Inputs
The following input variables are supported:
arm_nodes_enabled
Description: Whether to allow pods to schedule on arm64 nodes
Type: bool
Default: true
burstable_nodes_enabled
Description: Whether to allow pods to schedule on burstable nodes
Type: bool
Default: true
cilium_required
Description: True iff the Cilium CNI is required to be installed on a node prior to scheduling on it
Type: bool
Default: true
common_env
Description: Key pair values of the environment variables for each container
Type: map(string)
Default: {}
common_env_from_config_maps
Description: Environment variables that are sourced from existing Kubernetes ConfigMaps. The keys are the environment variables names and the values are the ConfigMap references.
Type:
map(object({ config_map_name = string key = string }))Default: {}
common_env_from_secrets
Description: Environment variables that are sourced from existing Kubernetes Secrets. The keys are the environment variables names and the values are the Secret references.
Type:
map(object({ secret_name = string key = string }))Default: {}
common_secrets
Description: Key pair values of secrets to add to the containers as environment variables
Type: map(string)
Default: {}
config_map_mounts
Description: A mapping of ConfigMap names to their mount configuration in the containers of the DaemonSet
Type:
map(object({ mount_path = string # Where in the containers to mount the ConfigMap optional = optional(bool, false) # Whether the pod can launch if this ConfigMap does not exist }))Default: {}
containers
Description: A list of container configurations for the pod
Type:
list(object({ name = string # A unique name for the container within the pod init = optional(bool, false) # Iff true, the container will be an init container image_registry = string # The URL for a container image registry (e.g., docker.io) image_repository = string # The path to the image repository within the registry (e.g., library/nginx) image_tag = string # The tag for a specific image within the repository (e.g., 1.27.1) command = list(string) # The command to be run as the root process inside the container working_dir = optional(string, null) # The directory the command will be run in. If left null, will default to the working directory set by the image image_pull_policy = optional(string, "IfNotPresent") # Sets the container's ImagePullPolicy minimum_memory = optional(number, 100) #The minimum amount of memory in megabytes maximum_memory = optional(number, null) #The maximum amount of memory in megabytes memory_limit_multiplier = optional(number, 1.3) # memory limits = memory request x this value minimum_cpu = optional(number, 10) # The minimum amount of cpu millicores maximum_cpu = optional(number, null) # The maximum amount of cpu to allow (in millicores) privileged = optional(bool, false) # Whether to allow the container to run in privileged mode run_as_root = optional(bool, false) # Whether to run the container as root uid = optional(number, 1000) # user to use when running the container if not root linux_capabilities = optional(list(string), []) # Default is drop ALL seccomp_profile_type = optional(string, null) # Seccomp profile type (e.g., RuntimeDefault, Unconfined). If null, no explicit profile is set. read_only = optional(bool, true) # Whether to use a readonly file system env = optional(map(string), {}) # Environment variables specific to the container liveness_probe_command = optional(list(string), null) # Will run the specified command as the liveness probe if type is exec liveness_probe_port = optional(number, null) # The number of the port for the liveness_probe liveness_probe_type = optional(string, null) # Either exec, HTTP, or TCP liveness_probe_route = optional(string, null) # The route if using HTTP liveness_probes liveness_probe_scheme = optional(string, "HTTP") # HTTP or HTTPS readiness_probe_command = optional(list(string), null) # Will run the specified command as the ready check probe if type is exec (default to liveness_probe_command) readiness_probe_port = optional(number, null) # The number of the port for the ready check (default to liveness_probe_port) readiness_probe_type = optional(string, null) # Either exec, HTTP, or TCP (default to liveness_probe_type) readiness_probe_route = optional(string, null) # The route if using HTTP ready checks (default to liveness_probe_route) readiness_probe_scheme = optional(string, null) # Whether to use HTTP or HTTPS (default to liveness_probe_scheme) ports = optional(map(object({ # Keys are the port names, and the values are the port configuration. port = number # Port on the backing pods that traffic should be routed to service_port = optional(number, null) # Port to expose on the service. defaults to port protocol = optional(string, "TCP") # One of TCP, UDP, or SCTP expose_on_service = optional(bool, true) # Whether this port should be listed on the DaemonSet's service })), {}) }))Default: n/a
controller_nodes_enabled
Description: Whether to allow pods to schedule on EKS Node Group nodes (controller nodes)
Type: bool
Default: true
dns_policy
Description: The DNS policy for the pods
Type: string
Default: "ClusterFirst"
extra_annotations
Description: A map of extra annotations that will be added to the DaemonSet (not the pods)
Type: map(string)
Default: {}
extra_labels
Description: A map of extra labels that will be added to the DaemonSet (not the pods)
Type: map(string)
Default: {}
extra_pod_annotations
Description: Annotations to add to the pods in the DaemonSet
Type: map(string)
Default: {}
extra_pod_labels
Description: Extra pod labels to use
Type: map(string)
Default: {}
extra_tolerations
Description: Extra tolerations to add to the pods
Type:
list(object({ key = optional(string) operator = string value = optional(string) effect = optional(string) }))Default: []
host_network
Description: Whether the generated pods are allowed to use the host network
Type: bool
Default: false
linkerd_enabled
Description: True iff the Linkerd sidecar should be injected into the pods
Type: bool
Default: true
linkerd_required
Description: True iff the Linkerd CNI is required to be installed on a node prior to scheduling on it
Type: bool
Default: true
min_available
Description: Controls how many pods are allowed to be unavailable in the DaemonSet under the Pod Disruption Budget
Type: number
Default: 0
min_ready_seconds
Description: The minimum number of seconds for which a newly created pod should be ready without any of its containers crashing.
Type: number
Default: 5
mount_owner
Description: The ID of the group that owns the mounted volumes
Type: number
Default: 1000
name
Description: The name of this DaemonSet
Type: string
Default: n/a
namespace
Description: The namespace the DaemonSet should be created in
Type: string
Default: n/a
node_requirements
Description: Node label requirements for the pods
Type: map(list(string))
Default: {}
pod_version_labels_enabled
Description: Whether to add version labels to the Pod. Useful for ensuring pods do not get recreated on frequent updates.
Type: bool
Default: true
priority_class_name
Description: The priority class to use for pods in the DaemonSet
Type: string
Default: "system-node-critical"
pull_through_cache_enabled
Description: Whether to use the ECR pull through cache for the deployed images
Type: bool
Default: true
restart_policy
Description: The pod restart policy
Type: string
Default: "Always"
secret_mounts
Description: A mapping of Secret names to their mount configuration in the containers of the DaemonSet
Type:
map(object({ mount_path = string # Where in the containers to mount the Secret optional = optional(bool, false) # Whether the pod can launch if this Secret does not exist }))Default: {}
spot_nodes_enabled
Description: Whether to allow pods to schedule on spot nodes
Type: bool
Default: true
termination_grace_period_seconds
Description: The number of seconds to wait for graceful termination before forcing termination
Type: number
Default: 30
tmp_directories
Description: A mapping of temporary directory names (arbitrary) to their configuration
Type:
map(object({ mount_path = string # Where in the containers to mount the temporary directories size_mb = optional(number, 100) # The number of MB to allocate for the directory node_local = optional(bool, false) # If true, the temporary storage will come from the node rather than a PVC }))Default: {}
unhealthy_pod_eviction_policy
Description: Whether to allow unhealthy pods to be evicted. See https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy.
Type: string
Default: "AlwaysAllow"
update_type
Description: The type of update that the DaemonSet should use. One of: RollingUpdate, OnDelete
Type: string
Default: "RollingUpdate"
vpa_enabled
Description: Whether to enable the vertical pod autoscaler
Type: bool
Default: true
wait_for_rollout
Description: Whether to wait for the DaemonSet rollout before allowing terraform to proceed
Type: bool
Default: false
Outputs
The following outputs are exported:
labels
Description: The default labels assigned to all resources in this DaemonSet
match_labels
Description: The labels unique to this Deployment that can be used to select any pods in this DaemonSet
service_account_name
Description: The service account used for the pods
Providers
The following providers are needed by this module:
kubectl (2.1.6)
kubernetes (2.35.0)
pf (0.0.7)
random (3.8.1)