Merge pull request #8 from squareops/release-feature-defectdojo

Updated example reference and readme.md

README.md

@@ -27,6 +27,8 @@ module "eks_addons" {
   kubeclarity_hostname                = "kubeclarity.prod.in"
   kubecost_enabled                    = true
   kubecost_hostname                   = "kubecost.prod.in"
+  defectdojo_enabled                  = true
+  defectdojo_hostname                 = "defectdojo.prod.in"
   cert_manager_enabled                = true
   worker_iam_role_name                = "worker_iam_role_name"
   worker_iam_role_arn                 = "worker_iam_role_arn"
@@ -184,6 +186,10 @@ Velero is designed to work with cloud native environments, making it a popular c
   <summary> Kubecost </summary>
   Kubecost provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs. Breakdown costs by any Kubernetes concepts, including deployment, service, namespace label, and more.
 </details>
+<details>
+  <summary>DefectDojo</summary>
+   DefectDojo is an open-source application vulnerability management tool. It is designed to automate and streamline the process of managing application security testing efforts, including dynamic testing, static analysis, and manual penetration testing.
+</details>
 
 ## Notes
 
@@ -215,7 +221,6 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="module_istio"></a> [istio](#module\_istio) | ./modules/istio | n/a |
 | <a name="module_k8s_addons"></a> [k8s\_addons](#module\_k8s\_addons) | ./modules/kubernetes-addons | n/a |
 | <a name="module_karpenter_provisioner"></a> [karpenter\_provisioner](#module\_karpenter\_provisioner) | ./modules/karpenter_provisioner | n/a |
-| <a name="module_securecodebox"></a> [securecodebox](#module\_securecodebox) | ./modules/securecodebox | n/a |
 | <a name="module_service_monitor_crd"></a> [service\_monitor\_crd](#module\_service\_monitor\_crd) | ./modules/service_monitor_crd | n/a |
 | <a name="module_single_az_sc"></a> [single\_az\_sc](#module\_single\_az\_sc) | ./modules/aws-ebs-storage-class | n/a |
 | <a name="module_velero"></a> [velero](#module\_velero) | ./modules/velero | n/a |
@@ -229,14 +234,12 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | [helm_release.cert_manager_le_http](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.coredns-hpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.defectdojo](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.falco](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.internal_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kubeclarity](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.metrics-server-vpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vpa-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_ingress_v1.kubecost](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource |
 | [kubernetes_namespace.defectdojo](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.falco](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.internal_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube_clarity](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_secret.kube_clarity](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
@@ -257,6 +260,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 |------|-------------|------|---------|:--------:|
 | <a name="input_amazon_eks_aws_ebs_csi_driver_enabled"></a> [amazon\_eks\_aws\_ebs\_csi\_driver\_enabled](#input\_amazon\_eks\_aws\_ebs\_csi\_driver\_enabled) | Whether to enable the EKS Managed AWS EBS CSI Driver add-on or not. | `bool` | `false` | no |
 | <a name="input_amazon_eks_vpc_cni_enabled"></a> [amazon\_eks\_vpc\_cni\_enabled](#input\_amazon\_eks\_vpc\_cni\_enabled) | Enable or disable the installation of the Amazon EKS VPC CNI addon. | `bool` | `false` | no |
+| <a name="input_aws_load_balancer_controller_enabled"></a> [aws\_load\_balancer\_controller\_enabled](#input\_aws\_load\_balancer\_controller\_enabled) | Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes. | `bool` | `false` | no |
 | <a name="input_aws_load_balancer_version"></a> [aws\_load\_balancer\_version](#input\_aws\_load\_balancer\_version) | Specify the version of the AWS Load Balancer Controller for Ingress | `string` | `"1.4.4"` | no |
 | <a name="input_aws_node_termination_handler_enabled"></a> [aws\_node\_termination\_handler\_enabled](#input\_aws\_node\_termination\_handler\_enabled) | Enable or disable node termination handler | `bool` | `false` | no |
 | <a name="input_cert_manager_enabled"></a> [cert\_manager\_enabled](#input\_cert\_manager\_enabled) | Enable or disable the cert manager add-on for EKS cluster. | `bool` | `false` | no |
@@ -272,10 +276,8 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_defectdojo_hostname"></a> [defectdojo\_hostname](#input\_defectdojo\_hostname) | Specify the hostname for the kubecsot. | `string` | `"defectdojo.dev.skaf.squareops.in"` | no |
 | <a name="input_efs_storage_class_enabled"></a> [efs\_storage\_class\_enabled](#input\_efs\_storage\_class\_enabled) | Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster. | `bool` | `false` | no |
 | <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | Fetch Cluster ID of the cluster | `string` | `""` | no |
-| <a name="input_enable_aws_load_balancer_controller"></a> [enable\_aws\_load\_balancer\_controller](#input\_enable\_aws\_load\_balancer\_controller) | Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes. | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment identifier for the Amazon Elastic Kubernetes Service (EKS) cluster. | `string` | `""` | no |
 | <a name="input_external_secrets_enabled"></a> [external\_secrets\_enabled](#input\_external\_secrets\_enabled) | Enable or disable External Secrets operator add-on for managing external secrets. | `bool` | `false` | no |
-| <a name="input_falco_enabled"></a> [falco\_enabled](#input\_falco\_enabled) | Enable falco for security alerts. | `bool` | `true` | no |
 | <a name="input_ingress_nginx_enabled"></a> [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services. | `bool` | `false` | no |
 | <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.7.0"` | no |
 | <a name="input_internal_ingress_nginx_enabled"></a> [internal\_ingress\_nginx\_enabled](#input\_internal\_ingress\_nginx\_enabled) | Enable or disable the deployment of an internal ingress controller for Kubernetes. | `bool` | `false` | no |
@@ -300,11 +302,9 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_node_termination_handler_version"></a> [node\_termination\_handler\_version](#input\_node\_termination\_handler\_version) | Specify the version of node termination handler | `string` | `"0.21.0"` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets of the VPC which can be used by EFS | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | <a name="input_reloader_enabled"></a> [reloader\_enabled](#input\_reloader\_enabled) | Enable or disable Reloader, a Kubernetes controller to watch changes in ConfigMap and Secret objects and trigger an application reload on their changes. | `bool` | `false` | no |
-| <a name="input_securecodebox_enabled"></a> [securecodebox\_enabled](#input\_securecodebox\_enabled) | Enable istio for service mesh. | `bool` | `true` | no |
 | <a name="input_service_monitor_crd_enabled"></a> [service\_monitor\_crd\_enabled](#input\_service\_monitor\_crd\_enabled) | Enable or disable the installation of Custom Resource Definitions (CRDs) for Prometheus Service Monitor. | `bool` | `false` | no |
 | <a name="input_single_az_ebs_gp3_storage_class_enabled"></a> [single\_az\_ebs\_gp3\_storage\_class\_enabled](#input\_single\_az\_ebs\_gp3\_storage\_class\_enabled) | Whether to enable the Single AZ storage class or not. | `bool` | `false` | no |
 | <a name="input_single_az_sc_config"></a> [single\_az\_sc\_config](#input\_single\_az\_sc\_config) | Name and regions for storage class in Key-Value pair. | `list(any)` | `[]` | no |
-| <a name="input_slack_webhook"></a> [slack\_webhook](#input\_slack\_webhook) | Slack webhook for falco Alerts. | `string` | `""` | no |
 | <a name="input_storageClassName"></a> [storageClassName](#input\_storageClassName) | Specify the hostname for the kubecsot. | `string` | `"infra-service-sc"` | no |
 | <a name="input_velero_config"></a> [velero\_config](#input\_velero\_config) | Configuration to provide settings for Velero, including which namespaces to backup, retention period, backup schedule, and backup bucket name. | `any` | <pre>{<br>  "backup_bucket_name": "",<br>  "namespaces": "",<br>  "retention_period_in_days": 45,<br>  "schedule_backup_cron_time": "",<br>  "slack_notification_channel_name": "",<br>  "slack_notification_token": "",<br>  "velero_backup_name": ""<br>}</pre> | no |
 | <a name="input_velero_enabled"></a> [velero\_enabled](#input\_velero\_enabled) | Enable or disable the installation of Velero, which is a backup and restore solution for Kubernetes clusters. | `bool` | `false` | no |

examples/complete/main.tf

@@ -11,44 +11,46 @@ locals {
 }
 
 module "eks-addons" {
-  source                              = "squareops/eks-addons/aws"
-  name                                = local.name
-  vpc_id                              = ""
-  environment                         = local.environment
-  ipv6_enabled                        = local.ipv6_enabled
-  kms_key_arn                         = ""
-  keda_enabled                        = true
-  kms_policy_arn                      = "" ## eks module will create kms_policy_arn
-  eks_cluster_name                    = ""
-  reloader_enabled                    = true
-  karpenter_enabled                   = true
-  private_subnet_ids                  = [""]
-  single_az_sc_config                 = [{ name = "infra-service-sc", zone = "${local.region}a" }]
-  kubeclarity_enabled                 = true
-  kubeclarity_hostname                = "kubeclarity.prod.in"
-  kubecost_enabled                    = true
-  kubecost_hostname                   = "kubecost.prod.in"
-  cert_manager_enabled                = true
-  worker_iam_role_name                = ""
-  worker_iam_role_arn                 = ""
-  ingress_nginx_enabled               = true
-  metrics_server_enabled              = true
-  external_secrets_enabled            = true
-  amazon_eks_vpc_cni_enabled          = true
-  cluster_autoscaler_enabled          = true
-  service_monitor_crd_enabled         = true
-  enable_aws_load_balancer_controller = true
-  istio_enabled                       = true
+  source                               = "squareops/eks-addons/aws"
+  name                                 = local.name
+  vpc_id                               = "vpc-aba8a102ccxyza"
+  environment                          = local.environment
+  ipv6_enabled                         = local.ipv6_enabled
+  kms_key_arn                          = "arn:aws:kms:${local.region}:222222222222:key/e2b8a99d-b8b1"
+  keda_enabled                         = true
+  kms_policy_arn                       = "arn:aws:iam::222222222222:policy/eks-cluster-policy" ## eks module will create kms_policy_arn
+  eks_cluster_name                     = "eks_cluster_name"
+  reloader_enabled                     = true
+  karpenter_enabled                    = true
+  private_subnet_ids                   = ["subnet-b2c34cd9279xyza", "subnet-7ef8daf598fxyza"]
+  single_az_sc_config                  = [{ name = "infra-service-sc", zone = "${local.region}a" }]
+  kubeclarity_enabled                  = true
+  kubeclarity_hostname                 = "kubeclarity.prod.in"
+  kubecost_enabled                     = true
+  kubecost_hostname                    = "kubecost.prod.in"
+  defectdojo_enabled                   = true
+  defectdojo_hostname                  = "defectdojo.prod.in"
+  cert_manager_enabled                 = true
+  worker_iam_role_name                 = ""
+  worker_iam_role_arn                  = ""
+  ingress_nginx_enabled                = true
+  metrics_server_enabled               = true
+  external_secrets_enabled             = true
+  amazon_eks_vpc_cni_enabled           = true
+  cluster_autoscaler_enabled           = true
+  service_monitor_crd_enabled          = true
+  aws_load_balancer_controller_enabled = true
+  istio_enabled                        = true
   istio_config = {
     ingress_gateway_enabled       = true
-    egress_gateway_enabled        = false
+    egress_gateway_enabled        = true
     envoy_access_logs_enabled     = true
     prometheus_monitoring_enabled = true
   }
   karpenter_provisioner_enabled = true
   karpenter_provisioner_config = {
-    private_subnet_name    = "private-subnet-name"
-    instance_capacity_type = ["on-demand"]
+    private_subnet_name    = "${local.environment}-${local.name}-private-subnet"
+    instance_capacity_type = ["spot"]
     excluded_instance_type = ["nano", "micro", "small"]
     instance_hypervisor    = ["nitro"]
   }

main.tf

@@ -75,7 +75,7 @@ module "k8s_addons" {
   }
 
   #Aws Load balancer Controller
-  enable_aws_load_balancer_controller = var.enable_aws_load_balancer_controller
+  enable_aws_load_balancer_controller = var.aws_load_balancer_controller_enabled
   aws_load_balancer_controller_helm_config = {
     version = var.aws_load_balancer_version
     values = [

variables.tf

@@ -94,7 +94,7 @@ variable "ingress_nginx_enabled" {
   type        = bool
 }
 
-variable "enable_aws_load_balancer_controller" {
+variable "aws_load_balancer_controller_enabled" {
   description = "Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes."
   default     = false
   type        = bool