truefoundry · dunefro · Nov 22, 2024 · Nov 21, 2024 · Nov 21, 2024 · Nov 21, 2024
diff --git a/README.md b/README.md
@@ -11,7 +11,9 @@ Truefoundry EKS Module
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.57 |
 
 ## Modules
 
@@ -22,7 +24,9 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 
 ## Inputs
 
@@ -45,13 +49,17 @@ No resources.
 | <a name="input_cluster_endpoint_private_access"></a> [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Indicates whether or not the Amazon EKS private API server endpoint is enabled | `bool` | `true` | no |
 | <a name="input_cluster_endpoint_public_access"></a> [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Indicates whether or not the Amazon EKS public API server endpoint is enabled | `bool` | `true` | no |
 | <a name="input_cluster_endpoint_public_access_cidrs"></a> [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. If use\_existing\_cluster is set to true, cluster\_name will be used to fetch details only | `string` | n/a | yes |
 | <a name="input_cluster_security_group_additional_rules"></a> [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | `any` | `{}` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | EKS cluster version | `string` | `"1.30"` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
 | <a name="input_eks_managed_node_group_defaults"></a> [eks\_managed\_node\_group\_defaults](#input\_eks\_managed\_node\_group\_defaults) | Managed node group defaults | `any` | `{}` | no |
 | <a name="input_enable_cluster_log"></a> [enable\_cluster\_log](#input\_enable\_cluster\_log) | Enable cluster control plane logs | `bool` | `true` | no |
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
+| <a name="input_existing_cluster_node_role_arn"></a> [existing\_cluster\_node\_role\_arn](#input\_existing\_cluster\_node\_role\_arn) | IAM node role ARN for an existing cluster. This will only be used when use\_existing\_cluster is true | `string` | `""` | no |
+| <a name="input_existing_cluster_node_security_group_id"></a> [existing\_cluster\_node\_security\_group\_id](#input\_existing\_cluster\_node\_security\_group\_id) | Node security group for an existing cluster. This will only be used when use\_existing\_cluster is true. | `string` | `""` | no |
+| <a name="input_existing_cluster_oidc_issuer_arn"></a> [existing\_cluster\_oidc\_issuer\_arn](#input\_existing\_cluster\_oidc\_issuer\_arn) | OIDC issuer ARN for an existing cluster. This will only be used when use\_existing\_cluster is true. | `string` | `""` | no |
+| <a name="input_existing_cluster_oidc_issuer_url"></a> [existing\_cluster\_oidc\_issuer\_url](#input\_existing\_cluster\_oidc\_issuer\_url) | OIDC issuer URL for an existing cluster. This will only be used when use\_existing\_cluster is true. | `string` | `""` | no |
 | <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `map(string)` | `{}` | no |
 | <a name="input_inital_node_pool_capacity_type"></a> [inital\_node\_pool\_capacity\_type](#input\_inital\_node\_pool\_capacity\_type) | capacity type for the initial node pool | `string` | `"SPOT"` | no |
 | <a name="input_initial_node_pool_ami_type"></a> [initial\_node\_pool\_ami\_type](#input\_initial\_node\_pool\_ami\_type) | AMI type for the initial node pool | `string` | `"AL2023_x86_64_STANDARD"` | no |
@@ -81,6 +89,7 @@ No resources.
 | <a name="input_self_managed_node_groups"></a> [self\_managed\_node\_groups](#input\_self\_managed\_node\_groups) | Map of self-managed node group definitions to create | `any` | `{}` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_use_existing_cluster"></a> [use\_existing\_cluster](#input\_use\_existing\_cluster) | Flag to use an existing cluster. If this is true, a new EKS cluster will not be created | `bool` | `false` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where the cluster and its nodes will be provisioned | `string` | `null` | no |
 
 ## Outputs
@@ -110,6 +119,7 @@ No resources.
 | <a name="output_fargate_profiles"></a> [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created |
 | <a name="output_node_security_group_arn"></a> [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group |
 | <a name="output_node_security_group_id"></a> [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group |
-| <a name="output_oidc_provider_arn"></a> [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` |
+| <a name="output_oidc_provider_arn"></a> [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider |
 | <a name="output_self_managed_node_groups"></a> [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created |
+| <a name="output_use_existing_cluster"></a> [use\_existing\_cluster](#output\_use\_existing\_cluster) | Flag to check if you are using an already existing cluster |
 <!-- END_TF_DOCS -->
diff --git a/data.tf b/data.tf
@@ -0,0 +1,7 @@
+data "aws_eks_cluster" "eks_cluster" {
+  count = var.use_existing_cluster ? 1 : 0
+  name  = var.cluster_name
+}
+
+# To do
+# apply data block for openid_connect_provider to fetch openid arn directly using eks cluster oidc[0].issuer[0].url
diff --git a/eks.tf b/eks.tf
@@ -3,6 +3,7 @@
 ###################################################################################
 
 module "aws-eks-kubernetes-cluster" {
+  count                                 = var.use_existing_cluster ? 0 : 1
   source                                = "terraform-aws-modules/eks/aws"
   version                               = "v20.17.2"
   cluster_name                          = var.cluster_name

diff --git a/eks_addons.tf b/eks_addons.tf
@@ -3,13 +3,14 @@
 ###################################################################################
 
 module "eks_blueprints_addons" {
+  count   = var.use_existing_cluster ? 0 : 1
   source  = "aws-ia/eks-blueprints-addons/aws"
   version = "1.16.3"
 
-  cluster_name      = module.aws-eks-kubernetes-cluster.cluster_name
-  cluster_endpoint  = module.aws-eks-kubernetes-cluster.cluster_endpoint
-  cluster_version   = module.aws-eks-kubernetes-cluster.cluster_version
-  oidc_provider_arn = module.aws-eks-kubernetes-cluster.oidc_provider_arn
+  cluster_name      = module.aws-eks-kubernetes-cluster[0].cluster_name
+  cluster_endpoint  = module.aws-eks-kubernetes-cluster[0].cluster_endpoint
+  cluster_version   = module.aws-eks-kubernetes-cluster[0].cluster_version
+  oidc_provider_arn = module.aws-eks-kubernetes-cluster[0].oidc_provider_arn
 
   eks_addons = {
     coredns = {

diff --git a/locals.tf b/locals.tf
@@ -104,4 +104,26 @@ locals {
   } : {})
 
   karpenter_profile_name = "${var.cluster_name}-karpenter"
+
+  // this is used when use_existing_cluster is set to true, so that we don't have to modify eks_managed_node_groups
+  output_eks_managed_node_groups = tomap({
+    "initial" = {
+      iam_role_arn                       = var.existing_cluster_node_role_arn
+      launch_template_id                 = ""
+      autoscaling_group_schedule_arns    = {}
+      iam_role_name                      = ""
+      iam_role_unique_id                 = ""
+      launch_template_arn                = ""
+      launch_template_latest_version     = 0
+      launch_template_name               = ""
+      node_group_arn                     = ""
+      node_group_autoscaling_group_names = []
+      node_group_id                      = ""
+      node_group_labels                  = {}
+      node_group_resources               = []
+      node_group_status                  = ""
+      node_group_taints                  = []
+      platform                           = ""
+    }
+  })
 }
diff --git a/output.tf b/output.tf
@@ -3,50 +3,55 @@
 ################################################################################
 # Cluster
 ################################################################################
+output "use_existing_cluster" {
+  description = "Flag to check if you are using an already existing cluster"
+  value       = var.use_existing_cluster
+}
 
 output "cluster_arn" {
   description = "The Amazon Resource Name (ARN) of the cluster"
-  value       = module.aws-eks-kubernetes-cluster.cluster_arn
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].arn : module.aws-eks-kubernetes-cluster[0].cluster_arn
 }
 
 output "cluster_certificate_authority_data" {
   description = "Base64 encoded certificate data required to communicate with the cluster"
-  value       = module.aws-eks-kubernetes-cluster.cluster_certificate_authority_data
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].certificate_authority[0].data : module.aws-eks-kubernetes-cluster[0].cluster_certificate_authority_data
 }
 
 output "cluster_endpoint" {
   description = "Endpoint for your Kubernetes API server"
-  value       = module.aws-eks-kubernetes-cluster.cluster_endpoint
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].endpoint : module.aws-eks-kubernetes-cluster[0].cluster_endpoint
 }
 
 output "cluster_id" {
   description = "DEPRECATED - Use cluster_name"
-  value       = module.aws-eks-kubernetes-cluster.cluster_name
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].id : module.aws-eks-kubernetes-cluster[0].cluster_name
 }
 
 output "cluster_name" {
   description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
-  value       = module.aws-eks-kubernetes-cluster.cluster_name
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].name : module.aws-eks-kubernetes-cluster[0].cluster_name
 }
 
 output "cluster_oidc_issuer_url" {
   description = "The URL on the EKS cluster for the OpenID Connect identity provider"
-  value       = module.aws-eks-kubernetes-cluster.cluster_oidc_issuer_url
+  # value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].identity[0].oidc[0].issuer : module.aws-eks-kubernetes-cluster[0].cluster_oidc_issuer_url
+  value = var.use_existing_cluster ? var.existing_cluster_oidc_issuer_url : module.aws-eks-kubernetes-cluster[0].cluster_oidc_issuer_url
 }
 
 output "cluster_platform_version" {
   description = "Platform version for the cluster"
-  value       = module.aws-eks-kubernetes-cluster.cluster_platform_version
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].platform_version : module.aws-eks-kubernetes-cluster[0].cluster_platform_version
 }
 
 output "cluster_status" {
   description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`"
-  value       = module.aws-eks-kubernetes-cluster.cluster_status
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].status : module.aws-eks-kubernetes-cluster[0].cluster_status
 }
 
 output "cluster_primary_security_group_id" {
   description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console"
-  value       = module.aws-eks-kubernetes-cluster.cluster_primary_security_group_id
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].vpc_config[0].cluster_security_group_id : module.aws-eks-kubernetes-cluster[0].cluster_primary_security_group_id
 }
 
 ################################################################################
@@ -55,12 +60,12 @@ output "cluster_primary_security_group_id" {
 
 output "cluster_security_group_arn" {
   description = "Amazon Resource Name (ARN) of the cluster security group"
-  value       = module.aws-eks-kubernetes-cluster.cluster_security_group_arn
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cluster_security_group_arn
 }
 
 output "cluster_security_group_id" {
   description = "ID of the cluster security group"
-  value       = module.aws-eks-kubernetes-cluster.cluster_security_group_id
+  value       = var.use_existing_cluster ? data.aws_eks_cluster.eks_cluster[0].vpc_config[0].cluster_security_group_id : module.aws-eks-kubernetes-cluster[0].cluster_security_group_id
 }
 
 ################################################################################
@@ -69,21 +74,21 @@ output "cluster_security_group_id" {
 
 output "node_security_group_arn" {
   description = "Amazon Resource Name (ARN) of the node shared security group"
-  value       = module.aws-eks-kubernetes-cluster.node_security_group_arn
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].node_security_group_arn
 }
 
 output "node_security_group_id" {
   description = "ID of the node shared security group"
-  value       = module.aws-eks-kubernetes-cluster.node_security_group_id
+  value       = var.use_existing_cluster ? var.existing_cluster_node_security_group_id : module.aws-eks-kubernetes-cluster[0].node_security_group_id
 }
 
 ################################################################################
 # IRSA
 ################################################################################
 
 output "oidc_provider_arn" {
-  description = "The ARN of the OIDC Provider if `enable_irsa = true`"
-  value       = module.aws-eks-kubernetes-cluster.oidc_provider_arn
+  description = "The ARN of the OIDC Provider"
+  value       = var.use_existing_cluster ? var.existing_cluster_oidc_issuer_arn : module.aws-eks-kubernetes-cluster[0].oidc_provider_arn
 }
 
 ################################################################################
@@ -92,17 +97,17 @@ output "oidc_provider_arn" {
 
 output "cluster_iam_role_name" {
   description = "IAM role name of the EKS cluster"
-  value       = module.aws-eks-kubernetes-cluster.cluster_iam_role_name
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cluster_iam_role_name
 }
 
 output "cluster_iam_role_arn" {
   description = "IAM role ARN of the EKS cluster"
-  value       = module.aws-eks-kubernetes-cluster.cluster_iam_role_arn
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cluster_iam_role_arn
 }
 
 output "cluster_iam_role_unique_id" {
   description = "Stable and unique string identifying the IAM role"
-  value       = module.aws-eks-kubernetes-cluster.cluster_iam_role_unique_id
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cluster_iam_role_unique_id
 }
 
 ################################################################################
@@ -111,7 +116,7 @@ output "cluster_iam_role_unique_id" {
 
 output "cluster_addons" {
   description = "Map of attribute maps for all EKS cluster addons enabled"
-  value       = module.eks_blueprints_addons.eks_addons
+  value       = var.use_existing_cluster ? {} : module.eks_blueprints_addons[0].eks_addons
 }
 
 ################################################################################
@@ -120,7 +125,7 @@ output "cluster_addons" {
 
 output "cluster_identity_providers" {
   description = "Map of attribute maps for all EKS identity providers enabled"
-  value       = module.aws-eks-kubernetes-cluster.cluster_identity_providers
+  value       = var.use_existing_cluster ? {} : module.aws-eks-kubernetes-cluster[0].cluster_identity_providers
   sensitive   = true
 }
 
@@ -130,12 +135,12 @@ output "cluster_identity_providers" {
 
 output "cloudwatch_log_group_name" {
   description = "Name of cloudwatch log group created"
-  value       = module.aws-eks-kubernetes-cluster.cloudwatch_log_group_name
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cloudwatch_log_group_name
 }
 
 output "cloudwatch_log_group_arn" {
   description = "Arn of cloudwatch log group created"
-  value       = module.aws-eks-kubernetes-cluster.cloudwatch_log_group_arn
+  value       = var.use_existing_cluster ? "" : module.aws-eks-kubernetes-cluster[0].cloudwatch_log_group_arn
 }
 
 ################################################################################
@@ -144,7 +149,7 @@ output "cloudwatch_log_group_arn" {
 
 output "fargate_profiles" {
   description = "Map of attribute maps for all EKS Fargate Profiles created"
-  value       = module.aws-eks-kubernetes-cluster.fargate_profiles
+  value       = var.use_existing_cluster ? {} : module.aws-eks-kubernetes-cluster[0].fargate_profiles
 }
 
 ################################################################################
@@ -153,7 +158,7 @@ output "fargate_profiles" {
 
 output "eks_managed_node_groups" {
   description = "Map of attribute maps for all EKS managed node groups created"
-  value       = module.aws-eks-kubernetes-cluster.eks_managed_node_groups
+  value       = var.use_existing_cluster ? local.output_eks_managed_node_groups : module.aws-eks-kubernetes-cluster[0].eks_managed_node_groups
 }
 
 ################################################################################
@@ -162,7 +167,7 @@ output "eks_managed_node_groups" {
 
 output "self_managed_node_groups" {
   description = "Map of attribute maps for all self managed node groups created"
-  value       = module.aws-eks-kubernetes-cluster.self_managed_node_groups
+  value       = var.use_existing_cluster ? {} : module.aws-eks-kubernetes-cluster[0].self_managed_node_groups
 }
 
 ################################################################################
@@ -171,5 +176,5 @@ output "self_managed_node_groups" {
 
 output "aws_access_entries" {
   description = "Access entries for the EKS cluster security group"
-  value       = module.aws-eks-kubernetes-cluster.access_entries
+  value       = var.use_existing_cluster ? {} : module.aws-eks-kubernetes-cluster[0].access_entries
 }