forked from cloudposse/terraform-aws-eks-node-group
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
411 lines (370 loc) · 14.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
variable "cluster_name" {
type = string
description = "The name of the EKS cluster"
}
variable "create_before_destroy" {
type = bool
default = false
description = <<-EOT
Set true in order to create the new node group before destroying the old one.
If false, the old node group will be destroyed first, causing downtime.
Changing this setting will always cause node group to be replaced.
EOT
}
variable "cluster_autoscaler_enabled" {
type = bool
description = "Set true to label the node group so that the [Kubernetes Cluster Autoscaler](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup) will discover and autoscale it"
default = false
}
variable "ec2_ssh_key_name" {
type = list(string)
default = []
description = "SSH key pair name to use to access the worker nodes"
validation {
condition = (
length(var.ec2_ssh_key_name) < 2
)
error_message = "You may not specify more than one `ec2_ssh_key_name`."
}
}
variable "ssh_access_security_group_ids" {
type = list(string)
default = []
description = "Set of EC2 Security Group IDs to allow SSH access (port 22) to the worker nodes. If you specify `ec2_ssh_key`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0)"
}
variable "desired_size" {
type = number
description = "Initial desired number of worker nodes (external changes ignored)"
}
variable "max_size" {
type = number
description = "Maximum number of worker nodes"
}
variable "min_size" {
type = number
description = "Minimum number of worker nodes"
}
variable "subnet_ids" {
description = "A list of subnet IDs to launch resources in"
type = list(string)
validation {
condition = (
length(var.subnet_ids) > 0
)
error_message = "You must specify at least 1 subnet to launch resources in."
}
}
variable "associated_security_group_ids" {
type = list(string)
default = []
description = <<-EOT
A list of IDs of Security Groups to associate the node group with, in addition to the EKS' created security group.
These security groups will not be modified.
EOT
}
variable "node_role_cni_policy_enabled" {
type = bool
default = true
description = <<-EOT
When true, the `AmazonEKS_CNI_Policy` will be attached to the node IAM role.
This used to be required, but it is [now recommended](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) that this policy be
attached only to the `aws-node` Kubernetes service account. However, that
is difficult to do with Terraform, so this module defaults to the old pattern.
EOT
}
variable "node_role_arn" {
type = list(string)
default = []
description = "If provided, assign workers the given role, which this module will not modify"
validation {
condition = (
length(var.node_role_arn) < 2
)
error_message = "You may not specify more than one `node_role_arn`."
}
}
variable "node_role_policy_arns" {
type = list(string)
default = []
description = "List of policy ARNs to attach to the worker role this module creates in addition to the default ones"
}
variable "node_role_permissions_boundary" {
description = "If provided, all IAM roles will be created with this permissions boundary attached."
type = string
default = null
}
variable "ami_type" {
type = string
description = <<-EOT
Type of Amazon Machine Image (AMI) associated with the EKS Node Group.
Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`, and `AL2_ARM_64`.
EOT
default = "AL2_x86_64"
validation {
condition = (
contains(["AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64"], var.ami_type)
)
error_message = "Var ami_type must be one of \"AL2_x86_64\", \"AL2_x86_64_GPU\", and \"AL2_ARM_64\"."
}
}
variable "instance_types" {
type = list(string)
default = ["t3.medium"]
description = <<-EOT
Instance types to use for this node group (up to 20). Defaults to ["t3.medium"].
Must be empty if the launch template configured by `launch_template_id` specifies an instance type.
EOT
validation {
condition = (
length(var.instance_types) <= 20
)
error_message = "Per the EKS API, no more than 20 instance types may be specified."
}
}
variable "capacity_type" {
type = string
default = null
description = <<-EOT
Type of capacity associated with the EKS Node Group. Valid values: "ON_DEMAND", "SPOT", or `null`.
Terraform will only perform drift detection if a configuration value is provided.
EOT
validation {
condition = var.capacity_type == null ? true : contains(["ON_DEMAND", "SPOT"], var.capacity_type)
error_message = "Capacity type must be either `null`, \"ON_DEMAND\", or \"SPOT\"."
}
}
variable "block_device_mappings" {
type = list(any)
description = <<-EOT
List of block device mappings for the launch template.
Each list element is an object with a `device_name` key and
any keys supported by the `ebs` block of `launch_template`.
EOT
# See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#ebs
default = [{
device_name = "/dev/xvda"
volume_size = 20
volume_type = "gp2"
encrypted = true
delete_on_termination = true
}]
}
variable "update_config" {
type = list(map(number))
default = []
description = <<-EOT
Configuration for the `eks_node_group` [`update_config` Configuration Block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#update_config-configuration-block).
Specify exactly one of `max_unavailable` (node count) or `max_unavailable_percentage` (percentage of nodes).
EOT
}
variable "kubernetes_labels" {
type = map(string)
description = <<-EOT
Key-value mapping of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument.
Other Kubernetes labels applied to the EKS Node Group will not be managed.
EOT
default = {}
}
variable "kubernetes_taints" {
type = list(object({
key = string
value = string
effect = string
}))
description = <<-EOT
List of `key`, `value`, `effect` objects representing Kubernetes taints.
`effect` must be one of `NO_SCHEDULE`, `NO_EXECUTE`, or `PREFER_NO_SCHEDULE`.
`key` and `effect` are required, `value` may be null.
EOT
default = []
}
variable "kubelet_additional_options" {
type = list(string)
description = <<-EOT
Additional flags to pass to kubelet.
DO NOT include `--node-labels` or `--node-taints`,
use `kubernetes_labels` and `kubernetes_taints` to specify those."
EOT
default = []
validation {
condition = (length(compact(var.kubelet_additional_options)) == 0 ? true :
length(regexall("--node-labels", join(" ", var.kubelet_additional_options))) == 0 &&
length(regexall("--node-taints", join(" ", var.kubelet_additional_options))) == 0
)
error_message = "Var kubelet_additional_options must not contain \"--node-labels\" or \"--node-taints\". Use `kubernetes_labels` and `kubernetes_taints` to specify labels and taints."
}
}
variable "ami_image_id" {
type = list(string)
default = []
description = "AMI to use. Ignored if `launch_template_id` is supplied."
validation {
condition = (
length(var.ami_image_id) < 2
)
error_message = "You may not specify more than one `ami_image_id`."
}
}
variable "ami_release_version" {
type = list(string)
default = []
description = "EKS AMI version to use, e.g. \"1.16.13-20200821\" (no \"v\"). Defaults to latest version for Kubernetes version."
validation {
condition = (
length(var.ami_release_version) == 0 ? true : length(regexall("^\\d+\\.\\d+\\.\\d+-\\d+$", var.ami_release_version[0])) == 1
)
error_message = "Var ami_release_version, if supplied, must be like \"1.16.13-20200821\" (no \"v\")."
}
}
variable "kubernetes_version" {
type = list(string)
default = []
description = "Kubernetes version. Defaults to EKS Cluster Kubernetes version. Terraform will only perform drift detection if a configuration value is provided"
validation {
condition = (
length(var.kubernetes_version) == 0 ? true : length(regexall("^\\d+\\.\\d+$", var.kubernetes_version[0])) == 1
)
error_message = "Var kubernetes_version, if supplied, must be like \"1.16\" (no patch level)."
}
}
variable "module_depends_on" {
type = any
default = null
description = "Can be any value desired. Module will wait for this value to be computed before creating node group."
}
variable "launch_template_id" {
type = list(string)
default = []
description = "The ID (not name) of a custom launch template to use for the EKS node group. If provided, it must specify the AMI image ID."
validation {
condition = (
length(var.launch_template_id) < 2
)
error_message = "You may not specify more than one `launch_template_id`."
}
}
variable "launch_template_version" {
type = list(string)
default = []
description = "The version of the specified launch template to use. Defaults to latest version."
validation {
condition = (
length(var.launch_template_version) < 2
)
error_message = "You may not specify more than one `launch_template_version`."
}
}
variable "resources_to_tag" {
type = list(string)
description = "List of auto-launched resource types to tag. Valid types are \"instance\", \"volume\", \"elastic-gpu\", \"spot-instances-request\"."
default = []
validation {
condition = (
length(compact([for r in var.resources_to_tag : r if !contains(["instance", "volume", "elastic-gpu", "spot-instances-request"], r)])) == 0
)
error_message = "Invalid resource type in `resources_to_tag`. Valid types are \"instance\", \"volume\", \"elastic-gpu\", \"spot-instances-request\"."
}
}
variable "before_cluster_joining_userdata" {
type = list(string)
default = []
description = "Additional `bash` commands to execute on each worker node before joining the EKS cluster (before executing the `bootstrap.sh` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production"
validation {
condition = (
length(var.before_cluster_joining_userdata) < 2
)
error_message = "You may not specify more than one `before_cluster_joining_userdata`."
}
}
variable "after_cluster_joining_userdata" {
type = list(string)
default = []
description = "Additional `bash` commands to execute on each worker node after joining the EKS cluster (after executing the `bootstrap.sh` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production"
validation {
condition = (
length(var.after_cluster_joining_userdata) < 2
)
error_message = "You may not specify more than one `after_cluster_joining_userdata`."
}
}
variable "bootstrap_additional_options" {
type = list(string)
default = []
description = "Additional options to bootstrap.sh. DO NOT include `--kubelet-additional-args`, use `kubelet_additional_args` var instead."
validation {
condition = (
length(var.bootstrap_additional_options) < 2
)
error_message = "You may not specify more than one `bootstrap_additional_options`."
}
}
variable "userdata_override_base64" {
type = list(string)
default = []
description = <<-EOT
Many features of this module rely on the `bootstrap.sh` provided with Amazon Linux, and this module
may generate "user data" that expects to find that script. If you want to use an AMI that is not
compatible with the Amazon Linux `bootstrap.sh` initialization, then use `userdata_override_base64` to provide
your own (Base64 encoded) user data. Use "" to prevent any user data from being set.
Setting `userdata_override_base64` disables `kubernetes_taints`, `kubelet_additional_options`,
`before_cluster_joining_userdata`, `after_cluster_joining_userdata`, and `bootstrap_additional_options`.
EOT
validation {
condition = (
length(var.userdata_override_base64) < 2
)
error_message = "You may not specify more than one `userdata_override_base64`."
}
}
variable "metadata_http_endpoint_enabled" {
type = bool
default = true
description = "Set false to disable the Instance Metadata Service."
}
variable "metadata_http_put_response_hop_limit" {
type = number
default = 2
description = <<-EOT
The desired HTTP PUT response hop limit (between 1 and 64) for Instance Metadata Service requests.
The default is `2` to support containerized workloads.
EOT
validation {
condition = (
var.metadata_http_put_response_hop_limit >= 2
)
error_message = "IMDS hop limit must be at least 2 to support EKS functionality."
}
}
variable "metadata_http_tokens_required" {
type = bool
default = true
description = "Set true to require IMDS session tokens, disabling Instance Metadata Service Version 1."
}
variable "placement" {
type = list(any)
default = []
description = <<-EOT
Configuration for the [`placement` Configuration Block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#placement) of the launch template.
Leave list empty for defaults. Pass list with single object with attributes matching the `placement` block to configure it.
Note that this configures the launch template only. Some elements will be ignored by the Auto Scaling Group
that actually launches instances. Consult AWS documentation for details.
EOT
}
variable "enclave_enabled" {
type = bool
default = false
description = "Set to `true` to enable Nitro Enclaves on the instance."
}
variable "node_group_terraform_timeouts" {
type = list(object({
create = string
update = string
delete = string
}))
default = []
description = <<-EOT
Configuration for the Terraform [`timeouts` Configuration Block](https://www.terraform.io/docs/language/resources/syntax.html#operation-timeouts) of the node group resource.
Leave list empty for defaults. Pass list with single object with attributes matching the `timeouts` block to configure it.
Leave attribute values `null` to preserve individual defaults while setting others.
EOT
}