{"id":13623671,"url":"https://github.com/particuleio/teks","last_synced_at":"2025-05-16T00:06:56.490Z","repository":{"id":37008709,"uuid":"164682422","full_name":"particuleio/teks","owner":"particuleio","description":"Full feature EKS cluster with Terragrunt/Terraform","archived":false,"fork":false,"pushed_at":"2025-05-15T08:59:52.000Z","size":1621,"stargazers_count":344,"open_issues_count":11,"forks_count":80,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-05-15T09:43:04.936Z","etag":null,"topics":["addons","aws","cluster-autoscaler","eks","external-dns","kiam","kubernetes","kubernetes-cluster","kubernetes-deployment","kubernetes-setup","terraform","terragrunt"],"latest_commit_sha":null,"homepage":"https://particuleio.github.io/teks/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/particuleio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-01-08T15:50:33.000Z","updated_at":"2025-04-03T23:07:00.000Z","dependencies_parsed_at":"2023-02-19T09:31:09.380Z","dependency_job_id":"d963151b-7b73-4619-b16b-fe02c8ebb227","html_url":"https://github.com/particuleio/teks","commit_stats":null,"previous_names":[],"tags_count":89,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/particuleio%2Fteks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/particuleio%2Fteks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/particuleio%2Fteks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/particuleio%2Fteks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/particuleio","download_url":"https://codeload.github.com/particuleio/teks/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254442854,"owners_count":22071878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["addons","aws","cluster-autoscaler","eks","external-dns","kiam","kubernetes","kubernetes-cluster","kubernetes-deployment","kubernetes-setup","terraform","terragrunt"],"created_at":"2024-08-01T21:01:34.366Z","updated_at":"2025-05-16T00:06:51.458Z","avatar_url":"https://github.com/particuleio.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"# tEKS\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"images/logo.png\"\u003e\n\u003c/p\u003e\n\n[![teks](https://github.com/particuleio/teks/actions/workflows/terraform.yml/badge.svg)](https://github.com/particuleio/teks/actions/workflows/terraform.yml)\n[![teks:mkdocs](https://github.com/particuleio/teks/actions/workflows/mkdocs.yml/badge.svg)](https://github.com/particuleio/teks/actions/workflows/mkdocs.yml)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fparticuleio%2Fteks.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fparticuleio%2Fteks?ref=badge_shield)\n\n\u003c!-- vim-markdown-toc GFM --\u003e\n\n* [Terraform/Terragrunt](#terraformterragrunt)\n* [Contributing](#contributing)\n* [Requirements](#requirements)\n  * [Terragrunt](#terragrunt)\n* [Quickstart](#quickstart)\n* [Main purposes](#main-purposes)\n* [What you get](#what-you-get)\n* [Curated Features](#curated-features)\n  * [Bottlerocket support](#bottlerocket-support)\n  * [AWS Session Manager by default](#aws-session-manager-by-default)\n  * [From and to Zero scaling with EKS Managed Node Groups](#from-and-to-zero-scaling-with-eks-managed-node-groups)\n  * [Automatic dependencies upgrade](#automatic-dependencies-upgrade)\n  * [Enforced security](#enforced-security)\n  * [Out of the box logging](#out-of-the-box-logging)\n  * [Out of the box monitoring](#out-of-the-box-monitoring)\n  * [Long term storage with Thanos](#long-term-storage-with-thanos)\n  * [Support for ARM instances](#support-for-arm-instances)\n  * [Helm v3 provider](#helm-v3-provider)\n  * [Other and not limited to](#other-and-not-limited-to)\n  * [Always up to date](#always-up-to-date)\n* [Requirements](#requirements-1)\n  * [Pre-commit](#pre-commit)\n  * [ASDF](#asdf)\n    * [Enabling plugins](#enabling-plugins)\n    * [Installing tools](#installing-tools)\n* [Examples](#examples)\n* [Additional infrastructure blocks](#additional-infrastructure-blocks)\n* [Branches](#branches)\n* [License](#license)\n\n\u003c!-- vim-markdown-toc --\u003e\n\ntEKS is a set of Terraform / Terragrunt modules designed to get you everything\nyou need to run a production EKS cluster on AWS. It ships with sensible\ndefaults, and add a lot of common addons with their configurations that work out\nof the box.\n\nThis is our opinionated view of what a well structred infrastructure as code\nrepository should look like.\n\n:warning: the v5 and further version of this project have been completely revamp\nand now offer a skeleton to use as a base for your infrastructure projects\naround EKS. All the modules have been moved outside this repository and get\ntheir own versioning. The [old README is accessible\nhere](https://github.com/particuleio/teks/tree/release-4.X)\n\n:warning: Terraform implementation will not be maintained anymore because of\ntime, and mostly because it has become quite difficult to get feature parity\nwith Terragrunt. [Archive branch is available here](https://github.com/particuleio/teks/tree/archive/terraform)\n\n## Terraform/Terragrunt\n\n* Terragrunt implementation is available in the [`terragrunt`](./terragrunt) folder.\n\n## Contributing\n\nContribution are welcome, as well as issues, we are usually quite reactive. If\nyou need more support for your project, do not hesitate to [reach us\ndirectly](mailto:contact@particule.io).\n\n## Requirements\n\n### Terragrunt\n\n* [Terraform](https://www.terraform.io/downloads.html)\n* [Terragrunt](https://github.com/gruntwork-io/terragrunt/releases)\n\n## Quickstart\n\nQuickstart guide is available [here](./QUICKSTART.md) or on the [official\ndocumentation website](https://particuleio.github.io/teks/)\n\n## Main purposes\n\nThe main goal of this project is to glue together commonly used tooling with Kubernetes/EKS and to get from an AWS Account to a production cluster with everything you need without any manual configuration.\n\n## What you get\n\nA production cluster all defined in IaaC with Terraform/Terragrunt:\n\n* AWS VPC if needed based on [`terraform-aws-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc)\n* EKS cluster base on [`terraform-aws-eks`](https://github.com/terraform-aws-modules/terraform-aws-eks)\n* Kubernetes addons based on [`terraform-kubernetes-addons`](https://github.com/particuleio/terraform-kubernetes-addons): provides various addons that are often used on Kubernetes and specifically on EKS. This module is currated by [Particule](https://particule.io/en/) and well maintained.\n\nEverything is tied together with Terragrunt and allows you to deploy a multi\ncluster architecture in a matter of minutes.\n\n## Curated Features\n\nThe additional features are provided by tEKS here as well as our [curated addons\nmodule](https://github.com/particuleio/terraform-kubernetes-addons) which\nsupport a bunch of various configuration.\n\n### Bottlerocket support\n\n[Bottlerocket OS](https://github.com/bottlerocket-os/bottlerocket) is available\nfor node groups (see example\n[here](https://github.com/particuleio/teks/tree/main/terragrunt/live/production/eu-west-1/clusters/demo/eks)).\nBottle rocket is a container centric OS with less attack surface and no default\nshell.\n\n### AWS Session Manager by default\n\nAll the instances (Bottlerocket or Amazon Linux) are registered with [AWS Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html). No SSH keys or SSH access is open on instances. Shell access on every instance can be given with SSM for added security.\n\n```\naws ssm start-session --target INSTANCE_ID\n```\n\n### From and to Zero scaling with EKS Managed Node Groups\n\ntEKS support scaling to and from 0, even with using [well know Kubernetes labels](https://kubernetes.io/docs/reference/labels-annotations-taints/), there are a number of [ongoing issues](https://github.com/aws/containers-roadmap/issues/724) for support of [EKS Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) with [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler). Thanks to [automatic ASG tagging](https://github.com/particuleio/teks/blob/main/terragrunt/snippets/eks-asg-tags/eks-asg-tags.tf), tEKS adds the necessary tags on autoscaling group to balance similar node groups and allow you to scale to and from 0 and even to use well know labels such as `node.kubernetes.io/instance-type` or `topology.kubernetes.io/zone\n`. The logic can be extended to support other well known labels.\n\n### Automatic dependencies upgrade\n\nWe are using renovate to automatically open PR with the latest dependencies\nupdate (Terraform modules upgrade) so you never miss an upgrade and are alwasy\nup to date with the latest features.\n\n### Enforced security\n\n* Encryption by default for root volume on instances with Custom KMS Key\n* AWS EBS CSI volumes encrypted by default with Custom KMS Key\n* No IAM credentials on instances, everything is enforced with [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/).\n* Each addons is deployed in it's own namespace with sensible default network policies.\n* Calico Tigera Operator for network policy.\n* PSP are enabled but not enforced because of depreciation.\n\n### Out of the box logging\n\nThree stacks are supported:\n* [AWS for Fluent Bit](https://docs.fluentbit.io/manual/installation/aws-container): Forward containers logs to Cloudwatch Logs\n* [Grafana Loki](https://grafana.com/oss/loki/): Uses [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) to forward logs\n    to [Loki](https://grafana.com/oss/loki/). Grafana or a tEKS supported\n    monitoring stack (see below) is necessary to display logs.\n\n### Out of the box monitoring\n\n* Prometheus Operator with defaults dashboards\n* Addons that support metrics are enable along with their `serviceMonitor`\n* Custom grafana dashboard are available by default\n\nTwo stacks are supported:\n* [Victoria Metrics](https://victoriametrics.com/) [Stack](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack): [Victoria Metrics](https://victoriametrics.com/) is a Prometheus alertnative, [compatible with prometheus CRDs](https://github.com/VictoriaMetrics/operator#overview)\n* [Kube Prometheus Stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack): Classic [Prometheus](https://prometheus.io/) Monitoring\n\n### Long term storage with Thanos\n\nWith Prometheus, tEKS includes [Thanos](https://thanos.io/) by default. Thanos\nuses S3 to store and query metrics, offering long term storage without the\ncosts. For more information check out our article on the [CNCF\nBlog](https://www.cncf.io/blog/2021/03/15/multi-cluster-monitoring-with-thanos/)\n\n### Support for ARM instances\n\nWith either Amazon Linux or BottleRocket, you can use a mix of ARM and AMD64\ninstances. [Check out our\nexample](https://github.com/particuleio/teks/blob/main/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl#L157)\n\n### Helm v3 provider\n\n* All addons support Helm v3 configuration\n* All charts are easily customizable\n\n### Other and not limited to\n\n* priorityClasses for addons and critical addons\n* lot of manual stuff have been automated under the hood\n\n### Always up to date\n\nWe always support the latest modules and features [for our addons module](https://github.com/particuleio/terraform-kubernetes-addons).\n\nOur cutting edges addons include (not limited to):\n  * [AWS EBS CSI Drivers](https://github.com/kubernetes-sigs/aws-ebs-csi-driver): Support for Volume encryption by default, snapshot, etc\n  * [AWS EFS CSI Drivers](https://github.com/kubernetes-sigs/aws-efs-csi-driver): Use AWS NFS shares.\n  * [Secret Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/): load\n      secret from Secret Managers with\n      `aws-secret-store-csi-driver` [driver](https://github.com/aws/secrets-store-csi-driver-provider-aws)\n  * [Linkerd2](https://linkerd.io/) or [Certificate Manager CSI](https://cert-manager.io/docs/usage/csi/) for mTLS\n\n\n## Requirements\n\nTerragrunt is not a hard requirement but all the modules are tested with Terragrunt.\n\n* [Terraform](https://www.terraform.io/intro/getting-started/install.html)\n* [Terragrunt](https://github.com/gruntwork-io/terragrunt#install-terragrunt)\n* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)\n* [helm](https://helm.sh/)\n\n### Pre-commit\n\nThis repository use pre-commit hooks, please see\n[this](https://github.com/antonbabenko/pre-commit-terraform#how-to-install) on\nhow to setup tooling\n\n### ASDF\n\n[ASDF](https://asdf-vm.com/) is a package manager which is great for managing\ncloud native tooling. More info [here](https://particule.io/blog/asdf/) (eg.\nFrench).\n\n#### Enabling plugins\n\n```\nfor p in $(cut -d \" \" .tool-versions -f1); do asdf plugin add $p; done\n```\n\n#### Installing tools\n\n```\nasdf install\n```\n\n## Examples\n\n[`terragrunt/live`](terragrunt/live) folder provides an opinionated directory structure for a production environment.\n\n## Additional infrastructure blocks\n\nIf you wish to extend your infrastructure you can pick up additional modules on the [particuleio github page](https://github.com/particuleio).\nSome modules can also be found on the [clusterfrak-dynamics github page](https://github.com/clusterfrak-dynamics).\n\n## Branches\n\n* [`main`](https://github.com/particuleio/teks/tree/main): Backward incompatible with v1.X but compatible with v2.X, releases bumped to v3.X because a lot has changed.\n* [`release-1.X`](https://github.com/particuleio/teks/tree/release-1.X): Compatible with Terraform \u003c 0.12 and Terragrunt \u003c 0.19. Be sure to target the same modules version.\n* [`release-2.X`](https://github.com/particuleio/teks/tree/release-2.X): Compatible with Terraform \u003e= 0.12 and Terragrunt \u003e= 0.19. Be sure to target the same modules version.\n\n## License\n\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fparticuleio%2Fteks.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fparticuleio%2Fteks?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparticuleio%2Fteks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparticuleio%2Fteks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparticuleio%2Fteks/lists"}