Use vpc-cni addon configuration values to create eniconfigs

quortex · Sep 12, 2024 · aa38abb · aa38abb
1 parent fb40776
commit aa38abb
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 35 deletions.
diff --git a/iam_aws_vpc_cni.tf b/iam_aws_vpc_cni.tf
@@ -1,5 +1,5 @@
 locals {
-  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || contains(keys(var.cluster_addons), "vpc-cni"))
+  handle_aws_vpc_cni = var.handle_iam_resources && var.handle_iam_aws_vpc_cni
 }
 
 resource "aws_iam_role" "aws_vpc_cni" {

diff --git a/main.tf b/main.tf
@@ -15,11 +15,22 @@
 */
 
 locals {
-  eni_configs = [for e in var.pods_subnets : {
-    name           = e.availability_zone
-    subnet         = e.id
-    securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
-  }]
+  vpc_cni_configuration_values = var.custom_networking ? {
+    "env" : {
+      "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" : "true",
+      "ENI_CONFIG_LABEL_DEF" : "topology.kubernetes.io/zone"
+    }
+    "eniConfig" : {
+      "create" : true,
+      "region" : data.aws_region.current.name,
+      "subnets" : { for e in var.pods_subnets :
+        e.availability_zone => {
+          id             = e.id
+          securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
+        }
+      }
+    }
+  } : null
   # The Quortex cluster OIDC issuer.
   cluster_oidc_issuer = trimprefix(aws_eks_cluster.quortex.identity[0].oidc[0].issuer, "https://")
   node_group_labels = [
@@ -193,15 +204,15 @@ locals {
 }
 
 resource "aws_eks_addon" "vpc_cni_addon" {
-  count = local.handle_aws_vpc_cni ? 1 : 0
+  count = var.vpc_cni_addon == null ? 0 : 1
 
   cluster_name                = aws_eks_cluster.quortex.name
   addon_name                  = "vpc-cni"
-  addon_version               = var.cluster_addons["vpc-cni"].version
-  configuration_values        = try(var.cluster_addons["vpc-cni"].configuration_values, null)
-  preserve                    = try(var.cluster_addons["vpc-cni"].preserve, null)
-  resolve_conflicts_on_update = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
-  resolve_conflicts_on_create = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
+  addon_version               = var.vpc_cni_addon.version
+  configuration_values        = jsonencode(merge(local.vpc_cni_configuration_values, var.vpc_cni_addon.configuration_values))
+  preserve                    = var.vpc_cni_addon.preserve
+  resolve_conflicts_on_update = var.vpc_cni_addon.resolve_conflicts
+  resolve_conflicts_on_create = var.vpc_cni_addon.resolve_conflicts
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, "vpc-cni", null)
 
   tags = var.tags
@@ -221,8 +232,6 @@ resource "aws_eks_addon" "quortex_addon" {
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, each.key, null)
 
   tags = var.tags
-
-  depends_on = [helm_release.eni_configs]
 }
 
 # This AWS CLI command will add tags to the ASG created by EKS
@@ -288,18 +297,3 @@ resource "aws_cloudwatch_log_group" "cluster_logs" {
   retention_in_days = var.cluster_logs_retention
   tags              = var.tags
 }
-
-resource "helm_release" "eni_configs" {
-  count      = var.handle_eni_configs ? 1 : 0
-  version    = "1.0.0"
-  chart      = "empty"
-  repository = "https://quortex.github.io/helm-charts"
-  name       = "aws-vpc-cni-config"
-
-  values = [
-    templatefile("${path.module}/templates/eniconfigs.yaml", {
-      eniConfigs : jsonencode(local.eni_configs)
-    })
-  ]
-  depends_on = [aws_eks_addon.vpc_cni_addon]
-}
diff --git a/variables.tf b/variables.tf
@@ -176,9 +176,9 @@ EOT
   default     = {}
 }
 
-variable "handle_eni_configs" {
+variable "custom_networking" {
   type        = bool
-  description = "To determine if eniconfig resources should be managed by this module"
+  description = "Whether custom networking is enabled, defaults to false. Adds default configuration values to vpc-cni addon if true"
   default     = false
 }
 
@@ -300,6 +300,17 @@ variable "cluster_addons" {
   default     = {}
 }
 
+variable "vpc_cni_addon" {
+  description = "vpc-cni addon definition"
+  type = object({
+    version              = string
+    resolve_conflicts    = optional(string, "OVERWRITE")
+    preserve             = optional(bool)
+    configuration_values = any
+  })
+  nullable = true
+}
+
 variable "manage_aws_auth_configmap" {
   description = "Determines whether to manage the aws-auth configmap."
   type        = bool

diff --git a/versions.tf b/versions.tf
@@ -22,10 +22,6 @@ terraform {
       source  = "hashicorp/aws"
       version = ">=5.0.0"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">=2.0.0"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">=2.0.0"