| annotate_pod_ip |
(Optional) enable to fix pod startup connectivity issue on installing Calico with aws-vpc-cni plugin. (Issue: aws/amazon-vpc-cni-k8s#493) |
bool |
false |
no |
| apiserver_flags |
The flags of kube-apiserver. The variables need to follow https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/. Do not use underline. |
map(any) |
{} |
no |
| apiserver_secure_port |
n/a |
number |
6443 |
no |
| audit_log_flags |
The flags of audit log in kube-apiserver. The variables need to follow https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/. Do not use underline. |
map(any) |
{} |
no |
| audit_log_policy_content |
The policy content for auditing log. |
string |
"" |
no |
| auth_webhook_config_path |
The path of webhook config for kube-apiserver. |
string |
"/etc/kubernetes/config/aws-iam-authenticator/kubeconfig" |
no |
| binaries |
Desired binaries(cni_plugin) url and checksum. |
map(object({
source = string
checksum = string
})) |
{} |
no |
| ccm_config |
The cloud contorller manager configuration. |
map(any) |
{} |
no |
| certs |
The kubernetes and etcd certificate. |
map(string) |
{} |
no |
| cloud_provider |
The cloud provider configuration. |
string |
"" |
no |
| components_resource |
Desired resource requests and limits of kubernetes components(kube-apiserver, kube-controller-manager, kube-scheduler, etc.) |
map(object({
cpu_request = string
cpu_limit = string
memory_request = string
memory_limit = string
})) |
{} |
no |
| containers |
Desired containers(kube-apiserver, kube-controller-manager, cfssl, coredns, and so on) repo and tag. |
map(object({
repo = string
tag = string
})) |
{} |
no |
| controller_manager_flags |
The flags of kube-controller-manager. The variables need to follow https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/. Do not use underline. |
map(any) |
{} |
no |
| coredns_config |
The configuration of CoreDNS. |
map(any) |
{} |
no |
| enable_eni_prefix |
(Optional) assign prefix to AWS EC2 network interface |
bool |
true |
no |
| enable_iam_auth |
Enable AWS IAM authenticator or not. |
bool |
false |
no |
| enable_irsa |
Enable AWS IAM role service account or not. |
bool |
false |
no |
| enable_network_policy |
(Optional) [AWS VPC CNI] Enable AWS Network Policy Agent. |
bool |
false |
no |
| encryption_secret |
The secret key for encrypting |
string |
"" |
no |
| etcd_endpoints |
The comma separated list of etcd endpoints (e.g., 'http://etcd1:2379,http://etcd2:2379'). |
string |
"" |
no |
| external_snat |
(Optional) [AWS VPC CNI] Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. |
bool |
false |
no |
| feature_gates |
A set of key=value pairs that describe feature gates for alpha/experimental features. |
map(bool) |
{} |
no |
| internal_endpoint |
The internal endpoint of kube-apiserver. |
string |
"https://127.0.0.1:6443" |
no |
| kube_proxy_config |
The configuration of kube-proxy. The variables need to follow https://github.com/kubernetes/kube-proxy/blob/master/config/v1alpha1/types.go. Do not use underline. |
map(any) |
{} |
no |
| kubelet_cert |
The kubelet cert property. |
object({
algo = string
size = number
expiry = string
}) |
{
"algo": "rsa",
"expiry": "87600h",
"size": 2048
} |
no |
| kubelet_config |
The configuration of kubelet. The variables need to follow https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kubelet/config/v1beta1/types.go. Do not use underline. |
map(any) |
{} |
no |
| kubelet_flags |
The flags of kubelet. The variables need to follow https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/. Do not use underline. |
map(any) |
{} |
no |
| kubernetes_version |
Desired Kubernetes version. |
string |
"v1.31.1" |
no |
| log_level |
Log level and verbosity of each components |
object({
aws_cloud_controller_manager = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
aws_vpc_cni = optional(string, "DEBUG") # DEBUG, INFO, WARN, ERROR, FATAL
containerd = optional(string, "info") # trace, debug, info, warn, error, fatal, panic
cilium_cni = optional(string, "DEBUG") # DEBUG: enable debug logging, INFO: disable debug logging
docker = optional(string, "info") # debug, info, warn, error, fatal
kube_apiserver = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
kube_controller_manager = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
kube_scheduler = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
kube_proxy = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
kubelet = optional(string, "2") # 2: Info, 3: Extended Info, 4: Debug, 5: Trace
}) |
n/a |
yes |
| max_pods |
(Optional) the max pod number in the node when enable eni prefix |
string |
"110" |
no |
| network_plugin |
Desired network plugin which is use for Kubernetes cluster. e.g. 'flannel', 'amazon-vpc', 'cilium-vxlan' |
string |
"amazon-vpc" |
no |
| node_cidr_mask_size |
(Optional)[cilium-vxlan] Mask size for node cidr in cluster. |
number |
24 |
no |
| oidc_config |
The service account config to enable pod identity feature. |
object({
issuer = string
api_audiences = string
}) |
{
"api_audiences": "",
"issuer": ""
} |
no |
| pod_network_cidr |
The CIDR pool used to assign IP addresses to pods in the cluster. |
string |
"10.244.0.0/16" |
no |
| scheduler_flags |
The flags of kube-scheduler. The variables need to follow https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/. Do not use underline. |
map(any) |
{} |
no |
| service_network_cidr |
This is the virtual IP address that will be assigned to services created on Kubernetes. |
string |
"10.96.0.0/12" |
no |
| tls_bootstrap_token |
The token uses to authenticate API server. |
object({
id = string
secret = string
}) |
{
"id": "",
"secret": ""
} |
no |