mattermost · stafot · Jan 27, 2025
@@ -20,7 +20,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_managed_node_group"></a> [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.7.5 |
+| <a name="module_managed_node_group"></a> [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.8.19 |
 
 ## Resources
 
@@ -62,13 +62,16 @@
 | [kubernetes_cluster_role_binding.console_access](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
 | [kubernetes_config_map.aws_auth_configmap](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_eks_cluster_auth.cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 | [tls_certificate.cluster-openid-issuer](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_al2023_ami_id"></a> [al2023\_ami\_id](#input\_al2023\_ami\_id) | The AMI ID for AL2023 nodes | `string` | `""` | no |
+| <a name="input_al2023_arm_image_id"></a> [al2023\_arm\_image\_id](#input\_al2023\_arm\_image\_id) | The AMI ID for ARM64 nodes using AL2023 | `string` | `""` | no |
 | <a name="input_argocd_account_role"></a> [argocd\_account\_role](#input\_argocd\_account\_role) | n/a | `string` | n/a | yes |
 | <a name="input_arm_desired_size"></a> [arm\_desired\_size](#input\_arm\_desired\_size) | The desired number of arm nodes in the node group | `string` | n/a | yes |
 | <a name="input_arm_instance_type"></a> [arm\_instance\_type](#input\_arm\_instance\_type) | The instance type used for the arm nodes in the node group | `string` | n/a | yes |
@@ -107,6 +110,7 @@
 | <a name="input_spot_max_size"></a> [spot\_max\_size](#input\_spot\_max\_size) | The maximum number of nodes in the spot node group | `number` | `1` | no |
 | <a name="input_spot_min_size"></a> [spot\_min\_size](#input\_spot\_min\_size) | The minimum number of nodes in the spot node group | `number` | `0` | no |
 | <a name="input_teleport_cidr"></a> [teleport\_cidr](#input\_teleport\_cidr) | n/a | `list(string)` | n/a | yes |
+| <a name="input_use_al2023"></a> [use\_al2023](#input\_use\_al2023) | Enable AL2023-specific configurations. Defaults to false for AL2. | `bool` | `false` | no |
 | <a name="input_vpc_cni_addon_version"></a> [vpc\_cni\_addon\_version](#input\_vpc\_cni\_addon\_version) | The version of the EKS VPC CNI addon | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes |
 

@@ -19,6 +19,10 @@ resource "aws_eks_cluster" "cluster" {
   ]
 }
 
+data "aws_eks_cluster" "cluster" {
+  name = aws_eks_cluster.cluster.name
+}
+
 # Get EKS cluster certificate thumbprint
 data "tls_certificate" "cluster-openid-issuer" {
   url = aws_eks_cluster.cluster.identity[0].oidc[0].issuer

@@ -182,3 +182,21 @@ variable "arm_min_size" {
   type        = string
   description = "The minimum number of arm nodes in the node group"
 }
+
+variable "use_al2023" {
+  description = "Enable AL2023-specific configurations. Defaults to false for AL2."
+  type        = bool
+  default     = false
+}
+
+variable "al2023_ami_id" {
+  description = "The AMI ID for AL2023 nodes"
+  type        = string
+  default     = ""
+}
+
+variable "al2023_arm_image_id" {
+  description = "The AMI ID for ARM64 nodes using AL2023"
+  type        = string
+  default     = ""
+}
@@ -1,10 +1,30 @@
 ###########» Worker Node AutoScaling Group###########
 locals {
-  worker-userdata = <<USERDATA
+  service_cidr = data.aws_eks_cluster.cluster.kubernetes_network_config[0].service_ipv4_cidr
+  worker-userdata = var.use_al2023 ? base64encode(<<USERDATA
+#!/bin/bash
+set -e
+
+echo Configuring nodeadm for AL2023
+cat <<EOF > /etc/eks/nodeadm-config.yaml
+apiVersion: node.eks.aws/v1alpha1
+kind: NodeConfig
+spec:
+  cluster:
+    name: ${aws_eks_cluster.cluster.name}
+    apiServerEndpoint: ${aws_eks_cluster.cluster.endpoint}
+    certificateAuthority: ${aws_eks_cluster.cluster.certificate_authority[0].data}
+    cidr: ${local.service_cidr}
+EOF
+
+/usr/local/bin/nodeadm --config /etc/eks/nodeadm-config.yaml
+USERDATA
+    ) : base64encode(<<USERDATA
 #!/bin/bash
 set -o xtrace
-/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.cluster.endpoint}' --b64-cluster-ca '${aws_eks_cluster.cluster.certificate_authority[0].data}' '${var.deployment_name}'
+/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.cluster.endpoint}' --b64-cluster-ca '${aws_eks_cluster.cluster.certificate_authority[0].data}' '${aws_eks_cluster.cluster.name}' --kubelet-extra-args "--kube-reserved cpu=250m,memory=1Gi,ephemeral-storage=1Gi --system-reserved cpu=250m,memory=0.2Gi,ephemeral-storage=1Gi --eviction-hard memory.available<0.2Gi,nodefs.available<10%"
 USERDATA
+  )
 }
 
 locals {
@@ -27,7 +47,7 @@ CONFIGMAPAWSAUTH
 }
 
 module "managed_node_group" {
-  source                 = "github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups?ref=v1.7.5"
+  source                 = "github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups?ref=v1.8.19"
   vpc_security_group_ids = [aws_security_group.worker-sg.id]
   vpc_id                 = var.vpc_id
   volume_size            = var.node_volume_size
@@ -56,4 +76,10 @@ module "managed_node_group" {
   availability_zones     = var.availability_zones
   subnets                = var.map_subnets
   enable_spot_nodes      = var.enable_spot_nodes
+  use_al2023             = var.use_al2023
+  al2023_ami_id          = var.al2023_ami_id
+  al2023_arm_image_id    = var.al2023_arm_image_id
+  api_server_endpoint    = aws_eks_cluster.cluster.endpoint
+  certificate_authority  = aws_eks_cluster.cluster.certificate_authority[0].data
+  service_ipv4_cidr      = local.service_cidr
 }