Skip to content

Latest commit

 

History

History
140 lines (127 loc) · 18 KB

README.md

File metadata and controls

140 lines (127 loc) · 18 KB

terraform-aws-eks

An opinionated Terraform module that can be used to create and manage an EKS cluster in AWS in a simplified way.

Requirements

Name Version
terraform >= 1.3.0
aws >= 5.34.0
null >= 3.1.1
tls < 4.0.0

Providers

Name Version
aws >= 5.34.0
null >= 3.1.1
tls < 4.0.0

Modules

Name Source Version
iam_assumable_role_aws_ebs_csi_driver terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_aws_load_balancer_controller terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_cert_manager terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_cluster_autoscaler terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_external_dns terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_log_shipping terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_phlare terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.4.0
iam_assumable_role_velero terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 5.9.2
main terraform-aws-modules/eks/aws ~> 20.0

Resources

Name Type
aws_iam_policy.aws_ebs_csi_driver resource
aws_iam_policy.aws_load_balancer_controller resource
aws_iam_policy.cert_manager resource
aws_iam_policy.cluster_autoscaler resource
aws_iam_policy.external_dns resource
aws_iam_policy.log_shipping resource
aws_iam_policy.phlare resource
aws_iam_policy.velero resource
aws_instance.echo-server resource
aws_key_pair.ssh_access resource
aws_s3_bucket.log_shipping resource
aws_s3_bucket.phlare resource
aws_s3_bucket.velero resource
aws_s3_bucket_acl.log_shipping resource
aws_s3_bucket_acl.phlare resource
aws_s3_bucket_acl.velero resource
aws_s3_bucket_lifecycle_configuration.velero resource
aws_s3_bucket_ownership_controls.log_shipping_ownership_controls resource
aws_s3_bucket_ownership_controls.phlare_ownership_controls resource
aws_s3_bucket_ownership_controls.velero_ownership_controls resource
aws_s3_bucket_public_access_block.log_shipping_block_public_access resource
aws_s3_bucket_public_access_block.phlare_block_public_access resource
aws_s3_bucket_public_access_block.velero_block_public_access resource
aws_security_group_rule.cluster_to_workers_ingress_all resource
aws_security_group_rule.workers_egress_dns_tcp resource
aws_security_group_rule.workers_egress_dns_udp resource
aws_security_group_rule.workers_egress_http resource
aws_security_group_rule.workers_egress_ssh resource
aws_security_group_rule.workers_to_workers_egress_all resource
aws_security_group_rule.workers_to_workers_ingress_all resource
null_resource.disable_aws_vpc_cni_plugin resource
null_resource.kubeconfig resource
null_resource.wait_for_control_plane_subnets resource
tls_private_key.ssh_key resource
aws_ami.ubuntu data source
aws_ami.workers data source
aws_caller_identity.current data source
aws_iam_policy_document.log_shipping data source
aws_iam_policy_document.phlare data source
aws_iam_policy_document.velero data source
aws_subnets.eks_control_plane data source
aws_subnets.private data source
aws_subnets.public data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
allow_imdsv1 Whether to allow IMDSv1 access (insecure). bool false no
ami_owners The list of acceptable owners of AMIs to be used for worker nodes. list(string) 
[
  "099720109477",
  "679593333241",
  "amazon",
  "self"
]
 no
aws_ebs_csi_driver_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'aws-ebs-csi-driver' role using OpenID Connect. list(string) [] no
aws_load_balancer_controller_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'aws-load-balancer-controller' role using OpenID Connect. list(string) [] no
cert_manager_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'cert-manager' role using OpenID Connect. list(string) [] no
cluster_autoscaler_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'cluster-autoscaler' role using OpenID Connect. list(string) [] no
cluster_service_ipv4_cidr The CIDR block to assign Kubernetes service IP addresses from. string null no
control_plane_subnet_ids Can be used to override the list of subnet IDs to use for the EKS control-plane. If not defined, subnets tagged with 'eks-control-plane: true' will be used. list(string) [] no
disable_aws_vpc_cni_plugin Whether to disable the AWS VPC CNI plugin. Unless running in chaining mode, this should usually be 'true'. bool n/a yes
echo_server_instance_enabled Whether to create an EC2 instance outside the cluster that can act as 'echo-server'. bool false no
echo_server_instance_user_data The user data script to use for the 'echo-server' instance. string "" no
external_dns_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'external-dns' role using OpenID Connect. list(string) [] no
include_public_subnets Whether to include public subnets in the list of subnets usable by the EKS cluster. bool true no
kubernetes_version The version of Kubernetes/EKS to use. string n/a yes
log_shipping_bucket_name The name of the S3 bucket that will be used to store logs. string "" no
log_shipping_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'log-shipping' role using OpenID Connect. list(string) [] no
name The name of the EKS cluster. string n/a yes
phlare_bucket_name The name of the S3 bucket that will be used by Phlare string "" no
phlare_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'phlare' role using OpenID Connect. list(string) [] no
region The region in which to create the EKS cluster. string n/a yes
self_managed_node_groups A map describing the set of self-managed node groups to create. Other types of node groups besides self-managed are currently not supported. 
map(object({
    ami_type                     = string
    ami_name_filter              = string
    extra_tags                   = map(string)
    instance_type                = string
    kubelet_extra_args           = string
    max_nodes                    = number
    min_nodes                    = number
    name                         = string
    pre_bootstrap_user_data      = string
    post_bootstrap_user_data     = string
    root_volume_id               = string
    root_volume_size             = number
    root_volume_type             = string
    subnet_ids                   = list(string)
    iam_role_additional_policies = map(string)
    iam_role_use_name_prefix     = optional(bool, true)
    key_name                     = optional(string)
  }))
 n/a yes
tags The set of tags to place on the EKS cluster. map(string) n/a yes
velero_bucket_name The name of the S3 bucket that will be used to upload Velero backups. string "" no
velero_oidc_fully_qualified_subjects The list of trusted resources which can assume the 'velero' role using OpenID Connect. list(string) [] no
vpc_id The ID of the VPC in which to create the EKS cluster. string n/a yes
worker_node_additional_policies A list of additional policies to add to worker nodes. list(string) [] no

Outputs

Name Description
aws_ebs_csi_driver_policy_arn n/a
aws_ebs_csi_driver_role_arn n/a
aws_load_balancer_controller_role_arn n/a
cert_manager_role_arn n/a
cluster_arn n/a
cluster_autoscaler_role_arn n/a
cluster_endpoint n/a
cluster_version n/a
external_dns_role_arn n/a
id n/a
log_shipping_bucket_name n/a
log_shipping_role_arn n/a
oidc_provider_arn n/a
oidc_provider_url n/a
path_to_kubeconfig_file n/a
ssh_key_name n/a
ssh_private_key_pem n/a
workers_iam_role_arns n/a
workers_security_group_id n/a