{"id":23104093,"url":"https://github.com/glueops/terraform-module-cloud-aws-kubernetes-cluster","last_synced_at":"2026-01-17T21:28:07.390Z","repository":{"id":65288733,"uuid":"585257833","full_name":"GlueOps/terraform-module-cloud-aws-kubernetes-cluster","owner":"GlueOps","description":"This repository contains a Terraform module for deploying an Amazon EKS cluster on AWS as part of the GlueOps platform. It facilitates setting up VPCs, subnets, EKS clusters, node pools, and the necessary AWS resources for Kubernetes cluster deployment. It includes configurations for addons like CoreDNS and kube-proxy, and supports VPC peering.","archived":false,"fork":false,"pushed_at":"2024-12-16T10:03:23.000Z","size":196,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-12-16T13:14:28.664Z","etag":null,"topics":["aws","aws-eks-cluster","aws-resources","cloudposse","eks","eks-setup","glueops-platform","iam","kubernetes","kubernetes-addons","kubernetes-cluster","node-pools","terraform","terraform-module","vpc","vpc-peering"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GlueOps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-04T18:03:15.000Z","updated_at":"2024-12-11T23:45:12.000Z","dependencies_parsed_at":"2023-12-23T19:03:59.591Z","dependency_job_id":"e25118f4-8250-4256-b135-069a78995381","html_url":"https://github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlueOps%2Fterraform-module-cloud-aws-kubernetes-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlueOps%2Fterraform-module-cloud-aws-kubernetes-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlueOps%2Fterraform-module-cloud-aws-kubernetes-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlueOps%2Fterraform-module-cloud-aws-kubernetes-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GlueOps","download_url":"https://codeload.github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230044161,"owners_count":18164119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-eks-cluster","aws-resources","cloudposse","eks","eks-setup","glueops-platform","iam","kubernetes","kubernetes-addons","kubernetes-cluster","node-pools","terraform","terraform-module","vpc","vpc-peering"],"created_at":"2024-12-17T00:31:18.808Z","updated_at":"2026-01-17T21:28:07.377Z","avatar_url":"https://github.com/GlueOps.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n# terraform-module-cloud-aws-kubernetes-cluster\n\nThis terraform module is to help you quickly deploy a EKS cluster on Amazon Web Services (AWS). This is part of the opionated GlueOps Platform. If you came here directly then you should probably visit https://github.com/glueops/admiral as that is the start point.\n\n## Prerequisites to use this Terraform module\n\n- A Dedicated AWS Sub account\n- Service account with environment variable set\n- Service Quotas (Depending on Cluster Size)\n\nFor more details see: https://github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster/wiki/\n\n### Example usage of module\n\n```hcl\nmodule \"captain\" {\n  iam_role_to_assume = \"arn:aws:iam::1234567890:role/glueops-captain-role\"\n  source             = \"git::https://github.com/GlueOps/terraform-module-cloud-aws-kubernetes-cluster.git\"\n  eks_version        = \"1.33\"\n  # kubernetesVersion and addonName provided\n  # renovate: eksAddonsFilter={\"kubernetesVersion\":\"1.33\",\"addonName\":\"aws-ebs-csi-driver\"}\n  csi_driver_version = \"v1.54.0-eksbuild.1\"\n\n  # kubernetesVersion and addonName provided\n  # renovate: eksAddonsFilter={\"kubernetesVersion\":\"1.33\",\"addonName\":\"coredns\"}\n  coredns_version    = \"v1.12.4-eksbuild.1\"\n\n  # kubernetesVersion and addonName provided\n  # renovate: eksAddonsFilter={\"kubernetesVersion\":\"1.33\",\"addonName\":\"kube-proxy\"}\n  kube_proxy_version = \"v1.33.5-eksbuild.2\"\n  vpc_cidr_block     = \"10.65.0.0/26\"\n  region             = \"us-west-2\"\n  availability_zones = [\"us-west-2a\", \"us-west-2b\"]\n  private_subnets_enabled = false\n  node_pools = [\n#    {\n#      \"kubernetes_version\" : \"1.33\",\n#      \"ami_release_version\" : \"1.33.5-20251217\",\n#      \"ami_type\" : \"AL2023_x86_64_STANDARD\",\n#      \"instance_type\" : \"t3a.large\",\n#      \"name\" : \"glueops-platform-node-pool-1\",\n#      \"node_count\" : 4,\n#      \"spot\" : false,\n#      \"disk_size_gb\" : 20,\n#      \"max_pods\" : 110,\n#      \"ssh_key_pair_names\" : [],\n#      \"kubernetes_labels\" : {\n#        \"glueops.dev/role\" : \"glueops-platform\"\n#      },\n#      \"kubernetes_taints\" : [\n#        {\n#          key    = \"glueops.dev/role\"\n#          value  = \"glueops-platform\"\n#          effect = \"NO_SCHEDULE\"\n#        }\n#      ]\n#    },\n#    {\n#      \"kubernetes_version\" : \"1.33\",\n#      \"ami_release_version\" : \"1.33.5-20251217\",\n#      \"ami_type\" : \"AL2023_x86_64_STANDARD\",\n#      \"instance_type\" : \"t3a.medium\",\n#      \"name\" : \"glueops-platform-node-pool-argocd-app-controller-1\",\n#      \"node_count\" : 2,\n#      \"spot\" : false,\n#      \"disk_size_gb\" : 20,\n#      \"max_pods\" : 110,\n#      \"ssh_key_pair_names\" : [],\n#      \"kubernetes_labels\" : {\n#        \"glueops.dev/role\" : \"glueops-platform-argocd-app-controller\"\n#      },\n#      \"kubernetes_taints\" : [\n#        {\n#          key    = \"glueops.dev/role\"\n#          value  = \"glueops-platform-argocd-app-controller\"\n#          effect = \"NO_SCHEDULE\"\n#        }\n#      ]\n#    },\n#    {\n#      \"kubernetes_version\" : \"1.33\",\n#      \"ami_release_version\" : \"1.33.5-20251217\",\n#      \"ami_type\" : \"AL2023_x86_64_STANDARD\",\n#      \"instance_type\" : \"t3a.medium\",\n#      \"name\" : \"clusterwide-node-pool-1\",\n#      \"node_count\" : 2,\n#      \"spot\" : false,\n#      \"disk_size_gb\" : 20,\n#      \"max_pods\" : 110,\n#      \"ssh_key_pair_names\" : [],\n#      \"kubernetes_labels\" : {},\n#      \"kubernetes_taints\" : []\n#    }\n  ]\n  peering_configs = [\n#    {\n#    vpc_peering_connection_id = \"pcx-0df92b5241651ba92\"\n#    destination_cidr_block = \"10.69.0.0/26\"\n#    }\n  ]\n}\n```\n\n## VPC Peering\n\nThis terraform module expects only to be an accepter VPC. This means a VPC peering request must come from the requesting account. As an accepter VPC you must provide the requester your VPC ID, your AWS Account ID (The subaccount being used for the cluster deployment), and the VPC CIDR you configured for the cluster deployment.\n\nWhen providing them with the above, please ask them to [enable DNS resolution of hosts within the requester VPC](https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html#vpc-peering-dns).\n\n### EFS/NFS Example Manifest\n\n```yaml\napiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: nfs-pv-test\nspec:\n  storageClassName: efs-fun-test\n  capacity:\n    storage: 1000Gi # Adjust based on your needs\n  accessModes:\n    - ReadWriteMany\n  persistentVolumeReclaimPolicy: Retain\n  mountOptions:\n      - timeo=600\n      - retrans=2\n      - nfsvers=4.1\n      - rsize=1048576\n      - wsize=1048576\n      - noresvport\n      - hard\n  nfs:\n    path: /\n    server: nfs.nonprod.antoniostacos.onglueops.com\n---\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: my-pvc\nspec:\n  accessModes:\n    - ReadWriteMany\n  storageClassName: efs-fun-test\n  resources:\n    requests:\n      storage: 1Gi\n---\napiVersion: v1\nkind: Pod\nmetadata:\n  name: my-pod\nspec:\n  containers:\n    - name: my-container\n      image: nginx\n      volumeMounts:\n        - name: my-volume\n          mountPath: /mnt/data  # Mount path within the container\n          subPath: pod1-fun\n  volumes:\n    - name: my-volume\n      persistentVolumeClaim:\n        claimName: my-pvc  # Name of the PVC to be mounted\n```\n\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#module\\_kubernetes) | cloudposse/eks-cluster/aws | 3.0.0 |\n| \u003ca name=\"module_node_pool\"\u003e\u003c/a\u003e [node\\_pool](#module\\_node\\_pool) | cloudposse/eks-node-group/aws | 3.1.1 |\n| \u003ca name=\"module_subnets\"\u003e\u003c/a\u003e [subnets](#module\\_subnets) | cloudposse/dynamic-subnets/aws | 2.4.2 |\n| \u003ca name=\"module_vpc\"\u003e\u003c/a\u003e [vpc](#module\\_vpc) | cloudposse/vpc/aws | 2.2.0 |\n| \u003ca name=\"module_vpc_peering_accepter_with_routes\"\u003e\u003c/a\u003e [vpc\\_peering\\_accepter\\_with\\_routes](#module\\_vpc\\_peering\\_accepter\\_with\\_routes) | ./modules/vpc_peering_accepter_with_routes | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_eks_addon.coredns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_eks_addon.ebs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_eks_addon.kube_proxy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |\n| [aws_iam_role.eks_addon_ebs_csi_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.ebs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_security_group.captain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.allow_all_within_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.captain_egress_all_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_iam_openid_connect_provider.provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |\n| [aws_iam_policy_document.eks_assume_addon_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_availability_zones\"\u003e\u003c/a\u003e [availability\\_zones](#input\\_availability\\_zones) | The availability zones to deploy into | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"us-west-2a\",\u003cbr/\u003e  \"us-west-2b\",\u003cbr/\u003e  \"us-west-2c\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_coredns_version\"\u003e\u003c/a\u003e [coredns\\_version](#input\\_coredns\\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html | `string` | `\"v1.12.4-eksbuild.1\"` | no |\n| \u003ca name=\"input_csi_driver_version\"\u003e\u003c/a\u003e [csi\\_driver\\_version](#input\\_csi\\_driver\\_version) | You should grab the appropriate version number from: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/CHANGELOG.md | `string` | `\"v1.54.0-eksbuild.1\"` | no |\n| \u003ca name=\"input_eks_version\"\u003e\u003c/a\u003e [eks\\_version](#input\\_eks\\_version) | The version of EKS to deploy | `string` | `\"1.33\"` | no |\n| \u003ca name=\"input_iam_role_to_assume\"\u003e\u003c/a\u003e [iam\\_role\\_to\\_assume](#input\\_iam\\_role\\_to\\_assume) | The full ARN of the IAM role to assume | `string` | n/a | yes |\n| \u003ca name=\"input_kube_proxy_version\"\u003e\u003c/a\u003e [kube\\_proxy\\_version](#input\\_kube\\_proxy\\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html | `string` | `\"v1.33.5-eksbuild.2\"` | no |\n| \u003ca name=\"input_node_pools\"\u003e\u003c/a\u003e [node\\_pools](#input\\_node\\_pools) | node pool configurations:\u003cbr/\u003e  - name (string): Name of the node pool. MUST BE UNIQUE! Recommended to use YYYYMMDD in the name\u003cbr/\u003e  - node\\_count (number): number of nodes to create in the node pool.\u003cbr/\u003e  - instance\\_type (string): Instance type to use for the nodes. ref: https://instances.vantage.sh/\u003cbr/\u003e  - kubernetes\\_version (string): Generally this is the same version as the EKS cluster. But if doing a node pool upgrade this may be a different version.\u003cbr/\u003e  - ami\\_release\\_version (string): AMI Release version to use for EKS worker nodes. ref: https://github.com/awslabs/amazon-eks-ami/releases\u003cbr/\u003e  - ami\\_type (string): e.g. AMD64 or ARM\u003cbr/\u003e  - spot (bool): Enable spot instances for the nodes. DO NOT ENABLE IN PROD!\u003cbr/\u003e  - disk\\_size\\_gb (number): Disk size in GB for the nodes.\u003cbr/\u003e  - max\\_pods (number): max pods that can be scheduled per node.\u003cbr/\u003e  - ssh\\_key\\_pair\\_names (list(string)): List of SSH key pair names to associate with the nodes. ref: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#KeyPairs:\u003cbr/\u003e  - kubernetes\\_labels (map(string)): Map of labels to apply to the nodes. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/\u003cbr/\u003e  - kubernetes\\_taints (list(object)): List of taints to apply to the nodes. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | \u003cpre\u003elist(object({\u003cbr/\u003e    name                = string\u003cbr/\u003e    node_count          = number\u003cbr/\u003e    instance_type       = string\u003cbr/\u003e    kubernetes_version  = string\u003cbr/\u003e    ami_release_version = string\u003cbr/\u003e    ami_type            = string\u003cbr/\u003e    spot                = bool\u003cbr/\u003e    disk_size_gb        = number\u003cbr/\u003e    max_pods            = number\u003cbr/\u003e    ssh_key_pair_names  = list(string)\u003cbr/\u003e    kubernetes_labels   = map(string)\u003cbr/\u003e    kubernetes_taints = list(object({\u003cbr/\u003e      key    = string\u003cbr/\u003e      value  = string\u003cbr/\u003e      effect = string\u003cbr/\u003e    }))\u003cbr/\u003e\u003cbr/\u003e  }))\u003c/pre\u003e | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"ami_release_version\": \"1.33.5-20251217\",\u003cbr/\u003e    \"ami_type\": \"AL2023_x86_64_STANDARD\",\u003cbr/\u003e    \"disk_size_gb\": 20,\u003cbr/\u003e    \"instance_type\": \"t3a.large\",\u003cbr/\u003e    \"kubernetes_labels\": {},\u003cbr/\u003e    \"kubernetes_taints\": [],\u003cbr/\u003e    \"kubernetes_version\": \"1.33\",\u003cbr/\u003e    \"max_pods\": 110,\u003cbr/\u003e    \"name\": \"default-pool\",\u003cbr/\u003e    \"node_count\": 1,\u003cbr/\u003e    \"spot\": false,\u003cbr/\u003e    \"ssh_key_pair_names\": []\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_peering_configs\"\u003e\u003c/a\u003e [peering\\_configs](#input\\_peering\\_configs) | A list of maps containing VPC peering configuration details | \u003cpre\u003elist(object({\u003cbr/\u003e    vpc_peering_connection_id = string\u003cbr/\u003e    destination_cidr_block    = string\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_private_subnets_enabled\"\u003e\u003c/a\u003e [private\\_subnets\\_enabled](#input\\_private\\_subnets\\_enabled) | enable private subnets | `bool` | `false` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | The AWS region to deploy into | `string` | n/a | yes |\n| \u003ca name=\"input_vpc_cidr_block\"\u003e\u003c/a\u003e [vpc\\_cidr\\_block](#input\\_vpc\\_cidr\\_block) | The CIDR block for the VPC | `string` | `\"10.65.0.0/26\"` | no |\n\n## Outputs\n\nNo outputs.\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglueops%2Fterraform-module-cloud-aws-kubernetes-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglueops%2Fterraform-module-cloud-aws-kubernetes-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglueops%2Fterraform-module-cloud-aws-kubernetes-cluster/lists"}