fix: only setup LB discovery tags for in-use subnets (#147)

*(If this PR fixes a github issue, please add `Fixes #<xyz>`.)* Fixes #<xyz> *(or if this PR is one task of a github issue, please add `Master Issue: #<xyz>` to link to the master issue.)* Master Issue: #<xyz> ### Motivation - Avoid unnecessary inter-zone traffic from LB - Allow disabling cross-zone load balancing when specifying zones ### Modifications - Remove duplicated tag setup in VPC module - Only setup LB discovery tags for subnet will be used by nodepool ### Verifying this change - [ ] Make sure that the change passes the CI checks. *(Please pick either of the following options)* This change is a trivial rework / code cleanup without any test coverage. *(or)* This change is already covered by existing tests, such as *(please describe tests)*. *(or)* This change added tests and can be verified as follows: *(example:)* - *Added integration tests for end-to-end deployment with large payloads (10MB)* - *Extended integration test for recovery after broker failure* ### Documentation Check the box below. Need to update docs? - [ ] `doc-required` (If you need help on updating docs, create a doc issue) - [x] `no-need-doc` (Please explain why) - [ ] `doc` (If this PR contains doc changes)
streamnative · Nov 25, 2024 · 7bbcbae · 7bbcbae
1 parent c7dbedf
commit 7bbcbae
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 6 deletions.
diff --git a/main.tf b/main.tf
@@ -303,6 +303,7 @@ module "vpc_tags" {
   vpc_id             = var.vpc_id
   public_subnet_ids  = var.public_subnet_ids
   private_subnet_ids = var.private_subnet_ids
+  node_pool_azs      = var.node_pool_azs
 }
 
 resource "aws_ec2_tag" "cluster_security_group" {

diff --git a/modules/eks-vpc-tags/main.tf b/modules/eks-vpc-tags/main.tf
@@ -12,8 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+data "aws_subnet" "private_subnets" {
+  count = length(var.private_subnet_ids)
+  id    = var.private_subnet_ids[count.index]
+}
+
+data "aws_subnet" "public_subnets" {
+  count = length(var.public_subnet_ids)
+  id    = var.public_subnet_ids[count.index]
+}
+
 locals {
   cluster_subnet_ids = concat(var.private_subnet_ids, var.public_subnet_ids)
+  node_pool_private_subnets = [
+    for subnet in data.aws_subnet.private_subnets : subnet.id if(length(var.node_pool_azs) == 0 || contains(var.node_pool_azs, subnet.availability_zone))
+  ]
+  node_pool_public_subnets = [
+    for subnet in data.aws_subnet.public_subnets : subnet.id if(length(var.node_pool_azs) == 0 || contains(var.node_pool_azs, subnet.availability_zone))
+  ]
 }
 
 resource "aws_ec2_tag" "vpc_tag" {
@@ -30,15 +46,15 @@ resource "aws_ec2_tag" "cluster_subnet_tag" {
 }
 
 resource "aws_ec2_tag" "private_subnet_tag" {
-  count       = length(var.private_subnet_ids)
-  resource_id = var.private_subnet_ids[count.index]
+  count       = length(local.node_pool_private_subnets)
+  resource_id = local.node_pool_private_subnets[count.index]
   key         = "kubernetes.io/role/internal-elb"
   value       = "1"
 }
 
 resource "aws_ec2_tag" "public_subnet_tag" {
-  count       = length(var.public_subnet_ids)
-  resource_id = var.public_subnet_ids[count.index]
+  count       = length(local.node_pool_public_subnets)
+  resource_id = local.node_pool_public_subnets[count.index]
   key         = "kubernetes.io/role/elb"
   value       = "1"
 }
diff --git a/modules/eks-vpc-tags/variables.tf b/modules/eks-vpc-tags/variables.tf
@@ -56,4 +56,10 @@ variable "vpc_id" {
     condition     = length(var.vpc_id) > 4 && substr(var.vpc_id, 0, 4) == "vpc-"
     error_message = "The value for variable \"vpc_id\" must be a valid VPC id, starting with \"vpc-\"."
   }
+}
+
+variable "node_pool_azs" {
+  type        = list(string)
+  description = "A list of availability zones to use for the EKS node group. If not set, the module will use the same availability zones with the cluster."
+  default     = []
 }
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -39,7 +39,7 @@ resource "aws_subnet" "public" {
   cidr_block              = cidrsubnet(var.vpc_cidr, var.public_subnet_newbits, var.public_subnet_start + count.index)
   availability_zone       = local.azs[count.index]
   map_public_ip_on_launch = var.disable_nat_gateway ? true : var.public_subnet_auto_ip
-  tags                    = merge({ "Vendor" = "StreamNative", "Type" = "public", "kubernetes.io/role/elb" = "1", Name = format("%s-public-sbn-%s", var.vpc_name, count.index) }, var.tags)
+  tags                    = merge({ "Vendor" = "StreamNative", "Type" = "public", Name = format("%s-public-sbn-%s", var.vpc_name, count.index) }, var.tags)
 
   lifecycle {
     ignore_changes = [tags]
@@ -52,7 +52,7 @@ resource "aws_subnet" "private" {
   vpc_id            = aws_vpc.vpc.id
   cidr_block        = cidrsubnet(var.vpc_cidr, var.private_subnet_newbits, var.private_subnet_start + count.index)
   availability_zone = local.azs[count.index]
-  tags              = merge({ "Vendor" = "StreamNative", "Type" = "private", "kubernetes.io/role/internal-elb" = "1", Name = format("%s-private-sbn-%s", var.vpc_name, count.index) }, var.tags)
+  tags              = merge({ "Vendor" = "StreamNative", "Type" = "private", Name = format("%s-private-sbn-%s", var.vpc_name, count.index) }, var.tags)
 
   lifecycle {
     ignore_changes = [tags]