/terraform-aws-rke2

Primary LanguageHCLMIT LicenseMIT

terraform-aws-rke2

Terraform module to buld a simple RKE2 cluster.

Basic type

Seed RKE2 server + server replica + Agents + 2NLB Basic

Single type

Seed RKE2 server + Agents + EIP + Private Domain Single

Requirements

Name Version
terraform >= 1.3
aws >= 4.40
random >= 3.4.0

Providers

Name Version
aws >= 4.40
random >= 3.4.0

Modules

Name Source Version
agent ./modules/node_pool n/a
bucket ./modules/bucket n/a
cluster_server_sg terraform-aws-modules/security-group/aws 4.9.0
configs ./modules/config n/a
control_plane ./modules/node_pool n/a
control_plane_seed ./modules/node_pool n/a
inter_cluster_sg terraform-aws-modules/security-group/aws 4.9.0
restore_policy terraform-aws-modules/iam/aws//modules/iam-policy 5.3.0
role_agent ./modules/role n/a
role_control_plane ./modules/role n/a

Resources

Name Type
aws_cloudwatch_event_rule.delete_node resource
aws_cloudwatch_event_target.delete_node_cmd resource
aws_eip.seed resource
aws_iam_policy.eip_associate_policy resource
aws_iam_policy.targetgroup_register_policy resource
aws_iam_role.ssm_run_command_role resource
aws_lb.api_nlb resource
aws_lb.cluster_nlb resource
aws_lb_listener.cluster_api resource
aws_lb_listener.cluster_server resource
aws_lb_listener.kube_api resource
aws_lb_target_group.cluster_api resource
aws_lb_target_group.cluster_server resource
aws_lb_target_group.kube_api resource
aws_placement_group.control_plane resource
aws_route53_record.seed resource
aws_route53_zone.private resource
aws_ssm_document.control_rke2 resource
aws_ssm_document.restore_rke2 resource
aws_ssm_document.restore_server resource
aws_ssm_document.take_snapshot resource
aws_ssm_document.update_kubeconfig resource
random_string.token resource
aws_caller_identity.current data source
aws_iam_policy_document.event_bus_role_assume_policy data source
aws_iam_policy_document.event_bus_role_policy data source
aws_iam_policy_document.restore_policy data source
aws_iam_policy_document.seed_eip data source
aws_iam_policy_document.targetgroup_register_policy data source
aws_region.current data source
aws_route53_zone.private data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
add_server_taint True if add server taint.
Note: The NGINX Ingress and Metrics Server addons will not be deployed
when all nodes are tainted with CriticalAddonsOnly.
If your server nodes are so tainted, these addons will remain pending
until untainted agent nodes are added to the cluster.		 bool false no
addons Addon configurations 
object({
    aws_ebs_csi_driver = optional(string, "none")
  })
 
{
  "aws_ebs_csi_driver": "none"
}
 no
agent control plane configurations 
object({
    subnet_ids         = list(string)
    security_group_ids = optional(list(string), [])
    allocate_public_ip = bool
    policy             = optional(map(string), {})
    target_group_arns  = optional(list(string), [])
    nodepools = list(object({
      name             = string
      min_size         = optional(number, 1)
      max_size         = optional(number, 3)
      desired_capacity = optional(number, 3)
      instance_types   = optional(list(string), ["t3.medium"])
      volume_size      = optional(number, 20)
      cpu_credits      = optional(string)
      monitoring       = optional(bool, false)

      ignore_desired_capacity_changes = optional(bool, true)

      instances_distribution = object({
        on_demand_base_capacity                  = optional(number)
        on_demand_allocation_strategy            = optional(string)
        on_demand_percentage_above_base_capacity = optional(number)
        spot_allocation_strategy                 = optional(string)
        spot_max_price                           = optional(string)
      })
    }))
  })
 n/a yes
api_endpoint_ip_white_list CIDR blocks that can access to control plane list(string) 
[
  "0.0.0.0/0"
]
 no
api_endpoint_subnet_ids subnets for loadbalancer to controller kube API list(string) n/a yes
bucket_name backupt bucket name string "" no
cluster_name cluster name string n/a yes
control_plane control plane configurations 
object({
    subnet_ids         = list(string)
    security_group_ids = optional(list(string), [])
    allocate_public_ip = bool
    policy             = optional(map(string), {})
    # Single instance uses EIP
    single = optional(bool, false)
    nodepools = list(object({
      # TODO: Allow subnet IDs to be specified.
      name                   = string
      size                   = number
      volume_size            = optional(number, 20)
      instance_types         = list(string)
      instances_distribution = any
      cpu_credits            = optional(string)
      monitoring             = optional(bool, false)
    }))
  })
 n/a yes
disabled_server_charts Specify disabled server charts ammong rke2-canal, rke2-coredns, rke2-ingress-nginx, rke2-metrics-server list(string) [] no
extra_ssh_keys extra ssh keys list(string) [] no
internal_zone_id Private Route53 zone id to register server node(s) when control_plane.single is true.
Zone sholud be associated with vpc		 string null no
os_type Type of Operating System. Ubuntu or openSUSE string "Ubuntu" no
prefix name prefix string "" no
rke2_version REK2 version like 'v1.20.8+rke2r1' string "" no
server_fqdn server fqdn string "" no
ssh_key_name instance ssh key name string "" no
startup Enable and start RKE2 bool true no
tags tags map(string) {} no
tls_san tls sans list(string) [] no
token server token string "" no
vpc_id VPC ID string "" no

Outputs

Name Description
agent_autoscaling_group_arns List of arn of autoscaling group generated
agent_autoscaling_group_ids List of agent's Autoscaling group ID
ec2_fleet_arns List of arn of ec2 fleet generated
ec2_fleet_ids List of id of ec2 fleet generated