chore: Add better examples for self-managed node groups

README.md

@@ -43,15 +43,10 @@ module "eks" {
   cluster_endpoint_public_access  = true
 
   cluster_addons = {
-    coredns = {
-      most_recent = true
-    }
-    kube-proxy = {
-      most_recent = true
-    }
-    vpc-cni = {
-      most_recent = true
-    }
+    coredns                = {}
+    eks-pod-identity-agent = {}
+    kube-proxy             = {}
+    vpc-cni                = {}
   }
 
   vpc_id                   = "vpc-1234556abcdef"
@@ -65,14 +60,13 @@ module "eks" {
 
   eks_managed_node_groups = {
     example = {
-      # Starting on 1.30, AL2023 is default OS for EKS managed node group
-      ami_type = "AL2023_x86_64_STANDARD"
+      # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
+      ami_type       = "AL2023_x86_64_STANDARD"
+      instance_types = ["m5.xlarge"]
 
       min_size     = 2
       max_size     = 10
       desired_size = 2
-
-      instance_types = ["m5.xlarge"]
     }
   }
 

examples/eks-managed-node-group/README.md

@@ -1,9 +1,11 @@
 # EKS Managed Node Group Examples
 
-Configuration in this directory creates an AWS EKS cluster with various EKS Managed Node Groups demonstrating the various configurations:
+Configuration in this directory creates Amazon EKS clusters with EKS Managed Node Groups demonstrating different configurations:
 
 - `eks-al2.tf` demonstrates an EKS cluster using EKS managed node group that utilizes the EKS Amazon Linux 2 optimized AMI
 - `eks-al2023.tf` demonstrates an EKS cluster using EKS managed node group that utilizes the EKS Amazon Linux 2023 optimized AMI
 - `eks-bottlerocket.tf` demonstrates an EKS cluster using EKS managed node group that utilizes the Bottlerocket EKS optimized AMI
 
-See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) for further details.
+See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) for additional details on Amazon EKS managed node groups.
+
+The different cluster configuration examples provided are separated per file and independent of the other cluster configurations.

examples/eks-managed-node-group/eks-al2.tf

@@ -1,8 +1,8 @@
-module "eks_bottlerocket" {
+module "eks_al2" {
   source  = "terraform-aws-modules/eks/aws"
   version = "~> 20.0"
 
-  cluster_name    = "${local.name}-bottlerocket"
+  cluster_name    = "${local.name}-al2"
   cluster_version = "1.30"
 
   # EKS Addons
@@ -18,12 +18,14 @@ module "eks_bottlerocket" {
 
   eks_managed_node_groups = {
     example = {
-      # Starting on 1.30, AL2023_x86_64_STANDARD is the default for EKS managed node group
+      # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
       ami_type       = "AL2_x86_64"
       instance_types = ["m6i.large"]
 
-      min_size     = 2
-      max_size     = 5
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
       desired_size = 2
     }
   }

examples/eks-managed-node-group/eks-al2023.tf

@@ -18,14 +18,17 @@ module "eks_al2023" {
 
   eks_managed_node_groups = {
     example = {
-      # Starting on 1.30, AL2023_x86_64_STANDARD is the default for EKS managed node group
+      # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
       instance_types = ["m6i.large"]
 
-      min_size     = 2
-      max_size     = 5
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
       desired_size = 2
 
       # This is not required - demonstrates how to pass additional configuration to nodeadm
+      # Ref https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
       cloudinit_pre_nodeadm = [
         {
           content_type = "application/node.eks.aws"

examples/eks-managed-node-group/eks-bottlerocket.tf

@@ -1,4 +1,4 @@
-module "eks_al2" {
+module "eks_bottlerocket" {
   source  = "terraform-aws-modules/eks/aws"
   version = "~> 20.0"
 
@@ -18,15 +18,17 @@ module "eks_al2" {
 
   eks_managed_node_groups = {
     example = {
-      # Starting on 1.30, AL2023_x86_64_STANDARD is the default for EKS managed node group
       ami_type       = "BOTTLEROCKET_x86_64"
       instance_types = ["m6i.large"]
 
-      min_size     = 2
-      max_size     = 5
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
       desired_size = 2
 
       # This is not required - demonstrates how to pass additional configuration
+      # Ref https://bottlerocket.dev/en/os/1.19.x/api/settings/
       bootstrap_extra_args = <<-EOT
         # The admin host container provides SSH access and runs with "superpowers".
         # It is disabled by default, but can be disabled explicitly.

examples/eks-managed-node-group/main.tf

@@ -34,17 +34,8 @@ module "vpc" {
   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
   intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
 
-  enable_nat_gateway     = true
-  single_nat_gateway     = true
-  enable_ipv6            = true
-  create_egress_only_igw = true
-
-  public_subnet_ipv6_prefixes                    = [0, 1, 2]
-  public_subnet_assign_ipv6_address_on_creation  = true
-  private_subnet_ipv6_prefixes                   = [3, 4, 5]
-  private_subnet_assign_ipv6_address_on_creation = true
-  intra_subnet_ipv6_prefixes                     = [6, 7, 8]
-  intra_subnet_assign_ipv6_address_on_creation   = true
+  enable_nat_gateway = true
+  single_nat_gateway = true
 
   public_subnet_tags = {
     "kubernetes.io/role/elb" = 1

examples/eks-managed-node-group/outputs.tf

@@ -1 +0,0 @@
-

examples/self-managed-node-group/README.md

@@ -0,0 +1,9 @@
+# Self-managed Node Group Examples
+
+Configuration in this directory creates Amazon EKS clusters with self-managed node groups demonstrating different configurations:
+
+- `eks-al2.tf` demonstrates an EKS cluster using self-managed node group that utilizes the EKS Amazon Linux 2 optimized AMI
+- `eks-al2023.tf` demonstrates an EKS cluster using self-managed node group that utilizes the EKS Amazon Linux 2023 optimized AMI
+- `eks-bottlerocket.tf` demonstrates an EKS cluster using self-managed node group that utilizes the Bottlerocket EKS optimized AMI
+
+The different cluster configuration examples provided are separated per file and independent of the other cluster configurations.

examples/self-managed-node-group/eks-al2.tf

@@ -0,0 +1,33 @@
+module "eks_al2" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 20.0"
+
+  cluster_name    = "${local.name}-al2"
+  cluster_version = "1.30"
+
+  # EKS Addons
+  cluster_addons = {
+    coredns                = {}
+    eks-pod-identity-agent = {}
+    kube-proxy             = {}
+    vpc-cni                = {}
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  self_managed_node_groups = {
+    example = {
+      ami_type       = "AL2_x86_64"
+      instance_type = "m6i.large"
+
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
+      desired_size = 2
+    }
+  }
+
+  tags = local.tags
+}

examples/self-managed-node-group/eks-al2023.tf

@@ -0,0 +1,52 @@
+module "eks_al2023" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 20.0"
+
+  cluster_name    = "${local.name}-al2023"
+  cluster_version = "1.30"
+
+  # EKS Addons
+  cluster_addons = {
+    coredns                = {}
+    eks-pod-identity-agent = {}
+    kube-proxy             = {}
+    vpc-cni                = {}
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  self_managed_node_groups = {
+    example = {
+      ami_type = "AL2023_x86_64_STANDARD"
+      instance_type = "m6i.large"
+
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
+      desired_size = 2
+
+      # This is not required - demonstrates how to pass additional configuration to nodeadm
+      # Ref https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
+      cloudinit_pre_nodeadm = [
+        {
+          content_type = "application/node.eks.aws"
+          content      = <<-EOT
+            ---
+            apiVersion: node.eks.aws/v1alpha1
+            kind: NodeConfig
+            spec:
+              kubelet:
+                config:
+                  shutdownGracePeriod: 30s
+                  featureGates:
+                    DisableKubeletCloudCredentialProviders: true
+          EOT
+        }
+      ]
+    }
+  }
+
+  tags = local.tags
+}

examples/self-managed-node-group/eks-bottlerocket.tf

@@ -0,0 +1,52 @@
+module "eks_bottlerocket" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 20.0"
+
+  cluster_name    = "${local.name}-bottlerocket"
+  cluster_version = "1.30"
+
+  # EKS Addons
+  cluster_addons = {
+    coredns                = {}
+    eks-pod-identity-agent = {}
+    kube-proxy             = {}
+    vpc-cni                = {}
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  self_managed_node_groups = {
+    example = {
+      ami_type       = "BOTTLEROCKET_x86_64"
+      instance_type = "m6i.large"
+
+      min_size = 2
+      max_size = 5
+      # This value is ignored after the initial creation
+      # https://github.com/bryantbiggs/eks-desired-size-hack
+      desired_size = 2
+
+      # This is not required - demonstrates how to pass additional configuration
+      # Ref https://bottlerocket.dev/en/os/1.19.x/api/settings/
+      bootstrap_extra_args = <<-EOT
+        # The admin host container provides SSH access and runs with "superpowers".
+        # It is disabled by default, but can be disabled explicitly.
+        [settings.host-containers.admin]
+        enabled = false
+
+        # The control host container provides out-of-band access via SSM.
+        # It is enabled by default, and can be disabled if you do not expect to use SSM.
+        # This could leave you with no way to access the API and change settings on an existing node!
+        [settings.host-containers.control]
+        enabled = true
+
+        # extra args added
+        [settings.kernel]
+        lockdown = "integrity"
+      EOT
+    }
+  }
+
+  tags = local.tags
+}

examples/self-managed-node-group/main.tf

@@ -0,0 +1,49 @@
+provider "aws" {
+  region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  name   = "ex-self-mng"
+  region = "eu-west-1"
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}
+
+################################################################################
+# VPC
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  public_subnet_tags = {
+    "kubernetes.io/role/elb" = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/role/internal-elb" = 1
+  }
+
+  tags = local.tags
+}

examples/self-managed-node-group/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3.2"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.40"
+    }
+  }
+}