/truemark-terraform-aws-eks

Standard TrueMark AWS EKS Terraform module

Primary LanguageHCLBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Requirements

Name Version
terraform >= 0.12.26
aws >= 3.15
kubectl >= 1.7.0
kubernetes >= 2.10.0

Providers

Name Version
aws >= 3.15
aws.us-east-1 >= 3.15
helm n/a
kubectl >= 1.7.0
kubernetes >= 2.10.0

Modules

Name Source Version
ebs_csi_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks n/a
eks terraform-aws-modules/eks/aws ~> 19.0
external_secrets_irsa terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks n/a
karpenter terraform-aws-modules/eks/aws//modules/karpenter n/a
vpc_cni_irsa terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks n/a

Resources

Name Type
aws_iam_policy.aws_load_balancer_controller resource
aws_iam_role.aws_load_balancer_controller resource
aws_iam_role_policy_attachment.aws_load_balancer_controller resource
helm_release.aws_load_balancer_controller resource
helm_release.external_secrets resource
helm_release.karpenter resource
kubectl_manifest.gp2 resource
kubernetes_namespace.external_secrets resource
kubernetes_storage_class.gp3 resource
kubernetes_storage_class.gp3_xfs_encrypted resource
aws_caller_identity.current data source
aws_ecrpublic_authorization_token.token data source
aws_eks_cluster_auth.cluster data source
aws_iam_policy_document.aws_load_balancer_controller_full data source
aws_iam_roles.support_role data source
aws_region.current data source

Inputs

Name Description Type Default Required
cluster_additional_security_group_ids List of additional, externally created security group IDs to attach to the cluster control plane list(string) [] no
cluster_endpoint_private_access Indicates whether or not the Amazon EKS private API server endpoint is enabled. bool true no
cluster_endpoint_public_access Indicates whether or not the Amazon EKS public API server endpoint is enabled. bool false no
cluster_name Name of the EKS cluster. string "" no
cluster_security_group_additional_rules List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source any {} no
cluster_version Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24) string "1.23" no
eks_managed_node_group_defaults Map of EKS managed node group default configurations. any {} no
eks_managed_node_groups Map of EKS managed node group definitions to create. any {} no
enable_karpenter Add karpenter to the cluster bool true no
external_secrets_kms_key_arns List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:kms:::key/*"
]
 no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no
sso_roles AWS SSO roles that will be mapped to RBAC roles. 
list(object({
    role_name = string,
    groups    = list(string),
  }))
 [] no
subnets_ids A list of subnet IDs where the nodes/node groups will be provisioned. list(string) [] no
tags A map of tags to add to all resources. map(string) {} no
vpc_id ID of the VPC where the cluster and its nodes will be provisioned. string null no

Outputs

Name Description
cluster_arn The Amazon Resource Name (ARN) of the cluster
cluster_iam_role_arn IAM role ARN of the EKS cluster
cluster_id The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready
cluster_identity_providers Map of attribute maps for all EKS identity providers enabled
cluster_oidc_issuer_url The URL on the EKS cluster for the OpenID Connect identity provider
cluster_security_group_arn Amazon Resource Name (ARN) of the cluster security group
cluster_security_group_id ID of the cluster security group
cluster_tls_certificate_sha1_fingerprint The SHA1 fingerprint of the public key of the cluster's certificate
eks_managed_node_groups Map of attribute maps for all EKS managed node groups created
eks_managed_node_groups_autoscaling_group_names List of the autoscaling group names created by EKS managed node groups
fargate_profiles Map of attribute maps for all EKS Fargate Profiles created
node_security_group_arn Amazon Resource Name (ARN) of the node shared security group
node_security_group_id ID of the node shared security group
oidc_provider The OpenID Connect identity provider (issuer URL without leading https://)
oidc_provider_arn The ARN of the OIDC Provider if enable_irsa = true
self_managed_node_groups Map of attribute maps for all self managed node groups created
self_managed_node_groups_autoscaling_group_names List of the autoscaling group names created by self-managed node groups