Skip to content

Terraform module for managing EKS clusters in AWS

License

Notifications You must be signed in to change notification settings

yetisage/tf-aws-eks-cluster

 
 

Repository files navigation

Netic AWS Terraform EKS Cluster

Supported Terraform Versions

Terraform 0.12

Usage

module "vpc" {
  source = "github.com/neticdk/tf-aws-vpc"
  [...]
}

module "eks_workers" {
  source = "github.com/neticdk/tf-aws-eks-workers"
  [...]
}

module "eks_cluster" {
  source = "github.com/neticdk/tf-aws-eks-cluster"

  name            = var.eks_cluster_name
  cluster_version = var.eks_cluster_version
  subnets         = module.vpc.private_subnets
  vpc_id          = module.vpc.vpc_id

  workers_security_group_ids   = [module.eks_workers.security_group_id]
  workers_security_group_count = 1

  cluster_admin_account_id = "123456789012"

  aws_role_name = "eks-global-cluster-admin"

  map_roles = [
    {
      role_arn = "arn:aws:iam::123456789012:role/sysadmin"
      username = "sysadmin"
      group    = "system:masters"
    },
    {
      role_arn = "arn:aws:iam::123456789012:role/cicd"
      username = "cicd"
    },
  ]
  map_roles_count = 2
}

Inputs

Name Description Type Default Required
allowed_cidr_blocks List of CIDR blocks allowed to connect to the cluster list <list> no
allowed_security_groups List of additoinal security group ids allowed to connect to the cluster list <list> no
allowed_security_groups_count Count of allowed security groups string "0" no
aws_profile_name AWS Profile Name to use when calling kubectl string "futadmin" no
aws_role_name AWS Role Name to use when calling kubectl string "eks-global-cluster-admin" no
cluster_admin_account_id Account ID of account that needs to be trusted for assuming the cluster admin role string n/a yes
cluster_version Cluster Version string "" no
global_cluster_admin_group Name of IAM group that will be allowed to assume the global cluster admin role string "EKSGlobalClusterAdmins" no
global_cluster_admin_role Name of IAM role that will be added to the system:masters group string "eks-global-cluster-admin" no
map_roles Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. list <list> no
map_roles_count The count of roles in the map_roles list. string "0" no
name EKS Cluster Name string n/a yes
subnets List of subnets to launch the cluster in list(string) n/a yes
tags A map of tags to add to all resources map <map> no
vpc_id VPC ID string n/a yes
workers_security_group_count Number of security group ids string n/a yes
workers_security_group_ids List of worker security group ids allowed to connect to the cluster list(string) n/a yes

Outputs

Name Description
cluster_admin_arn ARN of the EKS cluster admin role
eks_cluster_arn The Amazon Resource Name (ARN) of the cluster
eks_cluster_certificate_authority_data The base64 encoded certificate data required to communicate with the cluster
eks_cluster_endpoint The endpoint for the Kubernetes API server
eks_cluster_id The name of the cluster
eks_cluster_version The Kubernetes server version of the cluster
iam_role_name_workers IAM role name for EKS worker groups
instance_profile_name Name of the instance profile created for the worker nodes
kubeconfig kubeconfig configuration to connect to the cluster using kubectl.
kubeconfig_path Where kubeconfig exists
security_group_id

Copyright

Copyright (c) 2019 Netic A/S. All rights reserved.

License

MIT Licened. See LICENSE for full details.

About

Terraform module for managing EKS clusters in AWS

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HCL 95.9%
  • Smarty 4.1%