mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-01-18 09:38:33 +01:00
6b40bdbb1d
* feat: Replace `resolve_conflicts` with `resolve_conflicts_on_create`/`delete`; raise MSV of AWS provider to `v5.0` to support * fix: Replace dynamic DNS suffix for `sts:AssumeRole` API calls for static suffix * feat: Add module tag * feat: Align Karpenter permissions with Karpenter v1beta1/v0.32 permissions from upstream * refactor: Move `aws-auth` ConfigMap functionality to its own sub-module * chore: Update examples * feat: Add state `moved` block for Karpenter Pod Identity role re-name * fix: Correct variable `create` description * feat: Add support for cluster access entries * chore: Bump MSV of Terraform to `1.3` * fix: Replace defunct kubectl provider with an updated forked equivalent * chore: Update and validate examples for access entry; clean up provider usage * docs: Correct double redundant variable descriptions * feat: Add support for Cloudwatch log group class argument * fix: Update usage tag placement, fix Karpenter event spelling, add upcoming changes section to upgrade guide * feat: Update Karpenter module to generalize naming used and align policy with the upstream Karpenter policy * feat: Add native support for Windows based managed nodegroups similar to AL2 and Bottlerocket * feat: Update self-managed nodegroup module to use latest features of ASG * docs: Update and simplify docs * fix: Correct variable description for AMI types * fix: Update upgrade guide with changes; rename Karpenter controller resource names to support migrating for users * docs: Complete upgrade guide docs for migration and changes applied * Update examples/karpenter/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> * Update examples/outposts/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> * Update modules/karpenter/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> --------- Co-authored-by: Anton Babenko <anton@antonbabenko.com>
EKS Fargate Profile Module
Configuration in this directory creates a Fargate EKS Profile
Usage
module "fargate_profile" {
source = "terraform-aws-modules/eks/aws//modules/fargate-profile"
name = "separate-fargate-profile"
cluster_name = "my-cluster"
subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
selectors = [{
namespace = "kube-system"
}]
tags = {
Environment = "dev"
Terraform = "true"
}
}
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.3 |
| aws | >= 5.34 |
Providers
| Name | Version |
|---|---|
| aws | >= 5.34 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_eks_fargate_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.additional | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_partition.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6 |
string |
null |
no |
| cluster_name | Name of the EKS cluster | string |
null |
no |
| create | Determines whether to create Fargate profile or not | bool |
true |
no |
| create_iam_role | Determines whether an IAM role is created or to use an existing IAM role | bool |
true |
no |
| iam_role_additional_policies | Additional policies to be added to the IAM role | map(string) |
{} |
no |
| iam_role_arn | Existing IAM role ARN for the Fargate profile. Required if create_iam_role is set to false |
string |
null |
no |
| iam_role_attach_cni_policy | Whether to attach the AmazonEKS_CNI_Policy/AmazonEKS_CNI_IPv6_Policy IAM policy to the IAM IAM role. WARNING: If set false the permissions must be assigned to the aws-node DaemonSet pods via another method or nodes will not be able to join the cluster |
bool |
true |
no |
| iam_role_description | Description of the role | string |
null |
no |
| iam_role_name | Name to use on IAM role created | string |
"" |
no |
| iam_role_path | IAM role path | string |
null |
no |
| iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string |
null |
no |
| iam_role_tags | A map of additional tags to add to the IAM role created | map(string) |
{} |
no |
| iam_role_use_name_prefix | Determines whether the IAM role name (iam_role_name) is used as a prefix |
bool |
true |
no |
| name | Name of the EKS Fargate Profile | string |
"" |
no |
| selectors | Configuration block(s) for selecting Kubernetes Pods to execute with this Fargate Profile | any |
[] |
no |
| subnet_ids | A list of subnet IDs for the EKS Fargate Profile | list(string) |
[] |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| timeouts | Create and delete timeout configurations for the Fargate Profile | map(string) |
{} |
no |
Outputs
| Name | Description |
|---|---|
| fargate_profile_arn | Amazon Resource Name (ARN) of the EKS Fargate Profile |
| fargate_profile_id | EKS Cluster name and EKS Fargate Profile name separated by a colon (:) |
| fargate_profile_pod_execution_role_arn | Amazon Resource Name (ARN) of the EKS Fargate Profile Pod execution role ARN |
| fargate_profile_status | Status of the EKS Fargate Profile |
| iam_role_arn | The Amazon Resource Name (ARN) specifying the IAM role |
| iam_role_name | The name of the IAM role |
| iam_role_unique_id | Stable and unique string identifying the IAM role |