From f43e99d0928585b37d8f167049937b6a1a5dd9f9 Mon Sep 17 00:00:00 2001 From: cookersjs Date: Wed, 8 Oct 2025 11:56:33 -0700 Subject: [PATCH] Add addons and new security_group_additional_rule for ingress_nodes_443 --- aws/eks.tf | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/aws/eks.tf b/aws/eks.tf index 1ed0be2..8709637 100644 --- a/aws/eks.tf +++ b/aws/eks.tf @@ -66,6 +66,7 @@ module "eks" { enable_cluster_creator_admin_permissions = true enable_irsa = true # Outputs oidc_provider_arn + security_group_additional_rules = { ingress_nodes_ephemeral_ports_tcp = { description = "Nodes on ephemeral ports" @@ -75,6 +76,14 @@ module "eks" { type = "ingress" source_node_security_group = true } + ingress_nodes_443 = { + description = "Nodes to cluster API" + protocol = "tcp" + from_port = 443 + to_port = 443 + type = "ingress" + source_node_security_group = true + } } # Node security group node_security_group_additional_rules = { @@ -89,6 +98,18 @@ module "eks" { } enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + addons = { + vpc-cni = { + most_recent = true + } + coredns = { + most_recent = true + } + kube-proxy = { + most_recent = true + } + } + eks_managed_node_groups = { services = { name = "services" @@ -100,6 +121,7 @@ module "eks" { subnet_ids = module.vpc.private_subnets iam_role_attach_cni_policy = true + use_custom_launch_template = false cloudinit_pre_nodeadm = [ { @@ -118,11 +140,8 @@ module "eks" { ] labels = { WorkClass = "service" - "node.kubernetes.io/lifecycle" = "spot" } - #bootstrap_extra_args = "--kubelet-extra-args '--node-labels=WorkClass=compute,node.kubernetes.io/lifecycle=spot'" # https://github.com/awslabs/amazon-eks-ami/blob/07dd954f09084c46d8c570f010c529ea1ad48027/files/bootstrap.sh#L25 - tags = { "k8s.io/cluster-autoscaler/enabled" = "true" "k8s.io/cluster-autoscaler/${var.cluster_name}${local.name_suffix}" = "true"