fix: Rebuild examples (terraform-aws-modules#1625)

Author: daroga0002

README.md

@@ -15,7 +15,6 @@ Terraform module which creates Kubernetes cluster resources on AWS EKS.
 - Support AWS EKS Optimized or Custom AMI
 - Create or manage security groups that allow communication and coordination
 
-
 ## Important note
 
 Kubernetes is evolving a lot, and each minor version includes new features, fixes, or changes.
@@ -24,7 +23,6 @@ Kubernetes is evolving a lot, and each minor version includes new features, fixe
 
 You also need to ensure that your applications and add ons are updated, or workloads could fail after the upgrade is complete. For action, you may need to take before upgrading, see the steps in the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html).
 
-
 ## Usage example
 
 ```hcl
@@ -61,7 +59,6 @@ module "eks" {
 
 There is also a [complete example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/complete) which shows large set of features available in the module.
 
-
 ## Submodules
 
 Root module calls these modules which can also be used separately to create independent resources:
@@ -71,14 +68,12 @@ Root module calls these modules which can also be used separately to create inde
 - [node_groups](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/node_groups) - creates Managed Node Group resources
 -->
 
-
 ## Notes
 
 - By default, this module manages the `aws-auth` configmap for you (`manage_aws_auth=true`). To avoid the following [issue](https://github.com/aws/containers-roadmap/issues/654) where the EKS creation is `ACTIVE` but not ready. We implemented a "retry" logic with a [fork of the http provider](https://github.com/terraform-aws-modules/terraform-provider-http). This fork adds the support of a self-signed CA certificate. The original PR can be found [here](https://github.com/hashicorp/terraform-provider-http/pull/29).
 
 - Setting `instance_refresh_enabled = true` will recreate your worker nodes without draining them first. It is recommended to install [aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler) for proper node draining. Find the complete example here [instance_refresh](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/instance_refresh).
 
-
 ## Documentation
 
 ### Official docs
@@ -93,7 +88,6 @@ Root module calls these modules which can also be used separately to create inde
 - [IAM Permissions](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/iam-permissions.md): Minimum IAM permissions needed to setup EKS Cluster.
 - [FAQ](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/faq.md): Frequently Asked Questions
 
-
 ## Examples
 
 There are detailed examples available for you to see how certain features of this module can be used in a straightforward way. Make sure to check them and run them before opening an issue. [Here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/iam-permissions.md) you can find the list of the minimum IAM Permissions required to create EKS cluster.
@@ -102,14 +96,12 @@ There are detailed examples available for you to see how certain features of thi
 - [Bottlerocket](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/bottlerocket) - Create EKS cluster using [Bottlerocket AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html).
 - [Fargate](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/fargate) - Create EKS cluster with [Fargate profiles](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html) and attach Fargate profiles to an existing EKS cluster.
 
-
 ## Contributing
 
 Report issues/questions/feature requests on in the [issues](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/new) section.
 
 Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/.github/CONTRIBUTING.md).
 
-
 ## Authors
 
 This module has been originally created by [Brandon O'Connor](https://github.com/brandoconnor), and was maintained by [Max Williams](https://github.com/max-rocket-internet), [Thierno IB. BARRY](https://github.com/barryib) and many more [contributors listed here](https://github.com/terraform-aws-modules/terraform-aws-eks/graphs/contributors)!
@@ -243,9 +235,9 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_manage_aws_auth"></a> [manage\_aws\_auth](#input\_manage\_aws\_auth) | Whether to apply the aws-auth configmap file. | `bool` | `true` | no |
 | <a name="input_manage_cluster_iam_resources"></a> [manage\_cluster\_iam\_resources](#input\_manage\_cluster\_iam\_resources) | Whether to let the module manage cluster IAM resources. If set to false, cluster\_iam\_role\_name must be specified. | `bool` | `true` | no |
 | <a name="input_manage_worker_iam_resources"></a> [manage\_worker\_iam\_resources](#input\_manage\_worker\_iam\_resources) | Whether to let the module manage worker IAM resources. If set to false, iam\_instance\_profile\_name must be specified for workers. | `bool` | `true` | no |
-| <a name="input_map_accounts"></a> [map\_accounts](#input\_map\_accounts) | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | `list(string)` | `[]` | no |
-| <a name="input_map_roles"></a> [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
-| <a name="input_map_users"></a> [map\_users](#input\_map\_users) | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_map_accounts"></a> [map\_accounts](#input\_map\_accounts) | Additional AWS account numbers to add to the aws-auth configmap. | `list(string)` | `[]` | no |
+| <a name="input_map_roles"></a> [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_map_users"></a> [map\_users](#input\_map\_users) | Additional IAM users to add to the aws-auth configmap. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Map of map of node groups to create. See `node_groups` module's documentation for more details | `any` | `{}` | no |
 | <a name="input_node_groups_defaults"></a> [node\_groups\_defaults](#input\_node\_groups\_defaults) | Map of values to be applied to all node groups. See `node_groups` module's documentation for more details | `any` | `{}` | no |
 | <a name="input_openid_connect_audiences"></a> [openid\_connect\_audiences](#input\_openid\_connect\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider. | `list(string)` | `[]` | no |

examples/_bootstrap/main.tf

@@ -1,6 +1,6 @@
 # AWS EKS cluster running Bottlerocket AMI
 
-Configuration in this directory creates EKS cluster with nodes running [AWS Bottlerocket OS](https://github.com/bottlerocket-os/bottlerocket)
+Configuration in this directory creates EKS cluster with workers group running [AWS Bottlerocket OS](https://github.com/bottlerocket-os/bottlerocket)
 
 This is a minimalistic example which shows what knobs to turn to make Bottlerocket work.
 
@@ -25,6 +25,8 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.22.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.4 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 2.0 |
 
@@ -41,6 +43,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. |  |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
@@ -51,8 +54,10 @@ Note that this example may create resources which cost money. Run `terraform des
 | [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [tls_private_key.nodes](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [aws_ami.bottlerocket_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
-| [aws_subnet_ids.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source |
-| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
@@ -67,5 +72,4 @@ No inputs.
 | <a name="output_config_map_aws_auth"></a> [config\_map\_aws\_auth](#output\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. |
 | <a name="output_kubectl_config"></a> [kubectl\_config](#output\_kubectl\_config) | kubectl config as generated by the module. |
 | <a name="output_node_groups"></a> [node\_groups](#output\_node\_groups) | Outputs from node groups |
-| <a name="output_region"></a> [region](#output\_region) | AWS region. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/_bootstrap/outputs.tf

@@ -3,21 +3,30 @@ provider "aws" {
 }
 
 locals {
-  region      = "eu-west-1"
-  k8s_version = "1.21"
+  name            = "bottlerocket-${random_string.suffix.result}"
+  cluster_version = "1.20"
+  region          = "eu-west-1"
 }
 
+################################################################################
+# EKS Module
+################################################################################
+
 module "eks" {
   source = "../.."
 
-  cluster_name    = "bottlerocket-${random_string.suffix.result}"
-  cluster_version = local.k8s_version
+  cluster_name    = local.name
+  cluster_version = local.cluster_version
 
-  vpc_id  = data.aws_vpc.default.id
-  subnets = data.aws_subnet_ids.default.ids
+  vpc_id          = module.vpc.vpc_id
+  subnets         = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]]
+  fargate_subnets = [module.vpc.private_subnets[2]]
+
+  cluster_endpoint_private_access = true
+  cluster_endpoint_public_access  = true
 
   write_kubeconfig = false
-  manage_aws_auth  = false
+  manage_aws_auth  = true
 
   worker_groups_launch_template = [
     {
@@ -40,7 +49,7 @@ module "eks" {
       userdata_template_extra_args = {
         enable_admin_container   = false
         enable_control_container = true
-        aws_region               = local.region
+        aws_region               = data.aws_region.current.name
       }
       # example of k8s/kubelet configuration via additional_userdata
       additional_userdata = <<EOT
@@ -49,6 +58,12 @@ ingress = "allowed"
 EOT
     }
   ]
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 
 # SSM policy for bottlerocket control container access
@@ -59,32 +74,39 @@ resource "aws_iam_role_policy_attachment" "ssm" {
 }
 
 ################################################################################
-# Supporting Resources
+# Kubernetes provider configuration
 ################################################################################
 
-data "aws_vpc" "default" {
-  default = true
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
 }
 
-data "aws_subnet_ids" "default" {
-  vpc_id = data.aws_vpc.default.id
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
 }
 
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+data "aws_region" "current" {}
+
 data "aws_ami" "bottlerocket_ami" {
   most_recent = true
   owners      = ["amazon"]
 
   filter {
     name   = "name"
-    values = ["bottlerocket-aws-k8s-${local.k8s_version}-x86_64-*"]
+    values = ["bottlerocket-aws-k8s-${local.cluster_version}-x86_64-*"]
   }
 }
 
-resource "random_string" "suffix" {
-  length  = 8
-  special = false
-}
-
 resource "tls_private_key" "nodes" {
   algorithm = "RSA"
 }
@@ -93,3 +115,45 @@ resource "aws_key_pair" "nodes" {
   key_name   = "bottlerocket-nodes-${random_string.suffix.result}"
   public_key = tls_private_key.nodes.public_key_openssh
 }
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+data "aws_availability_zones" "available" {
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 3.0"
+
+  name                 = local.name
+  cidr                 = "10.0.0.0/16"
+  azs                  = data.aws_availability_zones.available.names
+  private_subnets      = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.name}" = "shared"
+    "kubernetes.io/role/elb"              = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.name}" = "shared"
+    "kubernetes.io/role/internal-elb"     = "1"
+  }
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}

examples/_bootstrap/variables.tf

@@ -1,8 +1,3 @@
-output "region" {
-  description = "AWS region."
-  value       = local.region
-}
-
 output "cluster_endpoint" {
   description = "Endpoint for EKS control plane."
   value       = module.eks.cluster_endpoint

examples/_bootstrap/versions.tf

@@ -2,8 +2,10 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws    = ">= 3.22.0"
-    random = ">= 2.1"
-    tls    = ">= 2.0"
+    aws        = ">= 3.22.0"
+    local      = ">= 1.4"
+    random     = ">= 2.1"
+    kubernetes = "~> 2.0"
+    tls        = ">= 2.0"
   }
 }