Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Automated Preview][terraform-aws-eks] Update CircleCI config with EKS test account #1549

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[Automated Preview][terraform-aws-eks] Update CircleCI config with EKS test account #1549

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ea30a06
Updated with the [latest changes](https://github.com/gruntwork-io/ter…
docs-sourcer[bot] Mar 19, 2024
d388d7a
Updated with the [latest changes](https://github.com/gruntwork-io/ter…
docs-sourcer[bot] Mar 28, 2024
46eb35d
Updated with the [latest changes](https://github.com/gruntwork-io/ter…
docs-sourcer[bot] Mar 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .../eks-alb-ingress-controller-iam-policy/eks-alb-ingress-controller-iam-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";

<VersionBadge repoTitle="Amazon EKS" version="0.65.6" lastModifiedVersion="0.65.5"/>
<VersionBadge repoTitle="Amazon EKS" version="0.66.0" lastModifiedVersion="0.65.5"/>

# ALB Ingress Controller IAM Policy Module

<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller-iam-policy" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller-iam-policy" className="link-button" title="View the source code for this module in GitHub.">View Source</a>

<a href="https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.65.5" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>

Expand All @@ -23,14 +23,14 @@ defines the minimal set of permissions necessary for the [AWS ALB Ingress
Controller](https://github.com/kubernetes-sigs/aws-alb-ingress-controller). This policy can then be attached to EC2
instances or IAM roles so that the controller deployed has enough permissions to manage an ALB.

See [the eks-alb-ingress-controller module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller) for a module that deploys the Ingress
See [the eks-alb-ingress-controller module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller) for a module that deploys the Ingress
Controller on to your EKS cluster.

## Attaching IAM policy to workers

To allow the ALB Ingress Controller to manage ALBs, it needs IAM permissions to use the AWS API to manage ALBs.
Currently, the way to grant Pods IAM privileges is to use the worker IAM profiles provisioned by [the
eks-cluster-workers module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-cluster-workers/README.md#how-do-you-add-additional-iam-policies).
eks-cluster-workers module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-cluster-workers/README.md#how-do-you-add-additional-iam-policies).

The Terraform templates in this module create an IAM policy that has the required permissions. You then need to use an
[aws_iam_policy_attachment](https://www.terraform.io/docs/providers/aws/r/iam_policy_attachment.html) to attach that
Expand Down Expand Up @@ -64,7 +64,7 @@ resource "aws_iam_role_policy_attachment" "attach_alb_ingress_controller_iam_pol

module "eks_alb_ingress_controller_iam_policy" {

source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller-iam-policy?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller-iam-policy?ref=v0.66.0"

# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
Expand Down Expand Up @@ -103,7 +103,7 @@ module "eks_alb_ingress_controller_iam_policy" {
# ------------------------------------------------------------------------------------------------------

terraform {
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller-iam-policy?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller-iam-policy?ref=v0.66.0"
}

inputs = {
Expand Down Expand Up @@ -210,11 +210,11 @@ The name of the IAM policy created with the permissions for the ALB ingress cont
<!-- ##DOCS-SOURCER-START
{
"originalSources": [
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller-iam-policy/readme.md",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller-iam-policy/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller-iam-policy/outputs.tf"
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller-iam-policy/readme.md",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller-iam-policy/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller-iam-policy/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
"hash": "1baf841b64532ce1e6e0ef0dada0b1c0"
"hash": "117b5b79fa4c8e1f40889c2ef3690cc3"
}
##DOCS-SOURCER-END -->
30 changes: 18 additions & 12 deletions ...ules/terraform-aws-eks/eks-alb-ingress-controller/eks-alb-ingress-controller.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";

<VersionBadge repoTitle="Amazon EKS" version="0.65.6" lastModifiedVersion="0.65.5"/>
<VersionBadge repoTitle="Amazon EKS" version="0.66.0" lastModifiedVersion="0.65.7"/>

# ALB Ingress Controller Module

<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller" className="link-button" title="View the source code for this module in GitHub.">View Source</a>

<a href="https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.65.5" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>
<a href="https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.65.7" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>

This Terraform Module installs and configures the [AWS ALB Ingress
Controller](https://github.com/kubernetes-sigs/aws-alb-ingress-controller) on an EKS cluster, so that you can configure
Expand Down Expand Up @@ -110,7 +110,7 @@ correctly.

You can use the `alb.ingress.kubernetes.io/subnets` annotation on `Ingress` resources to specify which subnets the controller should configure the ALB for.

You can also omit the `alb.ingress.kubernetes.io/subnets` annotation, and the controller will [automatically discover subnets](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/controller/config/#subnet-auto-discovery) based on their tags. This method should work "out of the box", so long as you are using the [`eks-vpc-tags`](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-vpc-tags) module to tag your VPC subnets.
You can also omit the `alb.ingress.kubernetes.io/subnets` annotation, and the controller will [automatically discover subnets](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/controller/config/#subnet-auto-discovery) based on their tags. This method should work "out of the box", so long as you are using the [`eks-vpc-tags`](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-vpc-tags) module to tag your VPC subnets.

### Security Groups

Expand All @@ -125,7 +125,7 @@ nodes.
### IAM permissions

The container deployed in this module requires IAM permissions to manage ALB resources. See [the
eks-alb-ingress-controller-iam-policy module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller-iam-policy) for more information.
eks-alb-ingress-controller-iam-policy module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller-iam-policy) for more information.

## Using the Ingress Controller

Expand Down Expand Up @@ -200,7 +200,7 @@ nature of the controller in provisioning the ALBs.
The AWS ALB Ingress Controller has first class support for
[external-dns](https://github.com/kubernetes-incubator/external-dns), a third party tool that configures external DNS
providers with domains to route to `Services` and `Ingresses` in Kubernetes. See our [eks-k8s-external-dns
module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-k8s-external-dns) for more information on how to setup the tool.
module](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-k8s-external-dns) for more information on how to setup the tool.

## How do I deploy the Pods to Fargate?

Expand Down Expand Up @@ -234,7 +234,7 @@ instances under the hood, and thus the ALB can not be configured to route by ins

module "eks_alb_ingress_controller" {

source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller?ref=v0.66.0"

# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
Expand Down Expand Up @@ -289,6 +289,9 @@ module "eks_alb_ingress_controller" {
# Namespace, you do not need another one.
create_fargate_profile = false

# Tags to apply to all AWS resources managed by this controller
default_tags = {}

# Create a dependency between the resources in this module to the interpolated
# values in this list (and thus the source resources). In other words, the
# resources in this module will now depend on the resources backing the values
Expand Down Expand Up @@ -366,7 +369,7 @@ module "eks_alb_ingress_controller" {
# ------------------------------------------------------------------------------------------------------

terraform {
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-alb-ingress-controller?ref=v0.66.0"
}

inputs = {
Expand Down Expand Up @@ -424,6 +427,9 @@ inputs = {
# Namespace, you do not need another one.
create_fargate_profile = false

# Tags to apply to all AWS resources managed by this controller
default_tags = {}

# Create a dependency between the resources in this module to the interpolated
# values in this list (and thus the source resources). In other words, the
# resources in this module will now depend on the resources backing the values
Expand Down Expand Up @@ -498,11 +504,11 @@ inputs = {
<!-- ##DOCS-SOURCER-START
{
"originalSources": [
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller/readme.md",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-alb-ingress-controller/outputs.tf"
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller/readme.md",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-alb-ingress-controller/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
"hash": "f1dd0a90c909f599e477600ced59c644"
"hash": "70e9919cb5460ba8913265156d27f1c6"
}
##DOCS-SOURCER-END -->
40 changes: 20 additions & 20 deletions .../reference/modules/terraform-aws-eks/eks-aws-auth-merger/eks-aws-auth-merger.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";

<VersionBadge repoTitle="Amazon EKS" version="0.65.6" lastModifiedVersion="0.65.5"/>
<VersionBadge repoTitle="Amazon EKS" version="0.66.0" lastModifiedVersion="0.65.5"/>

# EKS AWS Auth Merger

<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
<a href="https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger" className="link-button" title="View the source code for this module in GitHub.">View Source</a>

<a href="https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.65.5" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>

Expand All @@ -35,29 +35,29 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr

### Core concepts

* *[What is Kubernetes RBAC?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-k8s-role-mapping/README.md#what-is-kubernetes-role-based-access-control-rbac)*: overview of Kubernetes RBAC, the underlying system managing authentication and authorization in Kubernetes.
* *[What is Kubernetes RBAC?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-k8s-role-mapping/README.md#what-is-kubernetes-role-based-access-control-rbac)*: overview of Kubernetes RBAC, the underlying system managing authentication and authorization in Kubernetes.

* *[What is AWS IAM role?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-k8s-role-mapping/README.md#what-is-aws-iam-role)*: overview of AWS IAM Roles, the underlying system managing authentication and authorization in AWS.
* *[What is AWS IAM role?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-k8s-role-mapping/README.md#what-is-aws-iam-role)*: overview of AWS IAM Roles, the underlying system managing authentication and authorization in AWS.

* *[Managing users or IAM roles for your cluster](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html)*: The official AWS docs on how the `aws-auth` Kubernetes `ConfigMap` works.

* *[What is the aws-auth-merger?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/core-concepts.md#what-is-the-aws-auth-merger)*: overview of the `aws-auth-merger` and how it works to manage the `aws-auth` Kubernetes `ConfigMap`.
* *[What is the aws-auth-merger?](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/core-concepts.md#what-is-the-aws-auth-merger)*: overview of the `aws-auth-merger` and how it works to manage the `aws-auth` Kubernetes `ConfigMap`.

### Repo organization

* [modules](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
* [modules](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.

* [examples](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/examples): This folder contains working examples of how to use the submodules.
* [examples](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/examples): This folder contains working examples of how to use the submodules.

* [test](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/test): Automated tests for the modules and examples.
* [test](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/test): Automated tests for the modules and examples.

## Deploy

### Non-production deployment (quick start for learning)

If you just want to try this repo out for experimenting and learning, check out the following resources:

* [examples folder](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
* [examples folder](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).

### Production deployment

Expand All @@ -69,15 +69,15 @@ If you want to deploy this repo in production, check out the following resources

## Manage

* [How to deploy and use the aws-auth-merger](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/core-concepts.md#how-do-i-use-the-aws-auth-merger)
* [How to deploy and use the aws-auth-merger](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/core-concepts.md#how-do-i-use-the-aws-auth-merger)

* [How to handle conflicts with automatic updates to the aws-auth ConfigMap by EKS](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/core-concepts.md#how-do-i-handle-conflicts-with-automatic-updates-by-eks)
* [How to handle conflicts with automatic updates to the aws-auth ConfigMap by EKS](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/core-concepts.md#how-do-i-handle-conflicts-with-automatic-updates-by-eks)

* [How to restrict users to specific actions on the EKS cluster](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-k8s-role-mapping/README.md#restricting-specific-actions)
* [How to restrict users to specific actions on the EKS cluster](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-k8s-role-mapping/README.md#restricting-specific-actions)

* [How to restrict users to specific namespaces on the EKS cluster](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-k8s-role-mapping/README.md#restricting-by-namespace)
* [How to restrict users to specific namespaces on the EKS cluster](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-k8s-role-mapping/README.md#restricting-by-namespace)

* [How to authenticate kubectl to EKS](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/core-concepts.md#how-to-authenticate-kubectl)
* [How to authenticate kubectl to EKS](https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/core-concepts.md#how-to-authenticate-kubectl)

## Sample Usage

Expand All @@ -92,7 +92,7 @@ If you want to deploy this repo in production, check out the following resources

module "eks_aws_auth_merger" {

source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-aws-auth-merger?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-aws-auth-merger?ref=v0.66.0"

# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
Expand Down Expand Up @@ -207,7 +207,7 @@ module "eks_aws_auth_merger" {
# ------------------------------------------------------------------------------------------------------

terraform {
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-aws-auth-merger?ref=v0.65.6"
source = "git::[email protected]:gruntwork-io/terraform-aws-eks.git//modules/eks-aws-auth-merger?ref=v0.66.0"
}

inputs = {
Expand Down Expand Up @@ -627,11 +627,11 @@ The name of the namespace that is used. If create_namespace is true, this output
<!-- ##DOCS-SOURCER-START
{
"originalSources": [
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/readme.adoc",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.65.6/modules/eks-aws-auth-merger/outputs.tf"
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/readme.adoc",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/variables.tf",
"https://github.com/gruntwork-io/terraform-aws-eks/tree/v0.66.0/modules/eks-aws-auth-merger/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
"hash": "42c51af808982b4f4b0b09fc08b96e98"
"hash": "d50e59e7262cb6dfb5f04b22f09f30b8"
}
##DOCS-SOURCER-END -->
Loading