Skip to content

JetBrains/terraform-aws-kubernetes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.chglog
.chglog
 
 
.githooks
.githooks
 
 
.github
.github
 
 
docs
docs
 
 
examples
examples
 
 
lib/Makefiles
lib/Makefiles
 
 
modules
modules
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.terraform-docs.yaml
.terraform-docs.yaml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENCE
LICENCE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
apps.tf
apps.tf
 
 
autoscaler.tf
autoscaler.tf
 
 
data.tf
data.tf
 
 
descheduler.tf
descheduler.tf
 
 
eks_addons.tf
eks_addons.tf
 
 
hpa_metrics_server.tf
hpa_metrics_server.tf
 
 
ingresses.tf
ingresses.tf
 
 
internal_network.tf
internal_network.tf
 
 
locals.tf
locals.tf
 
 
logging.tf
logging.tf
 
 
main.tf
main.tf
 
 
monitoring.tf
monitoring.tf
 
 
node_rebooter.tf
node_rebooter.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
storage.tf
storage.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-kubernetes

official JetBrains project

This repository contains a Terraform Module that sets up a Kubernetes infrastructure on AWS using Elastic Kubernetes Service (EKS). It provides flexibility in managing its own internal networking infrastructure or using an external one, and supports different types of node pools. The repository also includes guides for usage and contribution, automated tests, and examples for ready use.

Compatibility

The minimum supported Terraform version is: 1.3.0.

Features

  • Configure Kubernetes cluster network with options for internal and external networking, VPC settings, subnetting, DNS, DHCP, ACLs, VPC tags and other.

  • Support both AWS-managed and self-managed compute pools, with detailed configurations for instance types, scaling, and labeling.

  • Specify IAM roles and policies for the Kubernetes cluster, service accounts, and encryption key management.

  • Include addons for the Kubernetes cluster such as CoreDNS, VPC CNI, kube-proxy, and more with conflict resolution strategies.

  • Provide detailed storage class configurations, including default classes and custom classes with parameters like encryption and volume binding modes.

  • Set up monitoring, logging, and autoscaling using Helm charts with configurable repository, chart versions, and values.

  • Provide means for adding custom configurations to the Kubernetes cluster, such as custom Helm charts, manifests, and scripts.

Core concepts

Repository organization

  • examples: this folder contains ready to use examples that show how to use this Module;

  • tests: this folder contains a list of automated tests for this Module and examples;

  • lib: this folder contains a list of local utilities, mostly Makefiles, to support the contributor's maintenance effort of this Module;

  • modules: this folder contains a list of local Terraform modules that the Root Module uses;

  • .github: this folder contains a list of GitHub workflows to support contributions during change requests and releases of this Module.

Usage guides

Refer to this page for details in regard to cluster services usage instructions.

Contribution guides

Refer to this page for details in regard to contribution instructions.

Requirements

Name Version
terraform >= 1.3
aws >= 5.20
helm 2.7.0
kubectl >= 1.7.0
kubernetes >= 2.26.0

Providers

Name Version
aws >= 5.20
kubectl >= 1.7.0
kubernetes >= 2.26.0
null n/a
random n/a

Resources

Name Type
aws_eks_addon.ebs_csi_driver resource
aws_eks_addon.efs_csi_driver resource
aws_ssm_parameter.grafana_admin_password resource
aws_ssm_parameter.grafana_admin_username resource
kubectl_manifest.default_ec2_node_class resource
kubectl_manifest.default_node_pool resource
null_resource.wait_for_kubernetes_api_be_active resource
random_password.grafana_admin resource
random_pet.grafana_admin resource
aws_availability_zones.available data source
aws_caller_identity.current data source
aws_eks_cluster.this_cluster data source
aws_eks_cluster_auth.this_cluster data source
aws_iam_role.current data source
kubernetes_service_v1.kube_private_ingress_svc_url data source
kubernetes_service_v1.kube_public_ingress_svc_url data source

Inputs

Name Description Type Default Required
cluster_access_management The access management configuration for the Kubernetes cluster 
object({
    enable_cluster_creator_admin_permissions = optional(bool)
    list                                     = optional(map(any))
  })
 
{
  "enable_cluster_creator_admin_permissions": false,
  "list": null
}
 no
cluster_additional_apps List of additional apps packaged as Helm Charts to deploy in the Kubernetes cluster. 
list(object({
    namespace  = string
    repository = string
    repository_config = optional(object({
      repository_key_file  = optional(string)
      repository_cert_file = optional(string)
      repository_ca_file   = optional(string)
      repository_username  = optional(string)
      repository_password  = optional(string)
    }))
    app = object({
      name                       = string
      chart                      = string
      version                    = string
      force_update               = optional(bool)
      wait                       = optional(bool)
      recreate_pods              = optional(bool)
      max_history                = optional(number)
      lint                       = optional(bool)
      cleanup_on_fail            = optional(bool)
      create_namespace           = optional(bool)
      disable_webhooks           = optional(bool)
      verify                     = optional(bool)
      reuse_values               = optional(bool)
      reset_values               = optional(bool)
      atomic                     = optional(bool)
      skip_crds                  = optional(bool)
      render_subchart_notes      = optional(bool)
      disable_openapi_validation = optional(bool)
      wait_for_jobs              = optional(bool)
      dependency_update          = optional(bool)
      replace                    = optional(bool)
    })
    values = optional(any)
    params = optional(list(object({
      name  = string
      value = any
    })))
    secrets = optional(list(object({
      name  = string
      value = any
    })))
  }))
 [] no
cluster_additional_apps_create Whether to create additional apps in the Kubernetes cluster bool false no
cluster_additional_identity_providers The additional identity providers configuration for the Kubernetes cluster any {} no
cluster_addons_additional The additional addons configuration for the Kubernetes cluster any {} no
cluster_addons_default The addons configuration for the Kubernetes cluster any 
{
  "coredns": {
    "resolve_conflicts_on_create": "OVERWRITE",
    "resolve_conflicts_on_update": "OVERWRITE"
  },
  "eks-pod-identity-agent": {
    "resolve_conflicts_on_create": "OVERWRITE",
    "resolve_conflicts_on_update": "OVERWRITE"
  },
  "kube-proxy": {
    "resolve_conflicts_on_create": "OVERWRITE",
    "resolve_conflicts_on_update": "OVERWRITE"
  },
  "snapshot-controller": {
    "resolve_conflicts_on_create": "OVERWRITE",
    "resolve_conflicts_on_update": "OVERWRITE"
  },
  "vpc-cni": {
    "before_compute": true,
    "resolve_conflicts_on_create": "OVERWRITE",
    "resolve_conflicts_on_update": "OVERWRITE"
  }
}
 no
cluster_addons_timeouts The waiting timeouts configuration for the Kubernetes cluster addons 
object({
    create = optional(string)
    update = optional(string)
    delete = optional(string)
  })
 {} no
cluster_authentication_mode The authentication mode for the Kubernetes cluster string "API_AND_CONFIG_MAP" no
cluster_autoscaler The cluster autoscaler configuration for the Kubernetes cluster 
object({
    helm_chart_repository        = string
    helm_chart_repository_config = optional(string)
    helm_chart_version           = string
    helm_chart_name              = optional(string)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "helm_chart_name": "kube-karpenter",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "0.35.1"
}
 no
cluster_autoscaler_create Whether to create the cluster autoscaler for the Kubernetes cluster bool true no
cluster_autoscaler_subnet_selector The subnet selector for the cluster autoscaler string null no
cluster_cloudwatch_logging The logging configuration for the Kubernetes cluster 
object({
    enabled                     = optional(bool)
    log_types                   = optional(list(string))
    log_group_retention_in_days = optional(number)
    log_group_kms_key_id        = optional(string)
    log_group_class             = optional(string)
    log_group_tags              = optional(map(string))
  })
 
{
  "enabled": true,
  "log_group_class": null,
  "log_group_kms_key_id": null,
  "log_group_retention_in_days": 7,
  "log_group_tags": {},
  "log_types": [
    "api",
    "audit",
    "authenticator",
    "controllerManager",
    "scheduler"
  ]
}
 no
cluster_compute_pool_aws_managed The AWS managed compute pool configuration for the Kubernetes cluster 
object({
    defaults = optional(any)
    groups   = any
  })
 
{
  "defaults": {},
  "groups": {
    "main": {
      "capacity_type": "ON_DEMAND",
      "desired_size": 2,
      "disk_size": 100,
      "instance_types": [
        "t3a.2xlarge"
      ],
      "labels": {
        "node-type": "main"
      },
      "max_size": 2,
      "min_size": 2,
      "update_config": {
        "max_unavailable_percentage": 30
      },
      "use_custom_launch_template": false
    },
    "spot": {
      "capacity_type": "SPOT",
      "desired_size": 3,
      "disk_size": 100,
      "instance_types": [
        "t3a.2xlarge",
        "m5a.2xlarge",
        "c5a.2xlarge",
        "r5a.2xlarge",
        "t3a.large"
      ],
      "labels": {
        "node-type": "spot"
      },
      "max_size": 3,
      "min_size": 3,
      "update_config": {
        "max_unavailable_percentage": 30
      },
      "use_custom_launch_template": false
    }
  }
}
 no
cluster_compute_pool_fargate The Fargate compute pool configuration for the Kubernetes cluster 
object({
    defaults = optional(any)
    groups   = any
  })
 
{
  "defaults": {},
  "groups": {}
}
 no
cluster_compute_pool_self_managed The self managed compute pool configuration for the Kubernetes cluster 
object({
    defaults = optional(any)
    groups   = any
  })
 
{
  "defaults": {},
  "groups": {}
}
 no
cluster_custom_storage_classes Custom storage class objects for the current Kubernetes cluster that can be created in addition of as a substitution for the ones defined in the cluster_default_storage_storage_classes variable 
map(object({
    name                   = optional(string)
    annotations            = optional(any)
    reclaim_policy         = optional(string)
    volume_binding_mode    = optional(string)
    allow_volume_expansion = optional(bool)
    storage_provisioner    = optional(string)
    parameters             = optional(any)
  }))
 {} no
cluster_database_encryption_config The encryption configuration for the Kubernetes cluster 
object({
    provider_key_arn = optional(string)
    resources        = optional(list(string))
  })
 
{
  "provider_key_arn": null,
  "resources": [
    "secrets"
  ]
}
 no
cluster_default_storage_storage_classes The default standard storage class type for the current Kubernetes cluster 
map(object({
    name                   = optional(string)
    annotations            = optional(any)
    reclaim_policy         = optional(string)
    volume_binding_mode    = optional(string)
    allow_volume_expansion = optional(bool)
    parameters             = optional(any)
  }))
 
{
  "golden": {
    "allow_volume_expansion": true,
    "annotations": {
      "storageclass.kubernetes.io/is-default-class": "false"
    },
    "name": "golden",
    "parameters": {
      "allowAutoIOPSPerGBIncrease": true,
      "csi.storage.k8s.io/fstype": "ext3",
      "encrypted": true,
      "type": "io1"
    },
    "reclaim_policy": "Retain",
    "volume_binding_mode": "WaitForFirstConsumer"
  },
  "platinum": {
    "allow_volume_expansion": true,
    "annotations": {
      "storageclass.kubernetes.io/is-default-class": "false"
    },
    "name": "platinum",
    "parameters": {
      "allowAutoIOPSPerGBIncrease": true,
      "csi.storage.k8s.io/fstype": "xfs",
      "encrypted": true,
      "type": "io2"
    },
    "reclaim_policy": "Retain",
    "volume_binding_mode": "WaitForFirstConsumer"
  },
  "standard": {
    "allow_volume_expansion": true,
    "annotations": {
      "storageclass.kubernetes.io/is-default-class": "true"
    },
    "name": "standard",
    "parameters": {
      "allowAutoIOPSPerGBIncrease": true,
      "csi.storage.k8s.io/fstype": "ext3",
      "encrypted": true,
      "type": "gp3"
    },
    "reclaim_policy": "Retain",
    "volume_binding_mode": "WaitForFirstConsumer"
  }
}
 no
cluster_descheduler The descheduler configuration for the Kubernetes cluster 
object({
    helm_chart_repository        = optional(string)
    helm_chart_repository_config = optional(string)
    helm_chart_version           = optional(string)
    helm_chart_name              = optional(string)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "helm_chart_name": "kube-descheduler",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "0.29.0"
}
 no
cluster_descheduler_create Whether to create the descheduler for the Kubernetes cluster bool true no
cluster_enabled Whether to create the Kubernetes cluster bool true no
cluster_encryption_policy The encryption policy for the Kubernetes cluster 
object({
    attach_default  = optional(bool)
    use_name_prefix = optional(bool)
    name            = optional(string)
    description     = optional(string)
    path            = optional(string)
    tags            = optional(map(string))
  })
 
{
  "attach_default": true,
  "description": "Cluster encryption policy to allow cluster role to utilize CMK provided",
  "name": null,
  "path": null,
  "tags": {},
  "use_name_prefix": true
}
 no
cluster_iam The IAM role configuration for the Kubernetes cluster 
object({
    create_default_role       = optional(bool)
    role_arn                  = optional(string)
    role_name                 = optional(string)
    role_use_name_prefix      = optional(bool)
    role_path                 = optional(string)
    role_description          = optional(string)
    role_permissions_boundary = optional(string)
    role_additional_policies  = optional(map(string))
    role_tags                 = optional(map(string))
  })
 
{
  "create_default_role": true,
  "role_additional_policies": {},
  "role_arn": null,
  "role_description": null,
  "role_name": null,
  "role_path": null,
  "role_permissions_boundary": null,
  "role_tags": {},
  "role_use_name_prefix": true
}
 no
cluster_iam_role_for_service_account The IAM role configuration for the Kubernetes cluster service account 
object({
    enabled                         = optional(bool)
    include_oidc_root_ca_thumbprint = optional(bool)
    openid_connect_audiences        = optional(list(string))
    custom_oidc_thumbprints         = optional(list(string))
  })
 
{
  "custom_oidc_thumbprints": [],
  "enabled": true,
  "include_oidc_root_ca_thumbprint": true,
  "openid_connect_audiences": []
}
 no
cluster_kms The KMS configuration for the Kubernetes cluster 
object({
    enabled                       = optional(bool)
    key_description               = optional(string)
    key_deletion_window_in_days   = optional(string)
    enable_key_rotation           = optional(bool)
    key_enable_default_policy     = optional(bool)
    key_owners                    = optional(list(string))
    key_administrators            = optional(list(string))
    key_users                     = optional(list(string))
    key_service_users             = optional(list(string))
    key_source_policy_documents   = optional(list(string))
    key_override_policy_documents = optional(list(string))
    key_aliases                   = optional(list(string))
  })
 
{
  "enable_key_rotation": true,
  "enabled": true,
  "key_administrators": [],
  "key_aliases": [],
  "key_deletion_window_in_days": 30,
  "key_description": null,
  "key_enable_default_policy": true,
  "key_override_policy_documents": [],
  "key_owners": [],
  "key_service_users": [],
  "key_source_policy_documents": [],
  "key_users": []
}
 no
cluster_logging The cluster logging configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-grafana-loki",
  "helm_chart_namespace": "kube-monitoring",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "5.43.3"
}
 no
cluster_logging_collector The cluster logging collector configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-grafana-promtail",
  "helm_chart_namespace": "kube-monitoring",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "6.15.5"
}
 no
cluster_logging_create Whether to create the cluster logging service for the Kubernetes cluster bool true no
cluster_metrics_server The metrics server configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-metrics-server",
  "helm_chart_namespace": "kube-monitoring",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "3.12.0"
}
 no
cluster_metrics_server_create Whether to create the cluster metrics server for the Kubernetes cluster bool true no
cluster_monitoring The monitoring configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-prometheus-operator",
  "helm_chart_namespace": "kube-monitoring",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "56.21.1"
}
 no
cluster_monitoring_create Whether to create the monitoring for the Kubernetes cluster bool true no
cluster_network_external_control_plane_subnet_ids The IDs of the subnets to use for the control plane in the external network list(string) null no
cluster_network_external_node_subnet_ids The IDs of the subnets to use for the nodes in the external network list(string) null no
cluster_network_external_vpc_id The ID of the VPC to use for the external network string null no
cluster_network_internal_public_ingress_subnets_subnets_acls The ACLs configuration for the public subnets in the internal VPC 
object({
    enabled = bool
    inbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
    outbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
  })
 
{
  "enabled": false,
  "inbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ],
  "outbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ]
}
 no
cluster_network_internal_public_ingress_subnets_subnets_addresses The CIDR blocks to use for the public subnets in the internal VPC list(string) 
[
  "10.0.0.0/24",
  "10.0.1.0/24",
  "10.0.2.0/24"
]
 no
cluster_network_internal_public_ingress_subnets_subnets_assign_ipv6_address_on_creation Whether to assign an IPv6 address to the public subnets in the internal VPC bool false no
cluster_network_internal_public_ingress_subnets_subnets_enable_dns64 Whether to enable DNS64 for the public subnets in the internal VPC bool true no
cluster_network_internal_public_ingress_subnets_subnets_enable_resource_name_dns_a_record_on_launch Whether to enable resource name DNS A record on launch for the public subnets in the internal VPC bool false no
cluster_network_internal_public_ingress_subnets_subnets_enable_resource_name_dns_aaaa_record_on_launch Whether to enable resource name DNS AAAA record on launch for the public subnets in the internal VPC bool true no
cluster_network_internal_public_ingress_subnets_subnets_ipv6_native Whether to enable IPv6 native for the public subnets in the internal VPC bool false no
cluster_network_internal_public_ingress_subnets_subnets_ipv6_prefixes The IPv6 prefixes to use for the public subnets in the internal VPC list(string) [] no
cluster_network_internal_public_ingress_subnets_subnets_map_public_ip_on_launch Whether to map public IP on launch for the public subnets in the internal VPC bool false no
cluster_network_internal_public_ingress_subnets_subnets_private_dns_hostname_type_on_launch The private DNS hostname type on launch for the public subnets in the internal VPC string null no
cluster_network_internal_public_ingress_subnets_subnets_tags The tags configuration for the public subnets in the internal VPC 
object({
    tags               = optional(map(string))
    route_table_tags   = optional(map(string))
    subnet_tags_per_az = optional(map(map(string)))
    acl_tags           = optional(map(string))
  })
 
{
  "acl_tags": {},
  "route_table_tags": {},
  "subnet_tags_per_az": {},
  "tags": {}
}
 no
cluster_network_internal_vpc_availability_zones_number The number of availability zones to use for the internal VPC number 2 no
cluster_network_internal_vpc_cidr The CIDR block to use for the internal VPC string "10.0.0.0/16" no
cluster_network_internal_vpc_data_subnets_acls The ACLs configuration for the data subnets in the internal VPC 
object({
    enabled = bool
    inbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
    outbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
  })
 
{
  "enabled": false,
  "inbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ],
  "outbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ]
}
 no
cluster_network_internal_vpc_data_subnets_addresses The CIDR blocks to use for the data subnets in the internal VPC list(string) 
[
  "10.0.224.0/24",
  "10.0.225.0/24",
  "10.0.226.0/24"
]
 no
cluster_network_internal_vpc_data_subnets_assign_ipv6_address_on_creation Whether to assign an IPv6 address to the data subnets in the internal VPC bool false no
cluster_network_internal_vpc_data_subnets_dns_hostname_type_on_launch The DNS hostname type on launch for the data subnets in the internal VPC string null no
cluster_network_internal_vpc_data_subnets_enable_dns64 Whether to enable DNS64 for the data subnets in the internal VPC bool true no
cluster_network_internal_vpc_data_subnets_enable_resource_name_dns_a_record_on_launch Whether to enable resource name DNS A record on launch for the data subnets in the internal VPC bool false no
cluster_network_internal_vpc_data_subnets_enable_resource_name_dns_aaaa_record_on_launch Whether to enable resource name DNS AAAA record on launch for the data subnets in the internal VPC bool true no
cluster_network_internal_vpc_data_subnets_ipv6_native Whether to enable IPv6 native for the data subnets in the internal VPC bool false no
cluster_network_internal_vpc_data_subnets_ipv6_prefixes The IPv6 prefixes to use for the data subnets in the internal VPC list(string) [] no
cluster_network_internal_vpc_data_subnets_tags The tags configuration for the data subnets in the internal VPC 
object({
    tags     = optional(map(string))
    acl_tags = optional(map(string))
  })
 
{
  "acl_tags": {},
  "tags": {}
}
 no
cluster_network_internal_vpc_dhcp_options The DHCP options configuration for the internal VPC 
object({
    enabled              = bool
    domain_name          = string
    domain_name_servers  = optional(list(string))
    ntp_servers          = optional(list(string))
    netbios_name_servers = optional(list(string))
    netbios_node_type    = optional(string)
    tags                 = optional(map(string))
  })
 
{
  "domain_name": "",
  "domain_name_servers": [
    "AmazonProvidedDNS"
  ],
  "enabled": false,
  "netbios_name_servers": [],
  "netbios_node_type": "",
  "ntp_servers": [],
  "tags": {}
}
 no
cluster_network_internal_vpc_enable_dns_hostnames Whether to enable DNS hostnames for the internal VPC bool true no
cluster_network_internal_vpc_enable_dns_support Whether to enable DNS support for the internal VPC bool true no
cluster_network_internal_vpc_enable_network_address_usage_metrics Whether to enable network address usage metrics for the internal VPC bool false no
cluster_network_internal_vpc_endpoints The VPC endpoints configuration for the internal VPC 
object({
    enabled = bool
    services = optional(map(object({
      service             = string
      service_name        = optional(string)
      service_type        = optional(string)
      policy              = optional(string)
      auto_accept         = optional(bool)
      private_dns_enabled = optional(bool)
    })))
    security_group_ids = optional(list(string))
    dns_options = optional(object({
      dns_record_ip_type                             = optional(string)
      private_dns_only_for_inbound_resolver_endpoint = optional(bool)
    }))
    timeout_options = optional(object({
      create = optional(string)
      update = optional(string)
      delete = optional(string)
    }))
    tags = optional(map(string))
  })
 
{
  "dns_options": {},
  "enabled": false,
  "security_group_ids": [],
  "services": {},
  "tags": {},
  "timeout_options": {}
}
 no
cluster_network_internal_vpc_instance_tenancy The instance tenancy to use for the internal VPC string "default" no
cluster_network_internal_vpc_ipam_pool_options The IPAM pool configuration for the internal VPC 
object({
    enabled                              = bool
    ipv4_pool_id                         = string
    ipv4_netmask_length                  = number
    enable_ipv6                          = optional(bool)
    ipv6_cidr                            = optional(string)
    ipv6_pool_id                         = optional(string)
    ipv6_netmask_length                  = optional(number)
    ipv6_cidr_block_network_border_group = optional(string)
  })
 
{
  "enable_ipv6": false,
  "enabled": false,
  "ipv4_netmask_length": null,
  "ipv4_pool_id": null,
  "ipv6_cidr": null,
  "ipv6_cidr_block_network_border_group": null,
  "ipv6_netmask_length": null,
  "ipv6_pool_id": null
}
 no
cluster_network_internal_vpc_nat_gateway_type The type of NAT gateway to use for the internal VPC string "one_nat_gateway_per_az" no
cluster_network_internal_vpc_node_subnets_acls The ACLs configuration for the node subnets in the internal VPC 
object({
    enabled = bool
    inbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
    outbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
  })
 
{
  "enabled": false,
  "inbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ],
  "outbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ]
}
 no
cluster_network_internal_vpc_node_subnets_addresses The CIDR blocks to use for the node subnets in the internal VPC list(string) 
[
  "10.0.96.0/19",
  "10.0.128.0/19",
  "10.0.160.0/19"
]
 no
cluster_network_internal_vpc_node_subnets_assign_ipv6_address_on_creation Whether to assign an IPv6 address to the node subnets in the internal VPC bool false no
cluster_network_internal_vpc_node_subnets_enable_dns64 Whether to enable DNS64 for the node subnets in the internal VPC bool true no
cluster_network_internal_vpc_node_subnets_enable_resource_name_dns_a_record_on_launch Whether to enable resource name DNS A record on launch for the node subnets in the internal VPC bool false no
cluster_network_internal_vpc_node_subnets_enable_resource_name_dns_aaaa_record_on_launch Whether to enable resource name DNS AAAA record on launch for the node subnets in the internal VPC bool true no
cluster_network_internal_vpc_node_subnets_ipv6_native Whether to enable IPv6 native for the node subnets in the internal VPC bool false no
cluster_network_internal_vpc_node_subnets_ipv6_prefixes The IPv6 prefixes to use for the node subnets in the internal VPC list(string) [] no
cluster_network_internal_vpc_node_subnets_private_dns_hostname_type_on_launch The private DNS hostname type on launch for the node subnets in the internal VPC string null no
cluster_network_internal_vpc_node_subnets_tags The tags configuration for the node subnets in the internal VPC 
object({
    tags               = optional(map(string))
    route_table_tags   = optional(map(string))
    subnet_tags_per_az = optional(map(map(string)))
    acl_tags           = optional(map(string))
  })
 
{
  "acl_tags": {},
  "route_table_tags": {},
  "subnet_tags_per_az": {},
  "tags": {}
}
 no
cluster_network_internal_vpc_private_ingress_subnets_acls The ACLs configuration for the intranet subnets in the internal VPC 
object({
    enabled = bool
    inbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
    outbound_rules = optional(list(object({
      rule_number = number
      rule_action = string
      from_port   = number
      to_port     = number
      protocol    = optional(string)
      cidr_block  = string
    })))
  })
 
{
  "enabled": false,
  "inbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ],
  "outbound_rules": [
    {
      "cidr_block": "0.0.0.0/0",
      "from_port": 0,
      "protocol": "-1",
      "rule_action": "allow",
      "rule_number": 100,
      "to_port": 0
    }
  ]
}
 no
cluster_network_internal_vpc_private_ingress_subnets_addresses The CIDR blocks to use for the intranet subnets in the internal VPC list(string) 
[
  "10.0.64.0/24",
  "10.0.65.0/24",
  "10.0.66.0/24"
]
 no
cluster_network_internal_vpc_private_ingress_subnets_assign_ipv6_address_on_creation Whether to assign an IPv6 address to the intranet subnets in the internal VPC bool false no
cluster_network_internal_vpc_private_ingress_subnets_dns_hostname_type_on_launch The DNS hostname type on launch for the intranet subnets in the internal VPC string null no
cluster_network_internal_vpc_private_ingress_subnets_enable_dns64 Whether to enable DNS64 for the intranet subnets in the internal VPC bool true no
cluster_network_internal_vpc_private_ingress_subnets_enable_resource_name_dns_a_record_on_launch Whether to enable resource name DNS A record on launch for the intranet subnets in the internal VPC bool false no
cluster_network_internal_vpc_private_ingress_subnets_enable_resource_name_dns_aaaa_record_on_launch Whether to enable resource name DNS AAAA record on launch for the intranet subnets in the internal VPC bool true no
cluster_network_internal_vpc_private_ingress_subnets_ipv6_native Whether to enable IPv6 native for the intranet subnets in the internal VPC bool false no
cluster_network_internal_vpc_private_ingress_subnets_ipv6_prefixes The IPv6 prefixes to use for the intranet subnets in the internal VPC list(string) [] no
cluster_network_internal_vpc_private_ingress_subnets_tags The tags configuration for the intranet subnets in the internal VPC 
object({
    tags             = optional(map(string))
    route_table_tags = optional(map(string))
    acl_tags         = optional(map(string))
  })
 
{
  "acl_tags": {},
  "route_table_tags": {},
  "tags": {}
}
 no
cluster_network_internal_vpc_secondary_cidr_blocks The secondary CIDR blocks to use for the internal VPC list(string) [] no
cluster_network_internal_vpc_tags The tags to apply to the internal VPC map(string) {} no
cluster_network_type The type of network to create. If set to internal, a new VPC will be created. If set to external, an existing VPC will be used string "internal" no
cluster_node_patcher The node patcher configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-node-reboot",
  "helm_chart_namespace": "kube-node-rebooter",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "5.4.3"
}
 no
cluster_node_patcher_create Whether to create the node patcher for the Kubernetes cluster bool true no
cluster_node_security_group The security group configuration for the Kubernetes cluster nodes 
object({
    create_default             = optional(bool)
    id                         = optional(string)
    name                       = optional(string)
    use_name_prefix            = optional(bool)
    description                = optional(string)
    enable_efa_support         = optional(bool)
    enable_recommended_rules   = optional(bool)
    create_cni_ipv6_iam_policy = optional(bool)
    additional_rules           = optional(any)
    tags                       = optional(map(string))
  })
 
{
  "additional_rules": {},
  "create_cni_ipv6_iam_policy": false,
  "create_default": true,
  "description": "EKS node security group",
  "enable_efa_support": false,
  "enable_recommended_rules": true,
  "id": "",
  "name": null,
  "tags": {},
  "use_name_prefix": true
}
 no
cluster_private_ingress The cluster private ingress configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-ingress-nginx",
  "helm_chart_namespace": "kube-private-ingress",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "4.10.0"
}
 no
cluster_private_ingress_create Whether to create the private ingress for the Kubernetes cluster bool true no
cluster_public_ingress The cluster public ingress configuration for the Kubernetes cluster 
object({
    helm_chart_repository          = optional(string)
    helm_chart_repository_config   = optional(string)
    helm_chart_version             = optional(string)
    helm_chart_name                = optional(string)
    helm_chart_namespace           = optional(string)
    create_namespace_if_not_exists = optional(bool)
    helm_chart_params = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_secrets = optional(list(object({
      name  = string
      value = any
    })))
    helm_chart_values = optional(string)
  })
 
{
  "create_namespace_if_not_exists": true,
  "helm_chart_name": "kube-ingress-nginx",
  "helm_chart_namespace": "kube-public-ingress",
  "helm_chart_params": [],
  "helm_chart_repository": "oci://public.registry.jetbrains.space/p/helm/library",
  "helm_chart_repository_config": null,
  "helm_chart_secrets": [],
  "helm_chart_values": null,
  "helm_chart_version": "4.10.0"
}
 no
cluster_public_ingress_create Whether to create the public ingress for the Kubernetes cluster bool false no
cluster_security_group The security group configuration for the Kubernetes cluster 
object({
    create_default                     = optional(bool)
    create_primary_security_group_tags = optional(bool)
    id                                 = optional(string)
    name                               = optional(string)
    use_name_prefix                    = optional(bool)
    description                        = optional(string)
    additional_rules                   = optional(any)
    tags                               = optional(map(string))
  })
 
{
  "additional_rules": {},
  "create_default": true,
  "create_primary_security_group_tags": true,
  "description": "EKS cluster security group",
  "id": null,
  "name": null,
  "tags": {},
  "use_name_prefix": true
}
 no
cluster_service_network_config The internal service network configuration for the Kubernetes cluster 
object({
    ip_family         = optional(string)
    service_ipv4_cidr = optional(string)
    service_ipv6_cidr = optional(string)
  })
 
{
  "ip_family": "ipv4",
  "service_ipv4_cidr": null,
  "service_ipv6_cidr": null
}
 no
cluster_storage_classes_create Whether to create the custom storage classes for the Kubernetes cluster bool true no
cluster_tags The tags to apply to the Kubernetes cluster map(string) {} no
cluster_timeouts The waiting timeouts configuration for the Kubernetes cluster 
object({
    create = optional(string)
    update = optional(string)
    delete = optional(string)
  })
 
{
  "create": "45m",
  "delete": "30m",
  "update": "60m"
}
 no
cluster_version The version of the Kubernetes cluster string "1.29" no
cluster_vpc_config The VPC configuration for the Kubernetes cluster 
object({
    additional_security_group_ids           = optional(list(string))
    endpoint_public_access                  = optional(bool)
    endpoint_private_access                 = optional(bool)
    endpoint_public_access_allow_from_cidrs = optional(list(string))
  })
 
{
  "additional_security_group_ids": [],
  "endpoint_private_access": true,
  "endpoint_public_access": true,
  "endpoint_public_access_allow_from_cidrs": [
    "0.0.0.0/0"
  ]
}
 no
prefix The prefix to be used for all resources in this module string "kube" no
tags Specify a list of tags as key/value pairs. These tags will be applied to all resources created by this module map(string) 
{
  "ResourceCreatedBy": "TerraformModule:terraform-aws-kubernetes"
}
 no

Outputs

Name Description
cluster Configuration of the Kubernetes cluster
cluster_additional_apps Additional apps' configurations
cluster_autoscaler Autoscaler configuration for the Kubernetes cluster
cluster_autoscaler_resources Autoscaler resources for the Kubernetes cluster to be used by Cluster Users
cluster_descheduler Descheduler configuration for the Kubernetes cluster
cluster_ingresses Ingresses for the Kubernetes cluster
cluster_logging Cluster logging configuration for the Kubernetes cluster
cluster_monitoring Monitoring configuration for the Kubernetes cluster
cluster_network Configuration of the internal network
cluster_node_rebooter Node rebooter configuration for the Kubernetes cluster
cluster_ssm_params_paths SSM parameters paths exported by the module for the Kubernetes cluster
cluster_storage_classes Storage classes for the Kubernetes cluster

About

This repository contains a Terraform Module that implements an architectural blueprint for EKS.

Topics

kubernetes aws terraform eks platform-as-code landing-zone-component

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

10 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages