Skip to content

Commit

Permalink
feat: revamp module similarly to other modules (#4)
Browse files Browse the repository at this point in the history
* refactor: rename local to locals.tf

* refactor: move chart to same folder as other modules

* refactor: rename required providers file

* feat: refactor multiple variables and main to same changes as other modules

* fix: change value to renamed variable

* feat: upgrade chart to v2.3.5

* feat: add wait, timeouts and retry blocks to argocd_application

* docs(terraform-docs): generate docs and write to README.adoc

* chore: terraform fmt

* fix: add tobool function

* style: rename files to canonical naming scheme

* feat: add variable for controller role arn annotation (#5)

* feat: add variable for controller role arn annotation

* docs(terraform-docs): generate docs and write to README.adoc

---------

Co-authored-by: ckaenzig <ckaenzig@users.noreply.github.com>

Release-As: v1.0.0-alpha.2

* chore(main): release 1.0.0-alpha.2 (#6)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* docs(terraform-docs): generate docs and write to README.adoc

* feat: add code to conditionally create an IAM assumable role

* docs(terraform-docs): generate docs and write to README.adoc

* fix: add asterisk because resource is not always created

* fix: fix conditions for the creation of the iam role

* fix: hardcode the namespace kube-system

* style: change name prefix for the iam policy

* chore: remove TODO

* docs(terraform-docs): generate docs and write to README.adoc

* fix: use empty string instead of null as default

* docs(terraform-docs): generate docs and write to README.adoc

* fix: force the use of a flag to avoid resource creation error

* docs(terraform-docs): generate docs and write to README.adoc

* fix: fix typo

* docs(terraform-docs): generate docs and write to README.adoc

* feat: use name prefix instead of full name

* docs(terraform-docs): generate docs and write to README.adoc

* fix: force the use of a flag to avoid resource creation error

* docs(terraform-docs): generate docs and write to README.adoc

* fix: fix typo

* docs(terraform-docs): generate docs and write to README.adoc

* docs(terraform-docs): generate docs and write to README.adoc

* fix: add versions to terraform providers

* style: remove useless code

* docs(terraform-docs): generate docs and write to README.adoc

* chore: update chart version

* docs: add documentation

* docs(terraform-docs): generate docs and write to README.adoc

* docs: fix aws_efs_mount_target

* docs: rewording and formatting of variables' descriptions

* docs(terraform-docs): generate docs and write to README.adoc

* fix: change to looser versions constraints as per best practices

See documentation [here](https://developer.hashicorp.com/terraform/language/providers/requirements#version-constraints).

* docs(terraform-docs): generate docs and write to README.adoc

---------

Co-authored-by: lentidas <lentidas@users.noreply.github.com>
Co-authored-by: Christian Kaenzig <christian.kaenzig@camptocamp.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Release-As: v1.0.0-alpha.3
  • Loading branch information
4 people authored Mar 8, 2023
1 parent ed5aa22 commit ffc6119
Show file tree
Hide file tree
Showing 13 changed files with 446 additions and 87 deletions.
328 changes: 283 additions & 45 deletions README.adoc

Large diffs are not rendered by default.

2 changes: 0 additions & 2 deletions README.md

This file was deleted.

6 changes: 6 additions & 0 deletions charts/efs-csi-driver/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: aws-efs-csi-driver
repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver/
version: 2.3.8
digest: sha256:9523cdb94ec469269f4bfd7e2ebaa8ce16ea87640f3c30bd11224af4d459b590
generated: "2023-02-24T15:16:18.919117844+01:00"
File renamed without changes.
Binary file not shown.
1 change: 1 addition & 0 deletions charts/efs-csi-driver/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
---
6 changes: 0 additions & 6 deletions helm/Chart.lock

This file was deleted.

Binary file removed helm/charts/aws-efs-csi-driver-2.2.7.tgz
Binary file not shown.
8 changes: 5 additions & 3 deletions local.tf → locals.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
helm_values = {
helm_values = [{
"aws-efs-csi-driver" = {
nameOverride = var.name
storageClasses = [{
Expand All @@ -12,9 +12,11 @@ locals {
}]
controller = {
serviceAccount = {
annotations = var.iam_role_arn != "" ? { "eks.amazonaws.com/role-arn" = var.iam_role_arn } : {}
annotations = {
"eks.amazonaws.com/role-arn" = var.iam_role_arn != null ? var.iam_role_arn : module.iam_assumable_role_efs.iam_role_arn
}
}
}
}
}
}]
}
100 changes: 90 additions & 10 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
resource "null_resource" "dependencies" {
triggers = var.dependency_ids
}

resource "argocd_project" "this" {
metadata {
name = "efs-csi-driver"
Expand All @@ -13,7 +17,7 @@ resource "argocd_project" "this" {

destination {
name = "in-cluster"
namespace = var.destination_namespace
namespace = "kube-system"
}

orphaned_resources {
Expand All @@ -28,9 +32,63 @@ resource "argocd_project" "this" {
}

data "utils_deep_merge_yaml" "values" {
input = [
yamlencode(local.helm_values),
yamlencode(var.helm_values_overrides)
input = [for i in concat(local.helm_values, var.helm_values) : yamlencode(i)]
}

resource "aws_iam_policy" "efs" {
name_prefix = "efs-csi-driver-"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"ec2:DescribeAvailabilityZones"
]
Resource = "*"
},
{
Effect = "Allow"
Action = [
"elasticfilesystem:CreateAccessPoint"
]
Resource = "*"
Condition = {
StringLike = {
"aws:RequestTag/efs.csi.aws.com/cluster" = "true"
}
}
},
{
Effect = "Allow"
Action = "elasticfilesystem:DeleteAccessPoint"
Resource = "*"
Condition = {
StringEquals = {
"aws:ResourceTag/efs.csi.aws.com/cluster" = "true"
}
}
}
]
})
}

module "iam_assumable_role_efs" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "~> 5.0"
create_role = var.create_role
number_of_role_policy_arns = 1
role_name_prefix = format("efs-csi-driver-%s-", var.cluster_name)
provider_url = replace(var.cluster_oidc_issuer_url, "https://", "")
role_policy_arns = [resource.aws_iam_policy.efs.arn]

# List of ServiceAccounts that have permission to attach to this IAM role
oidc_fully_qualified_subjects = [
"system:serviceaccount:kube-system:efs-csi-controller-sa",
]
}

Expand All @@ -40,12 +98,19 @@ resource "argocd_application" "this" {
namespace = var.argocd_namespace
}

timeouts {
create = "15m"
delete = "15m"
}

wait = var.app_autosync == { "allow_empty" = tobool(null), "prune" = tobool(null), "self_heal" = tobool(null) } ? false : true

spec {
project = argocd_project.this.metadata.0.name

source {
repo_url = var.source_repository_url
path = "helm"
repo_url = "https://github.com/camptocamp/devops-stack-module-efs-csi-driver.git"
path = "charts/efs-csi-driver"
target_revision = var.target_revision
helm {
values = data.utils_deep_merge_yaml.values.output
Expand All @@ -54,18 +119,33 @@ resource "argocd_application" "this" {

destination {
name = "in-cluster"
namespace = var.destination_namespace
namespace = "kube-system"
}

sync_policy {
automated = {
prune = true
self_heal = true
automated = var.app_autosync

retry {
backoff = {
duration = ""
max_duration = ""
}
limit = "0"
}

sync_options = [
"CreateNamespace=true"
]
}
}

depends_on = [
resource.null_resource.dependencies,
]
}

resource "null_resource" "this" {
depends_on = [
resource.argocd_application.this,
]
}
4 changes: 4 additions & 0 deletions output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "id" {
description = "ID to pass other modules in order to refer to this module as a dependency."
value = resource.null_resource.this.id
}
7 changes: 4 additions & 3 deletions terraform.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
terraform {
required_providers {
argocd = {
source = "oboukili/argocd"
source = "oboukili/argocd"
version = ">= 4"
}

utils = {
source = "cloudposse/utils"
source = "cloudposse/utils"
version = ">= 1"
}
}
}
71 changes: 53 additions & 18 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -1,43 +1,78 @@
variable "name" {
type = string
#######################
## Standard variables
#######################

default = "efs-csi-driver"
variable "cluster_name" {
description = "Name given to the cluster. Value used for naming some the resources created by the module."
type = string
default = "cluster"
}

variable "source_repository_url" {
type = string

default = "https://github.com/camptocamp/devops-stack-module-efs-csi-driver.git"
variable "argocd_namespace" {
description = "Namespace used by Argo CD where the Application and AppProject resources should be created."
type = string
}

variable "target_revision" {
description = "Override of target revision of the application chart."
type = string
default = "v1.0.0-alpha.2" # x-release-please-version
}
variable "destination_namespace" {
type = string

default = "efs-csi-driver"
variable "helm_values" {
description = "Helm chart value overrides. They should be passed as a list of HCL structures."
type = any
default = []
}

variable "helm_values_overrides" {
type = any
variable "app_autosync" {
description = "Automated sync options for the Argo CD Application resource."
type = object({
allow_empty = optional(bool)
prune = optional(bool)
self_heal = optional(bool)
})
default = {
allow_empty = false
prune = true
self_heal = true
}
}

default = {}
variable "dependency_ids" {
description = "IDs of the other modules on which this module depends on."
type = map(string)
default = {}
}

variable "argocd_namespace" {
type = string
#######################
## Module variables
#######################

variable "name" {
description = "Name used to override the chart name on deployment."
type = string
default = "efs-csi-driver"
}

variable "efs_file_system_id" {
description = "EFS Filesystem ID to use by the CSI driver to create volumes."
type = string
description = "EFS Filesystem ID to use by the CSI driver to create volumes"
}

variable "create_role" {
description = "Boolean to indicate that the OIDC assumable IAM role should be created. **If passing `iam_role_arn` this should be false, otherwise if you want to create the OIDC assumable IAM role provided by this module, you will need to specify the variable `cluster_oidc_issuer_url`.**"
type = bool
}

variable "iam_role_arn" {
description = "ARN of an OIDC assumable IAM role that has access to the EFS filesystem. When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning."
type = string
default = null
}

variable "cluster_oidc_issuer_url" {
description = "Cluster OIDC issuer URL used to create the OIDC assumable IAM role. This variable is required to create a IAM role if you set `create_role` as true."
type = string
default = ""
description = "ARN of an OIDC assumable IAM role that has access to the EFS filesystem (optional). When specified, this is added as an annotation to the EFS CSI driver controller ServiceAccount, to allow the driver to manage EFS access points for dynamic volumes provisioning."
default = "" # Use empty string instead of null because of the replace() that uses this variable.
}

0 comments on commit ffc6119

Please sign in to comment.