Skip to content

pelotech/terraform-foundation-aws-stack

BranchesTags

Repository files navigation

pre-commit

Foundation - Pelotech's GitOps K8s Cluster

This is the terraform module that helps bootstrap foundation in AWS

This project uses release-please for the release flow of contributions

Requirements

Name Version
terraform >= 1.5.7
aws >= 5.45.0

Providers

Name Version
aws 5.100.0

Modules

Name Source Version
cert_manager_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.59.0
ebs_csi_driver_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.59.0
eks terraform-aws-modules/eks/aws 20.37.2
external_dns_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.59.0
fck_nat RaJiska/fck-nat/aws 1.3.0
karpenter terraform-aws-modules/eks/aws//modules/karpenter 20.37.2
load_balancer_controller_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.59.0
s3_csi terraform-aws-modules/s3-bucket/aws 4.11.0
s3_driver_irsa_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks 5.59.0
vpc terraform-aws-modules/vpc/aws 5.21.0

Resources

Name Type
aws_vpc_endpoint.eks_vpc_endpoints resource
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
eks_cluster_version Kubernetes version to set for the cluster string "1.33" no
extra_access_entries EKS access entries needed by IAM roles interacting with this cluster 
list(object({
    principal_arn           = string
    kubernetes_groups       = optional(list(string))
    policy_associations     = optional(map(object({
      policy_arn              = string
      access_scope = object({
        type = string
        namespaces = optional(list(string))
      })
    })),{})

  }))
 [] no
initial_instance_types instance types of the initial managed node group list(string) n/a yes
initial_node_desired_size desired size of the initial managed node group number 3 no
initial_node_labels labels for the initial managed node group map(string) 
{
  "kube-ovn/role": "master"
}
 no
initial_node_max_size max size of the initial managed node group number 6 no
initial_node_min_size minimum size of the initial managed node group number 2 no
initial_node_taints taints for the initial managed node group list(object({ key = string, value = string, effect = string })) 
[
  {
    "effect": "NO_SCHEDULE",
    "key": "CriticalAddonsOnly",
    "value": "true"
  },
  {
    "effect": "NO_SCHEDULE",
    "key": "nidhogg.uswitch.com/kube-system.kube-multus-ds",
    "value": "true"
  }
]
 no
s3_csi_driver_bucket_arns existing buckets the s3 CSI driver should have access to list(string) [] no
s3_csi_driver_create_bucket create a new bucket for use with the s3 CSI driver bool true no
stack_admin_arns arn to the roles for the cluster admins role list(string) [] no
stack_create should resources be created bool true no
stack_enable_cluster_kms Should secrets be encrypted by kms in the cluster bool true no
stack_enable_default_eks_managed_node_group Ability to disable default node group bool true no
stack_existing_vpc_config Setting the VPC 
object({
    vpc_id     = string
    subnet_ids = list(string)
  })
 null no
stack_fck_nat_enabled Use fck nat to save not managed nat cost bool false no
stack_fck_nat_instance_type choose instance based on bandwitch requirements string "t3.micro" no
stack_name Name of the stack string "foundation-stack" no
stack_ro_arns arn to the roles for the cluster read only role, these will also have KMS readonly access for CI plan purposes, more limited access should use the extra entries list(string) [] no
stack_tags tags to be added to the stack, should at least have Owner and Environment map(any) 
{
  "Environment": "prod",
  "Owner": "pelotech"
}
 no
stack_use_vpc_cni_max_pods Set to true if using the vpc cni - otherwise defaults to 110 max pods bool false no
stack_vpc_block Variables for defining the vpc for the stack 
object({
    cidr             = string
    azs              = list(string)
    private_subnets  = list(string)
    public_subnets   = list(string)
    database_subnets = list(string)
  })
 
{
  "azs": [
    "us-west-2a",
    "us-west-2b",
    "us-west-2c"
  ],
  "cidr": "172.16.0.0/16",
  "database_subnets": [
    "172.16.200.0/24",
    "172.16.201.0/24",
    "172.16.202.0/24"
  ],
  "private_subnets": [
    "172.16.0.0/24",
    "172.16.1.0/24",
    "172.16.2.0/24"
  ],
  "public_subnets": [
    "172.16.100.0/24",
    "172.16.101.0/24",
    "172.16.102.0/24"
  ]
}
 no
vpc_endpoints vpc endpoints within the cluster vpc network, note: this only works when using the internal created VPC list(string) [] no

Outputs

Name Description
eks_cluster_tls_certificate_sha1_fingerprint The SHA1 fingerprint of the public key of the cluster's certificate
eks_oidc_provider The OpenID Connect identity provider (issuer URL without leading https://)
eks_oidc_provider_arn EKS odic provider ARN to be able to add IRSA roles to the cluster out of band

About

Terraform module for the foundation base stack on aws

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 15

v4.0.1 Latest
Jul 17, 2025
+ 14 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages