diff --git a/EKS-Blueprint/modules/kubernetes-addons/README.md b/EKS-Blueprint/modules/kubernetes-addons/README.md
index 3950d83..e668891 100644
--- a/EKS-Blueprint/modules/kubernetes-addons/README.md
+++ b/EKS-Blueprint/modules/kubernetes-addons/README.md
@@ -214,7 +214,6 @@
| [enable\_karpenter](#input\_enable\_karpenter) | Enable Karpenter autoscaler add-on | `bool` | `false` | no |
| [enable\_keda](#input\_enable\_keda) | Enable KEDA Event-based autoscaler add-on | `bool` | `false` | no |
| [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Community kube-prometheus-stack add-on | `bool` | `false` | no |
-| [enable\_kubecost](#input\_enable\_kubecost) | Enable Kubecost add-on | `bool` | `false` | no |
| [enable\_kuberay\_operator](#input\_enable\_kuberay\_operator) | Enable KubeRay Operator add-on | `bool` | `false` | no |
| [enable\_kubernetes\_dashboard](#input\_enable\_kubernetes\_dashboard) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
| [enable\_kyverno](#input\_enable\_kyverno) | Enable Kyverno add-on | `bool` | `false` | no |
@@ -265,6 +264,7 @@
| [keda\_helm\_config](#input\_keda\_helm\_config) | KEDA Event-based autoscaler add-on config | `any` | `{}` | no |
| [keda\_irsa\_policies](#input\_keda\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
| [kube\_prometheus\_stack\_helm\_config](#input\_kube\_prometheus\_stack\_helm\_config) | Community kube-prometheus-stack Helm Chart config | `any` | `{}` | no |
+| [kubecost\_enabled](#input\_kubecost\_enabled) | Enable Kubecost add-on | `bool` | `false` | no |
| [kubecost\_helm\_config](#input\_kubecost\_helm\_config) | Kubecost Helm Chart config | `any` | `{}` | no |
| [kuberay\_operator\_helm\_config](#input\_kuberay\_operator\_helm\_config) | KubeRay Operator Helm Chart config | `any` | `{}` | no |
| [kubernetes\_dashboard\_helm\_config](#input\_kubernetes\_dashboard\_helm\_config) | Kubernetes Dashboard Helm Chart config | `any` | `null` | no |
diff --git a/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/data.tf b/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/data.tf
index 8686476..a59d94d 100644
--- a/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/data.tf
+++ b/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/data.tf
@@ -142,9 +142,14 @@ data "aws_iam_policy_document" "aws_lb" {
condition {
test = "Null"
- variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
+ variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
values = ["false"]
}
+ condition {
+ test = "StringEquals"
+ variable = "elasticloadbalancing:CreateAction"
+ values = ["CreateTargetGroup", "CreateLoadBalancer"]
+ }
}
statement {
diff --git a/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf b/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
index 8be2238..b02a9c7 100644
--- a/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
+++ b/EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
@@ -7,7 +7,7 @@ locals {
name = local.name
chart = local.name
repository = "https://aws.github.io/eks-charts"
- version = "1.4.5"
+ version = "1.5.4"
namespace = "kube-system"
values = local.default_helm_values
description = "aws-load-balancer-controller Helm Chart for ingress resources"
@@ -33,6 +33,10 @@ locals {
{
name = "serviceAccount.create"
value = false
+ },
+ {
+ name = "clusterName"
+ value = var.addon_context.eks_cluster_id
}
],
try(var.helm_config.set_values, [])
diff --git a/README.md b/README.md
index 0b04816..2c2396e 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ module "eks_bootstrap" {
name = "skaf"
vpc_id = "vpc-06e37f0786b7eskaf"
environment = "production"
+ ipv6_enabled = true
kms_key_arn = "arn:aws:kms:region:222222222222:key/kms_key_arn"
keda_enabled = true
istio_enabled = false
@@ -40,6 +41,7 @@ module "eks_bootstrap" {
private_subnet_name = "private_subnet_name"
instance_capacity_type = ["spot"]
excluded_instance_type = ["nano", "micro", "small"]
+ instance_hypervisor = ["nitro"] ## Instance hypervisor is picked up only if IPv6 enable is chosen
}
cert_manager_letsencrypt_email = "email@example.com"
internal_ingress_nginx_enabled = true
@@ -74,6 +76,7 @@ module "eks_bootstrap" {
| Release 2.0.0 | ✔ | ✔ | ✔ | ✗ |
| Release 2.1.0 | ✔ | ✔ | ✔ | ✗ |
| Release 3.0.0 | ✔ | ✔ | ✔ | ✔ |
+| Release 3.1.0 | ✔ | ✔ | ✔ | ✔ |
## IAM Permissions
The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-eks-bootstrap/blob/main/IAM.md)
@@ -180,7 +183,7 @@ Velero is designed to work with cloud native environments, making it a popular c
## Notes
-Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make sure to subscribe to the **Kubecost - Amazon EKS cost monitoring** license.
+Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make sure to subscribe to the **Kubecost - Amazon EKS cost monitoring** license.
## Requirements
@@ -247,7 +250,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
| [cert\_manager\_install\_letsencrypt\_http\_issuers](#input\_cert\_manager\_install\_letsencrypt\_http\_issuers) | Enable or disable the HTTP issuer for cert-manager | `bool` | `false` | no |
| [cert\_manager\_install\_letsencrypt\_r53\_issuers](#input\_cert\_manager\_install\_letsencrypt\_r53\_issuers) | Enable or disable the creation of Route53 issuer while installing cert manager. | `bool` | `false` | no |
| [cert\_manager\_letsencrypt\_email](#input\_cert\_manager\_letsencrypt\_email) | Specifies the email address to be used by cert-manager to request Let's Encrypt certificates | `string` | `""` | no |
-| [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Version of the cluster autoscaler helm chart | `string` | `"9.19.1"` | no |
+| [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Version of the cluster autoscaler helm chart | `string` | `"9.29.0"` | no |
| [cluster\_autoscaler\_enabled](#input\_cluster\_autoscaler\_enabled) | Whether to enable the Cluster Autoscaler add-on or not. | `bool` | `false` | no |
| [cluster\_issuer](#input\_cluster\_issuer) | Specify the letsecrypt cluster-issuer for ingress tls. | `string` | `"letsencrypt-prod"` | no |
| [cluster\_propotional\_autoscaler\_enabled](#input\_cluster\_propotional\_autoscaler\_enabled) | Enable or disable Cluster propotional autoscaler add-on | `bool` | `false` | no |
@@ -257,11 +260,12 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
| [environment](#input\_environment) | Environment identifier for the Amazon Elastic Kubernetes Service (EKS) cluster. | `string` | `""` | no |
| [external\_secrets\_enabled](#input\_external\_secrets\_enabled) | Enable or disable External Secrets operator add-on for managing external secrets. | `bool` | `false` | no |
| [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services. | `bool` | `false` | no |
-| [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.1.4"` | no |
+| [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.7.0"` | no |
| [internal\_ingress\_nginx\_enabled](#input\_internal\_ingress\_nginx\_enabled) | Enable or disable the deployment of an internal ingress controller for Kubernetes. | `bool` | `false` | no |
+| [ipv6\_enabled](#input\_ipv6\_enabled) | Whether enable IPv6 or not | `bool` | `false` | no |
| [istio\_enabled](#input\_istio\_enabled) | Enable istio for service mesh. | `bool` | `false` | no |
| [karpenter\_enabled](#input\_karpenter\_enabled) | Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes. | `bool` | `false` | no |
-| [karpenter\_provisioner\_config](#input\_karpenter\_provisioner\_config) | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | `any` | {
"excluded_instance_type": [
"nano",
"micro",
"small"
],
"instance_capacity_type": [
"spot"
],
"private_subnet_name": ""
} | no |
+| [karpenter\_provisioner\_config](#input\_karpenter\_provisioner\_config) | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | `any` | {
"excluded_instance_type": [
"nano",
"micro",
"small"
],
"instance_capacity_type": [
"spot"
],
"instance_hypervisor": [
"nitro"
],
"private_subnet_name": ""
} | no |
| [karpenter\_provisioner\_enabled](#input\_karpenter\_provisioner\_enabled) | Enable or disable the installation of Karpenter, which is a Kubernetes cluster autoscaler. | `bool` | `false` | no |
| [keda\_enabled](#input\_keda\_enabled) | Enable or disable Kubernetes Event-driven Autoscaling (KEDA) add-on for autoscaling workloads. | `bool` | `false` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | ARN of the KMS key used to encrypt AWS resources in the EKS cluster. | `string` | `""` | no |
diff --git a/addons/internal_nginx_ingress/ingress_ipv6.yaml b/addons/internal_nginx_ingress/ingress_ipv6.yaml
new file mode 100644
index 0000000..775598b
--- /dev/null
+++ b/addons/internal_nginx_ingress/ingress_ipv6.yaml
@@ -0,0 +1,76 @@
+controller:
+ kind: Deployment
+ service:
+ enabled: true
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: external
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+ service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
+ externalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ internal:
+ enabled: false
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+ service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
+ ingressClass: internal-nginx
+ ingressClassResource:
+ enabled: true
+ name: internal-nginx
+ ingressClass: internal-nginx
+
+
+ resources:
+ limits:
+ cpu: 500m
+ memory: 750Mi
+ requests:
+ cpu: 50m
+ memory: 200Mi
+ autoscaling:
+ enabled: true
+ minReplicas: 2
+ maxReplicas: 10
+ targetCPUUtilizationPercentage: 80
+ targetMemoryUtilizationPercentage: 80
+ podAnnotations:
+ co.elastic.logs/enabled: "true"
+ co.elastic.logs/module: nginx
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - ingress-nginx
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - ingress-nginx
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - controller
+ topologyKey: "kubernetes.io/hostname"
+
+
+
+
+
+## Enabling metrics for prometheus monitoring
+
+ metrics:
+ enabled: ${enable_service_monitor}
+ serviceMonitor:
+ enabled: true
+ additionalLabels:
+ release: "prometheus-operator"
diff --git a/addons/karpenter_provisioner/README.md b/addons/karpenter_provisioner/README.md
index 892f371..a2c701a 100644
--- a/addons/karpenter_provisioner/README.md
+++ b/addons/karpenter_provisioner/README.md
@@ -26,6 +26,8 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [excluded\_karpenter\_ec2\_instance\_type](#input\_excluded\_karpenter\_ec2\_instance\_type) | List of instance types that can be used by Karpenter | `list(string)` | [
""
]
| no |
+| [instance\_hypervisor](#input\_instance\_hypervisor) | List of instance hypervisor that can be used by Karpenter | `list(string)` | [
""
]
| no |
+| [ipv6\_enabled](#input\_ipv6\_enabled) | whether IPv6 enabled or not | `bool` | `false` | no |
| [karpenter\_ec2\_capacity\_type](#input\_karpenter\_ec2\_capacity\_type) | EC2 provisioning capacity type | `list(string)` | [
""
]
| no |
| [sg\_selector\_name](#input\_sg\_selector\_name) | Name of security group selector for karpenter provisioner. | `string` | `""` | no |
| [subnet\_selector\_name](#input\_subnet\_selector\_name) | Name of subnet selector for karpenter provisioner. | `string` | `""` | no |
diff --git a/addons/karpenter_provisioner/karpenter-provisioner/ipv4-values.yaml b/addons/karpenter_provisioner/karpenter-provisioner/ipv4-values.yaml
new file mode 100644
index 0000000..6d879a6
--- /dev/null
+++ b/addons/karpenter_provisioner/karpenter-provisioner/ipv4-values.yaml
@@ -0,0 +1,4 @@
+subnet_selector_name: "${subnet_selector_name}"
+sg_selector_name: "${sg_selector_name}"
+karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}"
+excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}"
diff --git a/addons/karpenter_provisioner/karpenter-provisioner/ipv6-values.yaml b/addons/karpenter_provisioner/karpenter-provisioner/ipv6-values.yaml
new file mode 100644
index 0000000..4682312
--- /dev/null
+++ b/addons/karpenter_provisioner/karpenter-provisioner/ipv6-values.yaml
@@ -0,0 +1,5 @@
+subnet_selector_name: "${subnet_selector_name}"
+sg_selector_name: "${sg_selector_name}"
+karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}"
+excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}"
+karpenter_instance_hypervisor: "${instance_hypervisor}"
diff --git a/addons/karpenter_provisioner/karpenter-provisioner/templates/provisioner.yaml b/addons/karpenter_provisioner/karpenter-provisioner/templates/provisioner.yaml
index 8e54fa5..888d53c 100644
--- a/addons/karpenter_provisioner/karpenter-provisioner/templates/provisioner.yaml
+++ b/addons/karpenter_provisioner/karpenter-provisioner/templates/provisioner.yaml
@@ -12,6 +12,11 @@ spec:
- key: karpenter.k8s.aws/instance-size
operator: NotIn
values: {{ .Values.karpenter_ec2_instance_type }}
+ {{- if .Values.karpenter_instance_hypervisor }}
+ - key: "karpenter.k8s.aws/instance-hypervisor"
+ operator: In
+ values: {{ .Values.karpenter_instance_hypervisor }}
+ {{- end }}
providerRef: # optional, recommended to use instead of `provider`
name: karpenter-node-template
ttlSecondsAfterEmpty: 300 # optional, but never scales down if not set
diff --git a/addons/karpenter_provisioner/main.tf b/addons/karpenter_provisioner/main.tf
index 588fe12..321046a 100644
--- a/addons/karpenter_provisioner/main.tf
+++ b/addons/karpenter_provisioner/main.tf
@@ -2,8 +2,16 @@ resource "helm_release" "karpenter_provisioner" {
name = "karpenter-provisioner"
chart = "${path.module}/karpenter-provisioner/"
timeout = 600
- values = [
- templatefile("${path.module}/karpenter-provisioner/values.yaml", {
+ values = var.ipv6_enabled == true ? [
+ templatefile("${path.module}/karpenter-provisioner/ipv6-values.yaml", {
+ subnet_selector_name = var.subnet_selector_name,
+ sg_selector_name = var.sg_selector_name,
+ karpenter_ec2_capacity_type = "[${join(",", [for s in var.karpenter_ec2_capacity_type : format("%s", s)])}]",
+ excluded_karpenter_ec2_instance_type = "[${join(",", var.excluded_karpenter_ec2_instance_type)}]"
+ instance_hypervisor = "[${join(",", var.instance_hypervisor)}]"
+ })
+ ] : [
+ templatefile("${path.module}/karpenter-provisioner/ipv4-values.yaml", {
subnet_selector_name = var.subnet_selector_name,
sg_selector_name = var.sg_selector_name,
karpenter_ec2_capacity_type = "[${join(",", [for s in var.karpenter_ec2_capacity_type : format("%s", s)])}]",
diff --git a/addons/karpenter_provisioner/variable.tf b/addons/karpenter_provisioner/variable.tf
index c0631ba..903d7ff 100644
--- a/addons/karpenter_provisioner/variable.tf
+++ b/addons/karpenter_provisioner/variable.tf
@@ -21,3 +21,15 @@ variable "excluded_karpenter_ec2_instance_type" {
type = list(string)
default = [""]
}
+
+variable "instance_hypervisor" {
+ description = "List of instance hypervisor that can be used by Karpenter"
+ type = list(string)
+ default = [""]
+}
+
+variable "ipv6_enabled" {
+ description = "whether IPv6 enabled or not"
+ type = bool
+ default = false
+}
diff --git a/addons/nginx_ingress/nginx_ingress_ipv6.yaml b/addons/nginx_ingress/nginx_ingress_ipv6.yaml
new file mode 100644
index 0000000..25e0e71
--- /dev/null
+++ b/addons/nginx_ingress/nginx_ingress_ipv6.yaml
@@ -0,0 +1,59 @@
+## Set kind to DaemonSet so no affinity is assigned to it
+
+controller:
+ kind: Deployment
+ service:
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: external
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+ service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+ service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
+ externalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ resources:
+ limits:
+ cpu: 500m
+ memory: 750Mi
+ requests:
+ cpu: 50m
+ memory: 200Mi
+ autoscaling:
+ enabled: true
+ minReplicas: 2
+ maxReplicas: 10
+ targetCPUUtilizationPercentage: 80
+ targetMemoryUtilizationPercentage: 80
+ podAnnotations:
+ co.elastic.logs/enabled: "true"
+ co.elastic.logs/module: nginx
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - ingress-nginx
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - ingress-nginx
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - controller
+ topologyKey: "kubernetes.io/hostname"
+
+
+
+## Enabling metrics for prometheus monitoring
+
+ metrics:
+ enabled: ${enable_service_monitor}
+ serviceMonitor:
+ enabled: true
+ additionalLabels:
+ release: "prometheus-operator"
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index f7d4ac9..1309e13 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -7,40 +7,44 @@ locals {
Expires = "Never"
Department = "Engineering"
}
+ ipv6_enabled = false
}
module "eks_bootstrap" {
- source = "squareops/eks-bootstrap/aws"
- name = local.name
- vpc_id = ""
- environment = local.environment
- kms_key_arn = ""
- keda_enabled = true
- istio_enabled = false
- kms_policy_arn = "" ## eks module will create kms_policy_arn
- eks_cluster_name = ""
- reloader_enabled = true
- karpenter_enabled = true
- private_subnet_ids = [""]
- single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }]
- kubeclarity_enabled = false
- kubeclarity_hostname = ""
- kubecost_enabled = false
- kubecost_hostname = ""
- cert_manager_enabled = true
- worker_iam_role_name = ""
- worker_iam_role_arn = ""
- ingress_nginx_enabled = true
- metrics_server_enabled = false
- external_secrets_enabled = true
- amazon_eks_vpc_cni_enabled = true
- cluster_autoscaler_enabled = true
- service_monitor_crd_enabled = true
- karpenter_provisioner_enabled = false
+ source = "squareops/eks-bootstrap/aws"
+ name = local.name
+ vpc_id = ""
+ environment = local.environment
+ ipv6_enabled = local.ipv6_enabled
+ kms_key_arn = ""
+ keda_enabled = true
+ istio_enabled = false
+ kms_policy_arn = "" ## eks module will create kms_policy_arn
+ eks_cluster_name = ""
+ reloader_enabled = true
+ karpenter_enabled = true
+ private_subnet_ids = [""]
+ single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }]
+ kubeclarity_enabled = false
+ kubeclarity_hostname = ""
+ kubecost_enabled = false
+ kubecost_hostname = ""
+ cert_manager_enabled = true
+ worker_iam_role_name = ""
+ worker_iam_role_arn = ""
+ ingress_nginx_enabled = true
+ metrics_server_enabled = false
+ external_secrets_enabled = true
+ amazon_eks_vpc_cni_enabled = true
+ cluster_autoscaler_enabled = true
+ service_monitor_crd_enabled = true
+ karpenter_provisioner_enabled = false
+ enable_aws_load_balancer_controller = true
karpenter_provisioner_config = {
private_subnet_name = "private-subnet-name"
instance_capacity_type = ["on-demand"]
excluded_instance_type = ["nano", "micro", "small"]
+ instance_hypervisor = ["nitro"]
}
cert_manager_letsencrypt_email = "email@email.com"
internal_ingress_nginx_enabled = true
diff --git a/main.tf b/main.tf
index 0e73513..65e2e54 100644
--- a/main.tf
+++ b/main.tf
@@ -5,7 +5,7 @@ data "aws_eks_cluster" "eks" {
}
module "service_monitor_crd" {
- count = var.service_monitor_crd_enabled ? 1: 0
+ count = var.service_monitor_crd_enabled ? 1 : 0
source = "./addons/service_monitor_crd"
}
@@ -55,7 +55,7 @@ module "k8s_addons" {
ingress_nginx_helm_config = {
version = var.ingress_nginx_version
values = [
- templatefile("${path.module}/addons/nginx_ingress/nginx_ingress.yaml", {
+ templatefile("${path.module}/addons/nginx_ingress/${data.aws_eks_cluster.eks.kubernetes_network_config[0].ip_family == "ipv4" ? "nginx_ingress.yaml" : "nginx_ingress_ipv6.yaml"}", {
enable_service_monitor = var.service_monitor_crd_enabled
})
@@ -196,10 +196,12 @@ module "karpenter_provisioner" {
depends_on = [module.k8s_addons]
source = "./addons/karpenter_provisioner"
count = var.karpenter_provisioner_enabled ? 1 : 0
+ ipv6_enabled = var.ipv6_enabled
sg_selector_name = var.eks_cluster_name
subnet_selector_name = var.karpenter_provisioner_config.private_subnet_name
karpenter_ec2_capacity_type = var.karpenter_provisioner_config.instance_capacity_type
excluded_karpenter_ec2_instance_type = var.karpenter_provisioner_config.excluded_instance_type
+ instance_hypervisor = var.karpenter_provisioner_config.instance_hypervisor
}
resource "kubernetes_namespace" "internal_nginx" {
@@ -218,7 +220,7 @@ resource "helm_release" "internal_nginx" {
namespace = "internal-ingress-nginx"
repository = "https://kubernetes.github.io/ingress-nginx"
values = [
- templatefile("${path.module}/addons/internal_nginx_ingress/ingress.yaml", {
+ templatefile("${path.module}/addons/internal_nginx_ingress/${data.aws_eks_cluster.eks.kubernetes_network_config[0].ip_family == "ipv4" ? "ingress.yaml" : "ingress_ipv6.yaml"}", {
enable_service_monitor = var.service_monitor_crd_enabled
})
]
diff --git a/variables.tf b/variables.tf
index f8172ae..3ec3320 100644
--- a/variables.tf
+++ b/variables.tf
@@ -233,6 +233,7 @@ variable "karpenter_provisioner_config" {
private_subnet_name = ""
instance_capacity_type = ["spot"]
excluded_instance_type = ["nano", "micro", "small"]
+ instance_hypervisor = ["nitro"]
}
type = any
}
@@ -309,5 +310,11 @@ variable "metrics_server_vpa_config" {
maxMemory = "500Mi"
metricsServerDeploymentName = "metrics-server"
}
- type = any
+ type = anyAD
+}
+
+variable "ipv6_enabled" {
+ description = "whether IPv6 enabled or not"
+ type = bool
+ default = false
}
\ No newline at end of file