feat(templates.ekscluster,terraform): add support for var workers_gro…

…up_defaults
sighupio · Feb 11, 2025 · 70364b9 · 70364b9
1 parent 7605b5c
commit 70364b9
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/docs/releases/unreleased.md b/docs/releases/unreleased.md
@@ -20,15 +20,14 @@ The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.i
 
 ## New features 🌟
 
-- TBD
+- [[#353](https://github.com/sighupio/fury-distribution/pull/353)] **Add EKS self-managed node pool default override options for IDMS**: add a variable to override the default properies for EKS self-managed node pools. Currently support only the IDMS ones.
 
 ## Fixes 🐞
 
 - [[#334](https://github.com/sighupio/fury-distribution/pull/334)] **Fix to policy module templates**: setting the policy module type to `gatekeeper` and the `additionalExcludedNamespaces` option for Kyverno at the same time resulted in an error do to an bug in the templates logic, this has been fixed.
 - [[#336](https://github.com/sighupio/fury-distribution/pull/336)] **Fix race condition when deleting Kyverno**: changing the policy module type from `kyverno` to `none` could, sometimes, end up in a race condition where the API for ClusterPolicy CRD is unregistered before the deletion of the ClusterPolicy objects, resulting in an error in the deletion command execution. The deletion command has been tweaked to avoid this condition.
 - [[#344](https://github.com/sighupio/fury-distribution/pull/344)] **Fix Cidr Block additional firewall rule in EKS Cluster**: remove the limitation to have a single CIDR Block additional firewall rule as the EKS installer supports a list.
 - [[#348](https://github.com/sighupio/fury-distribution/pull/348)] **Fix `Get previous cluster configuration` failure on first apply**: fixed an issue on `furyctl apply` for on-premises clusters that made it fail with an `ansible-playbook create-playbook.yaml: command failed - exit status 2` error on the very first time it was executed.
-- [[#353](https://github.com/sighupio/fury-distribution/pull/353)] **Add EKS self-managed node pool default override options for IDMS**: add a variable to override the default properies for EKS self-managed node pools. Currently support only the IDMS ones. 
 ## Upgrade procedure
 
 Check the [upgrade docs](https://docs.kubernetesfury.com/docs/installation/upgrades) for the detailed procedure.
diff --git a/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl b/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl
@@ -87,6 +87,20 @@ cluster_iam_role_name_prefix_override = {{ .spec.kubernetes.clusterIAMRoleNamePr
 workers_iam_role_name_prefix_override = {{ .spec.kubernetes.workersIAMRoleNamePrefixOverride | quote }}
 {{- end }}
 
+{{- if hasKeyAny .spec.kubernetes "nodePoolsCommon" }}
+workers_group_defaults = {
+  {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpEndpoint" }}
+    metadata_http_endpoint = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpEndpoint | quote }}
+  {{- end}}
+  {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpTokens" }}
+    metadata_http_tokens = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpTokens | quote }}
+  {{- end}}
+  {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpPutResponseHopLimit" }}
+    metadata_http_put_response_hop_limit = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpPutResponseHopLimit }}
+  {{- end}}
+}
+{{- end }}
+
 {{- if gt (len .spec.kubernetes.nodePools) 0 }}
     {{- $nodePools := list }}
 

diff --git a/templates/kubernetes/ekscluster/terraform/main.tf.tpl b/templates/kubernetes/ekscluster/terraform/main.tf.tpl
@@ -66,6 +66,7 @@ module "fury" {
   tags                                  = var.tags
   cluster_iam_role_name                 = var.cluster_iam_role_name_prefix_override
   workers_role_name                     = var.workers_iam_role_name_prefix_override
+  workers_group_defaults                = var.workers_group_defaults
 
   # AWS-specific variables.
   # Enables managing auth using these variables

diff --git a/templates/kubernetes/ekscluster/terraform/variables.tf b/templates/kubernetes/ekscluster/terraform/variables.tf
@@ -230,4 +230,14 @@ variable "node_pools_global_ami_type" {
     condition     = contains(["alinux2", "alinux2023"], var.node_pools_global_ami_type)
     error_message = "The global AMI type must be either 'alinux2' or 'alinux2023'."
   }
-}
+}
+
+variable "workers_group_defaults" {
+  type = any
+
+  default = {
+    metadata_http_endpoint               = "enabled"
+    metadata_http_tokens                 = "optional"
+    metadata_http_put_response_hop_limit = null
+  }
+}