Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/shalb/terraform-eks-addons

Last synced: about 1 month ago
JSON representation
Host: GitHub
URL: https://github.com/shalb/terraform-eks-addons
Owner: shalb
License: apache-2.0
Created: 2023-05-10T13:38:25.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-09-29T09:14:29.000Z (over 1 year ago)
Last Synced: 2023-09-29T12:33:03.360Z (over 1 year ago)
Language: HCL
Size: 69.3 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        # AWS EKS Terraform Module

[![Cluster.dev logo](https://raw.githubusercontent.com/shalb/cluster.dev/master/docs/images/cdev-module-banner.png?sanitize=true)](https://cluster.dev/)

Terraform module that installs core add-ons to Elastic Kubernetes Service (EKS) cluster. This Terraform module is also used as part of the [AWS-EKS Cluster.dev stack template](https://github.com/shalb/cdev-aws-eks) to start and provision an EKS cluster with add-ons in AWS cloud. 

## Features

The module installs the following add-ons to an EKS cluster:

1. **Argo CD**: Continuous Delivery for Kubernetes. 

   

2. **Ingress-Nginx**: A high-performance, production-ready HTTP and HTTPS Ingress controller for Kubernetes.

   

3. **External-DNS**: Automatically configure DNS records for your Kubernetes services.

   

4. **Cluster Autoscaler**: Automatically adjust the size of your worker node group based on resource utilization.

   

5. **External-Secrets**: Manage sensitive information securely in Kubernetes using AWS Secrets Manager.

    

6. **Cert-Manager**: Automate the management and issuance of TLS certificates for your applications.

    

7. **EFS Driver**: Mount Amazon Elastic File System (EFS) volumes to your pods.

    

8. **AWS Load Balancer Controller**: Automatically configure and manage AWS Load Balancers for your services.

## Usage   

To use this Terraform module to provision an EKS cluster with the specified add-ons, follow these steps:

1. **Clone the repository**:

   ```bash

   git clone https://github.com/shalb/terraform-eks-addons.git

   ```

2. **Configure variables**: Create a `terraform.tfvars` file or provide variables inline to customize your EKS cluster and add-on configurations. For example:

   ```hcl

   cluster_name = "my-eks-cluster"

   region       = "us-west-2"

   # Add-on configuration

   enable_argocd            = true

   enable_ingress_nginx     = true

   enable_external_dns      = true

   enable_cluster_autoscaler = true

   enable_external_secrets  = true

   enable_cert_manager      = true

   enable_efs_driver        = true

   enable_aws_lb_controller = true

   ```

3. **Apply the configuration**:

   ```hcl

   terraform apply

   ```

4. **Access Kubernetes cluster**: After the provisioning is complete, you can access your EKS cluster using `kubectl`:

   ```css

   aws eks --region  update-kubeconfig --name 

   ```

5. **Manage add-ons**: The specified add-ons will be automatically deployed and configured in your EKS cluster.

   

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.2.0 |

|  [aws](#requirement\_aws) | >= 4.60.0 |

|  [helm](#requirement\_helm) | >= 2.9.0 |

|  [kubernetes](#requirement\_kubernetes) | >= 2.20.0 |

|  [null](#requirement\_null) | >= 3.2.0 |

|  [random](#requirement\_random) | >= 3.0.0 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 4.66.1 |

|  [helm](#provider\_helm) | 2.9.0 |

|  [null](#provider\_null) | >= 3.2.0 |

|  [random](#provider\_random) | >= 3.0.0 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [attach\_load\_balancer\_controller\_policy](#module\_attach\_load\_balancer\_controller\_policy) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> v5.11 |

|  [iam\_assumable\_role\_autoscaler](#module\_iam\_assumable\_role\_autoscaler) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.11 |

|  [iam\_assumable\_role\_efs](#module\_iam\_assumable\_role\_efs) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> v5.11 |

|  [iam\_assumable\_role\_external\_secrets](#module\_iam\_assumable\_role\_external\_secrets) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> v5.11 |

|  [iam\_assumable\_role\_route53](#module\_iam\_assumable\_role\_route53) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.11 |

|  [iam\_policy\_autoscaler](#module\_iam\_policy\_autoscaler) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 5.11 |

|  [iam\_policy\_route53](#module\_iam\_policy\_route53) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 5.11 |

## Resources

| Name | Type |

|------|------|

| [aws_iam_policy.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [aws_iam_policy.external_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [helm_release.argocd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.aws_lb_controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.efs](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.external_secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.kubernetes_metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [null_resource.cluster_issuers](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [null_resource.lb_delete_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [random_id.id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |

| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |

| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [argocd\_chart\_version](#input\_argocd\_chart\_version) | Argocd helm chart version | `string` | `"3.29.5"` | no |

|  [argocd\_image\_tag](#input\_argocd\_image\_tag) | Argocd docker image version | `string` | `"v2.2.2"` | no |

|  [argocd\_password\_bcrypted](#input\_argocd\_password\_bcrypted) | Bctypted password (hash) for argocd web ui | `string` | `""` | no |

|  [cert\_manager\_version](#input\_cert\_manager\_version) | Cert manager helm chart version | `string` | `"v1.5.4"` | no |

|  [cluster\_autoscaler\_version](#input\_cluster\_autoscaler\_version) | Cluster utoscaler helm chart version | `string` | `"9.27.0"` | no |

|  [cluster\_name](#input\_cluster\_name) | EKS cluster name | `string` | n/a | yes |

|  [cluster\_oidc\_issuer\_url](#input\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | `string` | n/a | yes |

|  [cluster\_oidc\_provider\_arn](#input\_cluster\_oidc\_provider\_arn) | The ARN of the OIDC Provider if enable\_irsa = true | `string` | n/a | yes |

|  [cluster\_subnets](#input\_cluster\_subnets) | Subnets where EKS worker nodes are spawned. Required for ingress controller. | `list(any)` | `[]` | no |

|  [efs\_id](#input\_efs\_id) | EFD FileSystem ID to use in efs drivers dynamyc storage class | `string` | `""` | no |

|  [email](#input\_email) | Organization email for LE issuers | `string` | `""` | no |

|  [enable\_argocd](#input\_enable\_argocd) | Disable/enable ArgoCD addon | `bool` | `false` | no |

|  [enable\_aws\_lb\_controller](#input\_enable\_aws\_lb\_controller) | Disable/enable AWS LB controller | `bool` | `true` | no |

|  [enable\_cert\_manager](#input\_enable\_cert\_manager) | Disable/enable cert manager | `bool` | `false` | no |

|  [enable\_cert\_manager\_http\_issuers](#input\_enable\_cert\_manager\_http\_issuers) | Disable/enable cert manager http issuers | `bool` | `false` | no |

|  [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Disable/enable AWS cluster autoscaler | `bool` | `true` | no |

|  [enable\_efs](#input\_enable\_efs) | Disable/enable AWS EFS driver | `bool` | `false` | no |

|  [enable\_external\_dns](#input\_enable\_external\_dns) | Disable/enable external dns | `bool` | `true` | no |

|  [enable\_external\_secrets](#input\_enable\_external\_secrets) | Disable/enable kubernetes external secrets addon | `bool` | `false` | no |

|  [enable\_metrics\_server](#input\_enable\_metrics\_server) | Disable/enable Metric Server | `bool` | `false` | no |

|  [enable\_nginx](#input\_enable\_nginx) | Disable/enable Nginx Ingress | `bool` | `false` | no |

|  [enable\_reloader](#input\_enable\_reloader) | Disable/enable reloader | `bool` | `false` | no |

|  [external\_dns\_version](#input\_external\_dns\_version) | External dns helm chart version | `string` | `"6.5.6"` | no |

|  [external\_secrets\_version](#input\_external\_secrets\_version) | External secrets helm chart version | `string` | `"0.7.2"` | no |

|  [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Ingress nginx helm chart version | `string` | `"4.2.5"` | no |

|  [metrics\_server\_version](#input\_metrics\_server\_version) | Metrics Server helm chart version | `string` | `"6.0.8"` | no |

|  [nginx\_default\_cert](#input\_nginx\_default\_cert) | Define default ingress nginx cert in format namespace/certname, required for wildcard domains setup. | `string` | `"ingress-nginx/default"` | no |

|  [region](#input\_region) | EKS cluster region | `string` | n/a | yes |

|  [reloader\_version](#input\_reloader\_version) | Reloader chart version | `string` | `"v0.0.118"` | no |

|  [route53\_domain](#input\_route53\_domain) | DNS domain to create apps DNS records for applications | `string` | n/a | yes |

|  [route53\_zone\_id](#input\_route53\_zone\_id) | The id of the route53 to create apps DNS records (for external dns) | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [cluster\_certificate\_authority\_data\_raw](#output\_cluster\_certificate\_authority\_data\_raw) | Base64 encoded certificate data required to communicate with the cluster |

|  [kubeconfig](#output\_kubeconfig) | The kubeconfig to use to authenticate with the cluster |

|  [kubeconfig\_raw](#output\_kubeconfig\_raw) | The kubeconfig to use to authenticate with the cluster |