AWS LoadBalancer Controller for Kubernetes

This module deploys AWS LoadBalancer Controller to a Kubernetes Cluster.

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.0
helm	>= 2.2

Providers

Name	Version
aws	>= 4.0
helm	>= 2.2

Modules

Name	Source	Version
crds	rpadovani/helm-crds/kubectl	~> 0.3.0
lb_controller_role	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	~> 5.39.0

Resources

Name	Type
helm_release.release	resource
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
affinity	Pod affinity	map(any)	{}	no
autoscaling	Autoscaling configuration	any	{ "enabled": true, "maxReplicas": 5, "minReplicas": 1, "targetCPUUtilizationPercentage": 80 }	no
aws_max_retries	Maximum retries for AWS APIs (default 10)	number	10	no
chart_name	Helm chart name to provision	string	"aws-load-balancer-controller"	no
chart_namespace	Namespace to install the chart into	string	"kube-system"	no
chart_repository	Helm repository for the chart	string	"https://aws.github.io/eks-charts"	no
chart_timeout	Timeout to wait for the Chart to be deployed.	number	300	no
chart_version	Version of Chart to install. Set to empty to install the latest version	string	"1.8.4"	no
cluster_name	Name of Kubernetes Cluster	string	n/a	yes
cluster_tag_check	Enable or disable subnet tag check	bool	false	no
default_tags	Default tags to apply to all AWS resources managed by this controller	map(string)	{}	no
enable_cert_manager	Enable cert-manager injection of webhook certficates	bool	false	no
enable_pod_readiness_gate_inject	If enabled, targetHealth readiness gate will get injected to the pod spec for the matching endpoint pods (default true)	bool	true	no
enable_service_mutator_webhook	Enable the service mutator webhook	bool	true	no
enable_shield	Enable Shield addon for ALB (default true)	bool	true	no
enable_waf	Enable WAF addon for ALB (default true)	bool	true	no
enable_wafv2	Enable WAF V2 addon for ALB (default true)	bool	true	no
env	Fixed environment variables for container	map(string)	{}	no
extra_volume_mounts	Extra Volume mounts	list(any)	[]	no
extra_volumes	Extra volumes	list(any)	[]	no
fullname_override	Full name override for resources	string	""	no
host_network	Use Host Network for pod	bool	false	no
iam_role_name	Name of IAM role for controller	string	""	no
image_repository	Image repository on Dockerhub	string	"amazon/aws-alb-ingress-controller"	no
image_tag	Image tag	string	"v2.8.3"	no
ingress_class	The ingress class this controller will satisfy. If not specified, controller will match all ingresses without ingress class annotation and ingresses of type alb	string	"alb"	no
ingress_max_concurrent_reconciles	Maximum number of concurrently running reconcile loops for ingress (default 3)	number	3	no
load_balancer_class	Specifies the class of load balancer to use for services. This affects how services are provisioned if type LoadBalancer is used (default service.k8s.aws/nlb)	string	""	no
log_level	Log level. Either info or debug	string	"info"	no
max_history	Max History for Helm	number	20	no
metrics_bind_addr	The address the metric endpoint binds to. (default ':8080')	string	":8080"	no
name_override	Name override for resources	string	""	no
oidc_provider_arn	OIDC Provider ARN for IRSA	string	n/a	yes
pdb	PDB for pod	map(any)	{}	no
pod_annotations	Additional annotations on a pod	map(string)	{}	no
pod_labels	Additional labels on a pod	map(string)	{}	no
pod_security_context	Pod Security Context	map(any)	{ "fsGroup": 65534 }	no
prefer_ecr_repositories	Prefer ECR repositories according to the region. If none can be found, var.image_repository is used	bool	true	no
priority_class_name	Priority class for pod	string	"system-cluster-critical"	no
region	The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example.	string	""	no
release_name	Helm release name	string	"aws-load-balancer-controller"	no
replicas	Number of replicas	number	1	no
resources	Pod Resources	map(any)	{ "limits": { "cpu": "200m", "memory": "500Mi" }, "requests": { "cpu": "100m", "memory": "500Mi" } }	no
revision_history_limit	The number of old history to retain to allow rollback. Set to 0 to disable	number	10	no
runtime_class_name	Runtime class name for the controller	string	""	no
security_context	Security Context for container	map(any)	{ "allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true, "runAsNonRoot": true }	no
service_account_annotations	Addiitional Annotations for service account	map(string)	{}	no
service_account_name	Name of service account to create. Not generated	string	"aws-load-balancer-controller"	no
service_max_concurrent_reconciles	Maximum number of concurrently running reconcile loops for service (default 3)	number	3	no
service_mutator_webhook_config	Service Mutator Webhook Configuration	any	{ "failurePolicy": "Fail", "objectSelector": { "matchExpressions": [], "matchLabels": {}, "operations": [ "CREATE" ] } }	no
service_target_eni_sg_tags	Tags to apply to the security group created for the service target group	map(string)	{}	no
sync_period	Period at which the controller forces the repopulation of its local object stores. (default 1h0m0s)	string	"1h0m0s"	no
targetgroupbinding_max_concurrent_reconciles	Maximum number of concurrently running reconcile loops for targetGroupBinding	number	3	no
termination_grace_period_seconds	Time period for the controller pod to do a graceful shutdown	number	10	no
tolerations	Pod Tolerations	list(any)	[]	no
vpc_id	The VPC ID for the Kubernetes cluster. Set this manually when your pods are unable to use the metadata service to determine this automatically	string	""	no
watch_namespace	Watch a single namespace if specified, or all namespaces if not	string	""	no
webhook_bind_port	The TCP port the Webhook server binds to. (default 9443)	number	9443	no

Outputs

Name	Description
iam_role_arn	ARN of IAM role
iam_role_name	Name of IAM role
iam_role_path	Path of IAM role
iam_role_unique_id	Unique ID of IAM role