadata_http_put_response_hop_limit]` |
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf
@@ -77,6 +77,12 @@ resource "aws_launch_template" "workers" {
 
   key_name = lookup(each.value, "key_name", null)
 
+  metadata_options {
+    http_endpoint               = lookup(each.value, "metadata_http_endpoint", null)
+    http_tokens                 = lookup(each.value, "metadata_http_tokens", null)
+    http_put_response_hop_limit = lookup(each.value, "metadata_http_put_response_hop_limit", null)
+  }
+
   # Supplying custom tags to EKS instances is another use-case for LaunchTemplates
   tag_specifications {
     resource_type = "instance"

diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf
@@ -2,31 +2,34 @@ locals {
   # Merge defaults and per-group values to make code cleaner
   node_groups_expanded = { for k, v in var.node_groups : k => merge(
     {
-      desired_capacity              = var.workers_group_defaults["asg_desired_capacity"]
-      iam_role_arn                  = var.default_iam_role_arn
-      instance_types                = [var.workers_group_defaults["instance_type"]]
-      key_name                      = var.workers_group_defaults["key_name"]
-      launch_template_id            = var.workers_group_defaults["launch_template_id"]
-      launch_template_version       = var.workers_group_defaults["launch_template_version"]
-      set_instance_types_on_lt      = false
-      max_capacity                  = var.workers_group_defaults["asg_max_size"]
-      min_capacity                  = var.workers_group_defaults["asg_min_size"]
-      subnets                       = var.workers_group_defaults["subnets"]
-      create_launch_template        = false
-      kubelet_extra_args            = var.workers_group_defaults["kubelet_extra_args"]
-      disk_size                     = var.workers_group_defaults["root_volume_size"]
-      disk_type                     = var.workers_group_defaults["root_volume_type"]
-      disk_encrypted                = var.workers_group_defaults["root_encrypted"]
-      disk_kms_key_id               = var.workers_group_defaults["root_kms_key_id"]
-      enable_monitoring             = var.workers_group_defaults["enable_monitoring"]
-      eni_delete                    = var.workers_group_defaults["eni_delete"]
-      public_ip                     = var.workers_group_defaults["public_ip"]
-      pre_userdata                  = var.workers_group_defaults["pre_userdata"]
-      additional_security_group_ids = var.workers_group_defaults["additional_security_group_ids"]
-      taints                        = []
-      timeouts                      = var.workers_group_defaults["timeouts"]
-      update_default_version        = true
-      ebs_optimized                 = null
+      desired_capacity                     = var.workers_group_defaults["asg_desired_capacity"]
+      iam_role_arn                         = var.default_iam_role_arn
+      instance_types                       = [var.workers_group_defaults["instance_type"]]
+      key_name                             = var.workers_group_defaults["key_name"]
+      launch_template_id                   = var.workers_group_defaults["launch_template_id"]
+      launch_template_version              = var.workers_group_defaults["launch_template_version"]
+      set_instance_types_on_lt             = false
+      max_capacity                         = var.workers_group_defaults["asg_max_size"]
+      min_capacity                         = var.workers_group_defaults["asg_min_size"]
+      subnets                              = var.workers_group_defaults["subnets"]
+      create_launch_template               = false
+      kubelet_extra_args                   = var.workers_group_defaults["kubelet_extra_args"]
+      disk_size                            = var.workers_group_defaults["root_volume_size"]
+      disk_type                            = var.workers_group_defaults["root_volume_type"]
+      disk_encrypted                       = var.workers_group_defaults["root_encrypted"]
+      disk_kms_key_id                      = var.workers_group_defaults["root_kms_key_id"]
+      enable_monitoring                    = var.workers_group_defaults["enable_monitoring"]
+      eni_delete                           = var.workers_group_defaults["eni_delete"]
+      public_ip                            = var.workers_group_defaults["public_ip"]
+      pre_userdata                         = var.workers_group_defaults["pre_userdata"]
+      additional_security_group_ids        = var.workers_group_defaults["additional_security_group_ids"]
+      taints                               = []
+      timeouts                             = var.workers_group_defaults["timeouts"]
+      update_default_version               = true
+      ebs_optimized                        = null
+      metadata_http_endpoint               = var.workers_group_defaults["metadata_http_endpoint"]
+      metadata_http_tokens                 = var.workers_group_defaults["metadata_http_tokens"]
+      metadata_http_put_response_hop_limit = var.workers_group_defaults["metadata_http_put_response_hop_limit"]
     },
     var.node_groups_defaults,
     v,