Skip to content

Commit a274c09

Browse files
tiago-vieira-sqillstiagovmvieira
tiago-vieira-sqills
authored and
tiagovmvieira
committed
feat: Add support for deletion protection functionality in the cluster
1 parent d97712a commit a274c09

File tree

3 files changed

+8
-0
lines changed

3 files changed

+8
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -409,6 +409,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
409409
| <a name="input_eks_managed_node_groups"></a> [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | Map of EKS managed node group definitions to create | <pre>map(object({<br/> create = optional(bool)<br/> kubernetes_version = optional(string)<br/><br/> # EKS Managed Node Group<br/> name = optional(string) # Will fall back to map key<br/> use_name_prefix = optional(bool)<br/> subnet_ids = optional(list(string))<br/> min_size = optional(number)<br/> max_size = optional(number)<br/> desired_size = optional(number)<br/> ami_id = optional(string)<br/> ami_type = optional(string)<br/> ami_release_version = optional(string)<br/> use_latest_ami_release_version = optional(bool)<br/> capacity_type = optional(string)<br/> disk_size = optional(number)<br/> force_update_version = optional(bool)<br/> instance_types = optional(list(string))<br/> labels = optional(map(string))<br/> node_repair_config = optional(object({<br/> enabled = optional(bool)<br/> }))<br/> remote_access = optional(object({<br/> ec2_ssh_key = optional(string)<br/> source_security_group_ids = optional(list(string))<br/> }))<br/> taints = optional(map(object({<br/> key = string<br/> value = optional(string)<br/> effect = string<br/> })))<br/> update_config = optional(object({<br/> max_unavailable = optional(number)<br/> max_unavailable_percentage = optional(number)<br/> }))<br/> timeouts = optional(object({<br/> create = optional(string)<br/> update = optional(string)<br/> delete = optional(string)<br/> }))<br/> # User data<br/> enable_bootstrap_user_data = optional(bool)<br/> pre_bootstrap_user_data = optional(string)<br/> post_bootstrap_user_data = optional(string)<br/> bootstrap_extra_args = optional(string)<br/> user_data_template_path = optional(string)<br/> cloudinit_pre_nodeadm = optional(list(object({<br/> content = string<br/> content_type = optional(string)<br/> filename = optional(string)<br/> merge_type = optional(string)<br/> })))<br/> cloudinit_post_nodeadm = optional(list(object({<br/> content = string<br/> content_type = optional(string)<br/> filename = optional(string)<br/> merge_type = optional(string)<br/> })))<br/> # Launch Template<br/> create_launch_template = optional(bool)<br/> use_custom_launch_template = optional(bool)<br/> launch_template_id = optional(string)<br/> launch_template_name = optional(string) # Will fall back to map key<br/> launch_template_use_name_prefix = optional(bool)<br/> launch_template_version = optional(string)<br/> launch_template_default_version = optional(string)<br/> update_launch_template_default_version = optional(bool)<br/> launch_template_description = optional(string)<br/> launch_template_tags = optional(map(string))<br/> tag_specifications = optional(list(string))<br/> ebs_optimized = optional(bool)<br/> key_name = optional(string)<br/> disable_api_termination = optional(bool)<br/> kernel_id = optional(string)<br/> ram_disk_id = optional(string)<br/> block_device_mappings = optional(map(object({<br/> device_name = optional(string)<br/> ebs = optional(object({<br/> delete_on_termination = optional(bool)<br/> encrypted = optional(bool)<br/> iops = optional(number)<br/> kms_key_id = optional(string)<br/> snapshot_id = optional(string)<br/> throughput = optional(number)<br/> volume_initialization_rate = optional(number)<br/> volume_size = optional(number)<br/> volume_type = optional(string)<br/> }))<br/> no_device = optional(string)<br/> virtual_name = optional(string)<br/> })))<br/> capacity_reservation_specification = optional(object({<br/> capacity_reservation_preference = optional(string)<br/> capacity_reservation_target = optional(object({<br/> capacity_reservation_id = optional(string)<br/> capacity_reservation_resource_group_arn = optional(string)<br/> }))<br/> }))<br/> cpu_options = optional(object({<br/> amd_sev_snp = optional(string)<br/> core_count = optional(number)<br/> threads_per_core = optional(number)<br/> }))<br/> credit_specification = optional(object({<br/> cpu_credits = optional(string)<br/> }))<br/> enclave_options = optional(object({<br/> enabled = optional(bool)<br/> }))<br/> instance_market_options = optional(object({<br/> market_type = optional(string)<br/> spot_options = optional(object({<br/> block_duration_minutes = optional(number)<br/> instance_interruption_behavior = optional(string)<br/> max_price = optional(string)<br/> spot_instance_type = optional(string)<br/> valid_until = optional(string)<br/> }))<br/> }))<br/> license_specifications = optional(list(object({<br/> license_configuration_arn = string<br/> })))<br/> metadata_options = optional(object({<br/> http_endpoint = optional(string)<br/> http_protocol_ipv6 = optional(string)<br/> http_put_response_hop_limit = optional(number)<br/> http_tokens = optional(string)<br/> instance_metadata_tags = optional(string)<br/> }))<br/> enable_monitoring = optional(bool)<br/> enable_efa_support = optional(bool)<br/> enable_efa_only = optional(bool)<br/> efa_indices = optional(list(string))<br/> create_placement_group = optional(bool)<br/> placement = optional(object({<br/> affinity = optional(string)<br/> availability_zone = optional(string)<br/> group_name = optional(string)<br/> host_id = optional(string)<br/> host_resource_group_arn = optional(string)<br/> partition_number = optional(number)<br/> spread_domain = optional(string)<br/> tenancy = optional(string)<br/> }))<br/> network_interfaces = optional(list(object({<br/> associate_carrier_ip_address = optional(bool)<br/> associate_public_ip_address = optional(bool)<br/> connection_tracking_specification = optional(object({<br/> tcp_established_timeout = optional(number)<br/> udp_stream_timeout = optional(number)<br/> udp_timeout = optional(number)<br/> }))<br/> delete_on_termination = optional(bool)<br/> description = optional(string)<br/> device_index = optional(number)<br/> ena_srd_specification = optional(object({<br/> ena_srd_enabled = optional(bool)<br/> ena_srd_udp_specification = optional(object({<br/> ena_srd_udp_enabled = optional(bool)<br/> }))<br/> }))<br/> interface_type = optional(string)<br/> ipv4_address_count = optional(number)<br/> ipv4_addresses = optional(list(string))<br/> ipv4_prefix_count = optional(number)<br/> ipv4_prefixes = optional(list(string))<br/> ipv6_address_count = optional(number)<br/> ipv6_addresses = optional(list(string))<br/> ipv6_prefix_count = optional(number)<br/> ipv6_prefixes = optional(list(string))<br/> network_card_index = optional(number)<br/> network_interface_id = optional(string)<br/> primary_ipv6 = optional(bool)<br/> private_ip_address = optional(string)<br/> security_groups = optional(list(string), [])<br/> subnet_id = optional(string)<br/> })))<br/> maintenance_options = optional(object({<br/> auto_recovery = optional(string)<br/> }))<br/> private_dns_name_options = optional(object({<br/> enable_resource_name_dns_aaaa_record = optional(bool)<br/> enable_resource_name_dns_a_record = optional(bool)<br/> hostname_type = optional(string)<br/> }))<br/> # IAM role<br/> create_iam_role = optional(bool)<br/> iam_role_arn = optional(string)<br/> iam_role_name = optional(string)<br/> iam_role_use_name_prefix = optional(bool)<br/> iam_role_path = optional(string)<br/> iam_role_description = optional(string)<br/> iam_role_permissions_boundary = optional(string)<br/> iam_role_tags = optional(map(string))<br/> iam_role_attach_cni_policy = optional(bool)<br/> iam_role_additional_policies = optional(map(string))<br/> create_iam_role_policy = optional(bool)<br/> iam_role_policy_statements = optional(list(object({<br/> sid = optional(string)<br/> actions = optional(list(string))<br/> not_actions = optional(list(string))<br/> effect = optional(string)<br/> resources = optional(list(string))<br/> not_resources = optional(list(string))<br/> principals = optional(list(object({<br/> type = string<br/> identifiers = list(string)<br/> })))<br/> not_principals = optional(list(object({<br/> type = string<br/> identifiers = list(string)<br/> })))<br/> condition = optional(list(object({<br/> test = string<br/> values = list(string)<br/> variable = string<br/> })))<br/> })))<br/> # Security group<br/> vpc_security_group_ids = optional(list(string), [])<br/> attach_cluster_primary_security_group = optional(bool, false)<br/> cluster_primary_security_group_id = optional(string)<br/> create_security_group = optional(bool)<br/> security_group_name = optional(string)<br/> security_group_use_name_prefix = optional(bool)<br/> security_group_description = optional(string)<br/> security_group_ingress_rules = optional(map(object({<br/> name = optional(string)<br/> cidr_ipv4 = optional(string)<br/> cidr_ipv6 = optional(string)<br/> description = optional(string)<br/> from_port = optional(string)<br/> ip_protocol = optional(string)<br/> prefix_list_id = optional(string)<br/> referenced_security_group_id = optional(string)<br/> self = optional(bool)<br/> tags = optional(map(string))<br/> to_port = optional(string)<br/> })))<br/> security_group_egress_rules = optional(map(object({<br/> name = optional(string)<br/> cidr_ipv4 = optional(string)<br/> cidr_ipv6 = optional(string)<br/> description = optional(string)<br/> from_port = optional(string)<br/> ip_protocol = optional(string)<br/> prefix_list_id = optional(string)<br/> referenced_security_group_id = optional(string)<br/> self = optional(bool)<br/> tags = optional(map(string))<br/> to_port = optional(string)<br/> })), {})<br/> security_group_tags = optional(map(string))<br/><br/> tags = optional(map(string))<br/> }))</pre> | `null` | no |
410410
| <a name="input_enable_auto_mode_custom_tags"></a> [enable\_auto\_mode\_custom\_tags](#input\_enable\_auto\_mode\_custom\_tags) | Determines whether to enable permissions for custom tags resources created by EKS Auto Mode | `bool` | `true` | no |
411411
| <a name="input_enable_cluster_creator_admin_permissions"></a> [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no |
412+
| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | Whether to enable deletion protection for the EKS cluster | `bool` | `false` | no |
412413
| <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
413414
| <a name="input_enable_kms_key_rotation"></a> [enable\_kms\_key\_rotation](#input\_enable\_kms\_key\_rotation) | Specifies whether key rotation is enabled | `bool` | `true` | no |
414415
| <a name="input_enabled_log_types"></a> [enabled\_log\_types](#input\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | <pre>[<br/> "audit",<br/> "api",<br/> "authenticator"<br/>]</pre> | no |

main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ resource "aws_eks_cluster" "this" {
4242
role_arn = local.role_arn
4343
version = var.kubernetes_version
4444
enabled_cluster_log_types = var.enabled_log_types
45+
enable_deletion_protection = var.enable_deletion_protection
4546
bootstrap_self_managed_addons = false
4647
force_update_version = var.force_update_version
4748

variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,12 @@ variable "enabled_log_types" {
4444
default = ["audit", "api", "authenticator"]
4545
}
4646

47+
variable "enable_deletion_protection" {
48+
description = "Whether to enable deletion protection for the EKS cluster"
49+
type = bool
50+
default = false
51+
}
52+
4753
variable "force_update_version" {
4854
description = "Force version update by overriding upgrade-blocking readiness checks when updating a cluster"
4955
type = bool

0 commit comments

Comments
 (0)