Skip to content

Commit eda8a0a

Browse files
Benbentwoclaude
andcommitted
refactor: rename Auto Mode variables with auto_mode_ prefix
Rename compute_config -> auto_mode_compute_config, storage_config -> auto_mode_storage_config, elastic_load_balancing -> auto_mode_elastic_load_balancing for clarity. Also add EKS Auto Mode section to README. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 7f4d7b3 commit eda8a0a

4 files changed

Lines changed: 120 additions & 11 deletions

File tree

.terraform.lock.hcl

Lines changed: 45 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

README.md

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -327,7 +327,71 @@ Module usage with two unmanaged worker groups:
327327
> you're using. This practice ensures the stability of your infrastructure. Additionally, we recommend implementing a systematic
328328
> approach for updating versions to avoid unexpected changes.
329329
330+
## EKS Auto Mode
330331

332+
This module supports [EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html) (GA December 2024),
333+
which delegates compute, networking, and storage management to AWS. Enable it using the `auto_mode_compute_config`,
334+
`auto_mode_storage_config`, and `auto_mode_elastic_load_balancing` variables.
335+
336+
### Enabling Auto Mode
337+
338+
```hcl
339+
module "eks_cluster" {
340+
source = "cloudposse/eks-cluster/aws"
341+
# version = "..."
342+
343+
auto_mode_compute_config = {
344+
enabled = true
345+
node_pools = ["general-purpose", "system"]
346+
node_role_arn = aws_iam_role.auto_mode_node.arn
347+
}
348+
349+
auto_mode_storage_config = {
350+
block_storage = {
351+
enabled = true
352+
}
353+
}
354+
355+
auto_mode_elastic_load_balancing = {
356+
enabled = true
357+
}
358+
359+
# ... other configuration
360+
}
361+
```
362+
363+
When Auto Mode is enabled, this module automatically:
364+
- Sets `bootstrap_self_managed_addons = false` (unless explicitly overridden)
365+
- Adds `sts:TagSession` to the cluster IAM role trust policy
366+
- Attaches 4 additional IAM policies to the cluster role: `AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`,
367+
`AmazonEKSLoadBalancingPolicy`, and `AmazonEKSNetworkingPolicy`
368+
369+
### Capabilities
370+
371+
All three capabilities must be enabled or disabled together:
372+
373+
| Capability | Variable | What AWS Manages |
374+
|-----------|----------|-----------------|
375+
| **Compute** | `auto_mode_compute_config` | Node provisioning via managed Karpenter |
376+
| **Storage** | `auto_mode_storage_config` | EBS volumes via `ebs.csi.eks.amazonaws.com` |
377+
| **Networking** | `auto_mode_elastic_load_balancing` | ALB/NLB for Services and Ingress |
378+
379+
### Important Notes
380+
381+
- Requires AWS provider `>= 5.79.0` and Kubernetes `>= 1.29`
382+
- Auto Mode manages `vpc-cni`, `kube-proxy`, `coredns`, and `aws-ebs-csi-driver` add-ons automatically.
383+
Do not include these in the `addons` variable when Auto Mode is enabled.
384+
- Auto Mode nodes are Bottlerocket-only, immutable, with no SSH/IMDS access
385+
- Nodes have a 21-day maximum lifetime and are automatically rotated
386+
- The `node_role_arn` in `auto_mode_compute_config` must be an IAM role with
387+
`AmazonEKSWorkerNodeMinimalPolicy` and `AmazonEC2ContainerRegistryPullOnly` attached
388+
389+
### Cluster Version Upgrades
390+
391+
With Auto Mode, Kubernetes version upgrades are simplified:
392+
1. Bump `kubernetes_version` and apply -- control plane upgrades in place
393+
2. Managed Karpenter detects version drift and automatically replaces nodes
394+
3. Auto Mode-managed add-ons are automatically upgraded to compatible versions
331395

332396

333397

main.tf

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,9 @@ locals {
1717

1818
# EKS Auto Mode
1919
auto_mode_flags = [
20-
var.compute_config.enabled,
21-
var.storage_config.block_storage.enabled,
22-
var.elastic_load_balancing.enabled,
20+
var.auto_mode_compute_config.enabled,
21+
var.auto_mode_storage_config.block_storage.enabled,
22+
var.auto_mode_elastic_load_balancing.enabled,
2323
]
2424
auto_mode_all_enabled = alltrue(local.auto_mode_flags)
2525
auto_mode_all_disabled = !anytrue(local.auto_mode_flags)
@@ -120,12 +120,12 @@ resource "aws_eks_cluster" "default" {
120120

121121
# IPv4 kubernetes_network_config: render when service_ipv4_cidr is set or ELB is enabled (and not IPv6)
122122
dynamic "kubernetes_network_config" {
123-
for_each = !local.use_ipv6 && (var.service_ipv4_cidr != null || var.elastic_load_balancing.enabled) ? [true] : []
123+
for_each = !local.use_ipv6 && (var.service_ipv4_cidr != null || var.auto_mode_elastic_load_balancing.enabled) ? [true] : []
124124
content {
125125
service_ipv4_cidr = var.service_ipv4_cidr
126126

127127
dynamic "elastic_load_balancing" {
128-
for_each = var.elastic_load_balancing.enabled ? [true] : []
128+
for_each = var.auto_mode_elastic_load_balancing.enabled ? [true] : []
129129
content {
130130
enabled = true
131131
}
@@ -140,7 +140,7 @@ resource "aws_eks_cluster" "default" {
140140
ip_family = "ipv6"
141141

142142
dynamic "elastic_load_balancing" {
143-
for_each = var.elastic_load_balancing.enabled ? [true] : []
143+
for_each = var.auto_mode_elastic_load_balancing.enabled ? [true] : []
144144
content {
145145
enabled = true
146146
}
@@ -186,7 +186,7 @@ resource "aws_eks_cluster" "default" {
186186

187187
# EKS Auto Mode configuration
188188
dynamic "compute_config" {
189-
for_each = var.compute_config.enabled ? [var.compute_config] : []
189+
for_each = var.auto_mode_compute_config.enabled ? [var.auto_mode_compute_config] : []
190190
content {
191191
enabled = true
192192
node_pools = compute_config.value.node_pools
@@ -195,7 +195,7 @@ resource "aws_eks_cluster" "default" {
195195
}
196196

197197
dynamic "storage_config" {
198-
for_each = var.storage_config.block_storage.enabled ? [var.storage_config] : []
198+
for_each = var.auto_mode_storage_config.block_storage.enabled ? [var.auto_mode_storage_config] : []
199199
content {
200200
block_storage {
201201
enabled = true

variables.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -206,7 +206,7 @@ variable "bootstrap_self_managed_addons_enabled" {
206206
default = null
207207
}
208208

209-
variable "compute_config" {
209+
variable "auto_mode_compute_config" {
210210
description = <<-EOT
211211
EKS Auto Mode compute configuration. When enabled, AWS manages node
212212
provisioning via managed Karpenter.
@@ -220,7 +220,7 @@ variable "compute_config" {
220220
nullable = false
221221
}
222222

223-
variable "storage_config" {
223+
variable "auto_mode_storage_config" {
224224
description = <<-EOT
225225
EKS Auto Mode storage configuration. When block_storage is enabled,
226226
AWS manages EBS volumes via the ebs.csi.eks.amazonaws.com provisioner.
@@ -234,7 +234,7 @@ variable "storage_config" {
234234
nullable = false
235235
}
236236

237-
variable "elastic_load_balancing" {
237+
variable "auto_mode_elastic_load_balancing" {
238238
description = <<-EOT
239239
EKS Auto Mode elastic load balancing configuration. When enabled,
240240
AWS manages ALB/NLB creation for Services and Ingress resources.

0 commit comments

Comments
 (0)