Skip to content

Latest commit

 

History

History

terraform

README.md

Usage

To run this module you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Requirements

Name Version
terraform >= 1.6.0
aws >= 5.31
tls >= 4.0

Providers

Name Version
aws >= 5.31
tls >= 4.0

Modules

Name Source Version
eks_cluster native-cube/kms/aws ~> 1.0.0
eks_node_group_al2023 native-cube/eks-node-group/aws ~> 1.1.0
eks_vpc_flow_logs native-cube/vpc-flow-logs/aws ~> 2.1.0
vpc_eks terraform-aws-modules/vpc/aws 5.8.1

Resources

Name Type
aws_cloudwatch_event_rule.karpenter_spot_interruption resource
aws_cloudwatch_event_target.karpenter_spot_interruption resource
aws_cloudwatch_log_group.cluster resource
aws_cloudwatch_log_group.cluster_application resource
aws_cloudwatch_log_group.cluster_dataplane resource
aws_cloudwatch_log_group.cluster_host resource
aws_cloudwatch_log_group.cluster_performance resource
aws_eks_addon.adot resource
aws_eks_addon.aws_ebs_csi_driver resource
aws_eks_addon.cloudwatch resource
aws_eks_addon.core_dns resource
aws_eks_addon.guardduty resource
aws_eks_addon.identity_agent resource
aws_eks_addon.kube_proxy resource
aws_eks_addon.kubecost resource
aws_eks_addon.snapshot_controller resource
aws_eks_cluster.cluster resource
aws_iam_instance_profile.eks_node_karpenter resource
aws_iam_openid_connect_provider.cluster resource
aws_iam_role.adot_collector resource
aws_iam_role.cert_manager resource
aws_iam_role.cluster resource
aws_iam_role.ebs_csi_controller_sa resource
aws_iam_role.eks_node_group resource
aws_iam_role.eks_node_karpenter resource
aws_iam_role.external_dns resource
aws_iam_role.karpenter_controller resource
aws_iam_role.load_balancer_controller resource
aws_iam_role_policy.cert_manager resource
aws_iam_role_policy.external_dns resource
aws_iam_role_policy.karpenter_controller resource
aws_iam_role_policy.load_balancer_controller resource
aws_launch_template.cluster_al2023 resource
aws_security_group.core_dns resource
aws_security_group.eks_vpc_endpoint resource
aws_security_group.eks_vpc_endpoint_guardduty resource
aws_security_group.node resource
aws_security_group_rule.eks_vpc_endpoint_egress resource
aws_security_group_rule.eks_vpc_endpoint_self_ingress resource
aws_sqs_queue.karpenter_spot_interruption resource
aws_sqs_queue_policy.karpenter_spot_interruption resource
aws_vpc_endpoint.eks_vpc_aps_workspaces resource
aws_vpc_endpoint.eks_vpc_ecr_dkr resource
aws_vpc_endpoint.eks_vpc_guardduty resource
aws_vpc_endpoint.eks_vpc_s3 resource
aws_vpc_endpoint.eks_vpc_sts resource
aws_vpc_security_group_egress_rule.cluster_to_karpenter_nodes resource
aws_vpc_security_group_egress_rule.core_dns_tcp resource
aws_vpc_security_group_egress_rule.core_dns_udp resource
aws_vpc_security_group_egress_rule.node_to_cluster resource
aws_vpc_security_group_egress_rule.node_to_internet resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_control_plane resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_control_plane_to_core_dns resource
aws_vpc_security_group_ingress_rule.all_allow_access_from_karpenter_nodes_to_core_dns resource
aws_vpc_security_group_ingress_rule.allow_ingress_from_coredns_to_cluster_nodes resource
aws_vpc_security_group_ingress_rule.allow_ingress_from_coredns_to_karpenter_nodes resource
aws_vpc_security_group_ingress_rule.cluster_to_nodes resource
aws_vpc_security_group_ingress_rule.cluster_to_vpc_endpoints resource
aws_vpc_security_group_ingress_rule.eks_vpc_guardduty resource
aws_vpc_security_group_ingress_rule.node_to_vpc_endpoints resource
aws_vpc_security_group_ingress_rule.self resource
aws_caller_identity.current data source
aws_iam_policy_document.cert_manager data source
aws_iam_policy_document.cluster_role_assume_role_policy data source
aws_iam_policy_document.eks_node_custom_inline_policy data source
aws_iam_policy_document.eks_node_group_assume_role_policy data source
aws_iam_policy_document.eks_node_karpenter_assume_role_policy data source
aws_iam_policy_document.eks_vpc_aps_workspaces data source
aws_iam_policy_document.eks_vpc_guardduty data source
aws_iam_policy_document.external_dns data source
aws_iam_policy_document.karpenter_controller data source
aws_iam_policy_document.karpenter_spot_interruption data source
aws_iam_policy_document.kms_policy_cluster data source
aws_iam_policy_document.load_balancer_controller data source
aws_partition.current data source
aws_region.current data source
aws_ssm_parameter.eks_al2023 data source
aws_ssm_parameter.eks_optimized_ami_id data source
aws_vpc_endpoint_service.aps_workspaces data source
aws_vpc_endpoint_service.ecr_dkr data source
aws_vpc_endpoint_service.guardduty data source
aws_vpc_endpoint_service.s3 data source
aws_vpc_endpoint_service.sts data source
tls_certificate.cluster data source

Inputs

Name Description Type Default Required
azs A list of availability zones names or ids in the region list(string) [] no
ebs_delete_on_termination Whether the volume should be destroyed on instance termination. bool true no
ebs_encrypted Enables EBS encryption on the volume. bool true no
ebs_volume_size The size of the volume in gigabytes. number 100 no
ebs_volume_type The volume type. string "gp3" no
eks_addon_version_adot ADOT EKS addon version. string null no
eks_addon_version_cloudwatch Cloudwatch EKS addon version. string null no
eks_addon_version_core_dns Core DNS managed EKS addon version. string null no
eks_addon_version_ebs_csi_driver AWS ebs csi driver managed EKS addon version. string null no
eks_addon_version_guardduty Guardduty agent EKS addon version. string null no
eks_addon_version_identity_agent Pod Identity Agent EKS addon version. string null no
eks_addon_version_kube_proxy Kube proxy managed EKS addon version. string null no
eks_addon_version_kubecost KubeCost EKS addon version. string null no
eks_addon_version_snapshot_controller CSI Snapshot Controller EKS addon version. string null no
eks_enabled_log_types List of the desired control plane logging to enable. list(string) [] no
eks_endpoint_private_access Whether the Amazon EKS private API server endpoint is enabled. bool true no
eks_endpoint_public_access Whether the Amazon EKS public API server endpoint is enabled. bool true no
eks_public_access_cidrs List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. list(string) 
[
  "0.0.0.0/0"
]
 no
eks_security_group_ids List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. list(string) [] no
eks_service_ipv4_cidr The CIDR block to assign Kubernetes service IP addresses from. string null no
eks_version EKS controlplane version. string n/a yes
instance_types List of instance types associated with the EKS Node Group. list(string) 
[
  "m6i.large"
]
 no
name_prefix Name prefix used across resources created by this module. string n/a yes
private_subnets_cidrs Classless Inter-Domain Routing ranges for private subnets. list(string) n/a yes
public_subnets_cidrs Classless Inter-Domain Routing ranges for public subnets. list(string) n/a yes
vpc_cidr Amazon Virtual Private Cloud Classless Inter-Domain Routing range. string n/a yes

Outputs

Name Description
eks_arn EKS cluster ARN.
eks_id EKS cluster name.
eks_network_config EKS cluster network configuration.
private_subnet_ids Private subnet IDs.
public_subnet_ids Public subnet IDs.
vpc_id VPC ID.

License

See LICENSE file for full details.

Maintainers

Pre-commit hooks

Install dependencies

Generate terraform-docs

terraform-docs markdown table --output-file README.md --output-mode inject .

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog