Comments (6)
If you wish to NOT deploy the addon, simply do not add it into the list of addons 😅
from terraform-aws-eks.
@bryantbiggs I don't think it as trivial as it seems to be, currently there is no way to control add-on deployment conditionally, in my case, that's whether the region is AWS China Region or not.
The current module requires developers to modify the TF code if it has to be deployed in AWS China Region.
from terraform-aws-eks.
Let me guess, you are using Terraform workspaces
from terraform-aws-eks.
Not exactly 👀 , let me explain the issue that I am facing and why I think this feature would be useful.
In my case, I have a TF project deploying EKS using this module, it is looking something like:
locals {
region = var.region
}
provider "aws" {
region = local.region
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.10.0"
....
cluster_addons = {
aws-efs-csi-driver ={
most_recent = true
service_account_role_arn = aws_iam_role.efs_role.arn
}
}
}
The above work fine in AWS Global Region (and Gov-Cloud I assume), but in the case of AWS China Region, again, this region doesn't do managed add-on for efs driver. If I am going to deploy it in China region, it would fail as the add-on is not supported.
To handle this, one way to go is to first determine what region are we deploying, if it is AWS China (cn-north-1
and cn-northwest-1
), we do not deploy this add-on.
However, since we can't set condition specific for the cluster_addons
value, I will need to change the module itselves in order to fulfil this need.
My workaround for this is become
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.10.0"
....
}
resource "aws_eks_addon" "efs-driver" {
count = var.region == "cn-north-1" || var.region == "cn-northwest-1" ? 0 : 1
cluster_name = module.eks.cluster_name
addon_name = "aws-efs-csi-driver"
service_account_role_arn = aws_iam_role.efs_role.arn
}
I hope it help explain the situation :D
from terraform-aws-eks.
I don't follow - why is the region a variable if you aren't using workspaces?
In short - Terraform is declarative. What you see is what you get. If you want something deployed, you define that in your configuration. If you do not want it deployed, you do not define it in your configuration.
from terraform-aws-eks.
Not exactly, the region is being a variable because the TF project allow developers to choose which region. I think it is a common usecase for Terraform, especially for a Terraform Module.
Altogether, I don't think this option violates the best practice of using Terraform, which provide allow resource with condition, i.e. input, like the use of 'count', 'for_each', and 'dynamic'.
Anyway, I think this feature is a good-to-have, as I have a workaround for this :)
from terraform-aws-eks.
Related Issues (20)
- Terraform tries to recreate clusters previously using ConfigMap auth
- v20 does not support EKS cluster creation with authentication_mode=CONFIG_MAP HOT 6
- Karpenter example does not work, pods are pending (version 20.8.5) HOT 1
- Pod Identity Association missing from Karpenter module HOT 1
- EKS should be recreated when changing the value of create_kms_key
- Manage node group user data is not being parsed HOT 4
- eks-managed-node-group requires cluster_service_cidr when use_custom_launch_template = false HOT 1
- Module argument cluster_encryption_config does not handle a null value
- No way to tackle Karpenter when KMS is mandatory by default HOT 21
- fargate-profile: restrict role access based on SourceArn (or custom assume_role_policy) HOT 1
- Error: waiting for Security Group with node_security_group_additional_rules HOT 1
- Unable to update Node Groups in place with cluster placement group strategy without EFA HOT 2
- Allow tags in metadata and launch template tags not being applied to eks managed launch template HOT 2
- accessEntries not removed on node group(s) deletion HOT 3
- ERROR: The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation. HOT 1
- Log rotation configuration.
- Should be able to configure "cluster-dns-ip"
- Changing authentication_mode in latest module version does not result in any changes to infrastructure
- Request to do not include other terraform-aws-modules inside the terraform-aws-eks HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-eks.