Skip to content

truefoundry/terraform-aws-truefoundry-cluster

Folders and files

NameName
Last commit message
Last commit date
Nov 4, 2024
Nov 21, 2024
Jul 5, 2023
Jul 5, 2023
Feb 13, 2025
Nov 21, 2024
Feb 12, 2025
Feb 13, 2025
Nov 22, 2024
Nov 21, 2024
Nov 21, 2024
Feb 13, 2025
Nov 8, 2024

Repository files navigation

terraform-aws-truefoundry-cluster

Truefoundry EKS Module

Requirements

Name Version
terraform ~> 1.4
aws ~> 5.57

Providers

Name Version
aws ~> 5.57

Modules

Name Source Version
aws-eks-kubernetes-cluster terraform-aws-modules/eks/aws v20.33.1
eks_blueprints_addons aws-ia/eks-blueprints-addons/aws 1.19.0

Resources

Name Type
aws_eks_cluster.eks_cluster data source

Inputs

Name Description Type Default Required
additional_eks_managed_node_groups Map of additional EKS managed node group definitions to create any {} no
cloudwatch_log_group_retention_in_days Number of days to retain log events. Default retention - 7 days number 7 no
cluster_access_entries value of the access entries for the EKS cluster any {} no
cluster_additional_security_group_ids List of additional, externally created security group IDs to attach to the cluster control plane list(string) [] no
cluster_addons_coredns_additional_configurations Additional configurations for the coredns addon any {} no
cluster_addons_coredns_version Version of the CoreDNS addon string "v1.11.4-eksbuild.2" no
cluster_addons_eks_pod_identity_agent_additional_configurations Additional configurations for the kube proxy addon any {} no
cluster_addons_eks_pod_identity_agent_version Version of the EKS Pod Identity Agent addon string "v1.3.4-eksbuild.1" no
cluster_addons_kube_proxy_additional_configurations Additional configurations for the kube proxy addon any {} no
cluster_addons_kube_proxy_version Version of the kube-proxy addon string "v1.32.0-eksbuild.2" no
cluster_addons_vpc_cni_additional_configurations Additional configurations for the VPC CNI addon any {} no
cluster_addons_vpc_cni_version Version of the VPC CNI addon string "v1.19.2-eksbuild.5" no
cluster_authentication_mode value of the authentication mode for the EKS cluster string "API_AND_CONFIG_MAP" no
cluster_enabled_log_types A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) list(string)
[
"audit",
"api",
"authenticator"
]
no
cluster_endpoint_private_access Indicates whether or not the Amazon EKS private API server endpoint is enabled bool true no
cluster_endpoint_public_access Indicates whether or not the Amazon EKS public API server endpoint is enabled bool true no
cluster_endpoint_public_access_cidrs List of CIDR blocks which can access the Amazon EKS public API server endpoint list(string)
[
"0.0.0.0/0"
]
no
cluster_name Name of the EKS cluster. If use_existing_cluster is set to true, cluster_name will be used to fetch details only string n/a yes
cluster_security_group_additional_rules List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source any {} no
cluster_version EKS cluster version string "1.32" no
create_cloudwatch_log_group Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled bool true no
eks_managed_node_group_defaults Managed node group defaults any {} no
enable_cluster_log Enable cluster control plane logs bool true no
enable_irsa Determines whether to create an OpenID Connect Provider for EKS to enable IRSA bool true no
existing_cluster_node_role_arn IAM node role ARN for an existing cluster. This will only be used when use_existing_cluster is true string "" no
existing_cluster_node_security_group_id Node security group for an existing cluster. This will only be used when use_existing_cluster is true. string "" no
existing_cluster_oidc_issuer_arn OIDC issuer ARN for an existing cluster. This will only be used when use_existing_cluster is true. string "" no
existing_cluster_oidc_issuer_url OIDC issuer URL for an existing cluster. This will only be used when use_existing_cluster is true. string "" no
iam_role_additional_policies Additional policies to be added to the IAM role map(string) {} no
inital_node_pool_capacity_type capacity type for the initial node pool string "SPOT" no
initial_node_pool_ami_type AMI type for the initial node pool string "AL2023_x86_64_STANDARD" no
initial_node_pool_create_iam_role Create IAM role for the initial node pool bool true no
initial_node_pool_create_iam_role_policy Create IAM role policy for the initial node pool bool true no
initial_node_pool_create_node_template Create node template for the initial node pool bool true no
initial_node_pool_desired_size Desired size for the initial node pool number 2 no
initial_node_pool_enabled Create al2023 initial node pool for EKS managed node group bool true no
initial_node_pool_iam_role_additional_policies Additional policies to be added to the IAM role for the initial node pool map(string)
{
"karpenter": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
no
initial_node_pool_iam_role_attach_cni_policy Attach CNI policy to IAM role for the initial node pool bool true no
initial_node_pool_iam_role_tags IAM role tags for the initial node pool map(string) {} no
initial_node_pool_iam_role_use_name_prefix Use name prefix for IAM role for the initial node pool bool true no
initial_node_pool_instance_types Instance types for the initial node pool list(string)
[
"c7i.xlarge",
"m7i.xlarge",
"r7i.xlarge",
"r6i.xlarge",
"r6a.xlarge",
"c6i.xlarge",
"c6a.xlarge",
"m6a.xlarge"
]
no
initial_node_pool_labels Labels for the initial node pool map(string)
{
"truefoundry.cloud": "initial"
}
no
initial_node_pool_launch_template_use_name_prefix Use name prefix for launch template for the initial node pool bool true no
initial_node_pool_max_size Maximum size for the initial node pool number 2 no
initial_node_pool_metadata_options Metadata options for the initial node pool map(string) {} no
initial_node_pool_min_size Minimum size for the initial node pool number 2 no
karpenter_fargate_profile_attach_cni_policy Attach CNI policy to IAM role for Karpenter Fargate profile bool true no
karpenter_fargate_profile_create_iam_role Create IAM role for Karpenter Fargate profile bool true no
karpenter_fargate_profile_enabled Enable Karpenter Fargate profile bool false no
karpenter_fargate_profile_namespace value of the namespace where Karpenter is installed string "karpenter" no
node_security_group_additional_rules List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source any {} no
node_security_group_tags List of node security group tags any {} no
openid_connect_audiences List of OpenID Connect audience client IDs to add to the IRSA provider list(string) [] no
self_managed_node_group_defaults Self node group defaults any {} no
self_managed_node_groups Map of self-managed node group definitions to create any {} no
subnet_ids A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration list(string) [] no
tags A map of tags to add to all resources map(string) {} no
use_existing_cluster Flag to use an existing cluster. If this is true, a new EKS cluster will not be created bool false no
vpc_id ID of the VPC where the cluster and its nodes will be provisioned string null no

Outputs

Name Description
aws_access_entries Access entries for the EKS cluster security group
cloudwatch_log_group_arn Arn of cloudwatch log group created
cloudwatch_log_group_name Name of cloudwatch log group created
cluster_addons Map of attribute maps for all EKS cluster addons enabled
cluster_arn The Amazon Resource Name (ARN) of the cluster
cluster_certificate_authority_data Base64 encoded certificate data required to communicate with the cluster
cluster_endpoint Endpoint for your Kubernetes API server
cluster_iam_role_arn IAM role ARN of the EKS cluster
cluster_iam_role_name IAM role name of the EKS cluster
cluster_iam_role_unique_id Stable and unique string identifying the IAM role
cluster_id DEPRECATED - Use cluster_name
cluster_identity_providers Map of attribute maps for all EKS identity providers enabled
cluster_name The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready
cluster_oidc_issuer_url The URL on the EKS cluster for the OpenID Connect identity provider
cluster_platform_version Platform version for the cluster
cluster_primary_security_group_id Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console
cluster_security_group_arn Amazon Resource Name (ARN) of the cluster security group
cluster_security_group_id ID of the cluster security group
cluster_status Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED
eks_managed_node_groups Map of attribute maps for all EKS managed node groups created
fargate_profiles Map of attribute maps for all EKS Fargate Profiles created
node_security_group_arn Amazon Resource Name (ARN) of the node shared security group
node_security_group_id ID of the node shared security group
oidc_provider_arn The ARN of the OIDC Provider
self_managed_node_groups Map of attribute maps for all self managed node groups created
use_existing_cluster Flag to check if you are using an already existing cluster