output the cluster KMS key and re-condition pod affinity rules for co…

…redns
RADAR-base · Nov 25, 2024 · 6b9fd49 · 6b9fd49
1 parent aea5f36
commit 6b9fd49
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/cluster/eks.tf b/cluster/eks.tf
@@ -126,6 +126,20 @@ module "eks" {
         nodeSelector : var.create_dmz_node_group ? {
           role : "dmz-1"
         } : {},
+        affinity : var.create_dmz_node_group ? {} : {
+          podAntiAffinity : {
+            requiredDuringSchedulingIgnoredDuringExecution : [{
+              labelSelector : {
+                matchExpressions : [{
+                  key : "k8s-app"
+                  operator : "In"
+                  values : ["kube-dns"]
+                }]
+              },
+              topologyKey : "kubernetes.io/hostname"
+            }]
+          }
+        }
       })
     }
     kube-proxy = {

diff --git a/cluster/outputs.tf b/cluster/outputs.tf
@@ -6,6 +6,10 @@ output "radar_base_eks_cluser_endpoint" {
   value = module.eks.cluster_endpoint
 }
 
+output "radar_base_eks_cluser_kms_key_arn" {
+  value = module.eks.kms_key_arn
+}
+
 output "radar_base_eks_dmz_node_group_name" {
   value = var.create_dmz_node_group ? element(split(":", module.eks.eks_managed_node_groups["dmz-${var.eks_cluster_name}"].node_group_id), 1) : null
 }