Amazon EKS Blueprints Addons

Terraform module to deploy Kubernetes addons on Amazon EKS clusters.

Usage

module "eks_blueprints_addons" {
  source = "aws-blueprints/eks-blueprints-addons/aws"

  cluster_name      = module.eks.cluster_name
  cluster_endpoint  = module.eks.cluster_endpoint
  cluster_version   = module.eks.cluster_version
  oidc_provider_arn = module.eks.oidc_provider_arn

  eks_addons = {
    aws-ebs-csi-driver = {
      most_recent = true
    }
    coredns = {
      most_recent = true
    }
    vpc-cni = {
      most_recent = true
    }
    kube-proxy = {
      most_recent = true
    }
  }

  enable_aws_load_balancer_controller    = true
  enable_cluster_proportional_autoscaler = true
  enable_karpenter                       = true
  enable_kube_prometheus_stack           = true
  enable_metrics_server                  = true
  enable_external_dns                    = true
  enable_cert_manager                    = true
  cert_manager_route53_hosted_zone_arns  = ["arn:aws:route53:::hostedzone/XXXXXXXXXXXXX"]

  tags = {
    Environment = "dev"
  }
}

module "eks" {
  source = "terraform-aws-modules/eks/aws"

  name               = "my-cluster"
  kubernetes_version = "1.34"

  ... truncated for brevity
}

Requirements

Name	Version
terraform	>= 1.11
aws	>= 6.0
time	>= 0.9

Providers

Name	Version
aws	>= 6.0
time	>= 0.9

Modules

Name	Source	Version
aws_cloudwatch_metrics	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_efs_csi_driver	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_fsx_csi_driver	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_gateway_api_controller	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_load_balancer_controller	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_node_termination_handler	aws-blueprints/eks-blueprints-addon/aws	2.0.0
aws_node_termination_handler_sqs	terraform-aws-modules/sqs/aws	4.0.1
aws_privateca_issuer	aws-blueprints/eks-blueprints-addon/aws	2.0.0
cert_manager	aws-blueprints/eks-blueprints-addon/aws	2.0.0
cluster_autoscaler	aws-blueprints/eks-blueprints-addon/aws	2.0.0
external_dns	aws-blueprints/eks-blueprints-addon/aws	2.0.0
external_secrets	aws-blueprints/eks-blueprints-addon/aws	2.0.0
karpenter	aws-blueprints/eks-blueprints-addon/aws	2.0.0
karpenter_sqs	terraform-aws-modules/sqs/aws	4.0.1
velero	aws-blueprints/eks-blueprints-addon/aws	2.0.0

Resources

Name	Type
aws_autoscaling_group_tag.aws_node_termination_handler	resource
aws_autoscaling_lifecycle_hook.aws_node_termination_handler	resource
aws_cloudwatch_event_rule.aws_node_termination_handler	resource
aws_cloudwatch_event_rule.karpenter	resource
aws_cloudwatch_event_target.aws_node_termination_handler	resource
aws_cloudwatch_event_target.karpenter	resource
aws_iam_instance_profile.karpenter	resource
aws_iam_role.karpenter	resource
aws_iam_role_policy_attachment.additional	resource
aws_iam_role_policy_attachment.karpenter	resource
time_sleep.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.aws_efs_csi_driver	data source
aws_iam_policy_document.aws_fsx_csi_driver	data source
aws_iam_policy_document.aws_gateway_api_controller	data source
aws_iam_policy_document.aws_load_balancer_controller	data source
aws_iam_policy_document.aws_node_termination_handler	data source
aws_iam_policy_document.aws_privateca_issuer	data source
aws_iam_policy_document.cert_manager	data source
aws_iam_policy_document.cluster_autoscaler	data source
aws_iam_policy_document.external_dns	data source
aws_iam_policy_document.external_secrets	data source
aws_iam_policy_document.karpenter	data source
aws_iam_policy_document.karpenter_assume_role	data source
aws_iam_policy_document.velero	data source
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
aws_cloudwatch_metrics	Cloudwatch Metrics add-on configuration values	any	{}	no
aws_efs_csi_driver	EFS CSI Driver add-on configuration values	any	{}	no
aws_fsx_csi_driver	FSX CSI Driver add-on configuration values	any	{}	no
aws_gateway_api_controller	AWS Gateway API Controller add-on configuration values	any	{}	no
aws_load_balancer_controller	AWS Load Balancer Controller add-on configuration values	any	{}	no
aws_node_termination_handler	AWS Node Termination Handler add-on configuration values	any	{}	no
aws_node_termination_handler_asg_arns	List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events	list(string)	[]	no
aws_node_termination_handler_asg_names	List of Auto Scaling group names that AWS Node Termination Handler will monitor for EC2 events. If leaving this empty, all ASGs will be monitored	list(string)	[]	no
aws_node_termination_handler_sqs	AWS Node Termination Handler SQS queue configuration values	any	{}	no
aws_privateca_issuer	AWS PCA Issuer add-on configurations	any	{}	no
cert_manager	cert-manager add-on configuration values	any	{}	no
cert_manager_route53_hosted_zone_arns	List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records	list(string)	[ "arn:aws:route53:::hostedzone/*" ]	no
cluster_autoscaler	Cluster Autoscaler add-on configuration values	any	{}	no
cluster_endpoint	Endpoint for your Kubernetes API server	string	n/a	yes
cluster_name	Name of the EKS cluster	string	n/a	yes
cluster_version	Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24)	string	n/a	yes
create_delay_dependencies	Dependency attribute which must be resolved before starting the create_delay_duration	list(string)	[]	no
create_delay_duration	The duration to wait before creating resources	string	"30s"	no
enable_aws_cloudwatch_metrics	Enable AWS Cloudwatch Metrics add-on for Container Insights	bool	false	no
enable_aws_efs_csi_driver	Enable AWS EFS CSI Driver add-on	bool	false	no
enable_aws_fsx_csi_driver	Enable AWS FSX CSI Driver add-on	bool	false	no
enable_aws_gateway_api_controller	Enable AWS Gateway API Controller add-on	bool	false	no
enable_aws_load_balancer_controller	Enable AWS Load Balancer Controller add-on	bool	false	no
enable_aws_node_termination_handler	Enable AWS Node Termination Handler add-on	bool	false	no
enable_aws_privateca_issuer	Enable AWS PCA Issuer	bool	false	no
enable_cert_manager	Enable cert-manager add-on	bool	false	no
enable_cluster_autoscaler	Enable Cluster autoscaler add-on	bool	false	no
enable_eks_fargate	Identifies whether or not respective addons should be modified to support deployment on EKS Fargate	bool	false	no
enable_external_dns	Enable external-dns operator add-on	bool	false	no
enable_external_secrets	Enable External Secrets operator add-on	bool	false	no
enable_karpenter	Enable Karpenter controller add-on	bool	false	no
enable_velero	Enable Kubernetes Dashboard add-on	bool	false	no
external_dns	external-dns add-on configuration values	any	{}	no
external_dns_route53_zone_arns	List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53)	list(string)	[]	no
external_secrets	External Secrets add-on configuration values	any	{}	no
external_secrets_kms_key_arns	List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets	list(string)	[ "arn:aws:kms:::key/*" ]	no
external_secrets_secrets_manager_arns	List of Secrets Manager ARNs that contain secrets to mount using External Secrets	list(string)	[ "arn:aws:secretsmanager:::secret:*" ]	no
external_secrets_ssm_parameter_arns	List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets	list(string)	[ "arn:aws:ssm:::parameter/*" ]	no
karpenter	Karpenter add-on configuration values	any	{}	no
karpenter_enable_instance_profile_creation	Determines whether Karpenter will be allowed to create the IAM instance profile (v1beta1) or if Terraform will (v1alpha1)	bool	true	no
karpenter_enable_spot_termination	Determines whether to enable native node termination handling	bool	true	no
karpenter_node	Karpenter IAM role and IAM instance profile configuration values	any	{}	no
karpenter_sqs	Karpenter SQS queue for native node termination handling configuration values	any	{}	no
oidc_provider_arn	The ARN of the cluster OIDC Provider	string	n/a	yes
tags	A map of tags to add to all resources	map(string)	{}	no
velero	Velero add-on configuration values	any	{}	no

Outputs

Name	Description
aws_cloudwatch_metrics	Map of attributes of the Helm release and IRSA created
aws_efs_csi_driver	Map of attributes of the Helm release and IRSA created
aws_fsx_csi_driver	Map of attributes of the Helm release and IRSA created
aws_gateway_api_controller	Map of attributes of the Helm release and IRSA created
aws_load_balancer_controller	Map of attributes of the Helm release and IRSA created
aws_node_termination_handler	Map of attributes of the Helm release and IRSA created
aws_privateca_issuer	Map of attributes of the Helm release and IRSA created
cert_manager	Map of attributes of the Helm release and IRSA created
cluster_autoscaler	Map of attributes of the Helm release and IRSA created
external_dns	Map of attributes of the Helm release and IRSA created
external_secrets	Map of attributes of the Helm release and IRSA created
karpenter	Map of attributes of the Helm release and IRSA created
velero	Map of attributes of the Helm release and IRSA created