Skip to content

Latest commit

 

History

History
115 lines (91 loc) · 8.93 KB

README.md

File metadata and controls

115 lines (91 loc) · 8.93 KB

EKS on Outposts

Configuration in this directory creates an AWS EKS local cluster on AWS Outposts

See the AWS documentation for further details.

Note: This example requires an an AWS Outpost to provision.

Usage

To run this example you need to:

  1. Deploy the remote host where the cluster will be provisioned from. The remote host is required since only private access is permitted to clusters created on Outposts. If you have access to the network where Outposts are provisioned (VPN, etc.), you can skip this step:
$ cd prerequisites
$ terraform init
$ terraform plan
$ terraform apply
  1. If provisioning using the remote host deployed in step 1, connect to the remote host using SSM. Note, you will need to have the SSM plugin for the AWS CLI installed. You can use the output generated by step 1 to connect:
$ aws ssm start-session --region <REGION> --target <INSTANCE_ID>
  1. Once connected to the remote host, navigate to the cloned project example directory and deploy the example:
$ cd $HOME/terraform-aws-eks/examples/outposts
$ terraform init
$ terraform plan
$ terraform apply

Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.

Requirements

Name Version
terraform >= 1.0
aws >= 4.47
kubernetes >= 2.10

Providers

Name Version
aws >= 4.47
kubernetes >= 2.10

Modules

Name Source Version
eks ../.. n/a

Resources

Name Type
kubernetes_storage_class_v1.this resource
aws_outposts_outpost_instance_types.this data source
aws_outposts_outposts.this data source
aws_subnet.this data source
aws_subnets.lookup data source
aws_subnets.this data source
aws_vpc.this data source

Inputs

Name Description Type Default Required
region The AWS region to deploy into (e.g. us-east-1) string "us-west-2" no

Outputs

Name Description
aws_auth_configmap_yaml Formatted yaml output for base aws-auth configmap containing roles used in cluster node groups/fargate profiles
cloudwatch_log_group_arn Arn of cloudwatch log group created
cloudwatch_log_group_name Name of cloudwatch log group created
cluster_addons Map of attribute maps for all EKS cluster addons enabled
cluster_arn The Amazon Resource Name (ARN) of the cluster
cluster_certificate_authority_data Base64 encoded certificate data required to communicate with the cluster
cluster_endpoint Endpoint for your Kubernetes API server
cluster_iam_role_arn IAM role ARN of the EKS cluster
cluster_iam_role_name IAM role name of the EKS cluster
cluster_iam_role_unique_id Stable and unique string identifying the IAM role
cluster_id The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts
cluster_identity_providers Map of attribute maps for all EKS identity providers enabled
cluster_name The name of the EKS cluster
cluster_oidc_issuer_url The URL on the EKS cluster for the OpenID Connect identity provider
cluster_platform_version Platform version for the cluster
cluster_primary_security_group_id Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console
cluster_security_group_arn Amazon Resource Name (ARN) of the cluster security group
cluster_security_group_id ID of the cluster security group
cluster_status Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED
cluster_tls_certificate_sha1_fingerprint The SHA1 fingerprint of the public key of the cluster's certificate
eks_managed_node_groups Map of attribute maps for all EKS managed node groups created
eks_managed_node_groups_autoscaling_group_names List of the autoscaling group names created by EKS managed node groups
fargate_profiles Map of attribute maps for all EKS Fargate Profiles created
kms_key_arn The Amazon Resource Name (ARN) of the key
kms_key_id The globally unique identifier for the key
kms_key_policy The IAM resource policy set on the key
node_security_group_arn Amazon Resource Name (ARN) of the node shared security group
node_security_group_id ID of the node shared security group
oidc_provider The OpenID Connect identity provider (issuer URL without leading https://)
oidc_provider_arn The ARN of the OIDC Provider if enable_irsa = true
self_managed_node_groups Map of attribute maps for all self managed node groups created
self_managed_node_groups_autoscaling_group_names List of the autoscaling group names created by self-managed node groups