generated from aws-ia/terraform-repo-template
-
Notifications
You must be signed in to change notification settings - Fork 16
/
variables.tf
164 lines (136 loc) · 4.8 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
variable "name" {
description = "A common name used across resources created unless a more specific resource name is provdied"
type = string
default = ""
}
variable "annotations" {
description = "A map of Kubernetes annotations to add to all resources"
type = map(string)
default = {}
}
variable "labels" {
description = "A map of Kubernetes labels to add to all resources"
type = map(string)
default = {}
}
variable "tags" {
description = "A map of tags to add to all AWS resources"
type = map(string)
default = {}
}
################################################################################
# K8s Namespace
################################################################################
variable "namespaces" {
description = "A map of Kubernetes namespace definitions to create"
type = any
default = {}
}
################################################################################
# K8s Cluster Role
################################################################################
variable "create_cluster_role" {
description = "Determines whether a Kubernetes cluster role is created"
type = bool
default = true
}
variable "cluster_role_name" {
description = "Name to use on Kubernetes cluster role created"
type = string
default = ""
}
################################################################################
# K8s Cluster Role
################################################################################
variable "create_role" {
description = "Determines whether a Kubernetes role is created. Note: the role created is a cluster role but its bound to only namespaced role bindings"
type = bool
default = true
}
variable "role_name" {
description = "Name to use on Kubernetes role created"
type = string
default = ""
}
################################################################################
# IAM Role
################################################################################
variable "create_iam_role" {
description = "Determines whether an IAM role is created or to use an existing IAM role"
type = bool
default = true
}
variable "iam_role_arn" {
description = "Existing IAM role ARN for the node group. Required if `create_iam_role` is set to `false`"
type = string
default = null
}
variable "iam_role_name" {
description = "Name to use on IAM role created"
type = string
default = null
}
variable "iam_role_use_name_prefix" {
description = "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
type = bool
default = true
}
variable "iam_role_path" {
description = "IAM role path"
type = string
default = null
}
variable "iam_role_description" {
description = "Description of the role"
type = string
default = null
}
variable "iam_role_max_session_duration" {
description = "Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours"
type = number
default = null
}
variable "iam_role_permissions_boundary" {
description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
type = string
default = null
}
variable "iam_role_policies" {
description = "IAM policies to be added to the IAM role created"
type = map(string)
default = {}
}
# IRSA
variable "users" {
description = "A list of IAM user and/or role ARNs that can assume the IAM role created"
type = list(string)
default = []
}
variable "principal_arns" {
description = "A list of IAM principal arns to support passing wildcards for AWS Identity Center (SSO) roles. [Reference](https://docs.aws.amazon.com/singlesignon/latest/userguide/referencingpermissionsets.html#custom-trust-policy-example)"
type = list(string)
default = []
}
variable "oidc_provider_arn" {
description = "ARN of the OIDC provider created by the EKS cluster"
type = string
default = ""
}
variable "cluster_arn" {
description = "The Amazon Resource Name (ARN) of the cluster"
type = string
default = ""
}
################################################################################
# Admin IAM Role Policy
################################################################################
variable "enable_admin" {
description = "Determines whether an IAM role policy is created to grant admin access to the Kubernetes cluster"
type = bool
default = false
}
variable "admin_policy_name" {
description = "Name to use on admin IAM policy created"
type = string
default = ""
}