Skip to content

chasezheng/terraform-aws-secrets-store-csi

BranchesTags
 
 

Repository files navigation

Terraform Modules Template

Requirements

Name Version
terraform >= 1.0
aws >= 4.18
helm >= 2.5
http >= 2.2.0
kubernetes >= 2.11

Providers

Name Version
aws >= 4.18
helm >= 2.5
http >= 2.2.0
kubernetes >= 2.11

Modules

Name Source Version
secrets_manager_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks ~> 4.21.1

Resources

Name Type
helm_release.release resource
kubernetes_manifest.ascp resource
aws_caller_identity.current data source
aws_region.current data source
http_http.ascp_manifest data source

Inputs

Name Description Type Default Required
ascp_manifest_url ASCP YAML file in the GitHub repo deployment directory string "https://raw.githubusercontent.com/aws/secrets-store-csi-driver-provider-aws/main/deployment/aws-provider-installer.yaml" no
chart_name Helm chart name to provision string "secrets-store-csi-driver" no
chart_namespace Namespace to install the chart into string "kube-system" no
chart_repository Helm repository for the chart string "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" no
chart_timeout Timeout to wait for the Chart to be deployed. number 300 no
chart_version Version of Chart to install. Set to empty to install the latest version string "1.1.2" no
cluster_name Name of Kubernetes Cluster string n/a yes
create_default_irsa Create default IRSA for service account bool true no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no
iam_role_description Description for IAM role for controller string "Used by AWS Load Balancer Controller for EKS" no
iam_role_name Name of IAM role for controller string "" no
iam_role_path IAM Role path for controller string "" no
iam_role_permission_boundary Permission boundary ARN for IAM Role for controller string "" no
iam_role_policy Override the IAM policy for the controller string "" no
iam_role_tags Tags for IAM Role for controller map(string) {} no
image_repository Image repository on Dockerhub string "k8s.gcr.io/csi-secrets-store/driver" no
image_tag Image tag string "v1.1.2" no
max_history Max History for Helm number 20 no
namespace Kubernetes namespace, where the service account want to create string "default" no
oidc_provider_arn OIDC Provider ARN for IRSA string n/a yes
region The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example. string "" no
release_name Helm release name string "secrets-store-csi-driver" no
resources_driver Driver Resources map(any) 
{
  "limits": {
    "cpu": "200m",
    "memory": "200Mi"
  },
  "requests": {
    "cpu": "200m",
    "memory": "200Mi"
  }
}
 no
resources_liveness LivenessProbe Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "100m",
    "memory": "100Mi"
  }
}
 no
resources_registrar Registrar Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "100m",
    "memory": "100Mi"
  }
}
 no
service_account_name Name of service account to create. Not generated string "csi-secrets-store-provider-aws" no

Outputs

Name Description
iam_role_arn ARN of IAM role
iam_role_name Name of IAM role
iam_role_path Path of IAM role
iam_role_unique_id Unique ID of IAM role

About

Module to install secrets-store csi driver and aws secrets-store provider

registry.terraform.io/modules/SPHTech-Platform/secrets-store-csi/aws/latest

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • HCL 100.0%