Terraform module to bootstrap Elastic Kubernetes Service(EKS) cluster using Addons ( EKS add-ons ) and blueprints.
module "eks_bootstrap" {
source = "squareops/eks-bootstrap/aws"
name = "skaf"
vpc_id = "vpc-06e37f0786b7eskaf"
environment = "production"
ipv6_enabled = true
kms_key_arn = "arn:aws:kms:region:222222222222:key/kms_key_arn"
keda_enabled = true
kms_policy_arn = "arn:aws:iam::222222222222:policy/kms_policy_arn" ## eks module will create kms_policy_arn
eks_cluster_name = "cluster_name"
reloader_enabled = true
karpenter_enabled = true
private_subnet_ids = [""]
single_az_sc_config = [{ name = "infra-service-sc", zone = "zone-name" }]
kubeclarity_enabled = false
kubeclarity_hostname = ""
kubecost_enabled = false
kubecost_hostname = ""
cert_manager_enabled = true
worker_iam_role_name = "worker_iam_role_name"
ingress_nginx_enabled = true
metrics_server_enabled = true
external_secrets_enabled = true
amazon_eks_vpc_cni_enabled = true
cluster_autoscaler_enabled = true
service_monitor_crd_enabled = true
istio_enabled = false
istio_config = {
ingress_gateway_enabled = true
ingress_gateway_namespace = "istio-ingressgateway"
egress_gateway_enabled = true
egress_gateway_namespace = "istio-egressgateway"
observability_enabled = true
envoy_access_logs_enabled = true
prometheus_monitoring_enabled = true
cert_manager_cluster_issuer_enabled = true
}
karpenter_provisioner_enabled = true
karpenter_provisioner_config = {
private_subnet_name = "private_subnet_name"
instance_capacity_type = ["spot"]
excluded_instance_type = ["nano", "micro", "small"]
instance_hypervisor = ["nitro"] ## Instance hypervisor is picked up only if IPv6 enable is chosen
}
cert_manager_letsencrypt_email = "[email protected]"
internal_ingress_nginx_enabled = true
efs_storage_class_enabled = true
aws_node_termination_handler_enabled = true
amazon_eks_aws_ebs_csi_driver_enabled = true
cluster_propotional_autoscaler_enabled = true
single_az_ebs_gp3_storage_class_enabled = true
cert_manager_install_letsencrypt_http_issuers = true
velero_enabled = false
velero_config = {
namespaces = "my-application" ## If you want full cluster backup, leave it blank else provide namespace.
slack_notification_token = "xoxb-slack-token"
slack_notification_channel_name = "slack-notifications-channel"
retention_period_in_days = 45
schedule_backup_cron_time = "* 6 * * *"
velero_backup_name = "my-application-backup"
backup_bucket_name = "velero-cluster-backup"
}
}
Release | Kubernetes 1.23 | Kubernetes 1.24 | Kubernetes 1.25 | Kubernetes 1.26 |
---|---|---|---|---|
Release 1.0.0 | ✔ | ✗ | ✗ | ✗ |
Release 1.0.1 | ✔ | ✔ | ✔ | ✗ |
Release 1.1.0 | ✔ | ✔ | ✔ | ✗ |
Release 2.0.0 | ✔ | ✔ | ✔ | ✗ |
Release 2.1.0 | ✔ | ✔ | ✔ | ✗ |
Release 3.0.0 | ✔ | ✔ | ✔ | ✔ |
Release 3.1.0 | ✔ | ✔ | ✔ | ✔ |
The required IAM permissions to create resources from this module can be found here
Kubernetes addons are additional components that can be installed in a Kubernetes cluster to provide extra features and functionality. They are designed to work seamlessly with the Kubernetes API and can be managed just like any other Kubernetes resource. Some common examples of Kubernetes addons include:
With AWS ALB, you can handle increased traffic levels, automatically scale your applications, and improve the overall performance of your applications. ALB provides advanced routing capabilities, including content-based routing, host-based routing, and path-based routing, enabling you to route traffic to different target groups based on specific rules.
There are currently four Amazon EBS storage classes:
Standard storage class: This is the default and most widely used storage class, offering a balance of low cost and high performance. It's suitable for a wide range of applications, including boot volumes, transactional databases, and big data workloads.
Provisioned IOPS (input/output operations per second) storage class: This class provides high-performance I/O for mission-critical and I/O-intensive workloads, such as large databases and I/O-bound applications.
Cold storage class: This class provides low-cost storage for infrequently accessed data, such as backups and archives. Cold storage is designed to deliver low cost and high durability.
Throughput Optimized HDD (hard disk drive) storage class: This class provides low-cost storage optimized for large, sequential workloads, such as big data and data warehouses.
Amazon EFS is easy to set up, manage, and scale, and it automatically replicates data across multiple Availability Zones for high durability and availability. The service is also highly performant, with low latency and high throughput, making it suitable for a wide range of workloads.
Before enabling the Kubecost addon for your Amazon EKS cluster, please make sure to subscribe to the Kubecost - Amazon EKS cost monitoring license.
Name | Version |
---|---|
aws | >= 4.23 |
helm | >= 2.6 |
kubernetes | >= 2.13 |
Name | Version |
---|---|
aws | >= 4.23 |
helm | >= 2.6 |
kubernetes | >= 2.13 |
random | n/a |
Name | Source | Version |
---|---|---|
efs | ./addons/efs | n/a |
istio | ./addons/istio | n/a |
k8s_addons | ./EKS-Blueprint/modules/kubernetes-addons | n/a |
karpenter_provisioner | ./addons/karpenter_provisioner | n/a |
service_monitor_crd | ./addons/service_monitor_crd | n/a |
single_az_sc | ./addons/aws-ebs-storage-class | n/a |
velero | ./addons/velero | n/a |
Name | Type |
---|---|
aws_eks_addon.kubecost | resource |
aws_iam_instance_profile.karpenter_profile | resource |
helm_release.cert_manager_le_http | resource |
helm_release.coredns-hpa | resource |
helm_release.internal_nginx | resource |
helm_release.kubeclarity | resource |
helm_release.metrics-server-vpa | resource |
helm_release.vpa-crds | resource |
kubernetes_ingress_v1.kubecost | resource |
kubernetes_namespace.internal_nginx | resource |
kubernetes_namespace.kube_clarity | resource |
kubernetes_secret.kube_clarity | resource |
kubernetes_secret.kubecost | resource |
random_password.kube_clarity | resource |
random_password.kubecost | resource |
aws_eks_addon_version.kubecost | data source |
aws_eks_cluster.eks | data source |
aws_region.current | data source |
kubernetes_service.internal-nginx-ingress | data source |
kubernetes_service.istio-ingress | data source |
kubernetes_service.nginx-ingress | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
amazon_eks_aws_ebs_csi_driver_enabled | Whether to enable the EKS Managed AWS EBS CSI Driver add-on or not. | bool |
false |
no |
amazon_eks_vpc_cni_enabled | Enable or disable the installation of the Amazon EKS VPC CNI addon. | bool |
false |
no |
aws_load_balancer_version | Specify the version of the AWS Load Balancer Controller for Ingress | string |
"1.4.4" |
no |
aws_node_termination_handler_enabled | Enable or disable node termination handler | bool |
false |
no |
cert_manager_enabled | Enable or disable the cert manager add-on for EKS cluster. | bool |
false |
no |
cert_manager_install_letsencrypt_http_issuers | Enable or disable the HTTP issuer for cert-manager | bool |
false |
no |
cert_manager_install_letsencrypt_r53_issuers | Enable or disable the creation of Route53 issuer while installing cert manager. | bool |
false |
no |
cert_manager_letsencrypt_email | Specifies the email address to be used by cert-manager to request Let's Encrypt certificates | string |
"" |
no |
cluster_autoscaler_chart_version | Version of the cluster autoscaler helm chart | string |
"9.29.0" |
no |
cluster_autoscaler_enabled | Whether to enable the Cluster Autoscaler add-on or not. | bool |
false |
no |
cluster_issuer | Specify the letsecrypt cluster-issuer for ingress tls. | string |
"letsencrypt-prod" |
no |
cluster_propotional_autoscaler_enabled | Enable or disable Cluster propotional autoscaler add-on | bool |
false |
no |
core_dns_hpa_config | Configuration to provide settings of hpa over core dns | any |
{ |
no |
efs_storage_class_enabled | Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster. | bool |
false |
no |
eks_cluster_name | Fetch Cluster ID of the cluster | string |
"" |
no |
enable_aws_load_balancer_controller | Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes. | bool |
false |
no |
environment | Environment identifier for the Amazon Elastic Kubernetes Service (EKS) cluster. | string |
"" |
no |
external_secrets_enabled | Enable or disable External Secrets operator add-on for managing external secrets. | bool |
false |
no |
ingress_nginx_enabled | Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services. | bool |
false |
no |
ingress_nginx_version | Specify the version of the NGINX Ingress Controller | string |
"4.7.0" |
no |
internal_ingress_nginx_enabled | Enable or disable the deployment of an internal ingress controller for Kubernetes. | bool |
false |
no |
ipv6_enabled | whether IPv6 enabled or not | bool |
false |
no |
istio_config | Configuration to provide settings for Istio | any |
{ |
no |
istio_enabled | Enable istio for service mesh. | bool |
false |
no |
karpenter_enabled | Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes. | bool |
false |
no |
karpenter_provisioner_config | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | any |
{ |
no |
karpenter_provisioner_enabled | Enable or disable the installation of Karpenter, which is a Kubernetes cluster autoscaler. | bool |
false |
no |
keda_enabled | Enable or disable Kubernetes Event-driven Autoscaling (KEDA) add-on for autoscaling workloads. | bool |
false |
no |
kms_key_arn | ARN of the KMS key used to encrypt AWS resources in the EKS cluster. | string |
"" |
no |
kms_policy_arn | Specify the ARN of KMS policy, for service accounts. | string |
"" |
no |
kubeclarity_enabled | Enable or disable the deployment of an kubeclarity for Kubernetes. | bool |
false |
no |
kubeclarity_hostname | Specify the hostname for the Kubeclarity. | string |
"" |
no |
kubeclarity_namespace | Name of the Kubernetes namespace where the kubeclarity deployment will be deployed. | string |
"kubeclarity" |
no |
kubecost_enabled | Enable or disable the deployment of an Kubecost for Kubernetes. | bool |
false |
no |
kubecost_hostname | Specify the hostname for the kubecsot. | string |
"" |
no |
metrics_server_enabled | Enable or disable the metrics server add-on for EKS cluster. | bool |
false |
no |
metrics_server_helm_version | Version of the metrics server helm chart | string |
"3.8.2" |
no |
metrics_server_vpa_config | Configuration to provide settings of vpa over metrics server | any |
{ |
no |
name | Specify the name prefix of the EKS cluster resources. | string |
"" |
no |
node_termination_handler_version | Specify the version of node termination handler | string |
"0.21.0" |
no |
private_subnet_ids | Private subnets of the VPC which can be used by EFS | list(string) |
[ |
no |
reloader_enabled | Enable or disable Reloader, a Kubernetes controller to watch changes in ConfigMap and Secret objects and trigger an application reload on their changes. | bool |
false |
no |
service_monitor_crd_enabled | Enable or disable the installation of Custom Resource Definitions (CRDs) for Prometheus Service Monitor. | bool |
false |
no |
single_az_ebs_gp3_storage_class_enabled | Whether to enable the Single AZ storage class or not. | bool |
false |
no |
single_az_sc_config | Name and regions for storage class in Key-Value pair. | list(any) |
[] |
no |
velero_config | Configuration to provide settings for Velero, including which namespaces to backup, retention period, backup schedule, and backup bucket name. | any |
{ |
no |
velero_enabled | Enable or disable the installation of Velero, which is a backup and restore solution for Kubernetes clusters. | bool |
false |
no |
vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string |
"" |
no |
worker_iam_role_arn | Specify the IAM role Arn for the nodes | string |
"" |
no |
worker_iam_role_name | Specify the IAM role for the nodes that will be provisioned through karpenter | string |
"" |
no |
Name | Description |
---|---|
ebs_encryption_enable | Whether Amazon Elastic Block Store (EBS) encryption is enabled or not. |
efs_id | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
environment | Environment Name for the EKS cluster |
internal_nginx_ingress_controller_dns_hostname | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
istio_ingressgateway_dns_hostname | DNS hostname of the Istio Ingress Gateway. |
kubeclarity | Kubeclarity_Info |
kubecost | Kubecost_Info |
nginx_ingress_controller_dns_hostname | DNS hostname of the NGINX Ingress Controller. |
To report an issue with a project:
Apache License, Version 2.0, January 2004 (http://www.apache.org/licenses/).
To support a GitHub project by liking it, you can follow these steps:
Visit the repository: Navigate to the GitHub repository.
Click the "Star" button On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.
Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.
Starring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.
We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.
We provide support on all of our projects, no matter how small or large they may be.
You can find more information about our company on this squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.