terraform-aws-eks
terraform-aws-eks copied to clipboard
terraform-aws-modules
Launch template block_device_mapping not working
Description
I have EKS on version "18.29.0" and need to upgrade to the latest. I created launch template:
resource "aws_launch_template" "play_k8s_apps" {
name_prefix = "play-k8s-apps-"
image_id = "ami-04bf865d65956a33a"
disable_api_termination = false
disable_api_stop = false
update_default_version = true
block_device_mappings {
device_name = "/dev/xvda"
ebs {
volume_size = 30 # size in GiB
volume_type = "gp2"
delete_on_termination = true
}
}
tag_specifications {
resource_type = "instance"
tags = {
"Environment" = "play"
"Name" = "play-k8s-apps"
}
}
tag_specifications {
resource_type = "network-interface"
tags = {
"Environment" = "play"
"Name" = "play-k8s-apps"
}
}
tag_specifications {
resource_type = "volume"
tags = {
"Environment" = "play"
"Name" = "play-k8s-apps"
}
}
metadata_options {
http_endpoint = "enabled"
http_protocol_ipv6 = "disabled"
http_put_response_hop_limit = 2
http_tokens = "required"
instance_metadata_tags = "disabled"
}
monitoring {
enabled = true
}
vpc_security_group_ids = [
"sg-043d6a926f1686b35"
]
tags_all = {
"Environment" = "play"
}
}
Also my AWS EKS cluster:
module "smg_auto_play_eks" {
source = "terraform-aws-modules/eks/aws"
version = "19.15.3"
cluster_name = "smg-auto-play"
cluster_version = "1.25"
cluster_endpoint_private_access = true
cluster_endpoint_public_access = true
create_kms_key = false
cluster_encryption_config = {
provider_key_arn = aws_kms_key.smg_auto_play_eks.arn
resources = ["secrets"]
}
vpc_id = module.smg_auto_play_vpc.vpc_id
subnet_ids = module.smg_auto_play_vpc.private_subnets
node_security_group_additional_rules = {
ingress_self_all = {
description = "Node to node all ports/protocols"
protocol = "-1"
from_port = 0
to_port = 0
type = "ingress"
self = true
}
egress_all = {
description = "Node all egress"
protocol = "-1"
from_port = 0
to_port = 0
type = "egress"
cidr_blocks = [var.default_route]
ipv6_cidr_blocks = ["::/0"]
}
}
eks_managed_node_groups = {
play-k8s-apps-2 = {
use_custom_launch_template = true
launch_template = {
id = aws_launch_template.play_k8s_apps.id
version = aws_launch_template.play_k8s_apps.latest_version
}
min_size = 2
max_size = 2
desired_size = 2
instance_types = ["t3.small"]
}
}
# aws-auth configmap
manage_aws_auth_configmap = true
aws_auth_roles = [
{
rolearn = "arn:aws:iam::994442530941:role/AWSReservedSSO_AWSAdministratorAccess_7943eed9a8407aaa"
username = "AWSReservedSSO_AWSAdministratorAccess_7943eed9a8407aaa"
groups = ["system:masters"]
},
{
rolearn = "arn:aws:iam::994442530941:role/AWSReservedSSO_AutomotiveplayDeveloper_04492fefd2dc7279"
username = "AWSReservedSSO_AutomotivePlayDeveloper_04492fefd2dc7279"
groups = ["developers"]
}
]
aws_auth_users = [
{
userarn = "arn:aws:iam::994442530941:user/ga-terraform-access"
username = "ga-terraform-access"
groups = ["system:masters"]
}
]
tags = {
Environment = var.environment
}
}
But it creates only resources with tags, not instances with 30gb, instead with default one with 20gb. Is there some solution ?
I'm having the same issue using version 19.15.3
Relevant parts:
module "eks" {
source = "registry.terraform.io/terraform-aws-modules/eks/aws"
version = "19.15.3"
...
eks_managed_node_groups = {
karpenter = {
block_device_mappings = {
xvda = {
volume_size = 75
volume_type = "gp3"
iops = 3000
throughput = 125
encrypted = true
kms_key_id = aws_kms_key.ebs.arn
delete_on_termination = true
...
Your block_device_mappings should be working with this approach :
...
eks_managed_node_group_defaults = {
block_device_mappings = {
xvda = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp3"
volume_size = 100
}
}
}
}
...
I had a similar issue, and this does indeed solve the issue. Maybe it's worth changing the defaults processing code here (https://github.com/terraform-aws-modules/terraform-aws-eks/blob/666603b6e531140d5d8fbd777cd90a7fbb8247dd/modules/eks-managed-node-group/main.tf#L43) to not accept null by default, as it will cause the provider to complain. If device_name is required, then it's easier to avoid confusion from the tf users' point of view.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
just coming back around to this - so I don't think there is anything we can do here
The device_name is optional - but what I suspect folks are running into is that they want the root volume to be changed based on these configs provided. In order for that to take place, you need to match the device name in your config with the device name of the AMI's root volume
However this will vary, and some AMIs have multiple volumes (i.e. - Bottlerocket has a root volume and a separate data volume on the AMI they provided). So with that, I don't see any code changes that we can or will make here for this, but if I am missing something, please let me know
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.