A Terraform module for configuring Amazon Elastic Kubernetes Service (EKS).
Amazon EKS is a managed service that makes it easy for you to use Kubernetes on AWS without needing to install and operate your own Kubernetes control plane.
This Terraform module provides an opinionated deployment of Amazon EKS. It comprises the following:
- Managed Kubernetes control plane via Amazon EKS
- Compute via managed node groups for running Kubernetes workloads
- Amazon VPC and subnets with public and private subnets (recommended)
- Authentication via AWS IAM
- Authorization via native Kubernetes Role Based Access Control (RBAC)
- AWS Application Load Balancer (ALB) for Kubernetes Ingress
| Name | Type |
|---|---|
| aws_kms_key.eks | resource |
| aws_security_group.additional | resource |
| null_resource.patch | resource |
| aws_eks_cluster_auth.cluster_auth | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_endpoint_private_access | Whether to enable endpoint private access. You can enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. When you enable endpoint private access for your cluster, Amazon EKS creates a Route 53 private hosted zone on your behalf and associates it with your cluster's VPC. This private hosted zone is managed by Amazon EKS, and it doesn't appear in your account's Route 53 resources. In order for the private hosted zone to properly route traffic to your API server, your VPC must have enableDnsHostnames and enableDnsSupport set to true, and the DHCP options set for your VPC must include AmazonProvidedDNS in its domain name servers list. See the AWS documentation on Amazon EKS cluster endpoint access control: * https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html |
bool |
false |
no |
| cluster_endpoint_public_access | Whether to enable endpoint public access. By default, the Kubernetes API server endpoint server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC). See the AWS documentation on Amazon EKS cluster endpoint access control: * https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html |
bool |
true |
no |
| cluster_name | Name of the EKS cluster | string |
"" |
no |
| cluster_version | Version of Kubernetes to use for the EKS cluster (ex. 1.24). For a list of available versions, see the following documentation: * https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html |
string |
null |
no |
| Name | Description |
|---|---|
| aws_auth_configmap_yaml | Formatted YAML output of the aws-auth ConfigMap |
| cloudwatch_log_group_arn | ARN of CloudWatch log group |
| cloudwatch_log_group_name | Name of CloudWatch log group |
| cluster_addons | Map of attribute maps for all enabled EKS cluster add-ons. For a list of available Amazon EKS add-ons, see the following documentation: * https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html |
| cluster_arn | ARN of the EKS cluster |
| cluster_certificate_authority_data | Base64-encoded certificate data required to communicate with your cluster |
| cluster_endpoint | Endpoint for the Kubernetes API server |
| cluster_iam_role_arn | ARN of the EKS cluster IAM role |
| cluster_iam_role_name | EKS cluster IAM role. This role is used by the Kubernetes cluster managed by Amazon EKS to make calls to other AWS services on your behalf to manage the resources that you use with the service. |
| cluster_iam_role_unique_id | Stable and unique string identifying the IAM role |
| cluster_id | Name of the cluster |
| cluster_identity_providers | Map of attribute maps for all enabled EKS identity providers |
| cluster_oidc_issuer_url | Issuer URL for the OpenID Connect identity provider |
| cluster_platform_version | Platform version for the EKS cluster |
| cluster_security_group_arn | ARN of the EKS cluster security group |
| cluster_security_group_id | EKS cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. This security group is referred to as the 'Cluster security group' in the Amazon EKS console. |
| cluster_status | Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED |
| eks_managed_node_groups | Map of attribute maps for EKS managed node groups |
| oidc_provider_arn | The ARN of the OIDC provider if enable_irsa = true |