Created
November 17, 2023 11:17
-
-
Save simon-wessel/9cc56d89f1e91305fbdc3ec6bc070800 to your computer and use it in GitHub Desktop.
Disabling AWS CNI using Terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# We add the addon with unfulfillable node selectors for the DaemonSet. | |
# When adding this addon before adding any nodes to the cluster, the AWS CNI will be disabled from the start. | |
# This is especially useful if you intend to install a CNI like Calico or Cilium. | |
# If you already have nodes in your cluster, you need to replace them. | |
# This is a hacky workaround, but it works and I prefer this solution to the local-exec provider until AWS adds a clean solution for this. | |
resource "aws_eks_addon" "vpc_cni" { | |
cluster_name = "my-cluster" | |
addon_name = "vpc-cni" | |
addon_version = data.aws_eks_addon_version.vpc_cni.version | |
resolve_conflicts_on_create = "OVERWRITE" | |
resolve_conflicts_on_update = "OVERWRITE" | |
configuration_values = jsonencode({ | |
affinity : { | |
nodeAffinity : { | |
requiredDuringSchedulingIgnoredDuringExecution : { | |
nodeSelectorTerms : [ | |
{ | |
matchExpressions : [ | |
{ | |
key : "someNonExistingLabel" | |
operator : "In" | |
values : [ | |
"whichDoesNotMatchAnyNode" | |
] | |
} | |
] | |
} | |
] | |
} | |
} | |
} | |
}) | |
} | |
data "aws_eks_addon_version" "vpc_cni" { | |
addon_name = "vpc-cni" | |
kubernetes_version = "1.28" | |
most_recent = true | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment