From fb6196124327e6206cb60490adbaa7e80e404c2f Mon Sep 17 00:00:00 2001 From: Benjamin Ash Date: Tue, 18 May 2021 22:14:18 -0400 Subject: [PATCH 1/3] fix: Set an ASG's launch template version to an explicit version automatically. This will ensure that an instance refresh will be triggered whenever the launch template changes. --- examples/instance_refresh/main.tf | 5 ++++- local.tf | 4 +++- workers_launch_template.tf | 22 ++++++++++++++++++++-- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf index e19b4b4e21..7c60621163 100644 --- a/examples/instance_refresh/main.tf +++ b/examples/instance_refresh/main.tf @@ -239,9 +239,12 @@ module "eks" { asg_max_size = 2 asg_desired_capacity = 2 instance_refresh_enabled = true - instance_refresh_triggers = ["tag"] + instance_refresh_instance_warmup = 60 public_ip = true metadata_http_put_response_hop_limit = 3 + use_latest_version = true + update_default_version = true + instance_refresh_triggers = ["tag"] tags = [ { key = "aws-node-termination-handler/managed" diff --git a/local.tf b/local.tf index 3fa7c1f442..ac42308327 100644 --- a/local.tf +++ b/local.tf @@ -75,7 +75,9 @@ locals { root_block_device_name = data.aws_ami.eks_worker.root_device_name # Root device name for workers. If non is provided, will assume default AMI was used. root_kms_key_id = "" # The KMS key to use when encrypting the root storage device launch_template_id = null # The id of the launch template used for managed node_groups - launch_template_version = "$Latest" # The lastest version of the launch template to use in the autoscaling group + launch_template_version = "$Latest" # The latest version of the launch template to use in the autoscaling and node groups. Must be explicitly set in `worker_groups_launch_template`. + use_latest_version = true # Set the autoscaling group to use the latest version of the launch template, otherwise the default template version will be used. Ignored when `launch_template_version` is set in `worker_groups_launch_template`. + update_default_version = false # Update the autoscaling group launch template's default version upon each update launch_template_placement_tenancy = "default" # The placement tenancy for instances launch_template_placement_group = null # The name of the placement group into which to launch the instances, if any. root_encrypted = false # Whether the volume should be encrypted or not diff --git a/workers_launch_template.tf b/workers_launch_template.tf index f22a48f294..1180432684 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -141,7 +141,13 @@ resource "aws_autoscaling_group" "workers_launch_template" { version = lookup( var.worker_groups_launch_template[count.index], "launch_template_version", - local.workers_group_defaults["launch_template_version"], + lookup( + var.worker_groups_launch_template[count.index], + "use_latest_version", + local.workers_group_defaults["use_latest_version"] + ) + ? aws_launch_template.workers_launch_template.*.latest_version[count.index] + : aws_launch_template.workers_launch_template.*.default_version[count.index] ) } @@ -169,7 +175,13 @@ resource "aws_autoscaling_group" "workers_launch_template" { version = lookup( var.worker_groups_launch_template[count.index], "launch_template_version", - local.workers_group_defaults["launch_template_version"], + lookup( + var.worker_groups_launch_template[count.index], + "use_latest_version", + local.workers_group_defaults["use_latest_version"] + ) + ? aws_launch_template.workers_launch_template.*.latest_version[count.index] + : aws_launch_template.workers_launch_template.*.default_version[count.index] ) } } @@ -278,6 +290,12 @@ resource "aws_launch_template" "workers_launch_template" { count.index, )}" + update_default_version = lookup( + var.worker_groups_launch_template[count.index], + "update_default_version", + local.workers_group_defaults["update_default_version"], + ) + network_interfaces { associate_public_ip_address = lookup( var.worker_groups_launch_template[count.index], From 5b422fdc9fe80e63c871a54a61b97eddd9e616ea Mon Sep 17 00:00:00 2001 From: Benjamin Ash Date: Wed, 19 May 2021 10:09:44 -0400 Subject: [PATCH 2/3] fix: Update the instance_refresh example to use a count when creating the aws_autoscaling_lifecycle_hook. --- examples/instance_refresh/main.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf index 7c60621163..1b87d8e521 100644 --- a/examples/instance_refresh/main.tf +++ b/examples/instance_refresh/main.tf @@ -217,10 +217,9 @@ resource "helm_release" "aws_node_termination_handler" { # ensures that node termination does not require the lifecycle action to be completed, # and thus allows the ASG to be destroyed cleanly. resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" { - for_each = toset(module.eks.workers_asg_names) - + count = length(module.eks.workers_asg_names) name = "aws-node-termination-handler" - autoscaling_group_name = each.value + autoscaling_group_name = module.eks.workers_asg_names[count.index] lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" heartbeat_timeout = 300 default_result = "CONTINUE" From 0cdc35d6ffc81550c79300c1e4307b2b242c78c0 Mon Sep 17 00:00:00 2001 From: Benjamin Ash Date: Wed, 19 May 2021 10:21:31 -0400 Subject: [PATCH 3/3] fix: Use the default launch_template_version to determine latest versus default launch_template version. Signed-off-by: Benjamin Ash --- examples/instance_refresh/main.tf | 1 - local.tf | 3 +-- workers_launch_template.tf | 12 ++++++------ 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf index 1b87d8e521..dd7af88a2e 100644 --- a/examples/instance_refresh/main.tf +++ b/examples/instance_refresh/main.tf @@ -241,7 +241,6 @@ module "eks" { instance_refresh_instance_warmup = 60 public_ip = true metadata_http_put_response_hop_limit = 3 - use_latest_version = true update_default_version = true instance_refresh_triggers = ["tag"] tags = [ diff --git a/local.tf b/local.tf index ac42308327..b7b7310ab7 100644 --- a/local.tf +++ b/local.tf @@ -75,8 +75,7 @@ locals { root_block_device_name = data.aws_ami.eks_worker.root_device_name # Root device name for workers. If non is provided, will assume default AMI was used. root_kms_key_id = "" # The KMS key to use when encrypting the root storage device launch_template_id = null # The id of the launch template used for managed node_groups - launch_template_version = "$Latest" # The latest version of the launch template to use in the autoscaling and node groups. Must be explicitly set in `worker_groups_launch_template`. - use_latest_version = true # Set the autoscaling group to use the latest version of the launch template, otherwise the default template version will be used. Ignored when `launch_template_version` is set in `worker_groups_launch_template`. + launch_template_version = "$Latest" # The latest version of the launch template to use in the autoscaling group update_default_version = false # Update the autoscaling group launch template's default version upon each update launch_template_placement_tenancy = "default" # The placement tenancy for instances launch_template_placement_group = null # The name of the placement group into which to launch the instances, if any. diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 1180432684..0576286b97 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -143,9 +143,9 @@ resource "aws_autoscaling_group" "workers_launch_template" { "launch_template_version", lookup( var.worker_groups_launch_template[count.index], - "use_latest_version", - local.workers_group_defaults["use_latest_version"] - ) + "launch_template_version", + local.workers_group_defaults["launch_template_version"] + ) == "$Latest" ? aws_launch_template.workers_launch_template.*.latest_version[count.index] : aws_launch_template.workers_launch_template.*.default_version[count.index] ) @@ -177,9 +177,9 @@ resource "aws_autoscaling_group" "workers_launch_template" { "launch_template_version", lookup( var.worker_groups_launch_template[count.index], - "use_latest_version", - local.workers_group_defaults["use_latest_version"] - ) + "launch_template_version", + local.workers_group_defaults["launch_template_version"] + ) == "$Latest" ? aws_launch_template.workers_launch_template.*.latest_version[count.index] : aws_launch_template.workers_launch_template.*.default_version[count.index] )