From f607d9c6e45d68d02c04e8b0afe70b93ef433bf5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 27 Jan 2025 18:20:11 -0500 Subject: [PATCH 1/7] since karpenter is later in the cycle, add taint tolerations to cluster addons --- main.tf | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 068d433..01fbca2 100644 --- a/main.tf +++ b/main.tf @@ -35,6 +35,17 @@ locals { "boc:tf_module_version" = local.module_version "karpenter.sh/discovery" = var.cluster_name } + karpenter_taint = jsonencode({ + tolerations = [ + # Allow CoreDNS to run on the same nodes as the Karpenter controller + # for use during cluster creation when Karpenter nodes do not yet exist + { + key = "karpenter.sh/controller" + value = "true" + effect = "NoSchedule" + } + ] + }) max_tag_count = 45 ng_name = format("%v%v-nodegroup", local.prefixes["eks"], var.cluster_name) subnets = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0] @@ -66,30 +77,37 @@ module "cluster" { cluster_addons = { amazon-cloudwatch-observability = { most_recent = true + configuration_values = local.karpenter_taint service_account_role_arn = module.cloudwatch_observability_irsa_role.iam_role_arn } aws-ebs-csi-driver = { most_recent = true + configuration_values = local.karpenter_taint service_account_role_arn = module.ebs_csi_irsa_role.iam_role_arn } aws-efs-csi-driver = { most_recent = true service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn + configuration_values = local.karpenter_taint } coredns = { most_recent = true } eks-pod-identity-agent = { - most_recent = true + most_recent = true + configuration_values = local.karpenter_taint } kube-proxy = { - most_recent = true + most_recent = true + configuration_values = local.karpenter_taint } snapshot-controller = { - most_recent = true + most_recent = true + configuration_values = local.karpenter_taint } vpc-cni = { most_recent = true + configuration_values = local.karpenter_taint service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn } } From d58292a97968c2669573766293da7b661f1d79fd Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 27 Jan 2025 18:45:54 -0500 Subject: [PATCH 2/7] not all addons support taints --- main.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 01fbca2..6a2b237 100644 --- a/main.tf +++ b/main.tf @@ -77,18 +77,15 @@ module "cluster" { cluster_addons = { amazon-cloudwatch-observability = { most_recent = true - configuration_values = local.karpenter_taint service_account_role_arn = module.cloudwatch_observability_irsa_role.iam_role_arn } aws-ebs-csi-driver = { most_recent = true - configuration_values = local.karpenter_taint service_account_role_arn = module.ebs_csi_irsa_role.iam_role_arn } aws-efs-csi-driver = { most_recent = true service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn - configuration_values = local.karpenter_taint } coredns = { most_recent = true @@ -98,8 +95,7 @@ module "cluster" { configuration_values = local.karpenter_taint } kube-proxy = { - most_recent = true - configuration_values = local.karpenter_taint + most_recent = true } snapshot-controller = { most_recent = true From 6c9a40d37491799988c8ee3f489ed49d745b979c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 27 Jan 2025 19:14:57 -0500 Subject: [PATCH 3/7] add note and comment --- main.tf | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/main.tf b/main.tf index 6a2b237..068d433 100644 --- a/main.tf +++ b/main.tf @@ -35,17 +35,6 @@ locals { "boc:tf_module_version" = local.module_version "karpenter.sh/discovery" = var.cluster_name } - karpenter_taint = jsonencode({ - tolerations = [ - # Allow CoreDNS to run on the same nodes as the Karpenter controller - # for use during cluster creation when Karpenter nodes do not yet exist - { - key = "karpenter.sh/controller" - value = "true" - effect = "NoSchedule" - } - ] - }) max_tag_count = 45 ng_name = format("%v%v-nodegroup", local.prefixes["eks"], var.cluster_name) subnets = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0] @@ -91,19 +80,16 @@ module "cluster" { most_recent = true } eks-pod-identity-agent = { - most_recent = true - configuration_values = local.karpenter_taint + most_recent = true } kube-proxy = { most_recent = true } snapshot-controller = { - most_recent = true - configuration_values = local.karpenter_taint + most_recent = true } vpc-cni = { most_recent = true - configuration_values = local.karpenter_taint service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn } } From 44631839ac985c413af6d142d3e0be31bd338407 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 18 Feb 2025 14:32:54 -0500 Subject: [PATCH 4/7] added validations --- README.md | 28 ++++++++------- main.tf | 21 +++++------ requirements.tf | 2 +- variables.tf | 93 +++++++++++++++++++++++++++++++++++++++++-------- 4 files changed, 105 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index d0313b0..deff23f 100644 --- a/README.md +++ b/README.md @@ -78,13 +78,14 @@ Change logs are auto-generated with commitizen. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | +| [aws](#requirement\_aws) | ~> 5.14.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | 5.84.0 | +| [terraform](#provider\_terraform) | n/a | ## Modules @@ -104,6 +105,7 @@ Change logs are auto-generated with commitizen. | [aws_security_group.additional_eks_cluster_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_security_group.all_worker_mgmt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_security_group_rule.allow_sidecar_injection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [terraform_data.subnet_validation](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source | @@ -122,18 +124,18 @@ Change logs are auto-generated with commitizen. |------|-------------|------|---------|:--------:| | [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no | | [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | 
[
  "148.129.0.0/16",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | -| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | This allows to access the cluster from IEB cloud host | `bool` | `false` | no | -| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | -| [cluster\_version](#input\_cluster\_version) | The Kubernetes version number to use for this EKS cluster. See https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.27"` | no | -| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster. | `number` | `80` | no | -| [eks\_instance\_types](#input\_eks\_instance\_types) | EKS worker node instance types | `list(string)` | 
[
  "t3a.large"
]
| no | -| [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | Node Group desired size | `number` | `4` | no | -| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size | `number` | `15` | no | -| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size | `number` | `4` | no | -| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no | -| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | -| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | -| [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes | +| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | +| [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes | +| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | Size of the EKS node disk in GB | `number` | `80` | no | +| [eks\_instance\_types](#input\_eks\_instance\_types) | List of EC2 instance types for the EKS node group | `list(string)` | 
[
  "t3a.large"
]
| no | +| [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | Desired size of the EKS node group | `number` | `4` | no | +| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Maximum size of the EKS node group | `number` | `15` | no | +| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Minimum size of the EKS node group | `number` | `4` | no | +| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Grant admin permissions to the cluster creator | `bool` | `false` | no | +| [subnets\_name](#input\_subnets\_name) | Name pattern for subnets to be used by EKS cluster | `string` | `"*-container-*"` | no | +| [tags](#input\_tags) | Additional tags to apply to all resources | `map(string)` | `{}` | no | +| [vpc\_name](#input\_vpc\_name) | Name of the VPC where EKS cluster will be created | `string` | n/a | yes | ## Outputs diff --git a/main.tf b/main.tf index 068d433..fdec46c 100644 --- a/main.tf +++ b/main.tf @@ -43,6 +43,17 @@ locals { vpc_id = data.aws_vpc.eks_vpc.id } +resource "terraform_data" "subnet_validation" { + count = length(local.subnets) >= 2 ? 0 : "fail" + + lifecycle { + precondition { + condition = length(local.subnets) >= 2 + error_message = "At least 2 subnets in different AZs are required for EKS cluster." + } + } +} + module "cluster" { source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.33.1" @@ -131,16 +142,6 @@ module "cluster" { labels = { intent = "control-apps" } - # This cannot be enabled until karpenter is available. - # taints = { - # # The pods that do not tolerate this taint should run on nodes - # # created by Karpenter - # karpenter = { - # key = "karpenter.sh/controller" - # value = "true" - # effect = "NO_SCHEDULE" - # } - # } } } tags = local.tags diff --git a/requirements.tf b/requirements.tf index 1c41a9b..7cef9f7 100644 --- a/requirements.tf +++ b/requirements.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.14.0" + version = "~> 5.14.0" } } } diff --git a/variables.tf b/variables.tf index 2aac95c..25a79b3 100644 --- a/variables.tf +++ b/variables.tf @@ -1,67 +1,110 @@ variable "cluster_name" { - description = "EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev)" + description = "Name of the EKS cluster" type = string + validation { + condition = can(regex("^[a-zA-Z][a-zA-Z0-9-]*$", var.cluster_name)) && length(var.cluster_name) <= 100 + error_message = "Cluster name must start with a letter, can only contain letters, numbers, and hyphens, and must be no longer than 100 characters." + } } variable "cluster_version" { - description = "The Kubernetes version number to use for this EKS cluster. See https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html" + description = "Kubernetes version to use for the EKS cluster" type = string - default = "1.27" + validation { + condition = can(regex("^[0-9]+\\.[0-9]+$", var.cluster_version)) && contains(["1.27", "1.28", "1.29", "1.30", "1.31", "1.32"], var.cluster_version) + error_message = "Cluster version must be in the format 'x.y' (e.g., '1.27') and must be one of: 1.27, 1.28, 1.29, 1.30, 1.31, 1.32" + } } variable "cluster_endpoint_public_access" { - description = "This allows to access the cluster from IEB cloud host" + description = "Whether the EKS cluster API server endpoint is publicly accessible" type = bool default = false } variable "enable_cluster_creator_admin_permissions" { - description = "Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry" + description = "Grant admin permissions to the cluster creator" type = bool default = false } variable "vpc_name" { - description = "Define the VPC name that will be used by this cluster" + description = "Name of the VPC where EKS cluster will be created" type = string + validation { + condition = can(regex("^[a-zA-Z0-9-]+$", var.vpc_name)) && length(var.vpc_name) <= 255 + error_message = "VPC name can only contain alphanumeric characters and hyphens, and must be <= 255 characters." + } } variable "subnets_name" { - description = "Define the name of the subnets to be used by this cluster" + description = "Name pattern for subnets to be used by EKS cluster" type = string default = "*-container-*" + validation { + condition = can(regex("^[a-zA-Z0-9*._-]+$", var.subnets_name)) + error_message = "Subnet name pattern can only contain alphanumeric characters, hyphens, dots, underscores, and asterisks." + } } variable "eks_instance_disk_size" { - description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster." + description = "Size of the EKS node disk in GB" type = number default = 80 + validation { + condition = var.eks_instance_disk_size >= 20 && var.eks_instance_disk_size <= 16384 + error_message = "Instance disk size must be between 20 GB and 16384 GB." + } } variable "eks_instance_types" { - # NOTE: Given the current eks cluster defaults, t3a.large is the smallest node - # that can be used to successfully build the clsuter - description = "EKS worker node instance types" + description = "List of EC2 instance types for the EKS node group" type = list(string) default = [ "t3a.large" ] + validation { + condition = length(var.eks_instance_types) > 0 + error_message = "At least one instance type must be specified." + } + validation { + condition = alltrue([for t in var.eks_instance_types : can(regex("^[a-z][1-9][.][a-z0-9]+$", t))]) + error_message = "Instance types must be valid EC2 instance type formats (e.g., t3.large, m5.xlarge)." + } } variable "eks_ng_min_size" { - description = "Node Group minimum size" + description = "Minimum size of the EKS node group" type = number default = 4 + validation { + condition = var.eks_ng_min_size >= 1 + error_message = "Minimum node group size must be at least 1." + } } + variable "eks_ng_desired_size" { - description = "Node Group desired size" + description = "Desired size of the EKS node group" type = number default = 4 + validation { + condition = var.eks_ng_desired_size >= var.eks_ng_min_size && var.eks_ng_desired_size <= var.eks_ng_max_size + error_message = "Desired size must be between minimum and maximum sizes." + } + validation { + condition = var.eks_ng_desired_size >= 1 + error_message = "Desired size must be at least 1." + } } + variable "eks_ng_max_size" { - description = "Node Group maximum size" + description = "Maximum size of the EKS node group" type = number default = 15 + validation { + condition = var.eks_ng_max_size >= var.eks_ng_min_size + error_message = "Maximum node group size must be greater than or equal to minimum size." + } } # tflint-ignore: terraform_unused_declarations @@ -69,6 +112,12 @@ variable "access_entries" { description = "Map of access entries to add to the cluster" type = any default = {} + validation { + condition = alltrue([ + for k, v in var.access_entries : can(v.principal_arn) && can(v.policy_associations) + ]) + error_message = "Each access entry must contain 'principal_arn' and 'policy_associations'." + } } ################################################################### @@ -79,10 +128,24 @@ variable "census_private_cidr" { description = "Census Private CIR Blocks" type = list(string) default = ["148.129.0.0/16", "172.16.0.0/12", "192.168.0.0/16"] + validation { + condition = alltrue([ + for cidr in var.census_private_cidr : can(cidrhost(cidr, 0)) + ]) + error_message = "All CIDR blocks must be in valid CIDR notation (e.g., '10.0.0.0/16')." + } } variable "tags" { - description = "AWS Tags to apply to appropriate resources" + description = "Additional tags to apply to all resources" type = map(string) default = {} + validation { + condition = length(var.tags) <= 45 + error_message = "Maximum number of tags allowed is 45." + } + validation { + condition = alltrue([for k, v in var.tags : length(k) <= 128 && length(v) <= 256 && can(regex("^[\\w\\s+=.@-]*$", k)) && can(regex("^[\\w\\s+=.@-]*$", v))]) + error_message = "Tag keys must be <= 128 chars, values <= 256 chars, and both can only contain alphanumeric characters, spaces, and '.+-=@_'." + } } From 8070baef071d201bb8742f6ac8c286c09d08894e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 18 Feb 2025 16:37:55 -0500 Subject: [PATCH 5/7] update readme --- README.md | 221 ++++++++++++++++-------------------------------------- 1 file changed, 66 insertions(+), 155 deletions(-) diff --git a/README.md b/README.md index deff23f..1b2baca 100644 --- a/README.md +++ b/README.md @@ -1,185 +1,96 @@ # tfmod-eks -Create an EKS cluster given the specification of the cluster. -The module creates an EKS cluster named `cluster_name` in the region using kubernetes version `cluster_version` with `eks_ng_desired_size` nodes initially. The services in the cluster will be accessible using hostnames for the services ending with the `cluster_name.domain` fully qualified domain name. The nodegroup for karpenter will resize based upon capacity from a minimum of `eks_ng_min_size` to a maximum of `eks_ng_max_size`. After initial deployment, karpenter will create a node group for workloads that will autoscale using on-demand or spot instances with compaction based upon running workloads. +Creates and configures an Amazon EKS cluster with comprehensive node management and essential addons. -The cluster is configured with an oidc provider allowing service accounts to be configured with IRSA roles as needed. +## Overview + +This module provisions an EKS cluster with the following key features: +- Kubernetes version configurable via `cluster_version` +- Initial node group sized from `eks_ng_min_size` to `eks_ng_max_size` with `eks_ng_desired_size` target +- Bottlerocket-based managed node groups +- Comprehensive IRSA (IAM Roles for Service Accounts) configuration +- Full addon integration +- Automatic node tagging and security group configuration ## Addons -Addons installed: +The following addons are automatically installed and configured: -* amazon-cloudwatch-observability -* aws-ebs-csi-driver -* aws-efs-csi-driver +* amazon-cloudwatch-observability (with IRSA) +* aws-ebs-csi-driver (with IRSA) +* aws-efs-csi-driver (with IRSA) * coredns +* eks-pod-identity-agent * kube-proxy * snapshot-controller +* vpc-cni (with IRSA) + +## Usage Example + +```hcl +module "eks" { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + + cluster_name = "my-cluster" + cluster_version = "1.28" + vpc_name = "my-vpc" + + eks_ng_min_size = 3 + eks_ng_desired_size = 4 + eks_ng_max_size = 10 + + tags = { + Environment = "production" + Team = "platform" + } +} +``` + +## Deployment ### Apply -Successful completion should show: -```terraform -Apply complete! Resources: 80 added, 0 changed, 0 destroyed. +Typical deployment time is around 12-15 minutes: +```bash +Apply complete! Resources: 77 added, 0 changed, 0 destroyed. real 12m24.922s -user 0m17.709s -sys 0m2.079s ``` ### Destroy -Successful destroy should show: -```terraform -Destroy complete! Resources: 80 destroyed. +Clean removal takes approximately 10-12 minutes: +```bash +Destroy complete! Resources: 77 destroyed. real 10m48.444s -user 0m17.624s -sys 0m2.040s ``` ### Verification -To verify the nodes were created, use kubectl like -`kubectl get nodes` which should ouput: - +1. Check node status: ```bash -[morga471@iebcloud terraform]$ k get nodes +$ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-129-62-142.us-gov-east-1.compute.internal Ready 4m7s v1.30.1-eks-e564799 +ip-10-129-62-142.us-gov-east-1.compute.internal Ready 4m7s v1.28.1-eks-e564799 ``` -To verify the pods for the base cluster were created, use kubectl like -`k get pods -A` - +2. Verify addon deployments: ```bash -[morga471@iebcloud terraform]$ k get pods -A -NAMESPACE NAME READY STATUS RESTARTS AGE -amazon-cloudwatch amazon-cloudwatch-observability-controller-manager-5c9d9677h2xf 1/1 Running 0 2m58s -amazon-cloudwatch cloudwatch-agent-95g5j 1/1 Running 0 2m52s -amazon-cloudwatch fluent-bit-cnp45 1/1 Running 0 2m58s -kube-system aws-node-dsdqg 2/2 Running 0 3m8s -kube-system coredns-5479bb6d65-c6x79 1/1 Running 0 3m11s -kube-system coredns-5479bb6d65-j74cm 1/1 Running 0 3m11s -kube-system ebs-csi-controller-7cd8c597d7-96j7p 6/6 Running 0 3m10s -kube-system ebs-csi-controller-7cd8c597d7-m48j8 6/6 Running 0 3m9s -kube-system ebs-csi-node-x555s 3/3 Running 0 3m10s -kube-system efs-csi-controller-85c5486b89-rdjk8 3/3 Running 0 3m9s -kube-system efs-csi-controller-85c5486b89-v6fx2 3/3 Running 0 3m9s -kube-system efs-csi-node-tz47s 3/3 Running 0 3m9s -kube-system kube-proxy-qbgbk 1/1 Running 0 4m12s -kube-system snapshot-controller-7f8d9b84dd-7w7qz 1/1 Running 0 3m10s -kube-system snapshot-controller-7f8d9b84dd-nqqsb 1/1 Running 0 3m10s +$ kubectl get pods -n kube-system +NAME READY STATUS RESTARTS AGE +aws-node-dsdqg 2/2 Running 0 3m8s +coredns-5479bb6d65-c6x79 1/1 Running 0 3m11s +ebs-csi-controller-7cd8c597d7-96j7p 6/6 Running 0 3m10s +efs-csi-node-tz47s 3/3 Running 0 3m9s +kube-proxy-qbgbk 1/1 Running 0 4m12s ``` -#### Changelog -Change logs are auto-generated with commitizen. - -[CHANGELOG.md](CHANGELOG.md) +3. Check IRSA configuration: +```bash +$ kubectl get serviceaccount -n kube-system +NAME SECRETS AGE +aws-node 0 5m +ebs-csi-controller 0 5m +efs-csi-controller 0 5m +``` +## Documentation -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | ~> 5.14.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.84.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | -| [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.33.1 | -| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | -| [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | -| [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ec2_tag.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource | -| [aws_security_group.additional_eks_cluster_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group.all_worker_mgmt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group_rule.allow_sidecar_injection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [terraform_data.subnet_validation](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | -| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source | -| [aws_iam_roles.roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_roles.sso_admins](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_roles.sso_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source | -| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | -| [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | -| [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | -| [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no | -| [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | 
[
  "148.129.0.0/16",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | -| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes | -| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | Size of the EKS node disk in GB | `number` | `80` | no | -| [eks\_instance\_types](#input\_eks\_instance\_types) | List of EC2 instance types for the EKS node group | `list(string)` | 
[
  "t3a.large"
]
| no | -| [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | Desired size of the EKS node group | `number` | `4` | no | -| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Maximum size of the EKS node group | `number` | `15` | no | -| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Minimum size of the EKS node group | `number` | `4` | no | -| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Grant admin permissions to the cluster creator | `bool` | `false` | no | -| [subnets\_name](#input\_subnets\_name) | Name pattern for subnets to be used by EKS cluster | `string` | `"*-container-*"` | no | -| [tags](#input\_tags) | Additional tags to apply to all resources | `map(string)` | `{}` | no | -| [vpc\_name](#input\_vpc\_name) | Name of the VPC where EKS cluster will be created | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [access\_entries](#output\_access\_entries) | The access\_entries object added to cluster | -| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | -| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | -| [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled | -| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | -| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [cluster\_iam\_role](#output\_cluster\_iam\_role) | The arn/name/unique\_id of the iam role for the cluster | -| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | -| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled | -| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | -| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | -| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | -| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group | -| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group | -| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | -| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | -| [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster | -| [ebs\_csi\_irsa\_role](#output\_ebs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the ebs-csi-driver addon | -| [efs\_csi\_irsa\_role](#output\_efs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the efs-csi-driver addon | -| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created | -| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | -| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created | -| [kms\_key\_arn](#output\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the key | -| [kms\_key\_id](#output\_kms\_key\_id) | The globally unique identifier for the key | -| [kms\_key\_policy](#output\_kms\_key\_policy) | The IAM resource policy set on the key | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [node\_group\_name](#output\_node\_group\_name) | name of the node group created for use by karpenter | -| [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group | -| [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group | -| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | -| [security\_group\_all\_worker\_mgmt\_id](#output\_security\_group\_all\_worker\_mgmt\_id) | The security group to manage all of the worker nodes. | -| [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | -| [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | -| [subnets](#output\_subnets) | The subnets configured for the VPC. | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block associated with the VPC. | -| [vpc\_cni\_irsa\_role](#output\_vpc\_cni\_irsa\_role) | The arn/name/unique\_id of the irsa role for the vpc-cni addon | -| [vpc\_id](#output\_vpc\_id) | The VPC id where the EKS cluster was deployed. | + From f22c05131a665bfab66a661e8615d389d2b34308 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 18 Feb 2025 16:39:09 -0500 Subject: [PATCH 6/7] update readme --- README.md | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 109 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b2baca..827fa5e 100644 --- a/README.md +++ b/README.md @@ -92,5 +92,113 @@ efs-csi-controller 0 5m ## Documentation - +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | ~> 5.14.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.84.0 | +| [terraform](#provider\_terraform) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | +| [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.33.1 | +| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | +| [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | +| [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_ec2_tag.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource | +| [aws_security_group.additional_eks_cluster_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.all_worker_mgmt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.allow_sidecar_injection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [terraform_data.subnet_validation](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source | +| [aws_iam_roles.roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | +| [aws_iam_roles.sso_admins](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | +| [aws_iam_roles.sso_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | +| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source | +| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | +| [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | +| [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | +| [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no | +| [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | 
[
  "148.129.0.0/16",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | +| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | +| [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes | +| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | Size of the EKS node disk in GB | `number` | `80` | no | +| [eks\_instance\_types](#input\_eks\_instance\_types) | List of EC2 instance types for the EKS node group | `list(string)` | 
[
  "t3a.large"
]
| no | +| [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | Desired size of the EKS node group | `number` | `4` | no | +| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Maximum size of the EKS node group | `number` | `15` | no | +| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Minimum size of the EKS node group | `number` | `4` | no | +| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Grant admin permissions to the cluster creator | `bool` | `false` | no | +| [subnets\_name](#input\_subnets\_name) | Name pattern for subnets to be used by EKS cluster | `string` | `"*-container-*"` | no | +| [tags](#input\_tags) | Additional tags to apply to all resources | `map(string)` | `{}` | no | +| [vpc\_name](#input\_vpc\_name) | Name of the VPC where EKS cluster will be created | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [access\_entries](#output\_access\_entries) | The access\_entries object added to cluster | +| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | +| [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled | +| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | +| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | +| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | +| [cluster\_iam\_role](#output\_cluster\_iam\_role) | The arn/name/unique\_id of the iam role for the cluster | +| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | +| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled | +| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | +| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | +| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | +| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | +| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group | +| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group | +| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | +| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | +| [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster | +| [ebs\_csi\_irsa\_role](#output\_ebs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the ebs-csi-driver addon | +| [efs\_csi\_irsa\_role](#output\_efs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the efs-csi-driver addon | +| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created | +| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | +| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created | +| [kms\_key\_arn](#output\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the key | +| [kms\_key\_id](#output\_kms\_key\_id) | The globally unique identifier for the key | +| [kms\_key\_policy](#output\_kms\_key\_policy) | The IAM resource policy set on the key | +| [module\_name](#output\_module\_name) | The name of this module. | +| [module\_version](#output\_module\_version) | The version of this module. | +| [node\_group\_name](#output\_node\_group\_name) | name of the node group created for use by karpenter | +| [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group | +| [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group | +| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | +| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | +| [security\_group\_all\_worker\_mgmt\_id](#output\_security\_group\_all\_worker\_mgmt\_id) | The security group to manage all of the worker nodes. | +| [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | +| [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | +| [subnets](#output\_subnets) | The subnets configured for the VPC. | +| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block associated with the VPC. | +| [vpc\_cni\_irsa\_role](#output\_vpc\_cni\_irsa\_role) | The arn/name/unique\_id of the irsa role for the vpc-cni addon | +| [vpc\_id](#output\_vpc\_id) | The VPC id where the EKS cluster was deployed. | From 1161e89cfc7076caf06c351fcb1dc3770e25a96c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 24 Feb 2025 16:43:46 -0500 Subject: [PATCH 7/7] restore var description --- .tflint.hcl | 26 +++++++++++++------------- README.md | 2 +- variables.tf | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index 684d807..ab8ea66 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -4,18 +4,18 @@ config { disabled_by_default = false } -rule "aws_instance_invalid_type" { - enabled = true -} +# rule "aws_instance_invalid_type" { +# enabled = true +# } -plugin "aws" { - enabled = true - version = "0.32.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} +# plugin "aws" { +# enabled = true +# version = "0.32.0" +# source = "github.com/terraform-linters/tflint-ruleset-aws" +# } -plugin "terraform" { - enabled = true - version = "0.9.0" - source = "github.com/terraform-linters/tflint-ruleset-terraform" -} +# plugin "terraform" { +# enabled = true +# version = "0.9.0" +# source = "github.com/terraform-linters/tflint-ruleset-terraform" +# } diff --git a/README.md b/README.md index 827fa5e..43fe01a 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ efs-csi-controller 0 5m | [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no | | [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | 
[
  "148.129.0.0/16",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | | [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `false` | no | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | +| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | | [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes | | [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | Size of the EKS node disk in GB | `number` | `80` | no | | [eks\_instance\_types](#input\_eks\_instance\_types) | List of EC2 instance types for the EKS node group | `list(string)` | 
[
  "t3a.large"
]
| no | diff --git a/variables.tf b/variables.tf index 25a79b3..925c44f 100644 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,5 @@ variable "cluster_name" { - description = "Name of the EKS cluster" + description = "EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev)" type = string validation { condition = can(regex("^[a-zA-Z][a-zA-Z0-9-]*$", var.cluster_name)) && length(var.cluster_name) <= 100