AWS EKS

Amazon Elastic Kubernetes Service (EKS) cluster configuration and deployment.

Requirements

Name

Version

terraform

>= 1.0

aws

>= 5.61, < 6.0.0

helm

>= 2.10.1, < 3.0.0

kubernetes

>= 2.13.0

null

>= 3.2.1

random

>= 3.5.1

Providers

Name

Version

aws

>= 5.61, < 6.0.0

helm

>= 2.10.1, < 3.0.0

kubernetes

>= 2.13.0

null

>= 3.2.1

random

>= 3.5.1

Modules

Name

Source

Version

aws_node_termination_handler_role

terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc

5.54.0

eks

terraform-aws-modules/eks/aws

20.36.0

Resources

Name

Type

aws_autoscaling_group_tag.autoscaling_group_tag

resource

aws_autoscaling_lifecycle_hook.aws_node_termination_handler

resource

aws_cloudwatch_event_rule.aws_node_termination_handler_asg

resource

aws_cloudwatch_event_rule.aws_node_termination_handler_spot

resource

aws_iam_policy.aws_node_termination_handler

resource

aws_iam_policy.ebs_csi_driver

resource

aws_iam_policy.efs_csi_driver

resource

aws_iam_policy.worker_autoscaling

resource

aws_iam_policy_attachment.workers_autoscaling

resource

aws_iam_role.ebs_csi_driver

resource

aws_iam_role.efs_csi_driver

resource

aws_iam_role_policy_attachment.ebs_csi_driver

resource

aws_iam_role_policy_attachment.efs_csi_driver

resource

helm_release.aws_node_termination_handler

resource

helm_release.cluster_autoscaler

resource

helm_release.ebs_csi

resource

helm_release.efs_csi

resource

helm_release.eni_config

resource

kubernetes_config_map_v1_data.amazon_vpc_cni

resource

kubernetes_service_account.ebs_csi_driver_controller

resource

kubernetes_service_account.ebs_csi_driver_node

resource

kubernetes_service_account.efs_csi_driver_controller

resource

kubernetes_service_account.efs_csi_driver_node

resource

null_resource.change_cni_label

resource

null_resource.patch_coredns

resource

null_resource.update_kubeconfig

resource

random_string.random_resources

resource

aws_autoscaling_groups.groups

data source

aws_availability_zones.available

data source

aws_iam_policy_document.aws_node_termination_handler

data source

aws_iam_policy_document.ebs_csi_driver

data source

aws_iam_policy_document.efs_csi_driver

data source

aws_iam_policy_document.worker_autoscaling

data source

aws_region.current

data source

Inputs

Name

Description

Type

Default

Required

chart_name

Name for chart

string

"eniconfig"

no

chart_namespace

Version for chart

string

"default"

no

chart_repository

Path to the charts repository

string

"../../../charts"

no

chart_version

Version for chart

string

"0.1.0"

no

cluster_autoscaler_expander

Type of node group expander to be used in scale up.

string

"random"

no

cluster_autoscaler_image

Image name of the cluster autoscaler

string

n/a

yes

cluster_autoscaler_max_node_provision_time

Maximum time CA waits for node to be provisioned

string

"15m"

no

cluster_autoscaler_min_replica_count

Minimum number or replicas that a replica set or replication controller should have to allow their pods deletion in scale down

number

0

no

cluster_autoscaler_namespace

Cluster autoscaler namespace

string

n/a

yes

cluster_autoscaler_repository

Path to cluster autoscaler helm chart repository

string

n/a

yes

cluster_autoscaler_scale_down_delay_after_add

How long after scale up that scale down evaluation resumes

string

"10m"

no

cluster_autoscaler_scale_down_delay_after_delete

How long after node deletion that scale down evaluation resumes, defaults to scan-interval

string

n/a

yes

cluster_autoscaler_scale_down_delay_after_failure

How long after scale down failure that scale down evaluation resumes

string

"3m"

no

cluster_autoscaler_scale_down_enabled

Should CA scale down the cluster

bool

true

no

cluster_autoscaler_scale_down_non_empty_candidates_count

Maximum number of non empty nodes considered in one iteration as candidates for scale down with drain

number

30

no

cluster_autoscaler_scale_down_unneeded_time

How long a node should be unneeded before it is eligible for scale down

string

"10m"

no

cluster_autoscaler_scale_down_utilization_threshold

Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down

number

0.5

no

cluster_autoscaler_scan_interval

How often cluster is reevaluated for scale up or down

string

"10s"

no

cluster_autoscaler_skip_nodes_with_system_pods

If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods)

bool

true

no

cluster_autoscaler_tag

Tag of the cluster autoscaler image

string

n/a

yes

cluster_autoscaler_version

Cluster autoscaler helm chart version

string

n/a

yes

cluster_encryption_config

Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to {}

string

n/a

yes

cluster_endpoint_private_access

Indicates whether or not the Amazon EKS private API server endpoint is enabled

bool

n/a

yes

cluster_endpoint_public_access

Indicates whether or not the Amazon EKS private API server endpoint is enabled

bool

n/a

yes

cluster_endpoint_public_access_cidrs

List of CIDR blocks which can access the Amazon EKS public API server endpoint

list(string)

n/a

yes

cluster_log_kms_key_id

KMS id to encrypt/decrypt the cluster’s logs

string

n/a

yes

cluster_log_retention_in_days

Logs retention in days

number

n/a

yes

cluster_version

Kubernetes version to use for the EKS cluster

string

n/a

yes

csi_external_provisioner

CSI external provisioner for both EFS and EBS

 

object({
    image = optional(string, “public.ecr.aws/csi-components/csi-provisioner”)
    tag   = string
  })

n/a

yes

csi_liveness_probe

CSI liveness probe for both EFS and EBS

 

object({
    image = optional(string, “public.ecr.aws/csi-components/livenessprobe”)
    tag   = string
  })

n/a

yes

csi_node_driver_registrar

CSI node driver registrar for both EFS and EBS

 

object({
    image = optional(string, “public.ecr.aws/csi-components/csi-node-driver-registrar”)
    tag   = string
  })

n/a

yes

ebs_csi

Container Storage Interface for EBS volume provisioning on EKS

 

object({
    repository         = optional(string, “https://kubernetes-sigs.github.io/aws-ebs-csi-driver/”)
    version            = string
    image              = optional(string, “public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver”)
    tag                = string
    name               = optional(string)
    namespace          = optional(string)
    image_pull_secrets = optional(string)
    controller_resources = optional(object({
      limits = optional(object({
        storage = string
      }))
      requests = optional(object({
        storage = string
      }))
    }))
  })

n/a

yes

ebs_kms_key_id

KMS key id to encrypt/decrypt EBS

string

n/a

yes

efs_csi

Container Storage Interface for EFS volume provisioning on EKS

 

object({
    repository         = optional(string, “https://kubernetes-sigs.github.io/aws-efs-csi-driver/”)
    version            = string
    image              = optional(string, “public.ecr.aws/efs-csi-driver/amazon/aws-efs-csi-driver”)
    tag                = string
    name               = optional(string)
    namespace          = optional(string)
    image_pull_secrets = optional(string)
    controller_resources = optional(object({
      limits = optional(object({
        storage = string
      }))
      requests = optional(object({
        storage = string
      }))
    }))
  })

n/a

yes

eks_managed_node_groups

List of EKS managed node groups

any

null

no

fargate_profiles

List of fargate profiles

any

null

no

instance_refresh_image

Instance refresh image name

string

n/a

yes

instance_refresh_namespace

Instance refresh namespace

string

n/a

yes

instance_refresh_repository

Path to instance refresh helm chart repository

string

n/a

yes

instance_refresh_tag

Instance refresh tag

string

n/a

yes

instance_refresh_version

Instance refresh helm chart version

string

n/a

yes

kubeconfig_file

Kubeconfig file path

string

n/a

yes

name

AWS EKS service name

string

"armonik-eks"

no

node_selector

Node selector for pods of EKS system

any

{}

no

profile

Profile of AWS credentials to deploy Terraform sources

string

n/a

yes

self_managed_node_groups

List of self managed node groups

any

null

no

tags

Tags for resource

map(string)

{}

no

vpc_id

Id of VPC

string

n/a

yes

vpc_pods_subnet_ids

List of VPC pods subnet ids

list(string)

n/a

yes

vpc_private_subnet_ids

List of VPC subnets ids

list(string)

n/a

yes

Outputs

Name

Description

arn

ARN of EKS cluster

aws_eks_module

aws eks module

cluster_certificate_authority_data

cluster_certificate_authority_data

cluster_endpoint

Endpoint for EKS control plane

cluster_iam_role_name

Cluster IAM role name

cluster_id

EKS cluster ID

cluster_name

EKS cluster name

eks_managed_node_groups

List of EKS managed group nodes

eks_managed_worker_iam_role_names

list of the EKS managed workers IAM role names

fargate_profiles

List of fargate profiles

fargate_profiles_worker_iam_role_names

list of the fargate profile workers IAM role names

issuer

EKS Identity issuer

kms_key_id

ARN of KMS used for EKS

kubeconfig_file

Path of kubeconfig file

node_security_group_id

ID of the node shared security group

self_managed_node_groups

List of self managed node groups

self_managed_worker_iam_role_names

list of the self managed workers IAM role names

worker_iam_role_names

list of the workers IAM role names

Examples