Merge pull request #8 from truefoundry/eks-api-configmap

Added support for EKS API and configmap
truefoundry · Jul 2, 2024 · ddfd5ce · ddfd5ce
2 parents 84248a4 + 06f49d6
commit ddfd5ce
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ Truefoundry EKS Module
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.17.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.56.1 |
 
 ## Providers
 
@@ -17,7 +17,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aws-eks-kubernetes-cluster"></a> [aws-eks-kubernetes-cluster](#module\_aws-eks-kubernetes-cluster) | terraform-aws-modules/eks/aws | v19.17.2 |
+| <a name="module_aws-eks-kubernetes-cluster"></a> [aws-eks-kubernetes-cluster](#module\_aws-eks-kubernetes-cluster) | terraform-aws-modules/eks/aws | v20.15.0 |
 
 ## Resources
 
@@ -28,7 +28,9 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days | `number` | `90` | no |
+| <a name="input_cluster_access_entries"></a> [cluster\_access\_entries](#input\_cluster\_access\_entries) | value of the access entries for the EKS cluster | `any` | `{}` | no |
 | <a name="input_cluster_additional_security_group_ids"></a> [cluster\_additional\_security\_group\_ids](#input\_cluster\_additional\_security\_group\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no |
+| <a name="input_cluster_authentication_mode"></a> [cluster\_authentication\_mode](#input\_cluster\_authentication\_mode) | value of the authentication mode for the EKS cluster | `string` | `"API_AND_CONFIG_MAP"` | no |
 | <a name="input_cluster_enabled_log_types"></a> [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | <pre>[<br>  "audit",<br>  "api",<br>  "authenticator"<br>]</pre> | no |
 | <a name="input_cluster_endpoint_private_access"></a> [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Indicates whether or not the Amazon EKS private API server endpoint is enabled | `bool` | `true` | no |
 | <a name="input_cluster_endpoint_public_access"></a> [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Indicates whether or not the Amazon EKS public API server endpoint is enabled | `bool` | `true` | no |
@@ -58,7 +60,7 @@ No resources.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_aws_auth_configmap_yaml"></a> [aws\_auth\_configmap\_yaml](#output\_aws\_auth\_configmap\_yaml) | Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles |
+| <a name="output_aws_access_entries"></a> [aws\_access\_entries](#output\_aws\_access\_entries) | Access entries for the EKS cluster security group |
 | <a name="output_cloudwatch_log_group_arn"></a> [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
 | <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_cluster_addons"></a> [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled |

diff --git a/eks.tf b/eks.tf
@@ -4,7 +4,7 @@
 
 module "aws-eks-kubernetes-cluster" {
   source                                = "terraform-aws-modules/eks/aws"
-  version                               = "v19.17.2"
+  version                               = "v20.15.0"
   cluster_name                          = var.cluster_name
   cluster_version                       = var.cluster_version
   cluster_enabled_log_types             = var.cluster_enabled_log_types
@@ -25,9 +25,12 @@ module "aws-eks-kubernetes-cluster" {
   eks_managed_node_group_defaults        = var.eks_managed_node_group_defaults
   eks_managed_node_groups                = var.eks_managed_node_groups
 
-  cluster_security_group_additional_rules = merge(local.cluster_security_group_additional_rules, var.cluster_security_group_additional_rules)
-  node_security_group_additional_rules    = merge(local.node_security_group_additional_rules, var.node_security_group_additional_rules)
-  node_security_group_tags                = var.node_security_group_tags
+  cluster_security_group_additional_rules  = merge(local.cluster_security_group_additional_rules, var.cluster_security_group_additional_rules)
+  node_security_group_additional_rules     = merge(local.node_security_group_additional_rules, var.node_security_group_additional_rules)
+  node_security_group_tags                 = var.node_security_group_tags
+  enable_cluster_creator_admin_permissions = true
+  authentication_mode                      = var.cluster_authentication_mode
+  access_entries                           = var.cluster_access_entries
   fargate_profiles = var.karpenter_fargate_profile_enabled ? {
     karpenter = {
       create       = true

diff --git a/output.tf b/output.tf
@@ -169,7 +169,7 @@ output "self_managed_node_groups" {
 # Additional
 ################################################################################
 
-output "aws_auth_configmap_yaml" {
-  description = "Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles"
-  value       = module.aws-eks-kubernetes-cluster.aws_auth_configmap_yaml
+output "aws_access_entries" {
+  description = "Access entries for the EKS cluster security group"
+  value       = module.aws-eks-kubernetes-cluster.access_entries
 }
diff --git a/variables.tf b/variables.tf
@@ -51,6 +51,17 @@ variable "cluster_version" {
   default     = "1.30"
 }
 
+variable "cluster_authentication_mode" {
+  description = "value of the authentication mode for the EKS cluster"
+  type        = string
+  default     = "API_AND_CONFIG_MAP"
+}
+
+variable "cluster_access_entries" {
+  description = "value of the access entries for the EKS cluster"
+  type        = any
+  default     = {}
+}
 ################################################################################
 # CloudWatch Log Group
 ################################################################################

diff --git a/versions.tf b/versions.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.17.0"
+      version = "5.56.1"
     }
   }
 }