From 76ed9970aa471111c11a4fc4feafcd43f49acdc6 Mon Sep 17 00:00:00 2001
From: sergeyrudenko111 <81235401+sergeyrudenko111@users.noreply.github.com>
Date: Sat, 24 Aug 2024 02:04:23 +0200
Subject: [PATCH] feat: Add support bootstrap_self_managed_addons (#236)
* feat: Add support bootstrap_self_managed_addons
* feat: adjust variable to naming convention
* feat: change variable name
---
README.md | 1 +
docs/terraform.md | 2 ++
examples/complete/main.tf | 5 +++--
examples/complete/variables.tf | 6 ++++++
main.tf | 13 +++++++------
variables.tf | 6 ++++++
6 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index 688b8ae..b061a2b 100644
--- a/README.md
+++ b/README.md
@@ -411,6 +411,7 @@ Available targets:
| [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the cluster. | `list(string)` | `[]` | no |
| [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the cluster with.
These security groups will not be modified. | `list(string)` | `[]` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
+| [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled) | Manages bootstrap of default networking addons after cluster has been created | `bool` | `null` | no |
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
| [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | [
"cluster"
]
| no |
diff --git a/docs/terraform.md b/docs/terraform.md
index cb81262..b350b64 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -66,6 +66,8 @@
| [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the cluster. | `list(string)` | `[]` | no |
| [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the cluster with.
These security groups will not be modified. | `list(string)` | `[]` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
+| [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled) | Manages bootstrap of default networking addons after cluster has been created | `bool` | `null` | no |
+| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
| [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | [
"cluster"
]
| no |
| [cluster\_depends\_on](#input\_cluster\_depends\_on) | If provided, the EKS will depend on this object, and therefore not be created until this object is finalized.
This is useful if you want to ensure that the cluster is not created before some other condition is met, e.g. VPNs into the subnet are created. | `any` | `null` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index ba6003a..0dd8dd4 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -110,8 +110,9 @@ module "eks_cluster" {
cluster_encryption_config_kms_key_policy = var.cluster_encryption_config_kms_key_policy
cluster_encryption_config_resources = var.cluster_encryption_config_resources
- addons = local.addons
- addons_depends_on = [module.eks_node_group]
+ addons = local.addons
+ addons_depends_on = [module.eks_node_group]
+ bootstrap_self_managed_addons_enabled = var.bootstrap_self_managed_addons_enabled
access_entry_map = local.access_entry_map
access_config = {
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index c1b338b..50f5d26 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -109,6 +109,12 @@ variable "addons" {
description = "Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources."
}
+variable "bootstrap_self_managed_addons_enabled" {
+ description = "Manages bootstrap of default networking addons after cluster has been created"
+ type = bool
+ default = null
+}
+
variable "private_ipv6_enabled" {
type = bool
default = false
diff --git a/main.tf b/main.tf
index 8ab0876..b4c7c98 100644
--- a/main.tf
+++ b/main.tf
@@ -56,12 +56,13 @@ resource "aws_kms_alias" "cluster" {
resource "aws_eks_cluster" "default" {
#bridgecrew:skip=BC_AWS_KUBERNETES_1:Allow permissive security group for public access, difficult to restrict without a VPN
#bridgecrew:skip=BC_AWS_KUBERNETES_4:Let user decide on control plane logging, not necessary in non-production environments
- count = local.enabled ? 1 : 0
- name = module.label.id
- tags = module.label.tags
- role_arn = local.eks_service_role_arn
- version = var.kubernetes_version
- enabled_cluster_log_types = var.enabled_cluster_log_types
+ count = local.enabled ? 1 : 0
+ name = module.label.id
+ tags = module.label.tags
+ role_arn = local.eks_service_role_arn
+ version = var.kubernetes_version
+ enabled_cluster_log_types = var.enabled_cluster_log_types
+ bootstrap_self_managed_addons = var.bootstrap_self_managed_addons_enabled
access_config {
authentication_mode = var.access_config.authentication_mode
diff --git a/variables.tf b/variables.tf
index 1e0ab63..ff03da6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -197,6 +197,12 @@ variable "addons_depends_on" {
default = null
}
+variable "bootstrap_self_managed_addons_enabled" {
+ description = "Manages bootstrap of default networking addons after cluster has been created"
+ type = bool
+ default = null
+}
+
variable "cluster_attributes" {
type = list(string)
description = "Override label module default cluster attributes"