Skip to content

zoitech/tf-mod-aws-eks-addons

Repository files navigation

tf-mod-aws-eks-addons

Autoscaler

Pre-requisites

1. Create an OIDC provider that Autoscaler will use.

You can use the output from the EKS module (if cluster was created with the module) named oidc_provider_issuer; e.g url module.eks.oidc_provider_issuer

2. IAM Role and IAM Policy

Create the IAM Role & IAM Policy and pass it in to the module.

Please remember that when creating the IAM Role, the sts Assume Role policy service account name should be cluster-autoscaler.

Please see further documention here:

NGINX Ingress Controller

Pre-requisites

Allow capability: NET_BIND_SERVICE

Variable Configuration

Parameter Description Type of value
name name of nginx ingress controller string
namespace namespace into which the controller will be deployed string
version Version of Nginx Ingress Controller chart string
set_values This is to set the values for additional configuration as opposed to passing them in, we can just name the value we want to change and set that value. map(string)
``

Example usage:

nginx_controllers = {
    nginx_public = {
      name                     = "nginx-public"
      namespace                = "c-ingress-controller"
      version                  = "0.3.5"
      set_values               =  {
        controller.service.targetPorts.https = "http"
        controller.service.targetPorts.enableHttp = "false"
        controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
      }
    },
    nginx_internal = {
      name                     = "nginx-internal"
      namespace                = "i-ingress-controller"
      version                  = "0.3.5"
      set_values               = {
        controller.service.targetPorts.https = "http"
        controller.service.targetPorts.enableHttp = "false"
        controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
      }
    }
}

Fluentbit

Fluentbit automatically creates a CloudWatch log group with the following naming convention:

  • logGroupName: "/aws/eks/fluentbit-cloudwatch/${var.cluster_name}"

Example usage of Module

module "eks_add_ons" {
  source = "git::https://"
  
  region = "eu-central-1"
  cluster_name = local.cluster_name

  enable_fluentbit = false
  enable_eks_autoscaler = true
  enable_cert_manager = true

  autoscaler_iam_role_arn = aws_iam_role.autoscaler.arn
  
  nginx_controllers = {
    public = {
      name = "public"
      namespace = "c-ingress"
      version = ""
      set_values               = {
        controller.service.targetPorts.https = "http"
        controller.service.targetPorts.enableHttp = "false"
        controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
      }
    }
  }

  node_group_role_name = aws_iam_role.eks_node_group.name

  tags = {
    test = "test.user@test.com"
    env = "test"
    app = "test1234"
  }
}

Requirements

No requirements.

Providers

Name Version
aws n/a
helm n/a

Modules

No modules.

Resources

Name Type
aws_iam_role_policy_attachment.CloudWatchAgentServerPolicy resource
helm_release.cluster_autoscaler resource
helm_release.fluent_bit resource
helm_release.nginx resource

Inputs

Name Description Type Default Required
autoscaler_iam_role_arn IAM Role arn of autoscaler role. any n/a yes
cluster_name Name of EKS cluster, required if Fluenbit is enabled any n/a yes
enable_eks_autoscaler enable EKS autoscaler bool false no
enable_fluentbit enable CloudWatch logging for EKS cluster using fluentbit. bool false no
env Type of environment, e.g prod, stage any n/a yes
lb_backend_protocol AWS Load Balancer backend protocol string "http" no
lb_connection_idle_timeout AWS Load Balancer connection idle timeout string "120" no
lb_ssl_ports AWS Load balancer SSL ports string "443" no
nginx_controllers Creates nginx ingress controllers
map(object({
name = string
namespace = string
version = string
set_values = map(string)
}))
n/a yes
node_group_role_name IAM role name of EKS Node Group string "" no
region AWS region string "eu-central-1" no
tags AWS Resource tags any n/a yes
enable_cert_manager enable ACME Certificate Manager bool false yes
cert_manager_replicaCount Number of cert-manager controller pods number 2 no
cert_manager_version cert-manager Chart Version string "v1.5.0" no

Outputs

No outputs.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages