From 6ecbf1a693568caa9d31d579cb393dcd96508bd9 Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Mon, 26 Jul 2021 15:00:51 -0400 Subject: [PATCH 1/6] Use aws_eks_node_group.taint block to set taints instead of kubelet args. --- main.tf | 16 ++++++++++++++++ userdata.tf | 8 ++------ variables.tf | 2 +- versions.tf | 2 +- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 8f73d41..73f6094 100644 --- a/main.tf +++ b/main.tf @@ -94,6 +94,14 @@ locals { need_remote_access = local.ng_needs_remote_access ec2_ssh_key = local.remote_access_enabled ? var.ec2_ssh_key : "none" source_security_group_ids = local.ng_needs_remote_access ? sort(concat(module.security_group.*.id, var.security_groups)) : [] + + # Configure taints + taints = length(var.kubernetes_taints) > 0 ? { for k, v in var.kubernetes_taints : k => v } : {} + taint_lookup_map = { + "NoSchedule" = "NO_SCHEDULE" + "NoExecute" = "NO_EXECUTE" + "PreferNoSchedule" = "PREFER_NO_SCHEDULE" + } } } @@ -185,6 +193,14 @@ resource "aws_eks_node_group" "default" { } } + dynamic "taint" { + for_each = local.ng.taints + content { + key = taint.key + effect = local.ng.taint_lookup_map[taint.value] + } + } + # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling. # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces. depends_on = [ diff --git a/userdata.tf b/userdata.tf index be799ba..b2b6785 100644 --- a/userdata.tf +++ b/userdata.tf @@ -17,15 +17,11 @@ locals { kubelet_label_settings = [for k, v in var.kubernetes_labels : format("%v=%v", k, v)] - kubelet_taint_settings = [for k, v in var.kubernetes_taints : format("%v=%v", k, v)] kubelet_label_args = (length(local.kubelet_label_settings) == 0 ? "" : "--node-labels=${join(",", local.kubelet_label_settings)}" ) - kubelet_taint_args = (length(local.kubelet_taint_settings) == 0 ? "" : - "--register-with-taints=${join(",", local.kubelet_taint_settings)}" - ) - kubelet_extra_args = join(" ", compact([local.kubelet_label_args, local.kubelet_taint_args, var.kubelet_additional_options])) + kubelet_extra_args = join(" ", compact([local.kubelet_label_args, var.kubelet_additional_options])) userdata_vars = { before_cluster_joining_userdata = var.before_cluster_joining_userdata == null ? "" : var.before_cluster_joining_userdata @@ -40,7 +36,7 @@ locals { cluster_name = local.get_cluster_data ? data.aws_eks_cluster.this[0].name : null } - need_bootstrap = local.enabled ? length(compact([local.kubelet_taint_args, var.kubelet_additional_options, + need_bootstrap = local.enabled ? length(compact([var.kubelet_additional_options, local.userdata_vars.bootstrap_extra_args, local.userdata_vars.after_cluster_joining_userdata] )) > 0 : false diff --git a/variables.tf b/variables.tf index dbfcf33..1cf20f0 100644 --- a/variables.tf +++ b/variables.tf @@ -301,7 +301,7 @@ variable "userdata_override_base64" { compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide your own (Base64 encoded) user data. Use "" to prevent any user data from being set. - Setting `userdata_override_base64` disables `kubernetes_taints`, `kubelet_additional_options`, + Setting `userdata_override_base64` disables `kubelet_additional_options`, `before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`. EOT } diff --git a/versions.tf b/versions.tf index c1c40d3..a5d4897 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" + version = ">= 3.43" } template = { source = "hashicorp/template" From 32d9c867b7e192b686f599f828de2b339387f0a2 Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Mon, 26 Jul 2021 15:07:25 -0400 Subject: [PATCH 2/6] Add taint block to cbd ng. * Fix map syntax --- main.tf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 73f6094..3e621aa 100644 --- a/main.tf +++ b/main.tf @@ -98,9 +98,9 @@ locals { # Configure taints taints = length(var.kubernetes_taints) > 0 ? { for k, v in var.kubernetes_taints : k => v } : {} taint_lookup_map = { - "NoSchedule" = "NO_SCHEDULE" - "NoExecute" = "NO_EXECUTE" - "PreferNoSchedule" = "PREFER_NO_SCHEDULE" + NoSchedule = "NO_SCHEDULE" + NoExecute = "NO_EXECUTE" + PreferNoSchedule = "PREFER_NO_SCHEDULE" } } } @@ -270,6 +270,14 @@ resource "aws_eks_node_group" "cbd" { } } + dynamic "taint" { + for_each = local.ng.taints + content { + key = taint.key + effect = local.ng.taint_lookup_map[taint.value] + } + } + # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling. # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces. depends_on = [ From 14954af4457e1bbe0a85df374c32d8273d535bb7 Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Tue, 27 Jul 2021 09:23:52 -0400 Subject: [PATCH 3/6] Add support for taint value. --- main.tf | 8 ++++++-- variables.tf | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 3e621aa..8e2009b 100644 --- a/main.tf +++ b/main.tf @@ -96,7 +96,10 @@ locals { source_security_group_ids = local.ng_needs_remote_access ? sort(concat(module.security_group.*.id, var.security_groups)) : [] # Configure taints - taints = length(var.kubernetes_taints) > 0 ? { for k, v in var.kubernetes_taints : k => v } : {} + taints = length(var.kubernetes_taints) > 0 ? { for k, v in var.kubernetes_taints : k => { + value = length(split(":", v)) > 1 ? element(split(":", v), 0) : null + effect = try(element(split(":", v), 1), v) + } } : {} taint_lookup_map = { NoSchedule = "NO_SCHEDULE" NoExecute = "NO_EXECUTE" @@ -197,7 +200,8 @@ resource "aws_eks_node_group" "default" { for_each = local.ng.taints content { key = taint.key - effect = local.ng.taint_lookup_map[taint.value] + value = taint.value.value + effect = local.ng.taint_lookup_map[taint.value.effect] } } diff --git a/variables.tf b/variables.tf index 1cf20f0..5b87b99 100644 --- a/variables.tf +++ b/variables.tf @@ -186,7 +186,7 @@ variable "kubernetes_labels" { variable "kubernetes_taints" { type = map(string) - description = "Key-value mapping of Kubernetes taints." + description = "Key-value mapping of Kubernetes taints in the form of `=:`." default = {} } From 144ea26192abe24399033ff095a688f8d688784e Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Tue, 27 Jul 2021 09:35:16 -0400 Subject: [PATCH 4/6] Update README --- README.md | 8 ++++---- docs/terraform.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 139956a..eaf1111 100644 --- a/README.md +++ b/README.md @@ -209,7 +209,7 @@ Available targets: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.3 | -| [aws](#requirement\_aws) | >= 3.0 | +| [aws](#requirement\_aws) | >= 3.43 | | [local](#requirement\_local) | >= 1.3 | | [random](#requirement\_random) | >= 2.0 | | [template](#requirement\_template) | >= 2.0 | @@ -218,7 +218,7 @@ Available targets: | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.0 | +| [aws](#provider\_aws) | >= 3.43 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -284,7 +284,7 @@ Available targets: | [instance\_types](#input\_instance\_types) | Instance types to use for this node group (up to 20). Defaults to ["t3.medium"].
Ignored when `launch_template_id` is supplied. | `list(string)` | 
[
  "t3.medium"
]
| no | | [kubelet\_additional\_options](#input\_kubelet\_additional\_options) | Additional flags to pass to kubelet.
DO NOT include `--node-labels` or `--node-taints`,
use `kubernetes_labels` and `kubernetes_taints` to specify those." | `string` | `""` | no | | [kubernetes\_labels](#input\_kubernetes\_labels) | Key-value mapping of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument.
Other Kubernetes labels applied to the EKS Node Group will not be managed. | `map(string)` | `{}` | no | -| [kubernetes\_taints](#input\_kubernetes\_taints) | Key-value mapping of Kubernetes taints. | `map(string)` | `{}` | no | +| [kubernetes\_taints](#input\_kubernetes\_taints) | Key-value mapping of Kubernetes taints in the form of `=:`. | `map(string)` | `{}` | no | | [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version. Defaults to EKS Cluster Kubernetes version. Terraform will only perform drift detection if a configuration value is provided | `string` | `null` | no | | [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | @@ -313,7 +313,7 @@ Available targets: | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes | | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | [update\_timeout](#input\_update\_timeout) | If provided, it will increase or decrease the timeout for updating the node group https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#timeouts"
It would be necessary on node groups with a lot of nodes. Because the changing this node groups would take a lot of time | `string` | `"60m"` | no | -| [userdata\_override\_base64](#input\_userdata\_override\_base64) | Many features of this module rely on the `bootstrap.sh` provided with Amazon Linux, and this module
may generate "user data" that expects to find that script. If you want to use an AMI that is not
compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide
your own (Base64 encoded) user data. Use "" to prevent any user data from being set.

Setting `userdata_override_base64` disables `kubernetes_taints`, `kubelet_additional_options`,
`before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`. | `string` | `null` | no | +| [userdata\_override\_base64](#input\_userdata\_override\_base64) | Many features of this module rely on the `bootstrap.sh` provided with Amazon Linux, and this module
may generate "user data" that expects to find that script. If you want to use an AMI that is not
compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide
your own (Base64 encoded) user data. Use "" to prevent any user data from being set.

Setting `userdata_override_base64` disables `kubelet_additional_options`,
`before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`. | `string` | `null` | no | | [worker\_role\_autoscale\_iam\_enabled](#input\_worker\_role\_autoscale\_iam\_enabled) | If true, the worker IAM role will be authorized to perform autoscaling operations. Not recommended.
Use [EKS IAM role for cluster autoscaler service account](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) instead. | `bool` | `false` | no | ## Outputs diff --git a/docs/terraform.md b/docs/terraform.md index 7b4bbc4..a5db21a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,7 +4,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.3 | -| [aws](#requirement\_aws) | >= 3.0 | +| [aws](#requirement\_aws) | >= 3.43 | | [local](#requirement\_local) | >= 1.3 | | [random](#requirement\_random) | >= 2.0 | | [template](#requirement\_template) | >= 2.0 | @@ -13,7 +13,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.0 | +| [aws](#provider\_aws) | >= 3.43 | | [random](#provider\_random) | >= 2.0 | ## Modules @@ -79,7 +79,7 @@ | [instance\_types](#input\_instance\_types) | Instance types to use for this node group (up to 20). Defaults to ["t3.medium"].
Ignored when `launch_template_id` is supplied. | `list(string)` | 
[
  "t3.medium"
]
| no | | [kubelet\_additional\_options](#input\_kubelet\_additional\_options) | Additional flags to pass to kubelet.
DO NOT include `--node-labels` or `--node-taints`,
use `kubernetes_labels` and `kubernetes_taints` to specify those." | `string` | `""` | no | | [kubernetes\_labels](#input\_kubernetes\_labels) | Key-value mapping of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument.
Other Kubernetes labels applied to the EKS Node Group will not be managed. | `map(string)` | `{}` | no | -| [kubernetes\_taints](#input\_kubernetes\_taints) | Key-value mapping of Kubernetes taints. | `map(string)` | `{}` | no | +| [kubernetes\_taints](#input\_kubernetes\_taints) | Key-value mapping of Kubernetes taints in the form of `=:`. | `map(string)` | `{}` | no | | [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version. Defaults to EKS Cluster Kubernetes version. Terraform will only perform drift detection if a configuration value is provided | `string` | `null` | no | | [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | @@ -108,7 +108,7 @@ | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes | | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | [update\_timeout](#input\_update\_timeout) | If provided, it will increase or decrease the timeout for updating the node group https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#timeouts"
It would be necessary on node groups with a lot of nodes. Because the changing this node groups would take a lot of time | `string` | `"60m"` | no | -| [userdata\_override\_base64](#input\_userdata\_override\_base64) | Many features of this module rely on the `bootstrap.sh` provided with Amazon Linux, and this module
may generate "user data" that expects to find that script. If you want to use an AMI that is not
compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide
your own (Base64 encoded) user data. Use "" to prevent any user data from being set.

Setting `userdata_override_base64` disables `kubernetes_taints`, `kubelet_additional_options`,
`before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`. | `string` | `null` | no | +| [userdata\_override\_base64](#input\_userdata\_override\_base64) | Many features of this module rely on the `bootstrap.sh` provided with Amazon Linux, and this module
may generate "user data" that expects to find that script. If you want to use an AMI that is not
compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide
your own (Base64 encoded) user data. Use "" to prevent any user data from being set.

Setting `userdata_override_base64` disables `kubelet_additional_options`,
`before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`. | `string` | `null` | no | | [worker\_role\_autoscale\_iam\_enabled](#input\_worker\_role\_autoscale\_iam\_enabled) | If true, the worker IAM role will be authorized to perform autoscaling operations. Not recommended.
Use [EKS IAM role for cluster autoscaler service account](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) instead. | `bool` | `false` | no | ## Outputs From c8b7de24889ed3f89cb0bd6ef01da846f938078a Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Tue, 27 Jul 2021 14:14:59 -0400 Subject: [PATCH 5/6] Add tests to validate taints are set. --- examples/complete/fixtures.us-east-2.tfvars | 5 ++++ examples/complete/main.tf | 1 + examples/complete/variables.tf | 6 +++++ examples/complete/versions.tf | 2 +- test/src/examples_complete_test.go | 29 +++++++++++++++++++++ test/src/go.mod | 2 +- test/src/go.sum | 16 ++++++++++-- 7 files changed, 57 insertions(+), 4 deletions(-) diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index f1f700b..55349a7 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -35,3 +35,8 @@ before_cluster_joining_userdata = <<-EOT EOT remote_access_enabled = true + +kubernetes_taints = { + "test" = "true:PreferNoSchedule" + "testNoValue" = "PreferNoSchedule" +} diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 94546d1..ed4f62d 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -104,6 +104,7 @@ module "eks_node_group" { max_size = var.max_size kubernetes_version = var.kubernetes_version kubernetes_labels = var.kubernetes_labels + kubernetes_taints = var.kubernetes_taints disk_size = var.disk_size ec2_ssh_key = module.ssh_key_pair.key_name remote_access_enabled = var.remote_access_enabled diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index d73e321..4edb870 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -121,3 +121,9 @@ variable "remote_access_enabled" { type = bool description = "Whether to enable remote access to EKS node group, requires `ec2_ssh_key` to be defined." } + +variable "kubernetes_taints" { + type = map(string) + description = "Key-value mapping of Kubernetes taints in the form of `=:`." + default = {} +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index c9826c9..d3f48ed 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" + version = ">= 3.43" } template = { source = "hashicorp/template" diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 3e2af93..b89a1c4 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -190,4 +190,33 @@ func TestExamplesComplete(t *testing.T) { fmt.Println(msg) assert.Fail(t, msg) } + + // List nodegroups (should only be 1) + // Describe nodegroup returned by list + // For each Taint struct in Taints attribute in Nodegroup struct, create map: Taint.Key => Taint + // Validate each Taint is assigned correctly using Taint.Key against the var.kubernetes_taints map + listNgInput := &eks.ListNodegroupsInput{ + ClusterName: aws.String(clusterName), + MaxResults: func(i int64) *int64 { return &i }(1), + } + listNgResult, err := eksSvc.ListNodegroups(listNgInput) + assert.NoError(t, err) + + describeNgInput := &eks.DescribeNodegroupInput{ + ClusterName: aws.String(clusterName), + NodegroupName: aws.String(*listNgResult.Nodegroups[0]), + } + describeNgResult, err := eksSvc.DescribeNodegroup(describeNgInput) + assert.NoError(t, err) + + m := make(map[string]map[string]string) + for _, t := range describeNgResult.Nodegroup.Taints { + m[*t.Key] = map[string]string{ + "key": *t.Key, + "value": *t.Value, + "effect": *t.Effect, + } + } + assert.Equal(t, map[string]string{"key":"test","value":"true","effect":"PREFER_NO_SCHEDULE"}, m["test"]) + assert.Equal(t, map[string]string{"key":"testNoValue","value":"","effect":"PREFER_NO_SCHEDULE"}, m["testNoValue"]) } diff --git a/test/src/go.mod b/test/src/go.mod index cfb9dac..2859bf1 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -3,7 +3,7 @@ module github.com/cloudposse/terraform-aws-eks-node-group go 1.13 require ( - github.com/aws/aws-sdk-go v1.33.6 + github.com/aws/aws-sdk-go v1.38.56 github.com/gruntwork-io/terratest v0.28.8 github.com/stretchr/testify v1.6.1 k8s.io/api v0.18.6 diff --git a/test/src/go.sum b/test/src/go.sum index cae41f6..0476769 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -50,8 +50,8 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.33.6 h1:YLoUeMSx05kHwhS+HLDSpdYYpPzJMyp6hn1cWsJ6a+U= -github.com/aws/aws-sdk-go v1.33.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.38.56 h1:JI5bnuDfjVLgnBaDHeZO5btxGbYCQ5QA3P0maYtwPQw= +github.com/aws/aws-sdk-go v1.38.56/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= @@ -210,6 +210,10 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -372,6 +376,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -418,6 +424,8 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -458,11 +466,15 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200107162124-548cf772de50 h1:YvQ10rzcqWXLlJZ3XCUoO25savxmscf4+SC+ZqiCHhA= golang.org/x/sys v0.0.0-20200107162124-548cf772de50/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= From fb36b66a3a4a1a9d4ee3cb8b38be621cbc6d6413 Mon Sep 17 00:00:00 2001 From: Chris Vittoria Date: Wed, 28 Jul 2021 14:42:08 -0400 Subject: [PATCH 6/6] Fix drift between default & cbd eks_node_group --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 8e2009b..0fce77a 100644 --- a/main.tf +++ b/main.tf @@ -278,7 +278,8 @@ resource "aws_eks_node_group" "cbd" { for_each = local.ng.taints content { key = taint.key - effect = local.ng.taint_lookup_map[taint.value] + value = taint.value.value + effect = local.ng.taint_lookup_map[taint.value.effect] } }