| alerts_sns_topics_arn |
The ARN of the SNS topic to send alerts to |
string |
null |
no |
| amp_alerting_rules_exclude_namespace |
Namespaces to exclude from alerting |
string |
"" |
no |
| amp_arn |
The AMP workspace arn |
string |
null |
no |
| amp_custom_alerting_rules |
Prometheus K8s custom alerting rules |
string |
"" |
no |
| amp_id |
The AMP workspace id |
string |
null |
no |
| cluster_additional_security_group_ids |
List of additional, externally created security group IDs to attach to the cluster control plane |
list(string) |
[] |
no |
| cluster_endpoint_private_access |
Indicates whether or not the Amazon EKS private API server endpoint is enabled. |
bool |
true |
no |
| cluster_endpoint_public_access |
Indicates whether or not the Amazon EKS public API server endpoint is enabled. |
bool |
false |
no |
| cluster_name |
Name of the EKS cluster. |
string |
"" |
no |
| cluster_security_group_additional_rules |
List of additional security group rules to add to the cluster security group created. Set source_node_security_group = true inside rules to set the node_security_group as source |
any |
{} |
no |
| cluster_version |
Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24) |
string |
"1.26" |
no |
| eks_managed_node_group_defaults |
Map of EKS managed node group default configurations. |
any |
{} |
no |
| eks_managed_node_groups |
Map of EKS managed node group definitions to create. |
any |
{} |
no |
| enable_cert_manager |
Enables cert-manager deployment. |
bool |
false |
no |
| enable_istio |
Enables istio deployment |
bool |
false |
no |
| enable_karpenter |
Add karpenter to the cluster |
bool |
true |
no |
| enable_monitoring |
Enable monitoring |
bool |
false |
no |
| enable_traefik |
Enables traefik deployment. |
bool |
false |
no |
| external_secrets_kms_key_arns |
List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets |
list(string) |
[
"arn:aws:kms:::key/*"
] |
no |
| external_secrets_secrets_manager_arns |
List of Secrets Manager ARNs that contain secrets to mount using External Secrets |
list(string) |
[
"arn:aws:secretsmanager:::secret:*"
] |
no |
| external_secrets_ssm_parameter_arns |
List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets |
list(string) |
[
"arn:aws:ssm:::parameter/*"
] |
no |
| iam_roles |
AWS IAM roles that will be mapped to RBAC roles. |
list(any) |
[] |
no |
| istio_enable_external_gateway |
Determines whether to enable an external gateway for Istio, allowing external traffic to reach Istio services. |
bool |
true |
no |
| istio_enable_internal_gateway |
Controls the enabling of an internal gateway for Istio, which manages traffic within the Kubernetes cluster. |
bool |
false |
no |
| istio_external_gateway_lb_certs |
The certificates for the Istio external gateway load balancer. |
list(string) |
[] |
no |
| istio_external_gateway_scaling_max_replicas |
The maximum number of replicas for scaling the Istio external gateway. |
number |
5 |
no |
| istio_external_gateway_scaling_target_cpu_utilization |
The target CPU utilization percentage for scaling the external gateway. |
number |
80 |
no |
| istio_external_gateway_service_kind |
The type of service for the Istio external gateway. |
string |
"NodePort" |
no |
| istio_internal_gateway_lb_certs |
The certificates for the Istio internal gateway load balancer. |
list(string) |
[] |
no |
| istio_internal_gateway_scaling_max_replicas |
The maximum number of replicas for scaling the Istio internal gateway. |
number |
5 |
no |
| istio_internal_gateway_scaling_target_cpu_utilization |
The target CPU utilization percentage for scaling the internal gateway. |
number |
80 |
no |
| istio_internal_gateway_service_kind |
The type of service for the Istio internal gateway. |
string |
"NodePort" |
no |
| karpenter_node_template_default |
Config for default node template for karpenter |
map(any) |
{
"subnetSelector": {
"network": "private"
}
} |
no |
| karpenter_nodepool_default_expireAfter |
The amount of time a Node can live on the cluster before being removed |
string |
"720h" |
no |
| karpenter_provisioner_default_ami_family |
Specifies the default Amazon Machine Image (AMI) family to be used by the Karpenter provisioner. |
string |
"Bottlerocket" |
no |
| karpenter_provisioner_default_block_device_mappings |
Specifies the default size and characteristics of the volumes used by the Karpenter provisioner. It defines the volume size, type, and encryption settings. |
map(any) |
{
"specs": [
{
"deviceName": "/dev/xvda",
"ebs": {
"encrypted": true,
"volumeSize": "30Gi",
"volumeType": "gp3"
}
},
{
"deviceName": "/dev/xvdb",
"ebs": {
"encrypted": true,
"volumeSize": "100Gi",
"volumeType": "gp3"
}
}
]
} |
no |
| karpenter_provisioner_default_cpu_limits |
Defines the default CPU limits for the Karpenter default provisioner, ensuring resource allocation and utilization. |
number |
300 |
no |
| karpenter_provisioner_default_requirements |
Specifies the default requirements for the Karpenter provisioner template, including instance category, CPU, hypervisor, architecture, and capacity type. |
map(any) |
{
"requirements": [
{
"key": "karpenter.k8s.aws/instance-category",
"operator": "In",
"values": [
"m"
]
},
{
"key": "karpenter.k8s.aws/instance-cpu",
"operator": "In",
"values": [
"4",
"8",
"16"
]
},
{
"key": "karpenter.k8s.aws/instance-hypervisor",
"operator": "In",
"values": [
"nitro"
]
},
{
"key": "kubernetes.io/arch",
"operator": "In",
"values": [
"amd64"
]
},
{
"key": "karpenter.sh/capacity-type",
"operator": "In",
"values": [
"on-demand"
]
}
]
} |
no |
| karpenter_provisioner_default_ttl_after_empty |
Sets the default Time to Live (TTL) for provisioned resources by the Karpenter default provisioner after they become empty or idle. |
number |
300 |
no |
| karpenter_provisioner_default_ttl_until_expired |
Specifies the default Time to Live (TTL) for provisioned resources by the Karpenter default provisioner until they expire or are reclaimed. |
number |
2592000 |
no |
| karpenter_settings_featureGates_drift |
Enable or disable drift feature of karpenter |
bool |
true |
no |
| node_security_group_additional_rules |
List of additional security group rules to add to the node security group created. Set source_cluster_security_group = true inside rules to set the cluster_security_group as source |
any |
{} |
no |
| prometheus_server_data_volume_size |
Volume size for prometheus data |
string |
"150Gi" |
no |
| sso_roles |
AWS SSO roles that will be mapped to RBAC roles. |
list(object({
role_name = string,
groups = list(string),
})) |
[] |
no |
| subnets_ids |
A list of subnet IDs where the nodes/node groups will be provisioned. |
list(string) |
[] |
no |
| tags |
A map of tags to add to all resources. |
map(string) |
{} |
no |
| vpc_id |
ID of the VPC where the cluster and its nodes will be provisioned. |
string |
null |
no |