diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..723ef36 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea \ No newline at end of file diff --git a/eks/data.tf b/eks/data.tf index 1047b0c..c3c0efd 100644 --- a/eks/data.tf +++ b/eks/data.tf @@ -4,21 +4,11 @@ # ############################################################### -# Get the default VPC details data "aws_vpc" "default_vpc" { default = true } -# Get Public IP of your broadband account. This allows us to lock down SSH access -# into the environment from anyone other than yourself, by inserting your public -# IP to a security group ingress rule. -# Try this URL in your browser! -data "http" "cloudshell_ip" { - url = "https://checkip.amazonaws.com/" -} - -# Get the subnets to use for the cluster ti bind to and the autoscaling group -# to place nodes in. +# Get the subnets to use for the cluster and autoscaling group data "aws_subnets" "public" { filter { name = "vpc-id" @@ -27,14 +17,12 @@ data "aws_subnets" "public" { filter { name = "availability-zone" values = [ - "${var.aws_region}a", - "${var.aws_region}b", - "${var.aws_region}c" + "${var.aws_region}c", + "${var.aws_region}d" ] } } -# Get AMI ID for latest recommended Amazon Linux 2 image data "aws_ssm_parameter" "node_ami" { name = "/aws/service/eks/optimized-ami/1.29/amazon-linux-2/recommended/image_id" } diff --git a/eks/eks.tf b/eks/eks.tf index a3d7aa7..636bcdf 100644 --- a/eks/eks.tf +++ b/eks/eks.tf @@ -28,7 +28,6 @@ resource "aws_iam_role_policy_attachment" "demo_eks_AmazonEKSClusterPolicy" { } # Optionally, enable Security Groups for Pods -# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html resource "aws_iam_role_policy_attachment" "demo_eks_AmazonEKSVPCResourceController" { policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" role = aws_iam_role.demo_eks.name @@ -41,13 +40,10 @@ resource "aws_eks_cluster" "demo_eks" { vpc_config { subnet_ids = [ data.aws_subnets.public.ids[0], - data.aws_subnets.public.ids[1], - data.aws_subnets.public.ids[2] + data.aws_subnets.public.ids[1] ] } - # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling. - # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups. depends_on = [ aws_iam_role_policy_attachment.demo_eks_AmazonEKSClusterPolicy, aws_iam_role_policy_attachment.demo_eks_AmazonEKSVPCResourceController, diff --git a/eks/nodes.tf b/eks/nodes.tf index 5227d35..045360d 100644 --- a/eks/nodes.tf +++ b/eks/nodes.tf @@ -200,12 +200,11 @@ resource "aws_launch_template" "node_launch_template" { ) } - # Wait for LT to settle, or CloudFormation may fail resource "time_sleep" "wait_30_seconds" { depends_on = [ aws_launch_template.node_launch_template - ] + ] create_duration = "30s" } @@ -223,7 +222,7 @@ Resources: NodeGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: - VPCZoneIdentifier: ["${data.aws_subnets.public.ids[0]}","${data.aws_subnets.public.ids[1]}", "${data.aws_subnets.public.ids[2]}"] + VPCZoneIdentifier: ["${data.aws_subnets.public.ids[0]}","${data.aws_subnets.public.ids[1]}"] MinSize: "${var.node_group_min_size}" MaxSize: "${var.node_group_max_size}" DesiredCapacity: "${var.node_group_desired_capacity}" @@ -232,7 +231,6 @@ Resources: LaunchTemplateId: "${aws_launch_template.node_launch_template.id}" Version: "${aws_launch_template.node_launch_template.latest_version}" UpdatePolicy: - # Ignore differences in group size properties caused by scheduled actions AutoScalingScheduledAction: IgnoreUnmodifiedGroupSizeProperties: true AutoScalingRollingUpdate: