From c553ff4a5696cdfc5b7dc886f866d1032b79a8c9 Mon Sep 17 00:00:00 2001 From: RohitSquareops Date: Mon, 20 Feb 2023 11:27:39 +0000 Subject: [PATCH] Updated eks bootstrap module --- README.md | 67 +++++++------ addons/cert_manager/cert_manager.yaml | 4 +- addons/karpenter_provisioner/README.md | 2 +- .../karpenter-provisioner/values.yaml | 2 +- addons/karpenter_provisioner/main.tf | 8 +- addons/karpenter_provisioner/variable.tf | 2 +- examples/complete/README.md | 43 +++++++++ examples/complete/main.tf | 45 +++++---- examples/complete/provider.tf | 23 +++++ main.tf | 33 ++++--- variables.tf | 93 +++++++++---------- 11 files changed, 189 insertions(+), 133 deletions(-) create mode 100644 examples/complete/README.md diff --git a/README.md b/README.md index 1982278..1c3f53d 100644 --- a/README.md +++ b/README.md @@ -7,52 +7,50 @@
Terraform module to create EKS cluster addons for workload deployment on AWS Cloud. -## Uses Example +## Usage Example ```hcl module "eks_bootstrap" { source = "squareops/eks-bootstrap/aws" environment = "production" name = "skaf" - eks_cluster_id = "Cluster-Name" - enable_amazon_eks_aws_ebs_csi_driver = true - kms_policy_arn = arn:aws:iam::222222222222:policy/kms_policy_arn - enable_single_az_ebs_gp3_storage_class = true + eks_cluster_name = "Cluster-Name" single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }] - kms_key_id = arn:aws:kms:us-east-2:222222222222:key/kms_key_arn + kms_key_arn = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn" + kms_policy_arn = "arn:aws:iam::222222222222:policy/kms_policy_arn" + cert_manager_letsencrypt_email = "email@example.com" + vpc_id = "vpc-06e37f0786b7eskaf" + private_subnet_ids = ["subnet-00exyzd5df967d21w","subnet-0c4abcd5aedxyzaea"] + provider_url = "cluster_oidc_issuer_url" + enable_single_az_ebs_gp3_storage_class = true + enable_amazon_eks_aws_ebs_csi_driver = true enable_amazon_eks_vpc_cni = true create_service_monitor_crd = true enable_cluster_autoscaler = true enable_cluster_propotional_autoscaler = true enable_reloader = true - enable_metrics_server = false + enable_metrics_server = true enable_ingress_nginx = true cert_manager_enabled = true cert_manager_install_letsencrypt_http_issuers = true - cert_manager_letsencrypt_email = "skaf@company.com" enable_external_secrets = true - provider_url = module.eks.cluster_oidc_issuer_url enable_keda = true create_efs_storage_class = true - vpc_id = "vpc-06e37f0786b7eskaf" - private_subnet_ids = ["subnet-00exyzd5df967d21w","subnet-0c4abcd5aedxyzaea"] - enable_istio = true + enable_istio = false enable_karpenter = true - karpenter_node_iam_role = "worker_iam_role_name" enable_aws_node_termination_handler = true - subnet_selector_name= "skaf-private-subnet" - sg_selector_name= "security_group_selector_name" - karpenter_ec2_capacity_type= ["on_demand"] - excluded_karpenter_ec2_instance_type= ["nano", "micro", "small"] + worker_iam_role_name = "worker_iam_role_name" + private_subnet_name = "private_subnet_name" + karpenter_ec2_capacity_type = ["spot"] + excluded_karpenter_ec2_instance_type = ["nano", "micro", "small"] velero_config = { - enable_velero = true - slack_token = "xoxb-slack-token-skaf" - slack_channel_name = "skaf-backup-notifications" + enable_velero = false + slack_token = "xoxb-slack-token-skaf" + slack_channel_name = "skaf-notifications" retention_period_in_days = 45 - namespaces = "my-application" - schedule_cron_time = "* 6 * * *" - velero_backup_name = "my-application-backup" - backup_bucket_name = "velero-cluster-backup" - + namespaces = "my-application" + schedule_cron_time = "* 6 * * *" + velero_backup_name = "my-application-backup" + backup_bucket_name = "velero-cluster-backup" } } @@ -205,7 +203,7 @@ Velero is designed to work with cloud native environments, making it a popular c | [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Mention the version of the cluster autoscaler helm chart | `string` | `"9.19.1"` | no | | [create\_efs\_storage\_class](#input\_create\_efs\_storage\_class) | Set to true if you want to enable the EFS | `bool` | `false` | no | | [create\_service\_monitor\_crd](#input\_create\_service\_monitor\_crd) | Set true to install CRDs for service monitor. | `bool` | `false` | no | -| [eks\_cluster\_id](#input\_eks\_cluster\_id) | Fetch Cluster ID of the cluster | `string` | `"stg-msa-reff"` | no | +| [eks\_cluster\_name](#input\_eks\_cluster\_name) | Fetch Cluster ID of the cluster | `string` | `""` | no | | [enable\_amazon\_eks\_aws\_ebs\_csi\_driver](#input\_enable\_amazon\_eks\_aws\_ebs\_csi\_driver) | Enable EKS Managed AWS EBS CSI Driver add-on | `bool` | `false` | no | | [enable\_amazon\_eks\_vpc\_cni](#input\_enable\_amazon\_eks\_vpc\_cni) | Set true to install VPC CNI addon. | `bool` | `false` | no | | [enable\_aws\_load\_balancer\_controller](#input\_enable\_aws\_load\_balancer\_controller) | Enable AWS Load Balancer Controller add-on | `bool` | `false` | no | @@ -220,22 +218,21 @@ Velero is designed to work with cloud native environments, making it a popular c | [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no | | [enable\_reloader](#input\_enable\_reloader) | Set true to enable reloader | `bool` | `false` | no | | [enable\_single\_az\_ebs\_gp3\_storage\_class](#input\_enable\_single\_az\_ebs\_gp3\_storage\_class) | Enable Single az storage class. | `bool` | `false` | no | -| [environment](#input\_environment) | Environment identifier for the EKS cluster | `string` | `"stg"` | no | +| [environment](#input\_environment) | Environment identifier for the EKS cluster | `string` | `""` | no | +| [excluded\_karpenter\_ec2\_instance\_type](#input\_excluded\_karpenter\_ec2\_instance\_type) | List of instance types that cannot be used by Karpenter | `list(string)` | 
[
  ""
]
| no | | [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the nginx ingress | `string` | `"4.1.4"` | no | | [karpenter\_ec2\_capacity\_type](#input\_karpenter\_ec2\_capacity\_type) | EC2 provisioning capacity type | `list(string)` | 
[
  ""
]
| no | -| [karpenter\_ec2\_instance\_type](#input\_excluded\_karpenter\_ec2\_instance\_type) | List of instance types that can be used by Karpenter | `list(string)` | 
[
  ""
]
| no | -| [karpenter\_node\_iam\_role](#input\_karpenter\_node\_iam\_role) | Specify the IAM role for the nodes provision through karpenter. | `string` | n/a | yes | -| [kms\_key\_id](#input\_kms\_key\_id) | KMS key to Encrypt AWS resources | `string` | `""` | no | +| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key to Encrypt AWS resources | `string` | `""` | no | | [kms\_policy\_arn](#input\_kms\_policy\_arn) | Specify the ARN of KMS policy, for service accounts. | `string` | `""` | no | | [metrics\_server\_helm\_version](#input\_metrics\_server\_helm\_version) | Mention the version of the metrics server helm chart | `string` | `"3.8.2"` | no | -| [name](#input\_name) | Specify the name prefix of the EKS cluster resources. | `string` | `"msa"` | no | +| [name](#input\_name) | Specify the name prefix of the EKS cluster resources. | `string` | `""` | no | | [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets of the VPC which can be used by EFS | `list(string)` | 
[
  ""
]
| no | +| [private\_subnet\_name](#input\_private\_subnet\_name) | Name of subnet selector for karpenter provisioner. | `string` | `""` | no | | [provider\_url](#input\_provider\_url) | Provider URL of OIDC | `string` | `""` | no | -| [sg\_selector\_name](#input\_sg\_selector\_name) | Name of security group selector for karpenter provisioner. | `string` | `""` | no | | [single\_az\_sc\_config](#input\_single\_az\_sc\_config) | Define the Name and regions for storage class in Key-Value pair. | `list(any)` | `[]` | no | -| [subnet\_selector\_name](#input\_subnet\_selector\_name) | Name of subnet selector for karpenter provisioner. | `string` | `""` | no | | [velero\_config](#input\_velero\_config) | velero configurations | `any` | 
{
  "backup_bucket_name": "",
  "enable_velero": false,
  "namespaces": "",
  "retention_period_in_days": 45,
  "schedule_cron_time": "",
  "slack_channel_name": "",
  "slack_token": "",
  "velero_backup_name": ""
}
| no | | [vpc\_id](#input\_vpc\_id) | ID of the VPC where the cluster and its nodes will be provisioned | `string` | `""` | no | +| [worker\_iam\_role\_name](#input\_worker\_iam\_role\_name) | Specify the IAM role for the nodes provision through karpenter. | `string` | `""` | no | ## Outputs @@ -255,7 +252,7 @@ To report an issue with a project: 2. Search to see if the issue has already been reported 3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Be sure to provide enough context and details so others can understand your problem. 4. Contributing to the project can be a great way to get involved and get help. The maintainers and other contributors may be more likely to help you if you're already making contributions to the project. - + ## License @@ -277,7 +274,7 @@ Starring a repository on GitHub is a simple way to show your support and appreci We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility. - 1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 4 years. + 1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years. 2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X. 3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time. 4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed. diff --git a/addons/cert_manager/cert_manager.yaml b/addons/cert_manager/cert_manager.yaml index aa03bcb..50b159f 100644 --- a/addons/cert_manager/cert_manager.yaml +++ b/addons/cert_manager/cert_manager.yaml @@ -36,11 +36,9 @@ cainjector: operator: In values: - "true" -<<<<<<< HEAD + podAnnotations: co.elastic.logs/enabled: "true" -======= ->>>>>>> db6a524689d4606ebf352dd390a236eff3d65c8b prometheus: enabled: ${enable_service_monitor} servicemonitor: diff --git a/addons/karpenter_provisioner/README.md b/addons/karpenter_provisioner/README.md index 0166ff5..892f371 100644 --- a/addons/karpenter_provisioner/README.md +++ b/addons/karpenter_provisioner/README.md @@ -25,8 +25,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [excluded\_karpenter\_ec2\_instance\_type](#input\_excluded\_karpenter\_ec2\_instance\_type) | List of instance types that can be used by Karpenter | `list(string)` | 
[
  ""
]
| no | | [karpenter\_ec2\_capacity\_type](#input\_karpenter\_ec2\_capacity\_type) | EC2 provisioning capacity type | `list(string)` | 
[
  ""
]
| no | -| [karpenter\_ec2\_instance\_type](#input\_karpenter\_ec2\_instance\_type) | List of instance types that can be used by Karpenter | `list(string)` | 
[
  ""
]
| no | | [sg\_selector\_name](#input\_sg\_selector\_name) | Name of security group selector for karpenter provisioner. | `string` | `""` | no | | [subnet\_selector\_name](#input\_subnet\_selector\_name) | Name of subnet selector for karpenter provisioner. | `string` | `""` | no | diff --git a/addons/karpenter_provisioner/karpenter-provisioner/values.yaml b/addons/karpenter_provisioner/karpenter-provisioner/values.yaml index 27413ee..6d879a6 100644 --- a/addons/karpenter_provisioner/karpenter-provisioner/values.yaml +++ b/addons/karpenter_provisioner/karpenter-provisioner/values.yaml @@ -1,4 +1,4 @@ subnet_selector_name: "${subnet_selector_name}" sg_selector_name: "${sg_selector_name}" karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}" -excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}" \ No newline at end of file +excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}" diff --git a/addons/karpenter_provisioner/main.tf b/addons/karpenter_provisioner/main.tf index 2cbe65b..588fe12 100644 --- a/addons/karpenter_provisioner/main.tf +++ b/addons/karpenter_provisioner/main.tf @@ -4,10 +4,10 @@ resource "helm_release" "karpenter_provisioner" { timeout = 600 values = [ templatefile("${path.module}/karpenter-provisioner/values.yaml", { - subnet_selector_name = var.subnet_selector_name, - sg_selector_name = var.sg_selector_name, - karpenter_ec2_capacity_type = "[${join(",", [for s in var.karpenter_ec2_capacity_type : format("%s", s)])}]", - excluded_karpenter_ec2_instance_type = "[${join(",", var.karpenter_ec2_instance_type)}]" + subnet_selector_name = var.subnet_selector_name, + sg_selector_name = var.sg_selector_name, + karpenter_ec2_capacity_type = "[${join(",", [for s in var.karpenter_ec2_capacity_type : format("%s", s)])}]", + excluded_karpenter_ec2_instance_type = "[${join(",", var.excluded_karpenter_ec2_instance_type)}]" }) ] } diff --git a/addons/karpenter_provisioner/variable.tf b/addons/karpenter_provisioner/variable.tf index 77e40b5..c0631ba 100644 --- a/addons/karpenter_provisioner/variable.tf +++ b/addons/karpenter_provisioner/variable.tf @@ -16,7 +16,7 @@ variable "karpenter_ec2_capacity_type" { default = [""] } -variable "karpenter_ec2_instance_type" { +variable "excluded_karpenter_ec2_instance_type" { description = "List of instance types that can be used by Karpenter" type = list(string) default = [""] diff --git a/examples/complete/README.md b/examples/complete/README.md new file mode 100644 index 0000000..00bbe56 --- /dev/null +++ b/examples/complete/README.md @@ -0,0 +1,43 @@ +# complete + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 3.43.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.0.2 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.43.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eks\_bootstrap](#module\_eks\_bootstrap) | squareops/eks-bootstrap/aws | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [ebs\_encryption](#output\_ebs\_encryption) | Is AWS EBS encryption is enabled or not? | +| [efs\_id](#output\_efs\_id) | EFS ID | +| [environment](#output\_environment) | Environment Name for the EKS cluster | +| [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | NGINX Ingress Controller DNS Hostname | + diff --git a/examples/complete/main.tf b/examples/complete/main.tf index e0856f0..7f93554 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,49 +10,46 @@ locals { } module "eks_bootstrap" { - source = "../../" + source = "squareops/eks-bootstrap/aws" environment = local.environment name = local.name - eks_cluster_id = "" - enable_amazon_eks_aws_ebs_csi_driver = true + eks_cluster_name = "prod-skaf" + single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }] + kms_key_arn = "" kms_policy_arn = "" + cert_manager_letsencrypt_email = "email@example.com" + vpc_id = "" + private_subnet_ids = [] + provider_url = "" enable_single_az_ebs_gp3_storage_class = true - single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }] - kms_key_id = "" + enable_amazon_eks_aws_ebs_csi_driver = true enable_amazon_eks_vpc_cni = true create_service_monitor_crd = true enable_cluster_autoscaler = true enable_cluster_propotional_autoscaler = true enable_reloader = true - enable_metrics_server = false + enable_metrics_server = true enable_ingress_nginx = true cert_manager_enabled = true cert_manager_install_letsencrypt_http_issuers = true - cert_manager_letsencrypt_email = "skaf-demo@squareops.com" enable_external_secrets = true - provider_url = "" enable_keda = true create_efs_storage_class = true - vpc_id = "" - private_subnet_ids = [] enable_istio = false enable_karpenter = true - karpenter_node_iam_role = "" enable_aws_node_termination_handler = true - subnet_selector_name= "" - sg_selector_name= "" - karpenter_ec2_capacity_type= ["spot"] - excluded_karpenter_ec2_instance_type= ["nano", "micro", "small"] + worker_iam_role_name = "" + private_subnet_name = "" + karpenter_ec2_capacity_type = ["spot"] + excluded_karpenter_ec2_instance_type = ["nano", "micro", "small"] velero_config = { - enable_velero = true - slack_token = "" - slack_channel_name = "" + enable_velero = false + slack_token = "" + slack_channel_name = "" retention_period_in_days = 45 - namespaces = "" - schedule_cron_time = "" - velero_backup_name = "" - backup_bucket_name = "" - + namespaces = "" + schedule_cron_time = "" + velero_backup_name = "" + backup_bucket_name = "" } } - diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index 369af88..10c5af8 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -4,3 +4,26 @@ provider "aws" { tags = local.additional_tags } } + +data "aws_eks_cluster" "cluster" { + name = "" +} + +data "aws_eks_cluster_auth" "cluster" { + name = "" +} + + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token + } +} diff --git a/main.tf b/main.tf index fe2d388..03fae84 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ data "aws_region" "current" {} data "aws_eks_cluster" "eks" { - name = var.eks_cluster_id + name = var.eks_cluster_name } module "service_monitor_crd" { @@ -9,8 +9,8 @@ module "service_monitor_crd" { } resource "aws_iam_instance_profile" "karpenter_profile" { - role = var.karpenter_node_iam_role - name_prefix = var.eks_cluster_id + role = var.worker_iam_role_name + name_prefix = var.eks_cluster_name tags = merge( { "Name" = format("%s-%s-karpenter-profile", var.environment, var.name) @@ -22,7 +22,7 @@ resource "aws_iam_instance_profile" "karpenter_profile" { module "k8s_addons" { depends_on = [module.service_monitor_crd] source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.17.0" - eks_cluster_id = var.eks_cluster_id + eks_cluster_id = var.eks_cluster_name #ebs csi driver enable_amazon_eks_aws_ebs_csi_driver = var.enable_amazon_eks_aws_ebs_csi_driver amazon_eks_aws_ebs_csi_driver_config = { @@ -34,7 +34,7 @@ module "k8s_addons" { version = var.cluster_autoscaler_chart_version values = [templatefile("${path.module}/addons/cluster_autoscaler/cluster_autoscaler.yaml", { aws_region = data.aws_region.current.name - eks_cluster_id = var.eks_cluster_id + eks_cluster_id = var.eks_cluster_name })] } #metrics server @@ -85,7 +85,7 @@ module "k8s_addons" { karpenter_helm_config = { values = [ templatefile("${path.module}/addons/karpenter/karpenter.yaml", { - eks_cluster_id = var.eks_cluster_id, + eks_cluster_id = var.eks_cluster_name, node_iam_instance_profile = aws_iam_instance_profile.karpenter_profile.name eks_cluster_endpoint = data.aws_eks_cluster.eks.endpoint }) @@ -138,7 +138,7 @@ module "single_az_sc" { source = "./addons/aws-ebs-storage-class" single_az_ebs_gp3_storage_class = var.enable_single_az_ebs_gp3_storage_class single_az_ebs_gp3_storage_class_name = each.value.name - kms_key_id = var.kms_key_id + kms_key_id = var.kms_key_arn availability_zone = each.value.zone } @@ -148,7 +148,7 @@ module "external_secrets" { count = var.enable_external_secrets ? 1 : 0 provider_url = var.provider_url - cluster_id = var.eks_cluster_id + cluster_id = var.eks_cluster_name environment = var.environment region = data.aws_region.current.name name = var.name @@ -166,7 +166,7 @@ module "efs" { private_subnet_ids = var.private_subnet_ids region = data.aws_region.current.name name = var.name - kms_key_id = var.kms_key_id + kms_key_id = var.kms_key_arn } data "kubernetes_service" "nginx-ingress" { @@ -181,11 +181,10 @@ module "velero" { source = "./addons/velero" count = var.velero_config.enable_velero ? 1 : 0 name = var.name - cluster_id = var.eks_cluster_id + cluster_id = var.eks_cluster_name environment = var.environment region = data.aws_region.current.name velero_config = var.velero_config - } module "istio" { @@ -196,11 +195,11 @@ module "istio" { } module "karpenter_provisioner" { - source = "./addons/karpenter_provisioner" - depends_on = [module.k8s_addons] - count = var.enable_karpenter ? 1 : 0 - subnet_selector_name = var.subnet_selector_name - sg_selector_name = var.sg_selector_name - karpenter_ec2_capacity_type = var.karpenter_ec2_capacity_type + source = "./addons/karpenter_provisioner" + depends_on = [module.k8s_addons] + count = var.enable_karpenter ? 1 : 0 + subnet_selector_name = var.private_subnet_name + sg_selector_name = var.eks_cluster_name + karpenter_ec2_capacity_type = var.karpenter_ec2_capacity_type excluded_karpenter_ec2_instance_type = var.excluded_karpenter_ec2_instance_type } diff --git a/variables.tf b/variables.tf index 95b5af9..f316029 100644 --- a/variables.tf +++ b/variables.tf @@ -1,27 +1,26 @@ ## COMMON VARIABLES variable "enable_amazon_eks_aws_ebs_csi_driver" { description = "Enable EKS Managed AWS EBS CSI Driver add-on" - type = bool default = false + type = bool } variable "enable_single_az_ebs_gp3_storage_class" { - type = bool - default = false description = "Enable Single az storage class." + default = false + type = bool } variable "single_az_sc_config" { - type = list(any) description = "Define the Name and regions for storage class in Key-Value pair." default = [] - + type = list(any) } variable "enable_cluster_autoscaler" { description = "Enable Cluster autoscaler add-on" - type = bool default = false + type = bool } variable "cluster_autoscaler_chart_version" { @@ -32,14 +31,14 @@ variable "cluster_autoscaler_chart_version" { variable "enable_metrics_server" { description = "Enable metrics server add-on" - type = bool default = false + type = bool } variable "metrics_server_helm_version" { - type = string - default = "3.8.2" description = "Mention the version of the metrics server helm chart" + default = "3.8.2" + type = string } variable "cert_manager_enabled" { @@ -49,14 +48,14 @@ variable "cert_manager_enabled" { } variable "cert_manager_install_letsencrypt_r53_issuers" { - type = bool - default = false description = "Enable to create route53 issuer" + default = false + type = bool } -variable "eks_cluster_id" { +variable "eks_cluster_name" { description = "Fetch Cluster ID of the cluster" - default = "stg-msa-reff" + default = "" type = string } @@ -74,27 +73,26 @@ variable "enable_keda" { variable "environment" { description = "Environment identifier for the EKS cluster" - default = "stg" + default = "" type = string } variable "enable_external_secrets" { - type = bool - default = false description = "Enable External Secrets operator add-on" + default = false + type = bool } - variable "enable_ingress_nginx" { description = "Enable Ingress Nginx add-on" - type = bool default = false + type = bool } variable "enable_aws_load_balancer_controller" { description = "Enable AWS Load Balancer Controller add-on" - type = bool default = false + type = bool } variable "aws_load_balancer_version" { @@ -111,7 +109,7 @@ variable "ingress_nginx_version" { variable "name" { description = "Specify the name prefix of the EKS cluster resources." - default = "msa" + default = "" type = string } @@ -127,27 +125,27 @@ variable "private_subnet_ids" { } variable "cert_manager_letsencrypt_email" { + description = "Enter cert manager email" default = "" type = string - description = "Enter cert manager email" } variable "cert_manager_install_letsencrypt_http_issuers" { - type = bool - default = false description = "Set to true to install http issuer" + default = false + type = bool } -variable "kms_key_id" { - type = string - default = "" +variable "kms_key_arn" { description = "KMS key to Encrypt AWS resources" + default = "" + type = string } variable "kms_policy_arn" { - type = string - default = "" description = "Specify the ARN of KMS policy, for service accounts." + default = "" + type = string } variable "provider_url" { @@ -157,55 +155,55 @@ variable "provider_url" { } variable "enable_cluster_propotional_autoscaler" { - type = bool description = "Set true to Enable Cluster propotional autoscaler" default = false + type = bool } variable "enable_karpenter" { - type = bool description = "Set it to true to enable Karpenter" default = false + type = bool } variable "enable_reloader" { - type = bool description = "Set true to enable reloader" default = false + type = bool } -variable "karpenter_node_iam_role" { - type = string +variable "worker_iam_role_name" { description = "Specify the IAM role for the nodes provision through karpenter." + default = "" + type = string } variable "enable_aws_node_termination_handler" { - type = bool description = "Set it to true to Enable node termination handler" default = false + type = bool } variable "enable_amazon_eks_vpc_cni" { - type = bool - default = false description = "Set true to install VPC CNI addon." + default = false + type = bool } variable "create_service_monitor_crd" { - type = bool - default = false description = "Set true to install CRDs for service monitor." + default = false + type = bool } variable "enable_istio" { description = "Enable istio for service mesh." - type = bool default = false + type = bool } variable "velero_config" { description = "velero configurations" - type = any default = { enable_velero = false slack_token = "" @@ -216,28 +214,29 @@ variable "velero_config" { velero_backup_name = "" backup_bucket_name = "" } + type = any } -variable "subnet_selector_name" { +variable "private_subnet_name" { description = "Name of subnet selector for karpenter provisioner." - type = string default = "" + type = string } -variable "sg_selector_name" { +/* variable "sg_selector_name" { description = "Name of security group selector for karpenter provisioner." - type = string default = "" -} + type = string +} */ variable "karpenter_ec2_capacity_type" { description = "EC2 provisioning capacity type" - type = list(string) default = [""] + type = list(string) } variable "excluded_karpenter_ec2_instance_type" { description = "List of instance types that cannot be used by Karpenter" - type = list(string) default = [""] + type = list(string) }