Amazon EKS Add-ons¶
The Amazon EKS add-on implementation is generic and can be used to deploy any add-on supported by the EKS API; either native EKS addons or third party add-ons supplied via the AWS Marketplace.
See the EKS documentation for more details on EKS addon-ons, including the list of Amazon EKS add-ons from Amazon EKS, as well as Additional Amazon EKS add-ons from independent software vendors.
Architecture Support¶
The Amazon EKS provided add-ons listed below support both x86_64/amd64 and arm64 architectures. Third party add-ons that are available via the AWS Marketplace will vary based on the support provided by the add-on vendor. No additional changes are required to add-on configurations when switching between x86_64/amd64 and arm64 architectures; Amazon EKS add-ons utilize multi-architecture container images to support this functionality.
| Add-on | x86_64/amd64 | arm64 | 
|---|---|---|
| vpc-cni | ✅ | ✅ | 
| aws-ebs-csi-driver | ✅ | ✅ | 
| coredns | ✅ | ✅ | 
| kube-proxy | ✅ | ✅ | 
| adot | ✅ | ✅ | 
| aws-guardduty-agent | ✅ | ✅ | 
Usage¶
The Amazon EKS add-ons are provisioned via a generic interface behind the eks_addons argument which accepts a map of add-on configurations. The generic interface for an add-on is defined below for reference:
module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"
  # ... truncated for brevity
  eks_addons = {
    <key> = {
      name = string # Optional - <key> is used if `name` is not set
      most_recent          = bool
      addon_version        = string # overrides `most_recent` if set
      configuration_values = string # JSON string
      preserve                    = bool # defaults to `true`
      resolve_conflicts_on_create = string # defaults to `OVERWRITE`
      resolve_conflicts_on_update = string # defaults to `OVERWRITE`
      timeouts = {
        create = string # optional
        update = string # optional
        delete = string # optional
      }
      tags = map(string)
    }
  }
}
Example¶
module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"
  # ... truncated for brevity
  eks_addons = {
    # Amazon EKS add-ons
    aws-ebs-csi-driver = {
      most_recent              = true
      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
    }
    coredns = {
      most_recent = true
      timeouts = {
        create = "25m"
        delete = "10m"
      }
    }
    vpc-cni = {
      most_recent              = true
      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
    }
    kube-proxy = {}
    # Third party add-ons via AWS Marketplace
    kubecost_kubecost = {
      most_recent = true
    }
    teleport_teleport = {
      most_recent = true
    }
  }
}
Configuration Values¶
You can supply custom configuration values to each addon via the configuration_values argument of the add-on definition. The value provided must be a JSON encoded string and adhere to the JSON scheme provided by the version of the add-on. You can view this schema using the awscli by supplying the add-on name and version to the describe-addon-configuration command:
aws eks describe-addon-configuration \
--addon-name coredns \
--addon-version v1.10.1-eksbuild.2 \
--query 'configurationSchema' \
--output text | jq
Which returns the formatted JSON schema like below:
{
  "$ref": "#/definitions/Coredns",
  "$schema": "http://json-schema.org/draft-06/schema#",
  "definitions": {
    "Coredns": {
      "additionalProperties": false,
      "properties": {
        "affinity": {
          "default": {
            "affinity": {
              "nodeAffinity": {
                "requiredDuringSchedulingIgnoredDuringExecution": {
                  "nodeSelectorTerms": [
                    {
                      "matchExpressions": [
                        {
                          "key": "kubernetes.io/os",
                          "operator": "In",
                          "values": [
                            "linux"
                          ]
                        },
                        {
                          "key": "kubernetes.io/arch",
                          "operator": "In",
                          "values": [
                            "amd64",
                            "arm64"
                          ]
                        }
                      ]
                    }
                  ]
                }
              },
              "podAntiAffinity": {
                "preferredDuringSchedulingIgnoredDuringExecution": [
                  {
                    "podAffinityTerm": {
                      "labelSelector": {
                        "matchExpressions": [
                          {
                            "key": "k8s-app",
                            "operator": "In",
                            "values": [
                              "kube-dns"
                            ]
                          }
                        ]
                      },
                      "topologyKey": "kubernetes.io/hostname"
                    },
                    "weight": 100
                  }
                ]
              }
            }
          },
          "description": "Affinity of the coredns pods",
          "type": [
            "object",
            "null"
          ]
        },
        "computeType": {
          "type": "string"
        },
        "corefile": {
          "description": "Entire corefile contents to use with installation",
          "type": "string"
        },
        "nodeSelector": {
          "additionalProperties": {
            "type": "string"
          },
          "type": "object"
        },
        "replicaCount": {
          "type": "integer"
        },
        "resources": {
          "$ref": "#/definitions/Resources"
        },
        "tolerations": {
          "default": [
            {
              "key": "CriticalAddonsOnly",
              "operator": "Exists"
            },
            {
              "key": "node-role.kubernetes.io/master",
              "operator": "NoSchedule"
            }
          ],
          "description": "Tolerations of the coredns pod",
          "items": {
            "type": "object"
          },
          "type": "array"
        },
        "topologySpreadConstraints": {
          "description": "The coredns pod topology spread constraints",
          "type": "array"
        }
      },
      "title": "Coredns",
      "type": "object"
    },
    "Limits": {
      "additionalProperties": false,
      "properties": {
        "cpu": {
          "type": "string"
        },
        "memory": {
          "type": "string"
        }
      },
      "title": "Limits",
      "type": "object"
    },
    "Resources": {
      "additionalProperties": false,
      "properties": {
        "limits": {
          "$ref": "#/definitions/Limits"
        },
        "requests": {
          "$ref": "#/definitions/Limits"
        }
      },
      "title": "Resources",
      "type": "object"
    }
  }
}
You can supply the configuration values to the add-on by passing a map of the values wrapped in the jsonencode() function as shown below:
module "eks_blueprints_addons" {
  source = "aws-ia/eks-blueprints-addons/aws"
  # ... truncated for brevity
  eks_addons = {
     coredns = {
      most_recent = true
      configuration_values = jsonencode({
        replicaCount = 4
        tolerations = [
        {
          key      = "dedicated",
          operator = "Equal",
          effect   = "NoSchedule",
          value    = "orchestration-seb"
        }
        ]
        topologySpreadConstraints = [
          {
            maxSkew = 1
            topologyKey = "topology.kubernetes.io/zone"
            whenUnsatisfiable = "ScheduleAnyway"
            labelSelector = {
              matchLabels = {
                k8s-app: "kube-dns"
              }
            }
          }
        ]
        affinity = {
          nodeAffinity = {
            requiredDuringSchedulingIgnoredDuringExecution = {
              nodeSelectorTerms = [
              {
                matchExpressions = [
                  {
                    key = "kubernetes.io/os"
                    operator = "In"
                    values = ["linux"]
                  },
                  {
                    key = "kubernetes.io/arch"
                    operator = "In"
                    values = ["amd64"]
                  }
                ]
              }]
            }
          }
          podAffinity = {
            requiredDuringSchedulingIgnoredDuringExecution = [{
                labelSelector = {
                  matchExpressions = [
                    {
                      key = "k8s-app"
                      operator = "NotIn"
                      values = ["kube-dns"]
                    }
                  ]
                }
                topologyKey = "kubernetes.io/hostname"
            }
            ]
          }
          podAntiAffinity = {
            preferredDuringSchedulingIgnoredDuringExecution = [{
              podAffinityTerm = {
                labelSelector = {
                  matchExpressions = [
                    {
                      key = "k8s-app"
                      operator = "In"
                      values = ["kube-dns"]
                    }
                  ]
                }
                topologyKey = "kubernetes.io/hostname"
              }
              weight = 100
              }
            ]
            requiredDuringSchedulingIgnoredDuringExecution = [{
                labelSelector = {
                  matchExpressions = [
                    {
                      key = "k8s-app"
                      operator = "In"
                      values = ["kube-dns"]
                    }
                  ]
                }
                topologyKey = "kubernetes.io/hostname"
              }
            ]
          }
        }
        resources = {
          limits = {
            cpu    = "100m"
            memory = "150Mi"
          }
          requests = {
            cpu    = "100m"
            memory = "150Mi"
        }
      })
    }