https://github.com/jina-ai/terraform-jcloud-aws-infra

JCloud terraform modules for AWS
https://github.com/jina-ai/terraform-jcloud-aws-infra

Last synced: 2 months ago
JSON representation

JCloud terraform modules for AWS

• Host: GitHub
• URL: https://github.com/jina-ai/terraform-jcloud-aws-infra
• Owner: jina-ai
• License: apache-2.0
• Created: 2023-09-14T09:50:37.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-22T11:02:54.000Z (over 1 year ago)
• Last Synced: 2025-07-18T03:52:47.000Z (3 months ago)
• Language: HCL
• Size: 265 KB
• Stars: 2
• Watchers: 10
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Terraform-JCloud-AWS-Infra

Terraform module which creates JCloud infra resource running on AWS based on EKS (Kubernetes) resources

#### Infrastructure:

The module includes below infrastructure and sub modules to support various JCloud features:

- **infrastructures**:

  - EKS

  - VPC

- **components**:

    - [EBS-CSI](https://github.com/kubernetes-sigs/aws-ebs-csi-driver)

    - [EFS-CSI](https://github.com/kubernetes-sigs/aws-efs-csi-driver)

    - [Karpenter](https://karpenter.sh/)

    - [Knativer](https://knative.dev/docs/)

    - [Kong](https://konghq.com/)

    - [external-dns](https://github.com/kubernetes-sigs/external-dns)

    - [cert-manager](https://cert-manager.io/)

    - [linkerd](https://linkerd.io/)

The examples provided under `examples/` provide a set of configurations that demonstrate different configurations and settings that can be used with this module. However, these examples are not representative production cluster.

#### Components:

  Components refers the Kubernetes tools or software that support JCloud features.

  - Knative (support application autoscale)

  - Kong (Ingress gateway)

  - Linkerd (Service Mesh)

  - External-dns (External DNS registration)

  - Karpenter (node autoscale)

### Usage

```

data "aws_partition" "current" {}

data "aws_caller_identity" "current" {}

################################################################################

# k8s Module

################################################################################

module "jcloud" {

  source = "jina-ai/aws-infra/jcloud"

  version = "0.0.1"

  region       = "us-east-1"

  cluster_name = "jcloud-dev"

  vpc_name    = "jcloud-dev-vpc"

  eks_version = "1.27"

  cidr            = "10.200.0.0/20"

  azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]

  public_subnets  = ["10.200.6.0/24", "10.200.7.0/24", "10.200.8.0/24"]

  private_subnets = ["10.200.0.0/23", "10.200.2.0/23", "10.200.4.0/23"]

  kms_key_owners = [data.aws_caller_identity.current.arn]

  eks_admin_users = [data.aws_caller_identity.current.arn]

  enable_cert_manager = false

  enable_kong         = true

  enable_linkerd      = true

  tags = var.tags

}

```

## Examples

- [Minimal](https://github.com/jina-ai/terraform-jcloud-aws-infra/tree/master/examples/minimal): JCloud cluster only with ingress controller.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [aws](#requirement\_aws) | >= 4.47 |

|  [helm](#requirement\_helm) | >= 2.4 |

|  [kubectl](#requirement\_kubectl) | >= 1.14 |

|  [random](#requirement\_random) | >= 2.1.2 |

|  [tls](#requirement\_tls) | ~> 3.0 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.47 |

|  [helm](#provider\_helm) | >= 2.4 |

|  [kubectl](#provider\_kubectl) | >= 1.14 |

|  [kubernetes](#provider\_kubernetes) | n/a |

|  [time](#provider\_time) | n/a |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [alb-controller](#module\_alb-controller) | ./modules/aws/alb-controller | n/a |

|  [autoscaler](#module\_autoscaler) | ./modules/aws/cluster-autoscaler | n/a |

|  [cert\_manager](#module\_cert\_manager) | ./modules/general/cert-manager | n/a |

|  [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.16.0 |

|  [eks-ebs-csi](#module\_eks-ebs-csi) | ./modules/aws/k8s-ebs-csi | n/a |

|  [eks-efs-csi](#module\_eks-efs-csi) | ./modules/aws/k8s-efs-csi | n/a |

|  [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | terraform-aws-modules/eks/aws//modules/eks-managed-node-group | n/a |

|  [external-dns](#module\_external-dns) | ./modules/general/external-dns | n/a |

|  [karpenter\_irsa](#module\_karpenter\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.2.0 |

|  [knative](#module\_knative) | ./modules/general/knative | n/a |

|  [kong](#module\_kong) | ./modules/general/kong | n/a |

|  [kubecost](#module\_kubecost) | ./modules/general/kubecost | n/a |

|  [linkerd](#module\_linkerd) | ./modules/general/linkerd | n/a |

|  [monitor](#module\_monitor) | ./modules/general/monitor | n/a |

|  [nvidia\_plugin](#module\_nvidia\_plugin) | ./modules/nvidia | n/a |

|  [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |

|  [vpc\_endpoint\_security\_group](#module\_vpc\_endpoint\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |

|  [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 3.0 |

## Resources

| Name | Type |

|------|------|

| [aws_iam_instance_profile.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |

| [aws_launch_template.gpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |

| [aws_launch_template.gpu_shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |

| [aws_launch_template.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |

| [aws_launch_template.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |

| [helm_release.karpenter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [kubectl_manifest.karpenter_provisioner](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.karpenter_provisioner_gpu](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.karpenter_provisioner_gpu_shared](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.karpenter_provisioner_privileged](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.karpenter_provisioner_system](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.wolf_resources](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubernetes_config_map_v1_data.coredns-domain](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1_data) | resource |

| [time_sleep.ng](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |

| [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |

| [aws_ami.eks_node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

| [aws_ami.eks_node_gpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |

| [aws_eks_cluster_auth.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

| [kubectl_file_documents.wolf](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [alertmanager\_config\_yaml\_body](#input\_alertmanager\_config\_yaml\_body) | Prometheus' Alertmanager Values in YAML Format | `string` | `""` | no |

|  [app\_ref](#input\_app\_ref) | Suffix of Project Name of the AWS Resource | `string` | `""` | no |

|  [aws\_auth\_fargate\_profile\_pod\_execution\_role\_arns](#input\_aws\_auth\_fargate\_profile\_pod\_execution\_role\_arns) | List of Fargate profile pod execution role ARNs to add to the aws-auth configmap | `list(string)` | `[]` | no |

|  [aws\_auth\_node\_iam\_role\_arns\_non\_windows](#input\_aws\_auth\_node\_iam\_role\_arns\_non\_windows) | List of non-Windows based node IAM role ARNs to add to the aws-auth configmap | `list(string)` | `[]` | no |

|  [aws\_auth\_node\_iam\_role\_arns\_windows](#input\_aws\_auth\_node\_iam\_role\_arns\_windows) | List of Windows based node IAM role ARNs to add to the aws-auth configmap | `list(string)` | `[]` | no |

|  [azs](#input\_azs) | A list of availability zones in the region | `list(string)` | `[]` | no |

|  [certs](#input\_certs) | JCloud ingress certs | `list(map(string))` | `[]` | no |

|  [cidr](#input\_cidr) | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overriden | `string` | `"0.0.0.0/0"` | no |

|  [cluster\_name](#input\_cluster\_name) | Project Name of the AWS Resources | `string` | `""` | no |

|  [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |

|  [create\_buckets](#input\_create\_buckets) | Jcloud monitor bucket | `bool` | `true` | no |

|  [create\_cluster\_security\_group](#input\_create\_cluster\_security\_group) | Determines if a security group is created for the cluster. Note: the EKS service creates a primary security group for the cluster by default | `bool` | `true` | no |

|  [create\_kms\_key](#input\_create\_kms\_key) | Controls if a KMS key for cluster encryption should be created | `bool` | `true` | no |

|  [create\_kubecost\_metrics\_buckets](#input\_create\_kubecost\_metrics\_buckets) | Whether to Create Kubecost metrics bucket | `bool` | `false` | no |

|  [create\_node\_security\_group](#input\_create\_node\_security\_group) | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | `bool` | `true` | no |

|  [domain\_filters](#input\_domain\_filters) | The domain filters for external dns | `string` | `"{wolf.jina.ai,dev.jina.ai,docsqa.jina.ai}"` | no |

|  [ebs\_binding\_mode](#input\_ebs\_binding\_mode) | EBS Storage class binding mode | `string` | `"Immediate"` | no |

|  [efs\_binding\_mode](#input\_efs\_binding\_mode) | EFS Storage class binding mode | `string` | `"Immediate"` | no |

|  [eks\_admin\_roles](#input\_eks\_admin\_roles) | eks admin roles | `list(string)` | `[]` | no |

|  [eks\_admin\_users](#input\_eks\_admin\_users) | eks admin user | `list(string)` | 
[
  "jcloud-eks-user"
]
 | no |

|  [eks\_custom\_roles](#input\_eks\_custom\_roles) | eks custom roles | `map(string)` | `{}` | no |

|  [eks\_custom\_users](#input\_eks\_custom\_users) | eks custom user | `map(string)` | `{}` | no |

|  [eks\_managed\_node\_group\_defaults](#input\_eks\_managed\_node\_group\_defaults) | Map of EKS managed node group default configurations | `any` | `{}` | no |

|  [eks\_readonly\_roles](#input\_eks\_readonly\_roles) | eks readonly roles | `list(string)` | `[]` | no |

|  [eks\_readonly\_users](#input\_eks\_readonly\_users) | eks readonly user | `list(string)` | `[]` | no |

|  [eks\_version](#input\_eks\_version) | EKS version | `string` | `""` | no |

|  [enable\_alb\_controller](#input\_enable\_alb\_controller) | Whether enable ALB controller in EKS | `bool` | `false` | no |

|  [enable\_cert\_manager](#input\_enable\_cert\_manager) | Whether create cert manager role for service account | `bool` | `true` | no |

|  [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Whether enable cluster autoscaler | `bool` | `false` | no |

|  [enable\_ebs](#input\_enable\_ebs) | Whether to enable ebs | `bool` | `false` | no |

|  [enable\_efs](#input\_enable\_efs) | Whether to enable efs | `bool` | `false` | no |

|  [enable\_external\_dns](#input\_enable\_external\_dns) | Whether to enable external dns | `bool` | `false` | no |

|  [enable\_gpu](#input\_enable\_gpu) | Whether enable GPU | `bool` | `false` | no |

|  [enable\_grafana](#input\_enable\_grafana) | Whether Grafana is Enabled | `bool` | `false` | no |

|  [enable\_karpenter](#input\_enable\_karpenter) | Whether to enable karpenter | `bool` | `false` | no |

|  [enable\_knative](#input\_enable\_knative) | Whether to enable Knative | `bool` | `false` | no |

|  [enable\_kong](#input\_enable\_kong) | Whether to enable Kong | `bool` | `true` | no |

|  [enable\_kubecost](#input\_enable\_kubecost) | Whether to enable Kubecost | `bool` | `false` | no |

|  [enable\_linkerd](#input\_enable\_linkerd) | Whether to enable Linkerd | `bool` | `true` | no |

|  [enable\_logging](#input\_enable\_logging) | If set to true, Loki and Promtail will be enabled, and corresponding toggles (i.e. enable\_loki, enable\_promtail) will be overwritten | `bool` | `false` | no |

|  [enable\_loki](#input\_enable\_loki) | Whether Loki is enabled | `bool` | `false` | no |

|  [enable\_metrics](#input\_enable\_metrics) | If set to true, Prometheus, Thanos and DCGM Exporter will be enabled, and corresponding toggles (i.e enable\_prometheus, enable\_thanos, enable\_dcgm\_exporter) will be overwritten | `bool` | `false` | no |

|  [enable\_monitor](#input\_enable\_monitor) | Whether enable jcloud monitor such as Prometheus and Loki | `bool` | `false` | no |

|  [enable\_monitor\_store](#input\_enable\_monitor\_store) | Whether enable jcloud monitor s3 store and related IAM roles | `bool` | `false` | no |

|  [enable\_otlp\_collector](#input\_enable\_otlp\_collector) | Whether to enable OTLP Collector | `bool` | `false` | no |

|  [enable\_prometheus](#input\_enable\_prometheus) | Whether Prometheus is Enabled | `bool` | `false` | no |

|  [enable\_promtail](#input\_enable\_promtail) | Whether Promtail is enabled | `bool` | `false` | no |

|  [enable\_tempo](#input\_enable\_tempo) | Whether to enable Tempo for tracing | `bool` | `false` | no |

|  [enable\_thanos](#input\_enable\_thanos) | Whether Thanos is Enabled | `bool` | `false` | no |

|  [enable\_tracing](#input\_enable\_tracing) | If set to true, Tempo and OTLP Collector will be enabled, and corresponding toggles (i.e enable\_tempo, enable\_otlp\_collector) will be overwritten | `bool` | `false` | no |

|  [gpu\_instance\_type](#input\_gpu\_instance\_type) | A list of EC2 instance type for dedicated GPU usage | `list(string)` | 
[
  "g5.xlarge",
  "g5.2xlarge",
  "g5.4xlarge",
  "g5.12xlarge"
]
 | no |

|  [gpu\_node\_labels](#input\_gpu\_node\_labels) | Karpenter accelerator type for GPU | `map(any)` | `{}` | no |

|  [grafana\_additional\_data\_sources\_yaml\_body](#input\_grafana\_additional\_data\_sources\_yaml\_body) | (Optional) Grafana Additional Data Sources List in YAML Format. If not provided, use default data sources | `string` | `""` | no |

|  [grafana\_admin\_password](#input\_grafana\_admin\_password) | Grafana Admin Password | `string` | `""` | no |

|  [grafana\_database](#input\_grafana\_database) | Grafana Database Credentials | `map(string)` | 
{
  "host": "",
  "password": "",
  "type": "",
  "user": ""
}
 | no |

|  [grafana\_ingress\_class\_name](#input\_grafana\_ingress\_class\_name) | Grafana Ingress Class Name. Ignored if grafana\_ingress\_yaml\_body is set. | `string` | `"kong"` | no |

|  [grafana\_ingress\_tls\_secret\_name](#input\_grafana\_ingress\_tls\_secret\_name) | Grafana Ingress TLS Secret Name. Ignored if grafana\_ingress\_yaml\_body is set | `string` | `""` | no |

|  [grafana\_ingress\_yaml\_body](#input\_grafana\_ingress\_yaml\_body) | Grafana Ingress Values in YAML Format. This overwrites grafana\_ingress\_tls\_secret\_name and grafana\_ingress\_class\_name | `string` | `""` | no |

|  [grafana\_server\_domain](#input\_grafana\_server\_domain) | Grafana Server Domain | `string` | `""` | no |

|  [init\_node\_type](#input\_init\_node\_type) | A list of EC2 instance type for init node group | `list(string)` | 
[
  "t3.medium"
]
 | no |

|  [karpenter\_consolidation\_enable](#input\_karpenter\_consolidation\_enable) | Whether to enable consolidation on Karpenter | `bool` | `false` | no |

|  [kms\_key\_administrators](#input\_kms\_key\_administrators) | A list of IAM ARNs for [key administrators](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-administrators). If no value is provided, the current caller identity is used to ensure at least one key admin is available | `list(string)` | `[]` | no |

|  [kms\_key\_owners](#input\_kms\_key\_owners) | A list of IAM ARNs for those who will have full key permissions (`kms:*`) | `list(string)` | `[]` | no |

|  [kms\_key\_users](#input\_kms\_key\_users) | A list of IAM ARNs for [key users](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-users) | `list(string)` | `[]` | no |

|  [kubecost\_athena\_bucket](#input\_kubecost\_athena\_bucket) | Kubecost athena bucket url | `string` | `""` | no |

|  [kubecost\_athena\_region](#input\_kubecost\_athena\_region) | Kubecost athena bucket region | `string` | `"us-east-1"` | no |

|  [kubecost\_grafana\_host](#input\_kubecost\_grafana\_host) | Kubecost grafana host | `string` | `""` | no |

|  [kubecost\_master](#input\_kubecost\_master) | Whethere is kubecost master | `bool` | `true` | no |

|  [kubecost\_metric\_buckets](#input\_kubecost\_metric\_buckets) | Kubecost metrics bucket | `string` | `""` | no |

|  [kubecost\_s3\_region](#input\_kubecost\_s3\_region) | Kubecost metrics bucket region | `string` | `"us-east-1"` | no |

|  [log\_bucket](#input\_log\_bucket) | Jcloud log bucket name | `string` | `""` | no |

|  [log\_bucket\_region](#input\_log\_bucket\_region) | Log Bucket Region | `string` | `""` | no |

|  [loki\_overwrite\_values\_yaml\_body](#input\_loki\_overwrite\_values\_yaml\_body) | Overwrite Loki Values in YAML. Please refer to https://github.com/grafana/loki/blob/main/production/helm/loki/values.yaml for all possible values you can set. | `string` | `""` | no |

|  [metrics\_bucket](#input\_metrics\_bucket) | Jcloud metrics bucket name | `string` | `""` | no |

|  [metrics\_bucket\_region](#input\_metrics\_bucket\_region) | Metrics S3 Bucket Region | `string` | `""` | no |

|  [monitor\_iam\_access\_key\_id](#input\_monitor\_iam\_access\_key\_id) | Monitor IAM Access Key ID | `string` | `""` | no |

|  [monitor\_iam\_access\_key\_secret](#input\_monitor\_iam\_access\_key\_secret) | Monitor IAM Access Key Secret | `string` | `""` | no |

|  [node\_groups](#input\_node\_groups) | Map of EKS managed node group definitions to create | `any` | `{}` | no |

|  [node\_security\_group\_id](#input\_node\_security\_group\_id) | ID of an existing security group to attach to the node groups created | `string` | `""` | no |

|  [otlp\_collector\_overwrite\_values\_yaml\_body](#input\_otlp\_collector\_overwrite\_values\_yaml\_body) | Overwrite OTLP Collector Values in YAML | `string` | `""` | no |

|  [otlp\_endpoint](#input\_otlp\_endpoint) | OTLP Endpoint | `string` | `"kube-tempo-distributor:4317"` | no |

|  [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |

|  [prometheus\_otlp\_collector\_scrape\_endpoint](#input\_prometheus\_otlp\_collector\_scrape\_endpoint) | OTLP Collector Scrape Endpoint | `string` | `"kube-otlp-collector-opentelemetry-collector.monitor.svc.cluster.local:8888"` | no |

|  [prometheus\_stack\_overwrite\_values\_yaml\_body](#input\_prometheus\_stack\_overwrite\_values\_yaml\_body) | Overwrite Prometheus-Stack Values in YAML. Please refer to https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml for all possible values you can set. | `string` | `""` | no |

|  [promtail\_clients\_urls](#input\_promtail\_clients\_urls) | Promtail's Clients' URLS to push logs to | `list(string)` | 
[
  "http://kube-loki.monitor.svc.cluster.local:3100/loki/api/v1/push"
]
 | no |

|  [promtail\_overwrite\_values\_yaml\_body](#input\_promtail\_overwrite\_values\_yaml\_body) | Overwrite Promtail Values in YAML | `string` | `""` | no |

|  [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |

|  [region](#input\_region) | Region of the AWS resources | `string` | `"us-east-1"` | no |

|  [remote\_cert\_manager\_role](#input\_remote\_cert\_manager\_role) | Remote cert manager role | `string` | `""` | no |

|  [remote\_external\_dns\_role](#input\_remote\_external\_dns\_role) | Remote AWS external DNS role | `string` | `""` | no |

|  [shared\_gpu\_instance\_type](#input\_shared\_gpu\_instance\_type) | A list of EC2 instance type for shared GPU usage | `list(string)` | 
[
  "g5.xlarge",
  "g5.2xlarge",
  "g5.4xlarge"
]
 | no |

|  [shared\_gpu\_node\_labels](#input\_shared\_gpu\_node\_labels) | Karpenter accelerator type for shared GPU | `map(any)` | `{}` | no |

|  [shared\_gpu\_slicing\_replicas](#input\_shared\_gpu\_slicing\_replicas) | Shared GPU slice number | `number` | `3` | no |

|  [tags](#input\_tags) | Tags for AWS Resource | `map(string)` | `{}` | no |

|  [tempo\_overwrite\_values\_yaml\_body](#input\_tempo\_overwrite\_values\_yaml\_body) | Overwrite Tempo Values in YAML. Please refer to https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/values.yaml for all possible values you can set. | `string` | `""` | no |

|  [thanos\_object\_storage\_config\_key](#input\_thanos\_object\_storage\_config\_key) | Thanos object storage name | `string` | `"objstore.yml"` | no |

|  [thanos\_object\_storage\_config\_name](#input\_thanos\_object\_storage\_config\_name) | Thanos object storage name | `string` | `"jcloud-monitor-store"` | no |

|  [thanos\_overwrite\_values\_yaml\_body](#input\_thanos\_overwrite\_values\_yaml\_body) | Thanos Overwrite Values in YAML | `string` | `""` | no |

|  [traces\_bucket](#input\_traces\_bucket) | Jcloud traces bucket name | `string` | `""` | no |

|  [traces\_bucket\_region](#input\_traces\_bucket\_region) | Traces S3 Bucket Region | `string` | `""` | no |

|  [vpc\_cni\_version](#input\_vpc\_cni\_version) | EKS VPC CNI addon version | `string` | `""` | no |

|  [vpc\_name](#input\_vpc\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |


## Outputs

| Name | Description |

|------|-------------|

|  [aws\_auth\_configmap\_yaml](#output\_aws\_auth\_configmap\_yaml) | [DEPRECATED - use `var.manage_aws_auth_configmap`] Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles |

|  [azs](#output\_azs) | A list of availability zones specified as argument to this module |

|  [cert\_manager\_irsa\_arn](#output\_cert\_manager\_irsa\_arn) | cert manager service account IAM Role ARN |

|  [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |

|  [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |

|  [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled |

|  [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster |

|  [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster |

|  [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server |

|  [cluster\_iam\_role\_arn](#output\_cluster\_iam\_role\_arn) | IAM role ARN of the EKS cluster |

|  [cluster\_iam\_role\_name](#output\_cluster\_iam\_role\_name) | IAM role name of the EKS cluster |

|  [cluster\_iam\_role\_unique\_id](#output\_cluster\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |

|  [cluster\_id](#output\_cluster\_id) | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready |

|  [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled |

|  [cluster\_name](#output\_cluster\_name) | The name of the cluster |

|  [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |

|  [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster |

|  [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |

|  [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group |

|  [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group |

|  [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` |

|  [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster |

|  [efs\_dns\_name](#output\_efs\_dns\_name) | The DNS name for the filesystem |

|  [efs\_id](#output\_efs\_id) | The ID that identifies the file system (e.g., fs-ccfc0d65). |

|  [efs\_irsa\_arn](#output\_efs\_irsa\_arn) | efs service account IAM Role ARN |

|  [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created |

|  [loki\_yaml\_body](#output\_loki\_yaml\_body) | YAML of Loki |

|  [monitor\_iam\_access\_key\_id](#output\_monitor\_iam\_access\_key\_id) | The access key ID |

|  [monitor\_iam\_access\_key\_secret](#output\_monitor\_iam\_access\_key\_secret) | The access key secret |

|  [monitor\_iam\_role\_arn](#output\_monitor\_iam\_role\_arn) | ARN of IAM role |

|  [monitor\_iam\_role\_name](#output\_monitor\_iam\_role\_name) | Name of IAM role |

|  [monitor\_iam\_user\_arn](#output\_monitor\_iam\_user\_arn) | The ARN assigned by AWS for this user |

|  [monitor\_iam\_user\_name](#output\_monitor\_iam\_user\_name) | The user's name |

|  [mount\_target\_dns\_name](#output\_mount\_target\_dns\_name) | The DNS name for the given subnet/AZ |

|  [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group |

|  [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group |

|  [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) |

|  [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` |

|  [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |

|  [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |

|  [prometheus\_stack\_yaml\_body](#output\_prometheus\_stack\_yaml\_body) | YAML of prometheus stack |

|  [promtail\_yaml\_body](#output\_promtail\_yaml\_body) | YAML of Tempo |

|  [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |

|  [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |

|  [region](#output\_region) | Region of the AWS resources |

|  [tempo\_yaml\_body](#output\_tempo\_yaml\_body) | YAML of Tempo |

|  [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |

|  [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |

|  [vpc\_id](#output\_vpc\_id) | ID of the VPC |