No requirements.
| Name | Version |
|---|---|
| vault | n/a |
| Name | Source | Version |
|---|---|---|
| eks-cluster | git@github.com:heruscode/terraform-aws-eks-cluster.git |
| Name |
|---|
| vault_aws_access_credentials |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default to AWS EKS resource and it is false | bool |
false |
no |
| endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true | bool |
true |
no |
| kube_exec_auth_credentials_enabled | If true, pass kube_exec_auth_aws_access_key_id, kube_exec_auth_aws_secret_access_key and kube_exec_auth_aws_session_token as envs to aws eks get-token |
bool |
false |
no |
| kube_exec_auth_enabled | If true, use the Kubernetes provider exec feature to execute aws eks get-token to authenticate to the EKS cluster.Disabled by kubeconfig_path_enabled, overrides kube_data_auth_enabled. |
bool |
false |
no |
| kubernetes_config_map_ignore_role_changes | Set to true to ignore IAM role changes in the Kubernetes Auth ConfigMap |
bool |
true |
no |
| kubernetes_version | Desired Kubernetes master version. If you do not specify a value, the latest available version is used | string |
"1.15" |
no |
| map_additional_iam_roles | Additional IAM roles to add to config-map-aws-auth ConfigMap |
list(object({ |
[] |
no |
| name | Solution name, e.g. 'app' or 'jenkins' | string |
"" |
no |
| oidc_provider_enabled | Create an IAM OIDC identity provider for the cluster, then you can create IAM roles to associate with a service account in the cluster, instead of using kiam or kube2iam. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html | bool |
false |
no |
| region | AWS Region | string |
n/a | yes |
| subnet_ids | A list of subnet IDs to launch the cluster in | list(string) |
n/a | yes |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
| vault_assume_role | AWS role to generate credentials by Vault | string |
"" |
no |
| vpc_id | VPC ID for the EKS cluster | string |
n/a | yes |
| Name | Description |
|---|---|
| cluster_encryption_config_enabled | If true, Cluster Encryption Configuration is enabled |
| cluster_encryption_config_provider_key_alias | Cluster Encryption Config KMS Key Alias ARN |
| cluster_encryption_config_provider_key_arn | Cluster Encryption Config KMS Key ARN |
| cluster_encryption_config_resources | Cluster Encryption Config Resources |
| eks_cluster_arn | The Amazon Resource Name (ARN) of the cluster |
| eks_cluster_certificate_authority_data | The Kubernetes cluster certificate authority data |
| eks_cluster_endpoint | The endpoint for the Kubernetes API server |
| eks_cluster_id | The name of the cluster |
| eks_cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster |
| eks_cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account |
| eks_cluster_managed_security_group_id | Security Group ID that was created by EKS for the cluster. EKS creates a Security Group and applies it to ENI that is attached to EKS Control Plane master nodes and to any managed workloads |
| eks_cluster_role_arn | ARN of the EKS cluster IAM role |
| eks_cluster_version | The Kubernetes server version of the cluster |
| kubernetes_config_map_id | ID of aws-auth Kubernetes ConfigMap |
| security_group_arn | ARN of the EKS cluster Security Group |
| security_group_id | ID of the EKS cluster Security Group |
| security_group_name | Name of the EKS cluster Security Group |