From 769ef7de3c6264492a2ac7691e99180f00f468cf Mon Sep 17 00:00:00 2001
From: Himanshu Ahirwar <83774016+h1manshu98@users.noreply.github.com>
Date: Mon, 28 Aug 2023 20:45:17 +0530
Subject: [PATCH] feat: extra_configs for istio-ingress, custom release_name
for addons (#22)
---
README.md | 13 +
.../basic/config/calico-tigera-values.yaml | 11 -
.../external-secret/external-secret.yaml | 18 -
.../config/external-secret/secret-store.yaml | 14 -
.../basic/config/external-secret/usage.yaml | 23 -
_examples/basic/config/istio/gateway.yaml | 16 -
_examples/basic/config/istio/ingress.yaml | 21 -
.../basic/config/istio/override-values.yaml | 6 -
.../basic/config/istio/virtual-service.yaml | 23 -
_examples/basic/config/kiali/kiali_vs.yaml | 15 -
.../config/override-aws-ebs-csi-driver.yaml | 42 --
.../config/override-aws-efs-csi-driver.yaml | 23 -
...override-aws-load-balancer-controller.yaml | 23 -
...override-aws-node-termination-handler.yaml | 24 -
.../basic/config/override-calico-tigera.yaml | 2 -
.../config/override-cluster-autoscaler.yaml | 24 -
.../basic/config/override-ingress-nginx.yaml | 46 --
.../basic/config/override-karpenter.yaml | 22 -
.../basic/config/override-kubeclarity.yaml | 22 -
.../basic/config/override-metrics-server.yaml | 33 --
_examples/basic/locals.tf | 2 +-
_examples/basic/main.tf | 1 +
_examples/complete/config/istio/gateway.yaml | 4 +-
_examples/complete/config/istio/ingress.yaml | 4 +-
.../config/istio/virtual-service.yaml | 6 +-
.../complete/config/override-fluent-bit.yaml | 84 +++
_examples/complete/locals.tf | 2 +-
_examples/complete/main.tf | 15 +-
_examples/complete/providers.tf | 14 +
_examples/complete/variables.tf | 11 +-
addons/aws-ebs-csi-driver/locals.tf | 2 +-
addons/aws-efs-csi-driver/locals.tf | 2 +-
addons/aws-load-balancer-controller/locals.tf | 2 +-
addons/aws-node-termination-handler/locals.tf | 2 +-
addons/calico-tigera/locals.tf | 2 +-
addons/cluster-autoscaler/locals.tf | 2 +-
addons/external-secrets/locals.tf | 2 +-
addons/fluent-bit/README.md | 20 +
addons/fluent-bit/config/default_values.yaml | 496 ++++++++++++++++++
addons/fluent-bit/data.tf | 6 +
addons/fluent-bit/locals.tf | 48 ++
addons/fluent-bit/main.tf | 76 +++
addons/fluent-bit/outputs.tf | 19 +
addons/fluent-bit/variables.tf | 58 ++
addons/fluent-bit/versions.tf | 10 +
addons/ingress-nginx/locals.tf | 2 +-
.../config/manifest/virtual-service.yaml | 8 +-
addons/istio-ingress/locals.tf | 63 ++-
addons/istio-ingress/main.tf | 18 +-
addons/karpenter/locals.tf | 2 +-
addons/kiali-server/locals.tf | 2 +-
addons/kubeclarity/locals.tf | 2 +-
addons/metrics-server/locals.tf | 2 +-
main.tf | 14 +-
outputs.tf | 34 ++
override_values.tf | 99 ++++
variables.tf | 51 +-
57 files changed, 1117 insertions(+), 491 deletions(-)
delete mode 100644 _examples/basic/config/calico-tigera-values.yaml
delete mode 100644 _examples/basic/config/external-secret/external-secret.yaml
delete mode 100644 _examples/basic/config/external-secret/secret-store.yaml
delete mode 100644 _examples/basic/config/external-secret/usage.yaml
delete mode 100644 _examples/basic/config/istio/gateway.yaml
delete mode 100644 _examples/basic/config/istio/ingress.yaml
delete mode 100644 _examples/basic/config/istio/override-values.yaml
delete mode 100644 _examples/basic/config/istio/virtual-service.yaml
delete mode 100644 _examples/basic/config/kiali/kiali_vs.yaml
delete mode 100644 _examples/basic/config/override-aws-ebs-csi-driver.yaml
delete mode 100644 _examples/basic/config/override-aws-efs-csi-driver.yaml
delete mode 100644 _examples/basic/config/override-aws-load-balancer-controller.yaml
delete mode 100644 _examples/basic/config/override-aws-node-termination-handler.yaml
delete mode 100644 _examples/basic/config/override-calico-tigera.yaml
delete mode 100644 _examples/basic/config/override-cluster-autoscaler.yaml
delete mode 100644 _examples/basic/config/override-ingress-nginx.yaml
delete mode 100644 _examples/basic/config/override-karpenter.yaml
delete mode 100644 _examples/basic/config/override-kubeclarity.yaml
delete mode 100644 _examples/basic/config/override-metrics-server.yaml
create mode 100644 _examples/complete/config/override-fluent-bit.yaml
create mode 100644 addons/fluent-bit/README.md
create mode 100644 addons/fluent-bit/config/default_values.yaml
create mode 100644 addons/fluent-bit/data.tf
create mode 100644 addons/fluent-bit/locals.tf
create mode 100644 addons/fluent-bit/main.tf
create mode 100644 addons/fluent-bit/outputs.tf
create mode 100644 addons/fluent-bit/variables.tf
create mode 100644 addons/fluent-bit/versions.tf
diff --git a/README.md b/README.md
index b21c7f5..37b8c52 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,7 @@
|calico_tigera|False | No |
|istio_ingress|False | No |
|kiali_server|False | No |
+|fluent_bit|False | No |
@@ -74,6 +75,7 @@
|external_secrets_helm_config | [click here](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/override_values.tf#L312-L328) | No |
|ingress_nginx_helm_config | [click here](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/override_values.tf#L337-L380) | No |
|kubeclarity_helm_config | [click here](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/override_values.tf#L389-L410) | No |
+|fluent_bit_helm_config | [click here](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/override_values.tf#L420-L509) | No |
@@ -93,6 +95,7 @@
| external_secrets_extra_configs | No |
| ingress_nginx_extra_configs | No |
| kubeclarity_extra_configs | No |
+| fluent_bit_extra_configs | No |
## Outputs
@@ -101,6 +104,11 @@
| metrics_server_namespace | namespace where metrics-server is deployed |
| metrics_server_chart_version | Chart version of metrics-server addon's helmchart |
| metrics_server_repository | Repository URL of metrics-server helmchart |
+| aws_load_balancer_controller_service_account | ServiceAccount name created by IRSA module for aws-load-balancer-controller|
+| aws_load_balancer_controller_iam_policy | IAM Policy used to create IRSA |
+| aws_load_balancer_controller_namespace | namespace where aws-load-balancer-controller is deployed |
+| aws_load_balancer_controller_chart_version | Chart version of aws-load-balancer-controller addon's helmchart |
+| aws_load_balancer_controller_repository | Repository URL of aws-load-balancer-controller helmchart |
| cluster_autoscaler_service_account | ServiceAccount name created by IRSA module for cluster-autoscaler|
| cluster_autoscaler_iam_policy | IAM Policy used to create IRSA |
| cluster_autoscaler_namespace | namespace where cluster-autoscaler is deployed |
@@ -141,6 +149,11 @@
| kubeclarity_namespace | namespace where kubeclarity is deployed |
| kubeclarity_chart_version | Chart version of kubeclarity addon's helmchart |
| kubeclarity_repository | Repository URL of kubeclarity helmchart |
+| fluent_bit_service_account | ServiceAccount name created by IRSA module for fluent-bit|
+| fluent_bit_iam_policy | IAM Policy used to create IRSA |
+| fluent_bit_namespace | namespace where fluent-bit is deployed |
+| fluent_bit_chart_version | Chart version of fluent-bit addon's helmchart |
+| fluent_bit_repository | Repository URL of fluent-bit helmchart |
## How to Use
diff --git a/_examples/basic/config/calico-tigera-values.yaml b/_examples/basic/config/calico-tigera-values.yaml
deleted file mode 100644
index ca6601b..0000000
--- a/_examples/basic/config/calico-tigera-values.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-installation:
- kubernetesProvider: "EKS"
-
-## Using limits and requests
-resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
\ No newline at end of file
diff --git a/_examples/basic/config/external-secret/external-secret.yaml b/_examples/basic/config/external-secret/external-secret.yaml
deleted file mode 100644
index a614a1f..0000000
--- a/_examples/basic/config/external-secret/external-secret.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: external-secret # -- Provide external secret name
- namespace: kube-system # -- Do not change this namespace field
-spec:
- refreshInterval: 1h
- secretStoreRef:
- name: external-secrets-store # -- Provide previously created secret store name
- kind: SecretStore
- target:
- name: externalsecret-data # -- Name of secret which will contain data specified below
- creationPolicy: Owner
- data:
- - secretKey: do_not_delete_this_key # -- AWS Secret-Manager secret key
- remoteRef:
- key: external_secrets # -- Same as 'externalsecrets_manifest["secret_manager_name"]
- property: do_not_delete_this_key # -- AWS Secret-Manager secret key
\ No newline at end of file
diff --git a/_examples/basic/config/external-secret/secret-store.yaml b/_examples/basic/config/external-secret/secret-store.yaml
deleted file mode 100644
index 95b2ccc..0000000
--- a/_examples/basic/config/external-secret/secret-store.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
- name: external-secrets-store # -- Provide secret store name
- namespace: kube-system # -- Do not change this namespace name
-spec:
- provider:
- aws:
- service: SecretsManager
- region: us-east-1 # -- Provoide your cluster region
- auth:
- jwt:
- serviceAccountRef:
- name: external-secrets-sa # -- Do not change this name field
\ No newline at end of file
diff --git a/_examples/basic/config/external-secret/usage.yaml b/_examples/basic/config/external-secret/usage.yaml
deleted file mode 100644
index e6f2676..0000000
--- a/_examples/basic/config/external-secret/usage.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: ubuntu-pod
- namespace: kube-system # -- keep this namespace same as ExternalSecret namespace
- labels:
- app: ubuntu-pod
-spec:
- containers:
- - image: ubuntu
- command:
- - "sleep"
- - "604800"
- imagePullPolicy: IfNotPresent
- name: ubuntu-pod
- env:
- - name: USER_1 # -- Environment variable of pod
- valueFrom:
- secretKeyRef:
- name: externalsecret-data # -- kubernetes secret name
- key: do_not_delete_this_key # -- Same as spec.data.secretKey field of ExternalSecret
- optional: false
- restartPolicy: Always
\ No newline at end of file
diff --git a/_examples/basic/config/istio/gateway.yaml b/_examples/basic/config/istio/gateway.yaml
deleted file mode 100644
index 5e3f962..0000000
--- a/_examples/basic/config/istio/gateway.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
- name: istio-gateway
- namespace: istio-system
-spec:
- selector:
- istio: ingressgateway
- servers:
- - hosts:
- - "*.test.clouddrove.com"
- - "test.clouddrove.com"
- port:
- number: 80
- name: http
- protocol: HTTP
diff --git a/_examples/basic/config/istio/ingress.yaml b/_examples/basic/config/istio/ingress.yaml
deleted file mode 100644
index b38d26a..0000000
--- a/_examples/basic/config/istio/ingress.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: istio-ingress
- namespace: istio-system
- annotations:
- kubernetes.io/ingress.class: alb
- alb.ingress.kubernetes.io/scheme: internet-facing
- alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
-spec:
- rules:
- - http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: istio-ingressgateway
- port:
- number: 80
\ No newline at end of file
diff --git a/_examples/basic/config/istio/override-values.yaml b/_examples/basic/config/istio/override-values.yaml
deleted file mode 100644
index 07396c6..0000000
--- a/_examples/basic/config/istio/override-values.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-global:
- defaultNodeSelector:
- "eks.amazonaws.com/nodegroup" : "critical"
-
-service:
- type: NodePort
\ No newline at end of file
diff --git a/_examples/basic/config/istio/virtual-service.yaml b/_examples/basic/config/istio/virtual-service.yaml
deleted file mode 100644
index 1524769..0000000
--- a/_examples/basic/config/istio/virtual-service.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
- annotations:
- meta.helm.sh/release-name: appname
- meta.helm.sh/release-namespace: istio-system
- generation: 1
- labels:
- app.kubernetes.io/instance: appname
- app.kubernetes.io/name: appname
- name: appname
- namespace: istio-system
-spec:
- gateways:
- - istio-system/istio-gateway
- hosts:
- - test.clouddrove.com
- http:
- - route:
- - destination:
- host: appname
- port:
- number: 80
diff --git a/_examples/basic/config/kiali/kiali_vs.yaml b/_examples/basic/config/kiali/kiali_vs.yaml
deleted file mode 100644
index 4482b16..0000000
--- a/_examples/basic/config/kiali/kiali_vs.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
- name: kiali
-spec:
- hosts:
- - dash.test.clouddrove.com
- gateways:
- - istio-system/istio-gateway
- http:
- - route:
- - destination:
- host: kiali
- port:
- number: 20001
\ No newline at end of file
diff --git a/_examples/basic/config/override-aws-ebs-csi-driver.yaml b/_examples/basic/config/override-aws-ebs-csi-driver.yaml
deleted file mode 100644
index b278543..0000000
--- a/_examples/basic/config/override-aws-ebs-csi-driver.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-controller:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
- ## Using limits and requests
- resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-node:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
- ## Using limits and requests
- resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-aws-efs-csi-driver.yaml b/_examples/basic/config/override-aws-efs-csi-driver.yaml
deleted file mode 100644
index 0a124c6..0000000
--- a/_examples/basic/config/override-aws-efs-csi-driver.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-## Using limits and requests
-resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-aws-load-balancer-controller.yaml b/_examples/basic/config/override-aws-load-balancer-controller.yaml
deleted file mode 100644
index 0a124c6..0000000
--- a/_examples/basic/config/override-aws-load-balancer-controller.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-## Using limits and requests
-resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-aws-node-termination-handler.yaml b/_examples/basic/config/override-aws-node-termination-handler.yaml
deleted file mode 100644
index bba530b..0000000
--- a/_examples/basic/config/override-aws-node-termination-handler.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-## Using limits and requests
-
-resources:
- limits:
- cpu: 200m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-calico-tigera.yaml b/_examples/basic/config/override-calico-tigera.yaml
deleted file mode 100644
index 34aa973..0000000
--- a/_examples/basic/config/override-calico-tigera.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-installation:
- kubernetesProvider: "EKS"
\ No newline at end of file
diff --git a/_examples/basic/config/override-cluster-autoscaler.yaml b/_examples/basic/config/override-cluster-autoscaler.yaml
deleted file mode 100644
index 38a7302..0000000
--- a/_examples/basic/config/override-cluster-autoscaler.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-
-## Using limits and requests
-resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-ingress-nginx.yaml b/_examples/basic/config/override-ingress-nginx.yaml
deleted file mode 100644
index 168610a..0000000
--- a/_examples/basic/config/override-ingress-nginx.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-
-## Using limits and requests
-
-resources:
- limits:
- cpu: 150m
- memory: 150Mi
- requests:
- cpu: 100m
- memory: 90Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
-
-## Override values for ingress nginx
-
-controller:
- service:
- annotations:
- kubernetes.io/ingress.class: nginx
- service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
- service.beta.kubernetes.io/aws-load-balancer-type: nlb
- service.beta.kubernetes.io/aws-load-balancer-external: "true"
- external:
- enabled: true
- internal:
- enabled: true
- annotations:
- kubernetes.io/ingress.class: nginx
- service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
- service.beta.kubernetes.io/aws-load-balancer-type: nlb
- service.beta.kubernetes.io/aws-load-balancer-internal: "true"
\ No newline at end of file
diff --git a/_examples/basic/config/override-karpenter.yaml b/_examples/basic/config/override-karpenter.yaml
deleted file mode 100644
index 4eda255..0000000
--- a/_examples/basic/config/override-karpenter.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-## Using limits and requests
-resources:
- limits:
- cpu: 300m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/config/override-kubeclarity.yaml b/_examples/basic/config/override-kubeclarity.yaml
deleted file mode 100644
index 8c32d13..0000000
--- a/_examples/basic/config/override-kubeclarity.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-## Using limits and requests
-kubeclarity:
- resources:
- limits:
- memory: "500Mi"
- cpu: "200m"
- requests:
- memory: "200Mi"
- cpu: "100m"
-
- podAnnotations:
- co.elastic.logs/enabled: "true"
-
-
-# Be careful when using ingress. As there is no authentication on Kubeclarity yet, your instance may be accessible.
-# Make sure the ingress remains internal if you decide to enable it.
- service:
- type: LoadBalancer
- port: 80
- annotations:
- service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
- service.beta.kubernetes.io/aws-load-balancer-name: "kubeclarity"
\ No newline at end of file
diff --git a/_examples/basic/config/override-metrics-server.yaml b/_examples/basic/config/override-metrics-server.yaml
deleted file mode 100644
index 7d0199f..0000000
--- a/_examples/basic/config/override-metrics-server.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
-affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "eks.amazonaws.com/nodegroup"
- operator: In
- values:
- - "critical"
-
-## Particular args to be passed in deployment
-
-extraArgs:
- - --kubelet-preferred-address-types=InternalIP
- - --v=2
-
-apiService:
- create: true
-
-## Using limits and requests
-
-resources:
- limits:
- cpu: 200m
- memory: 250Mi
- requests:
- cpu: 50m
- memory: 150Mi
-
-podAnnotations:
- co.elastic.logs/enabled: "true"
diff --git a/_examples/basic/locals.tf b/_examples/basic/locals.tf
index 69d025d..e0fb2c9 100644
--- a/_examples/basic/locals.tf
+++ b/_examples/basic/locals.tf
@@ -1,7 +1,7 @@
locals {
- name = "tf-helm-addons"
+ name = "helm-addons"
environment = "test"
region = "us-east-1"
diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf
index 75543d4..d10c5b8 100644
--- a/_examples/basic/main.tf
+++ b/_examples/basic/main.tf
@@ -204,6 +204,7 @@ module "addons" {
calico_tigera = false
kubeclarity = true
ingress_nginx = true
+ fluent_bit = true
# -- Addons with mandatory variable
istio_ingress = true
diff --git a/_examples/complete/config/istio/gateway.yaml b/_examples/complete/config/istio/gateway.yaml
index 17a3173..7835154 100644
--- a/_examples/complete/config/istio/gateway.yaml
+++ b/_examples/complete/config/istio/gateway.yaml
@@ -3,10 +3,10 @@ apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-gateway
- namespace: istio
+ namespace: istio-system
spec:
selector:
- istio: ingressgateway
+ istio: ingress
servers:
- hosts:
- "*.test.clouddrove.com"
diff --git a/_examples/complete/config/istio/ingress.yaml b/_examples/complete/config/istio/ingress.yaml
index 82e5a53..34a6f0a 100644
--- a/_examples/complete/config/istio/ingress.yaml
+++ b/_examples/complete/config/istio/ingress.yaml
@@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: istio-ingress
- namespace: istio
+ namespace: istio-system
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
@@ -16,6 +16,6 @@ spec:
pathType: Prefix
backend:
service:
- name: istio-ingressgateway
+ name: istio-ingress
port:
number: 80
\ No newline at end of file
diff --git a/_examples/complete/config/istio/virtual-service.yaml b/_examples/complete/config/istio/virtual-service.yaml
index 8587bed..78c38f3 100644
--- a/_examples/complete/config/istio/virtual-service.yaml
+++ b/_examples/complete/config/istio/virtual-service.yaml
@@ -7,16 +7,16 @@ kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: appname
- meta.helm.sh/release-namespace: istio-system
+ meta.helm.sh/release-namespace: default
generation: 1
labels:
app.kubernetes.io/instance: appname
app.kubernetes.io/name: appname
name: appname
- namespace: istio-system
+ namespace: default
spec:
gateways:
- - istio/istio-gateway
+ - istio-system/istio-gateway
hosts:
- test.clouddrove.com
http:
diff --git a/_examples/complete/config/override-fluent-bit.yaml b/_examples/complete/config/override-fluent-bit.yaml
new file mode 100644
index 0000000..533cbd0
--- /dev/null
+++ b/_examples/complete/config/override-fluent-bit.yaml
@@ -0,0 +1,84 @@
+## -- Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "eks.amazonaws.com/nodegroup"
+ operator: In
+ values:
+ - "critical"
+
+
+## -- Using limits and requests
+resources:
+ limits:
+ cpu: 150m
+ memory: 150Mi
+ requests:
+ cpu: 100m
+ memory: 90Mi
+
+podAnnotations:
+ co.elastic.logs/enabled: "true"
+
+
+# -- Configuration to use Amazon CloudWatch LogGroup for logs having word `application` in it.
+config:
+ service: |
+ [SERVICE]
+ Flush 5
+ Grace 30
+ Log_Level info
+ Daemon off
+ Parsers_File parsers.conf
+ HTTP_Server On
+ HTTP_Listen 0.0.0.0
+ HTTP_Port {{ .Values.metricsPort }}
+ storage.path /var/fluent-bit/state/flb-storage/
+ storage.sync normal
+ storage.checksum off
+ storage.backlog.mem_limit 5M
+
+ inputs: |
+ [INPUT]
+ Name tail
+ Tag application.*
+ Path /var/log/containers/*.log
+ multiline.parser docker, cri
+ Mem_Buf_Limit 50MB
+ Skip_Long_Lines On
+
+ [INPUT]
+ Name tail
+ Tag application.*
+ Path /var/log/containers/fluent-bit*
+ multiline.parser docker, cri
+ Mem_Buf_Limit 5MB
+ Skip_Long_Lines On
+
+ [INPUT]
+ Name tail
+ Tag application.*
+ Path /var/log/containers/cloudwatch-agent*
+ multiline.parser docker, cri
+ Mem_Buf_Limit 5MB
+ Skip_Long_Lines On
+
+ filters: |
+ [FILTER]
+ Name kubernetes
+ Match application.*
+ Merge_Log On
+ K8S-Logging.Parser On
+ K8S-Logging.Exclude On
+
+ outputs: |
+ [OUTPUT]
+ Name cloudwatch_logs
+ Match application.*
+ region {{ .Values.eks_configs.region }}
+ log_group_name /aws/containerinsights/{{ .Values.eks_configs.cluster_name }}/application
+ auto_create_group true
+ extra_user_agent container-insights
+ log_stream_prefix eks-
\ No newline at end of file
diff --git a/_examples/complete/locals.tf b/_examples/complete/locals.tf
index ee4896d..e0fb2c9 100644
--- a/_examples/complete/locals.tf
+++ b/_examples/complete/locals.tf
@@ -1,7 +1,7 @@
locals {
- name = "tf-helm-eks-addons"
+ name = "helm-addons"
environment = "test"
region = "us-east-1"
diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf
index d020252..d803b29 100644
--- a/_examples/complete/main.tf
+++ b/_examples/complete/main.tf
@@ -41,13 +41,6 @@ data "aws_security_group" "default" {
###############################################################################
# AWS EKS
###############################################################################
-data "aws_eks_cluster" "eks_cluster" {
- # this makes downstream resources wait for data plane to be ready
- name = module.eks.cluster_name
- depends_on = [
- module.eks.cluster_id
- ]
-}
module "eks" {
source = "terraform-aws-modules/eks/aws"
@@ -126,9 +119,6 @@ module "eks" {
################################################################################
# EKS Supporting Resources
################################################################################
-data "aws_caller_identity" "current" {}
-data "aws_availability_zones" "available" {}
-
module "vpc_cni_irsa" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
version = "~> 5.0"
@@ -204,9 +194,10 @@ module "addons" {
calico_tigera = false
kubeclarity = true
ingress_nginx = true
+ fluent_bit = true
# -- Addons with mandatory variable
- istio_ingress = true
+ istio_ingress = false
istio_manifests = var.istio_manifests
kiali_server = true
kiali_manifests = var.kiali_manifests
@@ -227,6 +218,7 @@ module "addons" {
external_secrets_helm_config = { values = ["${file("./config/external-secret/override-values.yaml")}"] }
ingress_nginx_helm_config = { values = ["${file("./config/override-ingress-nginx.yaml")}"] }
kubeclarity_helm_config = { values = ["${file("./config/override-kubeclarity.yaml")}"] }
+ fluent_bit_helm_config = { values = ["${file("./config/override-fluent-bit.yaml")}"] }
# -- Override Helm Release attributes
metrics_server_extra_configs = var.metrics_server_extra_configs
@@ -242,6 +234,7 @@ module "addons" {
external_secrets_extra_configs = var.external_secrets_extra_configs
ingress_nginx_extra_configs = var.ingress_nginx_extra_configs
kubeclarity_extra_configs = var.kubeclarity_extra_configs
+ fluent_bit_extra_configs = var.fluent_bit_extra_configs
# -- Custom IAM Policy Json Content or Json file path
cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json")
diff --git a/_examples/complete/providers.tf b/_examples/complete/providers.tf
index fc45e62..f6d47e0 100644
--- a/_examples/complete/providers.tf
+++ b/_examples/complete/providers.tf
@@ -1,3 +1,7 @@
+# ------------------------------------------------------------------------------
+# Providers
+# ------------------------------------------------------------------------------
+
provider "aws" {
region = local.region
}
@@ -22,6 +26,16 @@ provider "kubectl" {
token = join("", data.aws_eks_cluster_auth.eks_cluster.*.token)
}
+# ------------------------------------------------------------------------------
+# Data
+# ------------------------------------------------------------------------------
+
data "aws_eks_cluster_auth" "eks_cluster" {
name = data.aws_eks_cluster.eks_cluster.id
}
+data "aws_eks_cluster" "eks_cluster" {
+ name = module.eks.cluster_name
+ depends_on = [module.eks.cluster_id]
+}
+data "aws_caller_identity" "current" {}
+data "aws_availability_zones" "available" {}
\ No newline at end of file
diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf
index a691fc1..e244afe 100644
--- a/_examples/complete/variables.tf
+++ b/_examples/complete/variables.tf
@@ -114,7 +114,8 @@ variable "calico_tigera_extra_configs" {
variable "istio_ingress_extra_configs" {
type = any
default = {
- namespace = "istio"
+ name = "istio-ingress"
+ namespace = "istio-system"
create_namespace = true
}
}
@@ -138,3 +139,11 @@ variable "kubeclarity_extra_configs" {
type = any
default = {}
}
+
+variable "fluent_bit_extra_configs" {
+ type = any
+ default = {
+ atomic = true
+ timeout = 300
+ }
+}
\ No newline at end of file
diff --git a/addons/aws-ebs-csi-driver/locals.tf b/addons/aws-ebs-csi-driver/locals.tf
index 2f5aa4e..11f26e2 100644
--- a/addons/aws-ebs-csi-driver/locals.tf
+++ b/addons/aws-ebs-csi-driver/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "aws-ebs-csi-driver"
default_helm_config = {
- name = local.name
+ name = try(var.aws_ebs_csi_driver_extra_configs.name, local.name)
chart = try(var.aws_ebs_csi_driver_extra_configs.chart, local.name)
repository = try(var.aws_ebs_csi_driver_extra_configs.repository, "https://kubernetes-sigs.github.io/aws-ebs-csi-driver")
version = try(var.aws_ebs_csi_driver_extra_configs.version, "2.20.0")
diff --git a/addons/aws-efs-csi-driver/locals.tf b/addons/aws-efs-csi-driver/locals.tf
index b023ba3..244e3ff 100644
--- a/addons/aws-efs-csi-driver/locals.tf
+++ b/addons/aws-efs-csi-driver/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "aws-efs-csi-driver"
default_helm_config = {
- name = local.name
+ name = try(var.aws_efs_csi_driver_extra_configs.name, local.name)
chart = try(var.aws_efs_csi_driver_extra_configs.chart, local.name)
repository = try(var.aws_efs_csi_driver_extra_configs.repository, "https://kubernetes-sigs.github.io/aws-efs-csi-driver/")
version = try(var.aws_efs_csi_driver_extra_configs.version, "2.4.4")
diff --git a/addons/aws-load-balancer-controller/locals.tf b/addons/aws-load-balancer-controller/locals.tf
index 5a0a551..0fb6026 100644
--- a/addons/aws-load-balancer-controller/locals.tf
+++ b/addons/aws-load-balancer-controller/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "aws-load-balancer-controller"
default_helm_config = {
- name = local.name
+ name = try(var.aws_load_balancer_controller_extra_configs.name, local.name)
chart = try(var.aws_load_balancer_controller_extra_configs.chart, local.name)
repository = try(var.aws_load_balancer_controller_extra_configs.repository, "https://aws.github.io/eks-charts")
version = try(var.aws_load_balancer_controller_extra_configs.version, "1.5.3")
diff --git a/addons/aws-node-termination-handler/locals.tf b/addons/aws-node-termination-handler/locals.tf
index 99df1b9..0e825b7 100644
--- a/addons/aws-node-termination-handler/locals.tf
+++ b/addons/aws-node-termination-handler/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "aws-node-termination-handler"
default_helm_config = {
- name = local.name
+ name = try(var.aws_node_termination_handler_extra_configs.name, local.name)
chart = try(var.aws_node_termination_handler_extra_configs.chart, local.name)
repository = try(var.aws_node_termination_handler_extra_configs.repository, "https://aws.github.io/eks-charts/")
version = try(var.aws_node_termination_handler_extra_configs.version, "0.21.0")
diff --git a/addons/calico-tigera/locals.tf b/addons/calico-tigera/locals.tf
index 12ecf17..a494723 100644
--- a/addons/calico-tigera/locals.tf
+++ b/addons/calico-tigera/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "tigera-operator"
default_helm_config = {
- name = local.name
+ name = try(var.calico_tigera_extra_configs.name, local.name)
chart = try(var.calico_tigera_extra_configs.chart, local.name)
repository = try(var.calico_tigera_extra_configs.repository, "https://docs.tigera.io/calico/charts")
version = try(var.calico_tigera_extra_configs.version, "v3.26.1")
diff --git a/addons/cluster-autoscaler/locals.tf b/addons/cluster-autoscaler/locals.tf
index 01c491c..fe5f999 100644
--- a/addons/cluster-autoscaler/locals.tf
+++ b/addons/cluster-autoscaler/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "cluster-autoscaler"
default_helm_config = {
- name = local.name
+ name = try(var.cluster_autoscaler_extra_configs.name, local.name)
chart = try(var.cluster_autoscaler_extra_configs.chart, local.name)
repository = try(var.cluster_autoscaler_extra_configs.repository, "https://kubernetes.github.io/autoscaler")
version = try(var.cluster_autoscaler_extra_configs.version, "9.29.0")
diff --git a/addons/external-secrets/locals.tf b/addons/external-secrets/locals.tf
index 94e3083..856841f 100644
--- a/addons/external-secrets/locals.tf
+++ b/addons/external-secrets/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "external-secrets"
default_helm_config = {
- name = local.name
+ name = try(var.external_secrets_extra_configs.name, local.name)
chart = try(var.external_secrets_extra_configs.chart, local.name)
repository = try(var.external_secrets_extra_configs.repository, "https://charts.external-secrets.io/")
version = try(var.external_secrets_extra_configs.version, "0.9.2")
diff --git a/addons/fluent-bit/README.md b/addons/fluent-bit/README.md
new file mode 100644
index 0000000..c724d16
--- /dev/null
+++ b/addons/fluent-bit/README.md
@@ -0,0 +1,20 @@
+# FluentBit Helm Chart
+
+
+
+Fluent Bit is a lightweight log processor and forwarder that you use to collect container logs in Amazon CloudWatch.
+
+## Installation
+Below terraform script shows how to use FluentBit Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
+```bash
+module "addons" {
+ source = "clouddrove/eks-addons/aws"
+ version = "0.0.4"
+
+ depends_on = [module.eks.cluster_id]
+ eks_cluster_name = module.eks.cluster_name
+
+ fluent_bit = true
+}
+```
+
diff --git a/addons/fluent-bit/config/default_values.yaml b/addons/fluent-bit/config/default_values.yaml
new file mode 100644
index 0000000..05eb814
--- /dev/null
+++ b/addons/fluent-bit/config/default_values.yaml
@@ -0,0 +1,496 @@
+# Default values for fluent-bit.
+
+# kind -- DaemonSet or Deployment
+kind: DaemonSet
+
+# replicaCount -- Only applicable if kind=Deployment
+replicaCount: 1
+
+image:
+ repository: cr.fluentbit.io/fluent/fluent-bit
+ # Overrides the image tag whose default is {{ .Chart.AppVersion }}
+ # Set to "-" to not use the default value
+ tag:
+ digest:
+ pullPolicy: Always
+
+testFramework:
+ enabled: true
+ namespace:
+ image:
+ repository: busybox
+ pullPolicy: Always
+ tag: latest
+ digest:
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ create: true
+ annotations: {}
+ name:
+
+rbac:
+ create: true
+ nodeAccess: false
+ eventsAccess: false
+
+# Configure podsecuritypolicy
+# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+# from Kubernetes 1.25, PSP is deprecated
+# See: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes
+# We automatically disable PSP if Kubernetes version is 1.25 or higher
+podSecurityPolicy:
+ create: false
+ annotations: {}
+
+# OpenShift-specific configuration
+openShift:
+ enabled: false
+ securityContextConstraints:
+ # Create SCC for Fluent-bit and allow use it
+ create: true
+ name: ""
+ annotations: {}
+ # Use existing SCC in cluster, rather then create new one
+ existingName: ""
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+hostNetwork: false
+dnsPolicy: ClusterFirst
+
+dnsConfig: {}
+# nameservers:
+# - 1.2.3.4
+# searches:
+# - ns1.svc.cluster-domain.example
+# - my.dns.search.suffix
+# options:
+# - name: ndots
+# value: "2"
+# - name: edns0
+
+hostAliases: []
+# - ip: "1.2.3.4"
+# hostnames:
+# - "foo.local"
+# - "bar.local"
+
+securityContext: {}
+# capabilities:
+# drop:
+# - ALL
+# readOnlyRootFilesystem: true
+# runAsNonRoot: true
+# runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: 2020
+ loadBalancerClass:
+ loadBalancerSourceRanges: []
+ labels: {}
+ # nodePort: 30020
+ # clusterIP: 172.16.10.1
+ annotations: {}
+# prometheus.io/path: "/api/v1/metrics/prometheus"
+# prometheus.io/port: "2020"
+# prometheus.io/scrape: "true"
+
+serviceMonitor:
+ enabled: false
+ # namespace: monitoring
+ # interval: 10s
+ # scrapeTimeout: 10s
+ # selector:
+ # prometheus: my-prometheus
+ # ## metric relabel configs to apply to samples before ingestion.
+ # ##
+ # metricRelabelings:
+ # - sourceLabels: [__meta_kubernetes_service_label_cluster]
+ # targetLabel: cluster
+ # regex: (.*)
+ # replacement: ${1}
+ # action: replace
+ # ## relabel configs to apply to samples after ingestion.
+ # ##
+ # relabelings:
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+ # scheme: ""
+ # tlsConfig: {}
+
+ ## Beare in mind if youn want to collec metrics from a different port
+ ## you will need to configure the new ports on the extraPorts property.
+ additionalEndpoints: []
+ # - port: metrics
+ # path: /metrics
+ # interval: 10s
+ # scrapeTimeout: 10s
+ # scheme: ""
+ # tlsConfig: {}
+ # # metric relabel configs to apply to samples before ingestion.
+ # #
+ # metricRelabelings:
+ # - sourceLabels: [__meta_kubernetes_service_label_cluster]
+ # targetLabel: cluster
+ # regex: (.*)
+ # replacement: ${1}
+ # action: replace
+ # # relabel configs to apply to samples after ingestion.
+ # #
+ # relabelings:
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+prometheusRule:
+ enabled: false
+# namespace: ""
+# additionalLabels: {}
+# rules:
+# - alert: NoOutputBytesProcessed
+# expr: rate(fluentbit_output_proc_bytes_total[5m]) == 0
+# annotations:
+# message: |
+# Fluent Bit instance {{ $labels.instance }}'s output plugin {{ $labels.name }} has not processed any
+# bytes for at least 15 minutes.
+# summary: No Output Bytes Processed
+# for: 15m
+# labels:
+# severity: critical
+
+dashboards:
+ enabled: false
+ labelKey: grafana_dashboard
+ labelValue: 1
+ annotations: {}
+ namespace: ""
+
+lifecycle: {}
+# preStop:
+# exec:
+# command: ["/bin/sh", "-c", "sleep 20"]
+
+livenessProbe:
+ httpGet:
+ path: /
+ port: http
+
+readinessProbe:
+ httpGet:
+ path: /api/v1/health
+ port: http
+
+resources: {}
+# limits:
+# cpu: 100m
+# memory: 128Mi
+# requests:
+# cpu: 100m
+# memory: 128Mi
+
+## only available if kind is Deployment
+ingress:
+ enabled: false
+ ingressClassName: ""
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts: []
+ # - host: fluent-bit.example.tld
+ extraHosts: []
+ # - host: fluent-bit-extra.example.tld
+ ## specify extraPort number
+ # port: 5170
+ tls: []
+ # - secretName: fluent-bit-example-tld
+ # hosts:
+ # - fluent-bit.example.tld
+
+## only available if kind is Deployment
+autoscaling:
+ vpa:
+ enabled: false
+
+ annotations: {}
+
+ # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+ controlledResources: []
+
+ # Define the max allowed resources for the pod
+ maxAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+ # Define the min allowed resources for the pod
+ minAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+
+ updatePolicy:
+ # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+ # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+ updateMode: Auto
+
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 75
+ # targetMemoryUtilizationPercentage: 75
+ ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
+ customRules: []
+ # - type: Pods
+ # pods:
+ # metric:
+ # name: packets-per-second
+ # target:
+ # type: AverageValue
+ # averageValue: 1k
+ ## see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior
+ behavior: {}
+# scaleDown:
+# policies:
+# - type: Pods
+# value: 4
+# periodSeconds: 60
+# - type: Percent
+# value: 10
+# periodSeconds: 60
+
+## only available if kind is Deployment
+podDisruptionBudget:
+ enabled: false
+ annotations: {}
+ maxUnavailable: "30%"
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+labels: {}
+
+annotations: {}
+
+podAnnotations: {}
+
+podLabels: {}
+
+## How long (in seconds) a pods needs to be stable before progressing the deployment
+##
+minReadySeconds:
+
+## How long (in seconds) a pod may take to exit (useful with lifecycle hooks to ensure lb deregistration is done)
+##
+terminationGracePeriodSeconds:
+
+priorityClassName: ""
+
+env: []
+# - name: FOO
+# value: "bar"
+
+# The envWithTpl array below has the same usage as "env", but is using the tpl function to support templatable string.
+# This can be useful when you want to pass dynamic values to the Chart using the helm argument "--set ="
+# https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
+envWithTpl: []
+# - name: FOO_2
+# value: "{{ .Values.foo2 }}"
+#
+# foo2: bar2
+
+envFrom: []
+
+extraContainers: []
+# - name: do-something
+# image: busybox
+# command: ['do', 'something']
+
+flush: 1
+
+metricsPort: 2020
+
+extraPorts: []
+# - port: 5170
+# containerPort: 5170
+# protocol: TCP
+# name: tcp
+# nodePort: 30517
+
+extraVolumes: []
+
+extraVolumeMounts: []
+
+updateStrategy: {}
+# type: RollingUpdate
+# rollingUpdate:
+# maxUnavailable: 1
+
+# Make use of a pre-defined configmap instead of the one templated here
+existingConfigMap: ""
+
+networkPolicy:
+ enabled: false
+# ingress:
+# from: []
+
+luaScripts: {}
+
+## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file
+config:
+ service: |
+ [SERVICE]
+ Daemon Off
+ Flush {{ .Values.flush }}
+ Log_Level {{ .Values.logLevel }}
+ Parsers_File /fluent-bit/etc/parsers.conf
+ Parsers_File /fluent-bit/etc/conf/custom_parsers.conf
+ HTTP_Server On
+ HTTP_Listen 0.0.0.0
+ HTTP_Port {{ .Values.metricsPort }}
+ Health_Check On
+
+ ## https://docs.fluentbit.io/manual/pipeline/inputs
+ inputs: |
+ [INPUT]
+ Name tail
+ Tag kube.*
+ Path /var/log/containers/*.log
+ multiline.parser docker, cri
+ Mem_Buf_Limit 5MB
+ Skip_Long_Lines On
+
+ [INPUT]
+ Name systemd
+ Tag host.*
+ Systemd_Filter _SYSTEMD_UNIT=kubelet.service
+ Read_From_Tail On
+
+ ## https://docs.fluentbit.io/manual/pipeline/filters
+ filters: |
+ [FILTER]
+ Name kubernetes
+ Match kube.*
+ Merge_Log On
+ Keep_Log Off
+ K8S-Logging.Parser On
+ K8S-Logging.Exclude On
+
+ ## https://docs.fluentbit.io/manual/pipeline/outputs
+ outputs: |
+ [OUTPUT]
+ Name es
+ Match kube.*
+ Host elasticsearch-master
+ Logstash_Format On
+ Retry_Limit False
+
+ [OUTPUT]
+ Name es
+ Match host.*
+ Host elasticsearch-master
+ Logstash_Format On
+ Logstash_Prefix node
+ Retry_Limit False
+
+ ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/upstream-servers
+ ## This configuration is deprecated, please use `extraFiles` instead.
+ upstream: {}
+
+ ## https://docs.fluentbit.io/manual/pipeline/parsers
+ customParsers: |
+ [PARSER]
+ Name docker_no_time
+ Format json
+ Time_Keep Off
+ Time_Key time
+ Time_Format %Y-%m-%dT%H:%M:%S.%L
+
+ # This allows adding more files with arbitary filenames to /fluent-bit/etc/conf by providing key/value pairs.
+ # The key becomes the filename, the value becomes the file content.
+ extraFiles: {}
+# upstream.conf: |
+# [UPSTREAM]
+# upstream1
+#
+# [NODE]
+# name node-1
+# host 127.0.0.1
+# port 43000
+# example.conf: |
+# [OUTPUT]
+# Name example
+# Match foo.*
+# Host bar
+
+# The config volume is mounted by default, either to the existingConfigMap value, or the default of "fluent-bit.fullname"
+volumeMounts:
+ - name: config
+ mountPath: /fluent-bit/etc/conf
+
+daemonSetVolumes:
+ - name: varlog
+ hostPath:
+ path: /var/log
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: etcmachineid
+ hostPath:
+ path: /etc/machine-id
+ type: File
+
+daemonSetVolumeMounts:
+ - name: varlog
+ mountPath: /var/log
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ - name: etcmachineid
+ mountPath: /etc/machine-id
+ readOnly: true
+
+command:
+ - /fluent-bit/bin/fluent-bit
+
+args:
+ - --workdir=/fluent-bit/etc
+ - --config=/fluent-bit/etc/conf/fluent-bit.conf
+
+# This supports either a structured array or a templatable string
+initContainers: []
+
+# Array mode
+# initContainers:
+# - name: do-something
+# image: bitnami/kubectl:1.22
+# command: ['kubectl', 'version']
+
+# String mode
+# initContainers: |-
+# - name: do-something
+# image: bitnami/kubectl:{{ .Capabilities.KubeVersion.Major }}.{{ .Capabilities.KubeVersion.Minor }}
+# command: ['kubectl', 'version']
+
+logLevel: info
+
+hotReload:
+ enabled: false
+ image:
+ repository: ghcr.io/jimmidyson/configmap-reload
+ tag: v0.11.1
+ digest:
+ pullPolicy: IfNotPresent
+ resources: {}
\ No newline at end of file
diff --git a/addons/fluent-bit/data.tf b/addons/fluent-bit/data.tf
new file mode 100644
index 0000000..ed47092
--- /dev/null
+++ b/addons/fluent-bit/data.tf
@@ -0,0 +1,6 @@
+data "aws_eks_cluster" "eks_cluster" {
+ # this makes downstream resources wait for data plane to be ready
+ name = var.eks_cluster_name
+}
+
+data "aws_region" "current" {}
\ No newline at end of file
diff --git a/addons/fluent-bit/locals.tf b/addons/fluent-bit/locals.tf
new file mode 100644
index 0000000..e7b77e3
--- /dev/null
+++ b/addons/fluent-bit/locals.tf
@@ -0,0 +1,48 @@
+locals {
+ name = "fluent-bit"
+
+ default_helm_config = {
+ name = try(var.fluent_bit_extra_configs.name, local.name)
+ chart = try(var.fluent_bit_extra_configs.chart, local.name)
+ repository = try(var.fluent_bit_extra_configs.repository, "https://fluent.github.io/helm-charts")
+ version = try(var.fluent_bit_extra_configs.version, "0.37.1")
+ namespace = try(var.fluent_bit_extra_configs.namespace, "amazon-cloudwatch")
+ create_namespace = try(var.fluent_bit_extra_configs.create_namespace, true)
+ description = "FluentBit helm Chart deployment configuration"
+ timeout = try(var.fluent_bit_extra_configs.timeout, "600")
+ lint = try(var.fluent_bit_extra_configs.lint, "false")
+ repository_key_file = try(var.fluent_bit_extra_configs.repository_key_file, "")
+ repository_cert_file = try(var.fluent_bit_extra_configs.repository_cert_file, "")
+ repository_username = try(var.fluent_bit_extra_configs.repository_password, "")
+ repository_password = try(var.fluent_bit_extra_configs.repository_password, "")
+ verify = try(var.fluent_bit_extra_configs.verify, "false")
+ keyring = try(var.fluent_bit_extra_configs.keyring, "")
+ disable_webhooks = try(var.fluent_bit_extra_configs.disable_webhooks, "false")
+ reuse_values = try(var.fluent_bit_extra_configs.reuse_values, "false")
+ reset_values = try(var.fluent_bit_extra_configs.reset_values, "false")
+ force_update = try(var.fluent_bit_extra_configs.force_update, "false")
+ recreate_pods = try(var.fluent_bit_extra_configs.recreate_pods, "false")
+ cleanup_on_fail = try(var.fluent_bit_extra_configs.cleanup_on_fail, "false")
+ max_history = try(var.fluent_bit_extra_configs.max_history, "0")
+ atomic = try(var.fluent_bit_extra_configs.atomic, "false")
+ skip_crds = try(var.fluent_bit_extra_configs.skip_crds, "false")
+ render_subchart_notes = try(var.fluent_bit_extra_configs.render_subchart_notes, "true")
+ disable_openapi_validation = try(var.fluent_bit_extra_configs.disable_openapi_validation, "false")
+ wait = try(var.fluent_bit_extra_configs.wait, "true")
+ wait_for_jobs = try(var.fluent_bit_extra_configs.wait_for_jobs, "false")
+ dependency_update = try(var.fluent_bit_extra_configs.dependency_update, "false")
+ replace = try(var.fluent_bit_extra_configs.replace, "false")
+ }
+
+ fluent_bit_extra_configs = var.fluent_bit_extra_configs
+
+ helm_config = merge(
+ local.default_helm_config,
+ var.helm_config,
+ local.fluent_bit_extra_configs
+ )
+
+ argocd_gitops_config = {
+ enable = true
+ }
+}
diff --git a/addons/fluent-bit/main.tf b/addons/fluent-bit/main.tf
new file mode 100644
index 0000000..a3b05f6
--- /dev/null
+++ b/addons/fluent-bit/main.tf
@@ -0,0 +1,76 @@
+module "helm_addon" {
+ source = "../helm"
+
+ manage_via_gitops = var.manage_via_gitops
+ helm_config = local.helm_config
+ addon_context = var.addon_context
+
+ set_values = [
+ {
+ name = "eks_configs.cluster_name"
+ value = var.eks_cluster_name
+ },
+ {
+ name = "eks_configs.region"
+ value = data.aws_region.current.name
+ },
+ {
+ name = "serviceAccount.create"
+ value = "false"
+ },
+ {
+ name = "serviceAccount.name"
+ value = "${local.name}-sa"
+ },
+ {
+ name = "rbac.create"
+ value = "false"
+ }
+ ]
+
+ # -- IRSA Configurations
+ irsa_config = {
+ irsa_iam_policies = ["${aws_iam_policy.policy.arn}"]
+ irsa_iam_role_name = "${local.name}-${var.eks_cluster_name}-IAM-Role"
+ create_kubernetes_service_account = true
+ kubernetes_service_account = "${local.name}-sa"
+ kubernetes_namespace = local.default_helm_config.namespace
+ eks_oidc_provider_arn = replace("${data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer}", "https://", "")
+ account_id = var.account_id
+ }
+
+}
+
+resource "aws_iam_policy" "policy" {
+ name = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
+ path = "/"
+ description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role"
+ policy = var.iampolicy_json_content != null ? var.iampolicy_json_content : <<-EOT
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "cloudwatch:PutMetricData",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeTags",
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams",
+ "logs:DescribeLogGroups",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ssm:GetParameter"
+ ],
+ "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
+ }
+ ]
+}
+ EOT
+}
diff --git a/addons/fluent-bit/outputs.tf b/addons/fluent-bit/outputs.tf
new file mode 100644
index 0000000..8f744a2
--- /dev/null
+++ b/addons/fluent-bit/outputs.tf
@@ -0,0 +1,19 @@
+output "service_account" {
+ value = "${local.name}-sa"
+}
+
+output "iam_policy" {
+ value = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
+}
+
+output "namespace" {
+ value = local.default_helm_config.namespace
+}
+
+output "chart_version" {
+ value = local.default_helm_config.version
+}
+
+output "repository" {
+ value = local.default_helm_config.repository
+}
\ No newline at end of file
diff --git a/addons/fluent-bit/variables.tf b/addons/fluent-bit/variables.tf
new file mode 100644
index 0000000..31bb7ce
--- /dev/null
+++ b/addons/fluent-bit/variables.tf
@@ -0,0 +1,58 @@
+variable "helm_config" {
+ description = "Helm provider config for FluentBit"
+ type = any
+ default = {}
+}
+
+variable "manage_via_gitops" {
+ description = "Determines if the add-on should be managed via GitOps"
+ type = bool
+ default = false
+}
+
+variable "addon_context" {
+ description = "Input configuration for the addon"
+ type = object({
+ aws_caller_identity_account_id = string
+ aws_caller_identity_arn = string
+ aws_eks_cluster_endpoint = string
+ aws_partition_id = string
+ aws_region_name = string
+ eks_cluster_id = string
+ eks_oidc_issuer_url = string
+ eks_oidc_provider_arn = string
+ tags = map(string)
+ })
+}
+
+variable "eks_cluster_name" {
+ type = string
+ default = ""
+}
+
+variable "eks_cluster_id" {
+ type = string
+ default = ""
+}
+
+variable "account_id" {
+ type = string
+ default = ""
+}
+
+variable "set_values" {
+ type = any
+ default = []
+}
+
+variable "fluent_bit_extra_configs" {
+ description = "Override attributes of helm_release terraform resource"
+ type = any
+ default = {}
+}
+
+variable "iampolicy_json_content" {
+ description = "Custom IAM Policy for FluentBit IRSA"
+ type = string
+ default = null
+}
\ No newline at end of file
diff --git a/addons/fluent-bit/versions.tf b/addons/fluent-bit/versions.tf
new file mode 100644
index 0000000..55fba73
--- /dev/null
+++ b/addons/fluent-bit/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.0.0"
+
+ required_providers {
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = ">= 2.10"
+ }
+ }
+}
diff --git a/addons/ingress-nginx/locals.tf b/addons/ingress-nginx/locals.tf
index ca62ca1..4f626fc 100644
--- a/addons/ingress-nginx/locals.tf
+++ b/addons/ingress-nginx/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "ingress-nginx"
default_helm_config = {
- name = local.name
+ name = try(var.ingress_nginx_extra_configs.name, local.name)
chart = try(var.ingress_nginx_extra_configs.chart, local.name)
repository = try(var.ingress_nginx_extra_configs.repository, "https://kubernetes.github.io/ingress-nginx")
version = try(var.ingress_nginx_extra_configs.version, "4.6.1")
diff --git a/addons/istio-ingress/config/manifest/virtual-service.yaml b/addons/istio-ingress/config/manifest/virtual-service.yaml
index 1524769..78c38f3 100644
--- a/addons/istio-ingress/config/manifest/virtual-service.yaml
+++ b/addons/istio-ingress/config/manifest/virtual-service.yaml
@@ -1,15 +1,19 @@
+# If application will be deployed using HelmChart(ChartName=myapp) then:
+# replace `appname` by `{{ include "myapp.fullname" . }}` and
+# replace `istio-system` by `{{ include "myapp.namespace" . }}`
+
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: appname
- meta.helm.sh/release-namespace: istio-system
+ meta.helm.sh/release-namespace: default
generation: 1
labels:
app.kubernetes.io/instance: appname
app.kubernetes.io/name: appname
name: appname
- namespace: istio-system
+ namespace: default
spec:
gateways:
- istio-system/istio-gateway
diff --git a/addons/istio-ingress/locals.tf b/addons/istio-ingress/locals.tf
index c917bc3..966e1d7 100644
--- a/addons/istio-ingress/locals.tf
+++ b/addons/istio-ingress/locals.tf
@@ -1,34 +1,61 @@
locals {
istio_base = {
helm_config = {
- name = "base"
- chart = "base"
- repository = "https://istio-release.storage.googleapis.com/charts"
- version = "1.18.0"
- namespace = "istio-system"
- description = "Istio helm Chart deployment configuration"
+ name = "base"
+ chart = "base"
+ repository = "https://istio-release.storage.googleapis.com/charts"
+ version = "1.18.0"
+ namespace = try(var.istio_ingress_extra_configs.namespace, "istio-system")
+ create_namespace = try(var.istio_ingress_extra_configs.create_namespace, true)
+ description = "Istio helm Chart deployment configuration"
}
}
istiod = {
helm_config = {
- name = "istiod"
- chart = "istiod"
- repository = "https://istio-release.storage.googleapis.com/charts"
- version = "1.18.0"
- namespace = "istio-system"
- description = "Istio helm Chart deployment configuration"
+ name = "istiod"
+ chart = "istiod"
+ repository = "https://istio-release.storage.googleapis.com/charts"
+ version = "1.18.0"
+ namespace = try(var.istio_ingress_extra_configs.namespace, "istio-system")
+ create_namespace = try(var.istio_ingress_extra_configs.create_namespace, true)
+ description = "Istio helm Chart deployment configuration"
}
}
default_helm_config = {
- name = "istio-ingressgateway"
- chart = "gateway"
- repository = "https://istio-release.storage.googleapis.com/charts"
- version = "1.18.0"
- namespace = "istio-system"
- description = "Istio Ingress helm Chart deployment configuration"
+ name = try(var.istio_ingress_extra_configs.name, "istio-ingressgateway")
+ chart = try(var.istio_ingress_extra_configs.chart, "gateway")
+ repository = try(var.istio_ingress_extra_configs.repository, "https://istio-release.storage.googleapis.com/charts")
+ version = try(var.istio_ingress_extra_configs.version, "1.18.0")
+ namespace = try(var.istio_ingress_extra_configs.namespace, "istio-system")
+ create_namespace = try(var.istio_ingress_extra_configs.create_namespace, true)
+ description = "Istio Ingress helm Chart deployment configuration"
+ timeout = try(var.istio_ingress_extra_configs.timeout, "600")
+ lint = try(var.istio_ingress_extra_configs.lint, "false")
+ repository_key_file = try(var.istio_ingress_extra_configs.repository_key_file, "")
+ repository_cert_file = try(var.istio_ingress_extra_configs.repository_cert_file, "")
+ repository_username = try(var.istio_ingress_extra_configs.repository_password, "")
+ repository_password = try(var.istio_ingress_extra_configs.repository_password, "")
+ verify = try(var.istio_ingress_extra_configs.verify, "false")
+ keyring = try(var.istio_ingress_extra_configs.keyring, "")
+ disable_webhooks = try(var.istio_ingress_extra_configs.disable_webhooks, "false")
+ reuse_values = try(var.istio_ingress_extra_configs.reuse_values, "false")
+ reset_values = try(var.istio_ingress_extra_configs.reset_values, "false")
+ force_update = try(var.istio_ingress_extra_configs.force_update, "false")
+ recreate_pods = try(var.istio_ingress_extra_configs.recreate_pods, "false")
+ cleanup_on_fail = try(var.istio_ingress_extra_configs.cleanup_on_fail, "false")
+ max_history = try(var.istio_ingress_extra_configs.max_history, "0")
+ atomic = try(var.istio_ingress_extra_configs.atomic, "false")
+ skip_crds = try(var.istio_ingress_extra_configs.skip_crds, "false")
+ render_subchart_notes = try(var.istio_ingress_extra_configs.render_subchart_notes, "true")
+ disable_openapi_validation = try(var.istio_ingress_extra_configs.disable_openapi_validation, "false")
+ wait = try(var.istio_ingress_extra_configs.wait, "true")
+ wait_for_jobs = try(var.istio_ingress_extra_configs.wait_for_jobs, "false")
+ dependency_update = try(var.istio_ingress_extra_configs.dependency_update, "false")
+ replace = try(var.istio_ingress_extra_configs.replace, "false")
}
+
istio_ingress_extra_configs = var.istio_ingress_extra_configs
helm_config = merge(
diff --git a/addons/istio-ingress/main.tf b/addons/istio-ingress/main.tf
index 504c4fb..e8fe177 100644
--- a/addons/istio-ingress/main.tf
+++ b/addons/istio-ingress/main.tf
@@ -5,7 +5,6 @@ module "istio_base" {
helm_config = local.istio_base.helm_config
addon_context = var.addon_context
- depends_on = [kubernetes_namespace_v1.istio_system]
}
module "istiod" {
@@ -15,10 +14,7 @@ module "istiod" {
helm_config = local.istiod.helm_config
addon_context = var.addon_context
- depends_on = [
- module.istio_base,
- kubernetes_namespace_v1.istio_system
- ]
+ depends_on = [module.istio_base]
}
module "istio_ingress" {
@@ -28,10 +24,7 @@ module "istio_ingress" {
helm_config = local.helm_config
addon_context = var.addon_context
- depends_on = [
- module.istiod,
- kubernetes_namespace_v1.istio_system
- ]
+ depends_on = [module.istiod]
}
resource "kubectl_manifest" "istio_ingress_manifest" {
@@ -44,10 +37,3 @@ resource "kubectl_manifest" "istio_gateway_manifest" {
yaml_body = file("${var.istio_manifests.istio_gateway_manifest_file_path}")
}
-resource "kubernetes_namespace_v1" "istio_system" {
- count = try(local.istio_base.helm_config["create_namespace"], true) && local.istio_base.helm_config["namespace"] != "kube-system" ? 1 : 0
-
- metadata {
- name = local.istio_base.helm_config["namespace"]
- }
-}
diff --git a/addons/karpenter/locals.tf b/addons/karpenter/locals.tf
index 0b1047e..42ba556 100644
--- a/addons/karpenter/locals.tf
+++ b/addons/karpenter/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "karpenter"
default_helm_config = {
- name = local.name
+ name = try(var.karpenter_extra_configs.name, local.name)
chart = try(var.karpenter_extra_configs.chart, local.name)
repository = try(var.karpenter_extra_configs.repository, "https://charts.karpenter.sh/")
version = try(var.karpenter_extra_configs.version, "0.16.3")
diff --git a/addons/kiali-server/locals.tf b/addons/kiali-server/locals.tf
index c3e77a1..a037a0e 100644
--- a/addons/kiali-server/locals.tf
+++ b/addons/kiali-server/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "kiali-server"
default_helm_config = {
- name = local.name
+ name = try(var.kiali_server_extra_configs.name, local.name)
chart = try(var.kiali_server_extra_configs.chart, local.name)
repository = try(var.kiali_server_extra_configs.repository, "https://kiali.org/helm-charts")
version = try(var.kiali_server_extra_configs.version, "1.71.0")
diff --git a/addons/kubeclarity/locals.tf b/addons/kubeclarity/locals.tf
index 3c3594a..686bd1d 100644
--- a/addons/kubeclarity/locals.tf
+++ b/addons/kubeclarity/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "kubeclarity"
default_helm_config = {
- name = local.name
+ name = try(var.kubeclarity_extra_configs.name, local.name)
chart = try(var.kubeclarity_extra_configs.chart, local.name)
repository = try(var.kubeclarity_extra_configs.repository, "https://openclarity.github.io/kubeclarity")
version = try(var.kubeclarity_extra_configs.version, "v2.19.0")
diff --git a/addons/metrics-server/locals.tf b/addons/metrics-server/locals.tf
index 6443b6f..5e2154f 100644
--- a/addons/metrics-server/locals.tf
+++ b/addons/metrics-server/locals.tf
@@ -2,7 +2,7 @@ locals {
name = "metrics-server"
default_helm_config = {
- name = local.name
+ name = try(var.metrics_server_extra_configs.name, local.name)
chart = try(var.metrics_server_extra_configs.chart, local.name)
repository = try(var.metrics_server_extra_configs.repository, "https://kubernetes-sigs.github.io/metrics-server/")
version = try(var.metrics_server_extra_configs.version, "3.8.2")
diff --git a/main.tf b/main.tf
index 182f1f0..13dc2d5 100644
--- a/main.tf
+++ b/main.tf
@@ -138,4 +138,16 @@ module "kubeclarity" {
manage_via_gitops = var.manage_via_gitops
addon_context = local.addon_context
kubeclarity_extra_configs = var.kubeclarity_extra_configs
-}
\ No newline at end of file
+}
+
+module "fluent_bit" {
+ count = var.fluent_bit ? 1 : 0
+ source = "./addons/fluent-bit"
+ helm_config = var.fluent_bit_helm_config != null ? var.fluent_bit_helm_config : { values = ["${local_file.fluent_bit_helm_config[0].content}"] }
+ manage_via_gitops = var.manage_via_gitops
+ addon_context = local.addon_context
+ eks_cluster_name = data.aws_eks_cluster.eks_cluster.name
+ account_id = data.aws_caller_identity.current.account_id
+ fluent_bit_extra_configs = var.fluent_bit_extra_configs
+ iampolicy_json_content = var.fluent_bit_iampolicy_json_content
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index 248a0f9..78bb7a7 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -147,4 +147,38 @@ output "kubeclarity_chart_version" {
}
output "kubeclarity_repository" {
value = module.kubeclarity[*].repository
+}
+
+#----------- AWS LOAD BALANCER CONTROLLER ----------------
+output "aws_load_balancer_controller_service_account" {
+ value = module.aws_load_balancer_controller[*].service_account
+}
+output "aws_load_balancer_controller_iam_policy" {
+ value = module.aws_load_balancer_controller[*].iam_policy
+}
+output "aws_load_balancer_controller_namespace" {
+ value = module.aws_load_balancer_controller[*].namespace
+}
+output "aws_load_balancer_controller_chart_version" {
+ value = module.aws_load_balancer_controller[*].chart_version
+}
+output "aws_load_balancer_controller_repository" {
+ value = module.aws_load_balancer_controller[*].repository
+}
+
+#----------- FLUENT-BIT ----------------
+output "fluent_bit_service_account" {
+ value = module.fluent_bit[*].service_account
+}
+output "fluent_bit_iam_policy" {
+ value = module.fluent_bit[*].iam_policy
+}
+output "fluent_bit_namespace" {
+ value = module.fluent_bit[*].namespace
+}
+output "fluent_bit_chart_version" {
+ value = module.fluent_bit[*].chart_version
+}
+output "fluent_bit_repository" {
+ value = module.fluent_bit[*].repository
}
\ No newline at end of file
diff --git a/override_values.tf b/override_values.tf
index e3cec4b..7542550 100644
--- a/override_values.tf
+++ b/override_values.tf
@@ -412,3 +412,102 @@ kubeclarity:
EOT
filename = "${path.module}/override_values/kubeclarity.yaml"
}
+
+#-----------FLUENT-BIT -----------------------
+resource "local_file" "fluent_bit_helm_config" {
+ count = var.fluent_bit && (var.fluent_bit_helm_config == null) ? 1 : 0
+ content = <