feat: add support for ASG instance refresh for workers

Author: Benjamin Ash

README.md

@@ -145,7 +145,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.9, != 0.13.0 |
-| aws | >= 3.22.0 |
+| aws | >= 3.26.0 |
 | kubernetes | >= 1.11.1 |
 | local | >= 1.4 |
 | null | >= 2.1 |
@@ -156,7 +156,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.22.0 |
+| aws | >= 3.26.0 |
 | kubernetes | >= 1.11.1 |
 | local | >= 1.4 |
 | null | >= 2.1 |
@@ -221,6 +221,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | worker\_create\_cluster\_primary\_security\_group\_rules | Whether to create security group rules to allow communication between pods on workers and pods using the primary cluster security group. | `bool` | `false` | no |
 | worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no |
 | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no |
+| worker\_enable\_instance\_refresh | Enable instance refresh for the worker autoscaling group. Refresh preferences can be overridden in workers\_group\_defaults. All keys start with 'instance\_refresh\_' | `bool` | `false` | no |
 | worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers\_group\_defaults for valid keys. | `any` | `[]` | no |
 | worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. | `any` | `[]` | no |
 | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no |

local.tf

@@ -94,6 +94,10 @@ locals {
     spot_instance_pools                      = 10                                                   # "Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify."
     spot_max_price                           = ""                                                   # Maximum price per unit hour that the user is willing to pay for the Spot instances. Default is the on-demand price
     max_instance_lifetime                    = 0                                                    # Maximum number of seconds instances can run in the ASG. 0 is unlimited.
+    instance_refresh_strategy                = "Rolling"                                            # Strategy to use for instance refresh. Default is 'Rolling' which the only valid value.
+    instance_refresh_min_healthy_percentage  = 90                                                   # The amount of capacity in the ASG that must remain healthy during an instance refresh, as a percentage of the ASG's desired capacity.
+    instance_refresh_instance_warmup         = null                                                 # The number of seconds until a newly launched instance is configured and ready to use. Defaults to the ASG's health check grace period.
+    instance_refresh_triggers                = []                                                   # Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of launch_configuration, launch_template, or mixed_instances_policy.
   }
 
   workers_group_defaults = merge(

modules/fargate/data.tf

@@ -12,6 +12,6 @@ data "aws_iam_policy_document" "eks_fargate_pod_assume_role" {
 }
 
 data "aws_iam_role" "custom_fargate_iam_role" {
-  count = local.create_eks && !var.create_fargate_pod_execution_role ? 1 : 0
+  count = local.create_eks && ! var.create_fargate_pod_execution_role ? 1 : 0
   name  = var.fargate_pod_execution_role_name
 }

variables.tf

@@ -163,6 +163,11 @@ variable "workers_additional_policies" {
   default     = []
 }
 
+variable "worker_enable_instance_refresh" {
+  description = "Enable instance refresh for the worker autoscaling group. Refresh preferences can be overridden in workers_group_defaults. All keys start with 'instance_refresh_'"
+  default     = false
+}
+
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to fetch AWS EKS credentials."
   type        = string

versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12.9, != 0.13.0"
 
   required_providers {
-    aws        = ">= 3.22.0"
+    aws        = ">= 3.26.0"
     local      = ">= 1.4"
     null       = ">= 2.1"
     template   = ">= 2.1"

workers.tf

@@ -138,7 +138,7 @@ resource "aws_autoscaling_group" "workers" {
           "value", tag_value,
           "propagate_at_launch", "true"
         )
-        if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
+        if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
       ],
       lookup(
         var.worker_groups[count.index],
@@ -153,6 +153,18 @@ resource "aws_autoscaling_group" "workers" {
     }
   }
 
+  dynamic "instance_refresh" {
+    for_each = var.worker_enable_instance_refresh ? [1] : []
+    content {
+      strategy = local.workers_group_defaults["instance_refresh_strategy"]
+      preferences {
+        instance_warmup        = local.workers_group_defaults["instance_refresh_instance_warmup"]
+        min_healthy_percentage = local.workers_group_defaults["instance_refresh_min_healthy_percentage"]
+      }
+      triggers = local.workers_group_defaults["instance_refresh_triggers"]
+    }
+  }
+
   lifecycle {
     create_before_destroy = true
     ignore_changes        = [desired_capacity]
@@ -199,7 +211,7 @@ resource "aws_launch_configuration" "workers" {
   ebs_optimized = lookup(
     var.worker_groups[count.index],
     "ebs_optimized",
-    !contains(
+    ! contains(
       local.ebs_optimized_not_supported,
       lookup(
         var.worker_groups[count.index],

workers_launch_template.tf

@@ -157,7 +157,6 @@ resource "aws_autoscaling_group" "workers_launch_template" {
             instance_type = override.value
           }
         }
-
       }
     }
   }
@@ -214,7 +213,7 @@ resource "aws_autoscaling_group" "workers_launch_template" {
           "value", tag_value,
           "propagate_at_launch", "true"
         )
-        if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
+        if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
       ],
       lookup(
         var.worker_groups_launch_template[count.index],
@@ -229,6 +228,18 @@ resource "aws_autoscaling_group" "workers_launch_template" {
     }
   }
 
+  dynamic "instance_refresh" {
+    for_each = var.worker_enable_instance_refresh ? [1] : []
+    content {
+      strategy = local.workers_group_defaults["instance_refresh_strategy"]
+      preferences {
+        instance_warmup        = local.workers_group_defaults["instance_refresh_instance_warmup"]
+        min_healthy_percentage = local.workers_group_defaults["instance_refresh_min_healthy_percentage"]
+      }
+      triggers = local.workers_group_defaults["instance_refresh_triggers"]
+    }
+  }
+
   lifecycle {
     create_before_destroy = true
     ignore_changes        = [desired_capacity]
@@ -302,7 +313,7 @@ resource "aws_launch_template" "workers_launch_template" {
   ebs_optimized = lookup(
     var.worker_groups_launch_template[count.index],
     "ebs_optimized",
-    !contains(
+    ! contains(
       local.ebs_optimized_not_supported,
       lookup(
         var.worker_groups_launch_template[count.index],
@@ -481,7 +492,7 @@ resource "aws_launch_template" "workers_launch_template" {
       },
       { for tag_key, tag_value in var.tags :
         tag_key => tag_value
-        if tag_key != "Name" && !contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
+        if tag_key != "Name" && ! contains([for tag in lookup(var.worker_groups_launch_template[count.index], "tags", local.workers_group_defaults["tags"]) : tag["key"]], tag_key)
       }
     )
   }