Truefoundry EKS Module
| Name | Version |
|---|---|
| terraform | ~> 1.4 |
| aws | ~> 5.57 |
| Name | Version |
|---|---|
| aws | ~> 5.57 |
| Name | Source | Version |
|---|---|---|
| aws-eks-kubernetes-cluster | terraform-aws-modules/eks/aws | v20.17.2 |
| eks_blueprints_addons | aws-ia/eks-blueprints-addons/aws | 1.16.3 |
| Name | Type |
|---|---|
| aws_eks_cluster.eks_cluster | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_eks_managed_node_groups | Map of additional EKS managed node group definitions to create | any |
{} |
no |
| cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 7 days | number |
7 |
no |
| cluster_access_entries | value of the access entries for the EKS cluster | any |
{} |
no |
| cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) |
[] |
no |
| cluster_addons_coredns_additional_configurations | Additional configurations for the coredns addon | any |
{} |
no |
| cluster_addons_coredns_version | Version of the CoreDNS addon | string |
"v1.11.1-eksbuild.9" |
no |
| cluster_addons_eks_pod_identity_agent_additional_configurations | Additional configurations for the kube proxy addon | any |
{} |
no |
| cluster_addons_eks_pod_identity_agent_version | Version of the EKS Pod Identity Agent addon | string |
"v1.3.0-eksbuild.1" |
no |
| cluster_addons_kube_proxy_additional_configurations | Additional configurations for the kube proxy addon | any |
{} |
no |
| cluster_addons_kube_proxy_version | Version of the kube-proxy addon | string |
"v1.30.0-eksbuild.3" |
no |
| cluster_addons_vpc_cni_additional_configurations | Additional configurations for the VPC CNI addon | any |
{} |
no |
| cluster_addons_vpc_cni_version | Version of the VPC CNI addon | string |
"v1.18.2-eksbuild.1" |
no |
| cluster_authentication_mode | value of the authentication mode for the EKS cluster | string |
"API_AND_CONFIG_MAP" |
no |
| cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) |
[ |
no |
| cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool |
true |
no |
| cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool |
true |
no |
| cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) |
[ |
no |
| cluster_name | Name of the EKS cluster. If use_existing_cluster is set to true, cluster_name will be used to fetch details only | string |
n/a | yes |
| cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source |
any |
{} |
no |
| cluster_version | EKS cluster version | string |
"1.30" |
no |
| create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool |
true |
no |
| eks_managed_node_group_defaults | Managed node group defaults | any |
{} |
no |
| enable_cluster_log | Enable cluster control plane logs | bool |
true |
no |
| enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool |
true |
no |
| existing_cluster_node_role_arn | IAM node role ARN for an existing cluster. This will only be used when use_existing_cluster is true | string |
"" |
no |
| existing_cluster_node_security_group_id | Node security group for an existing cluster. This will only be used when use_existing_cluster is true. | string |
"" |
no |
| existing_cluster_oidc_issuer_arn | OIDC issuer ARN for an existing cluster. This will only be used when use_existing_cluster is true. | string |
"" |
no |
| existing_cluster_oidc_issuer_url | OIDC issuer URL for an existing cluster. This will only be used when use_existing_cluster is true. | string |
"" |
no |
| iam_role_additional_policies | Additional policies to be added to the IAM role | map(string) |
{} |
no |
| inital_node_pool_capacity_type | capacity type for the initial node pool | string |
"SPOT" |
no |
| initial_node_pool_ami_type | AMI type for the initial node pool | string |
"AL2023_x86_64_STANDARD" |
no |
| initial_node_pool_create_iam_role | Create IAM role for the initial node pool | bool |
true |
no |
| initial_node_pool_create_iam_role_policy | Create IAM role policy for the initial node pool | bool |
true |
no |
| initial_node_pool_create_node_template | Create node template for the initial node pool | bool |
true |
no |
| initial_node_pool_desired_size | Desired size for the initial node pool | number |
2 |
no |
| initial_node_pool_enabled | Create al2023 initial node pool for EKS managed node group | bool |
true |
no |
| initial_node_pool_iam_role_additional_policies | Additional policies to be added to the IAM role for the initial node pool | map(string) |
{ |
no |
| initial_node_pool_iam_role_attach_cni_policy | Attach CNI policy to IAM role for the initial node pool | bool |
true |
no |
| initial_node_pool_iam_role_tags | IAM role tags for the initial node pool | map(string) |
{} |
no |
| initial_node_pool_iam_role_use_name_prefix | Use name prefix for IAM role for the initial node pool | bool |
true |
no |
| initial_node_pool_instance_types | Instance types for the initial node pool | list(string) |
[ |
no |
| initial_node_pool_labels | Labels for the initial node pool | map(string) |
{ |
no |
| initial_node_pool_launch_template_use_name_prefix | Use name prefix for launch template for the initial node pool | bool |
true |
no |
| initial_node_pool_max_size | Maximum size for the initial node pool | number |
2 |
no |
| initial_node_pool_metadata_options | Metadata options for the initial node pool | map(string) |
{} |
no |
| initial_node_pool_min_size | Minimum size for the initial node pool | number |
2 |
no |
| karpenter_fargate_profile_attach_cni_policy | Attach CNI policy to IAM role for Karpenter Fargate profile | bool |
true |
no |
| karpenter_fargate_profile_create_iam_role | Create IAM role for Karpenter Fargate profile | bool |
true |
no |
| karpenter_fargate_profile_enabled | Enable Karpenter Fargate profile | bool |
false |
no |
| karpenter_fargate_profile_namespace | value of the namespace where Karpenter is installed | string |
"karpenter" |
no |
| node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source |
any |
{} |
no |
| node_security_group_tags | List of node security group tags | any |
{} |
no |
| openid_connect_audiences | List of OpenID Connect audience client IDs to add to the IRSA provider | list(string) |
[] |
no |
| self_managed_node_group_defaults | Self node group defaults | any |
{} |
no |
| self_managed_node_groups | Map of self-managed node group definitions to create | any |
{} |
no |
| subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) |
[] |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| use_existing_cluster | Flag to use an existing cluster. If this is true, a new EKS cluster will not be created | bool |
false |
no |
| vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string |
null |
no |
| Name | Description |
|---|---|
| aws_access_entries | Access entries for the EKS cluster security group |
| cloudwatch_log_group_arn | Arn of cloudwatch log group created |
| cloudwatch_log_group_name | Name of cloudwatch log group created |
| cluster_addons | Map of attribute maps for all EKS cluster addons enabled |
| cluster_arn | The Amazon Resource Name (ARN) of the cluster |
| cluster_certificate_authority_data | Base64 encoded certificate data required to communicate with the cluster |
| cluster_endpoint | Endpoint for your Kubernetes API server |
| cluster_iam_role_arn | IAM role ARN of the EKS cluster |
| cluster_iam_role_name | IAM role name of the EKS cluster |
| cluster_iam_role_unique_id | Stable and unique string identifying the IAM role |
| cluster_id | DEPRECATED - Use cluster_name |
| cluster_identity_providers | Map of attribute maps for all EKS identity providers enabled |
| cluster_name | The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready |
| cluster_oidc_issuer_url | The URL on the EKS cluster for the OpenID Connect identity provider |
| cluster_platform_version | Platform version for the cluster |
| cluster_primary_security_group_id | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |
| cluster_security_group_arn | Amazon Resource Name (ARN) of the cluster security group |
| cluster_security_group_id | ID of the cluster security group |
| cluster_status | Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED |
| eks_managed_node_groups | Map of attribute maps for all EKS managed node groups created |
| fargate_profiles | Map of attribute maps for all EKS Fargate Profiles created |
| node_security_group_arn | Amazon Resource Name (ARN) of the node shared security group |
| node_security_group_id | ID of the node shared security group |
| oidc_provider_arn | The ARN of the OIDC Provider |
| self_managed_node_groups | Map of attribute maps for all self managed node groups created |
| use_existing_cluster | Flag to check if you are using an already existing cluster |