Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jetbrains/terraform-aws-kubernetes
This repository contains a Terraform Module that implements an architectural blueprint for EKS.
https://github.com/jetbrains/terraform-aws-kubernetes
aws eks kubernetes landing-zone-component platform-as-code terraform
Last synced: 21 days ago
JSON representation
This repository contains a Terraform Module that implements an architectural blueprint for EKS.
- Host: GitHub
- URL: https://github.com/jetbrains/terraform-aws-kubernetes
- Owner: JetBrains
- License: apache-2.0
- Created: 2023-03-21T15:49:42.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-12-16T20:10:25.000Z (21 days ago)
- Last Synced: 2024-12-16T20:42:32.275Z (21 days ago)
- Topics: aws, eks, kubernetes, landing-zone-component, platform-as-code, terraform
- Language: HCL
- Homepage:
- Size: 481 KB
- Stars: 2
- Watchers: 5
- Forks: 1
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
Awesome Lists containing this project
README
# terraform-aws-kubernetes
[](https://confluence.jetbrains.com/display/ALL/JetBrains+on+GitHub)
This repository contains a Terraform Module that sets up a Kubernetes infrastructure on AWS using Elastic Kubernetes Service (EKS).
It provides flexibility in managing its own internal networking infrastructure or using an external one, and supports different types
of node pools. The repository also includes guides for usage and contribution, automated tests, and examples for ready use.
## Compatibility
The minimum supported Terraform version is: 1.3.0.
## Features
* Configure Kubernetes cluster network with options for internal and external networking, VPC settings, subnetting, DNS, DHCP, ACLs, VPC tags and other.
* Support both AWS-managed and self-managed compute pools, with detailed configurations for instance types, scaling, and labeling.
* Specify IAM roles and policies for the Kubernetes cluster, service accounts, and encryption key management.
* Include addons for the Kubernetes cluster such as CoreDNS, VPC CNI, kube-proxy, and more with conflict resolution strategies.
* Provide detailed storage class configurations, including default classes and custom classes with parameters like encryption and volume binding modes.
* Set up monitoring, logging, and autoscaling using Helm charts with configurable repository, chart versions, and values.
* Provide means for adding custom configurations to the Kubernetes cluster, such as custom Helm charts, manifests, and scripts.
## Core concepts
* [What is EKS?](https://docs.aws.amazon.com/eks/index.html);
* [What is Kubernetes?](https://kubernetes.io/docs/home/);
* [What is a Networking Spoke?](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/hub-spoke-network-topology);
* [What are the IAM Roles for Service Accounts, as known as IRSA?](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html);
* [How to choose the best EC2 instance type for Kubernetes workers in EKS?](https://docs.aws.amazon.com/eks/latest/userguide/choosing-instance-type.html).
## Repository organization
* [examples](./examples): this folder contains ready to use examples that show how to use this Module;
* [tests](./test): this folder contains a list of automated tests for this Module and examples;
* [lib](./lib): this folder contains a list of local utilities, mostly Makefiles, to support the
contributor's maintenance effort of this Module;
* [modules](./modules): this folder contains a list of local Terraform modules that the Root Module uses;
* [.github](./.github): this folder contains a list of GitHub workflows to support contributions
during change requests and releases of this Module.
## Usage guides
Refer to this [page](./docs/GUIDES.md) for details in regard to cluster services usage instructions.
## Contribution guides
Refer to this [page](./CONTRIBUTING.md) for details in regard to contribution instructions.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [aws](#requirement\_aws) | >= 5.20 |
| [helm](#requirement\_helm) | 2.7.0 |
| [kubectl](#requirement\_kubectl) | >= 1.7.0 |
| [kubernetes](#requirement\_kubernetes) | >= 2.26.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 5.20 |
| [kubectl](#provider\_kubectl) | >= 1.7.0 |
| [kubernetes](#provider\_kubernetes) | >= 2.26.0 |
| [null](#provider\_null) | n/a |
| [random](#provider\_random) | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_eks_addon.ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
| [aws_eks_addon.efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
| [aws_ssm_parameter.grafana_admin_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [aws_ssm_parameter.grafana_admin_username](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [kubectl_manifest.default_ec2_node_class](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.default_node_pool](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [null_resource.wait_for_kubernetes_api_be_active](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [random_password.grafana_admin](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_pet.grafana_admin](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.this_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [aws_eks_cluster_auth.this_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
| [aws_iam_role.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
| [kubernetes_service_v1.kube_private_ingress_svc_url](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source |
| [kubernetes_service_v1.kube_public_ingress_svc_url](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cluster\_access\_management](#input\_cluster\_access\_management) | The access management configuration for the Kubernetes cluster |
object({
enable_cluster_creator_admin_permissions = optional(bool)
list = optional(map(any))
}) | {
"enable_cluster_creator_admin_permissions": false,
"list": {}
} | no |
| [cluster\_additional\_apps](#input\_cluster\_additional\_apps) | List of additional apps packaged as Helm Charts to deploy in the Kubernetes cluster. | list(object({
namespace = string
repository = string
repository_config = optional(object({
repository_key_file = optional(string)
repository_cert_file = optional(string)
repository_ca_file = optional(string)
repository_username = optional(string)
repository_password = optional(string)
}))
app = object({
name = string
chart = string
version = string
force_update = optional(bool)
wait = optional(bool)
recreate_pods = optional(bool)
max_history = optional(number)
lint = optional(bool)
cleanup_on_fail = optional(bool)
create_namespace = optional(bool)
disable_webhooks = optional(bool)
verify = optional(bool)
reuse_values = optional(bool)
reset_values = optional(bool)
atomic = optional(bool)
skip_crds = optional(bool)
render_subchart_notes = optional(bool)
disable_openapi_validation = optional(bool)
wait_for_jobs = optional(bool)
dependency_update = optional(bool)
replace = optional(bool)
})
values = optional(any)
params = optional(list(object({
name = string
value = any
})))
secrets = optional(list(object({
name = string
value = any
})))
})) | `[]` | no |
| [cluster\_additional\_apps\_create](#input\_cluster\_additional\_apps\_create) | Whether to create additional apps in the Kubernetes cluster | `bool` | `false` | no |
| [cluster\_additional\_identity\_providers](#input\_cluster\_additional\_identity\_providers) | The additional identity providers configuration for the Kubernetes cluster | `any` | `{}` | no |
| [cluster\_addons\_additional](#input\_cluster\_addons\_additional) | The additional addons configuration for the Kubernetes cluster | `any` | `{}` | no |
| [cluster\_addons\_default](#input\_cluster\_addons\_default) | The addons configuration for the Kubernetes cluster | `any` | {
"coredns": {
"resolve_conflicts_on_create": "OVERWRITE",
"resolve_conflicts_on_update": "OVERWRITE"
},
"eks-pod-identity-agent": {
"resolve_conflicts_on_create": "OVERWRITE",
"resolve_conflicts_on_update": "OVERWRITE"
},
"kube-proxy": {
"resolve_conflicts_on_create": "OVERWRITE",
"resolve_conflicts_on_update": "OVERWRITE"
},
"snapshot-controller": {
"resolve_conflicts_on_create": "OVERWRITE",
"resolve_conflicts_on_update": "OVERWRITE"
},
"vpc-cni": {
"before_compute": true,
"resolve_conflicts_on_create": "OVERWRITE",
"resolve_conflicts_on_update": "OVERWRITE"
}
} | no |
| [cluster\_addons\_timeouts](#input\_cluster\_addons\_timeouts) | The waiting timeouts configuration for the Kubernetes cluster addons | object({
create = optional(string)
update = optional(string)
delete = optional(string)
}) | `{}` | no |
| [cluster\_authentication\_mode](#input\_cluster\_authentication\_mode) | The authentication mode for the Kubernetes cluster | `string` | `"API_AND_CONFIG_MAP"` | no |
| [cluster\_autoscaler](#input\_cluster\_autoscaler) | The cluster autoscaler configuration for the Kubernetes cluster | object({
helm_chart_repository = string
helm_chart_repository_config = optional(string)
helm_chart_version = string
helm_chart_name = optional(string)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"helm_chart_name": "kube-karpenter",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "0.35.1"
} | no |
| [cluster\_autoscaler\_create](#input\_cluster\_autoscaler\_create) | Whether to create the cluster autoscaler for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_autoscaler\_subnet\_selector](#input\_cluster\_autoscaler\_subnet\_selector) | The subnet selector for the cluster autoscaler | `string` | `null` | no |
| [cluster\_cloudwatch\_logging](#input\_cluster\_cloudwatch\_logging) | The logging configuration for the Kubernetes cluster | object({
enabled = optional(bool)
log_types = optional(list(string))
log_group_retention_in_days = optional(number)
log_group_kms_key_id = optional(string)
log_group_class = optional(string)
log_group_tags = optional(map(string))
}) | {
"enabled": true,
"log_group_class": null,
"log_group_kms_key_id": null,
"log_group_retention_in_days": 7,
"log_group_tags": {},
"log_types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
]
} | no |
| [cluster\_compute\_pool\_aws\_managed](#input\_cluster\_compute\_pool\_aws\_managed) | The AWS managed compute pool configuration for the Kubernetes cluster | object({
defaults = optional(any)
groups = any
}) | {
"defaults": {},
"groups": {
"main": {
"capacity_type": "ON_DEMAND",
"desired_size": 2,
"disk_size": 100,
"instance_types": [
"t3a.2xlarge"
],
"labels": {
"node-type": "main"
},
"max_size": 2,
"min_size": 2,
"update_config": {
"max_unavailable_percentage": 30
},
"use_custom_launch_template": false
},
"spot": {
"capacity_type": "SPOT",
"desired_size": 3,
"disk_size": 100,
"instance_types": [
"t3a.2xlarge",
"m5a.2xlarge",
"c5a.2xlarge",
"r5a.2xlarge",
"t3a.large"
],
"labels": {
"node-type": "spot"
},
"max_size": 3,
"min_size": 3,
"update_config": {
"max_unavailable_percentage": 30
},
"use_custom_launch_template": false
}
}
} | no |
| [cluster\_compute\_pool\_fargate](#input\_cluster\_compute\_pool\_fargate) | The Fargate compute pool configuration for the Kubernetes cluster | object({
defaults = optional(any)
groups = any
}) | {
"defaults": {},
"groups": {}
} | no |
| [cluster\_compute\_pool\_self\_managed](#input\_cluster\_compute\_pool\_self\_managed) | The self managed compute pool configuration for the Kubernetes cluster | object({
defaults = optional(any)
groups = any
}) | {
"defaults": {},
"groups": {}
} | no |
| [cluster\_custom\_storage\_classes](#input\_cluster\_custom\_storage\_classes) | Custom storage class objects for the current Kubernetes cluster that can be created in addition of as a substitution for the ones defined in the cluster\_default\_storage\_storage\_classes variable | map(object({
name = optional(string)
annotations = optional(any)
reclaim_policy = optional(string)
volume_binding_mode = optional(string)
allow_volume_expansion = optional(bool)
storage_provisioner = optional(string)
parameters = optional(any)
})) | `{}` | no |
| [cluster\_database\_encryption\_config](#input\_cluster\_database\_encryption\_config) | The encryption configuration for the Kubernetes cluster | object({
provider_key_arn = optional(string)
resources = optional(list(string))
}) | {
"provider_key_arn": null,
"resources": [
"secrets"
]
} | no |
| [cluster\_default\_storage\_storage\_classes](#input\_cluster\_default\_storage\_storage\_classes) | The default standard storage class type for the current Kubernetes cluster | map(object({
name = optional(string)
annotations = optional(any)
reclaim_policy = optional(string)
volume_binding_mode = optional(string)
allow_volume_expansion = optional(bool)
parameters = optional(any)
})) | {
"golden": {
"allow_volume_expansion": true,
"annotations": {
"storageclass.kubernetes.io/is-default-class": "false"
},
"name": "golden",
"parameters": {
"allowAutoIOPSPerGBIncrease": true,
"csi.storage.k8s.io/fstype": "ext3",
"encrypted": true,
"type": "io1"
},
"reclaim_policy": "Retain",
"volume_binding_mode": "WaitForFirstConsumer"
},
"platinum": {
"allow_volume_expansion": true,
"annotations": {
"storageclass.kubernetes.io/is-default-class": "false"
},
"name": "platinum",
"parameters": {
"allowAutoIOPSPerGBIncrease": true,
"csi.storage.k8s.io/fstype": "xfs",
"encrypted": true,
"type": "io2"
},
"reclaim_policy": "Retain",
"volume_binding_mode": "WaitForFirstConsumer"
},
"standard": {
"allow_volume_expansion": true,
"annotations": {
"storageclass.kubernetes.io/is-default-class": "true"
},
"name": "standard",
"parameters": {
"allowAutoIOPSPerGBIncrease": true,
"csi.storage.k8s.io/fstype": "ext3",
"encrypted": true,
"type": "gp3"
},
"reclaim_policy": "Retain",
"volume_binding_mode": "WaitForFirstConsumer"
}
} | no |
| [cluster\_descheduler](#input\_cluster\_descheduler) | The descheduler configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"helm_chart_name": "kube-descheduler",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "0.29.0"
} | no |
| [cluster\_descheduler\_create](#input\_cluster\_descheduler\_create) | Whether to create the descheduler for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_enabled](#input\_cluster\_enabled) | Whether to create the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_encryption\_policy](#input\_cluster\_encryption\_policy) | The encryption policy for the Kubernetes cluster | object({
attach_default = optional(bool)
use_name_prefix = optional(bool)
name = optional(string)
description = optional(string)
path = optional(string)
tags = optional(map(string))
}) | {
"attach_default": true,
"description": "Cluster encryption policy to allow cluster role to utilize CMK provided",
"name": null,
"path": null,
"tags": {},
"use_name_prefix": true
} | no |
| [cluster\_iam](#input\_cluster\_iam) | The IAM role configuration for the Kubernetes cluster | object({
create_default_role = optional(bool)
role_arn = optional(string)
role_name = optional(string)
role_use_name_prefix = optional(bool)
role_path = optional(string)
role_description = optional(string)
role_permissions_boundary = optional(string)
role_additional_policies = optional(map(string))
role_tags = optional(map(string))
}) | {
"create_default_role": true,
"role_additional_policies": {},
"role_arn": null,
"role_description": null,
"role_name": null,
"role_path": null,
"role_permissions_boundary": null,
"role_tags": {},
"role_use_name_prefix": true
} | no |
| [cluster\_iam\_role\_for\_service\_account](#input\_cluster\_iam\_role\_for\_service\_account) | The IAM role configuration for the Kubernetes cluster service account | object({
enabled = optional(bool)
include_oidc_root_ca_thumbprint = optional(bool)
openid_connect_audiences = optional(list(string))
custom_oidc_thumbprints = optional(list(string))
}) | {
"custom_oidc_thumbprints": [],
"enabled": true,
"include_oidc_root_ca_thumbprint": true,
"openid_connect_audiences": []
} | no |
| [cluster\_kms](#input\_cluster\_kms) | The KMS configuration for the Kubernetes cluster | object({
enabled = optional(bool)
key_description = optional(string)
key_deletion_window_in_days = optional(string)
enable_key_rotation = optional(bool)
key_enable_default_policy = optional(bool)
key_owners = optional(list(string))
key_administrators = optional(list(string))
key_users = optional(list(string))
key_service_users = optional(list(string))
key_source_policy_documents = optional(list(string))
key_override_policy_documents = optional(list(string))
key_aliases = optional(list(string))
}) | {
"enable_key_rotation": true,
"enabled": true,
"key_administrators": [],
"key_aliases": [],
"key_deletion_window_in_days": 30,
"key_description": null,
"key_enable_default_policy": true,
"key_override_policy_documents": [],
"key_owners": [],
"key_service_users": [],
"key_source_policy_documents": [],
"key_users": []
} | no |
| [cluster\_logging](#input\_cluster\_logging) | The cluster logging configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-grafana-loki",
"helm_chart_namespace": "kube-monitoring",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "5.43.3"
} | no |
| [cluster\_logging\_collector](#input\_cluster\_logging\_collector) | The cluster logging collector configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-grafana-promtail",
"helm_chart_namespace": "kube-monitoring",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "6.15.5"
} | no |
| [cluster\_logging\_create](#input\_cluster\_logging\_create) | Whether to create the cluster logging service for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_metrics\_server](#input\_cluster\_metrics\_server) | The metrics server configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-metrics-server",
"helm_chart_namespace": "kube-monitoring",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "3.12.0"
} | no |
| [cluster\_metrics\_server\_create](#input\_cluster\_metrics\_server\_create) | Whether to create the cluster metrics server for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_monitoring](#input\_cluster\_monitoring) | The monitoring configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-prometheus-operator",
"helm_chart_namespace": "kube-monitoring",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "56.21.1"
} | no |
| [cluster\_monitoring\_create](#input\_cluster\_monitoring\_create) | Whether to create the monitoring for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_network\_external\_control\_plane\_subnet\_ids](#input\_cluster\_network\_external\_control\_plane\_subnet\_ids) | The IDs of the subnets to use for the control plane in the external network | `list(string)` | `null` | no |
| [cluster\_network\_external\_node\_subnet\_ids](#input\_cluster\_network\_external\_node\_subnet\_ids) | The IDs of the subnets to use for the nodes in the external network | `list(string)` | `null` | no |
| [cluster\_network\_external\_vpc\_id](#input\_cluster\_network\_external\_vpc\_id) | The ID of the VPC to use for the external network | `string` | `null` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_acls](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_acls) | The ACLs configuration for the public subnets in the internal VPC | object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
}) | {
"enabled": false,
"inbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
],
"outbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
} | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_addresses](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_addresses) | The CIDR blocks to use for the public subnets in the internal VPC | `list(string)` | [
"10.0.0.0/24",
"10.0.1.0/24",
"10.0.2.0/24"
]
| no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_assign\_ipv6\_address\_on\_creation](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_assign\_ipv6\_address\_on\_creation) | Whether to assign an IPv6 address to the public subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_dns64](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_dns64) | Whether to enable DNS64 for the public subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Whether to enable resource name DNS A record on launch for the public subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Whether to enable resource name DNS AAAA record on launch for the public subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_ipv6\_native](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_ipv6\_native) | Whether to enable IPv6 native for the public subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_ipv6\_prefixes](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_ipv6\_prefixes) | The IPv6 prefixes to use for the public subnets in the internal VPC | `list(string)` | `[]` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_map\_public\_ip\_on\_launch](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_map\_public\_ip\_on\_launch) | Whether to map public IP on launch for the public subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_private\_dns\_hostname\_type\_on\_launch](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_private\_dns\_hostname\_type\_on\_launch) | The private DNS hostname type on launch for the public subnets in the internal VPC | `string` | `null` | no |
| [cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_tags](#input\_cluster\_network\_internal\_public\_ingress\_subnets\_subnets\_tags) | The tags configuration for the public subnets in the internal VPC | object({
tags = optional(map(string))
route_table_tags = optional(map(string))
subnet_tags_per_az = optional(map(map(string)))
acl_tags = optional(map(string))
}) | {
"acl_tags": {},
"route_table_tags": {},
"subnet_tags_per_az": {},
"tags": {}
} | no |
| [cluster\_network\_internal\_vpc\_availability\_zones\_number](#input\_cluster\_network\_internal\_vpc\_availability\_zones\_number) | The number of availability zones to use for the internal VPC | `number` | `2` | no |
| [cluster\_network\_internal\_vpc\_cidr](#input\_cluster\_network\_internal\_vpc\_cidr) | The CIDR block to use for the internal VPC | `string` | `"10.0.0.0/16"` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_acls](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_acls) | The ACLs configuration for the data subnets in the internal VPC | object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
}) | {
"enabled": false,
"inbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
],
"outbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
} | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_addresses](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_addresses) | The CIDR blocks to use for the data subnets in the internal VPC | `list(string)` | [
"10.0.224.0/24",
"10.0.225.0/24",
"10.0.226.0/24"
]
| no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_assign\_ipv6\_address\_on\_creation](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_assign\_ipv6\_address\_on\_creation) | Whether to assign an IPv6 address to the data subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_dns\_hostname\_type\_on\_launch](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_dns\_hostname\_type\_on\_launch) | The DNS hostname type on launch for the data subnets in the internal VPC | `string` | `null` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_enable\_dns64](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_enable\_dns64) | Whether to enable DNS64 for the data subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Whether to enable resource name DNS A record on launch for the data subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Whether to enable resource name DNS AAAA record on launch for the data subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_ipv6\_native](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_ipv6\_native) | Whether to enable IPv6 native for the data subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_ipv6\_prefixes](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_ipv6\_prefixes) | The IPv6 prefixes to use for the data subnets in the internal VPC | `list(string)` | `[]` | no |
| [cluster\_network\_internal\_vpc\_data\_subnets\_tags](#input\_cluster\_network\_internal\_vpc\_data\_subnets\_tags) | The tags configuration for the data subnets in the internal VPC | object({
tags = optional(map(string))
acl_tags = optional(map(string))
}) | {
"acl_tags": {},
"tags": {}
} | no |
| [cluster\_network\_internal\_vpc\_dhcp\_options](#input\_cluster\_network\_internal\_vpc\_dhcp\_options) | The DHCP options configuration for the internal VPC | object({
enabled = bool
domain_name = string
domain_name_servers = optional(list(string))
ntp_servers = optional(list(string))
netbios_name_servers = optional(list(string))
netbios_node_type = optional(string)
tags = optional(map(string))
}) | {
"domain_name": "",
"domain_name_servers": [
"AmazonProvidedDNS"
],
"enabled": false,
"netbios_name_servers": [],
"netbios_node_type": "",
"ntp_servers": [],
"tags": {}
} | no |
| [cluster\_network\_internal\_vpc\_enable\_dns\_hostnames](#input\_cluster\_network\_internal\_vpc\_enable\_dns\_hostnames) | Whether to enable DNS hostnames for the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_enable\_dns\_support](#input\_cluster\_network\_internal\_vpc\_enable\_dns\_support) | Whether to enable DNS support for the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_enable\_network\_address\_usage\_metrics](#input\_cluster\_network\_internal\_vpc\_enable\_network\_address\_usage\_metrics) | Whether to enable network address usage metrics for the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_endpoints](#input\_cluster\_network\_internal\_vpc\_endpoints) | The VPC endpoints configuration for the internal VPC | object({
enabled = bool
services = optional(map(object({
service = string
service_name = optional(string)
service_type = optional(string)
policy = optional(string)
auto_accept = optional(bool)
private_dns_enabled = optional(bool)
})))
security_group_ids = optional(list(string))
dns_options = optional(object({
dns_record_ip_type = optional(string)
private_dns_only_for_inbound_resolver_endpoint = optional(bool)
}))
timeout_options = optional(object({
create = optional(string)
update = optional(string)
delete = optional(string)
}))
tags = optional(map(string))
}) | {
"dns_options": {},
"enabled": false,
"security_group_ids": [],
"services": {},
"tags": {},
"timeout_options": {}
} | no |
| [cluster\_network\_internal\_vpc\_instance\_tenancy](#input\_cluster\_network\_internal\_vpc\_instance\_tenancy) | The instance tenancy to use for the internal VPC | `string` | `"default"` | no |
| [cluster\_network\_internal\_vpc\_ipam\_pool\_options](#input\_cluster\_network\_internal\_vpc\_ipam\_pool\_options) | The IPAM pool configuration for the internal VPC | object({
enabled = bool
ipv4_pool_id = string
ipv4_netmask_length = number
enable_ipv6 = optional(bool)
ipv6_cidr = optional(string)
ipv6_pool_id = optional(string)
ipv6_netmask_length = optional(number)
ipv6_cidr_block_network_border_group = optional(string)
}) | {
"enable_ipv6": false,
"enabled": false,
"ipv4_netmask_length": null,
"ipv4_pool_id": null,
"ipv6_cidr": null,
"ipv6_cidr_block_network_border_group": null,
"ipv6_netmask_length": null,
"ipv6_pool_id": null
} | no |
| [cluster\_network\_internal\_vpc\_nat\_gateway\_type](#input\_cluster\_network\_internal\_vpc\_nat\_gateway\_type) | The type of NAT gateway to use for the internal VPC | `string` | `"one_nat_gateway_per_az"` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_acls](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_acls) | The ACLs configuration for the node subnets in the internal VPC | object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
}) | {
"enabled": false,
"inbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
],
"outbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
} | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_addresses](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_addresses) | The CIDR blocks to use for the node subnets in the internal VPC | `list(string)` | [
"10.0.96.0/19",
"10.0.128.0/19",
"10.0.160.0/19"
]
| no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_assign\_ipv6\_address\_on\_creation](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_assign\_ipv6\_address\_on\_creation) | Whether to assign an IPv6 address to the node subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_enable\_dns64](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_enable\_dns64) | Whether to enable DNS64 for the node subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Whether to enable resource name DNS A record on launch for the node subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Whether to enable resource name DNS AAAA record on launch for the node subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_ipv6\_native](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_ipv6\_native) | Whether to enable IPv6 native for the node subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_ipv6\_prefixes](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_ipv6\_prefixes) | The IPv6 prefixes to use for the node subnets in the internal VPC | `list(string)` | `[]` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_private\_dns\_hostname\_type\_on\_launch](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_private\_dns\_hostname\_type\_on\_launch) | The private DNS hostname type on launch for the node subnets in the internal VPC | `string` | `null` | no |
| [cluster\_network\_internal\_vpc\_node\_subnets\_tags](#input\_cluster\_network\_internal\_vpc\_node\_subnets\_tags) | The tags configuration for the node subnets in the internal VPC | object({
tags = optional(map(string))
route_table_tags = optional(map(string))
subnet_tags_per_az = optional(map(map(string)))
acl_tags = optional(map(string))
}) | {
"acl_tags": {},
"route_table_tags": {},
"subnet_tags_per_az": {},
"tags": {}
} | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_acls](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_acls) | The ACLs configuration for the intranet subnets in the internal VPC | object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
}) | {
"enabled": false,
"inbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
],
"outbound_rules": [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
} | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_addresses](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_addresses) | The CIDR blocks to use for the intranet subnets in the internal VPC | `list(string)` | [
"10.0.64.0/24",
"10.0.65.0/24",
"10.0.66.0/24"
]
| no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_assign\_ipv6\_address\_on\_creation](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_assign\_ipv6\_address\_on\_creation) | Whether to assign an IPv6 address to the intranet subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_dns\_hostname\_type\_on\_launch](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_dns\_hostname\_type\_on\_launch) | The DNS hostname type on launch for the intranet subnets in the internal VPC | `string` | `null` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_dns64](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_dns64) | Whether to enable DNS64 for the intranet subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Whether to enable resource name DNS A record on launch for the intranet subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Whether to enable resource name DNS AAAA record on launch for the intranet subnets in the internal VPC | `bool` | `true` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_ipv6\_native](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_ipv6\_native) | Whether to enable IPv6 native for the intranet subnets in the internal VPC | `bool` | `false` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_ipv6\_prefixes](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_ipv6\_prefixes) | The IPv6 prefixes to use for the intranet subnets in the internal VPC | `list(string)` | `[]` | no |
| [cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_tags](#input\_cluster\_network\_internal\_vpc\_private\_ingress\_subnets\_tags) | The tags configuration for the intranet subnets in the internal VPC | object({
tags = optional(map(string))
route_table_tags = optional(map(string))
acl_tags = optional(map(string))
}) | {
"acl_tags": {},
"route_table_tags": {},
"tags": {}
} | no |
| [cluster\_network\_internal\_vpc\_secondary\_cidr\_blocks](#input\_cluster\_network\_internal\_vpc\_secondary\_cidr\_blocks) | The secondary CIDR blocks to use for the internal VPC | `list(string)` | `[]` | no |
| [cluster\_network\_internal\_vpc\_tags](#input\_cluster\_network\_internal\_vpc\_tags) | The tags to apply to the internal VPC | `map(string)` | `{}` | no |
| [cluster\_network\_type](#input\_cluster\_network\_type) | The type of network to create. If set to internal, a new VPC will be created. If set to external, an existing VPC will be used | `string` | `"internal"` | no |
| [cluster\_node\_patcher](#input\_cluster\_node\_patcher) | The node patcher configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-node-reboot",
"helm_chart_namespace": "kube-node-rebooter",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "5.4.3"
} | no |
| [cluster\_node\_patcher\_create](#input\_cluster\_node\_patcher\_create) | Whether to create the node patcher for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_node\_security\_group](#input\_cluster\_node\_security\_group) | The security group configuration for the Kubernetes cluster nodes | object({
create_default = optional(bool)
id = optional(string)
name = optional(string)
use_name_prefix = optional(bool)
description = optional(string)
enable_efa_support = optional(bool)
enable_recommended_rules = optional(bool)
create_cni_ipv6_iam_policy = optional(bool)
additional_rules = optional(any)
tags = optional(map(string))
}) | {
"additional_rules": {},
"create_cni_ipv6_iam_policy": false,
"create_default": true,
"description": "EKS node security group",
"enable_efa_support": false,
"enable_recommended_rules": true,
"id": "",
"name": null,
"tags": {},
"use_name_prefix": true
} | no |
| [cluster\_private\_ingress](#input\_cluster\_private\_ingress) | The cluster private ingress configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-ingress-nginx",
"helm_chart_namespace": "kube-private-ingress",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "4.10.0"
} | no |
| [cluster\_private\_ingress\_create](#input\_cluster\_private\_ingress\_create) | Whether to create the private ingress for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_public\_ingress](#input\_cluster\_public\_ingress) | The cluster public ingress configuration for the Kubernetes cluster | object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
}) | {
"create_namespace_if_not_exists": true,
"helm_chart_name": "kube-ingress-nginx",
"helm_chart_namespace": "kube-public-ingress",
"helm_chart_params": [],
"helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
"helm_chart_repository_config": null,
"helm_chart_secrets": [],
"helm_chart_values": null,
"helm_chart_version": "4.10.0"
} | no |
| [cluster\_public\_ingress\_create](#input\_cluster\_public\_ingress\_create) | Whether to create the public ingress for the Kubernetes cluster | `bool` | `false` | no |
| [cluster\_security\_group](#input\_cluster\_security\_group) | The security group configuration for the Kubernetes cluster | object({
create_default = optional(bool)
create_primary_security_group_tags = optional(bool)
id = optional(string)
name = optional(string)
use_name_prefix = optional(bool)
description = optional(string)
additional_rules = optional(any)
tags = optional(map(string))
}) | {
"additional_rules": {},
"create_default": true,
"create_primary_security_group_tags": true,
"description": "EKS cluster security group",
"id": null,
"name": null,
"tags": {},
"use_name_prefix": true
} | no |
| [cluster\_service\_network\_config](#input\_cluster\_service\_network\_config) | The internal service network configuration for the Kubernetes cluster | object({
ip_family = optional(string)
service_ipv4_cidr = optional(string)
service_ipv6_cidr = optional(string)
}) | {
"ip_family": "ipv4",
"service_ipv4_cidr": null,
"service_ipv6_cidr": null
} | no |
| [cluster\_storage\_classes\_create](#input\_cluster\_storage\_classes\_create) | Whether to create the custom storage classes for the Kubernetes cluster | `bool` | `true` | no |
| [cluster\_tags](#input\_cluster\_tags) | The tags to apply to the Kubernetes cluster | `map(string)` | `{}` | no |
| [cluster\_timeouts](#input\_cluster\_timeouts) | The waiting timeouts configuration for the Kubernetes cluster | object({
create = optional(string)
update = optional(string)
delete = optional(string)
}) | {
"create": "45m",
"delete": "30m",
"update": "60m"
} | no |
| [cluster\_version](#input\_cluster\_version) | The version of the Kubernetes cluster | `string` | `"1.29"` | no |
| [cluster\_vpc\_config](#input\_cluster\_vpc\_config) | The VPC configuration for the Kubernetes cluster | object({
additional_security_group_ids = optional(list(string))
endpoint_public_access = optional(bool)
endpoint_private_access = optional(bool)
endpoint_public_access_allow_from_cidrs = optional(list(string))
}) | {
"additional_security_group_ids": [],
"endpoint_private_access": true,
"endpoint_public_access": true,
"endpoint_public_access_allow_from_cidrs": [
"0.0.0.0/0"
]
} | no |
| [prefix](#input\_prefix) | The prefix to be used for all resources in this module | `string` | `"kube"` | no |
| [tags](#input\_tags) | Specify a list of tags as key/value pairs. These tags will be applied to all resources created by this module | `map(string)` | {
"ResourceCreatedBy": "TerraformModule:terraform-aws-kubernetes"
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [cluster](#output\_cluster) | Configuration of the Kubernetes cluster |
| [cluster\_additional\_apps](#output\_cluster\_additional\_apps) | Additional apps' configurations |
| [cluster\_autoscaler](#output\_cluster\_autoscaler) | Autoscaler configuration for the Kubernetes cluster |
| [cluster\_autoscaler\_resources](#output\_cluster\_autoscaler\_resources) | Autoscaler resources for the Kubernetes cluster to be used by Cluster Users |
| [cluster\_descheduler](#output\_cluster\_descheduler) | Descheduler configuration for the Kubernetes cluster |
| [cluster\_ingresses](#output\_cluster\_ingresses) | Ingresses for the Kubernetes cluster |
| [cluster\_logging](#output\_cluster\_logging) | Cluster logging configuration for the Kubernetes cluster |
| [cluster\_monitoring](#output\_cluster\_monitoring) | Monitoring configuration for the Kubernetes cluster |
| [cluster\_network](#output\_cluster\_network) | Configuration of the internal network |
| [cluster\_node\_rebooter](#output\_cluster\_node\_rebooter) | Node rebooter configuration for the Kubernetes cluster |
| [cluster\_ssm\_params\_paths](#output\_cluster\_ssm\_params\_paths) | SSM parameters paths exported by the module for the Kubernetes cluster |
| [cluster\_storage\_classes](#output\_cluster\_storage\_classes) | Storage classes for the Kubernetes cluster |