Query

aws::eks-cluster

Creates an eks cluster.

Example

aws::eks-cluster ex
    name: "example-eks-gyro"
    role: "arn:aws:iam::242040583208:role/EXAMPLE_EKS_ROLE"
    version: 1.15

    vpc-config
        enable-endpoint-private-access: true
        enable-endpoint-public-access: true

        subnets: [
            $(aws::subnet "subnet-example-us-east-1a"),
            $(aws::subnet "subnet-example-us-east-1b")
        ]

        security-groups: [
            $(aws::security-group security-group-example)
        ]

        public-access-cidrs: [
            "0.0.0.0/0"
        ]
    end

    logging
        enabled-log-types
            log-types: [audit, api]
        end
    end

    encryption-config
        provider
            key: $(external-query aws::kms-key { key-id: "c5245825-8526-4032-a67c-21656f220312"})
        end
    end

    tags: {
        "example-tag-key": "example-tag-value"
    }
end

Attributes

Attribute	Description
name	The name of the EKS cluster. (Required)
role	The IAM role that provides permissions for the EKS. (Required)
version	The desired Kubernetes version for your cluster. Defaults to 1.15
vpc-config subresource	The VPC configuration used by the cluster. (Required) enable-endpoint-private-access Allow private access to your cluster’s Kubernetes API server endpoint. Defaults to true. enable-endpoint-public-access Allow public access to your cluster’s Kubernetes API server endpoint. Defaults to false. public-access-cidrs list The CIDR blocks that are allowed access to your cluster’s public Kubernetes API server endpoint. Defaults to 0.0.0.0/0. security-groups list The security groups to use to allow communication between your worker nodes and the Kubernetes control plane. subnets list The subnets for the Amazon EKS worker nodes. (Required)
logging subresource	The logging configuration used by the cluster. enabled-log-types list The cluster control plane logging configuration for your cluster. (Required)
encryption-config list subresource	The encryption configuration used by the cluster. provider subresource The provider to use for the cluster. (Required) key The Key Management Service (KMS) customer master key (CMK) for the cluster. (Required)
addon list subresource	The addon configuration for the cluster. addon-name The name of the add-on. (Required) addon-version The version of the add-on. resolve-conflicts Overwrites configuration when set to OVERWRITE. Valid values are OVERWRITE or NONE. service-account-role The existing IAM role to bind to the add-on’s service account. tags map The metadata to apply to the cluster to assist with categorization and organization.
tags map	The tags to attach to the cluster.
authentication subresource	The authentication config for the cluster. name The name of the identity provider configuration. (Required) config subresource The identity provider configuration. (Required) client-id The ID of the client that the makes authentication request. (Required) groups-claim The claim that the JWT token that the oidc provider uses to return groups. groups-prefix The prefix prepended to group claims to avoid naming conflicts. issuer-url The url of the identity provider that allows the discovery of public signed keys for authentication to EKS. (Required) required-claims map A key value pair that determines required claims apart from the group and user claims. username-claim The claim that the JWT token that the oidc provider uses to return users. username-prefix A prefix prepended to user claims to avoid naming conflicts. tags map The tags for the identity provider configuration.

Outputs

Attribute	Description
arn	The Amazon Resource Number (ARN) of the cluster.
oidc-provider-url	The issuer URL for the OIDC identity provider.
endpoint	The endpoint for the cluster.
certificate-authority-data	The certificate authority to verify when connecting to the cluster.