Revert to commit 13a29f4

MetroStar · Jul 26, 2024 · 8957c99 · 8957c99
1 parent 5ebb28e
commit 8957c99
Show file tree

Hide file tree

Showing 5 changed files with 1 addition and 92 deletions.
diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py
@@ -133,8 +133,6 @@ class AWSInputVars(schema.Base):
     existing_subnet_ids: Optional[List[str]] = None
     region: str
     kubernetes_version: str
-    ec2_keypair_name: Optional[str] = None
-    extra_ssl_certificates: Optional[str] = None
     eks_endpoint_public_access: bool = True
     eks_endpoint_private_access: bool = False
     node_groups: List[AWSNodeGroupInputVars]
@@ -455,8 +453,6 @@ class AmazonWebServicesProvider(schema.Base):
     kubernetes_version: str
     availability_zones: Optional[List[str]]
     node_groups: Dict[str, AWSNodeGroup] = DEFAULT_AWS_NODE_GROUPS
-    ec2_keypair_name: Optional[str] = None
-    extra_ssl_certificates: Optional[str] = None
     eks_endpoint_public_access: bool = True
     eks_endpoint_private_access: bool = False
     existing_subnet_ids: Optional[List[str]] = None
@@ -797,8 +793,6 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
             return AWSInputVars(
                 name=self.config.escaped_project_name,
                 environment=self.config.namespace,
-                ec2_keypair_name=self.config.amazon_web_services.ec2_keypair_name,                
-                extra_ssl_certificates=self.config.amazon_web_services.extra_ssl_certificates,
                 eks_endpoint_public_access=self.config.amazon_web_services.eks_endpoint_public_access,
                 eks_endpoint_private_access=self.config.amazon_web_services.eks_endpoint_private_access,
                 existing_subnet_ids=self.config.amazon_web_services.existing_subnet_ids,

diff --git a/src/_nebari/stages/infrastructure/template/aws/main.tf b/src/_nebari/stages/infrastructure/template/aws/main.tf
@@ -92,8 +92,6 @@ module "kubernetes" {
 
   node_groups = var.node_groups
 
-  ec2_keypair_name        = var.ec2_keypair_name
-  extra_ssl_certificates  = var.extra_ssl_certificates
   endpoint_public_access  = var.eks_endpoint_public_access
   endpoint_private_access = var.eks_endpoint_private_access
   public_access_cidrs     = var.eks_public_access_cidrs

diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf
@@ -21,48 +21,6 @@ resource "aws_eks_cluster" "main" {
   tags = merge({ Name = var.name }, var.tags)
 }
 
-resource "aws_launch_template" "main" {
-  # Invoke launch_template only if var.extra_ssl_certificates is not null
-  count = var.extra_ssl_certificates == null ? 0 : length(var.node_groups)
-
-  key_name  = var.ec2_keypair_name == null ? null : var.ec2_keypair_name
-  name      = var.node_groups[count.index].name
-
-  vpc_security_group_ids = var.cluster_security_groups
-
-  block_device_mappings {
-    device_name = "/dev/xvda"
-
-    ebs {
-      volume_size = 50
-      volume_type = "gp2"
-    }
-  }
-  ## https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics ##
-  ## https://stackoverflow.com/questions/68894525/how-to-pass-kubelet-extra-args-to-aws-eks-node-group-created-by-terraform-aws ##
-  user_data                     = base64encode(<<-EOF
-MIME-Version: 1.0
-Content-Type: multipart/mixed; boundary="//"
-
---//
-Content-Type: text/x-shellscript; charset="us-ascii"
-#!/bin/bash
-cat <<-EOT >> /etc/pki/ca-trust/source/anchors/client.pem
-${var.extra_ssl_certificates}
-EOT
-sudo update-ca-trust extract
-## If using a Custom AMI, then the following bootstrap cmds and args must be included/modified,
-## otherwise, on AWS EKS Node AMI, the /etc/eks/bootstrap.sh cmd is appended automatically
-#set -ex
-#B64_CLUSTER_CA=${aws_eks_cluster.main.certificate_authority[0].data}
-#API_SERVER_URL=${aws_eks_cluster.main.endpoint}
-#K8S_CLUSTER_DNS_IP=172.20.0.10
-#/etc/eks/bootstrap.sh ${aws_eks_cluster.main.name} --kubelet-extra-args '--node-labels=eks.amazonaws.com/nodegroup-image=ami-0c7e1dd70292cb6c6,dedicated=${var.node_groups[count.index].name},eks.amazonaws.com/capacityType=ON_DEMAND,eks.amazonaws.com/nodegroup=${var.node_groups[count.index].name} --max-pods=58' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL --dns-cluster-ip $K8S_CLUSTER_DNS_IP --use-max-pods false
-
---//--\
-  EOF
-  )
-}
 
 resource "aws_eks_node_group" "main" {
   count = length(var.node_groups)
@@ -72,17 +30,9 @@ resource "aws_eks_node_group" "main" {
   node_role_arn   = aws_iam_role.node-group.arn
   subnet_ids      = var.node_groups[count.index].single_subnet ? [element(var.cluster_subnets, 0)] : var.cluster_subnets
 
-  dynamic remote_access {
-    for_each = var.ec2_keypair_name != null && var.extra_ssl_certificates == null ? [1] : []
-    content {
-      ec2_ssh_key = var.ec2_keypair_name
-      source_security_group_ids = var.cluster_security_groups
-    }
-  }
-
   instance_types = [var.node_groups[count.index].instance_type]
   ami_type       = var.node_groups[count.index].gpu == true ? "AL2_x86_64_GPU" : "AL2_x86_64"
-  disk_size      = var.extra_ssl_certificates == null ? 50 : null
+  disk_size      = 50
 
   scaling_config {
     min_size     = var.node_groups[count.index].min_size
@@ -99,15 +49,6 @@ resource "aws_eks_node_group" "main" {
       scaling_config[0].desired_size,
     ]
   }
-  # Invoke launch_template only if var.extra_ssl_certificates is not null
-  dynamic "launch_template" {
-    for_each = var.extra_ssl_certificates == null ? [] : [1]
-    content {
-      id = aws_launch_template.main[count.index].id
-      #version = aws_launch_template.main[count.index].default_version
-      version = aws_launch_template.main[count.index].latest_version
-    }
-  }
 
   # Ensure that IAM Role permissions are created before and deleted
   # after EKS Node Group handling.  Otherwise, EKS will not be able to

diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf
@@ -60,18 +60,6 @@ variable "node_group_instance_type" {
   default     = "m5.large"
 }
 
-variable "ec2_keypair_name" {
-  description = "Name of AWS Ec2 Key Pair for enabling ssh remote access to EKS nodes"
-  type        = string
-  default     = null
-}
-
-variable "extra_ssl_certificates" {
-  description = "Text extract of .pem cert file to include in updating ca trust on EKS nodes"
-  type        = string
-  default     = null
-}
-
 variable "endpoint_public_access" {
   type    = bool
   default = true

diff --git a/src/_nebari/stages/infrastructure/template/aws/variables.tf b/src/_nebari/stages/infrastructure/template/aws/variables.tf
@@ -56,18 +56,6 @@ variable "kubeconfig_filename" {
   type        = string
 }
 
-variable "ec2_keypair_name" {
-  description = "Name of AWS Ec2 Key Pair for enabling ssh remote access to EKS nodes"
-  type        = string
-  default     = null
-}
-
-variable "extra_ssl_certificates" {
-  description = "Text extract of .pem cert file to include in updating ca trust on EKS nodes"
-  type        = string
-  default     = null
-}
-
 variable "eks_endpoint_public_access" {
   type    = bool
   default = true