This module is no longer being maintained
This module provisions an EKS control plane and a Worker node ASG. Adds the aws-auth ConfigMap from the Terraform Kubernetes Provider, allowing worker nodes to automatically join the control plane without the need for a separate kubectl command. The module is dependent on a configured VPC.
It takes about ~10 mins for a control plane to converge.
This module does not work with the Kubernetes provider version 1.11 and has been pinned to version 1.10. A change has been made that now impacts the current design.
The EKS worker nodes are configure by default to support Session Manager connections. This provides shell access to an EKS worker node, without the need for a bastion host and a key rotation/management policy. Access to Session Manager can be managed by IAM roles & Policies and provides a full history of connected sessions. More information on how to start a session can be found here - https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html
EKs control plane logging is set to persist logs to the /aws/eks/${var.cluster_name/cluster} log group.
EKS worker nodes now log ship the following instance logs to the CloudWatch log group /aws/eks/${var.cluster_name}/node_logs
-
/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.logto thecloudwatch-agent-{instance_id}stream. -
/var/log/cloud-init-output.logto thecloud-init-output-{instance_id}stream. -
/var/log/messages"to thesyslog-{instance_id}stream.
The variable cloudwatch_log_retention controls how long logs are stored for all log groups.
This module provides optional support for the Kube2Iam pattern. The setting will create the IAM roles and policies to allow the worker node role to assume the role requires for a specific Kubernetes service.
All service roles must be prefixed with k8s- in order to assume the role.
At this stage, this module does not apply the Kube2Iam manifest. This is currently out of scope for this module.
More information on Kube2Iam can be found here - https://github.com/jtblin/kube2iam
An example has been provided at examples/default. This example can be used to understand how to implement this module.
| Name | Version |
|---|---|
| aws | ~> 2.19 |
| kubernetes | 1.10 |
| template | ~> 2.1.2 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_name | The EKS cluster name | any |
n/a | yes |
| k8s_version | The K8s version to use on the cluster | any |
n/a | yes |
| maproles_team_role_arn | The arn of the IAM role that maps to a Kubernetes role | any |
n/a | yes |
| vpc_id | The vpc_id that the cluster will bind to | any |
n/a | yes |
| worker_asg_desired_count | Desired number of nodes for worker asg | any |
n/a | yes |
| worker_asg_max_size | Maximum number of nodes for worker asg | any |
n/a | yes |
| worker_node_instance_type | Instance type used for EKS worker Nodes | any |
n/a | yes |
| cloudwatch_log_retention | The retention period in days for all CloudWatch Log Group. Defaults to 7 days |
number |
7 |
no |
| eks_master_subnet_ids | Subnet ids for the EKS Master Cluster | list |
[] |
no |
| eks_vpc_enable_endpoint_private_access | Enable EKS cluster endpoint from within the VPC | bool |
true |
no |
| eks_vpc_enable_endpoint_public_access | Enable EKS cluster endpoint from the internet | bool |
false |
no |
| eks_worker_subnet_ids | Subnet ids for the EKS worker nodes | list |
[] |
no |
| maproles_username | The user name of the product teams for the maprole config | string |
"kubectl-user-access" |
no |
| ssh_key_name | The key pair to use for ssh connections | string |
"" |
no |
| supports_kube2iam | A flag to control if an additional IAM policy to assume roles for Kube2Iam is added to worker node role | bool |
false |
no |
| worker_asg_min_size | Minimum number of nodes for worker asg | number |
1 |
no |
| Name | Description |
|---|---|
| cluster_config | Kube config file of the current cluster |
| cluster_endpoint | EKS control plane endpoint |
| cluster_name | Name of the EKS Cluster |
| platform_version | EKS platform version |
| version | EKS Kubernetes version |