mirror of
https://github.com/terraform-aws-modules/terraform-aws-eks.git
synced 2025-09-09 19:32:58 +08:00
Bryant Biggs
416515a0da
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively * fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0 * fix: Remove `aws-auth` sub-module * fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module * fix: Resolve all marked `todos` that have been accumulated * fix: Set default `http_put_response_hop_limit` to `1` * fix: Remove IRSA support from Karpenter sub-module * fix: Avoid making GET requests from data sources unless absolutely necessary * feat: Add variable optional attribute definitions * feat: Bump KMS key module version to latest, add remaining variable attribute definitions * fix: Remove `cluster_` prefix from variable names to better match the underlying API * fix: Move all EFA logic to the nodegroup itself * fix: Remove arguments that do not make sense in EKS * fix: Updates from plan validation * fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters * fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes * fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade * feat: Add support for `region` argument on relevant resources * feat: Initial pass on upgrade guide * fix: Updates from testing and validating EKS managed node group * fix: Updates from testing and validating self-managed node group * docs: Ensure addon ussage documented is aligned * feat: Switch to dualstack OIDC issuer URL * feat: Allow sourcing over overriding the Karpenter assume role policy * fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy * fix: Correct use of `nullable` and default value propagation
EKS Auto Mode
Usage
To provision the provided configurations you need to execute:
terraform init
terraform plan
terraform apply --auto-approve
Once the cluster has finished provisioning, you can use the kubectl command to interact with the cluster. For example, to deploy a sample deployment and see EKS Auto Mode in action, run:
aws eks update-kubeconfig --name $(terraform output -raw cluster_name)
kubectl apply -f deployment.yaml
Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.5.7 |
| aws | >= 6.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 6.0 |
Modules
| Name | Source | Version |
|---|---|---|
| disabled_eks | ../.. | n/a |
| eks | ../.. | n/a |
| vpc | terraform-aws-modules/vpc/aws | ~> 6.0 |
Resources
| Name | Type |
|---|---|
| aws_availability_zones.available | data source |
Inputs
No inputs.
Outputs
| Name | Description |
|---|---|
| access_entries | Map of access entries created and their attributes |
| cloudwatch_log_group_arn | Arn of cloudwatch log group created |
| cloudwatch_log_group_name | Name of cloudwatch log group created |
| cluster_addons | Map of attribute maps for all EKS cluster addons enabled |
| cluster_arn | The Amazon Resource Name (ARN) of the cluster |
| cluster_certificate_authority_data | Base64 encoded certificate data required to communicate with the cluster |
| cluster_dualstack_oidc_issuer_url | Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider |
| cluster_endpoint | Endpoint for your Kubernetes API server |
| cluster_iam_role_arn | Cluster IAM role ARN |
| cluster_iam_role_name | Cluster IAM role name |
| cluster_iam_role_unique_id | Stable and unique string identifying the IAM role |
| cluster_id | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts |
| cluster_identity_providers | Map of attribute maps for all EKS identity providers enabled |
| cluster_ip_family | The IP family used by the cluster (e.g. ipv4 or ipv6) |
| cluster_name | The name of the EKS cluster |
| cluster_oidc_issuer_url | The URL on the EKS cluster for the OpenID Connect identity provider |
| cluster_platform_version | Platform version for the cluster |
| cluster_primary_security_group_id | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console |
| cluster_security_group_arn | Amazon Resource Name (ARN) of the cluster security group |
| cluster_security_group_id | ID of the cluster security group |
| cluster_service_cidr | The CIDR block where Kubernetes pod and service IP addresses are assigned from |
| cluster_status | Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED |
| cluster_tls_certificate_sha1_fingerprint | The SHA1 fingerprint of the public key of the cluster's certificate |
| eks_managed_node_groups | Map of attribute maps for all EKS managed node groups created |
| eks_managed_node_groups_autoscaling_group_names | List of the autoscaling group names created by EKS managed node groups |
| fargate_profiles | Map of attribute maps for all EKS Fargate Profiles created |
| kms_key_arn | The Amazon Resource Name (ARN) of the key |
| kms_key_id | The globally unique identifier for the key |
| kms_key_policy | The IAM resource policy set on the key |
| node_iam_role_arn | EKS Auto node IAM role ARN |
| node_iam_role_name | EKS Auto node IAM role name |
| node_iam_role_unique_id | Stable and unique string identifying the IAM role |
| node_security_group_arn | Amazon Resource Name (ARN) of the node shared security group |
| node_security_group_id | ID of the node shared security group |
| oidc_provider | The OpenID Connect identity provider (issuer URL without leading https://) |
| oidc_provider_arn | The ARN of the OIDC Provider if enable_irsa = true |
| self_managed_node_groups | Map of attribute maps for all self managed node groups created |
| self_managed_node_groups_autoscaling_group_names | List of the autoscaling group names created by self-managed node groups |