Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix policy #88

Merged
merged 11 commits into from
Jul 17, 2024
3 changes: 1 addition & 2 deletions modules/eks-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,8 @@ module "eks_cluster" {
| [aws_kms_key.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_security_group_rule.cluster_api_to_nodes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [kubernetes_storage_class_v1.ebs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class_v1) | resource |
| [time_sleep.eks_cluster_warmup](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [aws_eks_cluster_auth.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs

Expand Down
55 changes: 27 additions & 28 deletions modules/eks-cluster/cluster.tf
Original file line number Diff line number Diff line change
@@ -1,33 +1,5 @@
/*
The following 2 data resources are used get around the fact that we have to wait
for the EKS cluster to be initialised before we can attempt to authenticate.
*/

data "aws_eks_cluster" "eks" {
name = module.eks.cluster_name

# depend on something of the eks module but nothing that would ever change
# workaround to only pull data on a later stage during initial creation
depends_on = [
module.eks.cluster_name
]
}

data "aws_eks_cluster_auth" "eks" {
name = module.eks.cluster_name

# depend on something of the eks module but nothing that would ever change
# workaround to only pull data on a later stage during initial creation
depends_on = [
module.eks.cluster_name
]
}

provider "kubernetes" {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.eks.token
}

# https://github.com/terraform-aws-modules/terraform-aws-eks
module "eks" {
Expand Down Expand Up @@ -153,6 +125,29 @@ module "eks" {
enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
}

# propagation of the IAM can take some time on a freshly created cluster
resource "time_sleep" "eks_cluster_warmup" {
create_duration = "30s"

triggers = {
cluster_name = module.eks.cluster_name
}

depends_on = [module.eks]
}

provider "kubernetes" {
host = module.eks.cluster_endpoint
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)

exec {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
# This requires the awscli to be installed locally where Terraform is executed
args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
}
}

# gp3 storage class
resource "kubernetes_storage_class_v1" "ebs_sc" {
metadata {
Expand All @@ -167,4 +162,8 @@ resource "kubernetes_storage_class_v1" "ebs_sc" {
type = "gp3" # starting eks 1.30, gp3 is the default
}
volume_binding_mode = "WaitForFirstConsumer"

depends_on = [
time_sleep.eks_cluster_warmup
]
}
Loading