Untitled

data "aws_ami" "eks_default" {
  most_recent = true
  owners      = ["amazon"]

  filter {
    name   = "name"
    values = ["amazon-eks-node-1.21-v*"]
  }
}

module "eks" {
  source = "./modules/eks"
  config = local.config
  vpc_id = local.vpc.id
  vpc_subnets                 = var.private_subnets_ids

  cluster_name                       = "cluster01"
  cluster_version                    = "1.21"
  cluster_endpoint_private_access    = true
  cluster_endpoint_public_access     = true
  cluster_security_group_name        = "cluster01-security-group"
  cluster_security_group_description = "EKS cluster security group."
  iam_role_name                      = "cluster01-iam-role"
  enable_irsa                        = true

  cluster_addons = {
    coredns = {
      resolve_conflicts = "OVERWRITE"
    }
    kube-proxy = {
      resolve_conflicts = "OVERWRITE"
    }
  }

  eks_managed_node_groups = {
    # Complete
    complete = {
      name            = "nodegroup01"
      use_name_prefix = true

      min_size     = 1
      max_size     = 3
      desired_size = 1
      ami_id       = data.aws_ami.eks_default.image_id

      enable_bootstrap_user_data = true
      iam_role_attach_cni_policy = true

      post_bootstrap_user_data = <<-EOT
      cd /tmp
      sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
      sudo systemctl enable amazon-ssm-agent
      sudo systemctl start amazon-ssm-agent
      echo "you are free little kubelet!"
      EOT

      disk_size            = 50
      force_update_version = true
      instance_types       = ["m5.large"]
      labels = {
        GithubRepo = "terraform-aws-eks"
        GithubOrg  = "terraform-aws-modules"
      }

      update_config = {
        max_unavailable_percentage = 50 # or set `max_unavailable`
      }

      description = "EKS managed node group example launch template"

      ebs_optimized           = true
      disable_api_termination = false
      enable_monitoring       = true
      #vpc_security_group_ids  = [aws_security_group.additional.id]

      metadata_options = {
        http_endpoint               = "enabled"
        http_tokens                 = "required"
        http_put_response_hop_limit = 2
        instance_metadata_tags      = "disabled"
      }
    }
  }

}