Overview

We are going to explore how to provision an EKS Fargate cluster with Terraform, and how to setup an AWS ALB Ingress controller serving K8S pods hosted in private subnets Article

Requirements

Name	Version
terraform	~> 1.1.3
aws	~>3.71
cloudflare	3.7.0
github	4.19.1
random	3.1.0
tls	3.4.0

Providers

Name	Version
aws	3.75.2
tls	3.4.0

Modules

Name	Source	Version
vpc	github.com/obytes/terraform-aws-vpc.git	v1.0.5

Resources

Name	Type
aws_acm_certificate._	resource
aws_cloudwatch_log_group._	resource
aws_codestarconnections_connection._	resource
aws_eks_addon.this	resource
aws_eks_cluster._	resource
aws_eks_fargate_profile._	resource
aws_iam_openid_connect_provider.oidc_provider	resource
aws_iam_policy.alb_v1	resource
aws_iam_policy.eks_policy	resource
aws_iam_role._	resource
aws_iam_role.alb_role	resource
aws_iam_role.eks_fargate_role	resource
aws_iam_role.eks_role	resource
aws_iam_role_policy_attachment._	resource
aws_iam_role_policy_attachment.alb_v1	resource
aws_iam_role_policy_attachment.eks	resource
aws_iam_role_policy_attachment.eks_fargate	resource
aws_kms_alias._	resource
aws_kms_key._	resource
aws_security_group.cluster	resource
aws_security_group_rule.cluster	resource
aws_caller_identity.current	data source
aws_eks_cluster_auth._	data source
aws_iam_policy_document._	data source
aws_iam_policy_document.alb_assume_role	data source
aws_iam_policy_document.alb_eks_ingress	data source
aws_iam_policy_document.eks_assume_policy	data source
aws_iam_policy_document.eks_fargate	data source
aws_iam_policy_document.eks_policy	data source
aws_iam_policy_document.kms_policy	data source
aws_partition.current	data source
tls_certificate.this	data source

Inputs

Name	Description	Type	Default	Required
cidr_block	The main CIDR block of the VPC	string	"172.19.0.0/18"	no
cluster_ip_family	The IP type of EKS Cluster	string	"ipv4"	no
cluster_timeouts	Create, update, and delete timeout configurations for the cluster	map(string)	{}	no
create_acm_certificate	Boolean, either to create a new ACM certificate or use existing one	bool	true	no
create_ecr_repository	Boolean, either to create a new ECR repository or use existing one	bool	true	no
create_kms_key	Boolean, either to create a new KMS key or use existing one	bool	true	no
create_public_subnets	A Boolean, for creating public subnets	bool	true	no
domain	Domain Name to issue ACM Certificate	string	"obytes.com"	no
enable_dns_hostnames	A Boolean to enable the dns hostname resolving	bool	true	no
enable_internet_gateway	A Boolean either to create an internet GW for the public reachability	string	true	no
enable_nat_gateway	A Boolean either to create a NAT GW in the VPC, used by the private subnets	bool	true	no
environment	The environment id where those resources will be created such as stag, production, qa	string	"stg"	no
gh_branch	GH Branch that will mapped to QA EKS Deployments	string	"main"	no
kubernetes_cidr	Configuration block with kubernetes network configuration for the cluster	string	"172.16.64.0/24"	no
profile_name	AWS Credentials profile name	string	n/a	yes
project_name	The Project name	string	"eks"	no
region	AWS Region name	string	"eu-west-1"	no
single_nat_gateway	A Boolean, either to create a single NAT GW for the VPC or to create a separate NAT GW for each AZ	bool	true	no

Outputs

Name	Description
acm_details	Details about the ACM certificate for generaltask.com
availability_zones	List of Availability Zones where subnets were created
cluster_sg_id	EKS Cluster security group
eks_cluster	EKS Cluster information
elastc_ips	AWS eip public ips
kms_alias_name	KMS key alias
kms_arn	KMS Key ARN
kms_id	KMS Key ID
nat_gw_ids	aws nat gateway id(s)
nat_ips	IP Addresses in use for NAT
prv_route_table_ids	private route table ids
prv_subnet_cidrs	Private Subnet cidr_blocks
prv_subnet_ids	Private Subnet IDs
pub_route_table_ids	Public route table ids
pub_subnet_cidrs	Public Subnet cidr_blocks
pub_subnet_ids	Public Subnet IDs
vpc_cidr_block	CIDR Block of the VPC
vpc_dhcp_dns_list	VPC DHCP DNS linst
vpc_id	VPC ID
vpc_sg_id	Security Group ID of the VPC