Young-ook · Young-ook · Dec 31, 2021 · Dec 7, 2021 · Dec 8, 2021 · Dec 8, 2021
diff --git a/defaults.tf b/defaults.tf
@@ -0,0 +1,13 @@
+### default values
+
+locals {
+  default_eks_config = {
+    ami_type      = "AL2_x86_64"
+    instance_type = "t3.medium"
+  }
+  default_bottlerocket_config = {
+    admin_container_enabled      = false
+    admin_container_superpowered = false
+    admin_container_source       = ""
+  }
+}
diff --git a/examples/bottlerocket/README.md b/examples/bottlerocket/README.md
@@ -21,6 +21,17 @@ terraform plan -var-file tc1.tfvars
 terraform apply -var-file tc1.tfvars
 ```
 
+## Launch Bottlerocket managed node group
+You can configure an AMI type for your (aws managed or self managed) node groups. For GPU instance types, you can set the `ami_type` parameter in the node group definition. GPU instance types should use the AL2_x86_64_GPU for its ami type or Non-GPU instances should use the AL2_x86_64. And ARM architecture based instance should use AL2_ARM_64.
+
+Possible values:
+- AL2_x86_64
+- AL2_x86_64_GPU
+- AL2_ARM_64
+- CUSTOM
+- BOTTLEROCKET_ARM_64
+- BOTTLEROCKET_x86_64
+
 ## Clean up
 To remove all infrastrcuture, run terraform:
 ```sh

diff --git a/examples/bottlerocket/default.auto.tfvars b/examples/bottlerocket/default.auto.tfvars
@@ -9,6 +9,15 @@ node_groups = [
   {
     name          = "bottlerocket"
     instance_type = "t3.small"
-    ami_type      = "BR_x86_64"
+    ami_type      = "BOTTLEROCKET_x86_64"
   },
 ]
+
+
+# allowed values for 'ami_type'
+#  - AL2_x86_64
+#  - AL2_x86_64_GPU
+#  - AL2_ARM_64
+#  - CUSTOM
+#  - BOTTLEROCKET_ARM_64
+#  - BOTTLEROCKET_x86_64
diff --git a/examples/bottlerocket/tc1.tfvars → examples/bottlerocket/fixture.tc1.tfvars b/examples/bottlerocket/tc1.tfvars → examples/bottlerocket/fixture.tc1.tfvars
@@ -14,7 +14,7 @@ managed_node_groups = [
     desired_size  = 1
     instance_type = "t3.small"
     ami_type      = "AL2_x86_64"
-  }
+  },
 ]
 node_groups = [
   {
@@ -29,7 +29,7 @@ node_groups = [
   {
     name          = "bottlerocket"
     instance_type = "t3.small"
-    ami_type      = "BR_x86_64"
+    ami_type      = "BOTTLEROCKET_x86_64"
   },
   {
     name          = "al2-gpu"
@@ -40,5 +40,5 @@ node_groups = [
     name          = "al2-arm"
     instance_type = "m6g.medium"
     ami_type      = "AL2_ARM_64"
-  }
+  },
 ]
diff --git a/examples/bottlerocket/fixture.tc2.tfvars b/examples/bottlerocket/fixture.tc2.tfvars
@@ -0,0 +1,32 @@
+aws_region = "ap-northeast-2"
+name       = "eks-bottlerocket-tc2"
+tags = {
+  env  = "dev"
+  test = "tc2"
+}
+kubernetes_version = "1.21"
+enable_ssm         = true
+managed_node_groups = [
+  {
+    name          = "bottlerocket-x86"
+    instance_type = "t3.small"
+    ami_type      = "BOTTLEROCKET_x86_64"
+  },
+  {
+    name          = "bottlerocket-arm"
+    instance_type = "m6g.medium"
+    ami_type      = "BOTTLEROCKET_ARM_64"
+  },
+]
+node_groups = [
+  {
+    name          = "bottlerocket-x86"
+    instance_type = "t3.small"
+    ami_type      = "BOTTLEROCKET_x86_64"
+  },
+  {
+    name          = "bottlerocket-arm"
+    instance_type = "m6g.medium"
+    ami_type      = "BOTTLEROCKET_ARM_64"
+  },
+]
diff --git a/examples/bottlerocket/main.tf b/examples/bottlerocket/main.tf
@@ -2,6 +2,12 @@
 
 terraform {
   required_version = "~> 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.64"
+    }
+  }
 }
 
 provider "aws" {

diff --git a/main.tf b/main.tf
@@ -110,30 +110,20 @@ data "aws_ami" "eks" {
   most_recent = true
 
   filter {
-    name   = "name"
-    values = [format(length(regexall("ARM|GPU$", lookup(each.value, "ami_type", "AL2_x86_64"))) > 0 ? "amazon-eks-*-node-%s-*" : "amazon-eks-node-%s-*", var.kubernetes_version)]
+    name = "name"
+    values = [
+      format(length(regexall("^AL2", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ?
+        (length(regexall("ARM|GPU$", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ? "amazon-eks-*-node-%s-*" : "amazon-eks-node-%s-*") :
+        (length(regexall("^BOTTLEROCKET", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ? "bottlerocket-aws-k8s-%s-*" : "amazon-eks-node-%s-*")
+      , var.kubernetes_version)
+    ]
   }
   filter {
     name   = "architecture"
     values = [length(regexall("ARM", lookup(each.value, "ami_type", "AL2_x86_64"))) > 0 ? "arm64" : "x86_64"]
   }
 }
 
-data "aws_ami" "br" {
-  for_each    = { for ng in var.node_groups : ng.name => ng }
-  owners      = ["amazon"]
-  most_recent = true
-
-  filter {
-    name   = "name"
-    values = [format("bottlerocket-aws-k8s-%s-*", var.kubernetes_version)]
-  }
-  filter {
-    name   = "architecture"
-    values = [length(regexall("ARM", lookup(each.value, "ami_type", "BR_x86_64"))) > 0 ? "arm64" : "x86_64"]
-  }
-}
-
 data "template_cloudinit_config" "ng" {
   for_each      = { for ng in var.node_groups : ng.name => ng }
   base64_encode = true
@@ -158,25 +148,31 @@ data "template_cloudinit_config" "ng" {
 }
 
 data "template_file" "br" {
-  for_each = { for ng in var.node_groups : ng.name => ng }
   template = file("${path.module}/templates/bottlerocket.tpl")
   vars = {
     cluster_name                 = aws_eks_cluster.cp.name
     cluster_endpoint             = aws_eks_cluster.cp.endpoint
     cluster_ca_data              = aws_eks_cluster.cp.certificate_authority.0.data
-    admin_container_enabled      = false
-    admin_container_superpowered = false
-    admin_container_source       = ""
+    admin_container_enabled      = lookup(var.bottlerocket_config, "admin_container_enabled", local.default_bottlerocket_config.admin_container_enabled)
+    admin_container_superpowered = lookup(var.bottlerocket_config, "admin_container_superpowered", local.default_bottlerocket_config.admin_container_superpowered)
+    admin_container_source       = lookup(var.bottlerocket_config, "admin_container_source", local.default_bottlerocket_config.admin_container_source)
+    control_container_enabled    = var.enable_ssm
   }
 }
 
 resource "aws_launch_template" "ng" {
   for_each      = { for ng in var.node_groups : ng.name => ng }
   name          = format("eks-%s", uuid())
   tags          = merge(local.default-tags, local.eks-tag, var.tags)
-  image_id      = length(regexall("^AL2", lookup(each.value, "ami_type", "AL2_x86_64"))) > 0 ? data.aws_ami.eks[each.key].id : data.aws_ami.br[each.key].id
-  user_data     = base64encode(length(regexall("^AL2", lookup(each.value, "ami_type", "AL2_x86_64"))) > 0 ? data.template_cloudinit_config.ng[each.key].rendered : data.template_file.br[each.key].rendered)
-  instance_type = lookup(each.value, "instance_type", "t3.medium")
+  image_id      = data.aws_ami.eks[each.key].id
+  instance_type = lookup(each.value, "instance_type", local.default_eks_config.instance_type)
+  user_data = (
+    length(regexall("^AL2", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ?
+    data.template_cloudinit_config.ng[each.key].rendered :
+    length(regexall("^BOTTLEROCKET", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ?
+    base64encode(data.template_file.br.rendered) :
+    data.template_cloudinit_config.ng[each.key].rendered
+  )
 
   iam_instance_profile {
     arn = aws_iam_instance_profile.ng.0.arn
@@ -306,10 +302,16 @@ data "template_cloudinit_config" "mng" {
 }
 
 resource "aws_launch_template" "mng" {
-  for_each  = { for ng in var.managed_node_groups : ng.name => ng }
-  name      = format("eks-%s", uuid())
-  tags      = merge(local.default-tags, local.eks-tag, var.tags)
-  user_data = data.template_cloudinit_config.mng[each.key].rendered
+  for_each = { for ng in var.managed_node_groups : ng.name => ng }
+  name     = format("eks-%s", uuid())
+  tags     = merge(local.default-tags, local.eks-tag, var.tags)
+  user_data = (
+    length(regexall("^AL2", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ?
+    data.template_cloudinit_config.mng[each.key].rendered :
+    length(regexall("^BOTTLEROCKET", lookup(each.value, "ami_type", local.default_eks_config.ami_type))) > 0 ?
+    base64encode(data.template_file.br.rendered) :
+    data.template_cloudinit_config.mng[each.key].rendered
+  )
 
   block_device_mappings {
     device_name = "/dev/xvda"
@@ -337,8 +339,8 @@ resource "aws_eks_node_group" "ng" {
   node_group_name = join("-", [aws_eks_cluster.cp.name, each.key])
   node_role_arn   = aws_iam_role.ng.0.arn
   subnet_ids      = local.subnet_ids
-  ami_type        = lookup(each.value, "ami_type", "AL2_x86_64") # available values ["AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64"]
-  instance_types  = [lookup(each.value, "instance_type", "m5.xlarge")]
+  ami_type        = lookup(each.value, "ami_type", local.default_eks_config.ami_type)
+  instance_types  = [lookup(each.value, "instance_type", local.default_eks_config.instance_type)]
   version         = aws_eks_cluster.cp.version
   tags            = merge(local.default-tags, var.tags)
 

diff --git a/templates/bottlerocket.tpl b/templates/bottlerocket.tpl
@@ -9,3 +9,6 @@ superpowered = ${admin_container_superpowered}
 %{ if admin_container_source != "" }
 source = "${admin_container_source}"
 %{ endif }
+
+[settings.host-containers.control]
+enabled = ${control_container_enabled}
diff --git a/variables.tf b/variables.tf
@@ -45,6 +45,11 @@ variable "enable_ssm" {
   default     = false
 }
 
+variable "bottlerocket_config" {
+  description = "Bottlerocket OS configuration"
+  default     = {}
+}
+
 ### security
 variable "policy_arns" {
   description = "A list of policy ARNs to attach the node groups role"