diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py index 9c58bfc8c..e11d03266 100644 --- a/src/_nebari/stages/infrastructure/__init__.py +++ b/src/_nebari/stages/infrastructure/__init__.py @@ -133,8 +133,6 @@ class AWSInputVars(schema.Base): existing_subnet_ids: Optional[List[str]] = None region: str kubernetes_version: str - ec2_keypair_name: Optional[str] = None - extra_ssl_certificates: Optional[str] = None eks_endpoint_public_access: bool = True eks_endpoint_private_access: bool = False node_groups: List[AWSNodeGroupInputVars] @@ -455,8 +453,6 @@ class AmazonWebServicesProvider(schema.Base): kubernetes_version: str availability_zones: Optional[List[str]] node_groups: Dict[str, AWSNodeGroup] = DEFAULT_AWS_NODE_GROUPS - ec2_keypair_name: Optional[str] = None - extra_ssl_certificates: Optional[str] = None eks_endpoint_public_access: bool = True eks_endpoint_private_access: bool = False existing_subnet_ids: Optional[List[str]] = None @@ -797,8 +793,6 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]): return AWSInputVars( name=self.config.escaped_project_name, environment=self.config.namespace, - ec2_keypair_name=self.config.amazon_web_services.ec2_keypair_name, - extra_ssl_certificates=self.config.amazon_web_services.extra_ssl_certificates, eks_endpoint_public_access=self.config.amazon_web_services.eks_endpoint_public_access, eks_endpoint_private_access=self.config.amazon_web_services.eks_endpoint_private_access, existing_subnet_ids=self.config.amazon_web_services.existing_subnet_ids, diff --git a/src/_nebari/stages/infrastructure/template/aws/main.tf b/src/_nebari/stages/infrastructure/template/aws/main.tf index 434f2ad5e..a687bd569 100644 --- a/src/_nebari/stages/infrastructure/template/aws/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/main.tf @@ -92,8 +92,6 @@ module "kubernetes" { node_groups = var.node_groups - ec2_keypair_name = var.ec2_keypair_name - extra_ssl_certificates = var.extra_ssl_certificates endpoint_public_access = var.eks_endpoint_public_access endpoint_private_access = var.eks_endpoint_private_access public_access_cidrs = var.eks_public_access_cidrs diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index 304c52435..ae6ff54ff 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -21,48 +21,6 @@ resource "aws_eks_cluster" "main" { tags = merge({ Name = var.name }, var.tags) } -resource "aws_launch_template" "main" { - # Invoke launch_template only if var.extra_ssl_certificates is not null - count = var.extra_ssl_certificates == null ? 0 : length(var.node_groups) - - key_name = var.ec2_keypair_name == null ? null : var.ec2_keypair_name - name = var.node_groups[count.index].name - - vpc_security_group_ids = var.cluster_security_groups - - block_device_mappings { - device_name = "/dev/xvda" - - ebs { - volume_size = 50 - volume_type = "gp2" - } - } - ## https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics ## - ## https://stackoverflow.com/questions/68894525/how-to-pass-kubelet-extra-args-to-aws-eks-node-group-created-by-terraform-aws ## - user_data = base64encode(<<-EOF -MIME-Version: 1.0 -Content-Type: multipart/mixed; boundary="//" - ---// -Content-Type: text/x-shellscript; charset="us-ascii" -#!/bin/bash -cat <<-EOT >> /etc/pki/ca-trust/source/anchors/client.pem -${var.extra_ssl_certificates} -EOT -sudo update-ca-trust extract -## If using a Custom AMI, then the following bootstrap cmds and args must be included/modified, -## otherwise, on AWS EKS Node AMI, the /etc/eks/bootstrap.sh cmd is appended automatically -#set -ex -#B64_CLUSTER_CA=${aws_eks_cluster.main.certificate_authority[0].data} -#API_SERVER_URL=${aws_eks_cluster.main.endpoint} -#K8S_CLUSTER_DNS_IP=172.20.0.10 -#/etc/eks/bootstrap.sh ${aws_eks_cluster.main.name} --kubelet-extra-args '--node-labels=eks.amazonaws.com/nodegroup-image=ami-0c7e1dd70292cb6c6,dedicated=${var.node_groups[count.index].name},eks.amazonaws.com/capacityType=ON_DEMAND,eks.amazonaws.com/nodegroup=${var.node_groups[count.index].name} --max-pods=58' --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL --dns-cluster-ip $K8S_CLUSTER_DNS_IP --use-max-pods false - ---//--\ - EOF - ) -} resource "aws_eks_node_group" "main" { count = length(var.node_groups) @@ -72,17 +30,9 @@ resource "aws_eks_node_group" "main" { node_role_arn = aws_iam_role.node-group.arn subnet_ids = var.node_groups[count.index].single_subnet ? [element(var.cluster_subnets, 0)] : var.cluster_subnets - dynamic remote_access { - for_each = var.ec2_keypair_name != null && var.extra_ssl_certificates == null ? [1] : [] - content { - ec2_ssh_key = var.ec2_keypair_name - source_security_group_ids = var.cluster_security_groups - } - } - instance_types = [var.node_groups[count.index].instance_type] ami_type = var.node_groups[count.index].gpu == true ? "AL2_x86_64_GPU" : "AL2_x86_64" - disk_size = var.extra_ssl_certificates == null ? 50 : null + disk_size = 50 scaling_config { min_size = var.node_groups[count.index].min_size @@ -99,15 +49,6 @@ resource "aws_eks_node_group" "main" { scaling_config[0].desired_size, ] } - # Invoke launch_template only if var.extra_ssl_certificates is not null - dynamic "launch_template" { - for_each = var.extra_ssl_certificates == null ? [] : [1] - content { - id = aws_launch_template.main[count.index].id - #version = aws_launch_template.main[count.index].default_version - version = aws_launch_template.main[count.index].latest_version - } - } # Ensure that IAM Role permissions are created before and deleted # after EKS Node Group handling. Otherwise, EKS will not be able to diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf index 2c51eaadd..87f5e7c95 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf @@ -60,18 +60,6 @@ variable "node_group_instance_type" { default = "m5.large" } -variable "ec2_keypair_name" { - description = "Name of AWS Ec2 Key Pair for enabling ssh remote access to EKS nodes" - type = string - default = null -} - -variable "extra_ssl_certificates" { - description = "Text extract of .pem cert file to include in updating ca trust on EKS nodes" - type = string - default = null -} - variable "endpoint_public_access" { type = bool default = true diff --git a/src/_nebari/stages/infrastructure/template/aws/variables.tf b/src/_nebari/stages/infrastructure/template/aws/variables.tf index be54cf22c..278d7dd0e 100644 --- a/src/_nebari/stages/infrastructure/template/aws/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/variables.tf @@ -56,18 +56,6 @@ variable "kubeconfig_filename" { type = string } -variable "ec2_keypair_name" { - description = "Name of AWS Ec2 Key Pair for enabling ssh remote access to EKS nodes" - type = string - default = null -} - -variable "extra_ssl_certificates" { - description = "Text extract of .pem cert file to include in updating ca trust on EKS nodes" - type = string - default = null -} - variable "eks_endpoint_public_access" { type = bool default = true