forked from cloudposse/terraform-aws-eks-cluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
221 lines (182 loc) · 6.72 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
variable "region" {
type = string
description = "AWS Region"
}
variable "namespace" {
type = string
description = "Namespace, which could be your organization name, e.g. 'eg' or 'cp'"
default = ""
}
variable "stage" {
type = string
description = "Stage, e.g. 'prod', 'staging', 'dev', or 'test'"
default = ""
}
variable "name" {
type = string
description = "Solution name, e.g. 'app' or 'cluster'"
}
variable "delimiter" {
type = string
default = "-"
description = "Delimiter to be used between `name`, `namespace`, `stage`, etc."
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes (e.g. `1`)"
}
variable "tags" {
type = map(string)
default = {}
description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
}
variable "enabled" {
type = bool
description = "Whether to create the resources. Set to `false` to prevent the module from creating any resources"
default = true
}
variable "vpc_id" {
type = string
description = "VPC ID for the EKS cluster"
}
variable "subnet_ids" {
description = "A list of subnet IDs to launch the cluster in"
type = list(string)
}
variable "associate_public_ip_address" {
type = bool
description = "Associate a public IP address with an instance in a VPC"
default = true
}
variable "allowed_security_groups" {
type = list(string)
default = []
description = "List of Security Group IDs to be allowed to connect to the EKS cluster"
}
variable "allowed_cidr_blocks" {
type = list(string)
default = []
description = "List of CIDR blocks to be allowed to connect to the EKS cluster"
}
variable "workers_role_arns" {
type = list(string)
description = "List of Role ARNs of the worker nodes"
}
variable "workers_security_group_ids" {
type = list(string)
description = "Security Group IDs of the worker nodes"
}
variable "kubernetes_version" {
type = string
default = "1.14"
description = "Desired Kubernetes master version. If you do not specify a value, the latest available version is used"
}
variable "oidc_provider_enabled" {
type = bool
default = false
description = "Create an IAM OIDC identity provider for the cluster, then you can create IAM roles to associate with a service account in the cluster, instead of using kiam or kube2iam. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html"
}
variable "endpoint_private_access" {
type = bool
default = false
description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default to AWS EKS resource and it is false"
}
variable "endpoint_public_access" {
type = bool
default = true
description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true"
}
variable "enabled_cluster_log_types" {
type = list(string)
default = []
description = "A list of the desired control plane logging to enable. For more information, see https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. Possible values [`api`, `audit`, `authenticator`, `controllerManager`, `scheduler`]"
}
variable "apply_config_map_aws_auth" {
type = bool
default = true
description = "Whether to generate local files from `kubeconfig` and `config-map-aws-auth` templates and perform `kubectl apply` to apply the ConfigMap to allow worker nodes to join the EKS cluster"
}
variable "map_additional_aws_accounts" {
description = "Additional AWS account numbers to add to `config-map-aws-auth` ConfigMap"
type = list(string)
default = []
}
variable "map_additional_iam_roles" {
description = "Additional IAM roles to add to `config-map-aws-auth` ConfigMap"
type = list(object({
rolearn = string
username = string
groups = list(string)
}))
default = []
}
variable "map_additional_iam_users" {
description = "Additional IAM users to add to `config-map-aws-auth` ConfigMap"
type = list(object({
userarn = string
username = string
groups = list(string)
}))
default = []
}
variable "kubeconfig_path" {
type = string
default = "~/.kube/config"
description = "The path to `kubeconfig` file"
}
variable "local_exec_interpreter" {
type = string
default = "/bin/bash"
description = "shell to use for local exec"
}
variable "configmap_auth_template_file" {
type = string
default = ""
description = "Path to `config_auth_template_file`"
}
variable "configmap_auth_file" {
type = string
default = ""
description = "Path to `configmap_auth_file`"
}
variable "install_aws_cli" {
type = bool
default = false
description = "Set to `true` to install AWS CLI if the module is provisioned on workstations where AWS CLI is not installed by default, e.g. Terraform Cloud workers"
}
variable "install_kubectl" {
type = bool
default = false
description = "Set to `true` to install `kubectl` if the module is provisioned on workstations where `kubectl` is not installed by default, e.g. Terraform Cloud workers"
}
variable "kubectl_version" {
type = string
default = ""
description = "`kubectl` version to install. If not specified, the latest version will be used"
}
variable "external_packages_install_path" {
type = string
default = ""
description = "Path to install external packages, e.g. AWS CLI and `kubectl`. Used when the module is provisioned on workstations where the external packages are not installed by default, e.g. Terraform Cloud workers"
}
variable "aws_eks_update_kubeconfig_additional_arguments" {
type = string
default = ""
description = "Additional arguments for `aws eks update-kubeconfig` command, e.g. `--role-arn xxxxxxxxx`. For more info, see https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html"
}
variable "aws_cli_assume_role_arn" {
type = string
default = ""
description = "IAM Role ARN for AWS CLI to assume before calling `aws eks` to update `kubeconfig`"
}
variable "aws_cli_assume_role_session_name" {
type = string
default = ""
description = "An identifier for the assumed role session when assuming the IAM Role for AWS CLI before calling `aws eks` to update `kubeconfig`"
}
variable "jq_version" {
type = string
default = "1.6"
description = "Version of `jq` to download to extract temporaly credentials after running `aws sts assume-role` if AWS CLI needs to assume role to access the cluster (if variable `aws_cli_assume_role_arn` is set)"
}