This module implementes an EKS cluster and associated worker groups. It utilised the new mixed instance type autoscaling groups allowing you to switch between spot and on demand as required.
To improve the security of your clusters this module defaults to expecting KIAM to be deployed to manage IAM Role credentials for Pods. If you are deploying a demo cluster where security is not as important you can disable this with the enable_kiam=false. Then the the IAM Permissions managed by this module will be assigned directly to the worker nodes.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| autotag_subnets | Automatically add Kubernetes tags to subnets. Requires aws-cli to be available. | string | "false" |
no |
| autotag_profile | Defines an optional AWS profile to use with aws-cli when auto-tagging subnets | string | "false" |
no |
| cluster_access_additional_sg | Security groups allowed access to the API server | list | [] |
no |
| cluster_access_additional_ip | CIDRs allowed access to the API server | list | [] |
no |
| cluster_endpoint_private_access | Enable Amazon EKS private API server endpoint. | string | "false" |
no |
| cluster_endpoint_public_access | Enable Amazon EKS public API server endpoint. | string | "true" |
no |
| cluster_name | Name of the EKS Cluster | string | n/a | yes |
| cluster_version | EKS Cluster Version | string | n/a | yes |
| enable_alb_ingress | Enable required components for ALB Ingress | string | "true" |
no |
| enable_cert_manager | Enable required components for Cert-Manager | string | "true" |
no |
| enable_container_insights | Enable required components for Cloudwatch Container Insights | string | "true" |
no |
| enable_cluster_autoscaler | Enable required components for Cluster Autoscaler | string | "true" |
no |
| enabled_cluster_log_types | A list of the desired control plane logging to enable | list | ["api", "audit", "authenticator", "controllerManager", "scheduler"] |
no |
| enable_ecr | Enable required components for Amazon ECR Read Only | string | "true" |
no |
| enable_external_dns | Enable required components for External-DNS | string | "true" |
no |
| enable_kiam | Create IAM roles to be used by KIAM. Enabling this requires KIAM to be active and deployed to your cluster for IAM roles to work. | string | "true" |
no |
| enable_ssm | Enable required components for SSM | string | "true" |
no |
| enable_velero | Enable required components for Velero | string | "true" |
no |
| private_subnets | Private tier subnet list | list | n/a | yes |
| public_subnets | Public tier subnet list | list | n/a | yes |
| vpc_id | VPC ID for EKS Cluster | string | n/a | yes |
| worker_group_count | Count of worker groups. Set to 0 to disable worker creation | string | "1" |
no |
| workers | List of worker groups | list | n/a | yes |
It is possible to customise individual parameters on the the workers list.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_userdata | Userdata to append to the standard userdata | string | "" |
no |
| ami_id | AMI ID | string | Most Recent EKS Optimized AMI | no |
| autoscaling_enabled | Allows cluster-autoscaler to manage this ASG | string | "true" |
no |
| desired_capacity | ASG desired capacity. Ignored after creation | string | "1" |
no |
| detailed_monitoring | Enable EC2 detailed monitoring | string | "false" |
no |
| enabled_metrics | A list of ASG metrics to enable | list(string) | null |
no |
| iam_role_name | Override the role that this module generates | string | "" |
no |
| instance_types | Instance types used in the ASG | list(string) | ["m5.large", "m4.large"] |
no |
| kubelet_extra_args | Additional arguments to pass to the kubelet | string | "" |
no |
| max_size | ASG maximum size | string | "10" |
no |
| min_size | ASG minimum size | string | "1" |
no |
| on_demand_allocation_strategy | Strategy to use when launching on-demand instances | string | "prioritized" |
no |
| on_demand_base_capacity | Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances | string | "0" |
no |
| on_demand_percentage_above_base_capacity | Percentage split between on-demand and spot instances above the base on-demand capacity | string | "0" |
no |
| pre_userdata | Userdata to prepend to the standard userdata | string | "" |
no |
| root_volume_size | Root EBS volume size | string | "100" |
no |
| spot_allocation_strategy | How to allocate capacity across the Spot pools | string | "lowest-price" |
no |
| spot_instance_pools | Number of Spot pools per availability zone to allocate capacity | string | "10" |
no |
| spot_max_price | Maximum price youre willing to pay for spot instances. Defaults to the on demand price if blank | string | "" |
no |
| suspended_processes | A list of processes to suspend for the worker group | list(string) | null |
no |
| vpc_subnets | A list of subnets for the ASG to place instances in | list(string) | var.private_subnets |
no |
| Name | Description |
|---|---|
| cluster_certificate_authority | Cluster Certificate Authority Certificate |
| cluster_endpoint | Cluster Kubernetes API endpoint |