eks-cluster migration.md

eks-cluster migration

destroyed:

• aws_iam_role_policy.access_kms_key
• r aws_iam_role_policy.ssh_grunt_permissions
• aws_iam_role_policy_attachment.attach_cloudwatch_log_aggregation_policy
• aws_iam_role_policy_attachment.attach_cloudwatch_metrics_policy
• aws_security_group_rule.allow_inbound_ssh[0]
• aws_security_group_rule.openvpn_server_control_plane_access
• module.cloudwatch_log_aggregation.aws_iam_policy.cloudwatch_log_aggregation[0]
• module.cloudwatch_metrics.aws_iam_policy.cloudwatch_metrics_read_write[0]
• module.eks_cluster.null_resource.cleanup_eks_cluster_resources_script_hook
• r module.eks_workers.aws_launch_configuration.eks_worker
• r module.high_cpu_usage_alarms.aws_cloudwatch_metric_alarm.asg_high_cpu_utilization[0]
• r module.high_disk_usage_alarms.aws_cloudwatch_metric_alarm.asg_high_disk_utilization[0]
• r module.high_memory_usage_alarms.aws_cloudwatch_metric_alarm.asg_high_memory_utilization[0]
• module.eks_cluster.module.cleanup_eks_cluster_resources.null_resource.run_pex[0]

created:

• module.ec2_baseline.aws_iam_role_policy.custom_cloudwatch_metrics[0]
• r module.ec2_baseline.aws_iam_role_policy.ssh_grunt_permissions[0]
• module.eks_cluster.null_resource.fargate_profile_dependencies
• r module.eks_workers.aws_launch_configuration.eks_worker["asg"]
• r module.ec2_baseline.module.high_asg_cpu_usage_alarms.aws_cloudwatch_metric_alarm.asg_high_cpu_utilization[0]
• r module.ec2_baseline.module.high_asg_disk_usage_root_volume_alarms.aws_cloudwatch_metric_alarm.asg_high_disk_utilization[0]
• r module.ec2_baseline.module.high_asg_memory_usage_alarms.aws_cloudwatch_metric_alarm.asg_high_memory_utilization[0]

Note: Items above with a r can be state mv'd but even after they're mv'd, Terraform still needs replace them (destroy then create). It's not worth the squeeze.

updated in place:

• module.eks_cluster.aws_eks_cluster.eks
• module.eks_k8s_role_mapping.kubernetes_config_map.eks_to_k8s_role_mapping

must be replaced

Note: all because of changed (shortened) name, unless otherwise specified

• module.eks_cluster.aws_iam_role.default_fargate_role[0]
• module.eks_cluster.aws_iam_role_policy_attachment.default_fargate_role[0]
• module.eks_cluster.null_resource.sync_core_components[0]
  • because of triggers object changing
• module.eks_cluster.null_resource.wait_for_api
  • because endpoint_acces typo and k8s_version bump to 1.19
• module.eks_workers.aws_autoscaling_group.eks_worker["asg"]
• module.eks_workers.aws_iam_instance_profile.eks_worker[0]
• module.eks_workers.aws_iam_role.eks_worker[0]
• module.eks_workers.aws_iam_role_policy.allow_describe_ec2_tags[0]
• module.eks_workers.aws_iam_role_policy_attachment.worker_AmazonEC2ContainerRegistryReadOnly[0]
• module.eks_workers.aws_iam_role_policy_attachment.worker_AmazonEKSWorkerNodePolicy[0]
• module.eks_workers.aws_iam_role_policy_attachment.worker_AmazonEKS_CNI_Policy[0]
• module.eks_workers.aws_security_group.eks_worker[0]

read during apply:

• module.eks_cluster.data.aws_eks_cluster_auth.kubernetes_token
• module.eks_cluster.data.template_file.kubeconfig