diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index e1edbbef..4978f2a7 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -6,11 +6,11 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.2.5" - - cluster_name = "dpe-k8-sandbox" - private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids - vpc_id = module.sage-aws-vpc.vpc_id - vpc_security_group_id = module.sage-aws-vpc.vpc_security_group_id + version = "0.2.6" + cluster_name = "dpe-k8-sandbox" + private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids + vpc_id = module.sage-aws-vpc.vpc_id + vpc_security_group_id = module.sage-aws-vpc.vpc_security_group_id + enable_policy_event_logs = true } diff --git a/modules/main.tf b/modules/main.tf index d8e69f68..855aabf0 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.2.5" + version_number = "0.2.6" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index c7f72912..4649c8bf 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -57,6 +57,7 @@ module "eks" { } vpc-cni = { most_recent = true + # Derived from https://github.com/aws/amazon-vpc-cni-k8s/blob/master/charts/aws-vpc-cni/values.yaml configuration_values = jsonencode({ enableNetworkPolicy = "true", init = { @@ -64,8 +65,8 @@ module "eks" { DISABLE_TCP_EARLY_DEMUX = "true" } } - nodeagent = { - enablePolicyEventLogs = "true" + nodeAgent = { + enablePolicyEventLogs = var.enable_policy_event_logs ? "true" : "false" } env = { ENABLE_POD_ENI = "true", diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index c42a715e..7d7a631d 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -38,3 +38,9 @@ variable "vpc_security_group_id" { description = "Security group ID to attach to the EKS cluster" type = string } + +variable "enable_policy_event_logs" { + description = "Enable logging of policy events" + type = bool + default = false +}