Fix/addons (#18)

* fix: The argument "addonanme_manifests" is required, but no definition was found. feat: Updated Readme.md * fix: override-value file and iampolicy file location * fix: helm_config and iampolicy files passing syntax * fix: helm_config and iampolicy files passing syntax * fix: helm_config and iampolicy files passing syntax --------- Co-authored-by: Anmol Nagpal <anmol@clouddrove.com>
clouddrove · Aug 8, 2023 · bb1104c · bb1104c
1 parent 5cbb959
commit bb1104c
Show file tree

Hide file tree

Showing 24 changed files with 5,787 additions and 421 deletions.
diff --git a/_examples/basic/config/external-secret/external-secret.yaml b/_examples/basic/config/external-secret/external-secret.yaml
@@ -14,5 +14,5 @@ spec:
   data:
   - secretKey: do_not_delete_this_key        # -- AWS Secret-Manager secret key
     remoteRef:
-      key: addon-external_secrets            # -- Same as 'externalsecrets_manifest["secret_manager_name"]
+      key: external_secrets                  # -- Same as 'externalsecrets_manifest["secret_manager_name"]
       property: do_not_delete_this_key       # -- AWS Secret-Manager secret key
diff --git a/_examples/basic/variables.tf b/_examples/basic/variables.tf
@@ -42,11 +42,9 @@ variable "istio_manifests" {
 variable "kiali_manifests" {
   type = object({
     kiali_virtualservice_file_path = string
-    enable_monitoring              = bool
   })
   default = {
     kiali_virtualservice_file_path = "./config/kiali/kiali_vs.yaml"
-    enable_monitoring              = true
   }
 }
 
@@ -60,6 +58,6 @@ variable "externalsecrets_manifests" {
   default = {
     secret_store_manifest_file_path     = "./config/external-secret/secret-store.yaml"
     external_secrets_manifest_file_path = "./config/external-secret/external-secret.yaml"
-    secret_manager_name                 = "addon-external_secrets"
+    secret_manager_name                 = "external_secrets"
   }
 }
diff --git a/_examples/complete/config/external-secret/external-secret.yaml b/_examples/complete/config/external-secret/external-secret.yaml
@@ -14,5 +14,5 @@ spec:
   data:
   - secretKey: do_not_delete_this_key        # -- AWS Secret-Manager secret key
     remoteRef:
-      key: addon-external_secrets            # -- Same as 'externalsecrets_manifest["secret_manager_name"]
+      key: external_secrets                  # -- Same as 'externalsecrets_manifest["secret_manager_name"]
       property: do_not_delete_this_key       # -- AWS Secret-Manager secret key
diff --git a/...ete/config/override-external_secrets.yaml → ...nfig/external-secret/override-values.yaml b/...ete/config/override-external_secrets.yaml → ...nfig/external-secret/override-values.yaml
diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf
@@ -189,7 +189,6 @@ data "aws_ami" "eks_default_arm" {
 
 module "addons" {
   source = "../../"
-  #version = "0.0.1"
 
   depends_on       = [module.eks.cluster_name]
   eks_cluster_name = module.eks.cluster_name
@@ -223,6 +222,6 @@ module "addons" {
   calico_tigera_helm_config                = { values = ["${file("./config/calico-tigera-values.yaml")}"] }
   istio_ingress_helm_config                = { values = ["${file("./config/istio/override-values.yaml")}"] }
   kiali_server_helm_config                 = { values = ["${file("./config/kiali/override-values.yaml")}"] }
-  external_secrets_helm_config             = { values = ["${file("./config/override-external_secrets.yaml")}"] }
+  external_secrets_helm_config             = { values = ["${file("./config/external-secret/override-values.yaml")}"] }
 }
 
diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf
@@ -50,11 +50,9 @@ variable "kiali_server_helm_config" {
 variable "kiali_manifests" {
   type = object({
     kiali_virtualservice_file_path = string
-    enable_monitoring              = bool
   })
   default = {
     kiali_virtualservice_file_path = "./config/kiali/kiali_vs.yaml"
-    enable_monitoring              = true
   }
 }
 
@@ -68,6 +66,6 @@ variable "externalsecrets_manifests" {
   default = {
     secret_store_manifest_file_path     = "./config/external-secret/secret-store.yaml"
     external_secrets_manifest_file_path = "./config/external-secret/external-secret.yaml"
-    secret_manager_name                 = "addon-external_secrets"
+    secret_manager_name                 = "external_secrets"
   }
 }
diff --git a/addons/aws-ebs-csi-driver/main.tf b/addons/aws-ebs-csi-driver/main.tf
@@ -34,7 +34,31 @@ resource "aws_iam_policy" "policy" {
   name        = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
   path        = "/"
   description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role"
-  policy      = file("../../addons/${local.name}/policy.json")
+  policy      = <<-EOT
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:AttachVolume",
+        "ec2:CreateSnapshot",
+        "ec2:CreateTags",
+        "ec2:CreateVolume",
+        "ec2:DeleteSnapshot",
+        "ec2:DeleteTags",
+        "ec2:DeleteVolume",
+        "ec2:DescribeInstances",
+        "ec2:DescribeSnapshots",
+        "ec2:DescribeTags",
+        "ec2:DescribeVolumes",
+        "ec2:DetachVolume"
+      ],
+      "Resource": "*"
+    }
+  ]
+}  
+EOT
 }
 
 resource "kubernetes_namespace_v1" "this" {

diff --git a/addons/aws-ebs-csi-driver/policy.json b/addons/aws-ebs-csi-driver/policy.json
diff --git a/addons/aws-efs-csi-driver/main.tf b/addons/aws-efs-csi-driver/main.tf
@@ -18,6 +18,10 @@ module "helm_addon" {
     {
       name  = "controller.serviceAccount.name"
       value = "${local.name}-sa"
+    },
+    {
+      name  = "replicaCount"
+      value = "1"
     }
   ]
 
@@ -38,7 +42,57 @@ resource "aws_iam_policy" "policy" {
   name        = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
   path        = "/"
   description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role"
-  policy      = file("../../addons/${local.name}/policy.json")
+  policy      = <<-EOT
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "elasticfilesystem:DescribeAccessPoints",
+          "elasticfilesystem:DescribeFileSystems",
+          "elasticfilesystem:DescribeMountTargets",
+          "ec2:DescribeAvailabilityZones"
+        ],
+        "Resource": "*"
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "elasticfilesystem:CreateAccessPoint"
+        ],
+        "Resource": "*",
+        "Condition": {
+          "StringLike": {
+            "aws:RequestTag/efs.csi.aws.com/cluster": "true"
+          }
+        }
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "elasticfilesystem:TagResource"
+        ],
+        "Resource": "*",
+        "Condition": {
+          "StringLike": {
+            "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
+          }
+        }
+      },
+      {
+        "Effect": "Allow",
+        "Action": "elasticfilesystem:DeleteAccessPoint",
+        "Resource": "*",
+        "Condition": {
+          "StringEquals": {
+            "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
+          }
+        }
+      }
+    ]
+  }  
+EOT
 }
 
 resource "kubernetes_namespace_v1" "this" {

diff --git a/addons/aws-efs-csi-driver/policy.json b/addons/aws-efs-csi-driver/policy.json