tEKS is a set of Terraform / Terragrunt modules designed to get you everything you need to run a production EKS cluster on AWS. It ships with sensible defaults, and add a lot of common addons with their configurations that work out of the box.
The main goal of this project is to glue together commonly used tooling with Kubernetes/EKS and to get from an AWS Account to a production cluster with everything you need without any manual configuration.
A production cluster all defined in IaaC with Terraform/Terragrunt:
- AWS VPC if needed based on
terraform-aws-vpc
- EKS cluster base on
terraform-aws-eks
- Kubernetes addons based on
terraform-kubernetes-addons
: provides various addons that are often used on Kubernetes and specifically on EKS. - Kubernetes namespaces quota management based on
terraform-kubernetes-namespaces
: allows administrator to manage namespaces and quotas from a centralized configuration with Terraform. - AWS ECR registries management based on
terraform-aws-ecr
Everything is tied together with Terragrunt and allows you to deploy a multi cluster architecture in a matter of minutes (ok maybe an hour) and different AWS accounts for different environments.
The main additionals features are the curated addons list, see here and in the customization of the cluster policy
- Default PSP is removed and sensible defaults are enforced
- All addons have specific PSP enabled
- No IAM credentials on instances, everything is enforced with IRSA or KIAM
- Each addons is deployed in it's own namespace with sensible default network policies
- Prometheus Operator with defaults dashboards
- Addons that support metrics are enable along with their
serviceMonitor
- Custom grafana dashboard are available by default.
- All addons support Helm v3 configuration
- All charts are easily customizable
- priorityClasses for addons
- use of [
kubectl-provider
], no more local exec and custom manifest are properly handled - lot of manual stuff have been automated under the hood
Terragrunt is not a hard requirement but all the modules are tested with Terragrunt.
terraform/live
folder provides an opinionated directory structure for a production environment with an example using
If you wish to extend your infrastructure you can pick up additional modules on the clusterfrak-dynamics github page
master
: Backward incompatible with v1.X but compatible with v2.X, releases bumped to v3.X because a lot has changed.release-1.X
: Compatible with Terraform < 0.12 and Terragrunt < 0.19. Be sure to target the same modules version.release-2.X
: Compatible with Terraform >= 0.12 and Terragrunt >= 0.19. Be sure to target the same modules version.