No requirements.
Name | Version |
---|---|
vault | n/a |
Name | Source | Version |
---|---|---|
eks-cluster | git@github.com:heruscode/terraform-aws-eks-cluster.git |
Name |
---|
vault_aws_access_credentials |
Name | Description | Type | Default | Required |
---|---|---|---|---|
endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default to AWS EKS resource and it is false | bool |
false |
no |
endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true | bool |
true |
no |
kube_exec_auth_credentials_enabled | If true , pass kube_exec_auth_aws_access_key_id , kube_exec_auth_aws_secret_access_key and kube_exec_auth_aws_session_token as envs to aws eks get-token |
bool |
false |
no |
kube_exec_auth_enabled | If true , use the Kubernetes provider exec feature to execute aws eks get-token to authenticate to the EKS cluster.Disabled by kubeconfig_path_enabled , overrides kube_data_auth_enabled . |
bool |
false |
no |
kubernetes_config_map_ignore_role_changes | Set to true to ignore IAM role changes in the Kubernetes Auth ConfigMap |
bool |
true |
no |
kubernetes_version | Desired Kubernetes master version. If you do not specify a value, the latest available version is used | string |
"1.15" |
no |
map_additional_iam_roles | Additional IAM roles to add to config-map-aws-auth ConfigMap |
list(object({ |
[] |
no |
name | Solution name, e.g. 'app' or 'jenkins' | string |
"" |
no |
oidc_provider_enabled | Create an IAM OIDC identity provider for the cluster, then you can create IAM roles to associate with a service account in the cluster, instead of using kiam or kube2iam. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html | bool |
false |
no |
region | AWS Region | string |
n/a | yes |
subnet_ids | A list of subnet IDs to launch the cluster in | list(string) |
n/a | yes |
tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
vault_assume_role | AWS role to generate credentials by Vault | string |
"" |
no |
vpc_id | VPC ID for the EKS cluster | string |
n/a | yes |
Name | Description |
---|---|
cluster_encryption_config_enabled | If true, Cluster Encryption Configuration is enabled |
cluster_encryption_config_provider_key_alias | Cluster Encryption Config KMS Key Alias ARN |
cluster_encryption_config_provider_key_arn | Cluster Encryption Config KMS Key ARN |
cluster_encryption_config_resources | Cluster Encryption Config Resources |
eks_cluster_arn | The Amazon Resource Name (ARN) of the cluster |
eks_cluster_certificate_authority_data | The Kubernetes cluster certificate authority data |
eks_cluster_endpoint | The endpoint for the Kubernetes API server |
eks_cluster_id | The name of the cluster |
eks_cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster |
eks_cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account |
eks_cluster_managed_security_group_id | Security Group ID that was created by EKS for the cluster. EKS creates a Security Group and applies it to ENI that is attached to EKS Control Plane master nodes and to any managed workloads |
eks_cluster_role_arn | ARN of the EKS cluster IAM role |
eks_cluster_version | The Kubernetes server version of the cluster |
kubernetes_config_map_id | ID of aws-auth Kubernetes ConfigMap |
security_group_arn | ARN of the EKS cluster Security Group |
security_group_id | ID of the EKS cluster Security Group |
security_group_name | Name of the EKS cluster Security Group |