This module is responsible for the EKS Worker Nodes in the EKS cluster
topology. You must launch a control plane in order
for the worker nodes to function. See the eks-cluster-control-plane module for
managing an EKS control plane.
How do you use this module?
See the root README for instructions on using Terraform modules.
See variables.tf for all the variables you can set on this module.
See outputs.tf for all the variables that are outputed by this module.
Differences with managed node groups
See the [Differences with self managed workers] section in the documentation for eks-cluster-managed-workers
module for a detailed overview of differences with EKS Managed Node Groups.
What should be included in the user-data script?
In order for the EKS worker nodes to function, it must register itself to the Kubernetes API run by the EKS control
plane. This is handled by the bootstrap script provided in the EKS optimized AMI. The user-data script should call the
bootstrap script at some point during its execution. You can get this information from the eks-cluster-control-plane
module.
EKS clusters using Kubernetes version 1.14 and above automatically create a managed security group known as the cluster
security group. The cluster security group is designed to allow all traffic from the control plane and worker nodes to
flow freely between each other. This security group has the following rules:
Allow Kubernetes API traffic between the security group and the control plane security group.
Allow all traffic between instances of the security group ("ingress all from self").
Allow all outbound traffic.
EKS will automatically use this security group for the underlying worker instances used with managed node groups or
Fargate. This allows traffic to flow freely between Fargate Pods and worker instances managed with managed node groups.
You can read more about the cluster security group in the AWS
docs.
By default this module will attach two security groups to the worker nodes managed by the module:
The cluster security group.
A custom security group that can be extended with additional rules.
You can attach additional security groups to the nodes using the var.additional_security_group_ids input variable.
If you would like to avoid the cluster security group (this is useful if
you wish to isolate at the network level the workers managed by this module from other workers in your cluster like
Fargate, Managed Node Groups, or other self managed ASGs), set the use_cluster_security_group input variable to
false. With this setting, the module will apply recommended security group rules to the custom group to allow the node
to function as a EKS worker. The rules used for the new security group are based on the recommendations provided by
AWS for configuring
an EKS cluster.
<a name="how-to-extend-security-group"></a>How do you add additional security group rules?
To add additional security group rules to the EKS cluster worker nodes, you can use the
aws_security_group_rule resource, and set its
security_group_id argument to the Terraform output of this module called eks_worker_security_group_id for the worker
nodes. For example, here is how you can allow the EC2 Instances in this cluster to allow incoming HTTP requests on port
8080:
Note: The security group rules you add will apply to ALL Pods running on these EC2 Instances. There is currently no
way in EKS to manage security group rules on a per-Pod basis. Instead, rely on Kubernetes Network
Policies to restrict network access within a
Kubernetes cluster.
What IAM policies are attached to the EKS Cluster?
This module will create IAM roles for the EKS cluster worker nodes with the minimum set of policies necessary
for the cluster to function as a Kubernetes cluster. The policies attached to the roles are the same as those documented
in the AWS getting started guide for EKS.
How do you add additional IAM policies?
To add additional IAM policies to the EKS cluster worker nodes, you can use the
aws_iam_role_policy or
aws_iam_policy_attachment resources, and set
the IAM role id to the Terraform output of this module called eks_worker_iam_role_name for the worker nodes. For
example, here is how you can allow the worker nodes in this cluster to access an S3 bucket:
Note: The IAM policies you add will apply to ALL Pods running on these EC2 Instances. See the How do I associate
IAM roles to the Pods? section of the
eks-cluster-control-plane module README for more fine-grained allocation of IAM credentials to Pods.
How do I SSH into the nodes?
This module provides options to allow you to SSH into the worker nodes of an EKS cluster that are managed by this
module. To do so, you must first use an AMI that is configured to allow SSH access. Then, you must setup the auto
scaling group to launch instances with a known keypair that you have access to by using the
cluster_instance_keypair_name option of the module. Finally, you need to configure the security group of the worker
node to allow access to the port for SSH by extending the security group of the worker nodes by following the guide
above. This will allow SSH access to the instance using the specified keypair, provided
the server AMI is configured to run the ssh daemon.
Note: Using a single key pair shared with your whole team for all of your SSH access is not secure. For a more
secure option that allows each developer to use their own SSH key, and to manage server access via IAM or your Identity
Provider (e.g. Google, ADFS, Okta, etc), see ssh-grunt.
How do I roll out an update to the instances?
Terraform and AWS do not provide a way to automatically roll out a change to the Instances in an EKS Cluster. Due to
Terraform limitations (see here for a discussion), there is
currently no way to implement this purely in Terraform code. Therefore, we've embedded this functionality into
kubergrunt that can do a zero-downtime roll out for you.
How do I perform a blue green release to roll out new versions of the module?
Gruntwork tries to provide migration paths that avoid downtime when rolling out new versions of the module. These are
usually implemented as feature flags, or a list of state migration calls that allow you to avoid a resource recreation.
However, it is not always possible to avoid a resource recreation with AutoScaling Groups.
When it is not possible to avoid resource recreation, you can perform a blue-green release of the worker pool. In this
deployment model, you can deploy a new worker pool using the updated version, and migrate the Kubernetes workload to the
new cluster prior to spinning down the old one.
The following are the steps you can take to perform a blue-green release for this module:
Add a new module block that calls the eks-cluster-workers module using the new version, leaving the old module block
with the old version untouched. E.g.,
# old version
module "workers" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-workers?ref=v0.37.2"
# other args omitted for brevity
}
# new version
module "workers_next_version" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-workers?ref=v0.38.0"
# other args omitted for brevity
}
This will spin up the new worker pool on the updated version in parallel with the old workers, without touching the
old ones.
Make sure to add the IAM role for the new worker set to the aws-auth ConfigMap so that the workers can authenticate
to the Kubernetes API. This can be done by adding the eks_worker_iam_role_arn output of the new module block to the
eks_worker_iam_role_arns input list for the module call to eks-k8s-role-mapping.
Verify that the new workers are registered to the Kubernetes cluster by checking the output of kubectl get nodes. If
the nodes are not in the list, or don't reach the Ready state, you will want to troubleshoot by introspecting the
system logs.
Once the new workers are up and registered to the Kubernetes Control Plane, you can run kubectl cordon and kubectl drain on each instance in the old ASG to transition the workload over to the new worker pool. kubergrunt provides
a helper command to make it easier to run this:
This command will cordon and drain all the nodes associated with the given ASGs.
Once the workload is transitioned, you can tear down the old worker pool by dropping the old module block and running
terraform apply.
How do I enable cluster auto-scaling?
This module will not automatically scale in response to resource usage by default, the
autoscaling_group_configurations.*.max_size option is only used to give room for new instances during rolling updates.
To enable auto-scaling in response to resource utilization, you must set the include_autoscaler_discovery_tags input
variable to true and also deploy the Kubernetes Cluster Autoscaler module.
Note that the cluster autoscaler supports ASGs that manage nodes in a single availability zone or ASGs that manage nodes in multiple availability zones. However, there is a caveat:
If you intend to use EBS volumes, you need to make sure that the autoscaler scales the correct ASG for pods that are localized to the availability zone. This is because EBS volumes are local to the availability zone. You need to carefully provision the managed node groups such that you have one group per AZ if you wish to use the cluster autoscaler in this case, which you can do by ensuring that the subnet_ids in each autoscaling_group_configurations input map entry come from the same AZ.
You can certainly use a single ASG that spans multiple AZs if you don't intend to use EBS volumes.
AWS now supports EFS as a persistent storage solution with EKS. This can be used with ASGs that span a single or multiple AZs.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"d7b8b57e78ff984975a1181b4d075e02ab820e2f"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"892467768667b771c06e8dd6ff7c7fba1919809f"}]},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"bfc15743d4328afefce082a0c1f1a7e94c2c7019"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"5572d654afb9977c494772ccc3dfb8b26b2d2cec"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"4d7d85a37b224e4ec798f28d4202059cd03a9178"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"1fa95dac5dc8a9b5f5cb33fcdf9bb4d085f6f155"},{"name":"GRUNTWORK_PHILOSOPHY.md","path":"GRUNTWORK_PHILOSOPHY.md","sha":"02d9873a74c99fe6d9b6b26bd9f8eb4a7a699c32"},{"name":"LICENSE.md","path":"LICENSE.md","sha":"a2cf01ecdd725fddd718ab91c80c115882c94f3c"},{"name":"README.adoc","path":"README.adoc","sha":"46adca5b06db322cee1dc8e20d88dc457a75f559"},{"name":"_docs","children":[{"name":"eks-architecture.png","path":"_docs/eks-architecture.png","sha":"b4c9c46f88ed465c5575e915af54ad9920b56941"},{"name":"eks-icon.png","path":"_docs/eks-icon.png","sha":"83a29dc46e7bc6234ba5bb825e8ae283c56229a0"},{"name":"iam-role-icon.png","path":"_docs/iam-role-icon.png","sha":"c05bb05e6caae9b9db46505ce505a386f21fa2e4"}]},{"name":"core-concepts.md","path":"core-concepts.md","sha":"348a0f2131a64a1ff9fc8d9ca142228be88fce26"},{"name":"examples","children":[{"name":"README.md","path":"examples/README.md","sha":"93b72e051adc393d5ef2daadad4ab6c49f8fbae2"},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"examples/eks-cluster-managed-workers/README.md","sha":"dfeb410bdf56b810e03ba3e73e9bb93d79e97452"},{"name":"dependencies.tf","path":"examples/eks-cluster-managed-workers/dependencies.tf","sha":"756ddc34328bd4de3a615f5369bf71cc3cffafdc"},{"name":"main.tf","path":"examples/eks-cluster-managed-workers/main.tf","sha":"dda8a0edf5b2b0db33e520dacf6ad1cc99b994ae"},{"name":"outputs.tf","path":"examples/eks-cluster-managed-workers/outputs.tf","sha":"84532a8cc37bbcb322e11d554713d98036d12b34"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-managed-workers/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-managed-workers/variables.tf","sha":"ad4167ad759f2d5118edc220269ada51cea1bff0"}]},{"name":"eks-cluster-with-argocd","children":[{"name":"README.md","path":"examples/eks-cluster-with-argocd/README.md","sha":"a4501dd1636f41fef573d730601d781998984919"},{"name":"argocd","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/argocd/dependencies.tf","sha":"9fb708d6ce688d0c167d9fec0d6c1739e02a3d89"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/argocd/main.tf","sha":"30d91c59d2af7d6f360ecbd98c5399dd92df458f"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/argocd/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/argocd/variables.tf","sha":"4080eb586a0fc43d2380495590b5fc0b048ecbb2"}]},{"name":"core-services","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/core-services/dependencies.tf","sha":"e0355c17476f86787dd04663fe2dbece2b710b90"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/core-services/main.tf","sha":"2e672896707add80998ace20728ff7cf80754574"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/core-services/outputs.tf","sha":"b7b6da1a4da0ed22f2ebf7b9be1a4b5526be0fac"},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/core-services/variables.tf","sha":"e8ade05707b0ccea184b2fd9f89115a3b9e44dbd"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/dependencies.tf","sha":"756ddc34328bd4de3a615f5369bf71cc3cffafdc"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/main.tf","sha":"0fd7fe2a275ef207fdd042e8778d919616011bfa"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/outputs.tf","sha":"2e17cf19632aab9deb96adc2650ccf0e6e103379"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-with-argocd/eks-cluster/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/variables.tf","sha":"ad4167ad759f2d5118edc220269ada51cea1bff0"}]}]},{"name":"eks-cluster-with-iam-role-mappings","children":[{"name":"README.md","path":"examples/eks-cluster-with-iam-role-mappings/README.md","sha":"7491b8b28b06af093a3d21a2b005b550c79275c9"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-iam-role-mappings/dependencies.tf","sha":"1e257e8ae253547bcfb04b1623f77cd3a2278e10"},{"name":"main.tf","path":"examples/eks-cluster-with-iam-role-mappings/main.tf","sha":"312ec063c0e5e32e258f296bf8639853e2faebf0"},{"name":"outputs.tf","path":"examples/eks-cluster-with-iam-role-mappings/outputs.tf","sha":"e641213ad585fffe0f165b9a543d54c9175a1a7d"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-cluster-with-iam-role-mappings/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-iam-role-mappings/variables.tf","sha":"12d0a64f424f903d48d933bc6baa0810ee7783dc"}]},{"name":"eks-cluster-with-karpenter","children":[{"name":"README.md","path":"examples/eks-cluster-with-karpenter/README.md","sha":"4b4ade7a903d04c8f0d62be82e517e5326eaf578"},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/dependencies.tf","sha":"ef416c5c7892cc1ecd336e03fa561da2a168b22e"},{"name":"main.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/main.tf","sha":"e932e1ea077222db1580ee61b5e203b66c1872dc"},{"name":"outputs.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/outputs.tf","sha":"d54b64231c431c0acffd6815acbd17984b5e2638"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-with-karpenter/eks-cluster/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/variables.tf","sha":"f2bd60fbe430bfd6e1b55bcd01fe8ebd590559fa"}]},{"name":"karpenter","children":[{"name":"charts","children":[{"name":"karpenter-configs","children":[{"name":"Chart.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/Chart.yaml","sha":"15886e5f4ef435fbd4dc1c72bd12f9fbe222654b"},{"name":"templates","children":[{"name":"default-ec2nodeclass.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/templates/default-ec2nodeclass.yaml","sha":"d89089b956f1848debf16e6e71ae2cfaf63fab6f"},{"name":"default-nodepool.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/templates/default-nodepool.yaml","sha":"420a211ab98ea21cf4c3b9c4ee9a473d35be1b18"}]},{"name":"values.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/values.yaml","sha":"085642406b8f4b6c41141a99130fb882667e0afd"}]}]},{"name":"dependencies.tf","path":"examples/eks-cluster-with-karpenter/karpenter/dependencies.tf","sha":"966635e08d7ea0fcf34792e5e6350ada435eff6a"},{"name":"main.tf","path":"examples/eks-cluster-with-karpenter/karpenter/main.tf","sha":"d3ab807ec7d746646cf6dea6a7f431a93946a992"},{"name":"outputs.tf","path":"examples/eks-cluster-with-karpenter/karpenter/outputs.tf","sha":"e8773142fccab54fad250e4b7c8da5a5f3c10f0f"},{"name":"templates","children":[{"name":"nginx-values.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/templates/nginx-values.yaml","sha":"a6924778ed01fda8375d708e7582db439d664fa6"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-karpenter/karpenter/variables.tf","sha":"41443cb69e188df9a658bd9858d359d9ceb2dc48"}]}]},{"name":"eks-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/README.md","sha":"b1882c2dfbf1e0db6436ca45839f4a4c83813b87"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/core-services/README.md","sha":"ec11e4899d4ca1a898fbf5b5a77bcff8555c2e64"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/core-services/dependencies.tf","sha":"977c72682567c034c4effe391757cab2f342086f"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/core-services/main.tf","sha":"5fe61a30ecd3e23952e91d7b68c669eb85e1256a"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/core-services/outputs.tf","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/core-services/variables.tf","sha":"e8ade05707b0ccea184b2fd9f89115a3b9e44dbd"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/eks-cluster/README.md","sha":"8a60a01004a93bbbf2091b730f0207f6dd2cc07e"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"abce3f302a956114f394e4c5025a4aaf2b9da148"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/main.tf","sha":"3cd060facf31859042695171d2f0ab0b3fd14e35"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"be23a13dd6f4063be394b8ca7358b631d50fab8a"},{"name":"user-data","children":[{"name":"app_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/app_worker_user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"},{"name":"core_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/core_worker_user_data.sh","sha":"0fa26153108b3d030ceeaae777aeb0a7e115404e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"a4266ef423dfc69143cf004e2da7e9753c0d80d2"}]},{"name":"nginx-service","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/nginx-service/README.md","sha":"31221d1b06df0b3207e8c5a58ecd165250187619"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"0176248910eed450c12b54d10e3d74c8702c17ca"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/main.tf","sha":"6ffb3f1bc31635e4764cac5035d4ae48e894d985"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"f9be5310abb29e3310d77bbb8a025ef90f15dc5a"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/variables.tf","sha":"36ea6f8a36b19e34dbeeb25ae7e5fcf30c956b0f"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/packer/README.md","sha":"2e3d40d4297cbd7cbdfb2172c38b0c479ea2e7ee"},{"name":"build.pkr.hcl","path":"examples/eks-cluster-with-supporting-services/packer/build.pkr.hcl","sha":"73072f860b987106ca3f90172e73d3b1e8d0061e"}]}]},{"name":"eks-fargate-cluster-with-argocd","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-argocd/README.md","sha":"7115776901baa2362222195afd48edbfbc4e4dd7"},{"name":"argocd","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/dependencies.tf","sha":"edac96d132bc7425e886356bdb529375079f3af0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/main.tf","sha":"ca985a4f8e00fbbf7b9dc27bec0911032f4acc00"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/variables.tf","sha":"b7bd683967ed8d49b98a5349a87478c8582c6d1f"}]},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-argocd/core-services/README.md","sha":"5a479eadaae31051bc6922443018683051f2ef9c"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/dependencies.tf","sha":"96c15ff4a702a70e6f8a1234b6a5e02fd41e38b7"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/main.tf","sha":"fcbc668aeb236775d5375a689c48ed9e953a435a"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/variables.tf","sha":"fe40dd3758a52a0bce8342e95cec25b23db232ff"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/dependencies.tf","sha":"f0730837927bfc77f4208917dfb9186789d607e0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/main.tf","sha":"a9b2bd905512f3ce71863ff785337879909827c0"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/outputs.tf","sha":"be823054868d3e9d3fbf88dccb707dc6a33aa1ce"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/variables.tf","sha":"226f6d698bfb15170c92d37ede17bc9e87769411"}]}]},{"name":"eks-fargate-cluster-with-irsa","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-irsa/README.md","sha":"2ef7cf26c31533e74f1cc2b0b33489237b313b76"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-irsa/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-irsa/main.tf","sha":"87b167283fb34b864baf961cbedd7056b0430819"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-irsa/outputs.tf","sha":"f059d7b74ffbfb06a0868d6d0a5d1831c8f45f10"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-irsa/variables.tf","sha":"4ffee6eb9cfc5992a6950329a34aa8926ff99c58"}]},{"name":"eks-fargate-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/README.md","sha":"49bdbe1483a7133cab1b345bb1ed9cf994dac786"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/README.md","sha":"18cf6d3c8a4b2de11a41517121d3292fc632e1ec"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/dependencies.tf","sha":"977c72682567c034c4effe391757cab2f342086f"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/main.tf","sha":"92e18d821c235b09b01f378f04731ce8309c800a"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/variables.tf","sha":"c878e34d13bce307523d30bd2741fc64a29e54c4"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"243348214af559f81518ede4871dd10670813ed0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/main.tf","sha":"4808ac8882cff18e2afb5dfe4cd774b79acf6729"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"edddf9a6ab6f5927db366689db79e1b91db9d8c8"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"91dc1b516181f1caf64bc8fda4bbcfe148d77cd0"}]},{"name":"nginx-service","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"0176248910eed450c12b54d10e3d74c8702c17ca"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/main.tf","sha":"4971f1c23b7cd98e10b0001089386cf2df332893"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"7faf0150a3336c47a2a9c0195172b6c249db9efe"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/variables.tf","sha":"d3c166441cdc556b0839930fbc281b7e8a1bd57f"}]}]},{"name":"eks-fargate-cluster","children":[{"name":"README.md","path":"examples/eks-fargate-cluster/README.md","sha":"d4327780c978b563d52ea7ff6772ab9f95447eb0"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-fargate-cluster/main.tf","sha":"e0a4e083034e7f9a82b2efec7e6ba15db1b8f7db"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster/outputs.tf","sha":"b95747230a76d29eb3b00093e6c4d20be776dfdf"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-fargate-cluster/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster/variables.tf","sha":"e51008c81e4a765a06a0ddc9c7b699274b841f3b"}]},{"name":"eks-private-fargate-cluster","children":[{"name":"README.md","path":"examples/eks-private-fargate-cluster/README.md","sha":"f97e1789cdcca547e546dc9d6671d1b504e33237"},{"name":"dependencies.tf","path":"examples/eks-private-fargate-cluster/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-private-fargate-cluster/main.tf","sha":"990ede84d7ed97629f5b405beb9aa5ef46e68488"},{"name":"outputs.tf","path":"examples/eks-private-fargate-cluster/outputs.tf","sha":"be8cfb1ba6c42ffb4ff5b80053c47193e82e2652"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-private-fargate-cluster/user-data/user-data.sh","sha":"384647634c0337e04dc3c333680afb23e83144d4"}]},{"name":"variables.tf","path":"examples/eks-private-fargate-cluster/variables.tf","sha":"b6b6f6fa5dda8b37a0d43fb90376cfc8160403f2"}]}]},{"name":"getting-started.md","path":"getting-started.md","sha":"efc2b81e978a6a15584735c405f49012f930791e"},{"name":"gruntwork-gitops.md","path":"gruntwork-gitops.md","sha":"ff7e953aa2d29d3399dad67e72a618d66240ebee"},{"name":"modules","children":[{"name":"eks-alb-ingress-controller-iam-policy","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller-iam-policy/README.md","sha":"c87be2ee00f8f59403f827303915b5a70c602002"},{"name":"iampolicy.json.templ","path":"modules/eks-alb-ingress-controller-iam-policy/iampolicy.json.templ","sha":"0bdfeee16510453f92ffc5c72dcc1dbeae77a6f1"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller-iam-policy/main.tf","sha":"54941b67e9654757869a9267ee800850b9037af9"},{"name":"outputs.tf","path":"modules/eks-alb-ingress-controller-iam-policy/outputs.tf","sha":"b551b0bcc6eb1b43bfff1606696566658564cfb4"},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller-iam-policy/variables.tf","sha":"ae1260926827cbb952350870775070ac0ad11fdf"}]},{"name":"eks-alb-ingress-controller","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller/README.md","sha":"674460e96524b7c471bcd145fc63ffda572f6dd6"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller/main.tf","sha":"305fd943c3e96820d6238d1adf8c462c70f1d17a"},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller/variables.tf","sha":"f83cae02a40977d03949f9dbb891d8bad1328eb3"}]},{"name":"eks-aws-auth-merger","children":[{"name":"Dockerfile","path":"modules/eks-aws-auth-merger/Dockerfile","sha":"7ea4368aec11173357f33047d5fc9f5c6cdbd463"},{"name":"README.adoc","path":"modules/eks-aws-auth-merger/README.adoc","sha":"404f623f7c0ca289d32d51788f8f6cb1538fcb7e"},{"name":"aws-auth-merger","children":[{"name":"aws_auth_merger.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/aws_auth_merger.go","sha":"dc516a60ba7fe184c4566ecb2bf77c22d83f0f56"},{"name":"aws_auth_merger_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/aws_auth_merger_test.go","sha":"218a7dbb20c3e5ba80e6540156a81241360c6930"},{"name":"cli.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/cli.go","sha":"e59602c3f30025d24db02d9362c3ff4f07a27abd"},{"name":"configmap_watch_controller.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/configmap_watch_controller.go","sha":"a0f8c6befb7a40e1b6f35bbe93e90c7054f3536c"},{"name":"debouncer.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/debouncer.go","sha":"1d9ddd27a9db243fd250eb4b8672a44edb63e7ff"},{"name":"debouncer_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/debouncer_test.go","sha":"e6cd8e44503b4dea3e81b26ff20db39c35c8c72e"},{"name":"go.mod","path":"modules/eks-aws-auth-merger/aws-auth-merger/go.mod","sha":"f2e37c8c3bb5b3d130d0868ea0957ae1280a45b0"},{"name":"go.sum","path":"modules/eks-aws-auth-merger/aws-auth-merger/go.sum","sha":"397fa92255619bef049216a5ebbe5bfbc95e09fa"},{"name":"main.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/main.go","sha":"caa9ef8bda3af991c3c088fa20b80d9696b9dcb5"},{"name":"mapping.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/mapping.go","sha":"04ad904821a3530a3dea9930b74081d95330d73f"},{"name":"mapping_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/mapping_test.go","sha":"02c91e45a128d6c306ec42a548ac9023df350e78"}]},{"name":"core-concepts.md","path":"modules/eks-aws-auth-merger/core-concepts.md","sha":"2da0061c35747e9f280f8a440adfc4534da40fa4"},{"name":"main.tf","path":"modules/eks-aws-auth-merger/main.tf","sha":"e4ffd5b768b22dad9f9f49b844d66b34221a408e"},{"name":"outputs.tf","path":"modules/eks-aws-auth-merger/outputs.tf","sha":"d733fb246403f97ac011cbedf3f1d2761badef82"},{"name":"variables.tf","path":"modules/eks-aws-auth-merger/variables.tf","sha":"429e5990df785c4c01c4a07668d41ce648e4e68b"}]},{"name":"eks-cloudwatch-agent","children":[{"name":"README.md","path":"modules/eks-cloudwatch-agent/README.md","sha":"fa78952ef636c021ce85246dc89955ae87c16f32"},{"name":"main.tf","path":"modules/eks-cloudwatch-agent/main.tf","sha":"eb170d9962c9b28b7aa0c3c28751c3e4be219672"},{"name":"outputs.tf","path":"modules/eks-cloudwatch-agent/outputs.tf","sha":"7061ed458fec528c8b8b587291f0eccb4324fb72"},{"name":"variables.tf","path":"modules/eks-cloudwatch-agent/variables.tf","sha":"5bb5fdf994036c472b0f5e4b162895ccd018c6e8"}]},{"name":"eks-cluster-control-plane","children":[{"name":"README.md","path":"modules/eks-cluster-control-plane/README.md","sha":"e8a0fa5defdc96d36d7a1c3a48159b152340fc9e"},{"name":"dependencies.tf","path":"modules/eks-cluster-control-plane/dependencies.tf","sha":"f33b4c9962a861cf7203fe7a90fbc86478d7a143"},{"name":"main.tf","path":"modules/eks-cluster-control-plane/main.tf","sha":"ef9361e45bddc3687169759ff43de98592b3bc20"},{"name":"outputs.tf","path":"modules/eks-cluster-control-plane/outputs.tf","sha":"2fdd25d917d7525a5e891f16c8970b3fb2fd2f5a"},{"name":"scripts","children":[{"name":"find_and_run_kubergrunt.py","path":"modules/eks-cluster-control-plane/scripts/find_and_run_kubergrunt.py","sha":"889a0de78b1f71c7b7329acfea97f9e1c7a34e46"}]},{"name":"templates","children":[{"name":"kubectl_config.tpl","path":"modules/eks-cluster-control-plane/templates/kubectl_config.tpl","sha":"4eadcc7bd5c167feb6100efb17052a96ac83bba8"}]},{"name":"variables.tf","path":"modules/eks-cluster-control-plane/variables.tf","sha":"fde502d5f4d0bb6d02fef09fbfb36c8262d307e8"}]},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"modules/eks-cluster-managed-workers/README.md","sha":"3a16f897364248d95f5ab96e064b26ad580bd29f"},{"name":"main.tf","path":"modules/eks-cluster-managed-workers/main.tf","sha":"886e165b6bceb9dcc5ecf40204245b3768e133ac"},{"name":"outputs.tf","path":"modules/eks-cluster-managed-workers/outputs.tf","sha":"0717106e35f73f355972e05b9b8c5e2ea94434f4"},{"name":"variables.tf","path":"modules/eks-cluster-managed-workers/variables.tf","sha":"af41ba4053fa077613dcc7cd0231b05e8b965829"}]},{"name":"eks-cluster-workers-cross-access","children":[{"name":"README.md","path":"modules/eks-cluster-workers-cross-access/README.md","sha":"6c4e50bda62acc6c06d836488ef54f7119f27aee"},{"name":"main.tf","path":"modules/eks-cluster-workers-cross-access/main.tf","sha":"87d4af7235258cf5d2213eace0f77155ada53f65"},{"name":"outputs.tf","path":"modules/eks-cluster-workers-cross-access/outputs.tf","sha":"c6c7f7a89007c55be5470ffd639c05c3fb052ad7"},{"name":"variables.tf","path":"modules/eks-cluster-workers-cross-access/variables.tf","sha":"d64aab893b6e909416189e985f072dd8809dfa2f"}]},{"name":"eks-cluster-workers","children":[{"name":"README.md","path":"modules/eks-cluster-workers/README.md","sha":"13dca344372f0c7492ab813a42ab7cefaa975fe3","toggled":true},{"name":"dependencies.tf","path":"modules/eks-cluster-workers/dependencies.tf","sha":"d177e89ddc5cb6b4ab5b36ec96fd1ec22a008a49"},{"name":"main.tf","path":"modules/eks-cluster-workers/main.tf","sha":"5528efe62ea62eebc852a61f273caad3b5690ac5"},{"name":"outputs.tf","path":"modules/eks-cluster-workers/outputs.tf","sha":"aeab5d8ac0fd110798c22c067baf8ba559605fbf"},{"name":"variables.tf","path":"modules/eks-cluster-workers/variables.tf","sha":"82ebe162ab2fc342192feca65a8f96868223b130"}],"toggled":true},{"name":"eks-container-logs","children":[{"name":"README.md","path":"modules/eks-container-logs/README.md","sha":"b0ceb4671329b00a0f2003bd0d08589c12ea83ed"},{"name":"main.tf","path":"modules/eks-container-logs/main.tf","sha":"8d40a23bbbb8d8e076d78f80bc33c136c65519a5"},{"name":"outputs.tf","path":"modules/eks-container-logs/outputs.tf","sha":"7061ed458fec528c8b8b587291f0eccb4324fb72"},{"name":"variables.tf","path":"modules/eks-container-logs/variables.tf","sha":"ebc356572e8b3a325aecfaebe6213d812b135da1"}]},{"name":"eks-ebs-csi-driver","children":[{"name":"README.md","path":"modules/eks-ebs-csi-driver/README.md","sha":"5093c00ffdc285ac8f0d94858ec1cd19de845395"},{"name":"main.tf","path":"modules/eks-ebs-csi-driver/main.tf","sha":"81b6ba94d9febdcc34713fd226e970fc42889e2d"},{"name":"outputs.tf","path":"modules/eks-ebs-csi-driver/outputs.tf","sha":"8780f7f757b1d06c68136902283428a94c367f28"},{"name":"variables.tf","path":"modules/eks-ebs-csi-driver/variables.tf","sha":"3dc60858763b225b34a49363cf4fe36dfd897115"}]},{"name":"eks-fargate-container-logs","children":[{"name":"README.md","path":"modules/eks-fargate-container-logs/README.md","sha":"7ac3892272260b9af994dfbe50aded64d54b58cf"},{"name":"main.tf","path":"modules/eks-fargate-container-logs/main.tf","sha":"1add1acb38aa94f5244d4f874955f3a12b141ee2"},{"name":"outputs.tf","path":"modules/eks-fargate-container-logs/outputs.tf","sha":"2ed65ae0ecffdfb49281bcb32fd90a4f71d3a016"},{"name":"variables.tf","path":"modules/eks-fargate-container-logs/variables.tf","sha":"83547c699653a578e35542822b547aa0abff6724"}]},{"name":"eks-iam-role-assume-role-policy-for-service-account","children":[{"name":"README.md","path":"modules/eks-iam-role-assume-role-policy-for-service-account/README.md","sha":"efbbbd70fea3661c662750768facb7950239ffa3"},{"name":"main.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/main.tf","sha":"bf89695ecffb107b86de783847ae3c7de2f9c40e"},{"name":"outputs.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/outputs.tf","sha":"c2910cec89910bb06a157311ac8c4bf72835dfe5"},{"name":"variables.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/variables.tf","sha":"763803eda0d225bb23642767306d5e150977253d"}]},{"name":"eks-k8s-argocd","children":[{"name":"README.md","path":"modules/eks-k8s-argocd/README.md","sha":"aa8371a21947f3dfa4185ffc89894f38fde7cc58"},{"name":"main.tf","path":"modules/eks-k8s-argocd/main.tf","sha":"9f7b64f1b76afcf1ffdfa28a489bd07d63a3a1b5"},{"name":"outputs.tf","path":"modules/eks-k8s-argocd/outputs.tf","sha":"cb9f236128127bb1b2028bc60b2a7f3becc36ac3"},{"name":"variables.tf","path":"modules/eks-k8s-argocd/variables.tf","sha":"641a3273fe0695184c193951dc8aa9ac8774868d"}]},{"name":"eks-k8s-cluster-autoscaler-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/README.md","sha":"591a2e965b97691e43bd72ad9700c62653933072"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/main.tf","sha":"87a34a568b7fd21284daeee05115c36786c7e603"},{"name":"outputs.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/outputs.tf","sha":"8b6c4e1747b3fa6a88c6233ec87aa2f450dfd334"},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/variables.tf","sha":"9a84237a22fda8781ee303dc15d574c69e1b1520"}]},{"name":"eks-k8s-cluster-autoscaler","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler/README.md","sha":"720c5bf5ac2fae03be80ca2284cb813cbe9dda78"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler/main.tf","sha":"15288216a6ca4bd0f1cca5f417794c3dcf7772c4"},{"name":"templates","children":[{"name":"expander-priorities.tpl","path":"modules/eks-k8s-cluster-autoscaler/templates/expander-priorities.tpl","sha":"989d1ac06ad6c8fad0b71b0d9a25fcf792064819"}]},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler/variables.tf","sha":"9226a2cc13a38d2ec546a6571974aa91cf224556"}]},{"name":"eks-k8s-external-dns-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns-iam-policy/README.md","sha":"a33d41f9824e6270ef4573d6b7e22b394224689c"},{"name":"main.tf","path":"modules/eks-k8s-external-dns-iam-policy/main.tf","sha":"30ab6315a893c742b43d90ae800e1f3413fd5a5c"},{"name":"outputs.tf","path":"modules/eks-k8s-external-dns-iam-policy/outputs.tf","sha":"21604a63b741b94ea9ebffd20b18772131020fcf"},{"name":"variables.tf","path":"modules/eks-k8s-external-dns-iam-policy/variables.tf","sha":"c9d71db85ad8f3085d9ae3c3073bf46da6241b75"}]},{"name":"eks-k8s-external-dns","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns/README.md","sha":"3258c634834d26d3e973da22aaab1b2dd824a2e5"},{"name":"main.tf","path":"modules/eks-k8s-external-dns/main.tf","sha":"7e7c05df0e2ad3934f1c30751813ec2518626a1d"},{"name":"variables.tf","path":"modules/eks-k8s-external-dns/variables.tf","sha":"32aee68ec5c61992258122a6816bb8dafebf756a"}]},{"name":"eks-k8s-karpenter","children":[{"name":"README.md","path":"modules/eks-k8s-karpenter/README.md","sha":"785965c48e8f9235a9262be288e43cb554e8b14d"},{"name":"dependencies.tf","path":"modules/eks-k8s-karpenter/dependencies.tf","sha":"d66965c1a1294f44d916ca9919593ff39a6661f0"},{"name":"karpenter-upgrade-guide.md","path":"modules/eks-k8s-karpenter/karpenter-upgrade-guide.md","sha":"72720f192daba4211fa7bf835830165d2aa16bca"},{"name":"main.tf","path":"modules/eks-k8s-karpenter/main.tf","sha":"74cf2bbf36201063918f6b6acd4ce21793b4b6f9"},{"name":"migrating-to-karpenter-from-cas.md","path":"modules/eks-k8s-karpenter/migrating-to-karpenter-from-cas.md","sha":"6b1b4ab812b30f272e2692dd05f3300bec79befc"},{"name":"outputs.tf","path":"modules/eks-k8s-karpenter/outputs.tf","sha":"9702c9f17856696a76c0f47e172b8a4c9182cf2d"},{"name":"variables.tf","path":"modules/eks-k8s-karpenter/variables.tf","sha":"35a2b4a117e880b6f4d21fd74fc18c1703e951d1"}]},{"name":"eks-k8s-role-mapping","children":[{"name":"README.md","path":"modules/eks-k8s-role-mapping/README.md","sha":"2962e93307761b2356c62f0ac8068dc01f98d9f4"},{"name":"main.tf","path":"modules/eks-k8s-role-mapping/main.tf","sha":"5294a92e519efab879af245cae18197d79076196"},{"name":"outputs.tf","path":"modules/eks-k8s-role-mapping/outputs.tf","sha":"95d4d4ec652bb541b91a2844e00f68064b423e60"},{"name":"variables.tf","path":"modules/eks-k8s-role-mapping/variables.tf","sha":"8b4947f34102ce2c42d89f434ef36fbc4ed5b3b0"}]},{"name":"eks-scripts","children":[{"name":"README.md","path":"modules/eks-scripts/README.md","sha":"ecbee774470d2934bd06be0a617cf308a9e2f3fb"},{"name":"bin","children":[{"name":"map-ec2-tags-to-node-labels","path":"modules/eks-scripts/bin/map-ec2-tags-to-node-labels","sha":"5518b99c1427110c77b6ff3d2c8ef525407da15c"},{"name":"map_ec2_tags_to_node_labels.py","path":"modules/eks-scripts/bin/map_ec2_tags_to_node_labels.py","sha":"f75ad19587e95b2bd8924125ea2a1a697154909f"}]},{"name":"dev_requirements.txt","path":"modules/eks-scripts/dev_requirements.txt","sha":"f56f9d1629a85734fe16ed70f00f36b830cd97c9"},{"name":"install.sh","path":"modules/eks-scripts/install.sh","sha":"9bcc8f9f983a6304fd092c044b19b74ee0200cc1"},{"name":"requirements.txt","path":"modules/eks-scripts/requirements.txt","sha":"d0d331dd2b1483f8dcfd833d2e1d4d6220a4111a"}]},{"name":"eks-vpc-tags","children":[{"name":"README.md","path":"modules/eks-vpc-tags/README.md","sha":"b53e923baaa79718b55a272158ff9b710871a6ce"},{"name":"main.tf","path":"modules/eks-vpc-tags/main.tf","sha":"0de63bf873ca9c5020bdcf394094a00b1f215380"},{"name":"outputs.tf","path":"modules/eks-vpc-tags/outputs.tf","sha":"0ef2787cfd02ea8668c687302b1929618079a0b2"},{"name":"variables.tf","path":"modules/eks-vpc-tags/variables.tf","sha":"a6e332e9da4e473e1e42b1ca6c7b0ba139a77cfb"}]}],"toggled":true},{"name":"renovate.json","path":"renovate.json","sha":"39a2b6e9a55b8aaa96d0ee0e1c8f956c5c662e75"},{"name":"rfc","children":[{"name":"shipping-logs-to-cloudwatch.md","path":"rfc/shipping-logs-to-cloudwatch.md","sha":"77d230b88e3b760140d0e2e2b8b54fd13698ca2e"}]},{"name":"setup.cfg","path":"setup.cfg","sha":"981bc2bfd0b35029438d56c6d862a7f1519b8fe6"},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"f020dc40af74a4deed3b1530e067d79e7b5e3812"},{"name":"eks_cluster_drain_test.go","path":"test/eks_cluster_drain_test.go","sha":"62460b5f6e402b06a84331c8cb9e891abb567bc2"},{"name":"eks_cluster_integration_test.go","path":"test/eks_cluster_integration_test.go","sha":"7c083285e53b74682c143dee24df25119d8003d5"},{"name":"eks_cluster_karpenter_test.go","path":"test/eks_cluster_karpenter_test.go","sha":"40e21d63224d7c0d6c1b6e7226140606c020109f"},{"name":"eks_cluster_managed_workers_test.go","path":"test/eks_cluster_managed_workers_test.go","sha":"db216be8c1e8cda05044d6af37b65f188d4e10c3"},{"name":"eks_cluster_test_helpers.go","path":"test/eks_cluster_test_helpers.go","sha":"122d0ad86fca62d883725ea9f64cebe370ea2749"},{"name":"eks_cluster_upgrade_test.go","path":"test/eks_cluster_upgrade_test.go","sha":"84c170322efaa0cf80b0b8b3330e04a1d139d66f"},{"name":"eks_cluster_with_auth_merger_test.go","path":"test/eks_cluster_with_auth_merger_test.go","sha":"6fa2b423f6a6c30a7ae69a96dc3a233e1d9c906d"},{"name":"eks_cluster_with_iam_role_test.go","path":"test/eks_cluster_with_iam_role_test.go","sha":"76ccb120ad4c880fd352cc229691f8fabee5fc6b"},{"name":"eks_cluster_with_supporting_services_test.go","path":"test/eks_cluster_with_supporting_services_test.go","sha":"a382dd1c03c2bff947ccb62fc5e3860fd5aacc7b"},{"name":"eks_cluster_workers_optional_test.go","path":"test/eks_cluster_workers_optional_test.go","sha":"9c1398c1cd8ebe01f1d8f36349a6512f7f25171c"},{"name":"eks_envelope_encryption_test.go","path":"test/eks_envelope_encryption_test.go","sha":"a3a3e188ca2620e2fef831ed1732915cb8b24f32"},{"name":"eks_fargate_cluster_disable_public_endpoint_test.go","path":"test/eks_fargate_cluster_disable_public_endpoint_test.go","sha":"c8f8795570e5c8d9e22e5e27b41750ceb33a1332"},{"name":"eks_fargate_cluster_irsa_test.go","path":"test/eks_fargate_cluster_irsa_test.go","sha":"6199b0f6e7c7f9f5d8bc4ac77ea1ebed6e3a3479"},{"name":"eks_fargate_cluster_private_access_test.go","path":"test/eks_fargate_cluster_private_access_test.go","sha":"f9558dcf1c832616082a278cbe0e2f849ebed026"},{"name":"eks_fargate_cluster_public_access_cidr_test.go","path":"test/eks_fargate_cluster_public_access_cidr_test.go","sha":"0108e317220d505d8f8ec8eff94372b278ac425b"},{"name":"eks_fargate_cluster_test.go","path":"test/eks_fargate_cluster_test.go","sha":"697588af6d7372a17adc5d967fa22362d4c3f4bb"},{"name":"eks_fargate_cluster_with_supporting_services_test.go","path":"test/eks_fargate_cluster_with_supporting_services_test.go","sha":"6e637c902f5ea41e029d45e0c92bfacbc4e6c0fd"},{"name":"eks_mixed_cluster_dns_test.go","path":"test/eks_mixed_cluster_dns_test.go","sha":"069332615ab046026f91262ebfb3715786132895"},{"name":"errors.go","path":"test/errors.go","sha":"be062fe0205ff82db8183d0fde639aa1883013ad"},{"name":"go.mod","path":"test/go.mod","sha":"ab7bd1155b4e7158cd7dd17f17c58b8bcef4793c"},{"name":"go.sum","path":"test/go.sum","sha":"3ce9503ed1fc767773978834f4f5255164920c0e"},{"name":"kubefixtures","children":[{"name":"autoscaler-test-pods-deployment.yml","path":"test/kubefixtures/autoscaler-test-pods-deployment.yml","sha":"8bb77109c8adfd25a237f1973dd4fe36490ed7bc"},{"name":"eks-irsa-test.yml","path":"test/kubefixtures/eks-irsa-test.yml","sha":"db5439cf6d38873dbae71daa4197d6947990a94a"},{"name":"eks-k8s-role-mapping-test-role.yml","path":"test/kubefixtures/eks-k8s-role-mapping-test-role.yml","sha":"ede7587308d2a4ecf55042b05800099c43f3af7d"},{"name":"kube-system-sa-admin-binding.yml","path":"test/kubefixtures/kube-system-sa-admin-binding.yml","sha":"282d406512102cbe54e952575f26e7e0fbb2aa9a"},{"name":"nginx-deployment.yml","path":"test/kubefixtures/nginx-deployment.yml","sha":"a58866e59c113635af24982cfb0b530f0c416af0"},{"name":"robust-nginx-deployment.yml","path":"test/kubefixtures/robust-nginx-deployment.yml","sha":"b5307c53b4a00e90055d172373a23638264ff1ea"}]},{"name":"script_tests","children":[{"name":"executor.sh","path":"test/script_tests/executor.sh","sha":"458c534996fbc045081d1cfae521c090f6787a7f"},{"name":"requirements.txt","path":"test/script_tests/requirements.txt","sha":"06396f7e5a86d69eece77d50a8abeb668b32b6c5"},{"name":"test_map_ec2_tags_to_node_labels.py","path":"test/script_tests/test_map_ec2_tags_to_node_labels.py","sha":"6b88e92ac569e20ece5a35c74f053a08839e4638"},{"name":"tox.ini","path":"test/script_tests/tox.ini","sha":"8f35694ace0ae33f6935e5e779bed26d7ccdd9e8"}]},{"name":"terratest_options.go","path":"test/terratest_options.go","sha":"6aa66d97414ae9ffbfbefa97eb6a421c7d6ddc55"},{"name":"test_debug_helpers.go","path":"test/test_debug_helpers.go","sha":"c71a7a9d5b68f0f59d2518496d9f5893206b5e22"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"1eb9c6089b41d234929d0b5c7050b389a2fb954d"},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"03dcad4d2bab1add4c73ff1053a3a8dd61aa9f2c"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"74c928d0cbc2914e5cd708277bd857cb2375b660"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"eks-cluster-workers-module\">EKS Cluster Workers Module</h1><div class=\"preview__body--border\"></div><p><strong>This module provisions self managed ASGs, in contrast to <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html\" class=\"preview__body--description--blue\" target=\"_blank\">EKS Managed Node Groups</a>. See the <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-managed-workers\" class=\"preview__body--description--blue\">eks-cluster-managed-workers</a> module for a module to deploy Managed Node Groups.</strong></p>\n<p>This Terraform Module launches worker nodes for an <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/clusters.html\" class=\"preview__body--description--blue\" target=\"_blank\">Elastic Container Service for Kubernetes\nCluster</a> that you can use to run Kubernetes Pods and\nDeployments.</p>\n<p>This module is responsible for the EKS Worker Nodes in <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-control-plane/README.md#what-is-an-eks-cluster\" class=\"preview__body--description--blue\">the EKS cluster\ntopology</a>. You must launch a control plane in order\nfor the worker nodes to function. See the <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-control-plane\" class=\"preview__body--description--blue\">eks-cluster-control-plane module</a> for\nmanaging an EKS control plane.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<ul>\n<li>See the <a href=\"/repos/v0.65.4/terraform-aws-eks/README.adoc\" class=\"preview__body--description--blue\">root README</a> for instructions on using Terraform modules.</li>\n<li>See the <a href=\"/repos/v0.65.4/terraform-aws-eks/examples\" class=\"preview__body--description--blue\">examples</a> folder for example usage.</li>\n<li>See <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-workers/variables.tf\" class=\"preview__body--description--blue\">variables.tf</a> for all the variables you can set on this module.</li>\n<li>See <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-workers/outputs.tf\" class=\"preview__body--description--blue\">outputs.tf</a> for all the variables that are outputed by this module.</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"differences-with-managed-node-groups\">Differences with managed node groups</h2>\n<p>See the [Differences with self managed workers] section in the documentation for <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-managed-workers\" class=\"preview__body--description--blue\">eks-cluster-managed-workers\nmodule</a> for a detailed overview of differences with EKS Managed Node Groups.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-should-be-included-in-the-user-data-script\">What should be included in the user-data script?</h2>\n<p>In order for the EKS worker nodes to function, it must register itself to the Kubernetes API run by the EKS control\nplane. This is handled by the bootstrap script provided in the EKS optimized AMI. The user-data script should call the\nbootstrap script at some point during its execution. You can get this information from the <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-control-plane\" class=\"preview__body--description--blue\">eks-cluster-control-plane\nmodule</a>.</p>\n<p>For an example of a user data script, see the <a href=\"/repos/v0.65.4/terraform-aws-eks/examples/eks-cluster-with-iam-role-mappings/user-data/user-data.sh\" class=\"preview__body--description--blue\">eks-cluster example's user-data.sh\nscript</a>.</p>\n<p>You can read more about the bootstrap script in <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html\" class=\"preview__body--description--blue\" target=\"_blank\">the official documentation for EKS</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"which-security-group-should-i-use\">Which security group should I use?</h2>\n<p>EKS clusters using Kubernetes version 1.14 and above automatically create a managed security group known as the cluster\nsecurity group. The cluster security group is designed to allow all traffic from the control plane and worker nodes to\nflow freely between each other. This security group has the following rules:</p>\n<ul>\n<li>Allow Kubernetes API traffic between the security group and the control plane security group.</li>\n<li>Allow all traffic between instances of the security group ("ingress all from self").</li>\n<li>Allow all outbound traffic.</li>\n</ul>\n<p>EKS will automatically use this security group for the underlying worker instances used with managed node groups or\nFargate. This allows traffic to flow freely between Fargate Pods and worker instances managed with managed node groups.</p>\n<p>You can read more about the cluster security group in <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg\" class=\"preview__body--description--blue\" target=\"_blank\">the AWS\ndocs</a>.</p>\n<p>By default this module will attach two security groups to the worker nodes managed by the module:</p>\n<ul>\n<li>The cluster security group.</li>\n<li>A custom security group that can be extended with additional rules.</li>\n</ul>\n<p>You can attach additional security groups to the nodes using the <code>var.additional_security_group_ids</code> input variable.</p>\n<p>If you would like to avoid the cluster security group (this is useful if\nyou wish to isolate at the network level the workers managed by this module from other workers in your cluster like\nFargate, Managed Node Groups, or other self managed ASGs), set the <code>use_cluster_security_group</code> input variable to\n<code>false</code>. With this setting, the module will apply recommended security group rules to the custom group to allow the node\nto function as a EKS worker. The rules used for the new security group are based on <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#control-plane-worker-node-sgs\" class=\"preview__body--description--blue\" target=\"_blank\">the recommendations provided by\nAWS</a> for configuring\nan EKS cluster.</p>\n<h3 class=\"preview__body--subtitle\" id=\"a-name-how-to-extend-security-group-a-how-do-you-add-additional-security-group-rules\"><a name="how-to-extend-security-group"></a>How do you add additional security group rules?</h3>\n<p>To add additional security group rules to the EKS cluster worker nodes, you can use the\n<a href=\"https://www.terraform.io/docs/providers/aws/r/security_group_rule.html\" class=\"preview__body--description--blue\" target=\"_blank\">aws_security_group_rule</a> resource, and set its\n<code>security_group_id</code> argument to the Terraform output of this module called <code>eks_worker_security_group_id</code> for the worker\nnodes. For example, here is how you can allow the EC2 Instances in this cluster to allow incoming HTTP requests on port\n8080:</p>\n<pre>module <span class=\"hljs-string\">\"eks_workers\"</span> {\n # (arguments omitted)\n}\n<span class=\"hljs-built_in\">\nresource </span><span class=\"hljs-string\">\"aws_security_group_rule\"</span> <span class=\"hljs-string\">\"allow_inbound_http_from_anywhere\"</span> {\n <span class=\"hljs-built_in\"> type </span>= <span class=\"hljs-string\">\"ingress\"</span>\n from_port = 8080\n to_port = 8080\n protocol = <span class=\"hljs-string\">\"tcp\"</span>\n cidr_blocks = [<span class=\"hljs-string\">\"0.0.0.0/0\"</span>]\n\n security_group_id = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.eks_workers.eks_worker_security_group_id}</span>\"</span>\n}\n</pre>\n<p><strong>Note</strong>: The security group rules you add will apply to ALL Pods running on these EC2 Instances. There is currently no\nway in EKS to manage security group rules on a per-Pod basis. Instead, rely on <a href=\"https://kubernetes.io/docs/concepts/services-networking/network-policies/\" class=\"preview__body--description--blue\" target=\"_blank\">Kubernetes Network\nPolicies</a> to restrict network access within a\nKubernetes cluster.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-iam-policies-are-attached-to-the-eks-cluster\">What IAM policies are attached to the EKS Cluster?</h2>\n<p>This module will create IAM roles for the EKS cluster worker nodes with the minimum set of policies necessary\nfor the cluster to function as a Kubernetes cluster. The policies attached to the roles are the same as those documented\nin <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html\" class=\"preview__body--description--blue\" target=\"_blank\">the AWS getting started guide for EKS</a>.</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-do-you-add-additional-iam-policies\">How do you add additional IAM policies?</h3>\n<p>To add additional IAM policies to the EKS cluster worker nodes, you can use the\n<a href=\"https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html\" class=\"preview__body--description--blue\" target=\"_blank\">aws_iam_role_policy</a> or\n<a href=\"https://www.terraform.io/docs/providers/aws/r/iam_policy_attachment.html\" class=\"preview__body--description--blue\" target=\"_blank\">aws_iam_policy_attachment</a> resources, and set\nthe IAM role id to the Terraform output of this module called <code>eks_worker_iam_role_name</code> for the worker nodes. For\nexample, here is how you can allow the worker nodes in this cluster to access an S3 bucket:</p>\n<pre>module <span class=\"hljs-string\">\"eks_workers\"</span> {\n # (arguments omitted)\n}\n<span class=\"hljs-built_in\">\nresource </span><span class=\"hljs-string\">\"aws_iam_role_policy\"</span> <span class=\"hljs-string\">\"access_s3_bucket\"</span> {\n name = <span class=\"hljs-string\">\"access_s3_bucket\"</span>\n role = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.eks_workers.eks_worker_iam_role_name}</span>\"</span>\n <span class=\"hljs-built_in\"> policy </span>= <<EOF\n{\n <span class=\"hljs-string\">\"Version\"</span>: <span class=\"hljs-string\">\"2012-10-17\"</span>,\n <span class=\"hljs-string\">\"Statement\"</span>: [\n {\n <span class=\"hljs-string\">\"Sid\"</span>: <span class=\"hljs-string\">\"\"</span>,\n <span class=\"hljs-string\">\"Effect\"</span>:<span class=\"hljs-string\">\"Allow\"</span>,\n <span class=\"hljs-string\">\"Action\"</span>: <span class=\"hljs-string\">\"s3:GetObject\"</span>,\n <span class=\"hljs-string\">\"Resource\"</span>: <span class=\"hljs-string\">\"arn:aws:s3:::examplebucket/*\"</span>\n }\n ]\n}\nEOF\n}\n</pre>\n<p><strong>Note</strong>: The IAM policies you add will apply to ALL Pods running on these EC2 Instances. See the <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-cluster-control-plane/README.md#how-do-i-associate-iam-roles-to-the-pods\" class=\"preview__body--description--blue\">How do I associate\nIAM roles to the Pods?</a> section of the\n<code>eks-cluster-control-plane</code> module README for more fine-grained allocation of IAM credentials to Pods.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-ssh-into-the-nodes\">How do I SSH into the nodes?</h2>\n<p>This module provides options to allow you to SSH into the worker nodes of an EKS cluster that are managed by this\nmodule. To do so, you must first use an AMI that is configured to allow SSH access. Then, you must setup the auto\nscaling group to launch instances with a known keypair that you have access to by using the\n<code>cluster_instance_keypair_name</code> option of the module. Finally, you need to configure the security group of the worker\nnode to allow access to the port for SSH by extending the security group of the worker nodes by following <a href=\"#how-to-extend-security-group\" class=\"preview__body--description--blue\">the guide\nabove</a>. This will allow SSH access to the instance using the specified keypair, provided\nthe server AMI is configured to run the ssh daemon.</p>\n<p><strong>Note</strong>: Using a single key pair shared with your whole team for all of your SSH access is not secure. For a more\nsecure option that allows each developer to use their own SSH key, and to manage server access via IAM or your Identity\nProvider (e.g. Google, ADFS, Okta, etc), see <a href=\"/repos/terraform-aws-security/modules/ssh-grunt\" class=\"preview__body--description--blue\">ssh-grunt</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-roll-out-an-update-to-the-instances\">How do I roll out an update to the instances?</h2>\n<p>Terraform and AWS do not provide a way to automatically roll out a change to the Instances in an EKS Cluster. Due to\nTerraform limitations (see <a href=\"/repos/terraform-aws-ecs\" class=\"preview__body--description--blue\">here for a discussion</a>), there is\ncurrently no way to implement this purely in Terraform code. Therefore, we've embedded this functionality into\n<code>kubergrunt</code> that can do a zero-downtime roll out for you.</p>\n<p>Refer to the <a href=\"/repos/kubergrunt#deploy\" class=\"preview__body--description--blue\"><code>deploy</code> subcommand documentation</a> for more details on how this works.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-perform-a-blue-green-release-to-roll-out-new-versions-of-the-module\">How do I perform a blue green release to roll out new versions of the module?</h2>\n<p>Gruntwork tries to provide migration paths that avoid downtime when rolling out new versions of the module. These are\nusually implemented as feature flags, or a list of state migration calls that allow you to avoid a resource recreation.\nHowever, it is not always possible to avoid a resource recreation with AutoScaling Groups.</p>\n<p>When it is not possible to avoid resource recreation, you can perform a blue-green release of the worker pool. In this\ndeployment model, you can deploy a new worker pool using the updated version, and migrate the Kubernetes workload to the\nnew cluster prior to spinning down the old one.</p>\n<p>The following are the steps you can take to perform a blue-green release for this module:</p>\n<ul>\n<li>\n<p>Add a new module block that calls the <code>eks-cluster-workers</code> module using the new version, leaving the old module block\nwith the old version untouched. E.g.,</p>\n<pre><code># old version\nmodule "workers" {\n source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-workers?ref=v0.37.2"\n # other args omitted for brevity\n}\n\n# new version\nmodule "workers_next_version" {\n source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-workers?ref=v0.38.0"\n # other args omitted for brevity\n}\n</code></pre>\n<p>This will spin up the new worker pool on the updated version in parallel with the old workers, without touching the\nold ones.</p>\n</li>\n<li>\n<p>Make sure to add the IAM role for the new worker set to the <code>aws-auth</code> ConfigMap so that the workers can authenticate\nto the Kubernetes API. This can be done by adding the <code>eks_worker_iam_role_arn</code> output of the new module block to the\n<code>eks_worker_iam_role_arns</code> input list for the module call to <code>eks-k8s-role-mapping</code>.</p>\n</li>\n<li>\n<p>Verify that the new workers are registered to the Kubernetes cluster by checking the output of <code>kubectl get nodes</code>. If\nthe nodes are not in the list, or don't reach the <code>Ready</code> state, you will want to troubleshoot by introspecting the\nsystem logs.</p>\n</li>\n<li>\n<p>Once the new workers are up and registered to the Kubernetes Control Plane, you can run <code>kubectl cordon</code> and <code>kubectl drain</code> on each instance in the old ASG to transition the workload over to the new worker pool. <code>kubergrunt</code> provides\n<a href=\"/repos/kubergrunt#drain\" class=\"preview__body--description--blue\">a helper command</a> to make it easier to run this:</p>\n<pre><code>kubergrunt eks drain --asg-name my-asg-a --asg-name my-asg-b --asg-name my-asg-c --region us-east-2\n</code></pre>\n<p>This command will cordon and drain all the nodes associated with the given ASGs.</p>\n</li>\n<li>\n<p>Once the workload is transitioned, you can tear down the old worker pool by dropping the old module block and running\n<code>terraform apply</code>.</p>\n</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-enable-cluster-auto-scaling\">How do I enable cluster auto-scaling?</h2>\n<p>This module will not automatically scale in response to resource usage by default, the\n<code>autoscaling_group_configurations.*.max_size</code> option is only used to give room for new instances during rolling updates.\nTo enable auto-scaling in response to resource utilization, you must set the <code>include_autoscaler_discovery_tags</code> input\nvariable to <code>true</code> and also deploy the <a href=\"/repos/v0.65.4/terraform-aws-eks/modules/eks-k8s-cluster-autoscaler\" class=\"preview__body--description--blue\">Kubernetes Cluster Autoscaler module</a>.</p>\n<p>Note that the cluster autoscaler supports ASGs that manage nodes in a single availability zone or ASGs that manage nodes in multiple availability zones. However, there is a caveat:</p>\n<ul>\n<li>\n<p>If you intend to use EBS volumes, you need to make sure that the autoscaler scales the correct ASG for pods that are localized to the availability zone. This is because EBS volumes are local to the availability zone. You need to carefully provision the managed node groups such that you have one group per AZ if you wish to use the cluster autoscaler in this case, which you can do by ensuring that the <code>subnet_ids</code> in each <code>autoscaling_group_configurations</code> input map entry come from the same AZ.</p>\n</li>\n<li>\n<p>You can certainly use a single ASG that spans multiple AZs if you don't intend to use EBS volumes.</p>\n</li>\n<li>\n<p>AWS now supports EFS as a persistent storage solution with EKS. This can be used with ASGs that span a single or multiple AZs.</p>\n</li>\n</ul>\n<p>Refer to the <a href=\"https://github.com/kubernetes/autoscaler\" class=\"preview__body--description--blue\" target=\"_blank\">Kubernetes Autoscaler</a> documentation for more details.</p>\n","repoName":"terraform-aws-eks","repoRef":"v0.67.2","serviceDescriptor":{"serviceName":"EC2 Kubernetes Service (EKS) Cluster","serviceRepoName":"terraform-aws-eks","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Deploy a Kubernetes cluster on top of Amazon EC2 Kubernetes Service (EKS).","imageUrl":"eks.png","licenseType":"subscriber","technologies":["Terraform","Python","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Docker orchestration","fileName":"README.md","filePath":"/modules/eks-cluster-workers","title":"Repo Browser: EC2 Kubernetes Service (EKS) Cluster","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}