Use aws_eks_node_group with public and private subnets

dj-wasabi · March 16, 2020, 9:41am

Hi,

I’m trying to create a node-group on AWS with nodes that have 1 Public subnet and 1 private subnet for each AZ. I don’t seem to get it working. I have the following code:

Subnets:

resource "aws_subnet" "public" {
    count = length(var.aws_subnet_public_cidr)

    availability_zone = data.aws_availability_zones.available.names[count.index]
    cidr_block        = var.aws_subnet_public_cidr[count.index]
    vpc_id            = aws_vpc.main.id

    tags = {
        Name                                        = "public-${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
        "kubernetes.io/cluster/${var.cluster_name}" = "shared"
        "kubernetes.io/role/elb"                    = 1
    }
}

resource "aws_subnet" "private" {
    count             = length(var.aws_subnet_private_cidr)
    availability_zone = data.aws_availability_zones.available.names[count.index]
    cidr_block        = var.aws_subnet_private_cidr[count.index]
    vpc_id            = aws_vpc.main.id

    tags = {
        Name                                        = "private-${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
        "kubernetes.io/cluster/${var.cluster_name}" = "shared"
        "kubernetes.io/role/internal-elb"           = 1
    }
}

Node group:

resource "aws_eks_node_group" "worker-node" {
  # count           = length(var.aws_subnet_private)
  count = 1
  cluster_name    = aws_eks_cluster.eks-cluster.name
  node_group_name = "${var.cluster_name}-${data.aws_availability_zones.available.names[count.index]}"
  node_role_arn   = aws_iam_role.worker-node.arn
  subnet_ids      = concat(aws_subnet.private.*.id,aws_subnet.public.*.id)
  instance_types  = ["t3.small"]

  scaling_config {
    desired_size = var.aws_node_scaling_desired_size
    max_size     = var.aws_node_scaling_max_size
    min_size     = var.aws_node_scaling_min_size
  }

  depends_on = [
    aws_iam_role_policy_attachment.tf_AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.tf_AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.tf_AmazonEC2ContainerRegistryReadOnly,
  ]
}

I’ll probably doing something wrong, but can not find the issue. Some cases, the nodes get 2 ips for the public subnet, other times it gets it ips for the private subnet. Goal is to get 1 ip for the public subnet and 1 for the private subnet.

Thanks in advance.

Topic		Replies	Views
Passing multiple subnet ids into an eks_demo_node_group resource Terraform	2	1615	August 3, 2021
How to get subnet IP for specific AZ with CDKTF CDK for Terraform	2	516	December 20, 2022
EKS cluster with managed nodegroups in private subnets fail with 'Instances failed to join the Kubernetes cluster' AWS	0	32	December 7, 2024
Pull Available AZs and assign subnets Terraform	1	433	March 9, 2021
For_each loop -> creating subnets Terraform k8s	0	258	August 4, 2023

Use aws_eks_node_group with public and private subnets

Related topics