AWS Elastic Kubernetes Service Terraform module

Terraform module which creates EKS Cluster and dependent resources on AWS.

Notice

This module install several Helm charts with limited inputs for their configuration, in order to keep it easy and simple. For a more accurate configuration we recommend to read their documentation and make your own installation of your desired Helm charts:

• Metrics Server Helm chart
• Ingress NGINX Helm Chart
• Cluster Autoscaler Helm Chart
• Cert Manager Helm Chart
• Kube Prometheus Stack Helm Chart
• Loki Distributed Helm Chart
• Fluent Bit Helm Chart
• Tempo Distributed Helm Chart

Usage

Terraform required version >= 0.14.8

Elastic Kubernetes Service

EKS Cluster with ELB:

locals {
  configmap_roles = [
    {
      "role_arn" = aws_iam_role.jobs_runner.arn 
      "k8s_user" = "jobs-runner"
      "k8s_groups" = [
        "system:masters"
        ]
      }
    ]

  configmap_users = [
    {
      "user_arn" = "arn:aws:iam::123456789123:user/demo"
      "k8s_user" = "demo"
      "k8s_groups" = [
        "system:masters",
        "system:developers"
        ]
      }
    ]

}


module "eks_main" {
  source                                      = "github.com/nimbux911/terraform-aws-eks.git"
  environment                                 = "dev"
  cluster_name                                = "dev-eks-main"
  cluster_version                             = "1.21"

  vpc_id                                      = "vpc-abcd1234"
  subnets_ids                                 = ["subnet-abc1234", "subnet-efgh5678"]
  eks_api_private                             = true
  enabled_cluster_log_types                   = ["api", "audit", "authenticator", "controllerManager", "scheduler"]

  aws_auth_ignore_changes                     = false
  add_configmap_roles                         = local.configmap_roles

  target_group_arns                           = local.tg_arns

  asg_tags                                    = local.asg_tags
  eks_tags                                    = var.eks_tags

  health_check_type                           = "ELB"  

  min_size                                    = 2
  max_size                                    = 6
  desired_capacity                            = 2
  instance_type                               = "t3.medium"
  eks_worker_ami_id                           = var.eks_worker_ami_id

  helm_ingress_ngnix_enabled                  = true 
  helm_cluster_autoscaler_enabled             = true
  helm_metrics_server_enabled                 = true 
  helm_cert_manager_enabled                   = true

  eks_addons = {
    vpc-cni = {
      version = "v1.10.2-eksbuild.1"
    },
    coredns = {
      version = "v1.8.3-eksbuild.1"
    },
    kube-proxy = {
      version = "v1.19.6-eksbuild.2"
    }
  }

# ================== loki-distributed ================= #
  helm_loki_enabled                 = true
  loki_storage_s3_bucket            = "my-bucket-loki-logs"
  loki_s3_bucket_region             = "us-east-1"
  loki_ingester_replicas            = 3
  loki_distributor_min_replicas     = 2
  loki_distributor_max_replicas     = 4
  loki_querier_min_replicas         = 2
  loki_querier_max_replicas         = 4
  loki_query_frontend_min_replicas  = 2
  loki_query_frontend_max_replicas  = 4
  loki_gateway_enabled              = true
  loki_gateway_min_replicas         = 2
  loki_gateway_max_replicas         = 4
  loki_gateway_ingress_enabled      = true
  loki_gateway_ingress_host         = "loki.example.com"
  loki_compactor_enabled            = true
  loki_index_gateway_enabled        = true
  loki_index_gateway_replicas       = 1

# ================== fluent-bit ================== #
  helm_fluent_bit_enabled = true

# ================== prometheus ================== #
  helm_prometheus_enabled     = true
  prometheus_replicas         = 2
  prometheus_ingress_enabled  = true
  prometheus_ingress_host     = "prometheus.example.com"
  prometheus_requests_cpu     = "200m"
  prometheus_requests_memory     = "1024Mi"
  prometheus_limits_cpu       = "500m"
  prometheus_limits_memory       = "2048Mi"

# ================== tempo ================== #
  helm_tempo_enabled            = true
  tempo_storage_s3_bucket       = "my-bucket-tempo-traces"
  tempo_s3_bucket_region        = "us-east-1"
  tempo_gateway_enabled         = true
  tempo_gateway_ingress_enabled = true
  tempo_gateway_ingress_host    = "tempo.example.com"

# open-telemetry
  k8s_opentelemetry_enabled = true

}

Inputs

Name	Description	Type	Default	Required
environment	Environment name of the resources.	string	""	yes
cluster_name	Cluster name	string	""	yes
cluster_version	Kubernetes version of the cluster.	string	""	yes
k8s_auth_api	Kubernetes authentication API for Terraform providers.	string	client.authentication.k8s.io/v1alpha1	no
vpc_id	VPC ID where cluster will be deployed.	string	""	yes
subnets_ids	Subnets ids from the VPC ID where the workers will be deployed. They must be, at least, from 2 differents AZs.	list[string]	[]	yes
instance_type	Instance type of the EC2 workers.	string	""	yes
max_size	Maximum size of the autoscaling for the worker nodes.	string	""	yes
min_size	Minimum size of the autoscaling for the worker nodes.	string	""	yes
max_pods_per_node	Max pods per Kubernetes worker node.	string	"100"	no
desired_capacity	Desired size of the autoscaling for the worker nodes.	string	""	yes
ignore_desired_capacity	Add ignore_changes to desired_capacity	bool	false	no
eks_worker_ami_id	AMI ID for the worker nodes	string	""	yes
target_group_arns	ARNs of the target groups for using the worker nodes behind of ELB	list[string]	[]	no
health_check_type	Health check type for the worker nodes.	string	"EC2"	no
asg_tags	Tags to add to autoscaling group.	list[map]	[]	no
eks_tags	Tags to add to all resources except the autoscaling group.	map	{}	no
eks_api_private	Defines it the Kubernetes API will be private or public.	bool	false	no
eks_addons	Adds EKS addons.	map(map(string))	{}	no
add_configmap_roles	List of maps with the information of the IAM roles to be added to aws-auth configmap.	list[map]	[]	no
add_configmap_users	List of maps with the information of the IAM users to be added to aws-auth configmap.	list[map]	[]	no
aws_auth_ignore_changes	Set if aws-auth configmap will be managed by Terraform or ignored.	bool	true	no
eks_worker_max_pods_enabled	Enable --max-pods flag in workers bootstrap	bool	false	no
eks_worker_ssh_cidrs	Add SSH ingress rule to eks workers	list	[]	no
enabled_cluster_log_types	Enable CloudWatch Logs for control plane components	list[string]	[]	no
helm_ingress_ngnix_enabled	Set if ingress-nginx Helm chart will be installed on the cluster.	bool	false	no
ingress_http_nodeport	Set port for ingress http nodePort	int	32080	no
ingress_https_nodeport	Set port for ingress https nodePort	int	32443	no
ingress_service_monitor_enabled	Enable serviceMonitor for ingress-nginx helm chart	bool	false	no
helm_cluster_autoscaler_enabled	Set if cluster-autoscaler Helm chart will be installed on the cluster.	bool	false	no
helm_metrics_server_enabled	Set if metrics-server Helm chart will be installed on the cluster.	bool	false	no
helm_cert_manager_enabled	Set if cert-manager helm chart will be installed on the cluster	bool	false	no
helm_loki_enabled	Set if loki-stack Helm chart will be installed on the cluster.	bool	false	no
loki_storage_s3_bucket	s3 bucket for loki logs	string	""	yes
loki_s3_bucket_region	s3 bucket for loki logs region	string	""	yes
loki_logs_retention_enabled	Enable logs retention. If s3 storage never stop growing	bool	false	no
loki_logs_retention	Set logs retention period	string	744h	no
loki_ingester_replicas	Loki ingester replicas	int	1	no
loki_ingester_storage_class	storageClass for ingesters pv	string	gp2	no
loki_ingester_storage_size	size of ingesters pv	string	10Gi	no
loki_ingester_requests_cpu	resources config for kubernetes pod	string	null	no
loki_ingester_requests_memory	resources config for kubernetes pod	string	null	no
loki_ingester_limits_cpu	resources config for kubernetes pod	string	null	no
loki_ingester_limits_memory	resources config for kubernetes pod	string	null	no
loki_distributor_min_replicas	loki distributor hpa min replicas	int	1	no
loki_distributor_requests_cpu	resources config for kubernetes pod	string	null	no
loki_distributor_requests_memory	resources config for kubernetes pod	string	null	no
loki_distributor_limits_cpu	resources config for kubernetes pod	string	null	no
loki_distributor_limits_memory	resources config for kubernetes pod	string	null	no
loki_distributor_max_replicas	loki distributor hpa max replicas	int	1	no
loki_querier_min_replicas	loki querier hpa min replicas	int	1	no
loki_querier_max_replicas	loki querier hpa max replicas	int	1	no
loki_querier_requests_cpu	resources config for kubernetes pod	string	null	no
loki_querier_requests_memory	resources config for kubernetes pod	string	null	no
loki_querier_limits_cpu	resources config for kubernetes pod	string	null	no
loki_querier_limits_memory	resources config for kubernetes pod	string	null	no
loki_query_frontend_min_replicas	loki query-frontend hpa min replicas	int	1	no
loki_query_frontend_max_replicas	loki query-frontend hpa max replicas	int	1	no
loki_query_frontend_requests_cpu	resources config for kubernetes pod	string	null	no
loki_query_frontend_requests_memory	resources config for kubernetes pod	string	null	no
loki_query_frontend_limits_cpu	resources config for kubernetes pod	string	null	no
loki_query_frontend_limits_memory	resources config for kubernetes pod	string	null	no
loki_gateway_enabled	Enable loki gateway	bool	false	no
loki_gateway_min_replicas	loki gateway hpa min replicas	int	1	no
loki_gateway_max_replicas	loki gateway hpa max replicas	int	1	no
loki_gateway_ingress_enabled	Enable ingress for loki gateway	bool	false	no
loki_gateway_ingress_host	Host for ingress rule	string	""	no
loki_gateway_ingress_path	Path for ingress rule	string	/	no
loki_gateway_ingress_path_type	Path type for ingress rule	string	Prefix	no
loki_gateway_ingress_class_name	Set ingress class name	string	nginx	no
loki_gateway_requests_cpu	resources config for kubernetes pod	string	null	no
loki_gateway_requests_memory	resources config for kubernetes pod	string	null	no
loki_gateway_limits_cpu	resources config for kubernetes pod	string	null	no
loki_gateway_limits_memory	resources config for kubernetes pod	string	null	no
loki_compactor_enabled	Enable loki compactor	bool	false	no
loki_compactor_requests_cpu	resources config for kubernetes pod	string	null	no
loki_compactor_requests_memory	resources config for kubernetes pod	string	null	no
loki_compactor_limits_cpu	resources config for kubernetes pod	string	null	no
loki_compactor_limits_memory	resources config for kubernetes pod	string	null	no
loki_index_gateway_enabled	Enable loki index gateway	bool	false	no
loki_index_gateway_replicas	Set loki index gateway replicas	int	1	no
loki_index_gateway_storage_class	storageClass for index gateway pv	string	gp2	no
loki_index_gateway_storage_size	storage size for index gateway pv	string	10Gi	no
loki_index_gateway_requests_cpu	resources config for kubernetes pod	string	null	no
loki_index_gateway_requests_memory	resources config for kubernetes pod	string	null	no
loki_index_gateway_limits_cpu	resources config for kubernetes pod	string	null	no
loki_index_gateway_limits_memory	resources config for kubernetes pod	string	null	no
helm_fluent_bit_enabled	install fluent-bit helm chart	bool	false	no
k8s_opentelemetry_enabled	install opentelemetry manifests	bool	false	no
helm_prometheus_enabled	install kube-prometheus-stack helm chart	bool	false	no
prometheus_replicas	prometheus server replicas	int	1	no
prometheus_requests_cpu	resources config for kubernetes pod	string	null	no
prometheus_requests_memory	resources config for kubernetes pod	string	null	no
prometheus_limits_cpu	resources config for kubernetes pod	string	null	no
prometheus_limits_memory	resources config for kubernetes pod	string	null	no
prometheus_ingress_enabled	Enable ingress for prometheus server	bool	false	no
prometheus_ingress_host	Host for ingress rule	string	""	no
prometheus_ingress_path	Path for ingress rule	string	/	no
prometheus_ingress_path_type	Path type for ingress rule	string	Prefix	no
prometheus_ingress_class_name	Prometheus Ingress className	string	nginx	no
prometheus_storage_class_name	Prometheus storage className for pv	string	gp2	no
prometheus_storage_size	Prometheus storage size	string	20Gi	no
prometheus_metrics_retention	Prometheus metrics period retention	string	14d	no
helm_tempo_enabled	Install tempo-distributed helm chart	bool	false	no
tempo_compactor_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_compactor_requests_memory	resources config for kubernetes pod	string	null	no
tempo_compactor_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_compactor_limits_memory	resources config for kubernetes pod	string	null	no
tempo_distributor_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_distributor_requests_memory	resources config for kubernetes pod	string	null	no
tempo_distributor_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_distributor_limits_memory	resources config for kubernetes pod	string	null	no
tempo_storage_s3_bucket	s3 bucket for tempo traces	string	""	no
tempo_s3_bucket_region	s3 bucket regino for tempo traces	string	""	no
tempo_ingester_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_ingester_requests_memory	resources config for kubernetes pod	string	null	no
tempo_ingester_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_ingester_limits_memory	resources config for kubernetes pod	string	null	no
tempo_querier_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_querier_requests_memory	resources config for kubernetes pod	string	null	no
tempo_querier_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_querier_limits_memory	resources config for kubernetes pod	string	null	no
tempo_query_frontend_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_query_frontend_requests_memory	resources config for kubernetes pod	string	null	no
tempo_query_frontend_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_query_frontend_limits_memory	resources config for kubernetes pod	string	null	no
tempo_gateway_enabled	enable tempo gateway	bool	false	no
tempo_gateway_requests_cpu	resources config for kubernetes pod	string	null	no
tempo_gateway_requests_memory	resources config for kubernetes pod	string	null	no
tempo_gateway_limits_cpu	resources config for kubernetes pod	string	null	no
tempo_gateway_limits_memory	resources config for kubernetes pod	string	null	no
tempo_gateway_ingress_enabled	Enable ingress for tempo gateway	bool	false	no
tempo_gateway_ingress_host	Host for ingress rule	string	""	no
tempo_gateway_ingress_path	Path for ingress rule	string	/	no
tempo_ingress_path_type	Path type for ingress rule	string	Prefix	no
tempo_ingress_class_name	ingress className	string	nginx	no

Outputs

Name	Description
security_group_worker_arn	The ARN of the workers security group.
worker_role_arn	The ARN of the workers IAM Role.
worker_role_id	The ID of the workers IAM Role.
asg_name	Name of the of the workers Autoscaling Group.
eks_certificate_authority	Cluster's certificate authority.
eks_endpoint	Cluster's endpoint.