From 70d2020e442bfe92d889c8fcfd6738d0f74faa8b Mon Sep 17 00:00:00 2001 From: joneszc Date: Mon, 12 Aug 2024 12:46:16 -0400 Subject: [PATCH 1/5] Enable option in nebari-config to add pre-bootstrap commands to run on EKS nodes --- src/_nebari/stages/infrastructure/__init__.py | 3 ++ .../infrastructure/template/aws/main.tf | 1 + .../template/aws/modules/kubernetes/main.tf | 38 ++++++++++++++++++- .../aws/modules/kubernetes/variables.tf | 6 +++ .../infrastructure/template/aws/variables.tf | 6 +++ 5 files changed, 53 insertions(+), 1 deletion(-) diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py index 829ca144be..fd24e67c62 100644 --- a/src/_nebari/stages/infrastructure/__init__.py +++ b/src/_nebari/stages/infrastructure/__init__.py @@ -133,6 +133,7 @@ class AWSInputVars(schema.Base): existing_subnet_ids: Optional[List[str]] = None region: str kubernetes_version: str + node_prebootstrap_command: Optional[str] = None node_groups: List[AWSNodeGroupInputVars] availability_zones: List[str] vpc_cidr_block: str @@ -451,6 +452,7 @@ class AmazonWebServicesProvider(schema.Base): kubernetes_version: str availability_zones: Optional[List[str]] node_groups: Dict[str, AWSNodeGroup] = DEFAULT_AWS_NODE_GROUPS + node_prebootstrap_command: Optional[str] = None existing_subnet_ids: Optional[List[str]] = None existing_security_group_id: Optional[str] = None vpc_cidr_block: str = "10.10.0.0/16" @@ -789,6 +791,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]): return AWSInputVars( name=self.config.escaped_project_name, environment=self.config.namespace, + node_prebootstrap_command=self.config.amazon_web_services.node_prebootstrap_command, existing_subnet_ids=self.config.amazon_web_services.existing_subnet_ids, existing_security_group_id=self.config.amazon_web_services.existing_security_group_id, region=self.config.amazon_web_services.region, diff --git a/src/_nebari/stages/infrastructure/template/aws/main.tf b/src/_nebari/stages/infrastructure/template/aws/main.tf index 2c78018f0b..a030217a72 100644 --- a/src/_nebari/stages/infrastructure/template/aws/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/main.tf @@ -93,6 +93,7 @@ module "kubernetes" { node_groups = var.node_groups endpoint_private_access = var.eks_endpoint_private_access + node_prebootstrap_command = var.node_prebootstrap_command public_access_cidrs = var.eks_public_access_cidrs permissions_boundary = var.permissions_boundary } diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index 521096cae0..8b9b02b52d 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -20,6 +20,33 @@ resource "aws_eks_cluster" "main" { tags = merge({ Name = var.name }, var.tags) } +resource "aws_launch_template" "main" { + # Invoke launch_template only if var.node_prebootstrap_command is not null + count = var.node_prebootstrap_command == null ? 0 : length(var.node_groups) + name = var.node_groups[count.index].name + + vpc_security_group_ids = var.cluster_security_groups + + block_device_mappings { + device_name = "/dev/xvda" + + ebs { + volume_size = 50 + volume_type = "gp2" + } + } + # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics + user_data = base64encode(<<-EOF +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="//" +--// +Content-Type: text/x-shellscript; charset="us-ascii" +${var.node_prebootstrap_command} + +--//--\ + EOF + ) +} resource "aws_eks_node_group" "main" { count = length(var.node_groups) @@ -31,7 +58,7 @@ resource "aws_eks_node_group" "main" { instance_types = [var.node_groups[count.index].instance_type] ami_type = var.node_groups[count.index].gpu == true ? "AL2_x86_64_GPU" : "AL2_x86_64" - disk_size = 50 + disk_size = var.node_prebootstrap_command == null ? 50 : null scaling_config { min_size = var.node_groups[count.index].min_size @@ -49,6 +76,15 @@ resource "aws_eks_node_group" "main" { ] } + # Invoke launch_template only if var.node_prebootstrap_command is not null + dynamic "launch_template" { + for_each = var.node_prebootstrap_command == null ? [] : [1] + content { + id = aws_launch_template.main[count.index].id + version = aws_launch_template.main[count.index].latest_version + } + } + # Ensure that IAM Role permissions are created before and deleted # after EKS Node Group handling. Otherwise, EKS will not be able to # properly delete EC2 Instances and Elastic Network Interfaces. diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf index e22c640929..70ad6feaee 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf @@ -60,6 +60,12 @@ variable "node_group_instance_type" { default = "m5.large" } +variable "node_prebootstrap_command" { + description = "Custom pre-bootstrap and /etc/eks/bootstrap.sh commands run on EKS nodes" + type = string + default = null +} + variable "endpoint_private_access" { type = bool default = false diff --git a/src/_nebari/stages/infrastructure/template/aws/variables.tf b/src/_nebari/stages/infrastructure/template/aws/variables.tf index 2e80c64c3c..c32f9c3e27 100644 --- a/src/_nebari/stages/infrastructure/template/aws/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/variables.tf @@ -56,6 +56,12 @@ variable "kubeconfig_filename" { type = string } +variable "node_prebootstrap_command" { + description = "Custom pre-bootstrap and /etc/eks/bootstrap.sh commands run on EKS nodes" + type = string + default = null +} + variable "eks_endpoint_private_access" { type = bool default = false From 1e8745ed5ae2d70dc7884a399a2b2faeec0fb59e Mon Sep 17 00:00:00 2001 From: joneszc Date: Mon, 12 Aug 2024 13:47:24 -0400 Subject: [PATCH 2/5] Add option (amazon_web_services.node_groups.custom_ami) to employ a custom AMI Id for EKS nodes --- src/_nebari/stages/infrastructure/__init__.py | 3 ++ .../template/aws/modules/kubernetes/locals.tf | 1 + .../template/aws/modules/kubernetes/main.tf | 39 ++++++++++++------- .../aws/modules/kubernetes/variables.tf | 3 +- .../infrastructure/template/aws/variables.tf | 3 +- 5 files changed, 34 insertions(+), 15 deletions(-) diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py index fd24e67c62..809bafe85a 100644 --- a/src/_nebari/stages/infrastructure/__init__.py +++ b/src/_nebari/stages/infrastructure/__init__.py @@ -118,6 +118,7 @@ class AzureInputVars(schema.Base): class AWSNodeGroupInputVars(schema.Base): name: str instance_type: str + custom_ami: Optional[str] = None gpu: bool = False min_size: int desired_size: int @@ -429,6 +430,7 @@ def _validate_tags(cls, value: Optional[Dict[str, str]]) -> Dict[str, str]: class AWSNodeGroup(schema.Base): instance: str + custom_ami: Optional[str] = None min_nodes: int = 0 max_nodes: int gpu: bool = False @@ -800,6 +802,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]): AWSNodeGroupInputVars( name=name, instance_type=node_group.instance, + custom_ami=node_group.custom_ami, gpu=node_group.gpu, min_size=node_group.min_nodes, desired_size=node_group.min_nodes, diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/locals.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/locals.tf index f260091dcb..09d488ff87 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/locals.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/locals.tf @@ -13,6 +13,7 @@ locals { ], var.node_group_additional_policies) gpu_node_group_names = [for node_group in var.node_groups : node_group.name if node_group.gpu == true] + cust_ami_node_index = [for idx, node_group in var.node_groups : idx if node_group.custom_ami != null] partition = data.aws_partition.current.partition } diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index 8b9b02b52d..a8358ea6e1 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -20,10 +20,14 @@ resource "aws_eks_cluster" "main" { tags = merge({ Name = var.name }, var.tags) } +## aws_launch_template user_data invocation +## If using a Custom AMI, then the /etc/eks/bootstrap cmds and args must be included/modified, +## otherwise, on default AWS EKS Node AMI, the bootstrap cmd is appended automatically resource "aws_launch_template" "main" { - # Invoke launch_template only if var.node_prebootstrap_command is not null - count = var.node_prebootstrap_command == null ? 0 : length(var.node_groups) - name = var.node_groups[count.index].name + # Invoke launch_template only if var.node_prebootstrap_command is not null or custom_ami is not null + count = var.node_prebootstrap_command != null ? length(var.node_groups) : length(local.cust_ami_node_index) + name = var.node_prebootstrap_command != null ? var.node_groups[count.index].name : var.node_groups[local.cust_ami_node_index[count.index]].name + image_id = var.node_prebootstrap_command != null ? var.node_groups[count.index].custom_ami : var.node_groups[local.cust_ami_node_index[count.index]].custom_ami vpc_security_group_ids = var.cluster_security_groups @@ -38,12 +42,21 @@ resource "aws_launch_template" "main" { # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics user_data = base64encode(<<-EOF MIME-Version: 1.0 -Content-Type: multipart/mixed; boundary="//" ---// +Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" + +--==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" -${var.node_prebootstrap_command} +%{ if var.node_prebootstrap_command != null }${var.node_prebootstrap_command}%{ endif } + +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami != null }--==MYBOUNDARY==%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami != null }Content-Type: text/x-shellscript; charset="us-ascii"%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }#!/bin/bash%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }set -ex%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }B64_CLUSTER_CA=${aws_eks_cluster.main.certificate_authority[0].data}%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }API_SERVER_URL=${aws_eks_cluster.main.endpoint}%{ endif } +%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }/etc/eks/bootstrap.sh ${aws_eks_cluster.main.name} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL%{ endif } ---//--\ +--==MYBOUNDARY==-- EOF ) } @@ -57,8 +70,8 @@ resource "aws_eks_node_group" "main" { subnet_ids = var.node_groups[count.index].single_subnet ? [element(var.cluster_subnets, 0)] : var.cluster_subnets instance_types = [var.node_groups[count.index].instance_type] - ami_type = var.node_groups[count.index].gpu == true ? "AL2_x86_64_GPU" : "AL2_x86_64" - disk_size = var.node_prebootstrap_command == null ? 50 : null + ami_type = var.node_groups[count.index].custom_ami != null ? "CUSTOM" : (var.node_groups[count.index].gpu == true ? "AL2_x86_64_GPU" : "AL2_x86_64") + disk_size = var.node_prebootstrap_command == null && var.node_groups[count.index].custom_ami == null ? 50 : null scaling_config { min_size = var.node_groups[count.index].min_size @@ -76,12 +89,12 @@ resource "aws_eks_node_group" "main" { ] } - # Invoke launch_template only if var.node_prebootstrap_command is not null + # Invoke launch_template only if var.node_prebootstrap_command is not null or node group custom_ami is not null dynamic "launch_template" { - for_each = var.node_prebootstrap_command == null ? [] : [1] + for_each = var.node_prebootstrap_command == null && var.node_groups[count.index].custom_ami == null ? [] : [1] content { - id = aws_launch_template.main[count.index].id - version = aws_launch_template.main[count.index].latest_version + id = var.node_prebootstrap_command != null ? aws_launch_template.main[count.index].id : aws_launch_template.main[index(local.cust_ami_node_index, count.index)].id + version = var.node_prebootstrap_command != null ? aws_launch_template.main[count.index].latest_version : aws_launch_template.main[index(local.cust_ami_node_index, count.index)].latest_version } } diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf index 70ad6feaee..465e21bdd2 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf @@ -46,6 +46,7 @@ variable "node_groups" { type = list(object({ name = string instance_type = string + custom_ami = string gpu = bool min_size = number desired_size = number @@ -61,7 +62,7 @@ variable "node_group_instance_type" { } variable "node_prebootstrap_command" { - description = "Custom pre-bootstrap and /etc/eks/bootstrap.sh commands run on EKS nodes" + description = "Custom pre-bootstrap commands run on EKS nodes" type = string default = null } diff --git a/src/_nebari/stages/infrastructure/template/aws/variables.tf b/src/_nebari/stages/infrastructure/template/aws/variables.tf index c32f9c3e27..118f9bec8a 100644 --- a/src/_nebari/stages/infrastructure/template/aws/variables.tf +++ b/src/_nebari/stages/infrastructure/template/aws/variables.tf @@ -33,6 +33,7 @@ variable "node_groups" { type = list(object({ name = string instance_type = string + custom_ami = string gpu = bool min_size = number desired_size = number @@ -57,7 +58,7 @@ variable "kubeconfig_filename" { } variable "node_prebootstrap_command" { - description = "Custom pre-bootstrap and /etc/eks/bootstrap.sh commands run on EKS nodes" + description = "Custom pre-bootstrap commands run on EKS nodes" type = string default = null } From e60a6fe264718c8e4bf440e443d3d45d5e93617e Mon Sep 17 00:00:00 2001 From: joneszc Date: Wed, 14 Aug 2024 16:38:11 -0400 Subject: [PATCH 3/5] Migrate user_data cmds section from terraform aws_launch_template to be read in from files/user_data.tftpl --- .../modules/kubernetes/files/user_data.tftpl | 16 ++++++++++ .../template/aws/modules/kubernetes/main.tf | 32 ++++++++----------- 2 files changed, 29 insertions(+), 19 deletions(-) create mode 100644 src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl new file mode 100644 index 0000000000..3f3102c619 --- /dev/null +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl @@ -0,0 +1,16 @@ +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" + +--==MYBOUNDARY== +Content-Type: text/x-shellscript; charset="us-ascii" +%{ if node_prebootstrap_command != null }${node_prebootstrap_command}%{ endif } + +%{ if split_user_data == true }--==MYBOUNDARY==%{ endif } +%{ if split_user_data == true }Content-Type: text/x-shellscript; charset="us-ascii"%{ endif } +%{ if include_bootstrap_cmd == true }#!/bin/bash%{ endif } +%{ if include_bootstrap_cmd == true }set -ex%{ endif } +%{ if include_bootstrap_cmd == true }B64_CLUSTER_CA=${cluster_cert_authority}%{ endif } +%{ if include_bootstrap_cmd == true }API_SERVER_URL=${cluster_endpoint}%{ endif } +%{ if include_bootstrap_cmd == true }/etc/eks/bootstrap.sh ${cluster_name} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL%{ endif } + +--==MYBOUNDARY==-- \ No newline at end of file diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index a8358ea6e1..bfb60f17b8 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -40,24 +40,18 @@ resource "aws_launch_template" "main" { } } # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics - user_data = base64encode(<<-EOF -MIME-Version: 1.0 -Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" - ---==MYBOUNDARY== -Content-Type: text/x-shellscript; charset="us-ascii" -%{ if var.node_prebootstrap_command != null }${var.node_prebootstrap_command}%{ endif } - -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami != null }--==MYBOUNDARY==%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami != null }Content-Type: text/x-shellscript; charset="us-ascii"%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }#!/bin/bash%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }set -ex%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }B64_CLUSTER_CA=${aws_eks_cluster.main.certificate_authority[0].data}%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }API_SERVER_URL=${aws_eks_cluster.main.endpoint}%{ endif } -%{ if var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null }%{ else }/etc/eks/bootstrap.sh ${aws_eks_cluster.main.name} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL%{ endif } - ---==MYBOUNDARY==-- - EOF + user_data = base64encode( + templatefile( + "${path.module}/files/user_data.tftpl", + { + node_prebootstrap_command = var.node_prebootstrap_command + split_user_data = var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami != null ? true : false + include_bootstrap_cmd = var.node_prebootstrap_command != null && var.node_groups[count.index].custom_ami == null ? false : true + cluster_name = aws_eks_cluster.main.name + cluster_cert_authority = aws_eks_cluster.main.certificate_authority[0].data + cluster_endpoint = aws_eks_cluster.main.endpoint + } + ) ) } @@ -170,4 +164,4 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" { { Name = "${var.name}-eks-irsa" }, var.tags ) -} +} \ No newline at end of file From 9ed0ceb9595f4da888e98399631f3f8adbb08fff Mon Sep 17 00:00:00 2001 From: joneszc Date: Tue, 20 Aug 2024 16:36:13 -0400 Subject: [PATCH 4/5] Add metadata_options to aws_launch_template to require http_tokens for IMDSv2 --- src/_nebari/stages/infrastructure/template/aws/main.tf | 6 +++--- .../template/aws/modules/kubernetes/main.tf | 10 ++++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/_nebari/stages/infrastructure/template/aws/main.tf b/src/_nebari/stages/infrastructure/template/aws/main.tf index a030217a72..726a97f87e 100644 --- a/src/_nebari/stages/infrastructure/template/aws/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/main.tf @@ -92,8 +92,8 @@ module "kubernetes" { node_groups = var.node_groups - endpoint_private_access = var.eks_endpoint_private_access + endpoint_private_access = var.eks_endpoint_private_access node_prebootstrap_command = var.node_prebootstrap_command - public_access_cidrs = var.eks_public_access_cidrs - permissions_boundary = var.permissions_boundary + public_access_cidrs = var.eks_public_access_cidrs + permissions_boundary = var.permissions_boundary } diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index bfb60f17b8..b808e3bbca 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -31,14 +31,20 @@ resource "aws_launch_template" "main" { vpc_security_group_ids = var.cluster_security_groups - block_device_mappings { - device_name = "/dev/xvda" + metadata_options { + http_tokens = "required" + http_endpoint = "enabled" + instance_metadata_tags = "enabled" + } + block_device_mappings { + device_name = "/dev/xvda" ebs { volume_size = 50 volume_type = "gp2" } } + # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics user_data = base64encode( templatefile( From daaa146795b3590de56bcc33ac2717652f376b55 Mon Sep 17 00:00:00 2001 From: joneszc Date: Wed, 21 Aug 2024 09:27:23 -0400 Subject: [PATCH 5/5] fix spacing for terraform fmt pre-commit checks --- src/_nebari/stages/infrastructure/template/aws/main.tf | 8 ++++---- .../template/aws/modules/kubernetes/files/user_data.tftpl | 2 +- .../template/aws/modules/kubernetes/main.tf | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/_nebari/stages/infrastructure/template/aws/main.tf b/src/_nebari/stages/infrastructure/template/aws/main.tf index 726a97f87e..e3da3efcdc 100644 --- a/src/_nebari/stages/infrastructure/template/aws/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/main.tf @@ -92,8 +92,8 @@ module "kubernetes" { node_groups = var.node_groups - endpoint_private_access = var.eks_endpoint_private_access - node_prebootstrap_command = var.node_prebootstrap_command - public_access_cidrs = var.eks_public_access_cidrs - permissions_boundary = var.permissions_boundary + endpoint_private_access = var.eks_endpoint_private_access + node_prebootstrap_command = var.node_prebootstrap_command + public_access_cidrs = var.eks_public_access_cidrs + permissions_boundary = var.permissions_boundary } diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl index 3f3102c619..11d52662e1 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/files/user_data.tftpl @@ -13,4 +13,4 @@ Content-Type: text/x-shellscript; charset="us-ascii" %{ if include_bootstrap_cmd == true }API_SERVER_URL=${cluster_endpoint}%{ endif } %{ if include_bootstrap_cmd == true }/etc/eks/bootstrap.sh ${cluster_name} --b64-cluster-ca $B64_CLUSTER_CA --apiserver-endpoint $API_SERVER_URL%{ endif } ---==MYBOUNDARY==-- \ No newline at end of file +--==MYBOUNDARY==-- diff --git a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf index b808e3bbca..d4d558b547 100644 --- a/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf +++ b/src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf @@ -38,13 +38,13 @@ resource "aws_launch_template" "main" { } block_device_mappings { - device_name = "/dev/xvda" + device_name = "/dev/xvda" ebs { volume_size = 50 volume_type = "gp2" } } - + # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics user_data = base64encode( templatefile( @@ -170,4 +170,4 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" { { Name = "${var.name}-eks-irsa" }, var.tags ) -} \ No newline at end of file +}