-
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathoutputs.tf
199 lines (173 loc) · 7.24 KB
/
outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
output "name" {
description = "The name of the cluster."
value = aws_eks_cluster.this.name
}
output "id" {
description = "The ID of the cluster."
value = aws_eks_cluster.this.id
}
output "arn" {
description = "The ARN of the cluster."
value = aws_eks_cluster.this.arn
}
output "version" {
description = "The Kubernetes server version for the cluster."
value = aws_eks_cluster.this.version
}
output "platform_version" {
description = "The platform version for the cluster."
value = aws_eks_cluster.this.platform_version
}
output "status" {
description = "The status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`."
value = aws_eks_cluster.this.status
}
output "vpc_id" {
description = "The ID of VPC associated with the cluster."
value = aws_eks_cluster.this.vpc_config[0].vpc_id
}
output "subnets" {
description = "The IDs of subnets which the ENIs of Kubernetes control plane are located in."
value = aws_eks_cluster.this.vpc_config[0].subnet_ids
}
output "cluster_security_group" {
description = "The security group that was created by EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication."
value = aws_eks_cluster.this.vpc_config[0].cluster_security_group_id
}
output "additional_security_groups" {
description = "The list of additional security groups for the EKS control plane."
value = aws_eks_cluster.this.vpc_config[0].security_group_ids
}
output "security_group_ids" {
description = "Security groups that were created for the EKS cluster."
value = {
control_plane = module.security_group__control_plane.id
node = module.security_group__node.id
pod = module.security_group__pod.id
}
}
output "endpoint" {
description = "The endpoint for the Kubernetes API server."
value = aws_eks_cluster.this.endpoint
}
output "endpoint_access" {
description = "The configuration for the endpoint access to the Kubernetes API server endpoint."
value = {
private_access_enabled = aws_eks_cluster.this.vpc_config[0].endpoint_private_access
public_access_enabled = aws_eks_cluster.this.vpc_config[0].endpoint_public_access
public_access_cidrs = aws_eks_cluster.this.vpc_config[0].public_access_cidrs
}
}
output "outpost_config" {
description = <<EOF
The configurations of the outpost for the EKS cluster.
`outposts` - The list of the Outposts ARNs.
`control_plane_instance_type` - The EC2 instance type of the local EKS control plane node on Outposts.
`control_plane_placement_group` - The name of the placement group for the EKS control plane node on Outposts.
EOF
value = (var.outpost_config != null
? {
outposts = aws_eks_cluster.this.outpost_config[0].outpost_arns
cluster_id = aws_eks_cluster.this.cluster_id
control_plane_instance_type = aws_eks_cluster.this.outpost_config[0].control_plane_instance_type
control_plane_placement_group = one(aws_eks_cluster.this.outpost_config[0].control_plane_placement[*].group_name)
}
: null
)
}
output "kubernetes_network_config" {
description = <<EOF
The configurations of Kubernetes network.
`service_ipv4_cidr` - The IPv4 CIDR block which is assigned to Kubernetes service IP addresses.
`service_ipv6_cidr` - The IPv6 CIDR block that Kubernetes pod and service IP addresses are assigned from if you specified `IPV6` for `ip_family` when you created the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
`ip_family` - The IP family used to assign Kubernetes pod and service addresses.
EOF
value = {
service_ipv4_cidr = aws_eks_cluster.this.kubernetes_network_config[0].service_ipv4_cidr
service_ipv6_cidr = aws_eks_cluster.this.kubernetes_network_config[0].service_ipv6_cidr
ip_family = var.kubernetes_network_config.ip_family
}
}
output "authentication_mode" {
description = "The authentication mode for the cluster."
value = aws_eks_cluster.this.access_config[0].authentication_mode
}
output "ca_cert" {
description = "The base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster."
value = aws_eks_cluster.this.certificate_authority[0].data
}
output "secrets_encryption" {
description = <<EOF
The configurations of the encryption of Kubernetes secrets.
EOF
value = {
enabled = var.secrets_encryption.enabled
kms_key = one(aws_eks_cluster.this.encryption_config[*].provider[0].key_arn)
}
}
output "cluster_role" {
description = "The IAM Role for the EKS cluster."
value = aws_eks_cluster.this.role_arn
}
output "default_cluster_role" {
description = "The default IAM Role for the EKS cluster."
value = one(module.role)
}
output "default_node_role" {
description = "The default IAM Role for the EKS node."
value = one(module.role__node)
}
output "irsa_oidc_provider" {
description = <<EOF
The configurations of the OIDC provider for IRSA (IAM Roles for Service Accounts).
`arn` - The ARN assigned by AWS for this provider.
`url` - The URL of the identity provider.
`urn` - The URN of the identity provider.
`audiences` - A list of audiences (also known as client IDs) for the IAM OIDC provider.
EOF
value = {
arn = module.oidc_provider.arn
url = aws_eks_cluster.this.identity[0].oidc[0].issuer
urn = module.oidc_provider.urn
audiences = module.oidc_provider.audiences
}
}
output "logging" {
description = "The configurations of the control plane logging."
value = {
log_types = aws_eks_cluster.this.enabled_cluster_log_types
cloudwatch_log_group = {
arn = data.aws_cloudwatch_log_group.this.arn
name = data.aws_cloudwatch_log_group.this.name
}
}
}
output "oidc_identity_providers" {
description = "A map of all associated OIDC Identity Providers to the cluster."
value = {
for name, provider in aws_eks_identity_provider_config.this :
name => {
arn = provider.arn
status = provider.status
name = provider.oidc[0].identity_provider_config_name
issuer_url = provider.oidc[0].issuer_url
client_id = provider.oidc[0].client_id
required_claims = provider.oidc[0].required_claims
username_claim = provider.oidc[0].username_claim
username_prefix = provider.oidc[0].username_prefix
groups_claim = provider.oidc[0].groups_claim
groups_prefix = provider.oidc[0].groups_prefix
}
}
}
output "created_at" {
description = "The Unix epoch timestamp in seconds for when the cluster was created."
value = aws_eks_cluster.this.created_at
}
# output "debug" {
# value = {
# for k, v in aws_eks_cluster.this :
# k => v
# if !contains(["arn", "access_config", "certificate_authority", "tags", "tags_all", "created_at", "role_arn", "name", "status", "version", "timeouts", "platform_version", "kubernetes_network_config", "id", "endpoint", "encryption_config", "outpost_config", "identity", "vpc_config", "enabled_cluster_log_types", "cluster_id"], k)
# }
# }