diff --git a/cluster.tf b/cluster.tf index 87c672f..0e97729 100644 --- a/cluster.tf +++ b/cluster.tf @@ -38,11 +38,43 @@ resource "aws_eks_cluster" "cluster" { } } } + # Compute Config (conditional setup for Auto Mode) + dynamic "compute_config" { + for_each = var.eks_auto_mode_enabled ? [1] : [] + content { + enabled = true + node_pools = ["system"] + node_role_arn = aws_iam_role.node.arn + } + } + # Kubernetes Network Config (Auto Mode specific) + dynamic "kubernetes_network_config" { + for_each = var.eks_auto_mode_enabled ? [1] : [] + content { + elastic_load_balancing { + enabled = true + } + } + } + # Storage Config (Auto Mode specific) + dynamic "storage_config" { + for_each = var.eks_auto_mode_enabled ? [1] : [] + content { + block_storage { + enabled = true + } + } + } + enabled_cluster_log_types = var.cluster_logging depends_on = [ aws_iam_role_policy_attachment.cluster-AmazonEKSClusterPolicy, aws_iam_role_policy_attachment.cluster-AmazonEKSServicePolicy, + aws_iam_role_policy_attachment.cluster_AmazonEKSComputePolicy, + aws_iam_role_policy_attachment.cluster_AmazonEKSBlockStoragePolicy, + aws_iam_role_policy_attachment.cluster_AmazonEKSLoadBalancingPolicy, + aws_iam_role_policy_attachment.cluster_AmazonEKSNetworkingPolicy, ] tags = local.tags @@ -104,6 +136,26 @@ resource "aws_iam_role_policy_attachment" "cluster-AmazonEKSServicePolicy" { role = aws_iam_role.cluster.name } +resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSComputePolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSComputePolicy" + role = aws_iam_role.cluster.name +} + +resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSLoadBalancingPolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy" + role = aws_iam_role.cluster.name +} + +resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSNetworkingPolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy" + role = aws_iam_role.cluster.name +} + +resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSBlockStoragePolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy" + role = aws_iam_role.cluster.name +} + resource "helm_release" "calico" { count = var.calico_enabled ? 1 : 0 diff --git a/node_role.tf b/node_role.tf index 444eb1f..3f2c224 100644 --- a/node_role.tf +++ b/node_role.tf @@ -30,6 +30,11 @@ resource "aws_iam_role_policy_attachment" "node-AmazonEC2ContainerRegistryReadOn role = aws_iam_role.node.name } +resource "aws_iam_role_policy_attachment" "node_AmazonEKSWorkerNodeMinimalPolicy" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy" + role = aws_iam_role.node.name +} + resource "aws_iam_role_policy_attachment" "node_role_policies" { count = length(var.node_role_policies) policy_arn = var.node_role_policies[count.index] diff --git a/variables.tf b/variables.tf index 63ee9d8..7877ad1 100644 --- a/variables.tf +++ b/variables.tf @@ -461,3 +461,8 @@ variable "s3_csi_bucket_names" { default = [""] } +variable "eks_auto_mode_enabled" { + description = "Enable Auto Mode for EKS cluster" + type = bool + default = true +}