diff --git a/eniconfig.tf b/eniconfig.tf new file mode 100644 index 0000000..0f22336 --- /dev/null +++ b/eniconfig.tf @@ -0,0 +1,54 @@ +############################################################################### +# Kubernetes provider configuration +############################################################################### + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token + exec { + api_version = "client.authentication.k8s.io/v1alpha1" + args = ["eks", "get-token", "--cluster-name", var.cluster_name] + command = "aws" + } +} + +resource "kubernetes_manifest" "eniconfig_subnets"{ + + for_each = var.vpc_eni_subnets + + depends_on = [ + helm_release.karpenter + ] + + manifest = { + "apiVersion" = "crd.k8s.amazonaws.com/v1alpha1" + "kind" = "ENIConfig" + "metadata" = { + "name" = "${each.key}" + } + "spec" = { + "subnet" = "eni-${each.value}" + "securityGroups" = [ + "${var.worker_security_group_id}" + ] + } + } + +} + +resource "null_resource" "rotate_nodes_after_eniconfig_creation" { + + count = var.rotate_nodes_after_eniconfig_creation ? 1 : 0 + + provisioner "local-exec" { + command = <<-EOT + aws ec2 terminate-instances --instance-ids $(aws ec2 describe-instances --filter "Name=tag:Name,Values=$CLUSTER_NAME-general" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].[InstanceId]" --output text) --output text + EOT + } + +} diff --git a/variables.tf b/variables.tf index 6ba2d2c..107bcfe 100644 --- a/variables.tf +++ b/variables.tf @@ -34,3 +34,16 @@ variable "helm_name" { variable "cluster_endpoint" { default = "" } + +variable "vpc_eni_subnets" { + type = map(any) +} + +variable "worker_security_group_id" { + type = string +} + +variable "rotate_nodes_after_eniconfig_creation" { + type = bool + default = true +}