terraform eks ec2 custom ami - PullRequest
Новая
       126

terraform eks ec2 custom ami

0 голосов
/ 08 мая 2020

наша команда ops подтолкнула защищенный ami к учетной записи aws, я хочу использовать этот ami вместо aws предоставленного ami

Я хочу переключиться с aws предоставленного ami на пользовательский ami, ссылаясь это репо https://github.com/naumannt/tf-article/tree/master/Article%205 и этот файл https://github.com/naumannt/tf-article/blob/master/Article%205/modules/eks/worker-nodes.tf

########################################################################################
# Setup AutoScaling Group for worker nodes

# Setup data source to get amazon-provided AMI for EKS nodes
data "aws_ami" "eks-worker" {
  filter {
    name   = "name"
    values = ["amazon-eks-node-v*"]
  }

  most_recent = true
  owners      = ["602401143452"] # Amazon EKS AMI Account ID
-----? change this with my custom ami ---
}

# Is provided in demo code, no idea what it's used for though! TODO: DELETE
# data "aws_region" "current" {}

# EKS currently documents this required userdata for EKS worker nodes to
# properly configure Kubernetes applications on the EC2 instance.
# We utilize a Terraform local here to simplify Base64 encode this
# information and write it into the AutoScaling Launch Configuration.
# More information: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
locals {
  tf-eks-node-userdata = <<USERDATA
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.tf_eks.endpoint}' --b64-cluster-ca '${aws_eks_cluster.tf_eks.certificate_authority.0.data}' 'example'
USERDATA
}

resource "aws_launch_configuration" "tf_eks" {
  associate_public_ip_address = true
  iam_instance_profile        = "${aws_iam_instance_profile.node.name}"
  image_id                    = "${data.aws_ami.eks-worker.id}"
  instance_type               = "m4.large"
  name_prefix                 = "terraform-eks"
  security_groups             = ["${aws_security_group.tf-eks-node.id}"]
  user_data_base64            = "${base64encode(local.tf-eks-node-userdata)}"
  key_name                    = "${var.keypair-name}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_lb_target_group" "tf_eks" {
  name = "terraform-eks-nodes"
  port = 31742
  protocol = "HTTP"
  vpc_id = "${var.vpc_id}"
  target_type = "instance"
}

resource "aws_autoscaling_group" "tf_eks" {
  desired_capacity     = "2"
  launch_configuration = "${aws_launch_configuration.tf_eks.id}"
  max_size             = "3"
  min_size             = 1
  name                 = "terraform-tf-eks"
  vpc_zone_identifier  = ["${var.app_subnet_ids}"]
  target_group_arns    = ["${aws_lb_target_group.tf_eks.arn}"]

  tag {
    key                 = "Name"
    value               = "terraform-tf-eks"
    propagate_at_launch = true
  }

  tag {
    key                 = "kubernetes.io/cluster/example"
    value               = "owned"
    propagate_at_launch = true
  }
}

после поиска в Google вот что я нашел? data.tf 

locals {
  worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${var.cluster_version}-v*"
}

data "aws_region" "current" {
}

 @@ -19,13 +23,12 @@ data "aws_iam_policy_document" "workers_assume_role_policy" {
data "aws_ami" "eks_worker" {
  filter {
    name   = "name"
    values = ["${var.worker_ami_name_filter_prefix}-${var.cluster_version}-${var.worker_ami_name_filter}"]
    values = [local.worker_ami_name_filter]
  }

  most_recent = true

  # Owner ID of AWS EKS team
  owners = ["602401143452"]
  owners = [var.worker_ami_owner_id]
}

data "aws_iam_policy_document" "cluster_assume_role_policy" {

variable.tf 

variable "worker_ami_name_filter" {

  type        = string
  default     = "v*"
  default     = ""
}

variable "worker_ami_name_filter_prefix" {
  description = "Name prefix filter for AWS EKS worker AMI. Default behaviour will get regular EKS-Optimized AMI but could be set to a EKS-Optimized AMI with GPU Support, e.g. \"amazon-eks-gpu-node\", or custom AMI"
variable "worker_ami_owner_id" {
  description = "The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
  type        = string
  default     = "amazon-eks-node"
  default     = "602401143452" // The ID of the owner of the official AWS EKS AMIs.
}

variable "worker_additional_security_group_ids" {

как мне узнать значение worker_ami_owner_id, наша команда операций подтолкнула усиленный ami к учетной записи aws, я хочу использовать это ami вместо aws предоставленного ami

1 Ответ

1 голос
/ 09 мая 2020

Вам не нужно знать точный идентификатор пользователя владельца. Если план / приложение terraform учетной записи будет запускаться, у него есть доступ к необходимым AMI, тогда вы можете просто указать значение владельца как «self» вместо канонического, и оно будет работать. Например: 

data "aws_ami" "test" {
  filter {
    name = "name"
    values = ["some_test"]
  }

  owners = ["self"]
}

output "aws_ami_id" {
  value = "${data.aws_ami.test.id}"
}
...