devops-stack-module-cluster-eks
A DevOps Stack module to deploy and configure an EKS cluster on Amazon Web Services.
Technical Reference
Modules
The following Modules are called:
iam_assumable_role_cluster_autoscaler
Source: terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
Version: ~> 5.0
Resources
The following resources are used by this module:
-
aws_iam_policy.cluster_autoscaler (resource)
-
aws_route53_record.wildcard (resource)
-
aws_eks_cluster_auth.cluster (data source)
-
aws_iam_policy_document.cluster_autoscaler (data source)
-
aws_region.current (data source)
-
aws_route53_zone.this (data source)
-
dns_a_record_set.nlb (data source)
Required Inputs
The following input variables are required:
private_subnet_ids
Description: List of IDs of private subnets that the EKS instances will be attached to.
Type: list(string)
Optional Inputs
The following input variables are optional (have default values):
aws_auth_accounts
Description: Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format.
Type: list(string)
Default: []
aws_auth_roles
Description: Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format.
Type:
list(object({
rolearn = string
username = string
groups = list(string)
}))Default: []
aws_auth_users
Description: Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format.
Type:
list(object({
userarn = string
username = string
groups = list(string)
}))Default: []
cluster_autoscaler_role_arn
Description: Role ARN linked to the cluster autoscaler ServiceAccount
Type: string
Default: ""
cluster_endpoint_public_access_cidrs
Description: List of CIDR blocks which can access the Amazon EKS public API server endpoint.
Type: list(string)
Default:
[
"0.0.0.0/0"
]create_private_nlb
Description: Whether to create an internal NLB attached the private subnets
Type: bool
Default: false
create_public_nlb
Description: Whether to create an internet-facing NLB attached to the public subnets
Type: bool
Default: true
enable_cluster_autoscaler
Description: Whether to setup a cluster autoscaler
Type: bool
Default: false
extra_lb_http_tcp_listeners
Description: Additional load-balancer listeners
Type: list(any)
Default: []
extra_lb_target_groups
Description: Additional load-balancer target groups
Type: list(any)
Default: []
kubernetes_version
Description: Kubernetes version to use for the EKS cluster.
Type: string
Default: "1.25"
nlb_attached_node_groups
Description: List of node_groups indexes that the NLB(s) should be attached to
Type: list(any)
Default: []
public_subnet_ids
Description: List of IDs of public subnets the public NLB will be attached to if enabled with 'create_public_nlb'.
Type: list(string)
Default: []
Outputs
The following outputs are exported:
base_domain
Description: n/a
cluster_name
Description: n/a
cluster_oidc_issuer_url
Description: The URL on the EKS cluster OIDC Issuer
kubernetes
Description: n/a
kubernetes_cluster_ca_certificate
Description: n/a
kubernetes_host
Description: n/a
kubernetes_token
Description: n/a
nlb_target_groups
Description: n/a
node_groups
Description: Security group ID attached to the EKS nodes.
node_security_group_id
Description: n/a
Reference in table format
Show tables
= Requirements
| Name | Version |
|---|---|
>= 1.0 |
|
>= 4 |
|
>= 4 |
|
>= 2 |
|
>= 2 |
|
>= 2 |
|
>= 3 |
|
>= 3 |
|
>= 1 |
= Providers
| Name | Version |
|---|---|
>= 4 |
|
n/a |
= Modules
| Name | Source | Version |
|---|---|---|
terraform-aws-modules/eks/aws |
~> 19.0 |
|
terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc |
~> 5.0 |
|
terraform-aws-modules/alb/aws |
~> 8.0 |
|
terraform-aws-modules/alb/aws |
~> 8.0 |
= Resources
| Name | Type |
|---|---|
resource |
|
resource |
|
data source |
|
data source |
|
data source |
|
data source |
|
data source |
= Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format. |
|
|
no |
|
Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format. |
|
|
no |
|
Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf in the terraform-aws-eks module’s code for example format. |
|
|
no |
|
The base domain used for Ingresses. |
|
|
no |
|
Role ARN linked to the cluster autoscaler ServiceAccount |
|
|
no |
|
List of CIDR blocks which can access the Amazon EKS public API server endpoint. |
|
|
no |
|
n/a |
|
n/a |
yes |
|
Whether to create an internal NLB attached the private subnets |
|
|
no |
|
Whether to create an internet-facing NLB attached to the public subnets |
|
|
no |
|
Whether to setup a cluster autoscaler |
|
|
no |
|
Additional load-balancer listeners |
|
|
no |
|
Additional load-balancer target groups |
|
|
no |
|
Kubernetes version to use for the EKS cluster. |
|
|
no |
|
List of node_groups indexes that the NLB(s) should be attached to |
|
|
no |
|
A map of node group configurations to be created. |
|
|
no |
|
List of IDs of private subnets that the EKS instances will be attached to. |
|
n/a |
yes |
|
List of IDs of public subnets the public NLB will be attached to if enabled with 'create_public_nlb'. |
|
|
no |
|
n/a |
|
n/a |
yes |
|
VPC where the cluster and nodes will be deployed. |
|
n/a |
yes |
= Outputs
| Name | Description |
|---|---|
n/a |
|
n/a |
|
The URL on the EKS cluster OIDC Issuer |
|
n/a |
|
n/a |
|
n/a |
|
n/a |
|
n/a |
|
Security group ID attached to the EKS nodes. |
|
n/a |