Fixed the issue with terraform plan when you plan both controllers an…

…d node at the same time
jecnua · Sep 6, 2023 · da1286b · da1286b
1 parent cc3d205
commit da1286b
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,6 @@
+fmt-all:
+	terraform fmt -recursive modules/nodes/*.tf
+	terraform fmt -recursive modules/controllers/*.tf
+
+checks: # 59
+	tfsec .
diff --git a/modules/controllers/00-variables_defaults.tf b/modules/controllers/00-variables_defaults.tf
@@ -125,7 +125,7 @@ variable "health_check_grace_period" {
   default     = "300"
 }
 
-variable "authorization_mode"{
+variable "authorization_mode" {
   type        = string
   description = "API server authorization modes: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#authorization-modules"
   default     = "Node,RBAC"

diff --git a/modules/nodes/00-variables_required_inputs.tf b/modules/nodes/00-variables_required_inputs.tf
@@ -14,11 +14,18 @@ variable "k8s_workers_num_nodes" {
 }
 
 variable "nodes_cri_bootstrap" {
-  type = string
+  type        = string
+  description = "The CRI to use for this node."
 }
 
 variable "private_subnets" {
-  type = list(string)
+  type        = list(string)
+  description = "The list of all possible subnets IDS controllers and nodes may be created into"
+}
+
+variable "private_subnets_cidr" {
+  type        = list(string)
+  description = "The list of all possible subnets CIDR controllers and nodes may be created into"
 }
 
 variable "nodes_config_bundle" {
@@ -31,4 +38,5 @@ variable "nodes_config_bundle" {
     secret_arn              = string
     lb_dns                  = string
   })
+  description = "Map which containes all the data requires to spin up and attach a node to a set of controllers. It is an output of the controller module."
 }
diff --git a/modules/nodes/02-locals.tf b/modules/nodes/02-locals.tf
@@ -20,10 +20,11 @@ locals {
   )
 }
 
-data "aws_subnet" "target" {
-  for_each = toset(var.private_subnets)
-  id       = each.value
-}
+# This won't work with an output with unknown data. Until I solve this, I am asking for a new variable
+# data "aws_subnet" "target" {
+#   for_each = toset(var.private_subnets)
+#   id       = each.value
+# }
 
 resource "null_resource" "tags_as_list_of_maps" {
   count = length(keys(local.tags_as_map))

diff --git a/modules/nodes/07-sg.tf b/modules/nodes/07-sg.tf
@@ -63,6 +63,6 @@ resource "aws_security_group_rule" "allow_kubelet_port_from_internal_subnets" {
   from_port         = 10250
   to_port           = 10250
   protocol          = "TCP"
-  cidr_blocks       = values(data.aws_subnet.target).*.cidr_block
+  cidr_blocks       = var.private_subnets_cidr
   security_group_id = aws_security_group.k8s_workers_node_sg.id
 }
diff --git a/modules/nodes/CHANGELOG.md b/modules/nodes/CHANGELOG.md
@@ -6,6 +6,8 @@ DO NOT USE 7.0.0. Use this version instead.
 
 ### Breaking changes
 
+- New variable private_subnets_cidr is required. This list contains all the CIDR controllers and nodes MAY be spinned into to allow access to ports. Temporary until I find a better way which works with datasources outputs.
+
 ### Features & Changes
 
 - Creating a new configmap in kube-system to allow the configuration of metric-server https://github.com/kubernetes-sigs/metrics-server/blob/master/KNOWN_ISSUES.md#incorrectly-configured-front-proxy-certificate