mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-01-11 14:30:55 +01:00
53 lines
1.5 KiB
HCL
53 lines
1.5 KiB
HCL
module "eks_bottlerocket" {
|
|
source = "terraform-aws-modules/eks/aws"
|
|
version = "~> 20.0"
|
|
|
|
cluster_name = "${local.name}-bottlerocket"
|
|
cluster_version = "1.33"
|
|
|
|
# EKS Addons
|
|
cluster_addons = {
|
|
coredns = {}
|
|
eks-pod-identity-agent = {}
|
|
kube-proxy = {}
|
|
vpc-cni = {}
|
|
}
|
|
|
|
vpc_id = module.vpc.vpc_id
|
|
subnet_ids = module.vpc.private_subnets
|
|
|
|
self_managed_node_groups = {
|
|
example = {
|
|
ami_type = "BOTTLEROCKET_x86_64"
|
|
instance_type = "m6i.large"
|
|
|
|
min_size = 2
|
|
max_size = 5
|
|
# This value is ignored after the initial creation
|
|
# https://github.com/bryantbiggs/eks-desired-size-hack
|
|
desired_size = 2
|
|
|
|
# This is not required - demonstrates how to pass additional configuration
|
|
# Ref https://bottlerocket.dev/en/os/1.19.x/api/settings/
|
|
bootstrap_extra_args = <<-EOT
|
|
# The admin host container provides SSH access and runs with "superpowers".
|
|
# It is disabled by default, but can be disabled explicitly.
|
|
[settings.host-containers.admin]
|
|
enabled = false
|
|
|
|
# The control host container provides out-of-band access via SSM.
|
|
# It is enabled by default, and can be disabled if you do not expect to use SSM.
|
|
# This could leave you with no way to access the API and change settings on an existing node!
|
|
[settings.host-containers.control]
|
|
enabled = true
|
|
|
|
# extra args added
|
|
[settings.kernel]
|
|
lockdown = "integrity"
|
|
EOT
|
|
}
|
|
}
|
|
|
|
tags = local.tags
|
|
}
|