Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add amazon_web_services configuration option to specify EKS cluster api server endpoint access setting #2618

Merged
merged 14 commits into from
Sep 9, 2024
Merged

Add amazon_web_services configuration option to specify EKS cluster api server endpoint access setting #2618

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
501438d
Add option in nebari-config (amazon_web_services.eks_endpoint_access)…
joneszc Aug 9, 2024
1a52244
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Aug 9, 2024
215f3c1
Add option in nebari-config (amazon_web_services.eks_endpoint_access)…
joneszc Aug 9, 2024
5376681
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Aug 21, 2024
90e8687
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Aug 23, 2024
7f0874a
reformat __init__.py single quotes
joneszc Aug 23, 2024
598aea1
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 4, 2024
521711f
Edit validation for amazon_web_services.eks_endpoint_access var optio…
joneszc Sep 4, 2024
ed57b0e
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 4, 2024
dbe30ab
Edit validation for amazon_web_services.eks_endpoint_access var optio…
joneszc Sep 4, 2024
4887d3d
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 4, 2024
09e745f
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 5, 2024
d7d569d
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 5, 2024
aea94fa
Merge branch 'nebari-dev:develop' into eks-private-endpoint
joneszc Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion src/_nebari/stages/infrastructure/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import re
import sys
import tempfile
from typing import Annotated, Any, Dict, List, Optional, Tuple, Type, Union
from typing import Annotated, Any, Dict, List, Literal, Optional, Tuple, Type, Union

from pydantic import Field, field_validator, model_validator

Expand Down Expand Up @@ -146,6 +146,9 @@ class AWSInputVars(schema.Base):
existing_subnet_ids: Optional[List[str]] = None
region: str
kubernetes_version: str
eks_endpoint_access: Optional[
Literal["private", "public", "public_and_private"]
] = "public"
node_groups: List[AWSNodeGroupInputVars]
availability_zones: List[str]
vpc_cidr_block: str
Expand Down Expand Up @@ -465,6 +468,9 @@ class AmazonWebServicesProvider(schema.Base):
kubernetes_version: str
availability_zones: Optional[List[str]]
node_groups: Dict[str, AWSNodeGroup] = DEFAULT_AWS_NODE_GROUPS
eks_endpoint_access: Optional[
Literal["private", "public", "public_and_private"]
] = "public"
existing_subnet_ids: Optional[List[str]] = None
existing_security_group_id: Optional[str] = None
vpc_cidr_block: str = "10.10.0.0/16"
Expand Down Expand Up @@ -808,6 +814,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
return AWSInputVars(
name=self.config.escaped_project_name,
environment=self.config.namespace,
eks_endpoint_access=self.config.amazon_web_services.eks_endpoint_access,
existing_subnet_ids=self.config.amazon_web_services.existing_subnet_ids,
existing_security_group_id=self.config.amazon_web_services.existing_security_group_id,
region=self.config.amazon_web_services.region,
Expand Down
3 changes: 2 additions & 1 deletion src/_nebari/stages/infrastructure/template/aws/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,8 @@ module "kubernetes" {

node_groups = var.node_groups

endpoint_private_access = var.eks_endpoint_private_access
endpoint_public_access = var.eks_endpoint_access == "private" ? false : true
endpoint_private_access = var.eks_endpoint_access == "public" ? false : true
public_access_cidrs = var.eks_public_access_cidrs
permissions_boundary = var.permissions_boundary
}
3 changes: 2 additions & 1 deletion src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ resource "aws_eks_cluster" "main" {
vpc_config {
security_group_ids = var.cluster_security_groups
subnet_ids = var.cluster_subnets

#trivy:ignore:AVD-AWS-0040
endpoint_public_access = var.endpoint_public_access
github-advanced-security[bot] marked this conversation as resolved.
Fixed Show resolved Hide resolved
endpoint_private_access = var.endpoint_private_access
public_access_cidrs = var.public_access_cidrs
}
Expand Down
5 changes: 5 additions & 0 deletions src/_nebari/stages/infrastructure/template/aws/modules/kubernetes/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ variable "node_group_instance_type" {
default = "m5.large"
}

variable "endpoint_public_access" {
type = bool
default = true
}

variable "endpoint_private_access" {
type = bool
default = false
Expand Down
6 changes: 6 additions & 0 deletions src/_nebari/stages/infrastructure/template/aws/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,12 @@ variable "kubeconfig_filename" {
type = string
}

variable "eks_endpoint_access" {
description = "EKS cluster api server endpoint access setting"
type = string
default = "public"
}

variable "eks_endpoint_private_access" {
type = bool
default = false
Expand Down
Loading