diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 81be4df053..d80b126b41 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -53,6 +53,9 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In | taints | Kubernetes node taints | list(map) | empty | | timeouts | A map of timeouts for create/update/delete operations. | `map(string)` | Provider default behavior | | update_default_version | Whether or not to set the new launch template version the Default | bool | `true` | +| metadata_http_endpoint | The state of the instance metadata service. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_endpoint]` | +| metadata_http_tokens | If session tokens are required. Requires `create_launch_template` to be `true` | string | `var.workers_group_defaults[metadata_http_tokens]` | +| metadata_http_put_response_hop_limit | The desired HTTP PUT response hop limit for instance metadata requests. Requires `create_launch_template` to be `true` | number | `var.workers_group_defaults[metadata_http_put_response_hop_limit]` | ## Requirements diff --git a/modules/node_groups/launch_template.tf b/modules/node_groups/launch_template.tf index 1db59632df..2cf7cebe27 100644 --- a/modules/node_groups/launch_template.tf +++ b/modules/node_groups/launch_template.tf @@ -77,6 +77,12 @@ resource "aws_launch_template" "workers" { key_name = lookup(each.value, "key_name", null) + metadata_options { + http_endpoint = lookup(each.value, "metadata_http_endpoint", null) + http_tokens = lookup(each.value, "metadata_http_tokens", null) + http_put_response_hop_limit = lookup(each.value, "metadata_http_put_response_hop_limit", null) + } + # Supplying custom tags to EKS instances is another use-case for LaunchTemplates tag_specifications { resource_type = "instance" diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index 6d40e03808..5951b83fc6 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -2,31 +2,34 @@ locals { # Merge defaults and per-group values to make code cleaner node_groups_expanded = { for k, v in var.node_groups : k => merge( { - desired_capacity = var.workers_group_defaults["asg_desired_capacity"] - iam_role_arn = var.default_iam_role_arn - instance_types = [var.workers_group_defaults["instance_type"]] - key_name = var.workers_group_defaults["key_name"] - launch_template_id = var.workers_group_defaults["launch_template_id"] - launch_template_version = var.workers_group_defaults["launch_template_version"] - set_instance_types_on_lt = false - max_capacity = var.workers_group_defaults["asg_max_size"] - min_capacity = var.workers_group_defaults["asg_min_size"] - subnets = var.workers_group_defaults["subnets"] - create_launch_template = false - kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] - disk_size = var.workers_group_defaults["root_volume_size"] - disk_type = var.workers_group_defaults["root_volume_type"] - disk_encrypted = var.workers_group_defaults["root_encrypted"] - disk_kms_key_id = var.workers_group_defaults["root_kms_key_id"] - enable_monitoring = var.workers_group_defaults["enable_monitoring"] - eni_delete = var.workers_group_defaults["eni_delete"] - public_ip = var.workers_group_defaults["public_ip"] - pre_userdata = var.workers_group_defaults["pre_userdata"] - additional_security_group_ids = var.workers_group_defaults["additional_security_group_ids"] - taints = [] - timeouts = var.workers_group_defaults["timeouts"] - update_default_version = true - ebs_optimized = null + desired_capacity = var.workers_group_defaults["asg_desired_capacity"] + iam_role_arn = var.default_iam_role_arn + instance_types = [var.workers_group_defaults["instance_type"]] + key_name = var.workers_group_defaults["key_name"] + launch_template_id = var.workers_group_defaults["launch_template_id"] + launch_template_version = var.workers_group_defaults["launch_template_version"] + set_instance_types_on_lt = false + max_capacity = var.workers_group_defaults["asg_max_size"] + min_capacity = var.workers_group_defaults["asg_min_size"] + subnets = var.workers_group_defaults["subnets"] + create_launch_template = false + kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] + disk_size = var.workers_group_defaults["root_volume_size"] + disk_type = var.workers_group_defaults["root_volume_type"] + disk_encrypted = var.workers_group_defaults["root_encrypted"] + disk_kms_key_id = var.workers_group_defaults["root_kms_key_id"] + enable_monitoring = var.workers_group_defaults["enable_monitoring"] + eni_delete = var.workers_group_defaults["eni_delete"] + public_ip = var.workers_group_defaults["public_ip"] + pre_userdata = var.workers_group_defaults["pre_userdata"] + additional_security_group_ids = var.workers_group_defaults["additional_security_group_ids"] + taints = [] + timeouts = var.workers_group_defaults["timeouts"] + update_default_version = true + ebs_optimized = null + metadata_http_endpoint = var.workers_group_defaults["metadata_http_endpoint"] + metadata_http_tokens = var.workers_group_defaults["metadata_http_tokens"] + metadata_http_put_response_hop_limit = var.workers_group_defaults["metadata_http_put_response_hop_limit"] }, var.node_groups_defaults, v,