This module provisions EKS Managed Node Groups, as opposed to self managed ASGs. See the eks-cluster-workers module for a module to provision self managed worker groups.
This Terraform module launches worker nodes using EKS Managed Node
Groups that you can use to run Kubernetes
Pods and Deployments.
This module is responsible for the EKS Worker Nodes in the EKS cluster
topology. You must launch a control plane in order
for the worker nodes to function. See the eks-cluster-control-plane module for
managing an EKS control plane.
How do you use this module?
See the root README for instructions on using Terraform modules.
See variables.tf for all the variables you can set on this module.
See outputs.tf for all the variables that are outputed by this module.
Differences with self managed workers
Managed Node Groups is a feature of EKS where you rely on EKS to manage the lifecycle of your worker nodes. This
includes:
Automatic IAM role registration
Upgrades to platform versions and AMIs
Scaling up and down
Security Groups
Instead of manually managing Auto Scaling Groups and AMIs, you rely on EKS to manage those for you. This allows you to
offload concerns such as upgrading and graceful scale out of your worker pools to AWS so that you don't have to manage
them using tools like kubergrunt.
Which flavor of worker pools to use depends on your infrastructure needs. Note that you can have both managed and self
managed worker pools on a single EKS cluster, should you find the need for additional customizations.
Here is a list of additional tradeoffs to consider between the two flavors:
Managed Node Groups
Self Managed Node Groups
Graceful Scale in and Scale out
Supported automatically without needing additional tooling.
Requires specialized tooling (e.g kubergrunt) to implement.
Boot scripts
Not supported.
Supported via user-data scripts in the ASG configuration.
OS
Only supports Amazon Linux.
Supports any arbitrary AMI, including Windows.
SSH access
Only supports EC2 key pair, and restrictions by Security Group ID.
Supports any PAM customized either in the AMI or boot scripts. Also supports any arbitrary security group configuration.
EBS Volumes
Only supports adjusting the root EBS volume.
Supports any EBS volume configuration, including attaching additional block devices.
ELB
Supports automatic configuration via Kubernetes mechanisms. There is no way to manually register target groups to the ASG.
Supports both automatic configuration by Kubernetes, and manual configuration with target group registration.
GPU support
Supported via the GPU compatible EKS Optimized AMI.
Supported via a GPU compatible AMI.
How do I enable cluster auto-scaling?
This module will not automatically scale in response to resource usage by default, the
autoscaling_group_configurations.*.max_size option is only used to give room for new instances during rolling updates.
To enable auto-scaling in response to resource utilization, deploy the Kubernetes Cluster Autoscaler module.
Note that the cluster autoscaler supports ASGs that manage nodes in a single availability zone or ASGs that manage nodes in multiple availability zones. However, there is a caveat:
If you intend to use EBS volumes, you need to make sure that the autoscaler scales the correct ASG for pods that are localized to the availability zone. This is because EBS volumes are local to the availability zone. You need to carefully provision the managed node groups such that you have one group per AZ if you wish to use the cluster autoscaler in this case, which you can do by ensuring that the subnet_ids in each autoscaling_group_configurations input map entry come from the same AZ.
You can certainly use a single ASG that spans multiple AZs if you don't intend to use EBS volumes.
AWS now supports EFS as a persistent storage solution with EKS. This can be used with ASGs that span a single or multiple AZs.
Due to the way managed node groups work in Terraform, currently there is no way to rotate the instances without downtime
when using terraform. Changes to the AMI or instance type will automatically cause the node group to be replaced.
Additionally, the current resource does not support a mechanism to create the new group before destroying (the resource
does not support name_prefix, and you can't create a new node group with the same name). As such, a naive update to
the properties of the node group will likely lead to a period of reduced capacity as terraform replaces the groups.
Provision a new node group with the updated, desired properties. You can do this by adding a new entry into the input
map var.node_group_configurations.
Apply the updated config using terraform apply to create the replacement node group.
Once the new node group scales up, remove the old node group configuration from the input map.
Apply the updated config using terraform apply to remove the old node group. The managed node group will
gracefully scale down the nodes in Kubernetes (honoring
PodDisruptionBudgets) before terminating them.
During this process, the workloads will reschedule to the new nodes.
How do I perform a blue green release to roll out new versions of the module?
Gruntwork tries to provide migration paths that avoid downtime when rolling out new versions of the module. These are
usually implemented as feature flags, or a list of state migration calls that allow you to avoid a resource recreation.
However, it is not always possible to avoid a resource recreation with Managed Node Groups.
When it is not possible to avoid resource recreation, you can perform a blue-green release of the entire worker pool. In
this deployment model, you can deploy a new worker pool using the updated module version, and migrate the Kubernetes
workload to the new cluster prior to spinning down the old one.
The following are the steps you can take to perform a blue-green release for this module:
Add a new module block that calls the eks-cluster-managed-workers module using the new version, leaving the old module block
with the old version untouched. E.g.,
# old version
module "workers" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-managed-workers?ref=v0.37.2"
# other args omitted for brevity
}
# new version
module "workers_next_version" {
source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-managed-workers?ref=v0.38.0"
# other args omitted for brevity
}
This will spin up the new worker pool on the updated version in parallel with the old workers, without touching the
old ones.
Make sure to add the IAM role for the new worker set to the aws-auth ConfigMap so that the workers can authenticate
to the Kubernetes API. This can be done by adding the eks_worker_iam_role_arn output of the new module block to the
eks_worker_iam_role_arns input list for the module call to eks-k8s-role-mapping.
Verify that the new workers are registered to the Kubernetes cluster by checking the output of kubectl get nodes. If
the nodes are not in the list, or don't reach the Ready state, you will want to troubleshoot by introspecting the
system logs.
Once the new workers are up and registered to the Kubernetes Control Plane, you can run kubectl cordon and kubectl drain on each instance in the old ASG to transition the workload over to the new worker pool. kubergrunt provides
a helper command to make it easier to run this:
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"d7b8b57e78ff984975a1181b4d075e02ab820e2f"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"892467768667b771c06e8dd6ff7c7fba1919809f"}]},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"bfc15743d4328afefce082a0c1f1a7e94c2c7019"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"5572d654afb9977c494772ccc3dfb8b26b2d2cec"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"4d7d85a37b224e4ec798f28d4202059cd03a9178"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"1fa95dac5dc8a9b5f5cb33fcdf9bb4d085f6f155"},{"name":"GRUNTWORK_PHILOSOPHY.md","path":"GRUNTWORK_PHILOSOPHY.md","sha":"02d9873a74c99fe6d9b6b26bd9f8eb4a7a699c32"},{"name":"LICENSE.md","path":"LICENSE.md","sha":"a2cf01ecdd725fddd718ab91c80c115882c94f3c"},{"name":"README.adoc","path":"README.adoc","sha":"46adca5b06db322cee1dc8e20d88dc457a75f559"},{"name":"_docs","children":[{"name":"eks-architecture.png","path":"_docs/eks-architecture.png","sha":"b4c9c46f88ed465c5575e915af54ad9920b56941"},{"name":"eks-icon.png","path":"_docs/eks-icon.png","sha":"83a29dc46e7bc6234ba5bb825e8ae283c56229a0"},{"name":"iam-role-icon.png","path":"_docs/iam-role-icon.png","sha":"c05bb05e6caae9b9db46505ce505a386f21fa2e4"}]},{"name":"core-concepts.md","path":"core-concepts.md","sha":"348a0f2131a64a1ff9fc8d9ca142228be88fce26"},{"name":"examples","children":[{"name":"README.md","path":"examples/README.md","sha":"93b72e051adc393d5ef2daadad4ab6c49f8fbae2"},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"examples/eks-cluster-managed-workers/README.md","sha":"dfeb410bdf56b810e03ba3e73e9bb93d79e97452"},{"name":"dependencies.tf","path":"examples/eks-cluster-managed-workers/dependencies.tf","sha":"756ddc34328bd4de3a615f5369bf71cc3cffafdc"},{"name":"main.tf","path":"examples/eks-cluster-managed-workers/main.tf","sha":"dda8a0edf5b2b0db33e520dacf6ad1cc99b994ae"},{"name":"outputs.tf","path":"examples/eks-cluster-managed-workers/outputs.tf","sha":"84532a8cc37bbcb322e11d554713d98036d12b34"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-managed-workers/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-managed-workers/variables.tf","sha":"ad4167ad759f2d5118edc220269ada51cea1bff0"}]},{"name":"eks-cluster-with-argocd","children":[{"name":"README.md","path":"examples/eks-cluster-with-argocd/README.md","sha":"a4501dd1636f41fef573d730601d781998984919"},{"name":"argocd","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/argocd/dependencies.tf","sha":"9fb708d6ce688d0c167d9fec0d6c1739e02a3d89"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/argocd/main.tf","sha":"30d91c59d2af7d6f360ecbd98c5399dd92df458f"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/argocd/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/argocd/variables.tf","sha":"4080eb586a0fc43d2380495590b5fc0b048ecbb2"}]},{"name":"core-services","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/core-services/dependencies.tf","sha":"e0355c17476f86787dd04663fe2dbece2b710b90"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/core-services/main.tf","sha":"2e672896707add80998ace20728ff7cf80754574"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/core-services/outputs.tf","sha":"b7b6da1a4da0ed22f2ebf7b9be1a4b5526be0fac"},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/core-services/variables.tf","sha":"e8ade05707b0ccea184b2fd9f89115a3b9e44dbd"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/dependencies.tf","sha":"756ddc34328bd4de3a615f5369bf71cc3cffafdc"},{"name":"main.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/main.tf","sha":"0fd7fe2a275ef207fdd042e8778d919616011bfa"},{"name":"outputs.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/outputs.tf","sha":"2e17cf19632aab9deb96adc2650ccf0e6e103379"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-with-argocd/eks-cluster/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-argocd/eks-cluster/variables.tf","sha":"ad4167ad759f2d5118edc220269ada51cea1bff0"}]}]},{"name":"eks-cluster-with-iam-role-mappings","children":[{"name":"README.md","path":"examples/eks-cluster-with-iam-role-mappings/README.md","sha":"7491b8b28b06af093a3d21a2b005b550c79275c9"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-iam-role-mappings/dependencies.tf","sha":"1e257e8ae253547bcfb04b1623f77cd3a2278e10"},{"name":"main.tf","path":"examples/eks-cluster-with-iam-role-mappings/main.tf","sha":"312ec063c0e5e32e258f296bf8639853e2faebf0"},{"name":"outputs.tf","path":"examples/eks-cluster-with-iam-role-mappings/outputs.tf","sha":"e641213ad585fffe0f165b9a543d54c9175a1a7d"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-cluster-with-iam-role-mappings/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-iam-role-mappings/variables.tf","sha":"12d0a64f424f903d48d933bc6baa0810ee7783dc"}]},{"name":"eks-cluster-with-karpenter","children":[{"name":"README.md","path":"examples/eks-cluster-with-karpenter/README.md","sha":"4b4ade7a903d04c8f0d62be82e517e5326eaf578"},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/dependencies.tf","sha":"ef416c5c7892cc1ecd336e03fa561da2a168b22e"},{"name":"main.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/main.tf","sha":"e932e1ea077222db1580ee61b5e203b66c1872dc"},{"name":"outputs.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/outputs.tf","sha":"d54b64231c431c0acffd6815acbd17984b5e2638"},{"name":"user-data","children":[{"name":"user_data.sh","path":"examples/eks-cluster-with-karpenter/eks-cluster/user-data/user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-karpenter/eks-cluster/variables.tf","sha":"f2bd60fbe430bfd6e1b55bcd01fe8ebd590559fa"}]},{"name":"karpenter","children":[{"name":"charts","children":[{"name":"karpenter-configs","children":[{"name":"Chart.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/Chart.yaml","sha":"15886e5f4ef435fbd4dc1c72bd12f9fbe222654b"},{"name":"templates","children":[{"name":"default-ec2nodeclass.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/templates/default-ec2nodeclass.yaml","sha":"d89089b956f1848debf16e6e71ae2cfaf63fab6f"},{"name":"default-nodepool.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/templates/default-nodepool.yaml","sha":"420a211ab98ea21cf4c3b9c4ee9a473d35be1b18"}]},{"name":"values.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/charts/karpenter-configs/values.yaml","sha":"085642406b8f4b6c41141a99130fb882667e0afd"}]}]},{"name":"dependencies.tf","path":"examples/eks-cluster-with-karpenter/karpenter/dependencies.tf","sha":"966635e08d7ea0fcf34792e5e6350ada435eff6a"},{"name":"main.tf","path":"examples/eks-cluster-with-karpenter/karpenter/main.tf","sha":"d3ab807ec7d746646cf6dea6a7f431a93946a992"},{"name":"outputs.tf","path":"examples/eks-cluster-with-karpenter/karpenter/outputs.tf","sha":"e8773142fccab54fad250e4b7c8da5a5f3c10f0f"},{"name":"templates","children":[{"name":"nginx-values.yaml","path":"examples/eks-cluster-with-karpenter/karpenter/templates/nginx-values.yaml","sha":"a6924778ed01fda8375d708e7582db439d664fa6"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-karpenter/karpenter/variables.tf","sha":"41443cb69e188df9a658bd9858d359d9ceb2dc48"}]}]},{"name":"eks-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/README.md","sha":"b1882c2dfbf1e0db6436ca45839f4a4c83813b87"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/core-services/README.md","sha":"ec11e4899d4ca1a898fbf5b5a77bcff8555c2e64"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/core-services/dependencies.tf","sha":"977c72682567c034c4effe391757cab2f342086f"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/core-services/main.tf","sha":"5fe61a30ecd3e23952e91d7b68c669eb85e1256a"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/core-services/outputs.tf","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/core-services/variables.tf","sha":"e8ade05707b0ccea184b2fd9f89115a3b9e44dbd"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/eks-cluster/README.md","sha":"8a60a01004a93bbbf2091b730f0207f6dd2cc07e"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"abce3f302a956114f394e4c5025a4aaf2b9da148"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/main.tf","sha":"3cd060facf31859042695171d2f0ab0b3fd14e35"},{"name":"outputs.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"be23a13dd6f4063be394b8ca7358b631d50fab8a"},{"name":"user-data","children":[{"name":"app_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/app_worker_user_data.sh","sha":"c5fdd13d5bb04f765f1c90e9f12d23c48e94a252"},{"name":"core_worker_user_data.sh","path":"examples/eks-cluster-with-supporting-services/eks-cluster/user-data/core_worker_user_data.sh","sha":"0fa26153108b3d030ceeaae777aeb0a7e115404e"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"a4266ef423dfc69143cf004e2da7e9753c0d80d2"}]},{"name":"nginx-service","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/nginx-service/README.md","sha":"31221d1b06df0b3207e8c5a58ecd165250187619"},{"name":"dependencies.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"0176248910eed450c12b54d10e3d74c8702c17ca"},{"name":"main.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/main.tf","sha":"6ffb3f1bc31635e4764cac5035d4ae48e894d985"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"f9be5310abb29e3310d77bbb8a025ef90f15dc5a"}]},{"name":"variables.tf","path":"examples/eks-cluster-with-supporting-services/nginx-service/variables.tf","sha":"36ea6f8a36b19e34dbeeb25ae7e5fcf30c956b0f"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/eks-cluster-with-supporting-services/packer/README.md","sha":"2e3d40d4297cbd7cbdfb2172c38b0c479ea2e7ee"},{"name":"build.pkr.hcl","path":"examples/eks-cluster-with-supporting-services/packer/build.pkr.hcl","sha":"73072f860b987106ca3f90172e73d3b1e8d0061e"}]}]},{"name":"eks-fargate-cluster-with-argocd","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-argocd/README.md","sha":"7115776901baa2362222195afd48edbfbc4e4dd7"},{"name":"argocd","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/dependencies.tf","sha":"edac96d132bc7425e886356bdb529375079f3af0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/main.tf","sha":"ca985a4f8e00fbbf7b9dc27bec0911032f4acc00"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/argocd/variables.tf","sha":"b7bd683967ed8d49b98a5349a87478c8582c6d1f"}]},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-argocd/core-services/README.md","sha":"5a479eadaae31051bc6922443018683051f2ef9c"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/dependencies.tf","sha":"96c15ff4a702a70e6f8a1234b6a5e02fd41e38b7"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/main.tf","sha":"fcbc668aeb236775d5375a689c48ed9e953a435a"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/outputs.tf","sha":"c09565f06bd69a9ed26536cbc8389012d20b7cb7"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/core-services/variables.tf","sha":"fe40dd3758a52a0bce8342e95cec25b23db232ff"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/dependencies.tf","sha":"f0730837927bfc77f4208917dfb9186789d607e0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/main.tf","sha":"a9b2bd905512f3ce71863ff785337879909827c0"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/outputs.tf","sha":"be823054868d3e9d3fbf88dccb707dc6a33aa1ce"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-argocd/eks-cluster/variables.tf","sha":"226f6d698bfb15170c92d37ede17bc9e87769411"}]}]},{"name":"eks-fargate-cluster-with-irsa","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-irsa/README.md","sha":"2ef7cf26c31533e74f1cc2b0b33489237b313b76"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-irsa/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-irsa/main.tf","sha":"87b167283fb34b864baf961cbedd7056b0430819"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-irsa/outputs.tf","sha":"f059d7b74ffbfb06a0868d6d0a5d1831c8f45f10"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-irsa/variables.tf","sha":"4ffee6eb9cfc5992a6950329a34aa8926ff99c58"}]},{"name":"eks-fargate-cluster-with-supporting-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/README.md","sha":"49bdbe1483a7133cab1b345bb1ed9cf994dac786"},{"name":"core-services","children":[{"name":"README.md","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/README.md","sha":"18cf6d3c8a4b2de11a41517121d3292fc632e1ec"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/dependencies.tf","sha":"977c72682567c034c4effe391757cab2f342086f"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/main.tf","sha":"92e18d821c235b09b01f378f04731ce8309c800a"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/core-services/variables.tf","sha":"c878e34d13bce307523d30bd2741fc64a29e54c4"}]},{"name":"eks-cluster","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/dependencies.tf","sha":"243348214af559f81518ede4871dd10670813ed0"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/main.tf","sha":"4808ac8882cff18e2afb5dfe4cd774b79acf6729"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/outputs.tf","sha":"edddf9a6ab6f5927db366689db79e1b91db9d8c8"},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/eks-cluster/variables.tf","sha":"91dc1b516181f1caf64bc8fda4bbcfe148d77cd0"}]},{"name":"nginx-service","children":[{"name":"dependencies.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/dependencies.tf","sha":"0176248910eed450c12b54d10e3d74c8702c17ca"},{"name":"main.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/main.tf","sha":"4971f1c23b7cd98e10b0001089386cf2df332893"},{"name":"templates","children":[{"name":"values.yaml","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/templates/values.yaml","sha":"7faf0150a3336c47a2a9c0195172b6c249db9efe"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster-with-supporting-services/nginx-service/variables.tf","sha":"d3c166441cdc556b0839930fbc281b7e8a1bd57f"}]}]},{"name":"eks-fargate-cluster","children":[{"name":"README.md","path":"examples/eks-fargate-cluster/README.md","sha":"d4327780c978b563d52ea7ff6772ab9f95447eb0"},{"name":"dependencies.tf","path":"examples/eks-fargate-cluster/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-fargate-cluster/main.tf","sha":"e0a4e083034e7f9a82b2efec7e6ba15db1b8f7db"},{"name":"outputs.tf","path":"examples/eks-fargate-cluster/outputs.tf","sha":"b95747230a76d29eb3b00093e6c4d20be776dfdf"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-fargate-cluster/user-data/user-data.sh","sha":"b10c34bfe4c9d10101472b47edbc3b7dff42a88e"}]},{"name":"variables.tf","path":"examples/eks-fargate-cluster/variables.tf","sha":"e51008c81e4a765a06a0ddc9c7b699274b841f3b"}]},{"name":"eks-private-fargate-cluster","children":[{"name":"README.md","path":"examples/eks-private-fargate-cluster/README.md","sha":"f97e1789cdcca547e546dc9d6671d1b504e33237"},{"name":"dependencies.tf","path":"examples/eks-private-fargate-cluster/dependencies.tf","sha":"b1404cb3c268b1c1af371859cec6ed8a4167c91c"},{"name":"main.tf","path":"examples/eks-private-fargate-cluster/main.tf","sha":"990ede84d7ed97629f5b405beb9aa5ef46e68488"},{"name":"outputs.tf","path":"examples/eks-private-fargate-cluster/outputs.tf","sha":"be8cfb1ba6c42ffb4ff5b80053c47193e82e2652"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/eks-private-fargate-cluster/user-data/user-data.sh","sha":"384647634c0337e04dc3c333680afb23e83144d4"}]},{"name":"variables.tf","path":"examples/eks-private-fargate-cluster/variables.tf","sha":"b6b6f6fa5dda8b37a0d43fb90376cfc8160403f2"}]}]},{"name":"getting-started.md","path":"getting-started.md","sha":"efc2b81e978a6a15584735c405f49012f930791e"},{"name":"gruntwork-gitops.md","path":"gruntwork-gitops.md","sha":"ff7e953aa2d29d3399dad67e72a618d66240ebee"},{"name":"modules","children":[{"name":"eks-alb-ingress-controller-iam-policy","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller-iam-policy/README.md","sha":"c87be2ee00f8f59403f827303915b5a70c602002"},{"name":"iampolicy.json.templ","path":"modules/eks-alb-ingress-controller-iam-policy/iampolicy.json.templ","sha":"0bdfeee16510453f92ffc5c72dcc1dbeae77a6f1"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller-iam-policy/main.tf","sha":"54941b67e9654757869a9267ee800850b9037af9"},{"name":"outputs.tf","path":"modules/eks-alb-ingress-controller-iam-policy/outputs.tf","sha":"b551b0bcc6eb1b43bfff1606696566658564cfb4"},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller-iam-policy/variables.tf","sha":"ae1260926827cbb952350870775070ac0ad11fdf"}]},{"name":"eks-alb-ingress-controller","children":[{"name":"README.md","path":"modules/eks-alb-ingress-controller/README.md","sha":"674460e96524b7c471bcd145fc63ffda572f6dd6"},{"name":"main.tf","path":"modules/eks-alb-ingress-controller/main.tf","sha":"305fd943c3e96820d6238d1adf8c462c70f1d17a"},{"name":"variables.tf","path":"modules/eks-alb-ingress-controller/variables.tf","sha":"f83cae02a40977d03949f9dbb891d8bad1328eb3"}]},{"name":"eks-aws-auth-merger","children":[{"name":"Dockerfile","path":"modules/eks-aws-auth-merger/Dockerfile","sha":"9380baad15659923c5905853afbab3ec6427aa74"},{"name":"README.adoc","path":"modules/eks-aws-auth-merger/README.adoc","sha":"404f623f7c0ca289d32d51788f8f6cb1538fcb7e"},{"name":"aws-auth-merger","children":[{"name":"aws_auth_merger.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/aws_auth_merger.go","sha":"dc516a60ba7fe184c4566ecb2bf77c22d83f0f56"},{"name":"aws_auth_merger_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/aws_auth_merger_test.go","sha":"218a7dbb20c3e5ba80e6540156a81241360c6930"},{"name":"cli.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/cli.go","sha":"e59602c3f30025d24db02d9362c3ff4f07a27abd"},{"name":"configmap_watch_controller.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/configmap_watch_controller.go","sha":"a0f8c6befb7a40e1b6f35bbe93e90c7054f3536c"},{"name":"debouncer.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/debouncer.go","sha":"1d9ddd27a9db243fd250eb4b8672a44edb63e7ff"},{"name":"debouncer_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/debouncer_test.go","sha":"e6cd8e44503b4dea3e81b26ff20db39c35c8c72e"},{"name":"go.mod","path":"modules/eks-aws-auth-merger/aws-auth-merger/go.mod","sha":"597781a4de7b44ce7a205220f15c6d7c8ebaec12"},{"name":"go.sum","path":"modules/eks-aws-auth-merger/aws-auth-merger/go.sum","sha":"2c34b8ebe5504de28195ecfa57336041f593dd79"},{"name":"main.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/main.go","sha":"caa9ef8bda3af991c3c088fa20b80d9696b9dcb5"},{"name":"mapping.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/mapping.go","sha":"04ad904821a3530a3dea9930b74081d95330d73f"},{"name":"mapping_test.go","path":"modules/eks-aws-auth-merger/aws-auth-merger/mapping_test.go","sha":"02c91e45a128d6c306ec42a548ac9023df350e78"}]},{"name":"core-concepts.md","path":"modules/eks-aws-auth-merger/core-concepts.md","sha":"2da0061c35747e9f280f8a440adfc4534da40fa4"},{"name":"main.tf","path":"modules/eks-aws-auth-merger/main.tf","sha":"e4ffd5b768b22dad9f9f49b844d66b34221a408e"},{"name":"outputs.tf","path":"modules/eks-aws-auth-merger/outputs.tf","sha":"d733fb246403f97ac011cbedf3f1d2761badef82"},{"name":"variables.tf","path":"modules/eks-aws-auth-merger/variables.tf","sha":"429e5990df785c4c01c4a07668d41ce648e4e68b"}]},{"name":"eks-cloudwatch-agent","children":[{"name":"README.md","path":"modules/eks-cloudwatch-agent/README.md","sha":"fa78952ef636c021ce85246dc89955ae87c16f32"},{"name":"main.tf","path":"modules/eks-cloudwatch-agent/main.tf","sha":"eb170d9962c9b28b7aa0c3c28751c3e4be219672"},{"name":"outputs.tf","path":"modules/eks-cloudwatch-agent/outputs.tf","sha":"7061ed458fec528c8b8b587291f0eccb4324fb72"},{"name":"variables.tf","path":"modules/eks-cloudwatch-agent/variables.tf","sha":"5bb5fdf994036c472b0f5e4b162895ccd018c6e8"}]},{"name":"eks-cluster-control-plane","children":[{"name":"README.md","path":"modules/eks-cluster-control-plane/README.md","sha":"e8a0fa5defdc96d36d7a1c3a48159b152340fc9e"},{"name":"dependencies.tf","path":"modules/eks-cluster-control-plane/dependencies.tf","sha":"f33b4c9962a861cf7203fe7a90fbc86478d7a143"},{"name":"main.tf","path":"modules/eks-cluster-control-plane/main.tf","sha":"ef9361e45bddc3687169759ff43de98592b3bc20"},{"name":"outputs.tf","path":"modules/eks-cluster-control-plane/outputs.tf","sha":"2fdd25d917d7525a5e891f16c8970b3fb2fd2f5a"},{"name":"scripts","children":[{"name":"find_and_run_kubergrunt.py","path":"modules/eks-cluster-control-plane/scripts/find_and_run_kubergrunt.py","sha":"889a0de78b1f71c7b7329acfea97f9e1c7a34e46"}]},{"name":"templates","children":[{"name":"kubectl_config.tpl","path":"modules/eks-cluster-control-plane/templates/kubectl_config.tpl","sha":"4eadcc7bd5c167feb6100efb17052a96ac83bba8"}]},{"name":"variables.tf","path":"modules/eks-cluster-control-plane/variables.tf","sha":"fde502d5f4d0bb6d02fef09fbfb36c8262d307e8"}]},{"name":"eks-cluster-managed-workers","children":[{"name":"README.md","path":"modules/eks-cluster-managed-workers/README.md","sha":"3a16f897364248d95f5ab96e064b26ad580bd29f","toggled":true},{"name":"main.tf","path":"modules/eks-cluster-managed-workers/main.tf","sha":"886e165b6bceb9dcc5ecf40204245b3768e133ac"},{"name":"outputs.tf","path":"modules/eks-cluster-managed-workers/outputs.tf","sha":"0717106e35f73f355972e05b9b8c5e2ea94434f4"},{"name":"variables.tf","path":"modules/eks-cluster-managed-workers/variables.tf","sha":"af41ba4053fa077613dcc7cd0231b05e8b965829"}],"toggled":true},{"name":"eks-cluster-workers-cross-access","children":[{"name":"README.md","path":"modules/eks-cluster-workers-cross-access/README.md","sha":"6c4e50bda62acc6c06d836488ef54f7119f27aee"},{"name":"main.tf","path":"modules/eks-cluster-workers-cross-access/main.tf","sha":"87d4af7235258cf5d2213eace0f77155ada53f65"},{"name":"outputs.tf","path":"modules/eks-cluster-workers-cross-access/outputs.tf","sha":"c6c7f7a89007c55be5470ffd639c05c3fb052ad7"},{"name":"variables.tf","path":"modules/eks-cluster-workers-cross-access/variables.tf","sha":"d64aab893b6e909416189e985f072dd8809dfa2f"}]},{"name":"eks-cluster-workers","children":[{"name":"README.md","path":"modules/eks-cluster-workers/README.md","sha":"13dca344372f0c7492ab813a42ab7cefaa975fe3"},{"name":"dependencies.tf","path":"modules/eks-cluster-workers/dependencies.tf","sha":"d177e89ddc5cb6b4ab5b36ec96fd1ec22a008a49"},{"name":"main.tf","path":"modules/eks-cluster-workers/main.tf","sha":"5528efe62ea62eebc852a61f273caad3b5690ac5"},{"name":"outputs.tf","path":"modules/eks-cluster-workers/outputs.tf","sha":"aeab5d8ac0fd110798c22c067baf8ba559605fbf"},{"name":"variables.tf","path":"modules/eks-cluster-workers/variables.tf","sha":"82ebe162ab2fc342192feca65a8f96868223b130"}]},{"name":"eks-container-logs","children":[{"name":"README.md","path":"modules/eks-container-logs/README.md","sha":"b0ceb4671329b00a0f2003bd0d08589c12ea83ed"},{"name":"main.tf","path":"modules/eks-container-logs/main.tf","sha":"8d40a23bbbb8d8e076d78f80bc33c136c65519a5"},{"name":"outputs.tf","path":"modules/eks-container-logs/outputs.tf","sha":"7061ed458fec528c8b8b587291f0eccb4324fb72"},{"name":"variables.tf","path":"modules/eks-container-logs/variables.tf","sha":"ebc356572e8b3a325aecfaebe6213d812b135da1"}]},{"name":"eks-ebs-csi-driver","children":[{"name":"README.md","path":"modules/eks-ebs-csi-driver/README.md","sha":"5093c00ffdc285ac8f0d94858ec1cd19de845395"},{"name":"main.tf","path":"modules/eks-ebs-csi-driver/main.tf","sha":"81b6ba94d9febdcc34713fd226e970fc42889e2d"},{"name":"outputs.tf","path":"modules/eks-ebs-csi-driver/outputs.tf","sha":"8780f7f757b1d06c68136902283428a94c367f28"},{"name":"variables.tf","path":"modules/eks-ebs-csi-driver/variables.tf","sha":"3dc60858763b225b34a49363cf4fe36dfd897115"}]},{"name":"eks-fargate-container-logs","children":[{"name":"README.md","path":"modules/eks-fargate-container-logs/README.md","sha":"7ac3892272260b9af994dfbe50aded64d54b58cf"},{"name":"main.tf","path":"modules/eks-fargate-container-logs/main.tf","sha":"1add1acb38aa94f5244d4f874955f3a12b141ee2"},{"name":"outputs.tf","path":"modules/eks-fargate-container-logs/outputs.tf","sha":"2ed65ae0ecffdfb49281bcb32fd90a4f71d3a016"},{"name":"variables.tf","path":"modules/eks-fargate-container-logs/variables.tf","sha":"83547c699653a578e35542822b547aa0abff6724"}]},{"name":"eks-iam-role-assume-role-policy-for-service-account","children":[{"name":"README.md","path":"modules/eks-iam-role-assume-role-policy-for-service-account/README.md","sha":"efbbbd70fea3661c662750768facb7950239ffa3"},{"name":"main.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/main.tf","sha":"bf89695ecffb107b86de783847ae3c7de2f9c40e"},{"name":"outputs.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/outputs.tf","sha":"c2910cec89910bb06a157311ac8c4bf72835dfe5"},{"name":"variables.tf","path":"modules/eks-iam-role-assume-role-policy-for-service-account/variables.tf","sha":"763803eda0d225bb23642767306d5e150977253d"}]},{"name":"eks-k8s-argocd","children":[{"name":"README.md","path":"modules/eks-k8s-argocd/README.md","sha":"aa8371a21947f3dfa4185ffc89894f38fde7cc58"},{"name":"main.tf","path":"modules/eks-k8s-argocd/main.tf","sha":"9f7b64f1b76afcf1ffdfa28a489bd07d63a3a1b5"},{"name":"outputs.tf","path":"modules/eks-k8s-argocd/outputs.tf","sha":"cb9f236128127bb1b2028bc60b2a7f3becc36ac3"},{"name":"variables.tf","path":"modules/eks-k8s-argocd/variables.tf","sha":"641a3273fe0695184c193951dc8aa9ac8774868d"}]},{"name":"eks-k8s-cluster-autoscaler-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/README.md","sha":"591a2e965b97691e43bd72ad9700c62653933072"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/main.tf","sha":"87a34a568b7fd21284daeee05115c36786c7e603"},{"name":"outputs.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/outputs.tf","sha":"8b6c4e1747b3fa6a88c6233ec87aa2f450dfd334"},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler-iam-policy/variables.tf","sha":"9a84237a22fda8781ee303dc15d574c69e1b1520"}]},{"name":"eks-k8s-cluster-autoscaler","children":[{"name":"README.md","path":"modules/eks-k8s-cluster-autoscaler/README.md","sha":"720c5bf5ac2fae03be80ca2284cb813cbe9dda78"},{"name":"main.tf","path":"modules/eks-k8s-cluster-autoscaler/main.tf","sha":"15288216a6ca4bd0f1cca5f417794c3dcf7772c4"},{"name":"templates","children":[{"name":"expander-priorities.tpl","path":"modules/eks-k8s-cluster-autoscaler/templates/expander-priorities.tpl","sha":"989d1ac06ad6c8fad0b71b0d9a25fcf792064819"}]},{"name":"variables.tf","path":"modules/eks-k8s-cluster-autoscaler/variables.tf","sha":"9226a2cc13a38d2ec546a6571974aa91cf224556"}]},{"name":"eks-k8s-external-dns-iam-policy","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns-iam-policy/README.md","sha":"a33d41f9824e6270ef4573d6b7e22b394224689c"},{"name":"main.tf","path":"modules/eks-k8s-external-dns-iam-policy/main.tf","sha":"30ab6315a893c742b43d90ae800e1f3413fd5a5c"},{"name":"outputs.tf","path":"modules/eks-k8s-external-dns-iam-policy/outputs.tf","sha":"21604a63b741b94ea9ebffd20b18772131020fcf"},{"name":"variables.tf","path":"modules/eks-k8s-external-dns-iam-policy/variables.tf","sha":"c9d71db85ad8f3085d9ae3c3073bf46da6241b75"}]},{"name":"eks-k8s-external-dns","children":[{"name":"README.md","path":"modules/eks-k8s-external-dns/README.md","sha":"3258c634834d26d3e973da22aaab1b2dd824a2e5"},{"name":"main.tf","path":"modules/eks-k8s-external-dns/main.tf","sha":"1240cb88c9e08c8a27e71ec5d22bcc415359acb8"},{"name":"variables.tf","path":"modules/eks-k8s-external-dns/variables.tf","sha":"b746e3844a43007816e2761364a706a1a77a4d89"}]},{"name":"eks-k8s-karpenter","children":[{"name":"README.md","path":"modules/eks-k8s-karpenter/README.md","sha":"785965c48e8f9235a9262be288e43cb554e8b14d"},{"name":"dependencies.tf","path":"modules/eks-k8s-karpenter/dependencies.tf","sha":"d66965c1a1294f44d916ca9919593ff39a6661f0"},{"name":"karpenter-upgrade-guide.md","path":"modules/eks-k8s-karpenter/karpenter-upgrade-guide.md","sha":"a497face1aa4d1c3c905f4769c6581824a4cc17b"},{"name":"main.tf","path":"modules/eks-k8s-karpenter/main.tf","sha":"ce56df83daca489a0dc0e30dbf610e0283d1b128"},{"name":"migrating-to-karpenter-from-cas.md","path":"modules/eks-k8s-karpenter/migrating-to-karpenter-from-cas.md","sha":"6b1b4ab812b30f272e2692dd05f3300bec79befc"},{"name":"outputs.tf","path":"modules/eks-k8s-karpenter/outputs.tf","sha":"9702c9f17856696a76c0f47e172b8a4c9182cf2d"},{"name":"variables.tf","path":"modules/eks-k8s-karpenter/variables.tf","sha":"35a2b4a117e880b6f4d21fd74fc18c1703e951d1"}]},{"name":"eks-k8s-role-mapping","children":[{"name":"README.md","path":"modules/eks-k8s-role-mapping/README.md","sha":"2962e93307761b2356c62f0ac8068dc01f98d9f4"},{"name":"main.tf","path":"modules/eks-k8s-role-mapping/main.tf","sha":"5294a92e519efab879af245cae18197d79076196"},{"name":"outputs.tf","path":"modules/eks-k8s-role-mapping/outputs.tf","sha":"95d4d4ec652bb541b91a2844e00f68064b423e60"},{"name":"variables.tf","path":"modules/eks-k8s-role-mapping/variables.tf","sha":"8b4947f34102ce2c42d89f434ef36fbc4ed5b3b0"}]},{"name":"eks-scripts","children":[{"name":"README.md","path":"modules/eks-scripts/README.md","sha":"ecbee774470d2934bd06be0a617cf308a9e2f3fb"},{"name":"bin","children":[{"name":"map-ec2-tags-to-node-labels","path":"modules/eks-scripts/bin/map-ec2-tags-to-node-labels","sha":"5518b99c1427110c77b6ff3d2c8ef525407da15c"},{"name":"map_ec2_tags_to_node_labels.py","path":"modules/eks-scripts/bin/map_ec2_tags_to_node_labels.py","sha":"f75ad19587e95b2bd8924125ea2a1a697154909f"}]},{"name":"dev_requirements.txt","path":"modules/eks-scripts/dev_requirements.txt","sha":"f56f9d1629a85734fe16ed70f00f36b830cd97c9"},{"name":"install.sh","path":"modules/eks-scripts/install.sh","sha":"9bcc8f9f983a6304fd092c044b19b74ee0200cc1"},{"name":"requirements.txt","path":"modules/eks-scripts/requirements.txt","sha":"d0d331dd2b1483f8dcfd833d2e1d4d6220a4111a"}]},{"name":"eks-vpc-tags","children":[{"name":"README.md","path":"modules/eks-vpc-tags/README.md","sha":"b53e923baaa79718b55a272158ff9b710871a6ce"},{"name":"main.tf","path":"modules/eks-vpc-tags/main.tf","sha":"0de63bf873ca9c5020bdcf394094a00b1f215380"},{"name":"outputs.tf","path":"modules/eks-vpc-tags/outputs.tf","sha":"0ef2787cfd02ea8668c687302b1929618079a0b2"},{"name":"variables.tf","path":"modules/eks-vpc-tags/variables.tf","sha":"a6e332e9da4e473e1e42b1ca6c7b0ba139a77cfb"}]}],"toggled":true},{"name":"renovate.json","path":"renovate.json","sha":"39a2b6e9a55b8aaa96d0ee0e1c8f956c5c662e75"},{"name":"rfc","children":[{"name":"shipping-logs-to-cloudwatch.md","path":"rfc/shipping-logs-to-cloudwatch.md","sha":"77d230b88e3b760140d0e2e2b8b54fd13698ca2e"}]},{"name":"setup.cfg","path":"setup.cfg","sha":"981bc2bfd0b35029438d56c6d862a7f1519b8fe6"},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"f020dc40af74a4deed3b1530e067d79e7b5e3812"},{"name":"eks_cluster_drain_test.go","path":"test/eks_cluster_drain_test.go","sha":"62460b5f6e402b06a84331c8cb9e891abb567bc2"},{"name":"eks_cluster_integration_test.go","path":"test/eks_cluster_integration_test.go","sha":"7c083285e53b74682c143dee24df25119d8003d5"},{"name":"eks_cluster_karpenter_test.go","path":"test/eks_cluster_karpenter_test.go","sha":"85208ebfded287a83f1113fd9381da25848a9b04"},{"name":"eks_cluster_managed_workers_test.go","path":"test/eks_cluster_managed_workers_test.go","sha":"db216be8c1e8cda05044d6af37b65f188d4e10c3"},{"name":"eks_cluster_test_helpers.go","path":"test/eks_cluster_test_helpers.go","sha":"122d0ad86fca62d883725ea9f64cebe370ea2749"},{"name":"eks_cluster_upgrade_test.go","path":"test/eks_cluster_upgrade_test.go","sha":"84c170322efaa0cf80b0b8b3330e04a1d139d66f"},{"name":"eks_cluster_with_auth_merger_test.go","path":"test/eks_cluster_with_auth_merger_test.go","sha":"6fa2b423f6a6c30a7ae69a96dc3a233e1d9c906d"},{"name":"eks_cluster_with_iam_role_test.go","path":"test/eks_cluster_with_iam_role_test.go","sha":"76ccb120ad4c880fd352cc229691f8fabee5fc6b"},{"name":"eks_cluster_with_supporting_services_test.go","path":"test/eks_cluster_with_supporting_services_test.go","sha":"a382dd1c03c2bff947ccb62fc5e3860fd5aacc7b"},{"name":"eks_cluster_workers_optional_test.go","path":"test/eks_cluster_workers_optional_test.go","sha":"9c1398c1cd8ebe01f1d8f36349a6512f7f25171c"},{"name":"eks_envelope_encryption_test.go","path":"test/eks_envelope_encryption_test.go","sha":"a3a3e188ca2620e2fef831ed1732915cb8b24f32"},{"name":"eks_fargate_cluster_disable_public_endpoint_test.go","path":"test/eks_fargate_cluster_disable_public_endpoint_test.go","sha":"c8f8795570e5c8d9e22e5e27b41750ceb33a1332"},{"name":"eks_fargate_cluster_irsa_test.go","path":"test/eks_fargate_cluster_irsa_test.go","sha":"6199b0f6e7c7f9f5d8bc4ac77ea1ebed6e3a3479"},{"name":"eks_fargate_cluster_private_access_test.go","path":"test/eks_fargate_cluster_private_access_test.go","sha":"f9558dcf1c832616082a278cbe0e2f849ebed026"},{"name":"eks_fargate_cluster_public_access_cidr_test.go","path":"test/eks_fargate_cluster_public_access_cidr_test.go","sha":"0108e317220d505d8f8ec8eff94372b278ac425b"},{"name":"eks_fargate_cluster_test.go","path":"test/eks_fargate_cluster_test.go","sha":"697588af6d7372a17adc5d967fa22362d4c3f4bb"},{"name":"eks_fargate_cluster_with_supporting_services_test.go","path":"test/eks_fargate_cluster_with_supporting_services_test.go","sha":"6e637c902f5ea41e029d45e0c92bfacbc4e6c0fd"},{"name":"eks_mixed_cluster_dns_test.go","path":"test/eks_mixed_cluster_dns_test.go","sha":"069332615ab046026f91262ebfb3715786132895"},{"name":"errors.go","path":"test/errors.go","sha":"be062fe0205ff82db8183d0fde639aa1883013ad"},{"name":"go.mod","path":"test/go.mod","sha":"ab7bd1155b4e7158cd7dd17f17c58b8bcef4793c"},{"name":"go.sum","path":"test/go.sum","sha":"3ce9503ed1fc767773978834f4f5255164920c0e"},{"name":"kubefixtures","children":[{"name":"autoscaler-test-pods-deployment.yml","path":"test/kubefixtures/autoscaler-test-pods-deployment.yml","sha":"8bb77109c8adfd25a237f1973dd4fe36490ed7bc"},{"name":"eks-irsa-test.yml","path":"test/kubefixtures/eks-irsa-test.yml","sha":"db5439cf6d38873dbae71daa4197d6947990a94a"},{"name":"eks-k8s-role-mapping-test-role.yml","path":"test/kubefixtures/eks-k8s-role-mapping-test-role.yml","sha":"ede7587308d2a4ecf55042b05800099c43f3af7d"},{"name":"kube-system-sa-admin-binding.yml","path":"test/kubefixtures/kube-system-sa-admin-binding.yml","sha":"282d406512102cbe54e952575f26e7e0fbb2aa9a"},{"name":"nginx-deployment.yml","path":"test/kubefixtures/nginx-deployment.yml","sha":"a58866e59c113635af24982cfb0b530f0c416af0"},{"name":"robust-nginx-deployment.yml","path":"test/kubefixtures/robust-nginx-deployment.yml","sha":"b5307c53b4a00e90055d172373a23638264ff1ea"}]},{"name":"script_tests","children":[{"name":"executor.sh","path":"test/script_tests/executor.sh","sha":"458c534996fbc045081d1cfae521c090f6787a7f"},{"name":"requirements.txt","path":"test/script_tests/requirements.txt","sha":"06396f7e5a86d69eece77d50a8abeb668b32b6c5"},{"name":"test_map_ec2_tags_to_node_labels.py","path":"test/script_tests/test_map_ec2_tags_to_node_labels.py","sha":"6b88e92ac569e20ece5a35c74f053a08839e4638"},{"name":"tox.ini","path":"test/script_tests/tox.ini","sha":"8f35694ace0ae33f6935e5e779bed26d7ccdd9e8"}]},{"name":"terratest_options.go","path":"test/terratest_options.go","sha":"6aa66d97414ae9ffbfbefa97eb6a421c7d6ddc55"},{"name":"test_debug_helpers.go","path":"test/test_debug_helpers.go","sha":"c71a7a9d5b68f0f59d2518496d9f5893206b5e22"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"1eb9c6089b41d234929d0b5c7050b389a2fb954d"},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"03dcad4d2bab1add4c73ff1053a3a8dd61aa9f2c"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"74c928d0cbc2914e5cd708277bd857cb2375b660"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"eks-cluster-managed-workers-module\">EKS Cluster Managed Workers Module</h1><div class=\"preview__body--border\"></div><p><strong>This module provisions <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html\" class=\"preview__body--description--blue\" target=\"_blank\">EKS Managed Node Groups</a>, as opposed to self managed ASGs. See the <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-cluster-workers\" class=\"preview__body--description--blue\">eks-cluster-workers</a> module for a module to provision self managed worker groups.</strong></p>\n<p>This Terraform module launches worker nodes using <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html\" class=\"preview__body--description--blue\" target=\"_blank\">EKS Managed Node\nGroups</a> that you can use to run Kubernetes\nPods and Deployments.</p>\n<p>This module is responsible for the EKS Worker Nodes in <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-cluster-control-plane/README.md#what-is-an-eks-cluster\" class=\"preview__body--description--blue\">the EKS cluster\ntopology</a>. You must launch a control plane in order\nfor the worker nodes to function. See the <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-cluster-control-plane\" class=\"preview__body--description--blue\">eks-cluster-control-plane module</a> for\nmanaging an EKS control plane.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<ul>\n<li>See the <a href=\"/repos/v0.65.2/terraform-aws-eks/README.adoc\" class=\"preview__body--description--blue\">root README</a> for instructions on using Terraform modules.</li>\n<li>See the <a href=\"/repos/v0.65.2/terraform-aws-eks/examples\" class=\"preview__body--description--blue\">examples</a> folder for example usage.</li>\n<li>See <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-cluster-managed-workers/variables.tf\" class=\"preview__body--description--blue\">variables.tf</a> for all the variables you can set on this module.</li>\n<li>See <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-cluster-managed-workers/outputs.tf\" class=\"preview__body--description--blue\">outputs.tf</a> for all the variables that are outputed by this module.</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"differences-with-self-managed-workers\">Differences with self managed workers</h2>\n<p>Managed Node Groups is a feature of EKS where you rely on EKS to manage the lifecycle of your worker nodes. This\nincludes:</p>\n<ul>\n<li>Automatic IAM role registration</li>\n<li>Upgrades to platform versions and AMIs</li>\n<li>Scaling up and down</li>\n<li>Security Groups</li>\n</ul>\n<p>Instead of manually managing Auto Scaling Groups and AMIs, you rely on EKS to manage those for you. This allows you to\noffload concerns such as upgrading and graceful scale out of your worker pools to AWS so that you don't have to manage\nthem using tools like <code>kubergrunt</code>.</p>\n<p>Which flavor of worker pools to use depends on your infrastructure needs. Note that you can have both managed and self\nmanaged worker pools on a single EKS cluster, should you find the need for additional customizations.</p>\n<p>Here is a list of additional tradeoffs to consider between the two flavors:</p>\n<table>\n<thead>\n<tr>\n<th></th>\n<th>Managed Node Groups</th>\n<th>Self Managed Node Groups</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Graceful Scale in and Scale out</td>\n<td>Supported automatically without needing additional tooling.</td>\n<td>Requires specialized tooling (e.g <code>kubergrunt</code>) to implement.</td>\n</tr>\n<tr>\n<td>Boot scripts</td>\n<td>Not supported.</td>\n<td>Supported via user-data scripts in the ASG configuration.</td>\n</tr>\n<tr>\n<td>OS</td>\n<td>Only supports Amazon Linux.</td>\n<td>Supports any arbitrary AMI, including Windows.</td>\n</tr>\n<tr>\n<td>SSH access</td>\n<td>Only supports EC2 key pair, and restrictions by Security Group ID.</td>\n<td>Supports any PAM customized either in the AMI or boot scripts. Also supports any arbitrary security group configuration.</td>\n</tr>\n<tr>\n<td>EBS Volumes</td>\n<td>Only supports adjusting the root EBS volume.</td>\n<td>Supports any EBS volume configuration, including attaching additional block devices.</td>\n</tr>\n<tr>\n<td>ELB</td>\n<td>Supports automatic configuration via Kubernetes mechanisms. There is no way to manually register target groups to the ASG.</td>\n<td>Supports both automatic configuration by Kubernetes, and manual configuration with target group registration.</td>\n</tr>\n<tr>\n<td>GPU support</td>\n<td>Supported via the GPU compatible EKS Optimized AMI.</td>\n<td>Supported via a GPU compatible AMI.</td>\n</tr>\n</tbody>\n</table>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-enable-cluster-auto-scaling\">How do I enable cluster auto-scaling?</h2>\n<p>This module will not automatically scale in response to resource usage by default, the\n<code>autoscaling_group_configurations.*.max_size</code> option is only used to give room for new instances during rolling updates.\nTo enable auto-scaling in response to resource utilization, deploy the <a href=\"/repos/v0.65.2/terraform-aws-eks/modules/eks-k8s-cluster-autoscaler\" class=\"preview__body--description--blue\">Kubernetes Cluster Autoscaler module</a>.</p>\n<p>Note that the cluster autoscaler supports ASGs that manage nodes in a single availability zone or ASGs that manage nodes in multiple availability zones. However, there is a caveat:</p>\n<ul>\n<li>\n<p>If you intend to use EBS volumes, you need to make sure that the autoscaler scales the correct ASG for pods that are localized to the availability zone. This is because EBS volumes are local to the availability zone. You need to carefully provision the managed node groups such that you have one group per AZ if you wish to use the cluster autoscaler in this case, which you can do by ensuring that the <code>subnet_ids</code> in each <code>autoscaling_group_configurations</code> input map entry come from the same AZ.</p>\n</li>\n<li>\n<p>You can certainly use a single ASG that spans multiple AZs if you don't intend to use EBS volumes.</p>\n</li>\n<li>\n<p>AWS now supports EFS as a persistent storage solution with EKS. This can be used with ASGs that span a single or multiple AZs.</p>\n</li>\n</ul>\n<p>Refer to the <a href=\"https://github.com/kubernetes/autoscaler\" class=\"preview__body--description--blue\" target=\"_blank\">Kubernetes Autoscaler</a> documentation for more details.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-roll-out-an-update-to-the-instances\">How do I roll out an update to the instances?</h2>\n<p>Due to the way managed node groups work in Terraform, currently there is no way to rotate the instances without downtime\nwhen using terraform. Changes to the AMI or instance type will automatically cause the node group to be replaced.\nAdditionally, the current resource does not support a mechanism to create the new group before destroying (the resource\ndoes not support <code>name_prefix</code>, and you can't create a new node group with the same name). As such, a naive update to\nthe properties of the node group will likely lead to a period of reduced capacity as terraform replaces the groups.</p>\n<p>To avoid downtime when updating your node groups, use a <a href=\"https://martinfowler.com/bliki/BlueGreenDeployment.html\" class=\"preview__body--description--blue\" target=\"_blank\">blue-green\ndeployment</a>:</p>\n<ol>\n<li>Provision a new node group with the updated, desired properties. You can do this by adding a new entry into the input\nmap <code>var.node_group_configurations</code>.</li>\n<li>Apply the updated config using <code>terraform apply</code> to create the replacement node group.</li>\n<li>Once the new node group scales up, remove the old node group configuration from the input map.</li>\n<li>Apply the updated config using <code>terraform apply</code> to remove the old node group. The managed node group will\ngracefully scale down the nodes in Kubernetes (honoring\n<a href=\"https://kubernetes.io/docs/concepts/workloads/pods/disruptions/\" class=\"preview__body--description--blue\" target=\"_blank\">PodDisruptionBudgets</a>) before terminating them.\nDuring this process, the workloads will reschedule to the new nodes.</li>\n</ol>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-perform-a-blue-green-release-to-roll-out-new-versions-of-the-module\">How do I perform a blue green release to roll out new versions of the module?</h2>\n<p>Gruntwork tries to provide migration paths that avoid downtime when rolling out new versions of the module. These are\nusually implemented as feature flags, or a list of state migration calls that allow you to avoid a resource recreation.\nHowever, it is not always possible to avoid a resource recreation with Managed Node Groups.</p>\n<p>When it is not possible to avoid resource recreation, you can perform a blue-green release of the entire worker pool. In\nthis deployment model, you can deploy a new worker pool using the updated module version, and migrate the Kubernetes\nworkload to the new cluster prior to spinning down the old one.</p>\n<p>The following are the steps you can take to perform a blue-green release for this module:</p>\n<ul>\n<li>\n<p>Add a new module block that calls the <code>eks-cluster-managed-workers</code> module using the new version, leaving the old module block\nwith the old version untouched. E.g.,</p>\n<pre><code># old version\nmodule "workers" {\n source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-managed-workers?ref=v0.37.2"\n # other args omitted for brevity\n}\n\n# new version\nmodule "workers_next_version" {\n source = "git::git@github.com:gruntwork-io/terraform-aws-eks.git//modules/eks-cluster-managed-workers?ref=v0.38.0"\n # other args omitted for brevity\n}\n</code></pre>\n<p>This will spin up the new worker pool on the updated version in parallel with the old workers, without touching the\nold ones.</p>\n</li>\n<li>\n<p>Make sure to add the IAM role for the new worker set to the <code>aws-auth</code> ConfigMap so that the workers can authenticate\nto the Kubernetes API. This can be done by adding the <code>eks_worker_iam_role_arn</code> output of the new module block to the\n<code>eks_worker_iam_role_arns</code> input list for the module call to <code>eks-k8s-role-mapping</code>.</p>\n</li>\n<li>\n<p>Verify that the new workers are registered to the Kubernetes cluster by checking the output of <code>kubectl get nodes</code>. If\nthe nodes are not in the list, or don't reach the <code>Ready</code> state, you will want to troubleshoot by introspecting the\nsystem logs.</p>\n</li>\n<li>\n<p>Once the new workers are up and registered to the Kubernetes Control Plane, you can run <code>kubectl cordon</code> and <code>kubectl drain</code> on each instance in the old ASG to transition the workload over to the new worker pool. <code>kubergrunt</code> provides\n<a href=\"/repos/kubergrunt#drain\" class=\"preview__body--description--blue\">a helper command</a> to make it easier to run this:</p>\n<pre><code>kubergrunt eks drain --asg-name my-asg-a --asg-name my-asg-b --asg-name my-asg-c --region us-east-2\n</code></pre>\n<p>This command will cordon and drain all the nodes associated with the given ASGs.</p>\n</li>\n<li>\n<p>Once the workload is transitioned, you can tear down the old worker pool by dropping the old module block and running\n<code>terraform apply</code>.</p>\n</li>\n</ul>\n","repoName":"terraform-aws-eks","repoRef":"v0.67.0","serviceDescriptor":{"serviceName":"EC2 Kubernetes Service (EKS) Cluster","serviceRepoName":"terraform-aws-eks","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Deploy a Kubernetes cluster on top of Amazon EC2 Kubernetes Service (EKS).","imageUrl":"eks.png","licenseType":"subscriber","technologies":["Terraform","Python","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Docker orchestration","fileName":"README.md","filePath":"/modules/eks-cluster-managed-workers/README.md","title":"Repo Browser: EC2 Kubernetes Service (EKS) Cluster","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}