/iac-aws-eks

Repository to store and version a terraform custom module developed to understand how to build an EKS cluster

Primary LanguageHCL

Terraform EKS Module

ToDos

  • Review the ingress loadbalancer creation: Make it external and NLB
  • Add test cluster auto-scaler
  • Add kubernetes-metrics-server
  • Add GP3 storage class
  • Add tags to all the resources
  • Add variables for hard-coded content
  • Refactor repetitive code sections to use inline loops (addons, node-groups)
  • Add a new nodegroup for ingress and taint to reserve the instances
  • Enhance auth_config to be able to receive multiple roles
  • Include tests with terratest
  • Make it a module and move the provider configuration to the readme to explain how to use the module

Requirements

Name Version
aws 5.10.0
helm 2.11.0
kubernetes 2.22.0

Providers

Name Version
aws 5.10.0
helm 2.11.0
kubernetes 2.22.0
tls 4.0.4

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.eks_log_groups resource
aws_eks_addon.cni resource
aws_eks_addon.core_dns resource
aws_eks_addon.ebs_csi_driver resource
aws_eks_addon.kube_proxy resource
aws_eks_cluster.cluster resource
aws_eks_node_group.nodes resource
aws_iam_openid_connect_provider.oidc resource
aws_iam_policy.aws_loadbalancer_controller_policy resource
aws_iam_policy.ebs_csi_driver_policy resource
aws_iam_policy.eks_cluster_autoscaler_policy resource
aws_iam_role.controlplane_role resource
aws_iam_role.eks_cluster_autoscaler_role resource
aws_iam_role.loadbalancer_controller_role resource
aws_iam_role.nodegroups_role resource
aws_iam_role_policy_attachment.autoscaler_role_attachment resource
aws_iam_role_policy_attachment.controlplane_role_attachment_AmazonEKSClusterPolicy resource
aws_iam_role_policy_attachment.controlplane_role_attachment_AmazonEKSVPCResourceController resource
aws_iam_role_policy_attachment.ebs_csi_driver_policy_attachment resource
aws_iam_role_policy_attachment.loadbalancer_role_attachment resource
aws_iam_role_policy_attachment.nodegroups_role_attachment_AmazonEC2ContainerRegistryReadOnly resource
aws_iam_role_policy_attachment.nodegroups_role_attachment_AmazonEKSWorkerNodePolicy resource
aws_iam_role_policy_attachment.nodegroups_role_attachment_AmazonEKS_CNI_Policy resource
aws_kms_alias.eks_secrets_encryption_alias resource
aws_kms_key.eks_secrets_encryption resource
helm_release.aws_loadbalancer_controller resource
helm_release.cluster_autoscaler resource
helm_release.kubernetes_metrics_server resource
helm_release.nginx_ingress_controller resource
kubernetes_config_map.aws_auth resource
kubernetes_service_account.loadbalancer_controller_service_account resource
aws_eks_cluster_auth.this data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.aws_load_balancer_controller_assume_role data source
aws_iam_policy_document.eks_cluster_autoscaler_assume_role data source
aws_iam_policy_document.nodegroups_assume_role data source
aws_region.current data source
tls_certificate.this data source

Inputs

Name Description Type Default Required
eks_version Cluster version string "1.25" no
name The default name for the majority of resources string "devops" no
private_subnets List of subnets where cluster will spin it's nodes list(string) 
[
  "subnet-07679ba9b8dee988f",
  "subnet-0127fe1a3ce8e320a",
  "subnet-02655d15792b5a3d6"
]
 no
vpc_id VPC string "vpc-0d7ee178466caab08" no
workload_nodegroup_flavors Flavor of of the nodes that composes the nodegroup list(string) 
[
  "t3.large",
  "t3.xlarge"
]
 no

Outputs

Name Description
endpoint n/a
kubeconfig-certificate-authority-data n/a