SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.
This module simplifies the deployment of EKS clusters, allowing users to quickly create and manage a production-grade Kubernetes cluster on AWS. The module is highly configurable, allowing users to customize various aspects of the EKS cluster, such as the Kubernetes version, worker node instance type, and number of worker nodes. Additionally, the module provides a set of outputs that can be used to configure other resources, such as the Kubernetes config file and the AWS CLI.
This module is ideal for users who want to quickly deploy an EKS cluster on AWS without the need for manual setup and configuration. It is also suitable for users who want to adopt best practices for security and scalability in their EKS deployments.
module "eks" {
source = "squareops/eks/aws"
name = "SKAF"
vpc_id = module.vpc.vpc_id
environment = "production"
kms_key_arn = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
create_aws_auth_configmap = true
aws_auth_users = []
aws_auth_roles = []
additional_rules = {}
cluster_version = "1.25"
cluster_log_types = ["api", "scheduler"]
private_subnet_ids = ["subnet-00exyzf967d21w","subnet-00exyzd967sqop"]
cluster_log_retention_in_days = 30
cluster_endpoint_public_access = true
cluster_endpoint_public_access_cidrs = ["0.0.0.0/0"]
}
module "managed_node_group_production" {
source = "squareops/eks/aws//modules/managed-nodegroup"
depends_on = [module.eks]
name = "Infra"
min_size = 1
max_size = 3
desired_size = 1
subnet_ids = ["subnet-00exyzd5df967d21w"]
environment = "production"
kms_key_arn = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn"
capacity_type = "ON_DEMAND"
instance_types = ["t3a.large", "t2.large"]
kms_policy_arn = "kms_policy_arn"
eks_cluster_name = "production-cluster"
worker_iam_role_name = "arn:aws:iam::222222222222:role/worker_iam_role_arn"
eks_nodes_keypair_name = "prod-key"
k8s_labels = {
"Infra-Services" = "true"
}
tags = local.additional_aws_tags
}
Refer examples for more details.
The required IAM permissions to create resources from this module can be found here
The EKS module is designed to be used as a standalone Terraform module. We recommend using EKS-Bootstrap module in conjunction to enhance functionality.
Security scanning is graciously provided by Prowler. Prowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.
In this module, we have implemented the following CIS Compliance checks for EKS:
Benchmark | Description | Status |
---|---|---|
Ensure EKS Control Plane Audit Logging is enabled for all log types | Control plane logging enabled and correctly configured for EKS cluster | ✔ |
Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) | Encryption for Kubernetes secrets is configured for EKS cluster | ✔ |
Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled | Cluster endpoint access is private for EKS cluster | ✔ |
Restrict Access to the EKS Control Plane Endpoint | Cluster control plane access is restricted for EKS cluster | ✔ |
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 4.47 |
helm | >= 2.6 |
kubernetes | >= 2.10 |
time | >= 0.9 |
tls | >= 3.0 |
Name | Version |
---|---|
aws | >= 4.47 |
Name | Source | Version |
---|---|---|
eks | terraform-aws-modules/eks/aws | 19.15.2 |
Name | Type |
---|---|
aws_iam_policy.kubernetes_pvc_kms_policy | resource |
aws_iam_role.node_role | resource |
aws_iam_role_policy_attachment.eks_kms_cluster_policy_attachment | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Environment identifier for the EKS cluster, such as dev, qa, prod, etc. | string |
"" |
no |
name | Specify the name of the EKS cluster. | string |
"" |
no |
cluster_version | Specifies the Kubernetes version (major.minor) to use for the EKS cluster. | string |
"" |
no |
cluster_endpoint_public_access | Whether the Amazon EKS public API server endpoint is enabled or not. | bool |
true |
no |
cluster_endpoint_public_access_cidrs | CIDR blocks that can access the Amazon EKS public API server endpoint. | list(string) |
[ |
no |
vpc_id | ID of the VPC where the EKS cluster will be deployed. | string |
"" |
no |
kms_key_arn | ARN of the KMS key used to encrypt EKS resources. | string |
"" |
no |
cluster_log_types | A list of desired control plane logs to enable for the EKS cluster. Valid values include: api, audit, authenticator, controllerManager, scheduler. | list(string) |
[ |
no |
cluster_log_retention_in_days | Retention period for EKS cluster logs in days. Default is set to 90 days. | number |
90 |
no |
private_subnet_ids | Private subnets of the VPC which can be used by EKS | list(string) |
[ |
no |
create_kms_key | Controls if a KMS key for cluster encryption should be created | bool |
false |
no |
additional_rules | List of additional security group rules to add to the cluster security group created. | any |
{} |
no |
create_aws_auth_configmap | Determines whether to manage the aws-auth configmap | bool |
false |
no |
aws_auth_users | List of user maps to add to the aws-auth configmap | any |
[] |
no |
aws_auth_roles | List of role maps to add to the aws-auth configmap | list(any) |
[] |
no |
Name | Description |
---|---|
cluster_name | Name of the Kubernetes cluster. |
cluster_endpoint | Endpoint URL for the EKS control plane. |
cluster_security_group_id | Security group IDs that are attached to the control plane of the EKS cluster. |
cluster_arn | ARN of the EKS Cluster. |
cluster_oidc_issuer_url | URL of the OpenID Connect identity provider on the EKS cluster. |
worker_iam_role_arn | ARN of the IAM role assigned to the EKS worker nodes. |
worker_iam_role_name | Name of the IAM role assigned to the EKS worker nodes. |
kms_policy_arn | ARN of the KMS policy that is used by the EKS cluster. |
cluster_certificate_authority_data | Base64 encoded certificate data required to communicate with the cluster |
To report an issue with a project:
- Check the repository's issue tracker on GitHub
- Search to see if the issue has already been reported
- If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Be sure to provide enough context and details so others can understand your problem.
Apache License, Version 2.0, January 2004 (http://www.apache.org/licenses/).
To support a GitHub project by liking it, you can follow these steps:
-
Visit the repository: Navigate to the GitHub repository.
-
Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.
-
Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.
Starring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.
We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.
- We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 4 years.
- Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
- Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
- DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
- Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
- 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.
We provide support on all of our projects, no matter how small or large they may be.
To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.