From 15d731d2ba4b81812bf805d31626b6416a8a85d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 10:44:53 +0100 Subject: [PATCH 1/9] Bump aws provider version and update documentation --- modules/aws-eks/README.md | 6 +++--- modules/aws-eks/docs/footer.md | 2 +- modules/aws-eks/versions.tf | 14 +++++++------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md index 8dfd87be1..8824cc6e1 100644 --- a/modules/aws-eks/README.md +++ b/modules/aws-eks/README.md @@ -125,7 +125,7 @@ The module is organized with the following directory and file structure: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5 | -| [aws](#requirement\_aws) | ~> 5.83 | +| [aws](#requirement\_aws) | ~> 6.33 | | [kubernetes](#requirement\_kubernetes) | ~> 2.35 | | [time](#requirement\_time) | ~> 0.12 | | [tls](#requirement\_tls) | ~> 4.0 | @@ -134,7 +134,7 @@ The module is organized with the following directory and file structure: | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 5.83 | +| [aws](#provider\_aws) | ~> 6.33 | ## Modules @@ -240,5 +240,5 @@ For detailed examples, refer to the [module examples](https://github.com/prefapp ## Support -For issues, questions, or contributions related to this module, please visit the repository’s issue tracker: [https://github.com/prefapp/tfm/issues](https://github.com/prefapp/tfm/issues) +For issues, questions, or contributions related to this module, please visit the [repository’s issue tracker](https://github.com/prefapp/tfm/issues) \ No newline at end of file diff --git a/modules/aws-eks/docs/footer.md b/modules/aws-eks/docs/footer.md index 10340d0b4..85006d795 100644 --- a/modules/aws-eks/docs/footer.md +++ b/modules/aws-eks/docs/footer.md @@ -15,4 +15,4 @@ For detailed examples, refer to the [module examples](https://github.com/prefapp ## Support -For issues, questions, or contributions related to this module, please visit the repository’s issue tracker: [https://github.com/prefapp/tfm/issues](https://github.com/prefapp/tfm/issues) +For issues, questions, or contributions related to this module, please visit the [repository’s issue tracker](https://github.com/prefapp/tfm/issues) diff --git a/modules/aws-eks/versions.tf b/modules/aws-eks/versions.tf index f44955a29..72694b1a4 100644 --- a/modules/aws-eks/versions.tf +++ b/modules/aws-eks/versions.tf @@ -1,11 +1,11 @@ /* - This Terraform script is used to specify the required versions for Terraform - and the providers used in the project. + This Terraform script is used to specify the required versions for Terraform + and the providers used in the project. - The AWS provider is required to interact with AWS resources, the Kubernetes - provider is used to manage Kubernetes resources, the Time provider is used for - time-based resources, and the TLS provider is used for resources related to - TLS certificates. + The AWS provider is required to interact with AWS resources, the Kubernetes + provider is used to manage Kubernetes resources, the Time provider is used for + time-based resources, and the TLS provider is used for resources related to + TLS certificates. */ terraform { @@ -16,7 +16,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "~> 5.83" + version = "~> 6.33" } kubernetes = { From a1a425ce2f0728c49b1761a64cf47463ceac9b82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 10:52:06 +0100 Subject: [PATCH 2/9] Bumb provider version in example code --- modules/aws-eks/_examples/with_vpc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws-eks/_examples/with_vpc/main.tf b/modules/aws-eks/_examples/with_vpc/main.tf index 97150216c..34a9262a1 100644 --- a/modules/aws-eks/_examples/with_vpc/main.tf +++ b/modules/aws-eks/_examples/with_vpc/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.83" + version = "~> 6.33" } } } From c46e33a147de22f5ef47826ee9f89c98dc60ce76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 11:54:05 +0100 Subject: [PATCH 3/9] Bump EKS module version --- modules/aws-eks/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws-eks/main.tf b/modules/aws-eks/main.tf index 7ff74e62e..0f5697f38 100644 --- a/modules/aws-eks/main.tf +++ b/modules/aws-eks/main.tf @@ -15,7 +15,7 @@ locals { # EKS Cluster Configuration module "eks" { - version = "20.33.1" + version = "21.15.1" source = "terraform-aws-modules/eks/aws" cluster_name = var.cluster_name cluster_version = var.cluster_version From 2e261c8c0ce8892dc3bd0baa38245c967a4975b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 12:13:41 +0100 Subject: [PATCH 4/9] Update module version variables --- modules/aws-eks/README.md | 2 +- modules/aws-eks/main.tf | 54 +++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md index 8824cc6e1..bafe57f6b 100644 --- a/modules/aws-eks/README.md +++ b/modules/aws-eks/README.md @@ -140,7 +140,7 @@ The module is organized with the following directory and file structure: | Name | Source | Version | |------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 20.33.1 | +| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 21.15.1 | | [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 20.33.1 | ## Resources diff --git a/modules/aws-eks/main.tf b/modules/aws-eks/main.tf index 0f5697f38..6a6b5d5a5 100644 --- a/modules/aws-eks/main.tf +++ b/modules/aws-eks/main.tf @@ -15,31 +15,31 @@ locals { # EKS Cluster Configuration module "eks" { - version = "21.15.1" - source = "terraform-aws-modules/eks/aws" - cluster_name = var.cluster_name - cluster_version = var.cluster_version - cluster_endpoint_private_access = var.cluster_endpoint_private_access - cluster_endpoint_public_access = var.cluster_endpoint_public_access - cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days - vpc_id = data.aws_vpc.selected.id - subnet_ids = local.selected_subnet_ids - create_cluster_security_group = var.create_cluster_security_group - cluster_security_group_id = var.cluster_security_group_id - iam_role_arn = var.cluster_iam_role_arn - create_iam_role = var.create_cluster_iam_role - enable_irsa = var.enable_irsa - eks_managed_node_groups = local.node_groups_with_subnets - node_security_group_additional_rules = var.node_security_group_additional_rules - cluster_security_group_additional_rules = var.cluster_security_group_additional_rules - tags = var.tags - cluster_tags = merge(var.cluster_tags, var.tags) - cluster_addons = local.cluster_addons - create_kms_key = var.create_kms_key - cluster_encryption_config = var.cluster_encryption_config - access_entries = var.access_entries - fargate_profiles = var.fargate_profiles - create_cloudwatch_log_group = var.create_cloudwatch_log_group - cloudwatch_log_group_class = var.cloudwatch_log_group_class - cluster_enabled_log_types = var.create_cloudwatch_log_group ? var.enabled_log_types : [] + version = "21.15.1" + source = "terraform-aws-modules/eks/aws" + name = var.cluster_name + kubernetes_version = var.cluster_version + endpoint_private_access = var.cluster_endpoint_private_access + endpoint_public_access = var.cluster_endpoint_public_access + cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days + vpc_id = data.aws_vpc.selected.id + subnet_ids = local.selected_subnet_ids + create_security_group = var.create_cluster_security_group + security_group_id = var.cluster_security_group_id + iam_role_arn = var.cluster_iam_role_arn + create_iam_role = var.create_cluster_iam_role + enable_irsa = var.enable_irsa + eks_managed_node_groups = local.node_groups_with_subnets + node_security_group_additional_rules = var.node_security_group_additional_rules + security_group_additional_rules = var.cluster_security_group_additional_rules + tags = var.tags + cluster_tags = merge(var.cluster_tags, var.tags) + addons = local.cluster_addons + create_kms_key = var.create_kms_key + encryption_config = var.cluster_encryption_config + access_entries = var.access_entries + fargate_profiles = var.fargate_profiles + create_cloudwatch_log_group = var.create_cloudwatch_log_group + cloudwatch_log_group_class = var.cloudwatch_log_group_class + enabled_log_types = var.create_cloudwatch_log_group ? var.enabled_log_types : [] } From 6f1088b90c68884facf5f4923069dcee4f7cbf65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 12:19:59 +0100 Subject: [PATCH 5/9] Upgrade fargate_profiles definition --- modules/aws-eks/README.md | 2 +- modules/aws-eks/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md index bafe57f6b..cb8852fab 100644 --- a/modules/aws-eks/README.md +++ b/modules/aws-eks/README.md @@ -203,7 +203,7 @@ The module is organized with the following directory and file structure: | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | | [external\_dns\_role\_name](#input\_external\_dns\_role\_name) | IAM role name for external-dns. Leave null to auto-generate using the cluster name. For backward compatibility, set to 'external-dns-Kubernetes'. | `string` | `null` | no | | [externaldns\_tags](#input\_externaldns\_tags) | Tags to apply to the ExternalDNS IAM resources | `map(any)` | `{}` | no | -| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles | 
list(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `[]` | no | +| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles | 
map(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `{}` | no | | [node\_groups](#input\_node\_groups) | Define dynamically the different k8s node groups | `any` | `{}` | no | | [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | Additional rules to add to the node security group | `any` | n/a | yes | | [parameter\_store\_role\_name](#input\_parameter\_store\_role\_name) | IAM role name for Parameter Store. Leave null to auto-generate per cluster (format: iam\_role\_parameter\_store\_all-). For backward compatibility, use: iam\_role\_parameter\_store\_all. | `string` | `null` | no | diff --git a/modules/aws-eks/variables.tf b/modules/aws-eks/variables.tf index bcbb6153d..ee399a2df 100644 --- a/modules/aws-eks/variables.tf +++ b/modules/aws-eks/variables.tf @@ -137,7 +137,7 @@ variable "vpc_id" { variable "fargate_profiles" { description = "Define dynamically the different fargate profiles" - type = list(object({ + type = map(object({ name = string selectors = list(object({ namespace = string @@ -146,7 +146,7 @@ variable "fargate_profiles" { tags = map(string) })) - default = [] + default = {} } variable "node_security_group_additional_rules" { From 2a9367dee291b384ce4f199b1f586a7852d9e8c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 13:51:54 +0100 Subject: [PATCH 6/9] Update karpenter and revert change to fargate_profiles variable --- modules/aws-eks/README.md | 4 ++-- modules/aws-eks/karpenter.tf | 28 ++++++++-------------------- modules/aws-eks/locals.tf | 9 +++++++++ modules/aws-eks/main.tf | 2 +- modules/aws-eks/variables.tf | 7 +++---- 5 files changed, 23 insertions(+), 27 deletions(-) diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md index cb8852fab..3ad858999 100644 --- a/modules/aws-eks/README.md +++ b/modules/aws-eks/README.md @@ -141,7 +141,7 @@ The module is organized with the following directory and file structure: | Name | Source | Version | |------|--------|---------| | [eks](#module\_eks) | terraform-aws-modules/eks/aws | 21.15.1 | -| [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 20.33.1 | +| [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 21.0.0 | ## Resources @@ -203,7 +203,7 @@ The module is organized with the following directory and file structure: | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | | [external\_dns\_role\_name](#input\_external\_dns\_role\_name) | IAM role name for external-dns. Leave null to auto-generate using the cluster name. For backward compatibility, set to 'external-dns-Kubernetes'. | `string` | `null` | no | | [externaldns\_tags](#input\_externaldns\_tags) | Tags to apply to the ExternalDNS IAM resources | `map(any)` | `{}` | no | -| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles | 
map(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `{}` | no | +| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles (compatibilidad: lista, formato antiguo) | 
list(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `[]` | no | | [node\_groups](#input\_node\_groups) | Define dynamically the different k8s node groups | `any` | `{}` | no | | [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | Additional rules to add to the node security group | `any` | n/a | yes | | [parameter\_store\_role\_name](#input\_parameter\_store\_role\_name) | IAM role name for Parameter Store. Leave null to auto-generate per cluster (format: iam\_role\_parameter\_store\_all-). For backward compatibility, use: iam\_role\_parameter\_store\_all. | `string` | `null` | no | diff --git a/modules/aws-eks/karpenter.tf b/modules/aws-eks/karpenter.tf index 62cf903a5..f470405f3 100644 --- a/modules/aws-eks/karpenter.tf +++ b/modules/aws-eks/karpenter.tf @@ -1,30 +1,18 @@ module "karpenter" { count = var.enable_karpenter == true ? 1 : 0 - source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "20.33.1" + version = "21.0.0" cluster_name = var.cluster_name - iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile - create_iam_role = true - enable_v1_permissions = true - enable_irsa = true - - iam_role_use_name_prefix = false - iam_policy_use_name_prefix = true - node_iam_role_use_name_prefix = false - irsa_oidc_provider_arn = module.eks.oidc_provider_arn - irsa_namespace_service_accounts = ["karpenter:karpenter-sa"] - - # Since the node group role will already have an access entry - create_access_entry = true + iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile + create_iam_role = true + iam_role_use_name_prefix = false + iam_policy_use_name_prefix = true + create_access_entry = true node_iam_role_additional_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" Ec2ExtraPolicy = aws_iam_policy.iam_policy_extra_karpenter[0].arn } - - queue_name = format("karpenter-%s", var.cluster_name) - tags = var.tags - -} \ No newline at end of file + tags = var.tags +} diff --git a/modules/aws-eks/locals.tf b/modules/aws-eks/locals.tf index 4ee9e5f29..396f94a23 100644 --- a/modules/aws-eks/locals.tf +++ b/modules/aws-eks/locals.tf @@ -1,4 +1,13 @@ locals { + # Adaptar fargate_profiles de lista a mapa para el módulo oficial + fargate_profiles_map = { + for profile in var.fargate_profiles : + profile.name => { + name = profile.name + selectors = profile.selectors + tags = profile.tags + } + } # Get only two of the private subnets to create the cluster node_groups_with_subnets = { for group_name, group in var.node_groups : group_name => merge( diff --git a/modules/aws-eks/main.tf b/modules/aws-eks/main.tf index 6a6b5d5a5..c17371948 100644 --- a/modules/aws-eks/main.tf +++ b/modules/aws-eks/main.tf @@ -38,7 +38,7 @@ module "eks" { create_kms_key = var.create_kms_key encryption_config = var.cluster_encryption_config access_entries = var.access_entries - fargate_profiles = var.fargate_profiles + fargate_profiles = local.fargate_profiles_map create_cloudwatch_log_group = var.create_cloudwatch_log_group cloudwatch_log_group_class = var.cloudwatch_log_group_class enabled_log_types = var.create_cloudwatch_log_group ? var.enabled_log_types : [] diff --git a/modules/aws-eks/variables.tf b/modules/aws-eks/variables.tf index ee399a2df..00cd320f9 100644 --- a/modules/aws-eks/variables.tf +++ b/modules/aws-eks/variables.tf @@ -136,8 +136,8 @@ variable "vpc_id" { } variable "fargate_profiles" { - description = "Define dynamically the different fargate profiles" - type = map(object({ + description = "Define dynamically the different fargate profiles (compatibilidad: lista, formato antiguo)" + type = list(object({ name = string selectors = list(object({ namespace = string @@ -145,8 +145,7 @@ variable "fargate_profiles" { })) tags = map(string) })) - - default = {} + default = [] } variable "node_security_group_additional_rules" { From 7c45d6b5f8c60a2c90df6db234320ac6e8f4981f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 16:56:37 +0100 Subject: [PATCH 7/9] Change node group with subnets to keep the current interface --- modules/aws-eks/README.md | 2 +- modules/aws-eks/locals.tf | 18 ++++++++++++++++-- modules/aws-eks/variables.tf | 2 +- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/aws-eks/README.md b/modules/aws-eks/README.md index 3ad858999..3cc47c98d 100644 --- a/modules/aws-eks/README.md +++ b/modules/aws-eks/README.md @@ -203,7 +203,7 @@ The module is organized with the following directory and file structure: | [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | | [external\_dns\_role\_name](#input\_external\_dns\_role\_name) | IAM role name for external-dns. Leave null to auto-generate using the cluster name. For backward compatibility, set to 'external-dns-Kubernetes'. | `string` | `null` | no | | [externaldns\_tags](#input\_externaldns\_tags) | Tags to apply to the ExternalDNS IAM resources | `map(any)` | `{}` | no | -| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles (compatibilidad: lista, formato antiguo) | 
list(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `[]` | no | +| [fargate\_profiles](#input\_fargate\_profiles) | Define dynamically the different fargate profiles (compatibility list, old format) | 
list(object({
    name = string
    selectors = list(object({
      namespace = string
      labels    = map(string)
    }))
    tags = map(string)
  }))
| `[]` | no | | [node\_groups](#input\_node\_groups) | Define dynamically the different k8s node groups | `any` | `{}` | no | | [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | Additional rules to add to the node security group | `any` | n/a | yes | | [parameter\_store\_role\_name](#input\_parameter\_store\_role\_name) | IAM role name for Parameter Store. Leave null to auto-generate per cluster (format: iam\_role\_parameter\_store\_all-). For backward compatibility, use: iam\_role\_parameter\_store\_all. | `string` | `null` | no | diff --git a/modules/aws-eks/locals.tf b/modules/aws-eks/locals.tf index 396f94a23..35958fc35 100644 --- a/modules/aws-eks/locals.tf +++ b/modules/aws-eks/locals.tf @@ -8,10 +8,24 @@ locals { tags = profile.tags } } - # Get only two of the private subnets to create the cluster + # Adapt node_groups for EKS v21.x compatibility (retrocompatible) node_groups_with_subnets = { for group_name, group in var.node_groups : group_name => merge( - group, + { + # Si el usuario pasa pre_bootstrap_user_data, lo movemos a launch_template.user_data + launch_template = ( + contains(keys(group), "pre_bootstrap_user_data") ? merge( + lookup(group, "launch_template", {}), + { + user_data = group.pre_bootstrap_user_data + } + ) : ( + lookup(group, "launch_template", null) + ) + ) + }, + # Copiamos el resto de campos, pero quitamos pre_bootstrap_user_data y launch_template antiguos + { for k, v in group : k => v if !contains(["pre_bootstrap_user_data", "launch_template"], k) }, { subnet_ids = ( (lookup(group, "subnet_ids", null) != null) diff --git a/modules/aws-eks/variables.tf b/modules/aws-eks/variables.tf index 00cd320f9..4b349854d 100644 --- a/modules/aws-eks/variables.tf +++ b/modules/aws-eks/variables.tf @@ -136,7 +136,7 @@ variable "vpc_id" { } variable "fargate_profiles" { - description = "Define dynamically the different fargate profiles (compatibilidad: lista, formato antiguo)" + description = "Define dynamically the different fargate profiles (compatibility list, old format)" type = list(object({ name = string selectors = list(object({ From 871e7156e1fabc719a68be059fe9280561ad1127 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 17:46:25 +0100 Subject: [PATCH 8/9] Add default module options --- modules/aws-eks/karpenter.tf | 10 +++++----- modules/aws-eks/locals.tf | 25 ++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/modules/aws-eks/karpenter.tf b/modules/aws-eks/karpenter.tf index f470405f3..5b2052a22 100644 --- a/modules/aws-eks/karpenter.tf +++ b/modules/aws-eks/karpenter.tf @@ -5,11 +5,11 @@ module "karpenter" { version = "21.0.0" cluster_name = var.cluster_name - iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile - create_iam_role = true - iam_role_use_name_prefix = false - iam_policy_use_name_prefix = true - create_access_entry = true + iam_role_name = format("%s-karpenter-role", var.cluster_name) # Used to generate the instance profile + create_iam_role = true + iam_role_use_name_prefix = false + iam_policy_use_name_prefix = true + create_access_entry = true node_iam_role_additional_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" Ec2ExtraPolicy = aws_iam_policy.iam_policy_extra_karpenter[0].arn diff --git a/modules/aws-eks/locals.tf b/modules/aws-eks/locals.tf index 35958fc35..54328080e 100644 --- a/modules/aws-eks/locals.tf +++ b/modules/aws-eks/locals.tf @@ -8,6 +8,29 @@ locals { tags = profile.tags } } + + ######################################## + # Default EKS addons (vpc-cni, coredns, kube-proxy) + ######################################## + default_cluster_addons = { + vpc-cni = { + # Use the recommended version for your EKS version, update if needed + resolve_conflicts = "OVERWRITE" + } + coredns = { + resolve_conflicts = "OVERWRITE" + } + kube-proxy = { + resolve_conflicts = "OVERWRITE" + } + } + + # If the user defines cluster_addons, use them. Otherwise, use the defaults. + cluster_addons = ( + length(var.cluster_addons) > 0 ? var.cluster_addons : local.default_cluster_addons + ) + + # Adapt node_groups for EKS v21.x compatibility (retrocompatible) node_groups_with_subnets = { for group_name, group in var.node_groups : group_name => merge( @@ -19,7 +42,7 @@ locals { { user_data = group.pre_bootstrap_user_data } - ) : ( + ) : ( lookup(group, "launch_template", null) ) ) From 149a9af7cddd5159da639f4fc4b7571b7ba43aa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Gonz=C3=A1lez?= Date: Thu, 19 Feb 2026 18:12:37 +0100 Subject: [PATCH 9/9] Remove duplicates and add debug output --- modules/aws-eks/locals.tf | 22 ---------------------- modules/aws-eks/outputs.tf | 5 +++++ 2 files changed, 5 insertions(+), 22 deletions(-) diff --git a/modules/aws-eks/locals.tf b/modules/aws-eks/locals.tf index 54328080e..4089ece9e 100644 --- a/modules/aws-eks/locals.tf +++ b/modules/aws-eks/locals.tf @@ -9,28 +9,6 @@ locals { } } - ######################################## - # Default EKS addons (vpc-cni, coredns, kube-proxy) - ######################################## - default_cluster_addons = { - vpc-cni = { - # Use the recommended version for your EKS version, update if needed - resolve_conflicts = "OVERWRITE" - } - coredns = { - resolve_conflicts = "OVERWRITE" - } - kube-proxy = { - resolve_conflicts = "OVERWRITE" - } - } - - # If the user defines cluster_addons, use them. Otherwise, use the defaults. - cluster_addons = ( - length(var.cluster_addons) > 0 ? var.cluster_addons : local.default_cluster_addons - ) - - # Adapt node_groups for EKS v21.x compatibility (retrocompatible) node_groups_with_subnets = { for group_name, group in var.node_groups : group_name => merge( diff --git a/modules/aws-eks/outputs.tf b/modules/aws-eks/outputs.tf index a7c2fb036..464ee7c73 100644 --- a/modules/aws-eks/outputs.tf +++ b/modules/aws-eks/outputs.tf @@ -112,3 +112,8 @@ output "debug" { description = "Debug information for mixed addons" value = local.mixed_addons } + +output "debug_cluster_addons" { + description = "Debug: cluster_addons local value passed to EKS module" + value = local.cluster_addons +}