feat: Add nitro enclave support for EKS (terraform-aws-modules#1185)

spkane · ArchiFleKs · commit b3e2c5b73f44 · 2021-04-16T16:15:50.000+02:00
diff --git a/README.md b/README.md
@@ -145,7 +145,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.9, != 0.13.0 |
-| aws | >= 3.21.0 |
+| aws | >= 3.22.0 |
 | kubernetes | >= 1.11.1 |
 | local | >= 1.4 |
 | null | >= 2.1 |
@@ -156,7 +156,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.21.0 |
+| aws | >= 3.22.0 |
 | kubernetes | >= 1.11.1 |
 | local | >= 1.4 |
 | null | >= 2.1 |
diff --git a/local.tf b/local.tf
@@ -54,6 +54,7 @@ locals {
     additional_userdata           = ""                          # userdata to append to the default userdata.
     ebs_optimized                 = true                        # sets whether to use ebs optimization on supported types.
     enable_monitoring             = true                        # Enables/disables detailed monitoring.
+    enclave_support               = false                       # Enables/disables enclave support
     public_ip                     = false                       # Associate a public ip address with a worker
     kubelet_extra_args            = ""                          # This string is passed directly to kubelet if set. Useful for adding labels or taints.
     subnets                       = var.subnets                 # A list of subnets to place the worker nodes in. i.e. ["subnet-123", "subnet-456", "subnet-789"]
diff --git a/versions.tf b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12.9, != 0.13.0"
 
   required_providers {
-    aws        = ">= 3.21.0"
+    aws        = ">= 3.22.0"
     local      = ">= 1.4"
     null       = ">= 2.1"
     template   = ">= 2.1"
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
@@ -272,6 +272,14 @@ resource "aws_launch_template" "workers_launch_template" {
     )[count.index]
   }
 
+  enclave_options {
+    enabled = lookup(
+      var.worker_groups_launch_template[count.index],
+      "enclave_support",
+      local.workers_group_defaults["enclave_support"],
+    )
+  }
+
   image_id = lookup(
     var.worker_groups_launch_template[count.index],
     "ami_id",
