fix: The argument "addonanme_manifests" is required, but no definitio…

…n was found. (#17) feat: Updated Readme.md
clouddrove · Aug 7, 2023 · fe130f6 · fe130f6
1 parent ffc4d1d
commit fe130f6
Show file tree

Hide file tree

Showing 30 changed files with 211 additions and 87 deletions.
diff --git a/README.md b/README.md
@@ -70,7 +70,8 @@ No outputs.
 
 ```bash
 module "addons" {
-  source = "../../addons"
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
 
   depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name

diff --git a/_examples/basic/config/external-secret/external-secret.yaml b/_examples/basic/config/external-secret/external-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-secret                      # -- Provide external secret name
+  namespace: kube-system                     # -- Do not change this namespace field
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: external-secrets-store             # -- Provide previously created secret store name
+    kind: SecretStore
+  target:
+    name: externalsecret-data                # -- Name of secret which will contain data specified below
+    creationPolicy: Owner
+  data:
+  - secretKey: do_not_delete_this_key        # -- AWS Secret-Manager secret key
+    remoteRef:
+      key: addon-external_secrets            # -- Same as 'externalsecrets_manifest["secret_manager_name"]
+      property: do_not_delete_this_key       # -- AWS Secret-Manager secret key
diff --git a/_examples/basic/config/external-secret/secret-store.yaml b/_examples/basic/config/external-secret/secret-store.yaml
@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: external-secrets-store        # -- Provide secret store name
+  namespace: kube-system              # -- Do not change this namespace name
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: us-east-1               # -- Provoide your cluster region
+      auth:
+        jwt:
+          serviceAccountRef:
+            name: external-secrets-sa # -- Do not change this name field
diff --git a/_examples/basic/config/external-secret/usage.yaml b/_examples/basic/config/external-secret/usage.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ubuntu-pod
+  namespace: kube-system                       # -- keep this namespace same as ExternalSecret namespace
+  labels:
+    app: ubuntu-pod
+spec:
+  containers:
+  - image: ubuntu
+    command:
+      - "sleep"
+      - "604800"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu-pod
+    env:
+      - name: USER_1                           # -- Environment variable of pod
+        valueFrom:
+          secretKeyRef:
+            name: externalsecret-data          # -- kubernetes secret name
+            key: do_not_delete_this_key        # -- Same as spec.data.secretKey field of ExternalSecret         
+            optional: false
+  restartPolicy: Always
diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf
@@ -199,14 +199,14 @@ module "addons" {
   aws_node_termination_handler = true
   aws_efs_csi_driver           = true
   aws_ebs_csi_driver           = true
-  karpenter                    = true
-  calico_tigera                = true
+  karpenter                    = false
+  calico_tigera                = false
 
   kiali_server    = true
   kiali_manifests = var.kiali_manifests
 
-  external_secrets         = true
-  externalsecrets_manifest = var.externalsecrets_manifest
+  external_secrets          = true
+  externalsecrets_manifests = var.externalsecrets_manifests
 
   istio_ingress   = true
   istio_manifests = var.istio_manifests

diff --git a/_examples/basic/variables.tf b/_examples/basic/variables.tf
@@ -51,7 +51,7 @@ variable "kiali_manifests" {
 }
 
 #--------------EXTERNAL SECRET---------------
-variable "externalsecrets_manifest" {
+variable "externalsecrets_manifests" {
   type = object({
     secret_store_manifest_file_path     = string
     external_secrets_manifest_file_path = string

diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf
@@ -197,20 +197,20 @@ module "addons" {
   # -- Enable Addons
   metrics_server               = true
   cluster_autoscaler           = true
-  karpenter                    = true
   aws_load_balancer_controller = true
   aws_node_termination_handler = true
   aws_efs_csi_driver           = true
   aws_ebs_csi_driver           = true
-  calico_tigera                = true
+  karpenter                    = false
+  calico_tigera                = false
 
   # -- Addons with mandatory variable
-  istio_ingress            = true
-  istio_manifests          = var.istio_manifests
-  kiali_server             = true
-  kiali_manifests          = var.kiali_manifests
-  external_secrets         = true
-  externalsecrets_manifest = var.externalsecrets_manifest
+  istio_ingress             = true
+  istio_manifests           = var.istio_manifests
+  kiali_server              = true
+  kiali_manifests           = var.kiali_manifests
+  external_secrets          = true
+  externalsecrets_manifests = var.externalsecrets_manifests
 
   # -- Path of override-values.yaml file
   metrics_server_helm_config               = { values = ["${file("./config/override-metrics-server.yaml")}"] }

diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf
@@ -59,7 +59,7 @@ variable "kiali_manifests" {
 }
 
 # ------------------ EXTERNAL SECRETS -----------------------
-variable "externalsecrets_manifest" {
+variable "externalsecrets_manifests" {
   type = object({
     secret_store_manifest_file_path     = string
     external_secrets_manifest_file_path = string

diff --git a/addons/aws-ebs-csi-driver/README.md b/addons/aws-ebs-csi-driver/README.md
@@ -8,8 +8,10 @@ The [Amazon Elastic Block Store Container Storage](https://aws.amazon.com/ebs/)
 Below terraform script shows how to use AWS EBS CSI Driver Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   aws_ebs_csi_driver = true

diff --git a/addons/aws-efs-csi-driver/README.md b/addons/aws-efs-csi-driver/README.md
@@ -10,8 +10,10 @@ Amazon EFS CSI driver supports dynamic provisioning and static provisioning. Cur
 Below terraform script shows how to use AWS EFS CSI Driver Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   aws_efs_csi_driver = true

diff --git a/addons/aws-load-balancer-controller/README.md b/addons/aws-load-balancer-controller/README.md
@@ -10,8 +10,10 @@ AWS Load Balancer controller manages the following AWS resources
 Below terraform script shows how to use AWS Load Balancer Controller Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   aws_load_balancer_controller = true

diff --git a/addons/aws-node-termination-handler/README.md b/addons/aws-node-termination-handler/README.md
@@ -8,8 +8,10 @@ The AWS Node Termination Handler (NTH) project ensures that the Kubernetes contr
 Below terraform script shows how to use Node Termination Handler Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   aws_node_termination_handler = true

diff --git a/addons/calico-tigera/README.md b/addons/calico-tigera/README.md
@@ -16,8 +16,10 @@ For multi-tenant Kubernetes environments where isolation of tenants from each ot
 
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   calico_tigera = true

diff --git a/addons/calico-tigera/main.tf b/addons/calico-tigera/main.tf
@@ -17,9 +17,7 @@ resource "kubernetes_namespace" "this" {
   }
 }
 
-resource "null_resource" "calico_node" {
+resource "kubectl_manifest" "calico_node" {
   depends_on = [data.aws_eks_cluster.eks_cluster]
-  provisioner "local-exec" {
-    command = "kubectl apply -f ../../addons/calico-tigera/config/calico-deployment.yaml"
-  }
+  yaml_body  = file("../../addons/calico-tigera/config/calico-deployment.yaml")
 }
diff --git a/addons/calico-tigera/versions.tf b/addons/calico-tigera/versions.tf
@@ -6,5 +6,13 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.10"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.6"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.7.0"
+    }
   }
 }
diff --git a/addons/cluster-autoscaler/README.md b/addons/cluster-autoscaler/README.md
@@ -9,8 +9,10 @@ Cluster Autoscaler is a tool that automatically adjusts the size of the Kubernet
 Below terraform script shows how to use Cluster Autoscaler Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   cluster_autoscaler = true

diff --git a/addons/external-secrets/README.md b/addons/external-secrets/README.md
@@ -38,8 +38,10 @@ variable "externalsecrets_manifest" {
 Calling `externalsecrets_manifest` variable in main.tf as below -
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   external_secrets         = true

diff --git a/addons/external-secrets/config/external-secret/external-secret.yaml b/addons/external-secrets/config/external-secret/external-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-secret                      # -- Provide external secret name
+  namespace: kube-system                     # -- Do not change this namespace field
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: external-secrets-store             # -- Provide previously created secret store name
+    kind: SecretStore
+  target:
+    name: externalsecret-data                # -- Name of secret which will contain data specified below
+    creationPolicy: Owner
+  data:
+  - secretKey: do_not_delete_this_key        # -- AWS Secret-Manager secret key
+    remoteRef:
+      key: addon-external_secrets            # -- Same as 'externalsecrets_manifest["secret_manager_name"]
+      property: do_not_delete_this_key       # -- AWS Secret-Manager secret key
diff --git a/...rnal-secrets/config/external_secrets.yaml → ...nfig/external-secret/override-values.yaml b/...rnal-secrets/config/external_secrets.yaml → ...nfig/external-secret/override-values.yaml
@@ -1,5 +1,3 @@
-## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
-
 affinity:
   nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:
@@ -9,16 +7,11 @@ affinity:
           operator: In
           values:
           - "critical"
-
 ## Using limits and requests
-
 resources:
   limits:
-    cpu: 200m
+    cpu: 300m
     memory: 250Mi
   requests:
     cpu: 50m
-    memory: 150Mi
-
-podAnnotations:
-  co.elastic.logs/enabled: "true"
+    memory: 150Mi
diff --git a/addons/external-secrets/config/external-secret/secret-store.yaml b/addons/external-secrets/config/external-secret/secret-store.yaml
@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: external-secrets-store        # -- Provide secret store name
+  namespace: kube-system              # -- Do not change this namespace name
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: us-east-1               # -- Provoide your cluster region
+      auth:
+        jwt:
+          serviceAccountRef:
+            name: external-secrets-sa # -- Do not change this name field
diff --git a/addons/external-secrets/config/external-secret/usage.yaml b/addons/external-secrets/config/external-secret/usage.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ubuntu-pod
+  namespace: kube-system                       # -- keep this namespace same as ExternalSecret namespace
+  labels:
+    app: ubuntu-pod
+spec:
+  containers:
+  - image: ubuntu
+    command:
+      - "sleep"
+      - "604800"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu-pod
+    env:
+      - name: USER_1                           # -- Environment variable of pod
+        valueFrom:
+          secretKeyRef:
+            name: externalsecret-data          # -- kubernetes secret name
+            key: do_not_delete_this_key        # -- Same as spec.data.secretKey field of ExternalSecret         
+            optional: false
+  restartPolicy: Always
diff --git a/addons/external-secrets/main.tf b/addons/external-secrets/main.tf
@@ -74,19 +74,19 @@ data "aws_iam_policy_document" "iam-policy" {
       "secretsmanager:DescribeSecret",
     ]
     resources = [
-      "arn:aws:secretsmanager:${data.aws_region.current.name}:${var.account_id}:secret:${var.externalsecrets_manifest.secret_manager_name}*",
+      "arn:aws:secretsmanager:${data.aws_region.current.name}:${var.account_id}:secret:${var.externalsecrets_manifests.secret_manager_name}*",
     ]
   }
 }
 
 resource "kubectl_manifest" "secret_store" {
   depends_on = [module.helm_addon]
-  yaml_body  = file("${var.externalsecrets_manifest.secret_store_manifest_file_path}")
+  yaml_body  = file("${var.externalsecrets_manifests.secret_store_manifest_file_path}")
 }
 
 resource "kubectl_manifest" "external_secrets" {
   depends_on = [kubectl_manifest.secret_store, module.secrets_manager]
-  yaml_body  = file("${var.externalsecrets_manifest.external_secrets_manifest_file_path}")
+  yaml_body  = file("${var.externalsecrets_manifests.external_secrets_manifest_file_path}")
 }
 
 module "secrets_manager" {
@@ -96,8 +96,8 @@ module "secrets_manager" {
   name = "secrets-manager"
   secrets = [
     {
-      name        = "${var.externalsecrets_manifest.secret_manager_name}"
-      description = "This is a key/value secret"
+      name        = "${var.externalsecrets_manifests.secret_manager_name}"
+      description = "AWS EKS external-secrets helm addon."
       secret_key_value = {
         do_not_delete_this_key = "do_not_delete_this_value"
       }

diff --git a/addons/external-secrets/variables.tf b/addons/external-secrets/variables.tf
@@ -36,7 +36,7 @@ variable "addon_context" {
 }
 
 # ------------------ EXTERNAL SECRETS -----------------------
-variable "externalsecrets_manifest" {
+variable "externalsecrets_manifests" {
   type = object({
     secret_store_manifest_file_path     = string
     external_secrets_manifest_file_path = string

diff --git a/addons/istio-ingress/README.md b/addons/istio-ingress/README.md
@@ -7,8 +7,10 @@ Istio is a service mesh—a modernized service networking layer that provides a
 Below terraform script shows how to use Istio-Ingress Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
 ```bash
 module "addons" {
-  source = "../../"
-  depends_on       = [null_resource.kubectl]
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
   eks_cluster_name = module.eks.cluster_name
 
   istio_ingress    = true