update

terraform-aws-modules · Oct 12, 2021 · d0634c4 · d0634c4
1 parent 03fc93a
commit d0634c4
Show file tree

Hide file tree

Showing 14 changed files with 31 additions and 88 deletions.
diff --git a/examples/bottlerocket/main.tf b/examples/bottlerocket/main.tf
@@ -51,6 +51,7 @@ module "vpc" {
 ################################################################################
 # EKS Module
 ################################################################################
+
 data "aws_eks_cluster" "cluster" {
   name = module.eks.cluster_id
 }

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -51,6 +51,7 @@ module "vpc" {
 ################################################################################
 # EKS Module
 ################################################################################
+
 data "aws_eks_cluster" "cluster" {
   name = module.eks.cluster_id
 }

diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
@@ -51,6 +51,7 @@ module "vpc" {
 ################################################################################
 # EKS Module
 ################################################################################
+
 data "aws_eks_cluster" "cluster" {
   name = module.eks.cluster_id
 }

diff --git a/examples/instance_refresh/README.md b/examples/instance_refresh/README.md
@@ -1,6 +1,8 @@
 # Instance refresh example
 
-This is EKS example using instance refresh feature for worker groups.
+This is EKS example using [instance refresh](https://aws.amazon.com/blogs/compute/introducing-instance-refresh-for-ec2-auto-scaling/) feature for worker groups.
+
+See [the official documentation](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) for more details.
 
 ## Usage
 

diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf
@@ -51,6 +51,7 @@ module "vpc" {
 ################################################################################
 # EKS Module
 ################################################################################
+
 data "aws_eks_cluster" "cluster" {
   name = module.eks.cluster_id
 }
@@ -192,7 +193,7 @@ module "aws_node_termination_handler_role" {
   role_name_prefix              = local.name
   provider_url                  = replace(module.eks.cluster_oidc_issuer_url, "https://", "")
   role_policy_arns              = [aws_iam_policy.aws_node_termination_handler.arn]
-  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.serviceaccount}"]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:aws-node-termination-handler"]
 }
 
 resource "helm_release" "aws_node_termination_handler" {
@@ -201,10 +202,10 @@ resource "helm_release" "aws_node_termination_handler" {
   ]
 
   name             = "aws-node-termination-handler"
-  namespace        = var.namespace
+  namespace        = "kube-system"
   repository       = "https://aws.github.io/eks-charts"
   chart            = "aws-node-termination-handler"
-  version          = var.aws_node_termination_handler_chart_version
+  version          = "0.15.0"
   create_namespace = true
 
   set {
@@ -213,7 +214,7 @@ resource "helm_release" "aws_node_termination_handler" {
   }
   set {
     name  = "serviceAccount.name"
-    value = var.serviceaccount
+    value = "aws-node-termination-handler"
   }
   set {
     name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"

diff --git a/examples/instance_refresh/variables.tf b/examples/instance_refresh/variables.tf
@@ -9,21 +9,3 @@ variable "cluster_version" {
   type        = string
   default     = "1.20"
 }
-
-variable "aws_node_termination_handler_chart_version" {
-  description = "Version of the aws-node-termination-handler Helm chart to install."
-  type        = string
-  default     = "0.15.0"
-}
-
-variable "namespace" {
-  description = "Namespace for the aws-node-termination-handler."
-  type        = string
-  default     = "kube-system"
-}
-
-variable "serviceaccount" {
-  description = "Serviceaccount for the aws-node-termination-handler."
-  type        = string
-  default     = "aws-node-termination-handler"
-}
diff --git a/examples/irsa/README.md b/examples/irsa/README.md
@@ -2,7 +2,7 @@
 
 This example shows how to create an IAM role to be used for a Kubernetes `ServiceAccount`. It will create a policy and role to be used by the [cluster-autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) using the [public Helm chart](https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler).
 
-The AWS documentation for IRSA is here: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+See [the official documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) for more details.
 
 ## Usage
 

diff --git a/examples/launch_templates_with_managed_node_groups/README.md b/examples/launch_templates_with_managed_node_groups/README.md
@@ -1,6 +1,11 @@
 # Launch template with managed groups example
 
-This is EKS example using workers launch template with managed groups feature.
+This is EKS example using workers custom launch template with managed groups feature in two different ways:
+
+- Using a defined existing launch template created outside module
+- Using dlaunch template which will be created by module with user customization
+
+See [the official documentation](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) for more details.
 
 ## Usage
 

diff --git a/examples/launch_templates_with_managed_node_groups/main.tf b/examples/launch_templates_with_managed_node_groups/main.tf
@@ -51,6 +51,7 @@ module "vpc" {
 ################################################################################
 # EKS Module
 ################################################################################
+
 data "aws_eks_cluster" "cluster" {
   name = module.eks.cluster_id
 }
@@ -78,6 +79,7 @@ module "eks" {
   cluster_endpoint_public_access  = true
 
   node_groups = {
+    # use arleady defined launch template
     example1 = {
       name_prefix      = "example1"
       desired_capacity = 1
@@ -87,12 +89,13 @@ module "eks" {
       launch_template_id      = aws_launch_template.default.id
       launch_template_version = aws_launch_template.default.default_version
 
-      instance_types = var.instance_types
+      instance_types = ["t3.small"]
 
       additional_tags = {
         ExtraTag = "example1"
       }
     }
+    # create launch template
     example2 = {
       create_launch_template = true
       desired_capacity       = 1

diff --git a/examples/launch_templates_with_managed_node_groups/variables.tf b/examples/launch_templates_with_managed_node_groups/variables.tf
@@ -9,10 +9,3 @@ variable "cluster_version" {
   type        = string
   default     = "1.20"
 }
-
-variable "instance_types" {
-  description = "Instance types"
-  # Smallest recommended, where ~1.1Gb of 2Gb memory is available for the Kubernetes pods after ‘warming up’ Docker, Kubelet, and OS
-  type    = list(string)
-  default = ["t3.small"]
-}
diff --git a/examples/managed_node_groups/README.md b/examples/managed_node_groups/README.md
@@ -1,6 +1,11 @@
 # Managed groups example
 
-This is EKS example managed groups feature.
+This is EKS example using managed groups feature in two different ways:
+
+- Using SPOT instances in node group
+- Using ON_DEMAND instance in node group
+
+See [the official documentation](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) for more details.
 
 ## Usage
 

diff --git a/examples/secrets_encryption/README.md b/examples/secrets_encryption/README.md
@@ -1,6 +1,8 @@
 # Managed groups example
 
-This is EKS using secrets encryption feature.
+This is EKS using [secrets encryption](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) feature.
+
+See [the official blog](https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/) for more details.
 
 ## Usage
 

diff --git a/examples/secrets_encryption/main.tf b/examples/secrets_encryption/main.tf
@@ -95,10 +95,6 @@ module "eks" {
     },
   ]
 
-  map_roles    = var.map_roles
-  map_users    = var.map_users
-  map_accounts = var.map_accounts
-
   tags = {
     Example    = local.name
     GithubRepo = "terraform-aws-eks"

diff --git a/examples/secrets_encryption/variables.tf b/examples/secrets_encryption/variables.tf
@@ -9,52 +9,3 @@ variable "cluster_version" {
   type        = string
   default     = "1.20"
 }
-
-variable "map_accounts" {
-  description = "Additional AWS account numbers to add to the aws-auth configmap."
-  type        = list(string)
-
-  default = [
-    "777777777777",
-    "888888888888",
-  ]
-}
-
-variable "map_roles" {
-  description = "Additional IAM roles to add to the aws-auth configmap."
-  type = list(object({
-    rolearn  = string
-    username = string
-    groups   = list(string)
-  }))
-
-  default = [
-    {
-      rolearn  = "arn:aws:iam::66666666666:role/role1"
-      username = "role1"
-      groups   = ["system:masters"]
-    },
-  ]
-}
-
-variable "map_users" {
-  description = "Additional IAM users to add to the aws-auth configmap."
-  type = list(object({
-    userarn  = string
-    username = string
-    groups   = list(string)
-  }))
-
-  default = [
-    {
-      userarn  = "arn:aws:iam::66666666666:user/user1"
-      username = "user1"
-      groups   = ["system:masters"]
-    },
-    {
-      userarn  = "arn:aws:iam::66666666666:user/user2"
-      username = "user2"
-      groups   = ["system:masters"]
-    },
-  ]
-}