github cloudposse/terraform-aws-eks-node-group 0.12.0-rc1
v0.12.0-rc1
on GitHub

latest releases: 2.12.0, v2, 2.11.0...
pre-release3 years ago

Warning

This release is known to have issues when adding or removing SSH access while using features requiring a Launch Template. Issues include:

  • Unable to make changes due to detected dependency cycle. This appears to be more than a pair of bugs in Terraform.
  • Unable to destroy security group created for SSH access when it is no longer needed, because it is still in use. It appears EKS has the same problem with deleting managed node groups. This module attempted a fix for this issue but it could not be tested because of the above mentioned dependency cycle issue.

breaking changes

Previously, setting enable_cluster_autoscaler = true turned on tagging sufficient for the Kubernetes Cluster Autoscaler to discover and manage the node group, and also added a policy to the node group worker role that allowed the workers to perform the autoscaling function. Since pods by default use the EC2 instance role, which in EKS node groups is the node group worker role, this allowed the Kubernetes Cluster Autoscaler to work from any node, but also allowed any rogue pod to perform autoscaling actions.

With this release, enable_cluster_autoscaler is deprecated and its functions are replaced with 2 new variables:

  • cluster_autoscaler_enabled, when true, causes this module to perform the labeling and tagging needed for the Kubernetes Cluster Autoscaler to discover and manage the node group
  • worker_role_autoscale_iam_enabled, when true, causes this module to add the IAM policy to the worker IAM role to enable the workers (and by default, any pods running on the workers) to perform autoscaling operations

Going forward, we recommend not using enable_cluster_autoscaler (it will eventually be removed) and leaving worker_role_autoscale_iam_enabled at its default value of false. If you want to use the Kubernetes Cluster Autoscaler, set cluster_autoscaler_enabled = true and use EKS IAM roles for service accounts to give the Cluster Autoscaler service account IAM permissions to perform autoscaling operations. Our Terraform module terraform-aws-eks-iam-role is available to help with this.

Refactor for clarity @Nuru (#33)

what

  • Refactor, separating out launch template and IAM parts
  • Rename some things for clarity and consistency
  • Refine random_pet keepers
  • Disable by default the permission for workers to perform autoscaling operations

why

  • main.tf was too complex
  • Cloud Posse standard is for feature selection booleans to be named with _enabled at the end
  • Change in any keepers will cause the node group to be replaced
  • Workers should not be performing autoscaling operations, those should be done only by a specific service account

references

Check out latest releases or
releases around cloudposse/terraform-aws-eks-node-group 0.12.0-rc1

Don't miss a new terraform-aws-eks-node-group release

NewReleases is sending notifications on new releases.

Get notifications