From e15e550ba1649f4d50b3665b198804dc4781a988 Mon Sep 17 00:00:00 2001
From: nerahou <nrahou@synamedia.com>
Date: Thu, 5 Sep 2024 19:17:56 +0200
Subject: [PATCH] Handle vpc-cni addon separately

---
 iam_aws_vpc_cni.tf |  2 +-
 main.tf            | 38 ++++++++++++++++++--------------------
 variables.tf       |  6 ++++++
 3 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/iam_aws_vpc_cni.tf b/iam_aws_vpc_cni.tf
index 16d3306..1f3facd 100644
--- a/iam_aws_vpc_cni.tf
+++ b/iam_aws_vpc_cni.tf
@@ -1,5 +1,5 @@
 locals {
-  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || contains(keys(var.cluster_addons), "vpc-cni"))
+  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || length(var.vpc_cni_addon) > 0)
 }
 
 resource "aws_iam_role" "aws_vpc_cni" {
diff --git a/main.tf b/main.tf
index faffd5e..2994d7a 100644
--- a/main.tf
+++ b/main.tf
@@ -15,24 +15,22 @@
 */
 
 locals {
-  vpc_cni_configuration_values = var.custom_networking ? jsonencode(
-    {
-      "env" : {
-        "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" : "true",
-        "ENI_CONFIG_LABEL_DEF" : "topology.kubernetes.io/zone"
-      }
-      "eniConfig" : {
-        "create" : true,
-        "region" : data.aws_region.current.name,
-        "subnets" : { for e in var.pods_subnets :
-          e.availability_zone => {
-            id             = e.id
-            securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
-          }
+  vpc_cni_configuration_values = var.custom_networking ? {
+    "env" : {
+      "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" : "true",
+      "ENI_CONFIG_LABEL_DEF" : "topology.kubernetes.io/zone"
+    }
+    "eniConfig" : {
+      "create" : true,
+      "region" : data.aws_region.current.name,
+      "subnets" : { for e in var.pods_subnets :
+        e.availability_zone => {
+          id             = e.id
+          securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
         }
       }
     }
-  ) : null
+  } : {}
   # The Quortex cluster OIDC issuer.
   cluster_oidc_issuer = trimprefix(aws_eks_cluster.quortex.identity[0].oidc[0].issuer, "https://")
   node_group_labels = [
@@ -210,11 +208,11 @@ resource "aws_eks_addon" "vpc_cni_addon" {
 
   cluster_name                = aws_eks_cluster.quortex.name
   addon_name                  = "vpc-cni"
-  addon_version               = var.cluster_addons["vpc-cni"].version
-  configuration_values        = try(coalesce(var.cluster_addons["vpc-cni"].configuration_values, local.vpc_cni_configuration_values), null)
-  preserve                    = try(var.cluster_addons["vpc-cni"].preserve, null)
-  resolve_conflicts_on_update = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
-  resolve_conflicts_on_create = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
+  addon_version               = var.vpc_cni_addon.version
+  configuration_values        = jsonencode(merge(local.vpc_cni_configuration_values, var.vpc_cni_addon.configuration_values))
+  preserve                    = try(var.vpc_cni_addon.preserve, null)
+  resolve_conflicts_on_update = try(var.vpc_cni_addon.resolve_conflicts, "OVERWRITE")
+  resolve_conflicts_on_create = try(var.vpc_cni_addon.resolve_conflicts, "OVERWRITE")
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, "vpc-cni", null)
 
   tags = var.tags
diff --git a/variables.tf b/variables.tf
index 2a56175..ab5e501 100644
--- a/variables.tf
+++ b/variables.tf
@@ -300,6 +300,12 @@ variable "cluster_addons" {
   default     = {}
 }
 
+variable "vpc_cni_addon" {
+  description = "vpc-cni addon definition"
+  type        = any
+  default     = {}
+}
+
 variable "manage_aws_auth_configmap" {
   description = "Determines whether to manage the aws-auth configmap."
   type        = bool