From b67f8cef11ffa9b53194850d5ed67eb1d7ff3215 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Tue, 1 Aug 2023 16:19:32 +0530 Subject: [PATCH 1/5] feat: Installation guide for terraform-helm-eks-addon --- README.md | 131 ++++++++++++------ _examples/basic/main.tf | 54 +------- _examples/basic/providers.tf | 26 +++- _examples/complete/README.md | 34 ----- _examples/complete/main.tf | 54 +------- addons/istio-ingress/README.md | 6 +- .../config/{ => manifest}/gateway.yaml | 0 .../config/{ => manifest}/ingress.yaml | 0 .../{ => manifest}/virtual-service.yaml | 0 addons/istio-ingress/main.tf | 15 +- addons/istio-ingress/variables.tf | 2 +- addons/istio-ingress/versions.tf | 8 ++ main.tf | 1 - versions.tf | 8 ++ 14 files changed, 131 insertions(+), 208 deletions(-) rename addons/istio-ingress/config/{ => manifest}/gateway.yaml (100%) rename addons/istio-ingress/config/{ => manifest}/ingress.yaml (100%) rename addons/istio-ingress/config/{ => manifest}/virtual-service.yaml (100%) diff --git a/README.md b/README.md index 15b04a8..26aece3 100644 --- a/README.md +++ b/README.md @@ -7,85 +7,124 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | | [aws](#requirement\_aws) | >= 4.23 | -| [helm](#requirement\_helm) | >= 2.6 | -| [kubernetes](#requirement\_kubernetes) | >= 2.13 | ## Providers -| Name | -|------| -| aws | -| kubernetes | +| Name | Version | +|------|---------| +| aws | >= 4.23 | +| kubernetes | >= 2.13 | +| helm | >= 2.6 | +| kubectl | >= 1.7.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [k8s\_addons](#module\_k8s\_addons) | ./addons/helm | n/a | +| [k8s\_addons](#module\_k8s\_addons) | ./addons/helm | 0.0.1 | ## Resources -| Resource Type | Name | Use | -|------|-----|---------| -|null_resource| kubectl | Connect to aws EKS cluster from terminal where the aws cli is configured | -Sample null_resource -```bash -resource "null_resource" "kubectl" { - depends_on = [local_file.kubeconfig] - provisioner "local-exec" { - command = "export KUBE_CONFIG_PATH=${path.cwd}/config/kubeconfig && aws eks update-kubeconfig --name ${module.eks.cluster_name} --region ${local.region}" - } -} -``` +| Name | Use | +|------|-----| +|helm_release| A terraform resource to deploy helm charts on kubernetes cluster | ## Inputs +- Availabel Flags for helm command are [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/addons/helm/main.tf#L2-L33). | Name | Description | Default | Required | |------|-------------|---------|:--------:| -|enable_metrics_server| Set this to true to install metrics-server helmchart on eks cluster | False | Yes | -|enable_cluster_autoscaler| Set this to true to install cluster-autoscaler helmchart on eks cluster | False | Yes | -|enable_aws_load_balancer_controller| Set this to true to install aws-load-balancer-controller helmchart on eks cluster | False | Yes | -|enable_aws_node_termination_handler| Set this to true to install aws-node-termination-handler helmchart on eks cluster | False | Yes | -|enable_aws_efs_csi_driver| Set this to true to install aws-efs-csi-driver helmchart on eks cluster | False | Yes | -|metrics_server_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | -|cluster_autoscaler_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | -|aws_load_balancer_controller_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | -|aws_node_termination_handler_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | -|aws_efs_csi_driver_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | +|metrics_server| Set this to true to install metrics-server helmchart on eks cluster | False | Yes | +|metrics_server_helm_config | Flags for helm command | {values = "addons/metrics-server/config/metrics_server.yaml"} | No | +|cluster_autoscaler| Set this to true to install cluster-autoscaler helmchart on eks cluster | False | Yes | +|cluster_autoscaler_helm_config | Flags for helm command | {values = "addons/cluster-autoscaler/config/cluster_autoscaler.yaml"} | No | +|aws_load_balancer_controller| Set this to true to install aws-load-balancer-controller helmchart on eks cluster | False | Yes | +|aws_load_balancer_controller_helm_config | Flags for helm command | {values = "addons/aws-load-balancer-controller/config/aws_load_balancer_controller.yaml"} | No | +|aws_node_termination_handler| Set this to true to install aws-node-termination-handler helmchart on eks cluster | False | Yes | +|aws_node_termination_handler_helm_config | Flags for helm command | {values = "addons/aws-node-termination-handler/config/aws_node_termination_handler.yaml"} | No | +|aws_efs_csi_driver| Set this to true to install aws-efs-csi-driver helmchart on eks cluster | False | Yes | +|aws_efs_csi_driver_helm_config | Flags for helm command | {values = "addons/aws-efs-csi-driver/config/aws_efs_csi_driver.yaml"} | No | +|aws_ebs_csi_driver| Set this to true to install aws-ebs-csi-driver helmchart on eks cluster | False | Yes | +|aws_ebs_csi_driver_helm_config | Flags for helm command | {values = "addons/aws-ebs-csi-driver/config/aws_ebs_csi_driver.yaml"} | No | +|karpenter| Set this to true to install karpenter helmchart on eks cluster | False | Yes | +|karpenter_helm_config | Flags for helm command | {values = "addons/karpenter/config/karpenter.yaml"} | No | +|calico_tigera| Set this to true to install Calico helmchart on eks cluster | False | Yes | +|calico_tigera_helm_config | Flags for helm command | {values = "addons/calico-tigera/config/calico-tigera-values.yaml"} | No | +|istio_ingress| Set this to true to install Istio-ingress helmchart on eks cluster | False | Yes | +|istio_manifests| Kubernetes yaml manifests to create `ingress` and `gateway` with specified `host` | addons/istio-ingress/config/manifest/*.yaml | Yes | +|istio_ingress_helm_config | Flags for helm command | {values = "addons/istio-ingress/config/override-values.yaml"} | No | +|kiali_server| Set this to true to install Kiali Dashboard helmchart on eks cluster | False | Yes | +|kiali_manifests| Includes VirtualService manifest file path and flag to install prometheus, grafana & jaeger | kiali_manifests {
kiali_virtualservice_file_path = addons/kiali-server/config/kiali_vs.yaml
enable_monitoring = true
}| Yes | +|kiali_server_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | +|k8s_pod_restart_info_collector| Set this to true to install k8s-pod-restart-info-collector helmchart on eks cluster | False | Yes | +|info_collector_slack_config | Details of slack channel where to send notification | n/a
an example is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/variables.tf#L117-L126) | Yes | + -- Availabel Flags for helm command are [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/addons/helm/main.tf#L2-L33). ## Outputs No outputs. ## How to Use -An example of usage is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf#L226-L254) and below also. -If you are running `terraform apply` from local then make sure to set `KUBE_CONFIG_PATH` as an environment variable with value `~/.kube/config` where aws cli is configured, i.e. `export KUBE_CONFIG_PATH=~/.kube/config` +- An example of complete usage is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf#L190-L232) and below also. -```bash -resource "null_resource" "kubectl" { - depends_on = [local_file.kubeconfig] - provisioner "local-exec" { - command = "aws eks update-kubeconfig --name my-eks-cluster --region us-east-1" - } -} +- Use below terraform module in your infrastructure's terraform script. +```bash module "addons" { source = "../../addons" - depends_on = [null_resource.kubectl] - eks_cluster_name = "my-eks-cluster" + depends_on = [module.eks.cluster_id] + eks_cluster_name = module.eks.cluster_name + + metrics_server = false + cluster_autoscaler = false + aws_load_balancer_controller = true + aws_node_termination_handler = false + aws_efs_csi_driver = false + aws_ebs_csi_driver = false + karpenter = false + calico_tigera = false + + kiali_server = false + kiali_manifests = var.kiali_manifests - enable_metrics_server = true - enable_cluster_autoscaler = true - enable_aws_load_balancer_controller = true - enable_aws_node_termination_handler = true - enable_aws_efs_csi_driver = true + istio_ingress = true + istio_manifests = var.istio_manifests + k8s_pod_restart_info_collector = false + info_collector_slack_config = var.info_collector_slack_config } + ``` +## Known Issues + +- ### Istio Ingress + - Our `istio-ingress` addon creates an Application Load Balancer on AWS by using `aws-load-balancer-controller`. + - aws-load-balancer-controller adds a `finalizer` field in `ingress` resource to prevent its manual deletion. + - Another case is that, this ingress will be **non-deletable** if aws-load-balancer-controller gets deleted before deletion of ingress + - Terraform does not controlls order of destructure which is sometimes causing `aws-load-balancer-controller` helmchart uninstallation before istio-ingress deletion. + - The same issue will come when an appliaction uses ingress of type ALB; In this case we need to delete `istio-ingress` & ALB of applications manually by following some extra steps as shown below. + 1. Set `istio_ingress` to `false` in your terraform addon module. + 2. Run `terraform apply`, this will delete all the resource created by istio-ingress addon including istio-load-balancer. + 3. To delete ingress created by application run below command + ```bash + kubectl patch ingress ingressName -n namespace -p '{"metadata":{"finalizers":[]}}' --type=merge + ``` + 4. Now you can run `terraform destroy` for complete destruction. + +- ### Calico CNI + Our `calico-tigera` addon creates `trigera-operator` and `calico-node` out of which `calico-node` is being created using a manifest (calico-deployment.yaml). This manifest create two serviceAccounts (`calico-cni-plugin` & `calico-node`) which needs to be delete manually as shown below - + 1. Run `kubectl edit serviceAccount calico-cni-plugin -n calico-system` and delete `finalizer` block, then save and exit. + 2. Run `kubectl edit serviceAccount calico-node -n calico-system` and delete `finalizer` block, then save and exit. + 3. If both seriveAccount aren't deleted then run below command to delete them + ```bash + kubectl delete seriveAccount calico-cni-plugin calico-node -n calico-system + ``` + + + ## Feedback If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-helm-eks-addons/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf index 723c970..f904ea5 100644 --- a/_examples/basic/main.tf +++ b/_examples/basic/main.tf @@ -187,63 +187,11 @@ data "aws_ami" "eks_default_arm" { } } -resource "local_file" "kubeconfig" { - depends_on = [ - module.eks.cluster_id - ] - content = < -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 4.23 | -| [helm](#requirement\_helm) | >= 2.6 | -| [kubernetes](#requirement\_kubernetes) | >= 2.13 | - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [addons](#module\_addons) | ../../ | n/a | -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.13.1 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.1 | - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. - diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index 17ed38c..14540e4 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -187,63 +187,11 @@ data "aws_ami" "eks_default_arm" { } } -resource "local_file" "kubeconfig" { - depends_on = [ - module.eks.cluster_id - ] - content = < diff --git a/addons/istio-ingress/config/gateway.yaml b/addons/istio-ingress/config/manifest/gateway.yaml similarity index 100% rename from addons/istio-ingress/config/gateway.yaml rename to addons/istio-ingress/config/manifest/gateway.yaml diff --git a/addons/istio-ingress/config/ingress.yaml b/addons/istio-ingress/config/manifest/ingress.yaml similarity index 100% rename from addons/istio-ingress/config/ingress.yaml rename to addons/istio-ingress/config/manifest/ingress.yaml diff --git a/addons/istio-ingress/config/virtual-service.yaml b/addons/istio-ingress/config/manifest/virtual-service.yaml similarity index 100% rename from addons/istio-ingress/config/virtual-service.yaml rename to addons/istio-ingress/config/manifest/virtual-service.yaml diff --git a/addons/istio-ingress/main.tf b/addons/istio-ingress/main.tf index 51a63e5..e9da12f 100644 --- a/addons/istio-ingress/main.tf +++ b/addons/istio-ingress/main.tf @@ -34,18 +34,14 @@ module "istio_ingress" { ] } -resource "null_resource" "istio_ingress_manifest" { +resource "kubectl_manifest" "istio_ingress_manifest" { depends_on = [module.istio_ingress] - provisioner "local-exec" { - command = "kubectl apply -f ${var.istio_manifests.istio_ingress_manifest_file_path} -n ${var.istio_ingress_default_helm_config.namespace}" - } + yaml_body = file("${var.istio_manifests.istio_ingress_manifest_file_path}") } -resource "null_resource" "istio_gateway_manifest" { - depends_on = [null_resource.istio_ingress_manifest] - provisioner "local-exec" { - command = "kubectl apply -f ${var.istio_manifests.istio_gateway_manifest_file_path} -n ${var.istio_ingress_default_helm_config.namespace}" - } +resource "kubectl_manifest" "istio_gateway_manifest" { + depends_on = [kubectl_manifest.istio_ingress_manifest] + yaml_body = file("${var.istio_manifests.istio_gateway_manifest_file_path}") } resource "kubernetes_namespace_v1" "istio_system" { @@ -55,4 +51,3 @@ resource "kubernetes_namespace_v1" "istio_system" { name = local.istio_base.helm_config["namespace"] } } - diff --git a/addons/istio-ingress/variables.tf b/addons/istio-ingress/variables.tf index 50eb2f1..b81900a 100644 --- a/addons/istio-ingress/variables.tf +++ b/addons/istio-ingress/variables.tf @@ -69,4 +69,4 @@ variable "istio_ingress_default_helm_config" { namespace = "istio-system" description = "Istio Ingress helm Chart deployment configuration" } -} +} \ No newline at end of file diff --git a/addons/istio-ingress/versions.tf b/addons/istio-ingress/versions.tf index 55fba73..5f011d1 100644 --- a/addons/istio-ingress/versions.tf +++ b/addons/istio-ingress/versions.tf @@ -6,5 +6,13 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.10" } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } } } diff --git a/main.tf b/main.tf index 0a40cb2..c203a18 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,6 @@ module "metrics_server" { addon_context = local.addon_context } - module "cluster_autoscaler" { count = var.cluster_autoscaler ? 1 : 0 source = "./addons/cluster-autoscaler" diff --git a/versions.tf b/versions.tf index a02a4a7..08b59c6 100644 --- a/versions.tf +++ b/versions.tf @@ -10,5 +10,13 @@ terraform { source = "hashicorp/time" version = ">= 0.8" } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } } } From a9c13d9f0a68fa672b02a96cb871956854e43708 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Tue, 1 Aug 2023 16:25:38 +0530 Subject: [PATCH 2/5] feat: Installation guide for terraform-helm-eks-addon --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 26aece3..da23cca 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ |istio_ingress_helm_config | Flags for helm command | {values = "addons/istio-ingress/config/override-values.yaml"} | No | |kiali_server| Set this to true to install Kiali Dashboard helmchart on eks cluster | False | Yes | |kiali_manifests| Includes VirtualService manifest file path and flag to install prometheus, grafana & jaeger | kiali_manifests {
kiali_virtualservice_file_path = addons/kiali-server/config/kiali_vs.yaml
enable_monitoring = true
}| Yes | -|kiali_server_helm_config | Flags for helm command | {values = "addons/addon-name/config/addon-name.yaml"} | No | +|kiali_server_helm_config | Flags for helm command | {values = "addons/kiali-server/config/kiali_server.yaml"} | No | |k8s_pod_restart_info_collector| Set this to true to install k8s-pod-restart-info-collector helmchart on eks cluster | False | Yes | |info_collector_slack_config | Details of slack channel where to send notification | n/a
an example is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/variables.tf#L117-L126) | Yes | @@ -77,22 +77,22 @@ module "addons" { depends_on = [module.eks.cluster_id] eks_cluster_name = module.eks.cluster_name - metrics_server = false - cluster_autoscaler = false + metrics_server = true + cluster_autoscaler = true aws_load_balancer_controller = true - aws_node_termination_handler = false - aws_efs_csi_driver = false - aws_ebs_csi_driver = false + aws_node_termination_handler = true + aws_efs_csi_driver = true + aws_ebs_csi_driver = true karpenter = false calico_tigera = false - kiali_server = false + kiali_server = true kiali_manifests = var.kiali_manifests istio_ingress = true istio_manifests = var.istio_manifests - k8s_pod_restart_info_collector = false + k8s_pod_restart_info_collector = true info_collector_slack_config = var.info_collector_slack_config } From b3c052a0dd6103375a03ff9cc0e7a0e09cf1cf6b Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 3 Aug 2023 18:48:19 +0530 Subject: [PATCH 3/5] bugfix: Updated Readme.md and bug fixes in kaili, istio addons --- README.md | 52 ++++++------ _examples/basic/config/istio/gateway.yaml | 1 + _examples/basic/locals.tf | 2 +- _examples/basic/main.tf | 9 +-- _examples/basic/variables.tf | 12 --- _examples/complete/config/istio/gateway.yaml | 1 + _examples/complete/config/kiali/kiali_vs.yaml | 1 + .../config/kiali/override-values.yaml | 21 +++++ _examples/complete/locals.tf | 4 +- _examples/complete/main.tf | 66 +++++++--------- _examples/complete/outputs.tf | 9 --- _examples/complete/providers.tf | 26 ++++-- _examples/complete/variables.tf | 67 ---------------- .../config/manifest/gateway.yaml | 1 + .../k8s-pod-restart-info-collector/README.md | 33 -------- .../k8s-pod-restart-info-collector.yaml | 23 ------ addons/k8s-pod-restart-info-collector/data.tf | 4 - .../helm/.helmignore | 23 ------ .../helm/Chart.yaml | 23 ------ .../helm/templates/_helpers.tpl | 79 ------------------- .../helm/templates/deployment.yaml | 70 ---------------- .../helm/templates/rbac.yaml | 38 --------- .../helm/templates/secret.yaml | 11 --- .../helm/values.yaml | 53 ------------- addons/k8s-pod-restart-info-collector/main.tf | 21 ----- .../k8s-pod-restart-info-collector/outputs.tf | 0 .../variables.tf | 12 --- .../versions.tf | 10 --- addons/kiali-server/config/kiali_vs.yaml | 1 + addons/kiali-server/main.tf | 56 +++++++++---- addons/kiali-server/versions.tf | 8 ++ main.tf | 7 -- variables.tf | 14 ---- 33 files changed, 153 insertions(+), 605 deletions(-) create mode 100644 _examples/complete/config/kiali/override-values.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/README.md delete mode 100644 addons/k8s-pod-restart-info-collector/config/k8s-pod-restart-info-collector.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/data.tf delete mode 100644 addons/k8s-pod-restart-info-collector/helm/.helmignore delete mode 100644 addons/k8s-pod-restart-info-collector/helm/Chart.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/helm/templates/_helpers.tpl delete mode 100644 addons/k8s-pod-restart-info-collector/helm/templates/deployment.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/helm/templates/rbac.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/helm/templates/secret.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/helm/values.yaml delete mode 100644 addons/k8s-pod-restart-info-collector/main.tf delete mode 100644 addons/k8s-pod-restart-info-collector/outputs.tf delete mode 100644 addons/k8s-pod-restart-info-collector/variables.tf delete mode 100644 addons/k8s-pod-restart-info-collector/versions.tf diff --git a/README.md b/README.md index da23cca..f93e449 100644 --- a/README.md +++ b/README.md @@ -30,34 +30,32 @@ |helm_release| A terraform resource to deploy helm charts on kubernetes cluster | ## Inputs -- Availabel Flags for helm command are [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/addons/helm/main.tf#L2-L33). + | Name | Description | Default | Required | |------|-------------|---------|:--------:| -|metrics_server| Set this to true to install metrics-server helmchart on eks cluster | False | Yes | -|metrics_server_helm_config | Flags for helm command | {values = "addons/metrics-server/config/metrics_server.yaml"} | No | -|cluster_autoscaler| Set this to true to install cluster-autoscaler helmchart on eks cluster | False | Yes | -|cluster_autoscaler_helm_config | Flags for helm command | {values = "addons/cluster-autoscaler/config/cluster_autoscaler.yaml"} | No | -|aws_load_balancer_controller| Set this to true to install aws-load-balancer-controller helmchart on eks cluster | False | Yes | -|aws_load_balancer_controller_helm_config | Flags for helm command | {values = "addons/aws-load-balancer-controller/config/aws_load_balancer_controller.yaml"} | No | -|aws_node_termination_handler| Set this to true to install aws-node-termination-handler helmchart on eks cluster | False | Yes | -|aws_node_termination_handler_helm_config | Flags for helm command | {values = "addons/aws-node-termination-handler/config/aws_node_termination_handler.yaml"} | No | -|aws_efs_csi_driver| Set this to true to install aws-efs-csi-driver helmchart on eks cluster | False | Yes | -|aws_efs_csi_driver_helm_config | Flags for helm command | {values = "addons/aws-efs-csi-driver/config/aws_efs_csi_driver.yaml"} | No | -|aws_ebs_csi_driver| Set this to true to install aws-ebs-csi-driver helmchart on eks cluster | False | Yes | -|aws_ebs_csi_driver_helm_config | Flags for helm command | {values = "addons/aws-ebs-csi-driver/config/aws_ebs_csi_driver.yaml"} | No | -|karpenter| Set this to true to install karpenter helmchart on eks cluster | False | Yes | -|karpenter_helm_config | Flags for helm command | {values = "addons/karpenter/config/karpenter.yaml"} | No | -|calico_tigera| Set this to true to install Calico helmchart on eks cluster | False | Yes | -|calico_tigera_helm_config | Flags for helm command | {values = "addons/calico-tigera/config/calico-tigera-values.yaml"} | No | -|istio_ingress| Set this to true to install Istio-ingress helmchart on eks cluster | False | Yes | +|metrics_server| To install metrics-server helmchart on eks cluster | False | Yes | +|metrics_server_helm_config | option to provide path to override-values.yaml | {values = "addons/metrics-server/config/metrics_server.yaml"} | No | +|cluster_autoscaler| To install cluster-autoscaler helmchart on eks cluster | False | Yes | +|cluster_autoscaler_helm_config | option to provide path to override-values.yaml | {values = "addons/cluster-autoscaler/config/cluster_autoscaler.yaml"} | No | +|aws_load_balancer_controller| To install aws-load-balancer-controller helmchart on eks cluster | False | Yes | +|aws_load_balancer_controller_helm_config | option to provide path to override-values.yaml | {values = "addons/aws-load-balancer-controller/config/aws_load_balancer_controller.yaml"} | No | +|aws_node_termination_handler| To install aws-node-termination-handler helmchart on eks cluster | False | Yes | +|aws_node_termination_handler_helm_config | option to provide path to override-values.yaml | {values = "addons/aws-node-termination-handler/config/aws_node_termination_handler.yaml"} | No | +|aws_efs_csi_driver| To install aws-efs-csi-driver helmchart on eks cluster | False | Yes | +|aws_efs_csi_driver_helm_config | option to provide path to override-values.yaml | {values = "addons/aws-efs-csi-driver/config/aws_efs_csi_driver.yaml"} | No | +|aws_ebs_csi_driver| To install aws-ebs-csi-driver helmchart on eks cluster | False | Yes | +|aws_ebs_csi_driver_helm_config | option to provide path to override-values.yaml | {values = "addons/aws-ebs-csi-driver/config/aws_ebs_csi_driver.yaml"} | No | +|karpenter| To install karpenter helmchart on eks cluster | False | Yes | +|karpenter_helm_config | option to provide path to override-values.yaml | {values = "addons/karpenter/config/karpenter.yaml"} | No | +|calico_tigera| To install Calico helmchart on eks cluster | False | Yes | +|calico_tigera_helm_config | option to provide path to override-values.yaml | {values = "addons/calico-tigera/config/calico-tigera-values.yaml"} | No | +|istio_ingress| To install Istio-ingress helmchart on eks cluster | False | Yes | |istio_manifests| Kubernetes yaml manifests to create `ingress` and `gateway` with specified `host` | addons/istio-ingress/config/manifest/*.yaml | Yes | -|istio_ingress_helm_config | Flags for helm command | {values = "addons/istio-ingress/config/override-values.yaml"} | No | -|kiali_server| Set this to true to install Kiali Dashboard helmchart on eks cluster | False | Yes | +|istio_ingress_helm_config | option to provide path to override-values.yaml | {values = "addons/istio-ingress/config/override-values.yaml"} | No | +|kiali_server| To install Kiali Dashboard helmchart on eks cluster | False | Yes | |kiali_manifests| Includes VirtualService manifest file path and flag to install prometheus, grafana & jaeger | kiali_manifests {
kiali_virtualservice_file_path = addons/kiali-server/config/kiali_vs.yaml
enable_monitoring = true
}| Yes | -|kiali_server_helm_config | Flags for helm command | {values = "addons/kiali-server/config/kiali_server.yaml"} | No | -|k8s_pod_restart_info_collector| Set this to true to install k8s-pod-restart-info-collector helmchart on eks cluster | False | Yes | -|info_collector_slack_config | Details of slack channel where to send notification | n/a
an example is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/variables.tf#L117-L126) | Yes | +|kiali_server_helm_config | option to provide path to override-values.yaml | {values = "addons/kiali-server/config/kiali_server.yaml"} | No | @@ -66,7 +64,8 @@ No outputs. ## How to Use -- An example of complete usage is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf#L190-L232) and below also. +- A complete documentation to use `Calico` with AWS EKS is present [here](https://docs.aws.amazon.com/eks/latest/userguide/calico.html) +- An example of usage is given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf#L190-L232) and below also. - Use below terraform module in your infrastructure's terraform script. @@ -83,17 +82,12 @@ module "addons" { aws_node_termination_handler = true aws_efs_csi_driver = true aws_ebs_csi_driver = true - karpenter = false - calico_tigera = false kiali_server = true kiali_manifests = var.kiali_manifests istio_ingress = true istio_manifests = var.istio_manifests - - k8s_pod_restart_info_collector = true - info_collector_slack_config = var.info_collector_slack_config } ``` diff --git a/_examples/basic/config/istio/gateway.yaml b/_examples/basic/config/istio/gateway.yaml index 9cb1f02..5e3f962 100644 --- a/_examples/basic/config/istio/gateway.yaml +++ b/_examples/basic/config/istio/gateway.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istio-gateway + namespace: istio-system spec: selector: istio: ingressgateway diff --git a/_examples/basic/locals.tf b/_examples/basic/locals.tf index b2a8f8c..3026326 100644 --- a/_examples/basic/locals.tf +++ b/_examples/basic/locals.tf @@ -9,7 +9,7 @@ locals { tags = { Example = local.name - GithubRepo = "terraform-aws-vpc" + GithubRepo = "terraform-helm-eks-addons" GithubOrg = "clouddrove" } cluster_version = "1.26" diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf index f904ea5..a3cc67a 100644 --- a/_examples/basic/main.tf +++ b/_examples/basic/main.tf @@ -191,7 +191,7 @@ module "addons" { source = "../../" #version = "0.0.1" - depends_on = [module.eks.cluster_id] + depends_on = [module.eks.cluster_name] eks_cluster_name = module.eks.cluster_name metrics_server = true @@ -200,15 +200,12 @@ module "addons" { aws_node_termination_handler = true aws_efs_csi_driver = true aws_ebs_csi_driver = true - karpenter = true - calico_tigera = true + karpenter = false + calico_tigera = false kiali_server = true kiali_manifests = var.kiali_manifests istio_ingress = true istio_manifests = var.istio_manifests - - k8s_pod_restart_info_collector = true - info_collector_slack_config = var.info_collector_slack_config } diff --git a/_examples/basic/variables.tf b/_examples/basic/variables.tf index fcdf454..22facec 100644 --- a/_examples/basic/variables.tf +++ b/_examples/basic/variables.tf @@ -49,15 +49,3 @@ variable "kiali_manifests" { enable_monitoring = true } } - -#---------K8S POD RESTART INFO COLLECTOR ---------- -variable "info_collector_slack_config" { - type = object({ - slack_webhook_url = string - slack_channel = string - }) - default = { - slack_webhook_url = "https://hooks.slack.com/services/XXXXXXXX/XXXXXXXX/xxxxx11111xxxx22222" - slack_channel = "alert" - } -} \ No newline at end of file diff --git a/_examples/complete/config/istio/gateway.yaml b/_examples/complete/config/istio/gateway.yaml index 9cb1f02..5e3f962 100644 --- a/_examples/complete/config/istio/gateway.yaml +++ b/_examples/complete/config/istio/gateway.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istio-gateway + namespace: istio-system spec: selector: istio: ingressgateway diff --git a/_examples/complete/config/kiali/kiali_vs.yaml b/_examples/complete/config/kiali/kiali_vs.yaml index 4482b16..3b8fae3 100644 --- a/_examples/complete/config/kiali/kiali_vs.yaml +++ b/_examples/complete/config/kiali/kiali_vs.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: kiali + namespace: istio-system spec: hosts: - dash.test.clouddrove.com diff --git a/_examples/complete/config/kiali/override-values.yaml b/_examples/complete/config/kiali/override-values.yaml new file mode 100644 index 0000000..86eeb7e --- /dev/null +++ b/_examples/complete/config/kiali/override-values.yaml @@ -0,0 +1,21 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +deployment: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests + + resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi diff --git a/_examples/complete/locals.tf b/_examples/complete/locals.tf index b2a8f8c..0e5651a 100644 --- a/_examples/complete/locals.tf +++ b/_examples/complete/locals.tf @@ -1,7 +1,7 @@ locals { - name = "tf-helm-addons" + name = "tf-helm-2" region = "us-east-1" vpc_cidr = "10.0.0.0/16" @@ -9,7 +9,7 @@ locals { tags = { Example = local.name - GithubRepo = "terraform-aws-vpc" + GithubRepo = "terraform-helm-eks-addons" GithubOrg = "clouddrove" } cluster_version = "1.26" diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index 14540e4..ccba7dd 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -92,8 +92,8 @@ module "eks" { policy_arn = aws_iam_policy.node_additional.arn } tags = { - "kubernetes.io/cluster/${module.eks.cluster_name}" = "shared" - "karpenter.sh/discovery" = "${module.eks.cluster_name}" + "kubernetes.io/cluster/${module.eks.cluster_name}" = "shared" + "karpenter.sh/discovery/${module.eks.cluster_name}" = "${module.eks.cluster_name}" } } @@ -194,40 +194,32 @@ module "addons" { depends_on = [module.eks.cluster_name] eks_cluster_name = module.eks.cluster_name - metrics_server = true - metrics_server_helm_config = var.metrics_server_helm_config - - cluster_autoscaler = true - cluster_autoscaler_helm_config = var.cluster_autoscaler_helm_config - - aws_load_balancer_controller = true - aws_load_balancer_controller_helm_config = var.aws_load_balancer_controller_helm_config - - aws_node_termination_handler = true - aws_node_termination_handler_helm_config = var.aws_node_termination_handler_helm_config - - aws_efs_csi_driver = true - aws_efs_csi_driver_helm_config = var.aws_efs_csi_driver_helm_config - - aws_ebs_csi_driver = true - aws_ebs_csi_driver_helm_config = var.aws_ebs_csi_driver_helm_config - - karpenter = true - karpenter_helm_config = var.karpenter_helm_config - - calico_tigera = true - calico_tigera_helm_config = var.calico_tigera_helm_config - - istio_ingress = true - istio_manifests = var.istio_manifests - istio_ingress_helm_config = var.istio_ingress_helm_config - - kiali_server = true - kiali_manifests = var.kiali_manifests - kiali_server_helm_config = var.kiali_server_helm_config - - k8s_pod_restart_info_collector = true - info_collector_slack_config = var.info_collector_slack_config - + # -- Enable Addons + metrics_server = true + cluster_autoscaler = false + karpenter = false + aws_load_balancer_controller = true + aws_node_termination_handler = true + aws_efs_csi_driver = true + aws_ebs_csi_driver = true + calico_tigera = false + + # -- Addons with mandatory variable + istio_ingress = false + istio_manifests = var.istio_manifests + kiali_server = false + kiali_manifests = var.kiali_manifests + + # -- Path of override-values.yaml file + metrics_server_helm_config = { values = ["${file("./config/override-metrics-server.yaml")}"] } + cluster_autoscaler_helm_config = { values = ["${file("./config/override-cluster-autoscaler.yaml")}"] } + karpenter_helm_config = { values = ["${file("./config/override-karpenter.yaml")}"] } + aws_load_balancer_controller_helm_config = { values = ["${file("./config/override-aws-load-balancer-controller.yaml")}"] } + aws_node_termination_handler_helm_config = { values = ["${file("./config/override-aws-node-termination-handler.yaml")}"] } + aws_efs_csi_driver_helm_config = { values = ["${file("./config/override-aws-efs-csi-driver.yaml")}"] } + aws_ebs_csi_driver_helm_config = { values = ["${file("./config/override-aws-ebs-csi-driver.yaml")}"] } + calico_tigera_helm_config = { values = ["${file("./config/calico-tigera-values.yaml")}"] } + istio_ingress_helm_config = { values = ["${file("./config/istio/override-values.yaml")}"] } + kiali_server_helm_config = { values = ["${file("./config/kiali/override-values.yaml")}"] } } diff --git a/_examples/complete/outputs.tf b/_examples/complete/outputs.tf index e70e5f8..7ebf362 100644 --- a/_examples/complete/outputs.tf +++ b/_examples/complete/outputs.tf @@ -1,12 +1,3 @@ # ------------------------------------------------------------------------------ # Outputs # ------------------------------------------------------------------------------ -output "module_path" { - value = path.module -} -output "cwd" { - value = path.cwd -} -output "KUBE_CONFIG_PATH" { - value = "~/.kube/config" -} diff --git a/_examples/complete/providers.tf b/_examples/complete/providers.tf index 44345b3..fc45e62 100644 --- a/_examples/complete/providers.tf +++ b/_examples/complete/providers.tf @@ -5,11 +5,23 @@ provider "aws" { provider "kubernetes" { host = module.eks.cluster_endpoint cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - config_context = module.eks.cluster_arn - config_path = "${path.cwd}/config/kubeconfig" - exec { - api_version = "client.authentication.k8s.io/v1beta1" - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - command = "aws" + token = join("", data.aws_eks_cluster_auth.eks_cluster.*.token) +} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + token = join("", data.aws_eks_cluster_auth.eks_cluster.*.token) } -} \ No newline at end of file +} + +provider "kubectl" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + token = join("", data.aws_eks_cluster_auth.eks_cluster.*.token) +} + +data "aws_eks_cluster_auth" "eks_cluster" { + name = data.aws_eks_cluster.eks_cluster.id +} diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf index c6b87e3..0d92ecf 100644 --- a/_examples/complete/variables.tf +++ b/_examples/complete/variables.tf @@ -28,55 +28,7 @@ variable "token" { default = "test-addon-efs" } -# ------------------ METRICS SERVER -------------------------- -variable "metrics_server_helm_config" { - type = any - default = null -} - -# ------------------ CLUSTER AUTOSCALER -------------------------- -variable "cluster_autoscaler_helm_config" { - type = any - default = null -} - -# ------------------ AWS LOAD BALANCER CONTROLLER ---------- -variable "aws_load_balancer_controller_helm_config" { - type = any - default = null -} - -# ------------------ AWS NODE TERMINATION HANDLER ---------- -variable "aws_node_termination_handler_helm_config" { - type = any - default = null -} - -# ------------------ AWS EFS CSI DRIVER -------------------- -variable "aws_efs_csi_driver_helm_config" { - type = any - default = null -} - -# ------------------ AWS EBS CSI DRIVER ------------------ -variable "aws_ebs_csi_driver_helm_config" { - type = any - default = null -} - -# ------------------ KARPENTER --------------------------- -variable "karpenter_helm_config" { - type = any - default = null -} - - # ------------------ ISTIO INGRESS ----------------------- -variable "istio_ingress_helm_config" { - type = any - default = null -} - variable "istio_manifests" { type = object({ istio_ingress_manifest_file_path = string @@ -104,23 +56,4 @@ variable "kiali_manifests" { kiali_virtualservice_file_path = "./config/kiali/kiali_vs.yaml" enable_monitoring = true } -} - -# ------------------ CALICO ----------------------- -variable "calico_tigera_helm_config" { - description = "Calico Helm Chart config" - type = any - default = null -} - -#---------K8S POD RESTART INFO COLLECTOR ---------- -variable "info_collector_slack_config" { - type = object({ - slack_webhook_url = string - slack_channel = string - }) - default = { - slack_webhook_url = "https://hooks.slack.com/services/XXXXXXXX/XXXXXXXX/xxxxx11111xxxx22222" - slack_channel = "alert" - } } \ No newline at end of file diff --git a/addons/istio-ingress/config/manifest/gateway.yaml b/addons/istio-ingress/config/manifest/gateway.yaml index 9cb1f02..5e3f962 100644 --- a/addons/istio-ingress/config/manifest/gateway.yaml +++ b/addons/istio-ingress/config/manifest/gateway.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istio-gateway + namespace: istio-system spec: selector: istio: ingressgateway diff --git a/addons/k8s-pod-restart-info-collector/README.md b/addons/k8s-pod-restart-info-collector/README.md deleted file mode 100644 index 85fa085..0000000 --- a/addons/k8s-pod-restart-info-collector/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# K8s Pod Restart Info Collector Helm Chart - - -k8s-pod-restart-info-collector is a simple K8s customer controller that watches for Pods changes and collects K8s Pod restart reasons, logs, and events to Slack channel when a Pod restarts. - -## Installation -Below terraform script shows how to use K8s Pod Restart Info Collector Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash -module "addons" { - source = "../../" - depends_on = [null_resource.kubectl] - eks_cluster_name = module.eks.cluster_name - - k8s_pod_restart_info_collector = true - info_collector_slack_config = { - slack_webhook_url = var.info_collector_slack_config.slack_webhook_url - slack_channel = var.info_collector_slack_config.slack_channel - } -} -``` - - -## Inputs - -| Name | Description | Default | Required | -|------|-------------|---------|:--------:| -| eks_cluster_name | Name of Kubernetes Cluster in which you want to install k8s_pod_restart_info_collector | | Yes | -| k8s_pod_restart_info_collector | Set this to **true** to install k8s_pod_restart_info_collector helmchart. | false | Yes | -| slack_webhook_url | Provide your slack channel webhook URL to receive notifications on slack | | Yes -| slack_channel | Provide your slack chanel name in which you want to receive slack notifications | | Yes - - - diff --git a/addons/k8s-pod-restart-info-collector/config/k8s-pod-restart-info-collector.yaml b/addons/k8s-pod-restart-info-collector/config/k8s-pod-restart-info-collector.yaml deleted file mode 100644 index 0a124c6..0000000 --- a/addons/k8s-pod-restart-info-collector/config/k8s-pod-restart-info-collector.yaml +++ /dev/null @@ -1,23 +0,0 @@ -## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "eks.amazonaws.com/nodegroup" - operator: In - values: - - "critical" - -## Using limits and requests -resources: - limits: - cpu: 300m - memory: 250Mi - requests: - cpu: 50m - memory: 150Mi - -podAnnotations: - co.elastic.logs/enabled: "true" diff --git a/addons/k8s-pod-restart-info-collector/data.tf b/addons/k8s-pod-restart-info-collector/data.tf deleted file mode 100644 index cc70f18..0000000 --- a/addons/k8s-pod-restart-info-collector/data.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "aws_eks_cluster" "eks_cluster" { - # this makes downstream resources wait for data plane to be ready - name = var.eks_cluster_name -} \ No newline at end of file diff --git a/addons/k8s-pod-restart-info-collector/helm/.helmignore b/addons/k8s-pod-restart-info-collector/helm/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/k8s-pod-restart-info-collector/helm/Chart.yaml b/addons/k8s-pod-restart-info-collector/helm/Chart.yaml deleted file mode 100644 index ba76454..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: k8s-pod-restart-info-collector -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 diff --git a/addons/k8s-pod-restart-info-collector/helm/templates/_helpers.tpl b/addons/k8s-pod-restart-info-collector/helm/templates/_helpers.tpl deleted file mode 100644 index 5431df3..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-pod-restart-info-collector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "k8s-pod-restart-info-collector.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "k8s-pod-restart-info-collector.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "k8s-pod-restart-info-collector.labels" -}} -helm.sh/chart: {{ include "k8s-pod-restart-info-collector.chart" . }} -{{ include "k8s-pod-restart-info-collector.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "k8s-pod-restart-info-collector.selectorLabels" -}} -app.kubernetes.io/name: {{ include "k8s-pod-restart-info-collector.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "k8s-pod-restart-info-collector.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "k8s-pod-restart-info-collector.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Use existing secret or create one based on slackWebhookUrl -*/}} -{{- define "k8s-pod-restart-info-collector.SlackWebhookUrlSecret" -}} -{{- if not .Values.slackWebhookUrlSecretKeyRef }} - secretKeyRef: - key: slackWebhookUrl - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} -{{- else }} - secretKeyRef: - key: {{ .Values.slackWebhookUrlSecretKeyRef.key }} - name: {{ .Values.slackWebhookUrlSecretKeyRef.name }} - optional: false -{{- end }} -{{- end }} diff --git a/addons/k8s-pod-restart-info-collector/helm/templates/deployment.yaml b/addons/k8s-pod-restart-info-collector/helm/templates/deployment.yaml deleted file mode 100644 index 6c179c9..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/templates/deployment.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - labels: - {{- include "k8s-pod-restart-info-collector.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "k8s-pod-restart-info-collector.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "k8s-pod-restart-info-collector.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "k8s-pod-restart-info-collector.fullname" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: collector - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/k8s-pod-restart-info-collector"] - env: - - name: CLUSTER_NAME - value: {{ required "service name is required" .Values.clusterName | quote}} - - name: SLACK_CHANNEL - value: {{ .Values.slackChannel | quote}} - - name: SLACK_USERNAME - value: {{ .Values.slackUsername | quote}} - - name: MUTE_SECONDS - value: {{ .Values.muteSeconds | quote}} - - name: IGNORE_RESTART_COUNT - value: {{ .Values.ignoreRestartCount | quote}} - - name: IGNORED_NAMESPACES - value: {{ .Values.ignoredNamespaces | quote}} - - name: WATCHED_NAMESPACES - value: {{ .Values.watchedNamespaces | quote}} - - name: WATCHED_POD_NAME_PREFIXES - value: {{ .Values.watchedPodNamePrefixes | quote}} - - name: IGNORED_POD_NAME_PREFIXES - value: {{ .Values.ignoredPodNamePrefixes | quote}} - - name: IGNORE_RESTARTS_WITH_EXIT_CODE_ZERO - value: {{ .Values.ignoreRestartsWithExitCodeZero | quote}} - - name: SLACK_WEBHOOK_URL - valueFrom: - {{- include "k8s-pod-restart-info-collector.SlackWebhookUrlSecret" . | indent 14 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/addons/k8s-pod-restart-info-collector/helm/templates/rbac.yaml b/addons/k8s-pod-restart-info-collector/helm/templates/rbac.yaml deleted file mode 100644 index f1fc7fe..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/templates/rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - labels: - {{- include "k8s-pod-restart-info-collector.labels" . | nindent 4 }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - labels: - {{- include "k8s-pod-restart-info-collector.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["nodes", "pods", "pods/log", "events"] - verbs: ["get", "list", "watch"] -# for GKE PodSecurityPolicy -# - apiGroups: ["extensions"] -# resourceNames: ["gce.unprivileged-addon"] -# resources: ["podsecuritypolicies"] -# verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - labels: - {{- include "k8s-pod-restart-info-collector.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - namespace: {{ .Release.Namespace | quote }} \ No newline at end of file diff --git a/addons/k8s-pod-restart-info-collector/helm/templates/secret.yaml b/addons/k8s-pod-restart-info-collector/helm/templates/secret.yaml deleted file mode 100644 index 8def6c9..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if not .Values.slackWebhookUrlSecretKeyRef -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "k8s-pod-restart-info-collector.fullname" . }} - labels: - {{- include "k8s-pod-restart-info-collector.labels" . | nindent 4 }} -type: Opaque -data: - slackWebhookUrl: {{ required "slackWebhookUrl is required" .Values.slackWebhookUrl | b64enc | quote }} -{{- end -}} diff --git a/addons/k8s-pod-restart-info-collector/helm/values.yaml b/addons/k8s-pod-restart-info-collector/helm/values.yaml deleted file mode 100644 index d1caa6c..0000000 --- a/addons/k8s-pod-restart-info-collector/helm/values.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Default values for k8s-pod-restart-info-collector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - - -# clusterName: "Change-Me" -# slackWebhookUrl: "https://hooks.slack.com/services/Change-Me" -#slackWebhookUrlSecretKeyRef: -# key: "slackWebhookUrl" -# name: "k8s-pod-restart-info-collector" -slackChannel: "restart-info-nonprod" -slackUsername: "k8s-pod-restart-info-collector" -muteSeconds: 600 -ignoreRestartCount: 30 - -# A comma-separated list of namespaces to ignore -ignoredNamespaces: "" -# A comma-separated list of pod name prefixes to ignore -ignoredPodNamePrefixes: "" - -# A comma-separated list of namespaces to watch, default is all ("") -watchedNamespaces: "" -# A comma-separated list of pod name prefixes to watch, default is all (""). -watchedPodNamePrefixes: "" - -# Whether restart events with an exit code of 0 should be ignored, true or false -ignoreRestartsWithExitCodeZero: false - -image: - repository: devopsairwallex/k8s-pod-restart-info-collector - tag: "v1.4.0" - -resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 20m - memory: 50Mi - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -podAnnotations: {} - -podSecurityContext: {} - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/addons/k8s-pod-restart-info-collector/main.tf b/addons/k8s-pod-restart-info-collector/main.tf deleted file mode 100644 index 135452c..0000000 --- a/addons/k8s-pod-restart-info-collector/main.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "null_resource" "helm_upgrade" { - provisioner "local-exec" { - command = <<-EOT - helm upgrade --install -n kube-system k8s-pod-restart-info-collector ../../addons/k8s-pod-restart-info-collector/helm --set slackWebhookUrl="${var.slack_config.slack_webhook_url}" --set clusterName="${var.eks_cluster_name}" --set slackChannel="${var.slack_config.slack_channel}" - EOT - interpreter = ["bash", "-c"] - } -} - -resource "null_resource" "helm_release" { - count = 1 - - provisioner "local-exec" { - when = destroy - command = <<-EOT - if helm status k8s-pod-restart-info-collector -n kube-system > /dev/null 2>&1; then - helm uninstall k8s-pod-restart-info-collector -n kube-system - fi - EOT - } -} diff --git a/addons/k8s-pod-restart-info-collector/outputs.tf b/addons/k8s-pod-restart-info-collector/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/addons/k8s-pod-restart-info-collector/variables.tf b/addons/k8s-pod-restart-info-collector/variables.tf deleted file mode 100644 index 9bd3211..0000000 --- a/addons/k8s-pod-restart-info-collector/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ - -variable "eks_cluster_name" { - type = string - default = "" -} - -variable "slack_config" { - type = object({ - slack_webhook_url = string - slack_channel = string - }) -} \ No newline at end of file diff --git a/addons/k8s-pod-restart-info-collector/versions.tf b/addons/k8s-pod-restart-info-collector/versions.tf deleted file mode 100644 index 55fba73..0000000 --- a/addons/k8s-pod-restart-info-collector/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0.0" - - required_providers { - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.10" - } - } -} diff --git a/addons/kiali-server/config/kiali_vs.yaml b/addons/kiali-server/config/kiali_vs.yaml index 4482b16..3b8fae3 100644 --- a/addons/kiali-server/config/kiali_vs.yaml +++ b/addons/kiali-server/config/kiali_vs.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: kiali + namespace: istio-system spec: hosts: - dash.test.clouddrove.com diff --git a/addons/kiali-server/main.tf b/addons/kiali-server/main.tf index df73c17..b4e3ec1 100644 --- a/addons/kiali-server/main.tf +++ b/addons/kiali-server/main.tf @@ -7,24 +7,52 @@ module "helm_addon" { } -resource "null_resource" "kiali_token" { +# resource "null_resource" "kiali_token" { +# depends_on = [module.helm_addon] +# provisioner "local-exec" { +# command = "kubectl apply -f ../../addons/${local.name}/config/kiali_secret.yaml -n ${local.default_helm_config.namespace}" +# } +# } + +# resource "null_resource" "kiali_virtualservice" { +# depends_on = [module.helm_addon] +# provisioner "local-exec" { +# command = "kubectl apply -f ${var.kiali_manifests.kiali_virtualservice_file_path} -n ${local.default_helm_config.namespace}" +# } +# } + +# resource "null_resource" "enable_monitoring" { +# count = var.kiali_manifests.enable_monitoring ? 1 : 0 +# depends_on = [null_resource.kiali_virtualservice] +# provisioner "local-exec" { +# command = "kubectl apply -f ../../addons/${local.name}/config/monitoring/grafana.yaml -f ../../addons/${local.name}/config/monitoring/jaeger.yaml -f ../../addons/${local.name}/config/monitoring/prometheus.yaml -n ${local.default_helm_config.namespace}" +# } +# } +############################################################## +resource "kubectl_manifest" "kiali_token" { depends_on = [module.helm_addon] - provisioner "local-exec" { - command = "kubectl apply -f ../../addons/${local.name}/config/kiali_secret.yaml -n ${local.default_helm_config.namespace}" - } + yaml_body = file("../../addons/${local.name}/config/kiali_secret.yaml") } -resource "null_resource" "kiali_virtualservice" { +resource "kubectl_manifest" "kiali_virtualservice" { depends_on = [module.helm_addon] - provisioner "local-exec" { - command = "kubectl apply -f ${var.kiali_manifests.kiali_virtualservice_file_path} -n ${local.default_helm_config.namespace}" - } + yaml_body = file("${var.kiali_manifests.kiali_virtualservice_file_path}") +} + +resource "kubectl_manifest" "prometheus" { + count = var.kiali_manifests.enable_monitoring ? 1 : 0 + depends_on = [kubectl_manifest.kiali_virtualservice] + yaml_body = file("../../addons/${local.name}/config/monitoring/prometheus.yaml") } -resource "null_resource" "enable_monitoring" { +resource "kubectl_manifest" "grafana" { count = var.kiali_manifests.enable_monitoring ? 1 : 0 - depends_on = [null_resource.kiali_virtualservice] - provisioner "local-exec" { - command = "kubectl apply -f ../../addons/${local.name}/config/monitoring/grafana.yaml -f ../../addons/${local.name}/config/monitoring/jaeger.yaml -f ../../addons/${local.name}/config/monitoring/prometheus.yaml -n ${local.default_helm_config.namespace}" - } -} \ No newline at end of file + depends_on = [kubectl_manifest.kiali_virtualservice] + yaml_body = file("../../addons/${local.name}/config/monitoring/grafana.yaml") +} + +resource "kubectl_manifest" "jaeger" { + count = var.kiali_manifests.enable_monitoring ? 1 : 0 + depends_on = [kubectl_manifest.kiali_virtualservice] + yaml_body = file("../../addons/${local.name}/config/monitoring/jaeger.yaml") +} diff --git a/addons/kiali-server/versions.tf b/addons/kiali-server/versions.tf index 55fba73..5f011d1 100644 --- a/addons/kiali-server/versions.tf +++ b/addons/kiali-server/versions.tf @@ -6,5 +6,13 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.10" } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } } } diff --git a/main.tf b/main.tf index c203a18..049fee9 100644 --- a/main.tf +++ b/main.tf @@ -92,11 +92,4 @@ module "calico_tigera" { manage_via_gitops = var.manage_via_gitops addon_context = local.addon_context eks_cluster_name = data.aws_eks_cluster.eks_cluster.name -} - -module "k8s_pod_restart_info_collector" { - count = var.k8s_pod_restart_info_collector ? 1 : 0 - source = "./addons/k8s-pod-restart-info-collector" - eks_cluster_name = data.aws_eks_cluster.eks_cluster.name - slack_config = var.info_collector_slack_config } \ No newline at end of file diff --git a/variables.tf b/variables.tf index f09c137..723e686 100644 --- a/variables.tf +++ b/variables.tf @@ -142,20 +142,6 @@ variable "calico_tigera_helm_config" { default = null } -#---------K8S POD RESTART INFO COLLECTOR ---------- -variable "k8s_pod_restart_info_collector" { - description = "Enable k8s-pod-restart-info-collector add-on" - type = bool - default = false -} - -variable "info_collector_slack_config" { - type = object({ - slack_webhook_url = string - slack_channel = string - }) -} - #-----------COMMON VARIABLES ----------------------- variable "tags" { type = any From 7d807a0a5d6f70f709cf601c9e13c3214451f562 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 3 Aug 2023 19:28:58 +0530 Subject: [PATCH 4/5] bugfix: Updated Readme.md and bug fixes in kaili, istio addons --- _examples/complete/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index ccba7dd..a32b00e 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -205,10 +205,10 @@ module "addons" { calico_tigera = false # -- Addons with mandatory variable - istio_ingress = false - istio_manifests = var.istio_manifests - kiali_server = false - kiali_manifests = var.kiali_manifests + istio_ingress = false + istio_manifests = var.istio_manifests + kiali_server = false + kiali_manifests = var.kiali_manifests # -- Path of override-values.yaml file metrics_server_helm_config = { values = ["${file("./config/override-metrics-server.yaml")}"] } From 5b1edec653784e053a0bf6545ea8cfcac42868fa Mon Sep 17 00:00:00 2001 From: Anmol Nagpal <4303310+anmolnagpal@users.noreply.github.com> Date: Thu, 3 Aug 2023 16:06:54 +0200 Subject: [PATCH 5/5] Update main.tf --- _examples/basic/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/_examples/basic/main.tf b/_examples/basic/main.tf index adcf586..f353a4f 100644 --- a/_examples/basic/main.tf +++ b/_examples/basic/main.tf @@ -189,7 +189,6 @@ data "aws_ami" "eks_default_arm" { module "addons" { source = "../../" - #version = "0.0.1" depends_on = [module.eks.cluster_name] eks_cluster_name = module.eks.cluster_name @@ -208,4 +207,4 @@ module "addons" { istio_ingress = true istio_manifests = var.istio_manifests -} \ No newline at end of file +}