A terraform module to create a managed Kubernetes cluster on AWS EKS. Available through the Terraform registry. Inspired by and adapted from this doc and its source code. Read the AWS docs on EKS to get connected to the k8s dashboard.
| Branch | Build status |
|---|---|
| master |  |
- You want to create an EKS cluster and an autoscaling group of workers for the cluster.
- You want these resources to exist within security groups that allow communication and coordination. These can be user provided or created within the module.
- You've created a Virtual Private Cloud (VPC) and subnets where you intend to put the EKS resources.
A full example leveraging other community modules is contained in the examples/eks_test_fixture directory. Here's the gist of using it via the Terraform registry:
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "0.1.0"
cluster_name = "test-eks-cluster"
subnets = ["subnet-abcde012", "subnet-bcde012a"]
tags = "${map("Environment", "test")}"
vpc_id = "vpc-abcde012"
}The configure_kubectl_session variable requires that both kubectl
(>=1.10) and heptio-authenticator-aws
are installed and on your shell's PATH.
This module has been packaged with awspec tests through kitchen and kitchen-terraform. To run them:
-
Install bundler and the gems from our Gemfile:
gem install bundler && bundle install -
Ensure your AWS environment is configured (i.e. credentials and region) for test.
-
Test using
bundle exec kitchen testfrom the root of the repo.
For now, connectivity to the kubernetes cluster is not tested but will be in the
future. If configure_kubectl_session is set true, once the test fixture has
converged, you can query the test cluster from that terminal session with
kubectl get nodes --watch --kubeconfig kubeconfig.
Documentation should be modified within main.tf and generated using terraform-docs.
Generate them like so:
go get github.com/segmentio/terraform-docs
terraform-docs md ./ | cat -s | ghead -n -1 > README.mdReport issues/questions/feature requests on in the issues section.
Full contributing guidelines are covered here.
Testing and using this repo requires a minimum set of IAM permissions. Test permissions are listed in the eks_test_fixture README.
The changelog captures all important release notes.
Created and maintained by Brandon O'Connor - [email protected]. Many thanks to the contributors listed here!
MIT Licensed. See LICENSE for full details.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | - | yes |
| cluster_security_group_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `` | no |
| cluster_version | Kubernetes version to use for the EKS cluster. | string | 1.10 |
no |
| config_output_path | Determines where config files are placed if using configure_kubectl_session and you want config files to land outside the current working directory. | string | ./ |
no |
| configure_kubectl_session | Configure the current session's kubectl to use the instantiated EKS cluster. | string | true |
no |
| subnets | A list of subnets to place the EKS cluster and workers within. | list | - | yes |
| tags | A map of tags to add to all resources. | string | <map> |
no |
| vpc_id | VPC where the cluster and workers will be deployed. | string | - | yes |
| worker_groups | A list of maps defining worker group configurations. See workers_group_defaults for valid keys. | list | <list> |
no |
| worker_security_group_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `` | no |
| workers_group_defaults | Default values for target groups as defined by the list of maps. | map | <map> |
no |
| Name | Description |
|---|---|
| cluster_certificate_authority_data | Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster. |
| cluster_endpoint | The endpoint for your EKS Kubernetes API. |
| cluster_id | The name/id of the EKS cluster. |
| cluster_security_group_id | Security group ID attached to the EKS cluster. |
| cluster_version | The Kubernetes server version for the EKS cluster. |
| config_map_aws_auth | A kubernetes configuration to authenticate to this EKS cluster. |
| kubeconfig | kubectl config file contents for this EKS cluster. |
| worker_security_group_id | Security group ID attached to the EKS workers. |
| workers_asg_arns | IDs of the autoscaling groups containing workers. |