Release 3.0.0 (#44)

* Addons restructure and Version Updates for 1.30 cluster (#34)

* update directory structure for alb,Node -termination-manager.cert-manager ,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret, reloader,metric-server

* version updste in alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* udate default addons and example calling module

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* add akansha singh changes manually

* structure update in cert-manager and corednshpa

* structure update in cert-manager and corednshpa

* Changes of modules and version update

* Changes of modules and version update

* update structre

* kubernetes dashboard terraform addon module

* update cert-manager config

* solve kuberetes-dashboard ingress error

* Modifying addons module and version update of phase1

* update aws-ebs-csi-driver module

* update reloader configuration

* Updated the module names and corrected local.tf file.

* corrected module names which restructuring

* albhactically arrange modules

* Integrated ingress and private ingress in one module

* ingress-nginx logic implemented for private nlb

* comment update

* add karpenter-provisioner configuration for multiple labels

* change order of module names according to alphabatically

* Testing for public and private ingress has been done

* add keda configuration

* corrected pre-commit errors and warnings

* fixed the vpc-cni and ebs-csi-driver versions and resource limits

* Updated readme.md file

* standardized modules and variables

* resource limit update keda, cluster-autoscaler, cert-manager

* readme.md modified by pre-commit

* support for EKS version >=1.28

---------

Co-authored-by: Divyanshu jain <divyanshu.jain@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Added KMS key encryption for Karpenter, Version Update for Keda and m… (#35)

* Added KMS key encryption for Karpenter, Version Update for Keda and metric-server-vpa along with improving the limit and request of resources

* Added comments in main.tf for better understanding

* Added comments in main.tf for better understanding

* Kubernetes-dashboard improved version

---------

Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Release 3.0.0 Fixes (#36)

* Updated some changes

* ebs-csi-driver policy addition and version update

* efs-csi-driver fixed

* Kubernetes-dashboard module depends_on added

* cluster autoscaler fixes for 1.30 EKS cluster

* Cert-Manager Fixes

* Karpenter and Velero changes

* added condition for internal ingress

* EFS Driver policy updates

* Fixed the indentation and comments in velero

---------

Co-authored-by: Ankush.upadhyay <ankush.upadhyay@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Policy update in efs-csi-driver (#39)

Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* FIxed coredns HPA bug (#38)

* Release 3.0.0 (#40)

* Updated example calling module and readme files

* Updated example's main.tf file

* add nginx-ingress outputs

---------

Co-authored-by: AkankshaSquareops <akanksha.singh@squareops.com>
Co-authored-by: Divyanshu jain <divyanshu.jain@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>
Co-authored-by: Ankush.upadhyay <ankush.upadhyay@squareops.com>
Co-authored-by: vinayakops <vinayak.gautam@revnue.com>

modules/kubernetes-addons/data.tf → data.tf

@@ -1,13 +1,12 @@
 data "aws_partition" "current" {}
 data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
 
 resource "time_sleep" "dataplane" {
   create_duration = "10s"
 
   triggers = {
     data_plane_wait_arn = var.data_plane_wait_arn # this waits for the data plane to be ready
-    eks_cluster_id      = var.eks_cluster_id      # this ties it to downstream resources
+    eks_cluster_id      = var.eks_cluster_name    # this ties it to downstream resources
   }
 }
 

examples/complete/README.md

@@ -1,19 +1,13 @@
-# terraform-aws-eks-addons
-![squareops_avatar]
+# complete
 
-[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
-
-### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
-<br>
-This example is useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
-<br>
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.43.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.0.0 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.7.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.0.2 |
 
@@ -50,8 +44,8 @@ No inputs.
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
 | <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
 | <a name="output_istio_ingressgateway_dns_hostname"></a> [istio\_ingressgateway\_dns\_hostname](#output\_istio\_ingressgateway\_dns\_hostname) | DNS hostname of the Istio Ingress Gateway |
-| <a name="output_k8s-dashboard-admin-token"></a> [k8s-dashboard-admin-token](#output\_k8s-dashboard-admin-token) | k8s-dashboard admin token |
-| <a name="output_k8s-dashboard-read-only-token"></a> [k8s-dashboard-read-only-token](#output\_k8s-dashboard-read-only-token) | k8s-dashboard read only  token |
+| <a name="output_k8s_dashboard_admin_token"></a> [k8s\_dashboard\_admin\_token](#output\_k8s\_dashboard\_admin\_token) | Kubernetes-Dashboard Admin Token |
+| <a name="output_k8s_dashboard_read_only_token"></a> [k8s\_dashboard\_read\_only\_token](#output\_k8s\_dashboard\_read\_only\_token) | Kubernetes-Dashboard Read Only Token |
 | <a name="output_kubeclarity"></a> [kubeclarity](#output\_kubeclarity) | Kubeclarity endpoint and credentials |
 | <a name="output_kubecost"></a> [kubecost](#output\_kubecost) | Kubecost endpoint and credentials |
 | <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller. |

modules/aws_alb/aws_alb.yaml → examples/complete/config/aws-alb.yaml

@@ -19,6 +19,3 @@ resources:
   requests:
     cpu: 50m
     memory: 100Mi
-
-podAnnotations:
-  co.elastic.logs/enabled: "true"

examples/complete/config/aws-node-termination-handler.yaml

@@ -0,0 +1,7 @@
+resources:
+  limits:
+    cpu: 20m
+    memory: 60Mi
+  requests:
+    cpu: 10m
+    memory: 30Mi

examples/complete/config/cert-manager.yaml

@@ -0,0 +1,64 @@
+extraArgs:
+  - --enable-certificate-owner-ref=true
+
+crds:
+  # This option decides if the CRDs should be installed
+  # as part of the Helm installation.
+  enabled: true
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"
+
+resources:
+  limits:
+    cpu: 20m
+    memory: 400Mi
+  requests:
+    cpu: 10m
+    memory: 200Mi
+
+webhook:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"
+
+  resources:
+    limits:
+      cpu: 20m
+      memory: 150Mi
+    requests:
+      cpu: 10m
+      memory: 75Mi
+
+cainjector:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"
+
+  resources:
+    limits:
+      cpu: 20m
+      memory: 480Mi
+    requests:
+      cpu: 10m
+      memory: 240Mi

examples/complete/config/cluster-autoscaler.yaml

@@ -0,0 +1,21 @@
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"
+
+## Using limits and requests
+
+resources:
+  limits:
+    cpu: 20m
+    memory: 200Mi
+  requests:
+    cpu: 10m
+    memory: 100Mi

examples/complete/config/coredns-hpa.yaml

@@ -0,0 +1,17 @@
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 200Mi
+  requests:
+    cpu: 100m
+    memory: 100Mi

examples/complete/config/ebs-csi.yaml

@@ -0,0 +1,17 @@
+controller:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 40Mi
+    limits:
+      cpu: 20m
+      memory: 80Mi
+
+node:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 40Mi
+    limits:
+      cpu: 20m
+      memory: 80Mi

modules/external-secret/external-secret.yaml → examples/complete/config/external-secret.yaml

@@ -1,6 +1,6 @@
 resources:
   limits:
-    cpu: 100m
+    cpu: 20m
     memory: 100Mi
   requests:
     cpu: 10m
@@ -19,7 +19,7 @@ affinity:
 webhook:
   resources:
     limits:
-      cpu: 100m
+      cpu: 20m
       memory: 100Mi
     requests:
       cpu: 10m
@@ -38,7 +38,7 @@ webhook:
 certController:
   resources:
     limits:
-      cpu: 100m
+      cpu: 20m
       memory: 100Mi
     requests:
       cpu: 10m

examples/complete/config/ingress-nginx.yaml

@@ -0,0 +1,17 @@
+  resources:
+    limits:
+      cpu: 100m
+      memory: 400Mi
+    requests:
+      cpu: 50m
+      memory: 200Mi
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: "In"
+            values:
+            - "true"

examples/complete/config/istio.yaml

@@ -1,64 +1,30 @@
-meshConfig:
-  accessLogFile: /dev/stdout
-  accessLogFormat: |
-    [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% "%UPSTREAM_TRANSPORT_FAILURE_REASON%" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME% traceID=%REQ(TRACEPARENT)%
-  defaultConfig:
-    discoveryAddress: istiod.istio-system.svc:15012
-    proxyMetadata: {}
-    tracing:
-      zipkin:
-        address: zipkin.istio-system:9411
-  enableAutoMtls: true
-  enablePrometheusMerge: true
-  extensionProviders:
-  - name: otel-tracing
-    opentelemetry:
-      port: 4317
-      service: otel-collector-collector.monitoring.svc.cluster.local
-  - envoyOtelAls:
-      port: 4317
-      service: opentelemetry-collector.monitoring.svc.cluster.local
-    name: otel
-  - name: skywalking
-    skywalking:
-      port: 11800
-      service: tracing.istio-system.svc.cluster.local
-
 global:
   defaultResources:
     requests:
       cpu: 10m
       memory: 100Mi
     limits:
-      cpu: 150m
+      cpu: 20m
       memory: 200Mi
 
   proxy:
-    # readinessFailureThreshold: 30
-
-    # # The initial delay for readiness probes in seconds.
-    # readinessInitialDelaySeconds: 20
-
-    # # The period between readiness probes.
-    # readinessPeriodSeconds: 10
-
-    # # Resources for the sidecar.
     resources:
       requests:
         cpu: 10m
         memory: 80Mi
       limits:
-        cpu: 100m
-        memory: 128Mi
+        cpu: 20m
+        memory: 160Mi
 
 pilot:
   resources:
     limits:
       cpu: 100m
-      memory: 300Mi
+      memory: 200Mi
     requests:
       cpu: 50m
       memory: 100Mi
+
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:

examples/complete/config/karpenter-management.yaml

@@ -0,0 +1,4 @@
+
+spec:
+  labels:
+    eks.amazonaws.com/nodegroup: "Mgt-ng"

examples/complete/config/karpenter.yaml

@@ -0,0 +1,18 @@
+controller:
+  resources:
+    requests:
+      cpu: 50m
+      memory: 200Mi
+    limits:
+      cpu: 100m
+      memory: 400Mi
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"

examples/complete/config/keda.yaml

@@ -0,0 +1,66 @@
+operator:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+metricsServer:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+webhooks:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+  failurePolicy: Ignore
+
+resources:
+  operator:
+    limits:
+      cpu: 200m
+      memory: 200Mi
+    requests:
+      cpu: 100m
+      memory: 100Mi
+  metricServer:
+    limits:
+      cpu: 200m
+      memory: 200Mi
+    requests:
+      cpu: 100m
+      memory: 100Mi
+  webhooks:
+    limits:
+      cpu: 20m
+      memory: 20Mi
+    requests:
+      cpu: 10m
+      memory: 10Mi
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"