Terraform 0.12
module "vpc" {
source = "github.com/neticdk/tf-aws-vpc"
[...]
}
module "eks_workers" {
source = "github.com/neticdk/tf-aws-eks-workers"
[...]
}
module "eks_cluster" {
source = "github.com/neticdk/tf-aws-eks-cluster"
name = var.eks_cluster_name
cluster_version = var.eks_cluster_version
subnets = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id
workers_security_group_ids = [module.eks_workers.security_group_id]
workers_security_group_count = 1
cluster_admin_account_id = "123456789012"
aws_role_name = "eks-global-cluster-admin"
map_roles = [
{
role_arn = "arn:aws:iam::123456789012:role/sysadmin"
username = "sysadmin"
group = "system:masters"
},
{
role_arn = "arn:aws:iam::123456789012:role/cicd"
username = "cicd"
},
]
map_roles_count = 2
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_cidr_blocks | List of CIDR blocks allowed to connect to the cluster | list | <list> |
no |
| allowed_security_groups | List of additoinal security group ids allowed to connect to the cluster | list | <list> |
no |
| allowed_security_groups_count | Count of allowed security groups | string | "0" |
no |
| aws_profile_name | AWS Profile Name to use when calling kubectl | string | "futadmin" |
no |
| aws_role_name | AWS Role Name to use when calling kubectl | string | "eks-global-cluster-admin" |
no |
| cluster_admin_account_id | Account ID of account that needs to be trusted for assuming the cluster admin role | string | n/a | yes |
| cluster_version | Cluster Version | string | "" |
no |
| global_cluster_admin_group | Name of IAM group that will be allowed to assume the global cluster admin role | string | "EKSGlobalClusterAdmins" |
no |
| global_cluster_admin_role | Name of IAM role that will be added to the system:masters group | string | "eks-global-cluster-admin" |
no |
| map_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | <list> |
no |
| map_roles_count | The count of roles in the map_roles list. | string | "0" |
no |
| name | EKS Cluster Name | string | n/a | yes |
| subnets | List of subnets to launch the cluster in | list(string) | n/a | yes |
| tags | A map of tags to add to all resources | map | <map> |
no |
| vpc_id | VPC ID | string | n/a | yes |
| workers_security_group_count | Number of security group ids | string | n/a | yes |
| workers_security_group_ids | List of worker security group ids allowed to connect to the cluster | list(string) | n/a | yes |
| Name | Description |
|---|---|
| cluster_admin_arn | ARN of the EKS cluster admin role |
| eks_cluster_arn | The Amazon Resource Name (ARN) of the cluster |
| eks_cluster_certificate_authority_data | The base64 encoded certificate data required to communicate with the cluster |
| eks_cluster_endpoint | The endpoint for the Kubernetes API server |
| eks_cluster_id | The name of the cluster |
| eks_cluster_version | The Kubernetes server version of the cluster |
| iam_role_name_workers | IAM role name for EKS worker groups |
| instance_profile_name | Name of the instance profile created for the worker nodes |
| kubeconfig | kubeconfig configuration to connect to the cluster using kubectl. |
| kubeconfig_path | Where kubeconfig exists |
| security_group_id |
Copyright (c) 2019 Netic A/S. All rights reserved.
MIT Licened. See LICENSE for full details.