Feat/addon calico tigera

README.md

@@ -1,4 +1,4 @@
-# terraform-helm-eks-addos
+# terraform-helm-eks-addons
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

_examples/basic/config/calico-tigera-values.yaml

@@ -0,0 +1,11 @@
+installation:
+  kubernetesProvider: "EKS"
+
+## Using limits and requests
+resources:
+  limits:
+    cpu: 300m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi

_examples/basic/config/override-calico-tigera.yaml

@@ -0,0 +1,2 @@
+installation:
+  kubernetesProvider: "EKS"

_examples/basic/main.tf

@@ -253,6 +253,7 @@ module "addons" {
   aws_efs_csi_driver           = true
   aws_ebs_csi_driver           = true
   karpenter                    = true
+  calico_tigera                = true
 
   kiali_server    = true
   kiali_manifests = var.kiali_manifests

_examples/complete/config/calico-tigera-values.yaml

@@ -0,0 +1,11 @@
+installation:
+  kubernetesProvider: "EKS"
+
+## Using limits and requests
+resources:
+  limits:
+    cpu: 300m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi

_examples/complete/main.tf

@@ -267,6 +267,9 @@ module "addons" {
   karpenter             = true
   karpenter_helm_config = var.karpenter_helm_config
 
+  calico_tigera             = true
+  calico_tigera_helm_config = var.calico_tigera_helm_config
+
   istio_ingress             = true
   istio_manifests           = var.istio_manifests
   istio_ingress_helm_config = var.istio_ingress_helm_config

_examples/complete/variables.tf

@@ -88,7 +88,6 @@ variable "istio_manifests" {
   }
 }
 
-
 #-----------KAILI DASHBOARD-----------------------
 variable "kiali_server_helm_config" {
   description = "Kiali Server Helm Chart config"
@@ -106,3 +105,10 @@ variable "kiali_manifests" {
     enable_monitoring              = true
   }
 }
+
+# ------------------ CALICO -----------------------
+variable "calico_tigera_helm_config" {
+  description = "Calico Helm Chart config"
+  type        = any
+  default     = null
+}

addons/aws-ebs-csi-driver/main.tf

@@ -20,7 +20,7 @@ module "helm_addon" {
   # -- IRSA Configurations
   irsa_config = {
     irsa_iam_policies                 = ["${aws_iam_policy.policy.arn}"]
-    irsa_iam_role_name                = "${local.name}-IAM-Role"
+    irsa_iam_role_name                = "${local.name}-${var.eks_cluster_name}-IAM-Role"
     create_kubernetes_service_account = true
     kubernetes_service_account        = "${local.name}-sa"
     kubernetes_namespace              = local.default_helm_config.namespace
@@ -31,9 +31,9 @@ module "helm_addon" {
 }
 
 resource "aws_iam_policy" "policy" {
-  name        = "${local.name}-IAM-Policy"
+  name        = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
   path        = "/"
-  description = "IAM Policy used by ${local.name} IAM Role"
+  description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role"
   policy      = file("../../addons/${local.name}/policy.json")
 }
 

addons/aws-efs-csi-driver/main.tf

@@ -24,7 +24,7 @@ module "helm_addon" {
   # -- IRSA Configurations
   irsa_config = {
     irsa_iam_policies                 = ["${aws_iam_policy.policy.arn}"]
-    irsa_iam_role_name                = "${local.name}-IAM-Role"
+    irsa_iam_role_name                = "${local.name}-${var.eks_cluster_name}-IAM-Role"
     create_kubernetes_service_account = true
     kubernetes_service_account        = "${local.name}-sa"
     kubernetes_namespace              = local.default_helm_config.namespace
@@ -35,9 +35,9 @@ module "helm_addon" {
 }
 
 resource "aws_iam_policy" "policy" {
-  name        = "${local.name}-IAM-Policy"
+  name        = "${local.name}-${var.eks_cluster_name}-IAM-Policy"
   path        = "/"
-  description = "IAM Policy used by ${local.name} IAM Role"
+  description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role"
   policy      = file("../../addons/${local.name}/policy.json")
 }
 

addons/calico-tigera/README.md

@@ -0,0 +1,37 @@
+# Calico Helm Chart
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+If you’re running a Kubernetes Cluster in an AWS Cloud using Amazon EKS, the default Container Network Interface (CNI) plugin for Kubernetes is  [amazon-vpc-cni-k8s](https://github.com/aws/amazon-vpc-cni-k8s). By using this CNI plugin your Kubernetes pods will have the same IP address inside the pod as they do on the VPC network. The problem with this CNI is the large number of VPC IP addresses required to run and manage huge clusters. This is the reason why other CNI plugins such as Calico is an option.
+
+
+Calico is a free to use and open source networking and network security plugin that supports a broad range of platforms including Docker EE, OpenShift, Kubernetes, OpenStack, and bare metal services. Calico offers true cloud-native scalability and delivers blazing fast performance. With Calico you have the options to use either Linux eBPF or the Linux kernel’s highly optimized standard networking pipeline to deliver high performance networking.
+
+For multi-tenant Kubernetes environments where isolation of tenants from each other is key, Calico network policy enforcement can be used to implement network segmentation and tenant isolation. You can easily create network ingress and egress rules to ensure proper network controls are applied to services.
+
+## Installation
+- Below terraform script shows how to use Calico Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
+- Calico is an CNI addon, so this must be installed before EKS default CNI (aws-node). 
+- If you see `aws-node` pods after cluster creation `kubectl get pods -n kube-system` then you can just delete them by running `kubectl delete ds aws-node -n kube-system`
+
+```bash
+module "addons" {
+  source = "../../"
+  depends_on       = [null_resource.kubectl]
+  eks_cluster_name = module.eks.cluster_name
+
+  calico_tigera = true
+}
+```
+
+
+## Inputs
+
+| Name | Description | Default | Required |
+|------|-------------|---------|:--------:|
+| eks_cluster_name | Name of Kubernetes Cluster in which you want to install Calico |  | Yes |
+| calico_tigera | Set this to **true** to install Calico helmchart. | false | Yes |
+| calico_tigera_helm_config | Override [attributes](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/addons/helm/main.tf#L1-L33) of helm_release terraform resource. | null <br /> `name`, `chart`, `repository`, `version`, `namespace`,`description` are can not be override | No |
+
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->