variables.tf (1,395 lines of code) (raw):
variable "prefix" {
type = string
validation {
condition = length(var.prefix) > 0 && length(var.prefix) < 10
error_message = "The prefix value must be between 1 and 10 characters long"
}
description = "The prefix to be used for all resources in this module"
default = "kube"
}
variable "cluster_network_type" {
type = string
validation {
condition = can(regex("^(internal|external)$", var.cluster_network_type))
error_message = "The network_type value must be either internal or external"
}
description = "The type of network to create. If set to internal, a new VPC will be created. If set to external, an existing VPC will be used"
default = "internal"
}
variable "cluster_network_external_vpc_id" {
type = string
description = "The ID of the VPC to use for the external network"
default = null
}
variable "cluster_network_external_control_plane_subnet_ids" {
type = list(string)
description = "The IDs of the subnets to use for the control plane in the external network"
default = null
}
variable "cluster_network_external_node_subnet_ids" {
type = list(string)
description = "The IDs of the subnets to use for the nodes in the external network"
default = null
}
variable "cluster_network_internal_vpc_cidr" {
type = string
description = "The CIDR block to use for the internal VPC"
validation {
condition = can(regex("^(([0-9]|[1-2][0-9]|3[0-2])\\.){3}([0-9]|[1-2][0-9]|3[0-2])(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", var.cluster_network_internal_vpc_cidr))
error_message = "The vpc_cidr value must be a valid CIDR block"
}
default = "10.0.0.0/16"
}
variable "cluster_network_internal_vpc_secondary_cidr_blocks" {
type = list(string)
description = "The secondary CIDR blocks to use for the internal VPC"
default = []
}
variable "cluster_network_internal_vpc_nat_gateway_type" {
type = string
validation {
condition = can(regex("^(single_nat_gateway|one_nat_gateway_per_subnet|one_nat_gateway_per_az)$", var.cluster_network_internal_vpc_nat_gateway_type))
error_message = "The vpc_nat_gateway_type value must be either single_nat_gateway, one_nat_gateway_per_subnet or one_nat_gateway_per_az"
}
description = "The type of NAT gateway to use for the internal VPC"
default = "one_nat_gateway_per_az"
}
variable "cluster_network_internal_vpc_availability_zones_number" {
type = number
validation {
condition = can(regex("^[1-3]$", var.cluster_network_internal_vpc_availability_zones_number))
error_message = "The vpc_availability_zones_number value must be a number between 1 and 5"
}
description = "The number of availability zones to use for the internal VPC"
default = 2
}
variable "cluster_network_internal_vpc_instance_tenancy" {
type = string
validation {
condition = can(regex("^(default|dedicated)$", var.cluster_network_internal_vpc_instance_tenancy))
error_message = "The vpc_instance_tenancy value must be either default or dedicated"
}
description = "The instance tenancy to use for the internal VPC"
default = "default"
}
variable "cluster_network_internal_vpc_enable_dns_hostnames" {
type = bool
description = "Whether to enable DNS hostnames for the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_enable_dns_support" {
type = bool
description = "Whether to enable DNS support for the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_enable_network_address_usage_metrics" {
type = bool
description = "Whether to enable network address usage metrics for the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_ipam_pool_options" {
type = object({
enabled = bool
ipv4_pool_id = string
ipv4_netmask_length = number
enable_ipv6 = optional(bool)
ipv6_cidr = optional(string)
ipv6_pool_id = optional(string)
ipv6_netmask_length = optional(number)
ipv6_cidr_block_network_border_group = optional(string)
})
description = "The IPAM pool configuration for the internal VPC"
default = {
enabled = false
ipv4_pool_id = null
ipv4_netmask_length = null
enable_ipv6 = false
ipv6_cidr = null
ipv6_pool_id = null
ipv6_netmask_length = null
ipv6_cidr_block_network_border_group = null
}
}
variable "cluster_network_internal_vpc_dhcp_options" {
type = object({
enabled = bool
domain_name = string
domain_name_servers = optional(list(string))
ntp_servers = optional(list(string))
netbios_name_servers = optional(list(string))
netbios_node_type = optional(string)
tags = optional(map(string))
})
description = "The DHCP options configuration for the internal VPC"
default = {
enabled = false
domain_name = ""
domain_name_servers = ["AmazonProvidedDNS"]
ntp_servers = []
netbios_name_servers = []
netbios_node_type = ""
tags = {}
}
}
variable "cluster_network_internal_vpc_tags" {
type = map(string)
description = "The tags to apply to the internal VPC"
default = {}
}
variable "cluster_network_internal_public_ingress_subnets_subnets_addresses" {
type = list(string)
description = "The CIDR blocks to use for the public subnets in the internal VPC"
validation {
condition = length(var.cluster_network_internal_public_ingress_subnets_subnets_addresses) > 0
error_message = "There must be at least one public subnet and the number of public subnets must be at least the number of availability zones"
}
default = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]
}
variable "cluster_network_internal_public_ingress_subnets_subnets_assign_ipv6_address_on_creation" {
type = bool
description = "Whether to assign an IPv6 address to the public subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_public_ingress_subnets_subnets_enable_dns64" {
type = bool
description = "Whether to enable DNS64 for the public subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_public_ingress_subnets_subnets_enable_resource_name_dns_aaaa_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS AAAA record on launch for the public subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_public_ingress_subnets_subnets_enable_resource_name_dns_a_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS A record on launch for the public subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_public_ingress_subnets_subnets_ipv6_prefixes" {
type = list(string)
description = "The IPv6 prefixes to use for the public subnets in the internal VPC"
default = []
}
variable "cluster_network_internal_public_ingress_subnets_subnets_ipv6_native" {
type = bool
description = "Whether to enable IPv6 native for the public subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_public_ingress_subnets_subnets_map_public_ip_on_launch" {
type = bool
description = "Whether to map public IP on launch for the public subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_public_ingress_subnets_subnets_private_dns_hostname_type_on_launch" {
type = string
description = "The private DNS hostname type on launch for the public subnets in the internal VPC"
default = null
}
variable "cluster_network_internal_public_ingress_subnets_subnets_acls" {
type = object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
})
description = "The ACLs configuration for the public subnets in the internal VPC"
default = {
enabled = false
inbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
outbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
}
variable "cluster_network_internal_public_ingress_subnets_subnets_tags" {
type = object({
tags = optional(map(string))
route_table_tags = optional(map(string))
subnet_tags_per_az = optional(map(map(string)))
acl_tags = optional(map(string))
})
description = "The tags configuration for the public subnets in the internal VPC"
default = {
tags = {}
route_table_tags = {}
subnet_tags_per_az = {}
acl_tags = {}
}
}
variable "cluster_network_internal_vpc_private_ingress_subnets_addresses" {
type = list(string)
description = "The CIDR blocks to use for the intranet subnets in the internal VPC"
validation {
condition = length(var.cluster_network_internal_vpc_private_ingress_subnets_addresses) > 0
error_message = "There must be at least one intranet subnet and the number of intranet subnets must be at least the number of availability zones"
}
default = ["10.0.64.0/24", "10.0.65.0/24", "10.0.66.0/24"]
}
variable "cluster_network_internal_vpc_private_ingress_subnets_assign_ipv6_address_on_creation" {
type = bool
description = "Whether to assign an IPv6 address to the intranet subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_private_ingress_subnets_enable_dns64" {
type = bool
description = "Whether to enable DNS64 for the intranet subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_private_ingress_subnets_enable_resource_name_dns_aaaa_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS AAAA record on launch for the intranet subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_private_ingress_subnets_enable_resource_name_dns_a_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS A record on launch for the intranet subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_private_ingress_subnets_ipv6_prefixes" {
type = list(string)
description = "The IPv6 prefixes to use for the intranet subnets in the internal VPC"
default = []
}
variable "cluster_network_internal_vpc_private_ingress_subnets_ipv6_native" {
type = bool
description = "Whether to enable IPv6 native for the intranet subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_private_ingress_subnets_dns_hostname_type_on_launch" {
type = string
description = "The DNS hostname type on launch for the intranet subnets in the internal VPC"
default = null
}
variable "cluster_network_internal_vpc_private_ingress_subnets_acls" {
type = object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
})
description = "The ACLs configuration for the intranet subnets in the internal VPC"
default = {
enabled = false
inbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
outbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
}
variable "cluster_network_internal_vpc_private_ingress_subnets_tags" {
type = object({
tags = optional(map(string))
route_table_tags = optional(map(string))
acl_tags = optional(map(string))
})
description = "The tags configuration for the intranet subnets in the internal VPC"
default = {
tags = {}
route_table_tags = {}
acl_tags = {}
}
}
variable "cluster_network_internal_vpc_node_subnets_addresses" {
type = list(string)
description = "The CIDR blocks to use for the node subnets in the internal VPC"
validation {
condition = length(var.cluster_network_internal_vpc_node_subnets_addresses) > 0
error_message = "There must be at least one node subnet and the number of node subnets must be at least the number of availability zones"
}
default = ["10.0.96.0/19", "10.0.128.0/19", "10.0.160.0/19"]
}
variable "cluster_network_internal_vpc_node_subnets_assign_ipv6_address_on_creation" {
type = bool
description = "Whether to assign an IPv6 address to the node subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_node_subnets_enable_dns64" {
type = bool
description = "Whether to enable DNS64 for the node subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_node_subnets_enable_resource_name_dns_aaaa_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS AAAA record on launch for the node subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_node_subnets_enable_resource_name_dns_a_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS A record on launch for the node subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_node_subnets_ipv6_prefixes" {
type = list(string)
description = "The IPv6 prefixes to use for the node subnets in the internal VPC"
default = []
}
variable "cluster_network_internal_vpc_node_subnets_ipv6_native" {
type = bool
description = "Whether to enable IPv6 native for the node subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_node_subnets_private_dns_hostname_type_on_launch" {
type = string
description = "The private DNS hostname type on launch for the node subnets in the internal VPC"
default = null
}
variable "cluster_network_internal_vpc_node_subnets_acls" {
type = object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
})
description = "The ACLs configuration for the node subnets in the internal VPC"
default = {
enabled = false
inbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
outbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
}
variable "cluster_network_internal_vpc_node_subnets_tags" {
type = object({
tags = optional(map(string))
route_table_tags = optional(map(string))
subnet_tags_per_az = optional(map(map(string)))
acl_tags = optional(map(string))
})
description = "The tags configuration for the node subnets in the internal VPC"
default = {
tags = {}
route_table_tags = {}
subnet_tags_per_az = {}
acl_tags = {}
}
}
variable "cluster_network_internal_vpc_data_subnets_addresses" {
type = list(string)
description = "The CIDR blocks to use for the data subnets in the internal VPC"
validation {
condition = length(var.cluster_network_internal_vpc_data_subnets_addresses) > 0
error_message = "There must be at least one data subnet and the number of data subnets must be at least the number of availability zones"
}
default = ["10.0.224.0/24", "10.0.225.0/24", "10.0.226.0/24"]
}
variable "cluster_network_internal_vpc_data_subnets_assign_ipv6_address_on_creation" {
type = bool
description = "Whether to assign an IPv6 address to the data subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_data_subnets_enable_dns64" {
type = bool
description = "Whether to enable DNS64 for the data subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_data_subnets_enable_resource_name_dns_aaaa_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS AAAA record on launch for the data subnets in the internal VPC"
default = true
}
variable "cluster_network_internal_vpc_data_subnets_enable_resource_name_dns_a_record_on_launch" {
type = bool
description = "Whether to enable resource name DNS A record on launch for the data subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_data_subnets_ipv6_prefixes" {
type = list(string)
description = "The IPv6 prefixes to use for the data subnets in the internal VPC"
default = []
}
variable "cluster_network_internal_vpc_data_subnets_ipv6_native" {
type = bool
description = "Whether to enable IPv6 native for the data subnets in the internal VPC"
default = false
}
variable "cluster_network_internal_vpc_data_subnets_dns_hostname_type_on_launch" {
type = string
description = "The DNS hostname type on launch for the data subnets in the internal VPC"
default = null
}
variable "cluster_network_internal_vpc_data_subnets_acls" {
type = object({
enabled = bool
inbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
outbound_rules = optional(list(object({
rule_number = number
rule_action = string
from_port = number
to_port = number
protocol = optional(string)
cidr_block = string
})))
})
description = "The ACLs configuration for the data subnets in the internal VPC"
default = {
enabled = false
inbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
}
]
outbound_rules = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
}
]
}
}
variable "cluster_network_internal_vpc_data_subnets_tags" {
type = object({
tags = optional(map(string))
acl_tags = optional(map(string))
})
description = "The tags configuration for the data subnets in the internal VPC"
default = {
tags = {}
acl_tags = {}
}
}
variable "cluster_network_internal_vpc_endpoints" {
type = object({
enabled = bool
services = optional(map(object({
service = string
service_name = optional(string)
service_type = optional(string)
policy = optional(string)
auto_accept = optional(bool)
private_dns_enabled = optional(bool)
})))
security_group_ids = optional(list(string))
dns_options = optional(object({
dns_record_ip_type = optional(string)
private_dns_only_for_inbound_resolver_endpoint = optional(bool)
}))
timeout_options = optional(object({
create = optional(string)
update = optional(string)
delete = optional(string)
}))
tags = optional(map(string))
})
description = "The VPC endpoints configuration for the internal VPC"
default = {
enabled = false
services = {}
security_group_ids = []
dns_options = {}
timeout_options = {}
tags = {}
}
}
variable "cluster_enabled" {
type = bool
description = "Whether to create the Kubernetes cluster"
default = true
}
variable "cluster_version" {
type = string
description = "The version of the Kubernetes cluster"
default = "1.34"
}
variable "cluster_authentication_mode" {
type = string
validation {
condition = can(regex("^(API_AND_CONFIG_MAP|API|CONFIG_MAP)$", var.cluster_authentication_mode))
error_message = "The authentication_mode value must be either API_AND_CONFIG_MAP, API or CONFIG_MAP"
}
description = "The authentication mode for the Kubernetes cluster"
default = "API_AND_CONFIG_MAP"
}
variable "cluster_cloudwatch_logging" {
type = object({
enabled = optional(bool)
log_types = optional(list(string))
log_group_retention_in_days = optional(number)
log_group_kms_key_id = optional(string)
log_group_class = optional(string)
log_group_tags = optional(map(string))
})
description = "The logging configuration for the Kubernetes cluster"
default = {
enabled = true
log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
log_group_retention_in_days = 7
log_group_kms_key_id = null
log_group_class = null
log_group_tags = {}
}
}
variable "cluster_vpc_config" {
type = object({
additional_security_group_ids = optional(list(string))
endpoint_public_access = optional(bool)
endpoint_private_access = optional(bool)
endpoint_public_access_allow_from_cidrs = optional(list(string))
})
description = "The VPC configuration for the Kubernetes cluster"
default = {
additional_security_group_ids = []
endpoint_public_access = true
endpoint_private_access = true
endpoint_public_access_allow_from_cidrs = ["0.0.0.0/0"]
}
}
variable "cluster_service_network_config" {
type = object({
ip_family = optional(string)
service_ipv4_cidr = optional(string)
service_ipv6_cidr = optional(string)
})
description = "The internal service network configuration for the Kubernetes cluster"
default = {
ip_family = "ipv4"
service_ipv4_cidr = null
service_ipv6_cidr = null
}
}
variable "cluster_database_encryption_config" {
type = object({
provider_key_arn = optional(string)
resources = optional(list(string))
})
description = "The encryption configuration for the Kubernetes cluster"
default = {
provider_key_arn = null
resources = ["secrets"]
}
}
variable "cluster_encryption_policy" {
type = object({
attach_default = optional(bool)
use_name_prefix = optional(bool)
name = optional(string)
description = optional(string)
path = optional(string)
tags = optional(map(string))
})
description = "The encryption policy for the Kubernetes cluster"
default = {
attach_default = true
use_name_prefix = true
name = null
description = "Cluster encryption policy to allow cluster role to utilize CMK provided"
path = null
tags = {}
}
}
variable "cluster_tags" {
type = map(string)
description = "The tags to apply to the Kubernetes cluster"
default = {}
}
variable "cluster_timeouts" {
type = object({
create = optional(string)
update = optional(string)
delete = optional(string)
})
description = "The waiting timeouts configuration for the Kubernetes cluster"
default = {
create = "45m"
update = "60m"
delete = "30m"
}
}
variable "cluster_security_group" {
type = object({
create_default = optional(bool)
create_primary_security_group_tags = optional(bool)
id = optional(string)
name = optional(string)
use_name_prefix = optional(bool)
description = optional(string)
additional_rules = optional(any)
tags = optional(map(string))
})
description = "The security group configuration for the Kubernetes cluster"
default = {
create_default = true
create_primary_security_group_tags = true
id = null
name = null
use_name_prefix = true
description = "EKS cluster security group"
additional_rules = {}
tags = {}
}
}
variable "cluster_node_security_group" {
type = object({
create_default = optional(bool)
id = optional(string)
name = optional(string)
use_name_prefix = optional(bool)
description = optional(string)
enable_efa_support = optional(bool)
enable_recommended_rules = optional(bool)
create_cni_ipv6_iam_policy = optional(bool)
additional_rules = optional(any)
tags = optional(map(string))
})
description = "The security group configuration for the Kubernetes cluster nodes"
default = {
create_default = true
id = ""
name = null
use_name_prefix = true
description = "EKS node security group"
enable_efa_support = false
enable_recommended_rules = true
create_cni_ipv6_iam_policy = false
additional_rules = {}
tags = {}
}
}
variable "cluster_access_management" {
type = object({
enable_cluster_creator_admin_permissions = optional(bool)
list = optional(map(any))
})
description = "The access management configuration for the Kubernetes cluster"
default = {
enable_cluster_creator_admin_permissions = false
list = null
}
}
variable "cluster_kms" {
type = object({
enabled = optional(bool)
key_description = optional(string)
key_deletion_window_in_days = optional(string)
enable_key_rotation = optional(bool)
key_enable_default_policy = optional(bool)
key_owners = optional(list(string))
key_administrators = optional(list(string))
key_users = optional(list(string))
key_service_users = optional(list(string))
key_source_policy_documents = optional(list(string))
key_override_policy_documents = optional(list(string))
key_aliases = optional(list(string))
})
description = "The KMS configuration for the Kubernetes cluster"
default = {
enabled = true
key_description = null
key_deletion_window_in_days = 30
enable_key_rotation = true
key_enable_default_policy = true
key_owners = []
key_administrators = []
key_users = []
key_service_users = []
key_source_policy_documents = []
key_override_policy_documents = []
key_aliases = []
}
}
variable "cluster_iam_role_for_service_account" {
type = object({
enabled = optional(bool)
include_oidc_root_ca_thumbprint = optional(bool)
openid_connect_audiences = optional(list(string))
custom_oidc_thumbprints = optional(list(string))
})
description = "The IAM role configuration for the Kubernetes cluster service account"
default = {
enabled = true
include_oidc_root_ca_thumbprint = true
openid_connect_audiences = []
custom_oidc_thumbprints = []
}
}
variable "cluster_iam" {
type = object({
create_default_role = optional(bool)
role_arn = optional(string)
role_name = optional(string)
role_use_name_prefix = optional(bool)
role_path = optional(string)
role_description = optional(string)
role_permissions_boundary = optional(string)
role_additional_policies = optional(map(string))
role_tags = optional(map(string))
})
description = "The IAM role configuration for the Kubernetes cluster"
default = {
create_default_role = true
role_arn = null
role_name = null
role_use_name_prefix = true
role_path = null
role_description = null
role_permissions_boundary = null
role_additional_policies = {}
role_tags = {}
}
}
variable "cluster_addons_default" {
type = any
description = "The addons configuration for the Kubernetes cluster"
default = {
coredns = {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
}
vpc-cni = {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
before_compute = true
}
kube-proxy = {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
}
snapshot-controller = {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
}
eks-pod-identity-agent = {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
}
}
}
variable "cluster_addons_additional" {
type = any
description = "The additional addons configuration for the Kubernetes cluster"
default = {}
}
variable "cluster_addons_timeouts" {
type = object({
create = optional(string)
update = optional(string)
delete = optional(string)
})
description = "The waiting timeouts configuration for the Kubernetes cluster addons"
default = {}
}
variable "cluster_additional_identity_providers" {
type = any
description = "The additional identity providers configuration for the Kubernetes cluster"
default = {}
}
variable "cluster_compute_pool_aws_managed" {
type = object({
defaults = optional(any)
groups = any
})
description = "The AWS managed compute pool configuration for the Kubernetes cluster"
default = {
defaults = {}
groups = {
spot = {
min_size = 3
max_size = 3
desired_size = 3
disk_size = 100
use_custom_launch_template = false
instance_types = ["t3a.2xlarge", "m5a.2xlarge", "c5a.2xlarge", "r5a.2xlarge", "t3a.large"]
capacity_type = "SPOT"
labels = {
node-type = "spot"
}
update_config = {
max_unavailable_percentage = 30
}
}
main = {
min_size = 2
max_size = 2
desired_size = 2
disk_size = 100
use_custom_launch_template = false
instance_types = ["t3a.2xlarge"]
capacity_type = "ON_DEMAND"
labels = {
node-type = "main"
}
update_config = {
max_unavailable_percentage = 30
}
}
}
}
}
variable "cluster_compute_pool_self_managed" {
type = object({
defaults = optional(any)
groups = any
})
description = "The self managed compute pool configuration for the Kubernetes cluster"
default = {
defaults = {}
groups = {}
}
}
variable "cluster_compute_pool_fargate" {
type = object({
defaults = optional(any)
groups = any
})
description = "The Fargate compute pool configuration for the Kubernetes cluster"
default = {
defaults = {}
groups = {}
}
}
variable "cluster_storage_classes_create" {
type = bool
description = "Whether to create the custom storage classes for the Kubernetes cluster"
default = true
}
variable "cluster_default_storage_storage_classes" {
type = map(object({
name = optional(string)
annotations = optional(any)
reclaim_policy = optional(string)
volume_binding_mode = optional(string)
allow_volume_expansion = optional(bool)
parameters = optional(any)
}))
description = "The default standard storage class type for the current Kubernetes cluster"
default = {
standard = {
name = "standard"
annotations = {
"storageclass.kubernetes.io/is-default-class" : "true"
}
reclaim_policy = "Retain"
volume_binding_mode = "WaitForFirstConsumer"
allow_volume_expansion = true
parameters = {
encrypted : true
type : "gp3"
"csi.storage.k8s.io/fstype" : "ext3"
allowAutoIOPSPerGBIncrease : true
}
}
golden = {
name = "golden"
annotations = {
"storageclass.kubernetes.io/is-default-class" : "false"
}
reclaim_policy = "Retain"
volume_binding_mode = "WaitForFirstConsumer"
allow_volume_expansion = true
parameters = {
encrypted : true
type : "io1"
"csi.storage.k8s.io/fstype" : "ext3"
allowAutoIOPSPerGBIncrease : true
}
}
platinum = {
name = "platinum"
annotations = {
"storageclass.kubernetes.io/is-default-class" : "false"
}
reclaim_policy = "Retain"
volume_binding_mode = "WaitForFirstConsumer"
allow_volume_expansion = true
parameters = {
encrypted : true
type : "io2"
"csi.storage.k8s.io/fstype" : "xfs"
allowAutoIOPSPerGBIncrease : true
}
}
}
}
variable "cluster_custom_storage_classes" {
type = map(object({
name = optional(string)
annotations = optional(any)
reclaim_policy = optional(string)
volume_binding_mode = optional(string)
allow_volume_expansion = optional(bool)
storage_provisioner = optional(string)
parameters = optional(any)
}))
description = "Custom storage class objects for the current Kubernetes cluster that can be created in addition of as a substitution for the ones defined in the cluster_default_storage_storage_classes variable"
default = {}
}
variable "cluster_monitoring_create" {
type = bool
description = "Whether to create the monitoring for the Kubernetes cluster"
default = true
}
variable "cluster_monitoring" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The monitoring configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "56.21.1"
helm_chart_name = "kube-prometheus-operator"
helm_chart_namespace = "kube-monitoring"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_node_patcher_create" {
type = bool
description = "Whether to create the node patcher for the Kubernetes cluster"
default = true
}
variable "cluster_node_patcher" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The node patcher configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "5.4.3"
helm_chart_name = "kube-node-reboot"
helm_chart_namespace = "kube-node-rebooter"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_metrics_server_create" {
type = bool
description = "Whether to create the cluster metrics server for the Kubernetes cluster"
default = true
}
variable "cluster_metrics_server" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The metrics server configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "3.12.0"
helm_chart_name = "kube-metrics-server"
helm_chart_namespace = "kube-monitoring"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_logging_create" {
type = bool
description = "Whether to create the cluster logging service for the Kubernetes cluster"
default = true
}
variable "cluster_logging" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The cluster logging configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "5.43.3"
helm_chart_name = "kube-grafana-loki"
helm_chart_namespace = "kube-monitoring"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_logging_collector" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The cluster logging collector configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "6.15.5"
helm_chart_name = "kube-grafana-promtail"
helm_chart_namespace = "kube-monitoring"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_public_ingress_create" {
type = bool
description = "Whether to create the public ingress for the Kubernetes cluster"
default = false
}
variable "cluster_public_ingress" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The cluster public ingress configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "4.10.0"
helm_chart_name = "kube-ingress-nginx"
helm_chart_namespace = "kube-public-ingress"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_private_ingress_create" {
type = bool
description = "Whether to create the private ingress for the Kubernetes cluster"
default = true
}
variable "cluster_private_ingress" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_namespace = optional(string)
create_namespace_if_not_exists = optional(bool)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The cluster private ingress configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "4.10.0"
helm_chart_name = "kube-ingress-nginx"
helm_chart_namespace = "kube-private-ingress"
create_namespace_if_not_exists = true
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_descheduler_create" {
type = bool
description = "Whether to create the descheduler for the Kubernetes cluster"
default = true
}
variable "cluster_descheduler" {
type = object({
helm_chart_repository = optional(string)
helm_chart_repository_config = optional(string)
helm_chart_version = optional(string)
helm_chart_name = optional(string)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The descheduler configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "0.29.0"
helm_chart_name = "kube-descheduler"
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_additional_apps_create" {
type = bool
description = "Whether to create additional apps in the Kubernetes cluster"
default = false
}
variable "cluster_additional_apps" {
type = list(object({
namespace = string
repository = string
repository_config = optional(object({
repository_key_file = optional(string)
repository_cert_file = optional(string)
repository_ca_file = optional(string)
repository_username = optional(string)
repository_password = optional(string)
}))
app = object({
name = string
chart = string
version = string
force_update = optional(bool)
wait = optional(bool)
recreate_pods = optional(bool)
max_history = optional(number)
lint = optional(bool)
cleanup_on_fail = optional(bool)
create_namespace = optional(bool)
disable_webhooks = optional(bool)
verify = optional(bool)
reuse_values = optional(bool)
reset_values = optional(bool)
atomic = optional(bool)
skip_crds = optional(bool)
render_subchart_notes = optional(bool)
disable_openapi_validation = optional(bool)
wait_for_jobs = optional(bool)
dependency_update = optional(bool)
replace = optional(bool)
})
values = optional(any)
params = optional(list(object({
name = string
value = any
})))
secrets = optional(list(object({
name = string
value = any
})))
}))
description = <<-EOF
List of additional apps packaged as Helm Charts to deploy in the Kubernetes cluster.
EOF
default = []
}
variable "cluster_autoscaler_create" {
type = bool
description = "Whether to create the cluster autoscaler for the Kubernetes cluster"
default = true
}
variable "cluster_autoscaler" {
type = object({
helm_chart_repository = string
helm_chart_repository_config = optional(string)
helm_chart_version = string
helm_chart_name = optional(string)
helm_chart_params = optional(list(object({
name = string
value = any
})))
helm_chart_secrets = optional(list(object({
name = string
value = any
})))
helm_chart_values = optional(string)
})
description = "The cluster autoscaler configuration for the Kubernetes cluster"
default = {
helm_chart_repository = "oci://public.registry.jetbrains.space/p/helm/library"
helm_chart_repository_config = null
helm_chart_version = "0.35.1"
helm_chart_name = "kube-karpenter"
helm_chart_params = []
helm_chart_secrets = []
helm_chart_values = null
}
}
variable "cluster_autoscaler_subnet_selector" {
type = string
description = "The subnet selector for the cluster autoscaler"
default = null
}
variable "tags" {
type = map(string)
description = "Specify a list of tags as key/value pairs. These tags will be applied to all resources created by this module"
default = {
ResourceCreatedBy = "TerraformModule:terraform-aws-kubernetes"
}
}