1
votes

I use terraform code provisioned EKS cluster (1.16) with worker nodes on AWS (Linux). The code below is for creating eks worker nodes (Linux):

resource "aws_eks_node_group" "default-worker-nodes-group" {
  cluster_name    = "${var.eks_cluster_name}"
  node_group_name = "${var.eks_cluster_node_group_name}"
  node_role_arn   = "${var.eks_worker_node_role_arn}"
  subnet_ids      = ["${var.eks_worker_subnet_ids}"]
  ami_type        = "${var.ami_type}"
  instance_types  = "${var.instance_type}"
  disk_size       = "${var.volume_size}"
  release_version = "${var.release_version}"
  version         = "${var.eks_cluster_version}"

  remote_access {
    ec2_ssh_key               = "${var.ec2_ssh_key}"
    source_security_group_ids = ["${var.eks_worker_security_groups_ids}"]
  }

 
}

I would like to add additional Windows worker nodes. How to do it?

I define the ARN of instance role of Linux node below. For Windows, can I use the same role as Linux? In other words, ARN of instance role of Windows node is same as ARN of instance role of Linux node?

#eks workers roles
resource "aws_iam_role" "eks-workernode-role" {
  name = "${var.eks_workernode_iam_role_name}"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

data:
  mapRoles: |
    - rolearn: ${aws_iam_role.eks-workernode-role.arn}
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
1

1 Answers

1
votes

You need to use an AMI that is a Windows-AMI, see Amazon EKS optimized Windows AMIs.

You also need a slightly different Role in the aws-auth ConfigMap as described in Launching self-managed Windows nodes, with the mapRoles like

      groups:
        - system:bootstrappers
        - system:nodes
        - eks:kube-proxy-windows