diff --git a/README.md b/README.md
index 2791c7a..6b24e05 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,7 @@ module "eks_addons" {
egress_gateway_enabled = false
envoy_access_logs_enabled = true
prometheus_monitoring_enabled = true
+ istio_values_yaml = ""
}
karpenter_provisioner_enabled = true
karpenter_provisioner_config = {
@@ -78,10 +79,14 @@ module "eks_addons" {
## Compatibility
-| Release | Kubernetes 1.23 | Kubernetes 1.24 | Kubernetes 1.25 | Kubernetes 1.26 |
-|------------------|------------------|------------------|----------------------|----------------------|
+| Release | Kubernetes 1.23 | Kubernetes 1.24 | Kubernetes 1.25 | Kubernetes 1.26 | Kubernetes 1.27 |
+|------------------|------------------|------------------|----------------------|----------------------|----------------------|
| Release 1.0.0 | ✔ | ✔ | ✔ | ✔ |
| Release 1.1.0 | ✔ | ✔ | ✔ | ✔ |
+| Release 1.1.1 | ✔ | ✔ | ✔ | ✔ | ✔ |
+| Release 1.1.2 | ✔ | ✔ | ✔ | ✔ | ✔ |
+| Release 1.1.3 | ✔ | ✔ | ✔ | ✔ | ✔ |
+| Release 1.1.4 | ✔ | ✔ | ✔ | ✔ | ✔ |
## IAM Permissions
@@ -272,8 +277,8 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
| [cluster\_issuer](#input\_cluster\_issuer) | Specify the letsecrypt cluster-issuer for ingress tls. | `string` | `"letsencrypt-prod"` | no |
| [cluster\_propotional\_autoscaler\_enabled](#input\_cluster\_propotional\_autoscaler\_enabled) | Enable or disable Cluster propotional autoscaler add-on | `bool` | `false` | no |
| [core\_dns\_hpa\_config](#input\_core\_dns\_hpa\_config) | Configuration to provide settings of hpa over core dns | `any` | {
"corednsdeploymentname": "coredns",
"maxReplicas": 10,
"minReplicas": 2,
"targetCPUUtilizationPercentage": 80,
"targetMemoryUtilizationPercentage": "150Mi"
} | no |
-| [defectdojo\_enabled](#input\_defectdojo\_enabled) | Enable istio for service mesh. | `bool` | `true` | no |
-| [defectdojo\_hostname](#input\_defectdojo\_hostname) | Specify the hostname for the kubecsot. | `string` | `"defectdojo.dev.skaf.squareops.in"` | no |
+| [defectdojo\_enabled](#input\_defectdojo\_enabled) | Enable istio for service mesh. | `bool` | `false` | no |
+| [defectdojo\_hostname](#input\_defectdojo\_hostname) | Specify the hostname for the kubecsot. | `string` | `""` | no |
| [efs\_storage\_class\_enabled](#input\_efs\_storage\_class\_enabled) | Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster. | `bool` | `false` | no |
| [eks\_cluster\_name](#input\_eks\_cluster\_name) | Fetch Cluster ID of the cluster | `string` | `""` | no |
| [environment](#input\_environment) | Environment identifier for the Amazon Elastic Kubernetes Service (EKS) cluster. | `string` | `""` | no |
@@ -282,7 +287,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
| [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.7.0"` | no |
| [internal\_ingress\_nginx\_enabled](#input\_internal\_ingress\_nginx\_enabled) | Enable or disable the deployment of an internal ingress controller for Kubernetes. | `bool` | `false` | no |
| [ipv6\_enabled](#input\_ipv6\_enabled) | whether IPv6 enabled or not | `bool` | `false` | no |
-| [istio\_config](#input\_istio\_config) | Configuration to provide settings for Istio | object({
ingress_gateway_enabled = bool
ingress_gateway_namespace = optional(string, "istio-ingressgateway")
egress_gateway_enabled = bool
egress_gateway_namespace = optional(string, "istio-egressgateway")
envoy_access_logs_enabled = bool
prometheus_monitoring_enabled = bool
}) | {
"egress_gateway_enabled": false,
"envoy_access_logs_enabled": true,
"ingress_gateway_enabled": true,
"prometheus_monitoring_enabled": true
} | no |
+| [istio\_config](#input\_istio\_config) | Configuration to provide settings for Istio | object({
ingress_gateway_enabled = bool
ingress_gateway_namespace = optional(string, "istio-ingressgateway")
egress_gateway_enabled = bool
egress_gateway_namespace = optional(string, "istio-egressgateway")
envoy_access_logs_enabled = bool
prometheus_monitoring_enabled = bool
istio_values_yaml = any
}) | {
"egress_gateway_enabled": false,
"envoy_access_logs_enabled": true,
"ingress_gateway_enabled": true,
"istio_values_yaml": "",
"prometheus_monitoring_enabled": true
} | no |
| [istio\_enabled](#input\_istio\_enabled) | Enable istio for service mesh. | `bool` | `false` | no |
| [karpenter\_enabled](#input\_karpenter\_enabled) | Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes. | `bool` | `false` | no |
| [karpenter\_provisioner\_config](#input\_karpenter\_provisioner\_config) | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | `any` | {
"excluded_instance_type": [
"nano",
"micro",
"small"
],
"instance_capacity_type": [
"spot"
],
"instance_hypervisor": [
"nitro"
],
"private_subnet_name": ""
} | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 0903a8c..b6a245f 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -46,6 +46,7 @@ module "eks-addons" {
egress_gateway_enabled = true
envoy_access_logs_enabled = true
prometheus_monitoring_enabled = true
+ istio_values_yaml = ""
}
karpenter_provisioner_enabled = true
karpenter_provisioner_config = {
diff --git a/main.tf b/main.tf
index 36d4b1d..78ee16a 100644
--- a/main.tf
+++ b/main.tf
@@ -198,6 +198,7 @@ module "istio" {
envoy_access_logs_enabled = var.istio_config.envoy_access_logs_enabled
prometheus_monitoring_enabled = var.istio_config.prometheus_monitoring_enabled
cert_manager_letsencrypt_email = var.cert_manager_letsencrypt_email
+ istio_values_yaml = var.istio_config.istio_values_yaml
}
data "kubernetes_service" "istio-ingress" {
diff --git a/modules/aws_alb/aws_alb.yaml b/modules/aws_alb/aws_alb.yaml
index 7c71611..88bdaf6 100644
--- a/modules/aws_alb/aws_alb.yaml
+++ b/modules/aws_alb/aws_alb.yaml
@@ -22,4 +22,3 @@ resources:
podAnnotations:
co.elastic.logs/enabled: "true"
-
diff --git a/modules/cert-manager-le-http/values.yaml b/modules/cert-manager-le-http/values.yaml
index 9b4a3fe..2810aef 100644
--- a/modules/cert-manager-le-http/values.yaml
+++ b/modules/cert-manager-le-http/values.yaml
@@ -1,4 +1,3 @@
# email:
ingressClass: nginx
-
diff --git a/modules/core_dns_hpa/values.yaml b/modules/core_dns_hpa/values.yaml
index fac8a4d..13996aa 100644
--- a/modules/core_dns_hpa/values.yaml
+++ b/modules/core_dns_hpa/values.yaml
@@ -20,4 +20,4 @@ resources:
memory: 200Mi
requests:
cpu: 100m
- memory: 100Mi
\ No newline at end of file
+ memory: 100Mi
diff --git a/modules/istio/README.md b/modules/istio/README.md
index 6e3e3de..5ede912 100644
--- a/modules/istio/README.md
+++ b/modules/istio/README.md
@@ -25,11 +25,8 @@ No modules.
| Name | Type |
|------|------|
| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio_egress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.istio_ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio_observability](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.istio_egress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -43,6 +40,7 @@ No modules.
| [envoy\_access\_logs\_enabled](#input\_envoy\_access\_logs\_enabled) | Enable or disable the installation of Envoy access logs across Mesh | `bool` | `false` | no |
| [ingress\_gateway\_enabled](#input\_ingress\_gateway\_enabled) | Enable or disable the installation of Istio Ingress Gateway. | `bool` | `true` | no |
| [ingress\_gateway\_namespace](#input\_ingress\_gateway\_namespace) | Name of the Kubernetes namespace where the Istio Ingress Gateway will be deployed | `string` | `"istio-ingressgateway"` | no |
+| [istio\_values\_yaml](#input\_istio\_values\_yaml) | Custom config values for istiod helm | `any` | `""` | no |
| [prometheus\_monitoring\_enabled](#input\_prometheus\_monitoring\_enabled) | Enable or disable the installation of Prometheus Operator's servicemonitor to monitor Istio Controlplane and Dataplane | `bool` | `false` | no |
## Outputs
diff --git a/modules/istio/helm/values.yaml b/modules/istio/helm/values.yaml
index f0691d6..ddd3684 100644
--- a/modules/istio/helm/values.yaml
+++ b/modules/istio/helm/values.yaml
@@ -35,7 +35,3 @@ gateways:
requests:
cpu: 10m
memory: 100Mi
-
-
-
-
\ No newline at end of file
diff --git a/modules/istio/helm/values/istiod/values.yaml b/modules/istio/helm/values/istiod/values.yaml
new file mode 100644
index 0000000..3702f2c
--- /dev/null
+++ b/modules/istio/helm/values/istiod/values.yaml
@@ -0,0 +1,25 @@
+meshConfig:
+ accessLogFile: /dev/stdout
+ accessLogFormat: |
+ [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% "%UPSTREAM_TRANSPORT_FAILURE_REASON%" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME% traceID=%REQ(TRACEPARENT)%
+ defaultConfig:
+ discoveryAddress: istiod.istio-system.svc:15012
+ proxyMetadata: {}
+ tracing:
+ zipkin:
+ address: zipkin.istio-system:9411
+ enableAutoMtls: true
+ enablePrometheusMerge: true
+ extensionProviders:
+ - name: otel-tracing
+ opentelemetry:
+ port: 4317
+ service: otel-collector-collector.istio-system.svc.cluster.local
+ - envoyOtelAls:
+ port: 4317
+ service: opentelemetry-collector.istio-system.svc.cluster.local
+ name: otel
+ - name: skywalking
+ skywalking:
+ port: 11800
+ service: tracing.istio-system.svc.cluster.local
diff --git a/modules/istio/main.tf b/modules/istio/main.tf
index 33f2f38..49f6b83 100644
--- a/modules/istio/main.tf
+++ b/modules/istio/main.tf
@@ -24,7 +24,8 @@ resource "helm_release" "istiod" {
timeout = 600
version = "1.18.0"
values = [
- file("${path.module}/helm/values.yaml")
+ file("${path.module}/helm/values/istiod/values.yaml"),
+ var.istio_values_yaml
]
}
@@ -68,63 +69,3 @@ resource "helm_release" "istio_ingress" {
}
}
-
-
-resource "kubernetes_namespace" "istio_egress" {
-
- depends_on = [helm_release.istiod]
- count = var.egress_gateway_enabled ? 1 : 0
-
- metadata {
- name = var.egress_gateway_namespace
- }
-
-}
-resource "helm_release" "istio_egress" {
- depends_on = [helm_release.istiod, kubernetes_namespace.istio_egress]
- count = var.egress_gateway_enabled ? 1 : 0
-
- name = "istio-egressgateway"
- repository = "https://istio-release.storage.googleapis.com/charts"
- chart = "gateway"
- namespace = var.egress_gateway_namespace
- timeout = 600
- version = "1.18.0"
- values = [
- file("${path.module}/helm/values.yaml")
- ]
-
- set {
- name = "labels.app"
- value = "istio-egressgateway"
- }
-
- set {
- name = "labels.istio"
- value = "egressgateway"
- }
-
- set {
- name = "service.type"
- value = "ClusterIP"
- }
-}
-
-resource "helm_release" "istio_observability" {
- depends_on = [helm_release.istiod]
- name = "istio-observability"
- chart = "${path.module}/istio-observability/"
- namespace = "istio-system"
- set {
- name = "accessLogging.enabled"
- value = var.envoy_access_logs_enabled
- }
- set {
- name = "monitoring.enabled"
- value = var.prometheus_monitoring_enabled
- }
- set {
- name = "clusterIssuer.email"
- value = var.cert_manager_letsencrypt_email
- }
-}
diff --git a/modules/istio/variables.tf b/modules/istio/variables.tf
index 047ba94..70b3935 100644
--- a/modules/istio/variables.tf
+++ b/modules/istio/variables.tf
@@ -38,3 +38,9 @@ variable "cert_manager_letsencrypt_email" {
description = "Specifies the email address to be used by cert-manager to request Let's Encrypt certificates"
type = string
}
+
+variable "istio_values_yaml" {
+ description = "Custom config values for istiod helm"
+ type = any
+ default = ""
+}
diff --git a/modules/reloader/reloader.yaml b/modules/reloader/reloader.yaml
index 125f6fb..55a0eb8 100644
--- a/modules/reloader/reloader.yaml
+++ b/modules/reloader/reloader.yaml
@@ -9,7 +9,7 @@ reloader:
operator: In
values:
- "true"
-
+
resources:
limits:
cpu: "150m"
diff --git a/modules/velero/helm/values.yaml b/modules/velero/helm/values.yaml
index f7dc25d..923011f 100644
--- a/modules/velero/helm/values.yaml
+++ b/modules/velero/helm/values.yaml
@@ -28,7 +28,7 @@ affinity:
operator: In
values:
- "true"
-
+
resources:
requests:
cpu: 10m
diff --git a/variables.tf b/variables.tf
index e11b10e..c2daef5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -211,12 +211,14 @@ variable "istio_config" {
egress_gateway_namespace = optional(string, "istio-egressgateway")
envoy_access_logs_enabled = bool
prometheus_monitoring_enabled = bool
+ istio_values_yaml = any
})
default = {
ingress_gateway_enabled = true
egress_gateway_enabled = false
envoy_access_logs_enabled = true
prometheus_monitoring_enabled = true
+ istio_values_yaml = ""
}
}