1. Create an OIDC provider that Autoscaler will use.
You can use the output from the EKS module (if cluster was created with the module) named oidc_provider_issuer; e.g url module.eks.oidc_provider_issuer
2. IAM Role and IAM Policy
Create the IAM Role & IAM Policy and pass it in to the module.
Please remember that when creating the IAM Role, the sts Assume Role policy service account name should be cluster-autoscaler.
Please see further documention here:
Allow capability: NET_BIND_SERVICE
| Parameter | Description | Type of value |
|---|---|---|
name |
name of nginx ingress controller | string |
namespace |
namespace into which the controller will be deployed | string |
version |
Version of Nginx Ingress Controller chart | string |
set_values |
This is to set the values for additional configuration as opposed to passing them in, we can just name the value we want to change and set that value. | map(string) |
| `` |
Example usage:
nginx_controllers = {
nginx_public = {
name = "nginx-public"
namespace = "c-ingress-controller"
version = "0.3.5"
set_values = {
controller.service.targetPorts.https = "http"
controller.service.targetPorts.enableHttp = "false"
controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
}
},
nginx_internal = {
name = "nginx-internal"
namespace = "i-ingress-controller"
version = "0.3.5"
set_values = {
controller.service.targetPorts.https = "http"
controller.service.targetPorts.enableHttp = "false"
controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
}
}
}Fluentbit automatically creates a CloudWatch log group with the following naming convention:
- logGroupName: "/aws/eks/fluentbit-cloudwatch/${var.cluster_name}"
module "eks_add_ons" {
source = "git::https://"
region = "eu-central-1"
cluster_name = local.cluster_name
enable_fluentbit = false
enable_eks_autoscaler = true
enable_cert_manager = true
autoscaler_iam_role_arn = aws_iam_role.autoscaler.arn
nginx_controllers = {
public = {
name = "public"
namespace = "c-ingress"
version = ""
set_values = {
controller.service.targetPorts.https = "http"
controller.service.targetPorts.enableHttp = "false"
controller.service.annotations.service.beta.kubernetes.io/aws-load-balancer-backend-protocol = "http"
}
}
}
node_group_role_name = aws_iam_role.eks_node_group.name
tags = {
test = "[email protected]"
env = "test"
app = "test1234"
}
}No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| helm | n/a |
No modules.
| Name | Type |
|---|---|
| aws_iam_role_policy_attachment.CloudWatchAgentServerPolicy | resource |
| helm_release.cluster_autoscaler | resource |
| helm_release.fluent_bit | resource |
| helm_release.nginx | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| autoscaler_iam_role_arn | IAM Role arn of autoscaler role. | any |
n/a | yes |
| cluster_name | Name of EKS cluster, required if Fluenbit is enabled | any |
n/a | yes |
| enable_eks_autoscaler | enable EKS autoscaler | bool |
false |
no |
| enable_fluentbit | enable CloudWatch logging for EKS cluster using fluentbit. | bool |
false |
no |
| env | Type of environment, e.g prod, stage | any |
n/a | yes |
| lb_backend_protocol | AWS Load Balancer backend protocol | string |
"http" |
no |
| lb_connection_idle_timeout | AWS Load Balancer connection idle timeout | string |
"120" |
no |
| lb_ssl_ports | AWS Load balancer SSL ports | string |
"443" |
no |
| nginx_controllers | Creates nginx ingress controllers | map(object({ |
n/a | yes |
| node_group_role_name | IAM role name of EKS Node Group | string |
"" |
no |
| region | AWS region | string |
"eu-central-1" |
no |
| tags | AWS Resource tags | any |
n/a | yes |
| enable_cert_manager | enable ACME Certificate Manager | bool |
false | yes |
| cert_manager_replicaCount | Number of cert-manager controller pods | number |
2 | no |
| cert_manager_version | cert-manager Chart Version | string |
"v1.5.0" | no |
No outputs.