Skip to content

Instantly share code, notes, and snippets.

@anthonydahanne

anthonydahanne/plan.json Secret

Created September 9, 2020 13:08
Show Gist options
  • Save anthonydahanne/6528144734bd982c2ed992c51fe6f716 to your computer and use it in GitHub Desktop.
Save anthonydahanne/6528144734bd982c2ed992c51fe6f716 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
plan.json
{
"format_version": "0.1",
"terraform_version": "0.13.2",
"variables": {
"availability_zone": {
"value": [
"ca-central-1a",
"ca-central-1b"
]
},
"cluster_name": {
"value": "development"
},
"k8s_version": {
"value": "1.17"
},
"kubernetes_autoscaler_image": {
"value": "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.17.3"
},
"kubernetes_autoscaler_resources_labels": {
"value": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
}
},
"node_ami_type": {
"value": "AL2_x86_64"
},
"node_desired_size": {
"value": "1"
},
"node_instance_type": {
"value": "t3.xlarge"
},
"node_max_capacity": {
"value": "3"
},
"node_min_capacity": {
"value": "1"
},
"region": {
"value": "ca-central-1"
},
"source_security_group_ids": {
"value": ""
},
"ssh_keypair": {
"value": "eks-ssh-nodes"
},
"vpc_id": {
"value": "vpc-XXX"
}
},
"planned_values": {
"outputs": {
"cluster_endpoint": {
"sensitive": false
},
"config_map_aws_auth": {
"sensitive": false,
"value": []
},
"kubectl_config": {
"sensitive": false
}
},
"root_module": {
"resources": [
{
"address": "data.aws_eks_cluster.cluster",
"mode": "data",
"type": "aws_eks_cluster",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0
},
{
"address": "data.aws_eks_cluster_auth.cluster",
"mode": "data",
"type": "aws_eks_cluster_auth",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0
},
{
"address": "kubernetes_cluster_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "847",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"events",
"endpoints"
],
"verbs": [
"create",
"patch"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/eviction"
],
"verbs": [
"create"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/status"
],
"verbs": [
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"endpoints"
],
"verbs": [
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"nodes"
],
"verbs": [
"watch",
"list",
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods",
"services",
"replicationcontrollers",
"persistentvolumeclaims",
"persistentvolumes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"policy"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"poddisruptionbudgets"
],
"verbs": [
"watch",
"list"
]
},
{
"api_groups": [
"apps"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"statefulsets",
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"storage.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"storageclasses",
"csinodes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"batch",
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"jobs"
],
"verbs": [
"get",
"list",
"watch",
"patch"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"leases"
],
"verbs": [
"create"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"leases"
],
"verbs": [
"get",
"update"
]
}
]
}
},
{
"address": "kubernetes_cluster_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "851",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "ClusterRole",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
}
},
{
"address": "kubernetes_deployment.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_deployment",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
},
"generate_name": "",
"generation": 1,
"labels": {
"app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "1419",
"self_link": "/apis/apps/v1/namespaces/kube-system/deployments/cluster-autoscaler",
"uid": "uid"
}
],
"spec": [
{
"min_ready_seconds": 0,
"paused": false,
"progress_deadline_seconds": 600,
"replicas": 1,
"revision_history_limit": 10,
"selector": [
{
"match_expressions": [],
"match_labels": {
"app": "cluster-autoscaler"
}
}
],
"strategy": [
{
"rolling_update": [
{
"max_surge": "25%",
"max_unavailable": "25%"
}
],
"type": "RollingUpdate"
}
],
"template": [
{
"metadata": [
{
"annotations": {
"prometheus.io/port": "8085",
"prometheus.io/scrape": "true"
},
"generate_name": "",
"generation": 0,
"labels": {
"app": "cluster-autoscaler"
},
"name": "",
"namespace": "",
"resource_version": "",
"self_link": "",
"uid": "uid"
}
],
"spec": [
{
"active_deadline_seconds": 0,
"affinity": [],
"automount_service_account_token": true,
"container": [
{
"args": [],
"command": [
"./cluster-autoscaler",
"--v=4",
"--stderrthreshold=info",
"--cloud-provider=aws",
"--skip-nodes-with-local-storage=false",
"--expander=least-waste",
"--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/development",
"--balance-similar-node-groups",
"--skip-nodes-with-system-pods=false"
],
"env": [],
"env_from": [],
"image": "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.17.3",
"image_pull_policy": "Always",
"lifecycle": [],
"liveness_probe": [],
"name": "cluster-autoscaler",
"port": [],
"readiness_probe": [],
"resources": [
{
"limits": [
{
"cpu": "100m",
"memory": "300Mi"
}
],
"requests": [
{
"cpu": "100m",
"memory": "300Mi"
}
]
}
],
"security_context": [],
"startup_probe": [],
"stdin": false,
"stdin_once": false,
"termination_message_path": "/dev/termination-log",
"tty": false,
"volume_mount": [
{
"mount_path": "/etc/ssl/certs/ca-certificates.crt",
"mount_propagation": "None",
"name": "ssl-certs",
"read_only": true,
"sub_path": ""
}
],
"working_dir": ""
}
],
"dns_config": [],
"dns_policy": "ClusterFirst",
"host_aliases": [],
"host_ipc": false,
"host_network": false,
"host_pid": false,
"hostname": "",
"image_pull_secrets": [],
"init_container": [],
"node_name": "",
"node_selector": {},
"priority_class_name": "",
"restart_policy": "Always",
"security_context": [],
"service_account_name": "cluster-autoscaler",
"share_process_namespace": false,
"subdomain": "",
"termination_grace_period_seconds": 30,
"toleration": [],
"volume": [
{
"aws_elastic_block_store": [],
"azure_disk": [],
"azure_file": [],
"ceph_fs": [],
"cinder": [],
"config_map": [],
"csi": [],
"downward_api": [],
"empty_dir": [],
"fc": [],
"flex_volume": [],
"flocker": [],
"gce_persistent_disk": [],
"git_repo": [],
"glusterfs": [],
"host_path": [
{
"path": "/etc/ssl/certs/ca-bundle.crt",
"type": ""
}
],
"iscsi": [],
"local": [],
"name": "ssl-certs",
"nfs": [],
"persistent_volume_claim": [],
"photon_persistent_disk": [],
"quobyte": [],
"rbd": [],
"secret": [],
"vsphere_volume": []
}
]
}
]
}
]
}
],
"timeouts": null,
"wait_for_rollout": true
}
},
{
"address": "kubernetes_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "852",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/roles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"resource_names": [],
"resources": [
"configmaps"
],
"verbs": [
"create",
"list",
"watch"
]
},
{
"api_groups": [
""
],
"resource_names": [
"cluster-autoscaler-priority-expander",
"cluster-autoscaler-status"
],
"resources": [
"configmaps"
],
"verbs": [
"delete",
"get",
"update",
"watch"
]
}
]
}
},
{
"address": "kubernetes_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "853",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/rolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "Role",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
}
},
{
"address": "kubernetes_service_account.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_service_account",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"automount_service_account_token": true,
"default_secret_name": "cluster-autoscaler-token-twqhk",
"id": "kube-system/cluster-autoscaler",
"image_pull_secret": [],
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "850",
"self_link": "/api/v1/namespaces/kube-system/serviceaccounts/cluster-autoscaler",
"uid": "uid"
}
],
"secret": [],
"timeouts": null
}
}
],
"child_modules": [
{
"resources": [
{
"address": "module.eks.aws_eks_cluster.this[0]",
"mode": "managed",
"type": "aws_eks_cluster",
"name": "this",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"enabled_cluster_log_types": null,
"encryption_config": [],
"name": "development",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"tags": {
"Environment": "development"
},
"timeouts": {
"create": "30m",
"delete": "15m",
"update": null
},
"version": "1.17",
"vpc_config": [
{
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
]
}
]
}
},
{
"address": "module.eks.data.aws_iam_policy_document.cluster_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cluster_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"id": "1111111111",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSClusterAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"eks.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSClusterAssumeRole"
}
],
"version": "2012-10-17"
}
},
{
"address": "module.eks.data.aws_iam_policy_document.workers_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "workers_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"id": "0000000000",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSWorkerAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"ec2.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSWorkerAssumeRole"
}
],
"version": "2012-10-17"
}
},
{
"address": "module.eks.data.null_data_source.node_groups[0]",
"mode": "data",
"type": "null_data_source",
"name": "node_groups",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/null",
"schema_version": 0,
"values": {
"has_computed_default": "default",
"id": "static",
"inputs": {
"aws_auth": "",
"cluster_name": "development",
"role_CNI_Policy": "",
"role_Container": "",
"role_NodePolicy": ""
},
"outputs": {
"aws_auth": "",
"cluster_name": "development",
"role_CNI_Policy": "",
"role_Container": "",
"role_NodePolicy": ""
},
"random": "8478631925225246376"
}
},
{
"address": "module.eks.local_file.kubeconfig[0]",
"mode": "managed",
"type": "local_file",
"name": "kubeconfig",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/local",
"schema_version": 0,
"values": {
"content_base64": null,
"directory_permission": "0755",
"file_permission": "0644",
"filename": "./kubeconfig_development",
"sensitive_content": null
}
}
],
"address": "module.eks",
"child_modules": [
{
"resources": [
{
"address": "module.eks.module.node_groups.aws_eks_node_group.workers[\"my-node\"]",
"mode": "managed",
"type": "aws_eks_node_group",
"name": "workers",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"ami_type": "AL2_x86_64",
"cluster_name": "development",
"force_update_version": null,
"instance_types": [
"t3.xlarge"
],
"labels": {
"Environment": "development"
},
"node_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"remote_access": [
{
"ec2_ssh_key": "eks-ssh-nodes",
"source_security_group_ids": null
}
],
"scaling_config": [
{
"desired_size": 1,
"max_size": 3,
"min_size": 1
}
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"tags": {
"Environment": "development"
},
"timeouts": null,
"version": "1.17"
}
},
{
"address": "module.eks.module.node_groups.random_pet.node_groups[\"my-node\"]",
"mode": "managed",
"type": "random_pet",
"name": "node_groups",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/random",
"schema_version": 0,
"values": {
"keepers": {
"ami_type": "AL2_x86_64",
"iam_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"instance_type": "t3.xlarge",
"key_name": "eks-ssh-nodes",
"node_group_name": "development-my-node",
"source_security_group_ids": "",
"subnet_ids": "subnet-aaaaaaaaaaaaaaaaa"
},
"length": 2,
"prefix": null,
"separator": "-"
}
}
],
"address": "module.eks.module.node_groups"
}
]
}
]
}
},
"resource_changes": [
{
"address": "data.aws_eks_cluster.cluster",
"mode": "data",
"type": "aws_eks_cluster",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"read"
],
"before": {
"arn": "arn:aws:eks:ca-central-1:307819520923:cluster/production",
"certificate_authority": [
{
"data": "data="
}
],
"created_at": "2020-09-01 14:18:35 +0000 UTC",
"enabled_cluster_log_types": [],
"endpoint": "https://plop.sk1.ca-central-1.eks.amazonaws.com",
"id": "production",
"identity": [
{
"oidc": [
{
"issuer": "https://oidc.eks.ca-central-1.amazonaws.com/id/plop"
}
]
}
],
"name": "production",
"platform_version": "eks.2",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"status": "ACTIVE",
"tags": {
"Environment": "production"
},
"version": "1.17",
"vpc_config": [
{
"cluster_security_group_id": "sg-aaaaaaaaaaaaaaaaa",
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"vpc_id": "vpc-XXX"
}
]
},
"after": {},
"after_unknown": {
"arn": true,
"certificate_authority": true,
"created_at": true,
"enabled_cluster_log_types": true,
"endpoint": true,
"id": true,
"identity": true,
"name": true,
"platform_version": true,
"role_arn": true,
"status": true,
"tags": true,
"version": true,
"vpc_config": true
}
}
},
{
"address": "data.aws_eks_cluster_auth.cluster",
"mode": "data",
"type": "aws_eks_cluster_auth",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"read"
],
"before": {
"id": "2020-09-08 21:57:27.511589 +0000 UTC",
"name": "production",
"token": "k8s-aws-v1.token"
},
"after": {},
"after_unknown": {
"id": true,
"name": true,
"token": true
}
}
},
{
"address": "kubernetes_cluster_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "847",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"events",
"endpoints"
],
"verbs": [
"create",
"patch"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/eviction"
],
"verbs": [
"create"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/status"
],
"verbs": [
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"endpoints"
],
"verbs": [
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"nodes"
],
"verbs": [
"watch",
"list",
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods",
"services",
"replicationcontrollers",
"persistentvolumeclaims",
"persistentvolumes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"policy"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"poddisruptionbudgets"
],
"verbs": [
"watch",
"list"
]
},
{
"api_groups": [
"apps"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"statefulsets",
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"storage.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"storageclasses",
"csinodes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"batch",
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"jobs"
],
"verbs": [
"get",
"list",
"watch",
"patch"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"leases"
],
"verbs": [
"create"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"leases"
],
"verbs": [
"get",
"update"
]
}
]
},
"after": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "847",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"events",
"endpoints"
],
"verbs": [
"create",
"patch"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/eviction"
],
"verbs": [
"create"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/status"
],
"verbs": [
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"endpoints"
],
"verbs": [
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"nodes"
],
"verbs": [
"watch",
"list",
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods",
"services",
"replicationcontrollers",
"persistentvolumeclaims",
"persistentvolumes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"policy"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"poddisruptionbudgets"
],
"verbs": [
"watch",
"list"
]
},
{
"api_groups": [
"apps"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"statefulsets",
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"storage.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"storageclasses",
"csinodes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"batch",
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"jobs"
],
"verbs": [
"get",
"list",
"watch",
"patch"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"leases"
],
"verbs": [
"create"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"leases"
],
"verbs": [
"get",
"update"
]
}
]
},
"after_unknown": {}
}
},
{
"address": "kubernetes_cluster_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "851",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "ClusterRole",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"after": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "851",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "ClusterRole",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"after_unknown": {}
}
},
{
"address": "kubernetes_deployment.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_deployment",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"update"
],
"before": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
},
"generate_name": "",
"generation": 1,
"labels": {
"app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "1419",
"self_link": "/apis/apps/v1/namespaces/kube-system/deployments/cluster-autoscaler",
"uid": "uid"
}
],
"spec": [
{
"min_ready_seconds": 0,
"paused": false,
"progress_deadline_seconds": 600,
"replicas": 1,
"revision_history_limit": 10,
"selector": [
{
"match_expressions": [],
"match_labels": {
"app": "cluster-autoscaler"
}
}
],
"strategy": [
{
"rolling_update": [
{
"max_surge": "25%",
"max_unavailable": "25%"
}
],
"type": "RollingUpdate"
}
],
"template": [
{
"metadata": [
{
"annotations": {
"prometheus.io/port": "8085",
"prometheus.io/scrape": "true"
},
"generate_name": "",
"generation": 0,
"labels": {
"app": "cluster-autoscaler"
},
"name": "",
"namespace": "",
"resource_version": "",
"self_link": "",
"uid": "uid"
}
],
"spec": [
{
"active_deadline_seconds": 0,
"affinity": [],
"automount_service_account_token": true,
"container": [
{
"args": [],
"command": [
"./cluster-autoscaler",
"--v=4",
"--stderrthreshold=info",
"--cloud-provider=aws",
"--skip-nodes-with-local-storage=false",
"--expander=least-waste",
"--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/production",
"--balance-similar-node-groups",
"--skip-nodes-with-system-pods=false"
],
"env": [],
"env_from": [],
"image": "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.17.3",
"image_pull_policy": "Always",
"lifecycle": [],
"liveness_probe": [],
"name": "cluster-autoscaler",
"port": [],
"readiness_probe": [],
"resources": [
{
"limits": [
{
"cpu": "100m",
"memory": "300Mi"
}
],
"requests": [
{
"cpu": "100m",
"memory": "300Mi"
}
]
}
],
"security_context": [],
"startup_probe": [],
"stdin": false,
"stdin_once": false,
"termination_message_path": "/dev/termination-log",
"tty": false,
"volume_mount": [
{
"mount_path": "/etc/ssl/certs/ca-certificates.crt",
"mount_propagation": "None",
"name": "ssl-certs",
"read_only": true,
"sub_path": ""
}
],
"working_dir": ""
}
],
"dns_config": [],
"dns_policy": "ClusterFirst",
"host_aliases": [],
"host_ipc": false,
"host_network": false,
"host_pid": false,
"hostname": "",
"image_pull_secrets": [],
"init_container": [],
"node_name": "",
"node_selector": {},
"priority_class_name": "",
"restart_policy": "Always",
"security_context": [],
"service_account_name": "cluster-autoscaler",
"share_process_namespace": false,
"subdomain": "",
"termination_grace_period_seconds": 30,
"toleration": [],
"volume": [
{
"aws_elastic_block_store": [],
"azure_disk": [],
"azure_file": [],
"ceph_fs": [],
"cinder": [],
"config_map": [],
"csi": [],
"downward_api": [],
"empty_dir": [],
"fc": [],
"flex_volume": [],
"flocker": [],
"gce_persistent_disk": [],
"git_repo": [],
"glusterfs": [],
"host_path": [
{
"path": "/etc/ssl/certs/ca-bundle.crt",
"type": ""
}
],
"iscsi": [],
"local": [],
"name": "ssl-certs",
"nfs": [],
"persistent_volume_claim": [],
"photon_persistent_disk": [],
"quobyte": [],
"rbd": [],
"secret": [],
"vsphere_volume": []
}
]
}
]
}
]
}
],
"timeouts": null,
"wait_for_rollout": true
},
"after": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
},
"generate_name": "",
"generation": 1,
"labels": {
"app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "1419",
"self_link": "/apis/apps/v1/namespaces/kube-system/deployments/cluster-autoscaler",
"uid": "uid"
}
],
"spec": [
{
"min_ready_seconds": 0,
"paused": false,
"progress_deadline_seconds": 600,
"replicas": 1,
"revision_history_limit": 10,
"selector": [
{
"match_expressions": [],
"match_labels": {
"app": "cluster-autoscaler"
}
}
],
"strategy": [
{
"rolling_update": [
{
"max_surge": "25%",
"max_unavailable": "25%"
}
],
"type": "RollingUpdate"
}
],
"template": [
{
"metadata": [
{
"annotations": {
"prometheus.io/port": "8085",
"prometheus.io/scrape": "true"
},
"generate_name": "",
"generation": 0,
"labels": {
"app": "cluster-autoscaler"
},
"name": "",
"namespace": "",
"resource_version": "",
"self_link": "",
"uid": "uid"
}
],
"spec": [
{
"active_deadline_seconds": 0,
"affinity": [],
"automount_service_account_token": true,
"container": [
{
"args": [],
"command": [
"./cluster-autoscaler",
"--v=4",
"--stderrthreshold=info",
"--cloud-provider=aws",
"--skip-nodes-with-local-storage=false",
"--expander=least-waste",
"--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/development",
"--balance-similar-node-groups",
"--skip-nodes-with-system-pods=false"
],
"env": [],
"env_from": [],
"image": "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.17.3",
"image_pull_policy": "Always",
"lifecycle": [],
"liveness_probe": [],
"name": "cluster-autoscaler",
"port": [],
"readiness_probe": [],
"resources": [
{
"limits": [
{
"cpu": "100m",
"memory": "300Mi"
}
],
"requests": [
{
"cpu": "100m",
"memory": "300Mi"
}
]
}
],
"security_context": [],
"startup_probe": [],
"stdin": false,
"stdin_once": false,
"termination_message_path": "/dev/termination-log",
"tty": false,
"volume_mount": [
{
"mount_path": "/etc/ssl/certs/ca-certificates.crt",
"mount_propagation": "None",
"name": "ssl-certs",
"read_only": true,
"sub_path": ""
}
],
"working_dir": ""
}
],
"dns_config": [],
"dns_policy": "ClusterFirst",
"host_aliases": [],
"host_ipc": false,
"host_network": false,
"host_pid": false,
"hostname": "",
"image_pull_secrets": [],
"init_container": [],
"node_name": "",
"node_selector": {},
"priority_class_name": "",
"restart_policy": "Always",
"security_context": [],
"service_account_name": "cluster-autoscaler",
"share_process_namespace": false,
"subdomain": "",
"termination_grace_period_seconds": 30,
"toleration": [],
"volume": [
{
"aws_elastic_block_store": [],
"azure_disk": [],
"azure_file": [],
"ceph_fs": [],
"cinder": [],
"config_map": [],
"csi": [],
"downward_api": [],
"empty_dir": [],
"fc": [],
"flex_volume": [],
"flocker": [],
"gce_persistent_disk": [],
"git_repo": [],
"glusterfs": [],
"host_path": [
{
"path": "/etc/ssl/certs/ca-bundle.crt",
"type": ""
}
],
"iscsi": [],
"local": [],
"name": "ssl-certs",
"nfs": [],
"persistent_volume_claim": [],
"photon_persistent_disk": [],
"quobyte": [],
"rbd": [],
"secret": [],
"vsphere_volume": []
}
]
}
]
}
]
}
],
"timeouts": null,
"wait_for_rollout": true
},
"after_unknown": {}
}
},
{
"address": "kubernetes_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "852",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/roles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"resource_names": [],
"resources": [
"configmaps"
],
"verbs": [
"create",
"list",
"watch"
]
},
{
"api_groups": [
""
],
"resource_names": [
"cluster-autoscaler-priority-expander",
"cluster-autoscaler-status"
],
"resources": [
"configmaps"
],
"verbs": [
"delete",
"get",
"update",
"watch"
]
}
]
},
"after": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "852",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/roles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"resource_names": [],
"resources": [
"configmaps"
],
"verbs": [
"create",
"list",
"watch"
]
},
{
"api_groups": [
""
],
"resource_names": [
"cluster-autoscaler-priority-expander",
"cluster-autoscaler-status"
],
"resources": [
"configmaps"
],
"verbs": [
"delete",
"get",
"update",
"watch"
]
}
]
},
"after_unknown": {}
}
},
{
"address": "kubernetes_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "853",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/rolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "Role",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"after": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "853",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/rolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "Role",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"after_unknown": {}
}
},
{
"address": "kubernetes_service_account.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_service_account",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"change": {
"actions": [
"no-op"
],
"before": {
"automount_service_account_token": true,
"default_secret_name": "cluster-autoscaler-token-twqhk",
"id": "kube-system/cluster-autoscaler",
"image_pull_secret": [],
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "850",
"self_link": "/api/v1/namespaces/kube-system/serviceaccounts/cluster-autoscaler",
"uid": "uid"
}
],
"secret": [],
"timeouts": null
},
"after": {
"automount_service_account_token": true,
"default_secret_name": "cluster-autoscaler-token-twqhk",
"id": "kube-system/cluster-autoscaler",
"image_pull_secret": [],
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "850",
"self_link": "/api/v1/namespaces/kube-system/serviceaccounts/cluster-autoscaler",
"uid": "uid"
}
],
"secret": [],
"timeouts": null
},
"after_unknown": {}
}
},
{
"address": "module.eks.aws_eks_cluster.this[0]",
"module_address": "module.eks",
"mode": "managed",
"type": "aws_eks_cluster",
"name": "this",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"create",
"delete"
],
"before": {
"arn": "arn:aws:eks:ca-central-1:307819520923:cluster/production",
"certificate_authority": [
{
"data": "data="
}
],
"created_at": "2020-09-01 14:18:35 +0000 UTC",
"enabled_cluster_log_types": [],
"encryption_config": [],
"endpoint": "https://plop.sk1.ca-central-1.eks.amazonaws.com",
"id": "production",
"identity": [
{
"oidc": [
{
"issuer": "https://oidc.eks.ca-central-1.amazonaws.com/id/plop"
}
]
}
],
"name": "production",
"platform_version": "eks.2",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"status": "ACTIVE",
"tags": {
"Environment": "production"
},
"timeouts": {
"create": "30m",
"delete": "15m",
"update": null
},
"version": "1.17",
"vpc_config": [
{
"cluster_security_group_id": "sg-aaaaaaaaaaaaaaaaa",
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"vpc_id": "vpc-XXX"
}
]
},
"after": {
"enabled_cluster_log_types": null,
"encryption_config": [],
"name": "development",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"tags": {
"Environment": "development"
},
"timeouts": {
"create": "30m",
"delete": "15m",
"update": null
},
"version": "1.17",
"vpc_config": [
{
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
]
}
]
},
"after_unknown": {
"arn": true,
"certificate_authority": true,
"created_at": true,
"encryption_config": [],
"endpoint": true,
"id": true,
"identity": true,
"platform_version": true,
"status": true,
"tags": {},
"timeouts": {},
"vpc_config": [
{
"cluster_security_group_id": true,
"public_access_cidrs": [
false
],
"security_group_ids": [
false
],
"subnet_ids": [
false,
false
],
"vpc_id": true
}
]
}
}
},
{
"address": "module.eks.data.aws_iam_policy_document.cluster_assume_role_policy",
"module_address": "module.eks",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cluster_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "1111111111",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSClusterAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"eks.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSClusterAssumeRole"
}
],
"version": "2012-10-17"
},
"after": {
"id": "1111111111",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSClusterAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"eks.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSClusterAssumeRole"
}
],
"version": "2012-10-17"
},
"after_unknown": {}
}
},
{
"address": "module.eks.data.aws_iam_policy_document.workers_assume_role_policy",
"module_address": "module.eks",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "workers_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"no-op"
],
"before": {
"id": "0000000000",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSWorkerAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"ec2.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSWorkerAssumeRole"
}
],
"version": "2012-10-17"
},
"after": {
"id": "0000000000",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSWorkerAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"ec2.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSWorkerAssumeRole"
}
],
"version": "2012-10-17"
},
"after_unknown": {}
}
},
{
"address": "module.eks.data.null_data_source.node_groups[0]",
"module_address": "module.eks",
"mode": "data",
"type": "null_data_source",
"name": "node_groups",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/null",
"change": {
"actions": [
"read"
],
"before": null,
"after": {
"has_computed_default": "default",
"id": "static",
"inputs": {
"aws_auth": "",
"cluster_name": "development",
"role_CNI_Policy": "",
"role_Container": "",
"role_NodePolicy": ""
},
"outputs": {
"aws_auth": "",
"cluster_name": "development",
"role_CNI_Policy": "",
"role_Container": "",
"role_NodePolicy": ""
},
"random": "8478631925225246376"
},
"after_unknown": {}
}
},
{
"address": "module.eks.local_file.kubeconfig[0]",
"module_address": "module.eks",
"mode": "managed",
"type": "local_file",
"name": "kubeconfig",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/local",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"content_base64": null,
"directory_permission": "0755",
"file_permission": "0644",
"filename": "./kubeconfig_development",
"sensitive_content": null
},
"after_unknown": {
"content": true,
"id": true
}
}
},
{
"address": "module.eks.module.node_groups.aws_eks_node_group.workers[\"my-node\"]",
"module_address": "module.eks.module.node_groups",
"mode": "managed",
"type": "aws_eks_node_group",
"name": "workers",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"create",
"delete"
],
"before": {
"ami_type": "AL2_x86_64",
"arn": "arn:aws:eks:ca-central-1:307819520923:nodegroup/production/production-my-node-dominant-moose/6eba2509-ca3e-10b8-373a-007866b5d2c3",
"cluster_name": "production",
"disk_size": 20,
"force_update_version": null,
"id": "production:production-my-node-dominant-moose",
"instance_types": [
"t3.xlarge"
],
"labels": {
"Environment": "production"
},
"node_group_name": "production-my-node-dominant-moose",
"node_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"release_version": "1.17.9-20200821",
"remote_access": [
{
"ec2_ssh_key": "eks-ssh-nodes",
"source_security_group_ids": []
}
],
"resources": [
{
"autoscaling_groups": [
{
"name": "eks-6eba2509-ca3e-10b8-373a-007866b5d2c3"
}
],
"remote_access_security_group_id": "sg-aaaaaaaaaaaaaaaaa"
}
],
"scaling_config": [
{
"desired_size": 1,
"max_size": 3,
"min_size": 1
}
],
"status": "ACTIVE",
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"tags": {
"Environment": "production"
},
"timeouts": null,
"version": "1.17"
},
"after": {
"ami_type": "AL2_x86_64",
"cluster_name": "development",
"force_update_version": null,
"instance_types": [
"t3.xlarge"
],
"labels": {
"Environment": "development"
},
"node_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"remote_access": [
{
"ec2_ssh_key": "eks-ssh-nodes",
"source_security_group_ids": null
}
],
"scaling_config": [
{
"desired_size": 1,
"max_size": 3,
"min_size": 1
}
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"tags": {
"Environment": "development"
},
"timeouts": null,
"version": "1.17"
},
"after_unknown": {
"arn": true,
"disk_size": true,
"id": true,
"instance_types": [
false
],
"labels": {},
"node_group_name": true,
"release_version": true,
"remote_access": [
{}
],
"resources": true,
"scaling_config": [
{}
],
"status": true,
"subnet_ids": [
false,
false
],
"tags": {}
}
}
},
{
"address": "module.eks.module.node_groups.random_pet.node_groups[\"my-node\"]",
"module_address": "module.eks.module.node_groups",
"mode": "managed",
"type": "random_pet",
"name": "node_groups",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/random",
"change": {
"actions": [
"create",
"delete"
],
"before": {
"id": "dominant-moose",
"keepers": {
"ami_type": "AL2_x86_64",
"iam_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"instance_type": "t3.xlarge",
"key_name": "eks-ssh-nodes",
"node_group_name": "production-my-node",
"source_security_group_ids": "",
"subnet_ids": "subnet-aaaaaaaaaaaaaaaaa"
},
"length": 2,
"prefix": null,
"separator": "-"
},
"after": {
"keepers": {
"ami_type": "AL2_x86_64",
"iam_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"instance_type": "t3.xlarge",
"key_name": "eks-ssh-nodes",
"node_group_name": "development-my-node",
"source_security_group_ids": "",
"subnet_ids": "subnet-aaaaaaaaaaaaaaaaa"
},
"length": 2,
"prefix": null,
"separator": "-"
},
"after_unknown": {
"id": true,
"keepers": {}
}
}
}
],
"output_changes": {
"cluster_endpoint": {
"actions": [
"create"
],
"before": null,
"after_unknown": true
},
"config_map_aws_auth": {
"actions": [
"create"
],
"before": null,
"after": [],
"after_unknown": false
},
"kubectl_config": {
"actions": [
"create"
],
"before": null,
"after_unknown": true
}
},
"prior_state": {
"format_version": "0.1",
"terraform_version": "0.13.2",
"values": {
"outputs": {
"cluster_endpoint": {
"sensitive": false,
"value": "https://plop.sk1.ca-central-1.eks.amazonaws.com"
},
"kubectl_config": {
"sensitive": false,
"value": "apiVersion: v1\npreferences: {}\nkind: Config\n\nclusters:\n- cluster:\n server: https://plop.sk1.ca-central-1.eks.amazonaws.com\n certificate-authority-data: data=\n name: eks_development\n\ncontexts:\n- context:\n cluster: eks_development\n user: eks_development\n name: eks_development\n\ncurrent-context: eks_development\n\nusers:\n- name: eks_development\n user:\n exec:\n apiVersion: client.authentication.k8s.io/v1alpha1\n command: aws-iam-authenticator\n args:\n - \"token\"\n - \"-i\"\n - \"production\"\n"
}
},
"root_module": {
"resources": [
{
"address": "data.aws_eks_cluster.cluster",
"mode": "data",
"type": "aws_eks_cluster",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"arn": "arn:aws:eks:ca-central-1:307819520923:cluster/production",
"certificate_authority": [
{
"data": "data="
}
],
"created_at": "2020-09-01 14:18:35 +0000 UTC",
"enabled_cluster_log_types": [],
"endpoint": "https://plop.sk1.ca-central-1.eks.amazonaws.com",
"id": "production",
"identity": [
{
"oidc": [
{
"issuer": "https://oidc.eks.ca-central-1.amazonaws.com/id/plop"
}
]
}
],
"name": "production",
"platform_version": "eks.2",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"status": "ACTIVE",
"tags": {
"Environment": "production"
},
"version": "1.17",
"vpc_config": [
{
"cluster_security_group_id": "sg-aaaaaaaaaaaaaaaaa",
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"vpc_id": "vpc-XXX"
}
]
}
},
{
"address": "data.aws_eks_cluster_auth.cluster",
"mode": "data",
"type": "aws_eks_cluster_auth",
"name": "cluster",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"id": "2020-09-08 21:57:27.511589 +0000 UTC",
"name": "production",
"token": "k8s-aws-v1.token"
}
},
{
"address": "data.aws_region.current",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"description": "Canada (Central)",
"endpoint": "ec2.ca-central-1.amazonaws.com",
"id": "ca-central-1",
"name": "ca-central-1"
}
},
{
"address": "kubernetes_cluster_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "847",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"events",
"endpoints"
],
"verbs": [
"create",
"patch"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/eviction"
],
"verbs": [
"create"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods/status"
],
"verbs": [
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"endpoints"
],
"verbs": [
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"nodes"
],
"verbs": [
"watch",
"list",
"get",
"update"
]
},
{
"api_groups": [
""
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"pods",
"services",
"replicationcontrollers",
"persistentvolumeclaims",
"persistentvolumes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"policy"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"poddisruptionbudgets"
],
"verbs": [
"watch",
"list"
]
},
{
"api_groups": [
"apps"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"statefulsets",
"replicasets",
"daemonsets"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"storage.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"storageclasses",
"csinodes"
],
"verbs": [
"watch",
"list",
"get"
]
},
{
"api_groups": [
"batch",
"extensions"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"jobs"
],
"verbs": [
"get",
"list",
"watch",
"patch"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [],
"resources": [
"leases"
],
"verbs": [
"create"
]
},
{
"api_groups": [
"coordination.k8s.io"
],
"non_resource_urls": [],
"resource_names": [
"cluster-autoscaler"
],
"resources": [
"leases"
],
"verbs": [
"get",
"update"
]
}
]
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "kubernetes_cluster_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"resource_version": "851",
"self_link": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "ClusterRole",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"kubernetes_cluster_role.cluster_autoscaler",
"kubernetes_service_account.cluster_autoscaler",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "kubernetes_deployment.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_deployment",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
},
"generate_name": "",
"generation": 1,
"labels": {
"app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "1419",
"self_link": "/apis/apps/v1/namespaces/kube-system/deployments/cluster-autoscaler",
"uid": "uid"
}
],
"spec": [
{
"min_ready_seconds": 0,
"paused": false,
"progress_deadline_seconds": 600,
"replicas": 1,
"revision_history_limit": 10,
"selector": [
{
"match_expressions": [],
"match_labels": {
"app": "cluster-autoscaler"
}
}
],
"strategy": [
{
"rolling_update": [
{
"max_surge": "25%",
"max_unavailable": "25%"
}
],
"type": "RollingUpdate"
}
],
"template": [
{
"metadata": [
{
"annotations": {
"prometheus.io/port": "8085",
"prometheus.io/scrape": "true"
},
"generate_name": "",
"generation": 0,
"labels": {
"app": "cluster-autoscaler"
},
"name": "",
"namespace": "",
"resource_version": "",
"self_link": "",
"uid": "uid"
}
],
"spec": [
{
"active_deadline_seconds": 0,
"affinity": [],
"automount_service_account_token": true,
"container": [
{
"args": [],
"command": [
"./cluster-autoscaler",
"--v=4",
"--stderrthreshold=info",
"--cloud-provider=aws",
"--skip-nodes-with-local-storage=false",
"--expander=least-waste",
"--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/production",
"--balance-similar-node-groups",
"--skip-nodes-with-system-pods=false"
],
"env": [],
"env_from": [],
"image": "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.17.3",
"image_pull_policy": "Always",
"lifecycle": [],
"liveness_probe": [],
"name": "cluster-autoscaler",
"port": [],
"readiness_probe": [],
"resources": [
{
"limits": [
{
"cpu": "100m",
"memory": "300Mi"
}
],
"requests": [
{
"cpu": "100m",
"memory": "300Mi"
}
]
}
],
"security_context": [],
"startup_probe": [],
"stdin": false,
"stdin_once": false,
"termination_message_path": "/dev/termination-log",
"tty": false,
"volume_mount": [
{
"mount_path": "/etc/ssl/certs/ca-certificates.crt",
"mount_propagation": "None",
"name": "ssl-certs",
"read_only": true,
"sub_path": ""
}
],
"working_dir": ""
}
],
"dns_config": [],
"dns_policy": "ClusterFirst",
"host_aliases": [],
"host_ipc": false,
"host_network": false,
"host_pid": false,
"hostname": "",
"image_pull_secrets": [],
"init_container": [],
"node_name": "",
"node_selector": {},
"priority_class_name": "",
"restart_policy": "Always",
"security_context": [],
"service_account_name": "cluster-autoscaler",
"share_process_namespace": false,
"subdomain": "",
"termination_grace_period_seconds": 30,
"toleration": [],
"volume": [
{
"aws_elastic_block_store": [],
"azure_disk": [],
"azure_file": [],
"ceph_fs": [],
"cinder": [],
"config_map": [],
"csi": [],
"downward_api": [],
"empty_dir": [],
"fc": [],
"flex_volume": [],
"flocker": [],
"gce_persistent_disk": [],
"git_repo": [],
"glusterfs": [],
"host_path": [
{
"path": "/etc/ssl/certs/ca-bundle.crt",
"type": ""
}
],
"iscsi": [],
"local": [],
"name": "ssl-certs",
"nfs": [],
"persistent_volume_claim": [],
"photon_persistent_disk": [],
"quobyte": [],
"rbd": [],
"secret": [],
"vsphere_volume": []
}
]
}
]
}
]
}
],
"timeouts": null,
"wait_for_rollout": true
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "kubernetes_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "852",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/roles/cluster-autoscaler",
"uid": "uid"
}
],
"rule": [
{
"api_groups": [
""
],
"resource_names": [],
"resources": [
"configmaps"
],
"verbs": [
"create",
"list",
"watch"
]
},
{
"api_groups": [
""
],
"resource_names": [
"cluster-autoscaler-priority-expander",
"cluster-autoscaler-status"
],
"resources": [
"configmaps"
],
"verbs": [
"delete",
"get",
"update",
"watch"
]
}
]
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"kubernetes_service_account.cluster_autoscaler",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "kubernetes_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role_binding",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"id": "kube-system/cluster-autoscaler",
"metadata": [
{
"annotations": {},
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "853",
"self_link": "/apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/rolebindings/cluster-autoscaler",
"uid": "uid"
}
],
"role_ref": [
{
"api_group": "rbac.authorization.k8s.io",
"kind": "Role",
"name": "cluster-autoscaler"
}
],
"subject": [
{
"api_group": "",
"kind": "ServiceAccount",
"name": "cluster-autoscaler",
"namespace": "kube-system"
}
]
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"kubernetes_role.cluster_autoscaler",
"kubernetes_service_account.cluster_autoscaler",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "kubernetes_service_account.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_service_account",
"name": "cluster_autoscaler",
"provider_name": "registry.terraform.io/hashicorp/kubernetes",
"schema_version": 0,
"values": {
"automount_service_account_token": true,
"default_secret_name": "cluster-autoscaler-token-twqhk",
"id": "kube-system/cluster-autoscaler",
"image_pull_secret": [],
"metadata": [
{
"annotations": {},
"generate_name": "",
"generation": 0,
"labels": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
},
"name": "cluster-autoscaler",
"namespace": "kube-system",
"resource_version": "850",
"self_link": "/api/v1/namespaces/kube-system/serviceaccounts/cluster-autoscaler",
"uid": "uid"
}
],
"secret": [],
"timeouts": null
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.null_resource.wait_for_cluster"
]
}
],
"child_modules": [
{
"resources": [
{
"address": "module.datasource.data.aws_caller_identity.current",
"mode": "data",
"type": "aws_caller_identity",
"name": "current",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"account_id": "307819520923",
"arn": "arn:aws:iam::000000000000:user/sa-57a765f276be842bad85adff380c97c018a71fae1294bcfb2d5008f78eb91",
"id": "2020-09-08 21:57:27.229025 +0000 UTC",
"user_id": "uid"
}
},
{
"address": "module.datasource.data.aws_region.current",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"description": "Canada (Central)",
"endpoint": "ec2.ca-central-1.amazonaws.com",
"id": "ca-central-1",
"name": "ca-central-1"
}
},
{
"address": "module.datasource.data.aws_security_group.eks-entrypoints",
"mode": "data",
"type": "aws_security_group",
"name": "eks-entrypoints",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"arn": "arn:aws:ec2:ca-central-1:307819520923:security-group/sg-00b35f464094c48b7",
"description": "Default security group to communicate with EKS.",
"filter": null,
"id": "sg-aaaaaaaaaaaaaaaaa",
"name": "secgrp-eks-entrypoints",
"tags": {
"Name": "secgrp-eks-entrypoints",
"id": "sg-aaaaaaaaaaaaaaaaa",
"managed-by": "enroller"
},
"vpc_id": "vpc-XXX"
}
},
{
"address": "module.datasource.data.aws_subnet_ids.subnets",
"mode": "data",
"type": "aws_subnet_ids",
"name": "subnets",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"filter": [
{
"name": "availability-zone",
"values": [
"ca-central-1a",
"ca-central-1b"
]
}
],
"id": "vpc-XXX",
"ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"tags": null,
"vpc_id": "vpc-XXX"
}
},
{
"address": "module.datasource.data.aws_vpc.shared_vpc",
"mode": "data",
"type": "aws_vpc",
"name": "shared_vpc",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"arn": "arn:aws:ec2:ca-central-1:307819520923:vpc/vpc-XXX",
"cidr_block": "10.48.0.0/16",
"cidr_block_associations": [
{
"association_id": "vpc-cidr-assoc-0d03ae85b4df32806",
"cidr_block": "10.48.0.0/16",
"state": "associated"
}
],
"default": false,
"dhcp_options_id": "dopt-0c14e697228a98e78",
"enable_dns_hostnames": true,
"enable_dns_support": true,
"filter": null,
"id": "vpc-XXX",
"instance_tenancy": "default",
"ipv6_association_id": null,
"ipv6_cidr_block": null,
"main_route_table_id": "rtb-04f5eff8aee24a892",
"owner_id": "786457243765",
"state": "available",
"tags": {}
}
}
],
"address": "module.datasource"
},
{
"resources": [
{
"address": "module.eks.aws_eks_cluster.this[0]",
"mode": "managed",
"type": "aws_eks_cluster",
"name": "this",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"arn": "arn:aws:eks:ca-central-1:307819520923:cluster/production",
"certificate_authority": [
{
"data": "data="
}
],
"created_at": "2020-09-01 14:18:35 +0000 UTC",
"enabled_cluster_log_types": [],
"encryption_config": [],
"endpoint": "https://plop.sk1.ca-central-1.eks.amazonaws.com",
"id": "production",
"identity": [
{
"oidc": [
{
"issuer": "https://oidc.eks.ca-central-1.amazonaws.com/id/plop"
}
]
}
],
"name": "production",
"platform_version": "eks.2",
"role_arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"status": "ACTIVE",
"tags": {
"Environment": "production"
},
"timeouts": {
"create": "30m",
"delete": "15m",
"update": null
},
"version": "1.17",
"vpc_config": [
{
"cluster_security_group_id": "sg-aaaaaaaaaaaaaaaaa",
"endpoint_private_access": true,
"endpoint_public_access": false,
"public_access_cidrs": [
"0.0.0.0/0"
],
"security_group_ids": [
"sg-aaaaaaaaaaaaaaaaa"
],
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"vpc_id": "vpc-XXX"
}
]
},
"depends_on": [
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_iam_role.custom_cluster_iam_role"
]
},
{
"address": "module.eks.data.aws_ami.eks_worker",
"mode": "data",
"type": "aws_ami",
"name": "eks_worker",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"architecture": "x86_64",
"arn": "arn:aws:ec2:ca-central-1::image/ami-0ef7d671940c2700e",
"block_device_mappings": [
{
"device_name": "/dev/xvda",
"ebs": {
"delete_on_termination": "true",
"encrypted": "false",
"iops": "0",
"snapshot_id": "snap-0812d769980aedef0",
"volume_size": "20",
"volume_type": "gp2"
},
"no_device": "",
"virtual_name": ""
}
],
"creation_date": "2020-09-04T10:46:10.000Z",
"description": "EKS Kubernetes Worker AMI with AmazonLinux2 image, (k8s: 1.17.9, docker:19.03.6ce-4.amzn2)",
"executable_users": null,
"filter": [
{
"name": "name",
"values": [
"amazon-eks-node-1.17-v*"
]
}
],
"hypervisor": "xen",
"id": "ami-0ef7d671940c2700e",
"image_id": "ami-0ef7d671940c2700e",
"image_location": "amazon/amazon-eks-node-1.17-v20200904",
"image_owner_alias": "amazon",
"image_type": "machine",
"kernel_id": null,
"most_recent": true,
"name": "amazon-eks-node-1.17-v20200904",
"name_regex": null,
"owner_id": "602401143452",
"owners": [
"602401143452"
],
"platform": null,
"product_codes": [],
"public": true,
"ramdisk_id": null,
"root_device_name": "/dev/xvda",
"root_device_type": "ebs",
"root_snapshot_id": "snap-0812d769980aedef0",
"sriov_net_support": "simple",
"state": "available",
"state_reason": {
"code": "UNSET",
"message": "UNSET"
},
"tags": {},
"virtualization_type": "hvm"
}
},
{
"address": "module.eks.data.aws_ami.eks_worker_windows",
"mode": "data",
"type": "aws_ami",
"name": "eks_worker_windows",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"architecture": "x86_64",
"arn": "arn:aws:ec2:ca-central-1::image/ami-0c0380079bfc12672",
"block_device_mappings": [
{
"device_name": "/dev/sda1",
"ebs": {
"delete_on_termination": "true",
"encrypted": "false",
"iops": "0",
"snapshot_id": "snap-0e258c8af119d01a3",
"volume_size": "50",
"volume_type": "gp2"
},
"no_device": "",
"virtual_name": ""
},
{
"device_name": "xvdca",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral0"
},
{
"device_name": "xvdcb",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral1"
},
{
"device_name": "xvdcc",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral2"
},
{
"device_name": "xvdcd",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral3"
},
{
"device_name": "xvdce",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral4"
},
{
"device_name": "xvdcf",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral5"
},
{
"device_name": "xvdcg",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral6"
},
{
"device_name": "xvdch",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral7"
},
{
"device_name": "xvdci",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral8"
},
{
"device_name": "xvdcj",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral9"
},
{
"device_name": "xvdck",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral10"
},
{
"device_name": "xvdcl",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral11"
},
{
"device_name": "xvdcm",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral12"
},
{
"device_name": "xvdcn",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral13"
},
{
"device_name": "xvdco",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral14"
},
{
"device_name": "xvdcp",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral15"
},
{
"device_name": "xvdcq",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral16"
},
{
"device_name": "xvdcr",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral17"
},
{
"device_name": "xvdcs",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral18"
},
{
"device_name": "xvdct",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral19"
},
{
"device_name": "xvdcu",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral20"
},
{
"device_name": "xvdcv",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral21"
},
{
"device_name": "xvdcw",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral22"
},
{
"device_name": "xvdcx",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral23"
},
{
"device_name": "xvdcy",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral24"
},
{
"device_name": "xvdcz",
"ebs": {},
"no_device": "",
"virtual_name": "ephemeral25"
}
],
"creation_date": "2020-08-14T00:08:36.000Z",
"description": "Microsoft Windows Server 2019 Core optimized for EKS and provided by Amazon",
"executable_users": null,
"filter": [
{
"name": "name",
"values": [
"Windows_Server-2019-English-Core-EKS_Optimized-1.17-*"
]
},
{
"name": "platform",
"values": [
"windows"
]
}
],
"hypervisor": "xen",
"id": "ami-0c0380079bfc12672",
"image_id": "ami-0c0380079bfc12672",
"image_location": "amazon/Windows_Server-2019-English-Core-EKS_Optimized-1.17-2020.08.13",
"image_owner_alias": "amazon",
"image_type": "machine",
"kernel_id": null,
"most_recent": true,
"name": "Windows_Server-2019-English-Core-EKS_Optimized-1.17-2020.08.13",
"name_regex": null,
"owner_id": "801119661308",
"owners": [
"801119661308"
],
"platform": "windows",
"product_codes": [],
"public": true,
"ramdisk_id": null,
"root_device_name": "/dev/sda1",
"root_device_type": "ebs",
"root_snapshot_id": "snap-0e258c8af119d01a3",
"sriov_net_support": "simple",
"state": "available",
"state_reason": {
"code": "UNSET",
"message": "UNSET"
},
"tags": {},
"virtualization_type": "hvm"
}
},
{
"address": "module.eks.data.aws_caller_identity.current",
"mode": "data",
"type": "aws_caller_identity",
"name": "current",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"account_id": "307819520923",
"arn": "arn:aws:iam::000000000000:user/sa-57a765f276be842bad85adff380c97c018a71fae1294bcfb2d5008f78eb91",
"id": "2020-09-08 21:57:26.740186 +0000 UTC",
"user_id": "uid"
}
},
{
"address": "module.eks.data.aws_iam_policy_document.cluster_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cluster_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"id": "1111111111",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSClusterAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"eks.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSClusterAssumeRole"
}
],
"version": "2012-10-17"
}
},
{
"address": "module.eks.data.aws_iam_policy_document.workers_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "workers_assume_role_policy",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"id": "0000000000",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"EKSWorkerAssumeRole\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"sts:AssumeRole"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"ec2.amazonaws.com"
],
"type": "Service"
}
],
"resources": [],
"sid": "EKSWorkerAssumeRole"
}
],
"version": "2012-10-17"
}
},
{
"address": "module.eks.data.aws_iam_role.custom_cluster_iam_role[0]",
"mode": "data",
"type": "aws_iam_role",
"name": "custom_cluster_iam_role",
"index": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"arn": "arn:aws:iam::000000000000:role/EKSClusterServiceRole",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Action\":\"sts:AssumeRole\",\"Condition\":{}}]}",
"create_date": "2020-05-06T21:57:26Z",
"description": "",
"id": "EKSClusterServiceRole",
"max_session_duration": 3600,
"name": "EKSClusterServiceRole",
"path": "/",
"permissions_boundary": "",
"tags": {
"managed_by": "enroller"
},
"unique_id": "uid"
}
},
{
"address": "module.eks.data.aws_partition.current",
"mode": "data",
"type": "aws_partition",
"name": "current",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"dns_suffix": "amazonaws.com",
"id": "2020-09-08 21:57:26.454337 +0000 UTC",
"partition": "aws"
}
}
],
"address": "module.eks",
"child_modules": [
{
"resources": [
{
"address": "module.eks.module.node_groups.aws_eks_node_group.workers[\"my-node\"]",
"mode": "managed",
"type": "aws_eks_node_group",
"name": "workers",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"ami_type": "AL2_x86_64",
"arn": "arn:aws:eks:ca-central-1:307819520923:nodegroup/production/production-my-node-dominant-moose/6eba2509-ca3e-10b8-373a-007866b5d2c3",
"cluster_name": "production",
"disk_size": 20,
"force_update_version": null,
"id": "production:production-my-node-dominant-moose",
"instance_types": [
"t3.xlarge"
],
"labels": {
"Environment": "production"
},
"node_group_name": "production-my-node-dominant-moose",
"node_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"release_version": "1.17.9-20200821",
"remote_access": [
{
"ec2_ssh_key": "eks-ssh-nodes",
"source_security_group_ids": []
}
],
"resources": [
{
"autoscaling_groups": [
{
"name": "eks-6eba2509-ca3e-10b8-373a-007866b5d2c3"
}
],
"remote_access_security_group_id": "sg-aaaaaaaaaaaaaaaaa"
}
],
"scaling_config": [
{
"desired_size": 1,
"max_size": 3,
"min_size": 1
}
],
"status": "ACTIVE",
"subnet_ids": [
"subnet-aaaaaaaaaaaaaaaaa",
"subnet-aaaaaaaaaaaaaaaaa"
],
"tags": {
"Environment": "production"
},
"timeouts": null,
"version": "1.17"
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"module.datasource.data.aws_caller_identity.current",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role.workers",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_ami.eks_worker",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.data.null_data_source.node_groups",
"module.eks.kubernetes_config_map.aws_auth",
"module.eks.module.node_groups.random_pet.node_groups",
"module.eks.null_resource.wait_for_cluster"
]
},
{
"address": "module.eks.module.node_groups.random_pet.node_groups[\"my-node\"]",
"mode": "managed",
"type": "random_pet",
"name": "node_groups",
"index": "my-node",
"provider_name": "registry.terraform.io/hashicorp/random",
"schema_version": 0,
"values": {
"id": "dominant-moose",
"keepers": {
"ami_type": "AL2_x86_64",
"iam_role_arn": "arn:aws:iam::000000000000:role/EKSNodeGroupServiceRole",
"instance_type": "t3.xlarge",
"key_name": "eks-ssh-nodes",
"node_group_name": "production-my-node",
"source_security_group_ids": "",
"subnet_ids": "subnet-aaaaaaaaaaaaaaaaa"
},
"length": 2,
"prefix": null,
"separator": "-"
},
"depends_on": [
"data.aws_eks_cluster.cluster",
"data.aws_eks_cluster_auth.cluster",
"module.datasource.data.aws_caller_identity.current",
"module.datasource.data.aws_security_group.eks-entrypoints",
"module.datasource.data.aws_subnet_ids.subnets",
"module.eks.aws_cloudwatch_log_group.this",
"module.eks.aws_eks_cluster.this",
"module.eks.aws_iam_role.cluster",
"module.eks.aws_iam_role.workers",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"module.eks.aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy",
"module.eks.aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy",
"module.eks.aws_security_group.cluster",
"module.eks.data.aws_ami.eks_worker",
"module.eks.data.aws_iam_role.custom_cluster_iam_role",
"module.eks.data.null_data_source.node_groups",
"module.eks.kubernetes_config_map.aws_auth",
"module.eks.null_resource.wait_for_cluster"
]
}
],
"address": "module.eks.module.node_groups"
}
]
}
]
}
}
},
"configuration": {
"provider_config": {
"aws": {
"name": "aws",
"version_constraint": "\u003e= 2.38.0",
"expressions": {
"region": {
"references": [
"var.region"
]
}
}
},
"kubernetes": {
"name": "kubernetes",
"version_constraint": "~\u003e 1.12",
"expressions": {
"cluster_ca_certificate": {
"references": [
"data.aws_eks_cluster.cluster"
]
},
"host": {
"references": [
"data.aws_eks_cluster.cluster"
]
},
"load_config_file": {
"constant_value": false
},
"token": {
"references": [
"data.aws_eks_cluster_auth.cluster"
]
}
}
},
"module.datasource:aws": {
"name": "aws",
"version_constraint": "\u003e= 2.38.0",
"module_address": "module.datasource",
"expressions": {
"region": {
"constant_value": "ca-central-1"
}
}
}
},
"root_module": {
"outputs": {
"cluster_endpoint": {
"expression": {
"references": [
"module.eks.cluster_endpoint"
]
},
"description": "Endpoint for EKS control plane."
},
"config_map_aws_auth": {
"expression": {
"references": [
"module.eks.config_map_aws_auth"
]
},
"description": "A kubernetes configuration to authenticate to this EKS cluster."
},
"kubectl_config": {
"expression": {
"references": [
"module.eks.kubeconfig"
]
},
"description": "kubectl config as generated by the module."
}
},
"resources": [
{
"address": "kubernetes_cluster_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"metadata": [
{
"labels": {
"references": [
"var.kubernetes_autoscaler_resources_labels"
]
},
"name": {
"constant_value": "cluster-autoscaler"
}
}
],
"rule": [
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"events",
"endpoints"
]
},
"verbs": {
"constant_value": [
"create",
"patch"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"pods/eviction"
]
},
"verbs": {
"constant_value": [
"create"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"pods/status"
]
},
"verbs": {
"constant_value": [
"update"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resource_names": {
"constant_value": [
"cluster-autoscaler"
]
},
"resources": {
"constant_value": [
"endpoints"
]
},
"verbs": {
"constant_value": [
"get",
"update"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"nodes"
]
},
"verbs": {
"constant_value": [
"watch",
"list",
"get",
"update"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"pods",
"services",
"replicationcontrollers",
"persistentvolumeclaims",
"persistentvolumes"
]
},
"verbs": {
"constant_value": [
"watch",
"list",
"get"
]
}
},
{
"api_groups": {
"constant_value": [
"extensions"
]
},
"resources": {
"constant_value": [
"replicasets",
"daemonsets"
]
},
"verbs": {
"constant_value": [
"watch",
"list",
"get"
]
}
},
{
"api_groups": {
"constant_value": [
"policy"
]
},
"resources": {
"constant_value": [
"poddisruptionbudgets"
]
},
"verbs": {
"constant_value": [
"watch",
"list"
]
}
},
{
"api_groups": {
"constant_value": [
"apps"
]
},
"resources": {
"constant_value": [
"statefulsets",
"replicasets",
"daemonsets"
]
},
"verbs": {
"constant_value": [
"watch",
"list",
"get"
]
}
},
{
"api_groups": {
"constant_value": [
"storage.k8s.io"
]
},
"resources": {
"constant_value": [
"storageclasses",
"csinodes"
]
},
"verbs": {
"constant_value": [
"watch",
"list",
"get"
]
}
},
{
"api_groups": {
"constant_value": [
"batch",
"extensions"
]
},
"resources": {
"constant_value": [
"jobs"
]
},
"verbs": {
"constant_value": [
"get",
"list",
"watch",
"patch"
]
}
},
{
"api_groups": {
"constant_value": [
"coordination.k8s.io"
]
},
"resources": {
"constant_value": [
"leases"
]
},
"verbs": {
"constant_value": [
"create"
]
}
},
{
"api_groups": {
"constant_value": [
"coordination.k8s.io"
]
},
"resource_names": {
"constant_value": [
"cluster-autoscaler"
]
},
"resources": {
"constant_value": [
"leases"
]
},
"verbs": {
"constant_value": [
"get",
"update"
]
}
}
]
},
"schema_version": 0
},
{
"address": "kubernetes_cluster_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_cluster_role_binding",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"metadata": [
{
"labels": {
"references": [
"var.kubernetes_autoscaler_resources_labels"
]
},
"name": {
"constant_value": "cluster-autoscaler"
}
}
],
"role_ref": [
{
"api_group": {
"constant_value": "rbac.authorization.k8s.io"
},
"kind": {
"constant_value": "ClusterRole"
},
"name": {
"references": [
"kubernetes_cluster_role.cluster_autoscaler"
]
}
}
],
"subject": [
{
"kind": {
"constant_value": "ServiceAccount"
},
"name": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
},
"namespace": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
}
}
]
},
"schema_version": 0
},
{
"address": "kubernetes_deployment.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_deployment",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"metadata": [
{
"annotations": {
"constant_value": {
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
}
},
"labels": {
"constant_value": {
"app": "cluster-autoscaler"
}
},
"name": {
"constant_value": "cluster-autoscaler"
},
"namespace": {
"constant_value": "kube-system"
}
}
],
"spec": [
{
"replicas": {
"constant_value": 1
},
"selector": [
{
"match_labels": {
"constant_value": {
"app": "cluster-autoscaler"
}
}
}
],
"template": [
{
"metadata": [
{
"annotations": {
"constant_value": {
"prometheus.io/port": "8085",
"prometheus.io/scrape": "true"
}
},
"labels": {
"constant_value": {
"app": "cluster-autoscaler"
}
}
}
],
"spec": [
{
"automount_service_account_token": {
"constant_value": true
},
"container": [
{
"command": {
"references": [
"var.cluster_name"
]
},
"image": {
"references": [
"var.kubernetes_autoscaler_image"
]
},
"image_pull_policy": {
"constant_value": "Always"
},
"name": {
"constant_value": "cluster-autoscaler"
},
"resources": [
{
"limits": [
{
"cpu": {
"constant_value": "100m"
},
"memory": {
"constant_value": "300Mi"
}
}
],
"requests": [
{
"cpu": {
"constant_value": "100m"
},
"memory": {
"constant_value": "300Mi"
}
}
]
}
],
"volume_mount": [
{
"mount_path": {
"constant_value": "/etc/ssl/certs/ca-certificates.crt"
},
"name": {
"constant_value": "ssl-certs"
},
"read_only": {
"constant_value": true
}
}
]
}
],
"service_account_name": {
"constant_value": "cluster-autoscaler"
},
"volume": [
{
"host_path": [
{
"path": {
"constant_value": "/etc/ssl/certs/ca-bundle.crt"
}
}
],
"name": {
"constant_value": "ssl-certs"
}
}
]
}
]
}
]
}
]
},
"schema_version": 0
},
{
"address": "kubernetes_role.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"metadata": [
{
"labels": {
"references": [
"var.kubernetes_autoscaler_resources_labels"
]
},
"name": {
"constant_value": "cluster-autoscaler"
},
"namespace": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
}
}
],
"rule": [
{
"api_groups": {
"constant_value": [
""
]
},
"resources": {
"constant_value": [
"configmaps"
]
},
"verbs": {
"constant_value": [
"create",
"list",
"watch"
]
}
},
{
"api_groups": {
"constant_value": [
""
]
},
"resource_names": {
"constant_value": [
"cluster-autoscaler-status",
"cluster-autoscaler-priority-expander"
]
},
"resources": {
"constant_value": [
"configmaps"
]
},
"verbs": {
"constant_value": [
"delete",
"get",
"update",
"watch"
]
}
}
]
},
"schema_version": 0
},
{
"address": "kubernetes_role_binding.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_role_binding",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"metadata": [
{
"labels": {
"references": [
"var.kubernetes_autoscaler_resources_labels"
]
},
"name": {
"constant_value": "cluster-autoscaler"
},
"namespace": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
}
}
],
"role_ref": [
{
"api_group": {
"constant_value": "rbac.authorization.k8s.io"
},
"kind": {
"constant_value": "Role"
},
"name": {
"references": [
"kubernetes_role.cluster_autoscaler"
]
}
}
],
"subject": [
{
"kind": {
"constant_value": "ServiceAccount"
},
"name": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
},
"namespace": {
"references": [
"kubernetes_service_account.cluster_autoscaler"
]
}
}
]
},
"schema_version": 0
},
{
"address": "kubernetes_service_account.cluster_autoscaler",
"mode": "managed",
"type": "kubernetes_service_account",
"name": "cluster_autoscaler",
"provider_config_key": "kubernetes",
"expressions": {
"automount_service_account_token": {
"constant_value": true
},
"metadata": [
{
"labels": {
"references": [
"var.kubernetes_autoscaler_resources_labels"
]
},
"name": {
"constant_value": "cluster-autoscaler"
},
"namespace": {
"constant_value": "kube-system"
}
}
]
},
"schema_version": 0
},
{
"address": "data.aws_eks_cluster.cluster",
"mode": "data",
"type": "aws_eks_cluster",
"name": "cluster",
"provider_config_key": "aws",
"expressions": {
"name": {
"references": [
"module.eks.cluster_id"
]
}
},
"schema_version": 0
},
{
"address": "data.aws_eks_cluster_auth.cluster",
"mode": "data",
"type": "aws_eks_cluster_auth",
"name": "cluster",
"provider_config_key": "aws",
"expressions": {
"name": {
"references": [
"module.eks.cluster_id"
]
}
},
"schema_version": 0
},
{
"address": "data.aws_region.current",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider_config_key": "aws",
"schema_version": 0
}
],
"module_calls": {
"datasource": {
"source": "./datasource",
"expressions": {
"availability_zone": {
"references": [
"var.availability_zone"
]
},
"vpc_id": {
"references": [
"var.vpc_id"
]
}
},
"module": {
"outputs": {
"account_id": {
"expression": {
"references": [
"data.aws_caller_identity.current"
]
}
},
"aws_subnet_ids": {
"expression": {
"references": [
"data.aws_subnet_ids.subnets"
]
}
},
"eks_security_group": {
"expression": {
"references": [
"data.aws_security_group.eks-entrypoints"
]
}
},
"shared_vpc": {
"expression": {
"references": [
"data.aws_vpc.shared_vpc"
]
}
}
},
"resources": [
{
"address": "data.aws_caller_identity.current",
"mode": "data",
"type": "aws_caller_identity",
"name": "current",
"provider_config_key": "datasource:aws",
"schema_version": 0
},
{
"address": "data.aws_region.current",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider_config_key": "datasource:aws",
"schema_version": 0
},
{
"address": "data.aws_security_group.eks-entrypoints",
"mode": "data",
"type": "aws_security_group",
"name": "eks-entrypoints",
"provider_config_key": "datasource:aws",
"expressions": {
"name": {
"constant_value": "secgrp-eks-entrypoints"
}
},
"schema_version": 0
},
{
"address": "data.aws_subnet_ids.subnets",
"mode": "data",
"type": "aws_subnet_ids",
"name": "subnets",
"provider_config_key": "datasource:aws",
"expressions": {
"filter": [
{
"name": {
"constant_value": "availability-zone"
},
"values": {
"references": [
"var.availability_zone"
]
}
}
],
"vpc_id": {
"references": [
"var.vpc_id"
]
}
},
"schema_version": 0
},
{
"address": "data.aws_vpc.shared_vpc",
"mode": "data",
"type": "aws_vpc",
"name": "shared_vpc",
"provider_config_key": "datasource:aws",
"expressions": {
"id": {
"references": [
"var.vpc_id"
]
}
},
"schema_version": 0
}
],
"variables": {
"availability_zone": {
"description": "List of AZ to use"
},
"vpc_id": {
"description": "VPC"
}
}
}
},
"eks": {
"source": "terraform-aws-modules/eks/aws",
"expressions": {
"cluster_create_security_group": {
"constant_value": false
},
"cluster_endpoint_private_access": {
"constant_value": true
},
"cluster_endpoint_public_access": {
"constant_value": false
},
"cluster_iam_role_name": {
"constant_value": "EKSClusterServiceRole"
},
"cluster_name": {
"references": [
"var.cluster_name"
]
},
"cluster_security_group_id": {
"references": [
"module.datasource.eks_security_group"
]
},
"cluster_version": {
"references": [
"var.k8s_version"
]
},
"manage_aws_auth": {
"constant_value": false
},
"manage_cluster_iam_resources": {
"constant_value": false
},
"manage_worker_iam_resources": {
"constant_value": false
},
"node_groups": {
"references": [
"var.k8s_version",
"var.cluster_name",
"var.cluster_name",
"var.cluster_name",
"var.cluster_name"
]
},
"node_groups_defaults": {
"references": [
"module.datasource.account_id",
"var.node_min_capacity",
"var.node_max_capacity",
"var.node_desired_size",
"var.node_ami_type",
"var.node_instance_type",
"terraform.workspace",
"var.ssh_keypair"
]
},
"subnets": {
"references": [
"module.datasource.aws_subnet_ids"
]
},
"tags": {
"references": [
"var.cluster_name"
]
},
"vpc_id": {
"references": [
"var.vpc_id"
]
},
"worker_create_security_group": {
"constant_value": false
}
},
"module": {
"outputs": {
"cloudwatch_log_group_name": {
"expression": {
"references": [
"aws_cloudwatch_log_group.this"
]
},
"description": "Name of cloudwatch log group created"
},
"cluster_arn": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"description": "The Amazon Resource Name (ARN) of the cluster."
},
"cluster_certificate_authority_data": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"description": "Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster."
},
"cluster_endpoint": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"description": "The endpoint for your EKS Kubernetes API."
},
"cluster_iam_role_arn": {
"expression": {
"references": [
"local.cluster_iam_role_arn"
]
},
"description": "IAM role ARN of the EKS cluster."
},
"cluster_iam_role_name": {
"expression": {
"references": [
"local.cluster_iam_role_name"
]
},
"description": "IAM role name of the EKS cluster."
},
"cluster_id": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"depends_on": [
"null_resource.wait_for_cluster"
],
"description": "The name/id of the EKS cluster."
},
"cluster_oidc_issuer_url": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"description": "The URL on the EKS cluster OIDC Issuer"
},
"cluster_primary_security_group_id": {
"expression": {
"references": [
"local.cluster_primary_security_group_id"
]
},
"description": "The cluster primary security group ID created by the EKS cluster on 1.14 or later. Referred to as 'Cluster security group' in the EKS console."
},
"cluster_security_group_id": {
"expression": {
"references": [
"local.cluster_security_group_id"
]
},
"description": "Security group ID attached to the EKS cluster. On 1.14 or later, this is the 'Additional security groups' in the EKS console."
},
"cluster_version": {
"expression": {
"references": [
"aws_eks_cluster.this"
]
},
"description": "The Kubernetes server version for the EKS cluster."
},
"config_map_aws_auth": {
"expression": {
"references": [
"kubernetes_config_map.aws_auth"
]
},
"description": "A kubernetes configuration to authenticate to this EKS cluster."
},
"kubeconfig": {
"expression": {
"references": [
"local.kubeconfig"
]
},
"description": "kubectl config file contents for this EKS cluster."
},
"kubeconfig_filename": {
"expression": {
"references": [
"local_file.kubeconfig"
]
},
"description": "The filename of the generated kubectl config."
},
"node_groups": {
"expression": {
"references": [
"module.node_groups.node_groups"
]
},
"description": "Outputs from EKS node groups. Map of maps, keyed by var.node_groups keys"
},
"oidc_provider_arn": {
"expression": {
"references": [
"var.enable_irsa",
"aws_iam_openid_connect_provider.oidc_provider"
]
},
"description": "The ARN of the OIDC Provider if `enable_irsa = true`."
},
"security_group_rule_cluster_https_worker_ingress": {
"expression": {
"references": [
"aws_security_group_rule.cluster_https_worker_ingress"
]
},
"description": "Security group rule responsible for allowing pods to communicate with the EKS cluster API."
},
"worker_iam_instance_profile_arns": {
"expression": {
"references": [
"aws_iam_instance_profile.workers",
"aws_iam_instance_profile.workers_launch_template"
]
},
"description": "default IAM instance profile ARN for EKS worker groups"
},
"worker_iam_instance_profile_names": {
"expression": {
"references": [
"aws_iam_instance_profile.workers",
"aws_iam_instance_profile.workers_launch_template"
]
},
"description": "default IAM instance profile name for EKS worker groups"
},
"worker_iam_role_arn": {
"expression": {
"references": [
"aws_iam_role.workers",
"data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile",
"data.aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile"
]
},
"description": "default IAM role ARN for EKS worker groups"
},
"worker_iam_role_name": {
"expression": {
"references": [
"aws_iam_role.workers",
"data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile",
"data.aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile"
]
},
"description": "default IAM role name for EKS worker groups"
},
"worker_security_group_id": {
"expression": {
"references": [
"local.worker_security_group_id"
]
},
"description": "Security group ID attached to the EKS workers."
},
"workers_asg_arns": {
"expression": {
"references": [
"aws_autoscaling_group.workers",
"aws_autoscaling_group.workers_launch_template"
]
},
"description": "IDs of the autoscaling groups containing workers."
},
"workers_asg_names": {
"expression": {
"references": [
"aws_autoscaling_group.workers",
"aws_autoscaling_group.workers_launch_template"
]
},
"description": "Names of the autoscaling groups containing workers."
},
"workers_default_ami_id": {
"expression": {
"references": [
"data.aws_ami.eks_worker"
]
},
"description": "ID of the default worker group AMI"
},
"workers_launch_template_arns": {
"expression": {
"references": [
"aws_launch_template.workers_launch_template"
]
},
"description": "ARNs of the worker launch templates."
},
"workers_launch_template_ids": {
"expression": {
"references": [
"aws_launch_template.workers_launch_template"
]
},
"description": "IDs of the worker launch templates."
},
"workers_launch_template_latest_versions": {
"expression": {
"references": [
"aws_launch_template.workers_launch_template"
]
},
"description": "Latest versions of the worker launch templates."
},
"workers_user_data": {
"expression": {
"references": [
"data.template_file.userdata",
"data.template_file.launch_template_userdata"
]
},
"description": "User data of worker groups"
}
},
"resources": [
{
"address": "aws_autoscaling_group.workers",
"mode": "managed",
"type": "aws_autoscaling_group",
"name": "workers",
"provider_config_key": "eks:aws",
"expressions": {
"default_cooldown": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"desired_capacity": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"enabled_metrics": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"force_delete": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"health_check_grace_period": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"launch_configuration": {
"references": [
"aws_launch_configuration.workers",
"count.index"
]
},
"max_instance_lifetime": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"max_size": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"min_size": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups",
"count.index",
"count.index",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"random_pet.workers",
"count.index"
]
},
"placement_group": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"protect_from_scale_in": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"service_linked_role_arn": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"suspended_processes": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"tags": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups",
"count.index",
"count.index",
"aws_eks_cluster.this[0]",
"aws_eks_cluster.this[0]",
"local.asg_tags",
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"target_group_arns": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"termination_policies": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"vpc_zone_identifier": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_count"
]
}
},
{
"address": "aws_autoscaling_group.workers_launch_template",
"mode": "managed",
"type": "aws_autoscaling_group",
"name": "workers_launch_template",
"provider_config_key": "eks:aws",
"expressions": {
"default_cooldown": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"desired_capacity": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"enabled_metrics": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"force_delete": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"health_check_grace_period": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"max_instance_lifetime": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"max_size": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"min_size": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups_launch_template",
"count.index",
"count.index",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"random_pet.workers_launch_template",
"count.index"
]
},
"placement_group": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"protect_from_scale_in": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"service_linked_role_arn": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"suspended_processes": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"tags": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups_launch_template",
"count.index",
"count.index",
"aws_eks_cluster.this[0]",
"local.asg_tags",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"target_group_arns": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"termination_policies": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"vpc_zone_identifier": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "aws_cloudwatch_log_group.this",
"mode": "managed",
"type": "aws_cloudwatch_log_group",
"name": "this",
"provider_config_key": "eks:aws",
"expressions": {
"kms_key_id": {
"references": [
"var.cluster_log_kms_key_id"
]
},
"name": {
"references": [
"var.cluster_name"
]
},
"retention_in_days": {
"references": [
"var.cluster_log_retention_in_days"
]
},
"tags": {
"references": [
"var.tags"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.cluster_enabled_log_types",
"var.create_eks"
]
}
},
{
"address": "aws_eks_cluster.this",
"mode": "managed",
"type": "aws_eks_cluster",
"name": "this",
"provider_config_key": "eks:aws",
"expressions": {
"enabled_cluster_log_types": {
"references": [
"var.cluster_enabled_log_types"
]
},
"name": {
"references": [
"var.cluster_name"
]
},
"role_arn": {
"references": [
"local.cluster_iam_role_arn"
]
},
"tags": {
"references": [
"var.tags"
]
},
"timeouts": {
"create": {
"references": [
"var.cluster_create_timeout"
]
},
"delete": {
"references": [
"var.cluster_delete_timeout"
]
}
},
"version": {
"references": [
"var.cluster_version"
]
},
"vpc_config": [
{
"endpoint_private_access": {
"references": [
"var.cluster_endpoint_private_access"
]
},
"endpoint_public_access": {
"references": [
"var.cluster_endpoint_public_access"
]
},
"public_access_cidrs": {
"references": [
"var.cluster_endpoint_public_access_cidrs"
]
},
"security_group_ids": {
"references": [
"local.cluster_security_group_id"
]
},
"subnet_ids": {
"references": [
"var.subnets"
]
}
}
]
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks"
]
},
"depends_on": [
"aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"aws_cloudwatch_log_group.this"
]
},
{
"address": "aws_iam_instance_profile.workers",
"mode": "managed",
"type": "aws_iam_instance_profile",
"name": "workers",
"provider_config_key": "eks:aws",
"expressions": {
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]"
]
},
"path": {
"references": [
"var.iam_path"
]
},
"role": {
"references": [
"var.worker_groups",
"count.index",
"local.default_iam_role_id"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks",
"local.worker_group_count"
]
}
},
{
"address": "aws_iam_instance_profile.workers_launch_template",
"mode": "managed",
"type": "aws_iam_instance_profile",
"name": "workers_launch_template",
"provider_config_key": "eks:aws",
"expressions": {
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]"
]
},
"path": {
"references": [
"var.iam_path"
]
},
"role": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.default_iam_role_id"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "aws_iam_openid_connect_provider.oidc_provider",
"mode": "managed",
"type": "aws_iam_openid_connect_provider",
"name": "oidc_provider",
"provider_config_key": "eks:aws",
"expressions": {
"client_id_list": {
"constant_value": [
"sts.amazonaws.com"
]
},
"thumbprint_list": {
"references": [
"var.eks_oidc_root_ca_thumbprint"
]
},
"url": {
"references": [
"aws_eks_cluster.this"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.enable_irsa",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role.cluster",
"mode": "managed",
"type": "aws_iam_role",
"name": "cluster",
"provider_config_key": "eks:aws",
"expressions": {
"assume_role_policy": {
"references": [
"data.aws_iam_policy_document.cluster_assume_role_policy"
]
},
"force_detach_policies": {
"constant_value": true
},
"name_prefix": {
"references": [
"var.cluster_name"
]
},
"path": {
"references": [
"var.iam_path"
]
},
"permissions_boundary": {
"references": [
"var.permissions_boundary"
]
},
"tags": {
"references": [
"var.tags"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_cluster_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role.workers",
"mode": "managed",
"type": "aws_iam_role",
"name": "workers",
"provider_config_key": "eks:aws",
"expressions": {
"assume_role_policy": {
"references": [
"data.aws_iam_policy_document.workers_assume_role_policy"
]
},
"force_detach_policies": {
"constant_value": true
},
"name": {
"references": [
"var.workers_role_name",
"var.workers_role_name"
]
},
"name_prefix": {
"references": [
"var.workers_role_name",
"aws_eks_cluster.this[0]"
]
},
"path": {
"references": [
"var.iam_path"
]
},
"permissions_boundary": {
"references": [
"var.permissions_boundary"
]
},
"tags": {
"references": [
"var.tags"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "cluster_AmazonEKSClusterPolicy",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"local.policy_arn_prefix"
]
},
"role": {
"references": [
"local.cluster_iam_role_name"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_cluster_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "cluster_AmazonEKSServicePolicy",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"local.policy_arn_prefix"
]
},
"role": {
"references": [
"local.cluster_iam_role_name"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_cluster_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "workers_AmazonEC2ContainerRegistryReadOnly",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"local.policy_arn_prefix"
]
},
"role": {
"references": [
"aws_iam_role.workers[0]"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "workers_AmazonEKSWorkerNodePolicy",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"local.policy_arn_prefix"
]
},
"role": {
"references": [
"aws_iam_role.workers[0]"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "workers_AmazonEKS_CNI_Policy",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"local.policy_arn_prefix"
]
},
"role": {
"references": [
"aws_iam_role.workers[0]"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.attach_worker_cni_policy",
"var.create_eks"
]
}
},
{
"address": "aws_iam_role_policy_attachment.workers_additional_policies",
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "workers_additional_policies",
"provider_config_key": "eks:aws",
"expressions": {
"policy_arn": {
"references": [
"var.workers_additional_policies",
"count.index"
]
},
"role": {
"references": [
"aws_iam_role.workers[0]"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"var.create_eks",
"var.workers_additional_policies"
]
}
},
{
"address": "aws_launch_configuration.workers",
"mode": "managed",
"type": "aws_launch_configuration",
"name": "workers",
"provider_config_key": "eks:aws",
"expressions": {
"associate_public_ip_address": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"ebs_optimized": {
"references": [
"var.worker_groups",
"count.index",
"local.ebs_optimized_not_supported",
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"enable_monitoring": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"iam_instance_profile": {
"references": [
"aws_iam_instance_profile.workers",
"data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile",
"count.index"
]
},
"image_id": {
"references": [
"var.worker_groups",
"count.index",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"local.default_ami_id_windows",
"local.default_ami_id_linux"
]
},
"instance_type": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"key_name": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups",
"count.index",
"count.index"
]
},
"placement_tenancy": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"root_block_device": [
{
"delete_on_termination": {
"constant_value": true
},
"encrypted": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"iops": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"volume_size": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"volume_type": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
}
}
],
"security_groups": {
"references": [
"local.worker_security_group_id",
"var.worker_additional_security_group_ids",
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"spot_price": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
},
"user_data_base64": {
"references": [
"data.template_file.userdata",
"count.index"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_count"
]
}
},
{
"address": "aws_launch_template.workers_launch_template",
"mode": "managed",
"type": "aws_launch_template",
"name": "workers_launch_template",
"provider_config_key": "eks:aws",
"expressions": {
"block_device_mappings": [
{
"device_name": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"ebs": [
{
"delete_on_termination": {
"constant_value": true
},
"encrypted": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"iops": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"kms_key_id": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"volume_size": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"volume_type": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
}
]
}
],
"credit_specification": [
{
"cpu_credits": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
}
],
"ebs_optimized": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.ebs_optimized_not_supported",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"iam_instance_profile": [
{
"name": {
"references": [
"aws_iam_instance_profile.workers_launch_template",
"data.aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile",
"count.index"
]
}
}
],
"image_id": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"local.default_ami_id_windows",
"local.default_ami_id_linux"
]
},
"instance_type": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"key_name": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"monitoring": [
{
"enabled": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
}
],
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups_launch_template",
"count.index",
"count.index"
]
},
"network_interfaces": [
{
"associate_public_ip_address": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"delete_on_termination": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
},
"security_groups": {
"references": [
"local.worker_security_group_id",
"var.worker_additional_security_group_ids",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
}
],
"tag_specifications": [
{
"resource_type": {
"constant_value": "volume"
},
"tags": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups_launch_template",
"count.index",
"count.index",
"var.tags"
]
}
},
{
"resource_type": {
"constant_value": "instance"
},
"tags": {
"references": [
"aws_eks_cluster.this[0]",
"var.worker_groups_launch_template",
"count.index",
"count.index",
"var.tags"
]
}
}
],
"tags": {
"references": [
"var.tags"
]
},
"user_data": {
"references": [
"data.template_file.launch_template_userdata",
"count.index"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "aws_security_group.cluster",
"mode": "managed",
"type": "aws_security_group",
"name": "cluster",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "EKS cluster security group."
},
"name_prefix": {
"references": [
"var.cluster_name"
]
},
"tags": {
"references": [
"var.tags",
"var.cluster_name"
]
},
"vpc_id": {
"references": [
"var.vpc_id"
]
}
},
"schema_version": 1,
"count_expression": {
"references": [
"var.cluster_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group.workers",
"mode": "managed",
"type": "aws_security_group",
"name": "workers",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Security group for all nodes in the cluster."
},
"name_prefix": {
"references": [
"aws_eks_cluster.this[0]"
]
},
"tags": {
"references": [
"var.tags",
"aws_eks_cluster.this[0]",
"aws_eks_cluster.this[0]"
]
},
"vpc_id": {
"references": [
"var.vpc_id"
]
}
},
"schema_version": 1,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.cluster_egress_internet",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "cluster_egress_internet",
"provider_config_key": "eks:aws",
"expressions": {
"cidr_blocks": {
"constant_value": [
"0.0.0.0/0"
]
},
"description": {
"constant_value": "Allow cluster egress access to the Internet."
},
"from_port": {
"constant_value": 0
},
"protocol": {
"constant_value": "-1"
},
"security_group_id": {
"references": [
"local.cluster_security_group_id"
]
},
"to_port": {
"constant_value": 0
},
"type": {
"constant_value": "egress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.cluster_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.cluster_https_worker_ingress",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "cluster_https_worker_ingress",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow pods to communicate with the EKS cluster API."
},
"from_port": {
"constant_value": 443
},
"protocol": {
"constant_value": "tcp"
},
"security_group_id": {
"references": [
"local.cluster_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"to_port": {
"constant_value": 443
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.cluster_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.cluster_primary_ingress_workers",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "cluster_primary_ingress_workers",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow pods running on workers to send communication to cluster primary security group (e.g. Fargate pods)."
},
"from_port": {
"constant_value": 0
},
"protocol": {
"constant_value": "all"
},
"security_group_id": {
"references": [
"local.cluster_primary_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"to_port": {
"constant_value": 65535
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.worker_create_cluster_primary_security_group_rules",
"var.cluster_version",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.cluster_private_access",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "cluster_private_access",
"provider_config_key": "eks:aws",
"expressions": {
"cidr_blocks": {
"references": [
"var.cluster_endpoint_private_access_cidrs"
]
},
"from_port": {
"constant_value": 443
},
"protocol": {
"constant_value": "tcp"
},
"security_group_id": {
"references": [
"aws_eks_cluster.this[0]"
]
},
"to_port": {
"constant_value": 443
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.create_eks",
"var.manage_aws_auth",
"var.cluster_endpoint_private_access",
"var.cluster_endpoint_public_access"
]
}
},
{
"address": "aws_security_group_rule.workers_egress_internet",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_egress_internet",
"provider_config_key": "eks:aws",
"expressions": {
"cidr_blocks": {
"constant_value": [
"0.0.0.0/0"
]
},
"description": {
"constant_value": "Allow nodes all egress to the Internet."
},
"from_port": {
"constant_value": 0
},
"protocol": {
"constant_value": "-1"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"to_port": {
"constant_value": 0
},
"type": {
"constant_value": "egress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.workers_ingress_cluster",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_ingress_cluster",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow workers pods to receive communication from the cluster control plane."
},
"from_port": {
"references": [
"var.worker_sg_ingress_from_port"
]
},
"protocol": {
"constant_value": "tcp"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.cluster_security_group_id"
]
},
"to_port": {
"constant_value": 65535
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.workers_ingress_cluster_https",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_ingress_cluster_https",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow pods running extension API servers on port 443 to receive communication from cluster control plane."
},
"from_port": {
"constant_value": 443
},
"protocol": {
"constant_value": "tcp"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.cluster_security_group_id"
]
},
"to_port": {
"constant_value": 443
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.workers_ingress_cluster_kubelet",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_ingress_cluster_kubelet",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow workers Kubelets to receive communication from the cluster control plane."
},
"from_port": {
"constant_value": 10250
},
"protocol": {
"constant_value": "tcp"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.cluster_security_group_id"
]
},
"to_port": {
"constant_value": 10250
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks",
"var.worker_sg_ingress_from_port"
]
}
},
{
"address": "aws_security_group_rule.workers_ingress_cluster_primary",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_ingress_cluster_primary",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow pods running on workers to receive communication from cluster primary security group (e.g. Fargate pods)."
},
"from_port": {
"constant_value": 0
},
"protocol": {
"constant_value": "all"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.cluster_primary_security_group_id"
]
},
"to_port": {
"constant_value": 65535
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.worker_create_cluster_primary_security_group_rules",
"var.cluster_version",
"var.create_eks"
]
}
},
{
"address": "aws_security_group_rule.workers_ingress_self",
"mode": "managed",
"type": "aws_security_group_rule",
"name": "workers_ingress_self",
"provider_config_key": "eks:aws",
"expressions": {
"description": {
"constant_value": "Allow node to communicate with each other."
},
"from_port": {
"constant_value": 0
},
"protocol": {
"constant_value": "-1"
},
"security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"source_security_group_id": {
"references": [
"local.worker_security_group_id"
]
},
"to_port": {
"constant_value": 65535
},
"type": {
"constant_value": "ingress"
}
},
"schema_version": 2,
"count_expression": {
"references": [
"var.worker_create_security_group",
"var.create_eks"
]
}
},
{
"address": "kubernetes_config_map.aws_auth",
"mode": "managed",
"type": "kubernetes_config_map",
"name": "aws_auth",
"provider_config_key": "eks:kubernetes",
"expressions": {
"data": {
"references": [
"local.configmap_roles",
"var.map_roles",
"var.map_users",
"var.map_accounts"
]
},
"metadata": [
{
"name": {
"constant_value": "aws-auth"
},
"namespace": {
"constant_value": "kube-system"
}
}
]
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"var.manage_aws_auth"
]
},
"depends_on": [
"null_resource.wait_for_cluster[0]"
]
},
{
"address": "local_file.kubeconfig",
"mode": "managed",
"type": "local_file",
"name": "kubeconfig",
"provider_config_key": "eks:local",
"expressions": {
"content": {
"references": [
"local.kubeconfig"
]
},
"directory_permission": {
"constant_value": "0755"
},
"file_permission": {
"constant_value": "0644"
},
"filename": {
"references": [
"var.config_output_path",
"var.config_output_path",
"var.cluster_name",
"var.config_output_path"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.write_kubeconfig",
"var.create_eks"
]
}
},
{
"address": "null_resource.wait_for_cluster",
"mode": "managed",
"type": "null_resource",
"name": "wait_for_cluster",
"provider_config_key": "eks:null",
"provisioners": [
{
"type": "local-exec",
"expressions": {
"command": {
"references": [
"var.wait_for_cluster_cmd"
]
},
"environment": {
"references": [
"aws_eks_cluster.this[0]"
]
},
"interpreter": {
"references": [
"var.wait_for_cluster_interpreter"
]
}
}
}
],
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"var.manage_aws_auth"
]
},
"depends_on": [
"aws_eks_cluster.this[0]",
"aws_security_group_rule.cluster_private_access"
]
},
{
"address": "random_pet.workers",
"mode": "managed",
"type": "random_pet",
"name": "workers",
"provider_config_key": "eks:random",
"expressions": {
"keepers": {
"references": [
"aws_launch_configuration.workers",
"count.index"
]
},
"length": {
"constant_value": 2
},
"separator": {
"constant_value": "-"
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_count"
]
}
},
{
"address": "random_pet.workers_launch_template",
"mode": "managed",
"type": "random_pet",
"name": "workers_launch_template",
"provider_config_key": "eks:random",
"expressions": {
"keepers": {
"references": [
"aws_launch_template.workers_launch_template",
"count.index",
"aws_launch_template.workers_launch_template",
"count.index"
]
},
"length": {
"constant_value": 2
},
"separator": {
"constant_value": "-"
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "data.aws_ami.eks_worker",
"mode": "data",
"type": "aws_ami",
"name": "eks_worker",
"provider_config_key": "eks:aws",
"expressions": {
"filter": [
{
"name": {
"constant_value": "name"
},
"values": {
"references": [
"local.worker_ami_name_filter"
]
}
}
],
"most_recent": {
"constant_value": true
},
"owners": {
"references": [
"var.worker_ami_owner_id"
]
}
},
"schema_version": 0
},
{
"address": "data.aws_ami.eks_worker_windows",
"mode": "data",
"type": "aws_ami",
"name": "eks_worker_windows",
"provider_config_key": "eks:aws",
"expressions": {
"filter": [
{
"name": {
"constant_value": "name"
},
"values": {
"references": [
"local.worker_ami_name_filter_windows"
]
}
},
{
"name": {
"constant_value": "platform"
},
"values": {
"constant_value": [
"windows"
]
}
}
],
"most_recent": {
"constant_value": true
},
"owners": {
"references": [
"var.worker_ami_owner_id_windows"
]
}
},
"schema_version": 0
},
{
"address": "data.aws_caller_identity.current",
"mode": "data",
"type": "aws_caller_identity",
"name": "current",
"provider_config_key": "eks:aws",
"schema_version": 0
},
{
"address": "data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile",
"mode": "data",
"type": "aws_iam_instance_profile",
"name": "custom_worker_group_iam_instance_profile",
"provider_config_key": "eks:aws",
"expressions": {
"name": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"local.worker_group_count"
]
}
},
{
"address": "data.aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile",
"mode": "data",
"type": "aws_iam_instance_profile",
"name": "custom_worker_group_launch_template_iam_instance_profile",
"provider_config_key": "eks:aws",
"expressions": {
"name": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_worker_iam_resources",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "data.aws_iam_policy_document.cluster_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cluster_assume_role_policy",
"provider_config_key": "eks:aws",
"expressions": {
"statement": [
{
"actions": {
"constant_value": [
"sts:AssumeRole"
]
},
"principals": [
{
"identifiers": {
"constant_value": [
"eks.amazonaws.com"
]
},
"type": {
"constant_value": "Service"
}
}
],
"sid": {
"constant_value": "EKSClusterAssumeRole"
}
}
]
},
"schema_version": 0
},
{
"address": "data.aws_iam_policy_document.workers_assume_role_policy",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "workers_assume_role_policy",
"provider_config_key": "eks:aws",
"expressions": {
"statement": [
{
"actions": {
"constant_value": [
"sts:AssumeRole"
]
},
"principals": [
{
"identifiers": {
"references": [
"local.ec2_principal"
]
},
"type": {
"constant_value": "Service"
}
}
],
"sid": {
"constant_value": "EKSWorkerAssumeRole"
}
}
]
},
"schema_version": 0
},
{
"address": "data.aws_iam_role.custom_cluster_iam_role",
"mode": "data",
"type": "aws_iam_role",
"name": "custom_cluster_iam_role",
"provider_config_key": "eks:aws",
"expressions": {
"name": {
"references": [
"var.cluster_iam_role_name"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.manage_cluster_iam_resources"
]
}
},
{
"address": "data.aws_partition.current",
"mode": "data",
"type": "aws_partition",
"name": "current",
"provider_config_key": "eks:aws",
"schema_version": 0
},
{
"address": "data.null_data_source.node_groups",
"mode": "data",
"type": "null_data_source",
"name": "node_groups",
"provider_config_key": "eks:null",
"expressions": {
"inputs": {
"references": [
"aws_eks_cluster.this",
"kubernetes_config_map.aws_auth",
"aws_iam_role_policy_attachment.workers_AmazonEKSWorkerNodePolicy",
"aws_iam_role_policy_attachment.workers_AmazonEKS_CNI_Policy",
"aws_iam_role_policy_attachment.workers_AmazonEC2ContainerRegistryReadOnly"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks"
]
}
},
{
"address": "data.template_file.launch_template_userdata",
"mode": "data",
"type": "template_file",
"name": "launch_template_userdata",
"provider_config_key": "eks:template",
"expressions": {
"template": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"path.module",
"path.module"
]
},
"vars": {
"references": [
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"aws_eks_cluster.this",
"aws_eks_cluster.this",
"aws_eks_cluster.this",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults",
"var.worker_groups_launch_template",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_launch_template_count"
]
}
},
{
"address": "data.template_file.userdata",
"mode": "data",
"type": "template_file",
"name": "userdata",
"provider_config_key": "eks:template",
"expressions": {
"template": {
"references": [
"var.worker_groups",
"count.index",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"path.module",
"path.module"
]
},
"vars": {
"references": [
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"aws_eks_cluster.this",
"aws_eks_cluster.this",
"aws_eks_cluster.this",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"var.worker_groups",
"count.index",
"local.workers_group_defaults",
"var.worker_groups",
"count.index",
"local.workers_group_defaults"
]
}
},
"schema_version": 0,
"count_expression": {
"references": [
"var.create_eks",
"local.worker_group_count"
]
}
}
],
"module_calls": {
"node_groups": {
"source": "./modules/node_groups",
"expressions": {
"cluster_name": {
"references": [
"data.null_data_source.node_groups"
]
},
"create_eks": {
"references": [
"var.create_eks"
]
},
"default_iam_role_arn": {
"references": [
"aws_iam_role.workers"
]
},
"node_groups": {
"references": [
"var.node_groups"
]
},
"node_groups_defaults": {
"references": [
"var.node_groups_defaults"
]
},
"tags": {
"references": [
"var.tags"
]
},
"workers_group_defaults": {
"references": [
"local.workers_group_defaults"
]
}
},
"module": {
"outputs": {
"aws_auth_roles": {
"expression": {
"references": [
"local.node_groups_expanded",
"var.default_iam_role_arn"
]
},
"description": "Roles for use in aws-auth ConfigMap"
},
"node_groups": {
"expression": {
"references": [
"aws_eks_node_group.workers"
]
},
"description": "Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values"
}
},
"resources": [
{
"address": "aws_eks_node_group.workers",
"mode": "managed",
"type": "aws_eks_node_group",
"name": "workers",
"provider_config_key": "node_groups:aws",
"expressions": {
"ami_type": {
"references": [
"each.value"
]
},
"cluster_name": {
"references": [
"var.cluster_name"
]
},
"disk_size": {
"references": [
"each.value"
]
},
"instance_types": {
"references": [
"each.value"
]
},
"labels": {
"references": [
"var.node_groups_defaults",
"var.node_groups",
"each.key"
]
},
"node_group_name": {
"references": [
"each.value",
"var.cluster_name",
"each.key",
"random_pet.node_groups",
"each.key"
]
},
"node_role_arn": {
"references": [
"each.value"
]
},
"release_version": {
"references": [
"each.value"
]
},
"scaling_config": [
{
"desired_size": {
"references": [
"each.value"
]
},
"max_size": {
"references": [
"each.value"
]
},
"min_size": {
"references": [
"each.value"
]
}
}
],
"subnet_ids": {
"references": [
"each.value"
]
},
"tags": {
"references": [
"var.tags",
"var.node_groups_defaults",
"var.node_groups",
"each.key"
]
},
"version": {
"references": [
"each.value"
]
}
},
"schema_version": 0,
"for_each_expression": {
"references": [
"local.node_groups_expanded"
]
}
},
{
"address": "random_pet.node_groups",
"mode": "managed",
"type": "random_pet",
"name": "node_groups",
"provider_config_key": "node_groups:random",
"expressions": {
"keepers": {
"references": [
"each.value",
"each.value",
"each.value",
"each.value",
"each.value",
"each.value",
"each.value",
"var.cluster_name",
"each.key"
]
},
"length": {
"constant_value": 2
},
"separator": {
"constant_value": "-"
}
},
"schema_version": 0,
"for_each_expression": {
"references": [
"local.node_groups_expanded"
]
}
}
],
"variables": {
"cluster_name": {
"description": "Name of parent cluster"
},
"create_eks": {
"default": true,
"description": "Controls if EKS resources should be created (it affects almost all resources)"
},
"default_iam_role_arn": {
"description": "ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults`"
},
"node_groups": {
"default": {},
"description": "Map of maps of `eks_node_groups` to create. See \"`node_groups` and `node_groups_defaults` keys\" section in README.md for more details"
},
"node_groups_defaults": {
"description": "map of maps of node groups to create. See \"`node_groups` and `node_groups_defaults` keys\" section in README.md for more details"
},
"tags": {
"description": "A map of tags to add to all resources"
},
"workers_group_defaults": {
"description": "Workers group defaults from parent"
}
}
}
}
},
"variables": {
"attach_worker_cni_policy": {
"default": true,
"description": "Whether to attach the Amazon managed `AmazonEKS_CNI_Policy` IAM policy to the default worker IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster."
},
"cluster_create_security_group": {
"default": true,
"description": "Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`."
},
"cluster_create_timeout": {
"default": "30m",
"description": "Timeout value when creating the EKS cluster."
},
"cluster_delete_timeout": {
"default": "15m",
"description": "Timeout value when deleting the EKS cluster."
},
"cluster_enabled_log_types": {
"default": [],
"description": "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
},
"cluster_encryption_config": {
"default": [],
"description": "Configuration block with encryption configuration for the cluster. See examples/secrets_encryption/main.tf for example format"
},
"cluster_endpoint_private_access": {
"default": false,
"description": "Indicates whether or not the Amazon EKS private API server endpoint is enabled."
},
"cluster_endpoint_private_access_cidrs": {
"default": [
"0.0.0.0/0"
],
"description": "List of CIDR blocks which can access the Amazon EKS private API server endpoint, when public access is disabled"
},
"cluster_endpoint_public_access": {
"default": true,
"description": "Indicates whether or not the Amazon EKS public API server endpoint is enabled."
},
"cluster_endpoint_public_access_cidrs": {
"default": [
"0.0.0.0/0"
],
"description": "List of CIDR blocks which can access the Amazon EKS public API server endpoint."
},
"cluster_iam_role_name": {
"default": "",
"description": "IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false."
},
"cluster_log_kms_key_id": {
"default": "",
"description": "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
},
"cluster_log_retention_in_days": {
"default": 90,
"description": "Number of days to retain log events. Default retention - 90 days."
},
"cluster_name": {
"description": "Name of the EKS cluster. Also used as a prefix in names of related resources."
},
"cluster_security_group_id": {
"default": "",
"description": "If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers"
},
"cluster_version": {
"default": "1.16",
"description": "Kubernetes version to use for the EKS cluster."
},
"config_output_path": {
"default": "./",
"description": "Where to save the Kubectl config file (if `write_kubeconfig = true`). Assumed to be a directory if the value ends with a forward slash `/`."
},
"create_eks": {
"default": true,
"description": "Controls if EKS resources should be created (it affects almost all resources)"
},
"eks_oidc_root_ca_thumbprint": {
"default": "9e99a48a9960b14926bb7f3b02e22da2b0ab7280",
"description": "Thumbprint of Root CA for EKS OIDC, Valid until 2037"
},
"enable_irsa": {
"default": false,
"description": "Whether to create OpenID Connect Provider for EKS to enable IRSA"
},
"iam_path": {
"default": "/",
"description": "If provided, all IAM roles will be created on this path."
},
"kubeconfig_aws_authenticator_additional_args": {
"default": [],
"description": "Any additional arguments to pass to the authenticator such as the role to assume. e.g. [\"-r\", \"MyEksRole\"]."
},
"kubeconfig_aws_authenticator_command": {
"default": "aws-iam-authenticator",
"description": "Command to use to fetch AWS EKS credentials."
},
"kubeconfig_aws_authenticator_command_args": {
"default": [],
"description": "Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]."
},
"kubeconfig_aws_authenticator_env_variables": {
"default": {},
"description": "Environment variables that should be used when executing the authenticator. e.g. { AWS_PROFILE = \"eks\"}."
},
"kubeconfig_name": {
"default": "",
"description": "Override the default name used for items kubeconfig."
},
"manage_aws_auth": {
"default": true,
"description": "Whether to apply the aws-auth configmap file."
},
"manage_cluster_iam_resources": {
"default": true,
"description": "Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified."
},
"manage_worker_iam_resources": {
"default": true,
"description": "Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers."
},
"map_accounts": {
"default": [],
"description": "Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
},
"map_roles": {
"default": [],
"description": "Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
},
"map_users": {
"default": [],
"description": "Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
},
"node_groups": {
"default": {},
"description": "Map of map of node groups to create. See `node_groups` module's documentation for more details"
},
"node_groups_defaults": {
"default": {},
"description": "Map of values to be applied to all node groups. See `node_groups` module's documentaton for more details"
},
"permissions_boundary": {
"default": null,
"description": "If provided, all IAM roles will be created with this permissions boundary attached."
},
"subnets": {
"description": "A list of subnets to place the EKS cluster and workers within."
},
"tags": {
"default": {},
"description": "A map of tags to add to all resources."
},
"vpc_id": {
"description": "VPC where the cluster and workers will be deployed."
},
"wait_for_cluster_cmd": {
"default": "for i in `seq 1 60`; do wget --no-check-certificate -O - -q $ENDPOINT/healthz \u003e/dev/null \u0026\u0026 exit 0 || true; sleep 5; done; echo TIMEOUT \u0026\u0026 exit 1",
"description": "Custom local-exec command to execute for determining if the eks cluster is healthy. Cluster endpoint will be available as an environment variable called ENDPOINT"
},
"wait_for_cluster_interpreter": {
"default": [
"/bin/sh",
"-c"
],
"description": "Custom local-exec command line interpreter for the command to determining if the eks cluster is healthy."
},
"worker_additional_security_group_ids": {
"default": [],
"description": "A list of additional security group ids to attach to worker instances"
},
"worker_ami_name_filter": {
"default": "",
"description": "Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster_version' is used."
},
"worker_ami_name_filter_windows": {
"default": "",
"description": "Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster_version' is used."
},
"worker_ami_owner_id": {
"default": "602401143452",
"description": "The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
},
"worker_ami_owner_id_windows": {
"default": "801119661308",
"description": "The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
},
"worker_create_cluster_primary_security_group_rules": {
"default": false,
"description": "Whether to create security group rules to allow communication between pods on workers and pods using the primary cluster security group."
},
"worker_create_initial_lifecycle_hooks": {
"default": false,
"description": "Whether to create initial lifecycle hooks provided in worker groups."
},
"worker_create_security_group": {
"default": true,
"description": "Whether to create a security group for the workers or attach the workers to `worker_security_group_id`."
},
"worker_groups": {
"default": [],
"description": "A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys."
},
"worker_groups_launch_template": {
"default": [],
"description": "A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys."
},
"worker_security_group_id": {
"default": "",
"description": "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster."
},
"worker_sg_ingress_from_port": {
"default": 1025,
"description": "Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443)."
},
"workers_additional_policies": {
"default": [],
"description": "Additional policies to be added to workers"
},
"workers_group_defaults": {
"default": {},
"description": "Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys."
},
"workers_role_name": {
"default": "",
"description": "User defined workers role name."
},
"write_kubeconfig": {
"default": true,
"description": "Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`."
}
}
},
"version_constraint": "12.1.0"
}
},
"variables": {
"availability_zone": {
"description": "List of defines subnets"
},
"cluster_name": {},
"k8s_version": {},
"kubernetes_autoscaler_image": {
"description": "Image used for the autoscaler; its version must match the Kubernetes version!"
},
"kubernetes_autoscaler_resources_labels": {
"default": {
"k8s-addon": "cluster-autoscaler.addons.k8s.io",
"k8s-app": "cluster-autoscaler"
}
},
"node_ami_type": {},
"node_desired_size": {},
"node_instance_type": {},
"node_max_capacity": {},
"node_min_capacity": {},
"region": {},
"source_security_group_ids": {},
"ssh_keypair": {},
"vpc_id": {}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment