Use aws_eks_node_group with public and private subnets

dj-wasabi · March 16, 2020, 9:41am

Hi,

I’m trying to create a node-group on AWS with nodes that have 1 Public subnet and 1 private subnet for each AZ. I don’t seem to get it working. I have the following code:

Subnets:

resource "aws_subnet" "public" {
    count = length(var.aws_subnet_public_cidr)

    availability_zone = data.aws_availability_zones.available.names[count.index]
    cidr_block        = var.aws_subnet_public_cidr[count.index]
    vpc_id            = aws_vpc.main.id

    tags = {
        Name                                        = "public-${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
        "kubernetes.io/cluster/${var.cluster_name}" = "shared"
        "kubernetes.io/role/elb"                    = 1
    }
}

resource "aws_subnet" "private" {
    count             = length(var.aws_subnet_private_cidr)
    availability_zone = data.aws_availability_zones.available.names[count.index]
    cidr_block        = var.aws_subnet_private_cidr[count.index]
    vpc_id            = aws_vpc.main.id

    tags = {
        Name                                        = "private-${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
        "kubernetes.io/cluster/${var.cluster_name}" = "shared"
        "kubernetes.io/role/internal-elb"           = 1
    }
}

Node group:

resource "aws_eks_node_group" "worker-node" {
  # count           = length(var.aws_subnet_private)
  count = 1
  cluster_name    = aws_eks_cluster.eks-cluster.name
  node_group_name = "${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
  node_role_arn   = aws_iam_role.worker-node.arn
  subnet_ids      = concat(aws_subnet.private.*.id,aws_subnet.public.*.id)
  instance_types  = ["t3.small"]

  scaling_config {
    desired_size = var.aws_node_scaling_desired_size
    max_size     = var.aws_node_scaling_max_size
    min_size     = var.aws_node_scaling_min_size
  }

  depends_on = [
    aws_iam_role_policy_attachment.tf_AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.tf_AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.tf_AmazonEC2ContainerRegistryReadOnly,
  ]
}

I’ll probably doing something wrong, but can not find the issue. Some cases, the nodes get 2 ips for the public subnet, other times it gets it ips for the private subnet. Goal is to get 1 ip for the public subnet and 1 for the private subnet.

Thanks in advance.