https://github.com/softwaremill/terraform-eks-bootstrap
https://github.com/softwaremill/terraform-eks-bootstrap
Last synced: 11 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/softwaremill/terraform-eks-bootstrap
- Owner: softwaremill
- License: apache-2.0
- Created: 2022-05-23T09:44:13.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-12-06T13:03:28.000Z (about 1 year ago)
- Last Synced: 2025-01-18T06:42:35.494Z (about 1 year ago)
- Language: HCL
- Size: 348 KB
- Stars: 1
- Watchers: 23
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Terraform EKS module
The module is designed to create AWS EKS cluster with all necessary AWS resources such as:
- VPC network and subnets with [proper tagging](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html#:~:text=.-,Subnet%20tagging,-For%201.18%20and),
- Security Groups
- NAT Gateways
- AWS KMS encryption key to envelope encrypt Kubernetes Secrets
- AWS EKS clusters with default node group
### Available Features
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 5.80.0 |
| [kubernetes](#provider\_kubernetes) | 2.34.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | 5.24.0 |
| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.19.0 |
| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.0.0 |
## Resources
| Name | Type |
|------|------|
| [kubernetes_storage_class.storage_class](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tags](#input\_additional\_tags) | Additional tags to include | `map(string)` | `{}` | no |
| [create\_aws\_auth\_configmap](#input\_create\_aws\_auth\_configmap) | Should Terraform create aws\_auth ConfigMap used for setting up cluster access | `bool` | `false` | no |
| [create\_vpc](#input\_create\_vpc) | Specifies if new VPC be created, if not `vpc_id` and `subnet_ids` variables need to be provided | `bool` | `true` | no |
| [eks\_additional\_cluster\_addons](#input\_eks\_additional\_cluster\_addons) | Map of additional cluster addon configurations to enable for the cluster. | `any` | `{}` | no |
| [eks\_cluster\_auth\_role](#input\_eks\_cluster\_auth\_role) | AWS roles with access permission to EKS cluster |
list(object({
rolearn : string
username : string
groups = list(string)
})) | `[]` | no |
| [eks\_cluster\_auth\_user](#input\_eks\_cluster\_auth\_user) | AWS users with access permission to EKS cluster | list(object({
userarn : string
username : string
groups = list(string)
})) | `[]` | no |
| [eks\_cluster\_endpoint\_access](#input\_eks\_cluster\_endpoint\_access) | EKS managed node group default configurations | object({
enable_public_access : bool
enable_private_access : bool
}) | {
"enable_private_access": false,
"enable_public_access": true
} | no |
| [eks\_cluster\_fargate\_profiles](#input\_eks\_cluster\_fargate\_profiles) | EKS Fargate profile object | `map(object({}))` | `{}` | no |
| [eks\_cluster\_log\_types](#input\_eks\_cluster\_log\_types) | A list of the desired control plane logs to enable | `list(string)` | [
"api",
"audit",
"authenticator"
]
| no |
| [eks\_cluster\_name](#input\_eks\_cluster\_name) | Name of the Kubernetes cluster | `string` | `"eks-cluster"` | no |
| [eks\_cluster\_node\_groups](#input\_eks\_cluster\_node\_groups) | EKS managed additional node group | `any` | `{}` | no |
| [eks\_cluster\_node\_groups\_default\_configuration](#input\_eks\_cluster\_node\_groups\_default\_configuration) | EKS managed node group default configurations | `any` | {
"attach_cluster_primary_security_group": true,
"desired_size": 3,
"disk_size": 40,
"instance_types": [
"m5.large"
],
"labels": {
"node-group": "default"
},
"max_size": 5,
"min_size": 1
} | no |
| [eks\_cluster\_version](#input\_eks\_cluster\_version) | Kubernetes cluster version | `string` | `"1.26"` | no |
| [eks\_create](#input\_eks\_create) | Specifies if actually create the EKS cluster | `bool` | `true` | no |
| [eks\_default\_cluster\_addons](#input\_eks\_default\_cluster\_addons) | Map of default cluster addon configurations to enable for the cluster. | `any` | {
"coredns": {
"most_recent": true,
"preserve": true,
"resolve_conflicts": "OVERWRITE"
},
"kube-proxy": {
"most_recent": true,
"preserve": true,
"resolve_conflicts": "OVERWRITE"
},
"vpc-cni": {
"most_recent": true,
"preserve": true,
"resolve_conflicts": "OVERWRITE"
}
} | no |
| [eks\_enable\_secret\_encryption](#input\_eks\_enable\_secret\_encryption) | Should KMS key to encrypt kubernetes secrets be generated | `bool` | `true` | no |
| [eks\_node\_security\_group\_tags](#input\_eks\_node\_security\_group\_tags) | Map of tags for eks node sg | `map(string)` | `{}` | no |
| [eks\_single\_az](#input\_eks\_single\_az) | Specifies if all node's should be deployed in the same AZ | `bool` | `false` | no |
| [eks\_storage\_classes](#input\_eks\_storage\_classes) | EBS storage class with custom parameters | list(object({
name = string
storage_class_provisioner = string
parameters = optional(map(string))
volume_binding_mode = optional(string)
reclaim_policy = optional(string)
}
)) | `[]` | no |
| [enable\_bastion](#input\_enable\_bastion) | True if bastion host should be created | `bool` | `false` | no |
| [enable\_ebs\_csi\_driver](#input\_enable\_ebs\_csi\_driver) | Specifies if enable the EBS/CSI driver | `bool` | `true` | no |
| [environment](#input\_environment) | Environment name | `string` | n/a | yes |
| [logs\_retention\_days](#input\_logs\_retention\_days) | Log retention in days | `number` | `14` | no |
| [manage\_aws\_auth\_configmap](#input\_manage\_aws\_auth\_configmap) | Should Terraform manage aws\_auth ConfigMap used for setting up cluster access | `bool` | `true` | no |
| [org](#input\_org) | Organization name - part of other resource names | `string` | `"terraform"` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of IDs of existing private subnets, only used when `create_vpc` is set to `false` | `list(string)` | `[]` | no |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of IDs of existing public subnets, only used when `create_vpc` is set to `false` | `list(string)` | `[]` | no |
| [region](#input\_region) | n/a | `string` | `"eu-central-1"` | no |
| [vpc\_cidr](#input\_vpc\_cidr) | VPC CIDR address | `string` | `"10.0.0.0/16"` | no |
| [vpc\_id](#input\_vpc\_id) | ID of existing VPC, only used when `create_vpc` is set to `false` | `string` | `""` | no |
| [vpc\_nat\_setting](#input\_vpc\_nat\_setting) | Enable NAT Gateway | object({
enable_nat_gateway : bool
multi_az_nat_gateway : bool
}) | {
"enable_nat_gateway": true,
"multi_az_nat_gateway": false
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [eks\_cluster\_arn](#output\_eks\_cluster\_arn) | ARN of the cluster |
| [eks\_cluster\_certificate\_authority\_data](#output\_eks\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster |
| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server |
| [eks\_cluster\_id](#output\_eks\_cluster\_id) | The id of the cluster |
| [eks\_cluster\_name](#output\_eks\_cluster\_name) | The name of the cluster |
| [eks\_cluster\_oidc\_issuer\_arn](#output\_eks\_cluster\_oidc\_issuer\_arn) | The ARN on the EKS cluster OIDC provider |
| [eks\_cluster\_oidc\_issuer\_url](#output\_eks\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster OIDC Issuer |
| [eks\_cluster\_primary\_security\_group\_id](#output\_eks\_cluster\_primary\_security\_group\_id) | The cluster primary security group ID created by the EKS cluster |
| [eks\_cluster\_version](#output\_eks\_cluster\_version) | The Kubernetes server version for the EKS cluster. |
| [vpc\_id](#output\_vpc\_id) | The VPC ID |
| [vpc\_name](#output\_vpc\_name) | The name of the VPC |
| [vpc\_nats\_ids](#output\_vpc\_nats\_ids) | The list of allocation ID for Elastic IPs |
| [vpc\_private\_route\_table\_ids](#output\_vpc\_private\_route\_table\_ids) | The list of IDs of private route tables |
| [vpc\_private\_subnets\_ids](#output\_vpc\_private\_subnets\_ids) | The list of private subnets IDs associated with the VPC |
| [vpc\_public\_route\_table\_ids](#output\_vpc\_public\_route\_table\_ids) | The list of IDs of public route tables |
| [vpc\_public\_subnets\_ids](#output\_vpc\_public\_subnets\_ids) | The list of public subnets IDs associated with the VPC |
## eks_storage_classes variable
The eks_storage_classes variable takes the following parameters:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#name) | Standard storage class's name in metadata | `string` | "" | Required |
| [storage_class_provisioner](#storage_class_provisioner) | Indicates the type of the provisioner | `string` | "" | Required |
| [parameters](#parameters) | The parameters for the provisioner that should create volumes of this storage class. See the documentaion for the [available parameters](https://kubernetes.io/docs/concepts/storage/storage-classes/#parameters) | `map(string)` | {} | Optional |
| [volume\_binding\_mode](#volume\_binding\_mode) | Indicates when volume binding and dynamic provisioning should occur | `string` | "WaitForFirstConsumer" | Optional |
| [reclaim\_policy](#reclaim\_policy) | Indicates the reclaim policy to use | `string` | "Delete" | Optional |