github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-04-19 23:31:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: add ip address when manage_aws_auth is true and public_access is false (#745)

Browse Source
This commit is contained in:
slimm609
2020-03-19 11:22:22 -04:00
committed by GitHub
parent 0c23191cd3
commit 9951c87a86
3 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -146,6 +146,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | `[]` | no | | cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | `[]` | no |
| cluster\_encryption\_config | Configuration block with encryption configuration for the cluster. See examples/secrets\_encryption/main.tf for example format | <pre>list(object({<br> provider_key_arn = string<br> resources = list(string)<br> }))</pre> | `[]` | no | | cluster\_encryption\_config | Configuration block with encryption configuration for the cluster. See examples/secrets\_encryption/main.tf for example format | <pre>list(object({<br> provider_key_arn = string<br> resources = list(string)<br> }))</pre> | `[]` | no |
| cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | `bool` | `false` | no | | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | `bool` | `false` | no |
| cluster\_endpoint\_private\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS private API server endpoint, when public access is disabled | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | `bool` | `true` | no | | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | `bool` | `true` | no |
| cluster\_endpoint\_public\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint. | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no | | cluster\_endpoint\_public\_access\_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint. | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage\_cluster\_iam\_resources is set to false. | `string` | `""` | no | | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage\_cluster\_iam\_resources is set to false. | `string` | `""` | no |

12
cluster.tf
View File

@@ -45,6 +45,18 @@ resource "aws_eks_cluster" "this" {
] ]
} }
resource "aws_security_group_rule" "cluster_private_access" {
count = var.create_eks && var.manage_aws_auth && var.cluster_endpoint_private_access && var.cluster_endpoint_public_access == false ? 1 : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = var.cluster_endpoint_private_access_cidrs
security_group_id = aws_eks_cluster.this[0].vpc_config[0].cluster_security_group_id
}
resource "null_resource" "wait_for_cluster" { resource "null_resource" "wait_for_cluster" {
count = var.create_eks && var.manage_aws_auth ? 1 : 0 count = var.create_eks && var.manage_aws_auth ? 1 : 0

6
variables.tf
View File

@@ -234,6 +234,12 @@ variable "iam_path" {
default = "/" default = "/"
} }
variable "cluster_endpoint_private_access_cidrs" {
description = "List of CIDR blocks which can access the Amazon EKS private API server endpoint, when public access is disabled"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "cluster_endpoint_private_access" { variable "cluster_endpoint_private_access" {
description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled." description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled."
type = bool type = bool