IRSA, Cluster Autoscaler, and Instance Refresh example

Configuration in this directory creates an AWS EKS cluster with:

IAM Roles for Service Accounts (IRSA) enabled
Cluster Autoscaler provisioned via a Helm Chart manifest
Instance Refresh feature for self managed node groups
Node Termination Handler provisioned via a Helm Chart manifest

Usage

To run this example you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.

Requirements

Name	Version
terraform	>= 0.13.1
aws	>= 3.72
helm	>= 2.0
null	>= 3.0

Providers

Name	Version
aws	>= 3.72
helm	>= 2.0
null	>= 3.0

Modules

Name	Source	Version
aws_node_termination_handler_role	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	~> 4.0
aws_node_termination_handler_sqs	terraform-aws-modules/sqs/aws	~> 3.0
eks	../..	n/a
iam_assumable_role_cluster_autoscaler	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	~> 4.0
vpc	terraform-aws-modules/vpc/aws	~> 3.0

Resources

Name	Type
aws_autoscaling_lifecycle_hook.aws_node_termination_handler	resource
aws_cloudwatch_event_rule.aws_node_termination_handler_asg	resource
aws_cloudwatch_event_rule.aws_node_termination_handler_spot	resource
aws_cloudwatch_event_target.aws_node_termination_handler_asg	resource
aws_cloudwatch_event_target.aws_node_termination_handler_spot	resource
aws_iam_policy.aws_node_termination_handler	resource
aws_iam_policy.cluster_autoscaler	resource
helm_release.aws_node_termination_handler	resource
helm_release.cluster_autoscaler	resource
null_resource.apply	resource
aws_caller_identity.current	data source
aws_eks_cluster_auth.cluster	data source
aws_eks_cluster_auth.this	data source
aws_iam_policy_document.aws_node_termination_handler	data source
aws_iam_policy_document.aws_node_termination_handler_sqs	data source
aws_iam_policy_document.cluster_autoscaler	data source

Inputs

No inputs.

Outputs

Name	Description
aws_auth_configmap_yaml	Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles
cloudwatch_log_group_arn	Arn of cloudwatch log group created
cloudwatch_log_group_name	Name of cloudwatch log group created
cluster_addons	Map of attribute maps for all EKS cluster addons enabled
cluster_arn	The Amazon Resource Name (ARN) of the cluster
cluster_certificate_authority_data	Base64 encoded certificate data required to communicate with the cluster
cluster_endpoint	Endpoint for your Kubernetes API server
cluster_iam_role_arn	IAM role ARN of the EKS cluster
cluster_iam_role_name	IAM role name of the EKS cluster
cluster_iam_role_unique_id	Stable and unique string identifying the IAM role
cluster_id	The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready
cluster_identity_providers	Map of attribute maps for all EKS identity providers enabled
cluster_oidc_issuer_url	The URL on the EKS cluster for the OpenID Connect identity provider
cluster_platform_version	Platform version for the cluster
cluster_primary_security_group_id	Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console
cluster_security_group_arn	Amazon Resource Name (ARN) of the cluster security group
cluster_security_group_id	ID of the cluster security group
cluster_status	Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`
eks_managed_node_groups	Map of attribute maps for all EKS managed node groups created
fargate_profiles	Map of attribute maps for all EKS Fargate Profiles created
node_security_group_arn	Amazon Resource Name (ARN) of the node shared security group
node_security_group_id	ID of the node shared security group
oidc_provider_arn	The ARN of the OIDC Provider if `enable_irsa = true`
self_managed_node_groups	Map of attribute maps for all self managed node groups created