Meet OPSd. The unique and effortless way of managing cloud infrastructure.
What does the module provide?
module "kubernetes" {
source = "github.com/opsd-io/terraform-module-aws-kubernetes"
name = "basic-k8s-example"
subnet_ids = [
for subnet in module.network.public_subnet_groups["public1"] : subnet.id
]
node_group_subnet_ids = [
for subnet in module.network.private_subnet_groups["nodes1"] : subnet.id
]
node_groups = {
main = {
max_size = 9
desired_size = 1
disk_size = 8
}
}
}IMPORTANT: Make sure not to pin to master because there may be breaking changes between releases.
| Name | Version |
|---|---|
| terraform | >= 1.5.5 |
| aws | ~> 5.0 |
| kubernetes | ~> 2.0 |
| tls | ~> 4.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
| kubernetes | ~> 2.0 |
| tls | ~> 4.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.cluster | resource |
| aws_eks_cluster.main | resource |
| aws_eks_fargate_profile.main | resource |
| aws_eks_node_group.main | resource |
| aws_iam_openid_connect_provider.eks_cluster | resource |
| aws_iam_role.cluster | resource |
| aws_iam_role.fargate | resource |
| aws_iam_role.node | resource |
| aws_iam_role_policy_attachment.ec2_container_registry_readonly | resource |
| aws_iam_role_policy_attachment.eks_cluster_policy | resource |
| aws_iam_role_policy_attachment.eks_cni_policy | resource |
| aws_iam_role_policy_attachment.eks_fargate_pod_execution_role_policy | resource |
| aws_iam_role_policy_attachment.eks_worker_node_policy | resource |
| kubernetes_config_map.aws_auth | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role_cluster | data source |
| aws_iam_policy_document.assume_role_fargate | data source |
| aws_iam_policy_document.assume_role_node | data source |
| aws_region.current | data source |
| tls_certificate.oidc_issuer | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auth_map_accounts | Maps IAM ARN from these accounts to username. | list(string) |
[ |
no |
| auth_map_roles | Maps an IAM role to a username and set of groups. | list(object({ |
[] |
no |
| auth_map_users | Maps an IAM user to a static username and set of groups. | list(object({ |
[] |
no |
| cluster_log_retention_in_days | Specifies the number of days you want to retain log events. | number |
7 |
no |
| common_tags | A map of tags to assign to every resource in this module. | map(string) |
{} |
no |
| ec2_ssh_key | The EC2 Key Pair name that provides access to the worker nodes. | string |
null |
no |
| enabled_cluster_log_types | List of the desired control plane logging to enable. | list(string) |
[ |
no |
| encryption_key_arn | ARN of the KMS customer master key for secrets encryption. | string |
null |
no |
| endpoint_private_access | Whether the Amazon EKS private API server endpoint is enabled. | bool |
false |
no |
| endpoint_public_access | Whether the Amazon EKS public API server endpoint is enabled. | bool |
true |
no |
| fargate_profiles | Map of EKS Fargate Profile definitions. | map(object({ |
{} |
no |
| fargate_role_arns | Additional IAM role ARNs of Fargate Profiles managed externally. | list(string) |
[] |
no |
| fargate_subnet_ids | Identifiers of private EC2 Subnets to associate with the EKS Fargate Profiles. | set(string) |
[] |
no |
| k8s_version | Desired Kubernetes master version. | string |
null |
no |
| masters_role_arns | List of IAM role to set as system:masters. Shortcut for auth_map_roles. | list(string) |
[] |
no |
| name | The name of the cluster. | string |
n/a | yes |
| node_group_subnet_ids | Identifiers of EC2 Subnets to associate with the EKS Node Groups. | set(string) |
[] |
no |
| node_groups | Map of EKS Node Group definitions. | map(object({ |
{} |
no |
| nodes_role_arns | Additional IAM role ARNs of Node Groups managed externally. | list(string) |
[] |
no |
| public_access_cidrs | List of CIDR blocks that can access the Amazon EKS public API server endpoint when enabled. | list(string) |
[ |
no |
| security_group_ids | List of security group IDs to allow communication between your worker nodes and the Kubernetes control plane. | set(string) |
[] |
no |
| source_security_group_ids | Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. | set(string) |
null |
no |
| subnet_ids | List of subnet IDs. Must be in at least two different availability zones. | set(string) |
n/a | yes |
| Name | Description |
|---|---|
| arn | The ARN of the cluster. |
| cluster_ca | Decoded CA certificate of the cluster. |
| cluster_role_arn | The ARN of the IAM role that provides permissions for the Kubernetes control plane. |
| cluster_role_name | The name of the IAM role that provides permissions for the Kubernetes control plane. |
| endpoint | Endpoint for your Kubernetes API server. |
| fargate_role_arn | The ARN of the IAM Role that provides permissions for the EKS Fargate Profile. |
| fargate_role_name | The name of the IAM Role that provides permissions for the EKS Fargate Profile. |
| id | The ID of the cluster. |
| name | The name of the cluster. |
| node_role_arn | The ARN of the IAM Role that provides permissions for the EKS Node Group. |
| node_role_name | The name of the IAM Role that provides permissions for the EKS Node Group. |
| oidc_issuer | Issuer URL for the OpenID Connect identity provider. |
| openid_arn | The ARN assigned by AWS for IAM OpenID Connect of the cluster. |
| openid_sub | The URL of the identity provider. Corresponds to the iss claim. |
| region | The region of of the cluster. |
| version | The Kubernetes master version. |
Do you want to see how the module works? See all the usage examples.
The list of related modules (if present).
If you are interested in contributing to the project, see see our guide.
If you have a problem with the module or want to propose a new feature, you can report it via the project's (Github) issue tracker.
If you want to discuss something in person, you can join our community on Slack.