From fd93608747784080eb054054962cd4261281622f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Odstr=C4=8Dil=C3=ADk?= Date: Thu, 14 Nov 2024 08:45:31 +0100 Subject: [PATCH] feat: prepare addon --- README.md | 11 +- addon-irsa.tf | 2 +- main.tf | 34 +- modules/addon-irsa/.terraform.lock.hcl | 27 -- modules/addon-irsa/iam.tf | 75 ---- modules/addon-irsa/outputs.tf | 9 - modules/addon-irsa/variables.tf | 115 ------ modules/addon-irsa/versions.tf | 10 - modules/addon/.terraform.lock.hcl | 95 ----- modules/addon/argo-helm.tf | 162 -------- modules/addon/argo.tf | 61 --- modules/addon/helm.tf | 66 ---- .../addon/helm/argocd-application/.helmignore | 23 -- .../addon/helm/argocd-application/Chart.yaml | 18 - .../argocd-application/templates/_helpers.tpl | 51 --- .../templates/application.yaml | 19 - .../addon/helm/argocd-application/values.yaml | 2 - modules/addon/outputs.tf | 14 - modules/addon/variables.tf | 346 ------------------ modules/addon/versions.tf | 22 -- variables.tf | 6 + 21 files changed, 32 insertions(+), 1136 deletions(-) delete mode 100644 modules/addon-irsa/.terraform.lock.hcl delete mode 100644 modules/addon-irsa/iam.tf delete mode 100644 modules/addon-irsa/outputs.tf delete mode 100644 modules/addon-irsa/variables.tf delete mode 100644 modules/addon-irsa/versions.tf delete mode 100644 modules/addon/.terraform.lock.hcl delete mode 100644 modules/addon/argo-helm.tf delete mode 100644 modules/addon/argo.tf delete mode 100644 modules/addon/helm.tf delete mode 100644 modules/addon/helm/argocd-application/.helmignore delete mode 100644 modules/addon/helm/argocd-application/Chart.yaml delete mode 100644 modules/addon/helm/argocd-application/templates/_helpers.tpl delete mode 100644 modules/addon/helm/argocd-application/templates/application.yaml delete mode 100644 modules/addon/helm/argocd-application/values.yaml delete mode 100644 modules/addon/outputs.tf delete mode 100644 modules/addon/variables.tf delete mode 100644 modules/addon/versions.tf diff --git a/README.md b/README.md index c0a7c31..0cf41a0 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ -# AWS EKS Universal Addon Terraform module +# AWS EKS AWS Service Quota Exporter Terraform module -A Terraform module to deploy the universal addon on Amazon EKS cluster. +A Terraform module to deploy the [aws-service-quota-exporter](https://github.com/lablabs/aws-service-quotas-exporter) on Amazon EKS cluster. -[![Terraform validate](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml) -[![pre-commit](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yaml) +[![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml) +[![pre-commit](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml) --- @@ -50,7 +50,7 @@ See [basic example](examples/basic) for further information. | Name | Source | Version | |------|--------|---------| | [addon](#module\_addon) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.6 | -| [addon-irsa](#module\_addon-irsa) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa | v0.0.6 | +| [addon-irsa](#module\_addon-irsa) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa | v0.0.8 | ## Resources | Name | Type | @@ -84,6 +84,7 @@ See [basic example](examples/basic) for further information. | [cluster\_identity\_oidc\_issuer](#input\_cluster\_identity\_oidc\_issuer) | The OIDC Identity issuer for the cluster (required). | `string` | | [cluster\_identity\_oidc\_issuer\_arn](#input\_cluster\_identity\_oidc\_issuer\_arn) | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account (required). | `string` | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources. | `bool` | +| [exporter\_config](#input\_exporter\_config) | The configuration for the exporter, see https://github.com/lablabs/aws-service-quotas-exporter/blob/main/config/example.yaml | `any` | | [helm\_atomic](#input\_helm\_atomic) | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`. | `bool` | | [helm\_chart\_name](#input\_helm\_chart\_name) | Helm chart name to be installed. Defaults to `local.addon.name` (required). | `string` | | [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart. Defaults to `local.addon.helm_chart_version` (required). | `string` | diff --git a/addon-irsa.tf b/addon-irsa.tf index 1821f66..ee37e76 100644 --- a/addon-irsa.tf +++ b/addon-irsa.tf @@ -2,7 +2,7 @@ module "addon-irsa" { for_each = local.addon_irsa - source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa?ref=v0.0.6" + source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa?ref=v0.0.8" enabled = var.enabled diff --git a/main.tf b/main.tf index a21108d..7864995 100644 --- a/main.tf +++ b/main.tf @@ -1,30 +1,34 @@ /** - * # AWS EKS Universal Addon Terraform module + * # AWS EKS AWS Service Quota Exporter Terraform module * - * A Terraform module to deploy the universal addon on Amazon EKS cluster. + * A Terraform module to deploy the [aws-service-quota-exporter](https://github.com/lablabs/aws-service-quotas-exporter) on Amazon EKS cluster. * - * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml) - * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yaml) + * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/validate.yaml) + * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-aws-service-quota-exporter/actions/workflows/pre-commit.yaml) */ -# FIXME config: update addon docs above locals { - # FIXME config: add addon configuration here addon = { - name = "universal-addon" + name = "aws-service-quotas-exporter" - helm_chart_name = "raw" - helm_chart_version = "0.1.0" - helm_repo_url = "https://lablabs.github.io" + helm_chart_name = "aws-service-quotas-exporter" + helm_chart_version = "0.0.3" + helm_repo_url = "ghcr.io/lablabs/aws-service-quotas-exporter" } - # FIXME config: add addon IRSA configuration here or remove if not needed addon_irsa = { - (local.addon.name) = { - # FIXME config: add default IRSA overrides here or leave empty if not needed, but make sure to keep at least one key - } + (local.addon.name) = {} } addon_values = yamlencode({ - # FIXME config: add default values here + serviceAccount = { + create = var.service_account_create != null ? var.service_account_create : true + name = var.service_account_name != null ? var.service_account_name : local.addon.name + annotations = module.addon-irsa[local.addon.name].irsa_role_enabled ? { + "eks.amazonaws.com/role-arn" = module.addon-irsa[local.addon.name].iam_role_attributes.arn + } : tomap({}) + } + exporter = { + config = var.exporter_config + } }) } diff --git a/modules/addon-irsa/.terraform.lock.hcl b/modules/addon-irsa/.terraform.lock.hcl deleted file mode 100644 index 79ea947..0000000 --- a/modules/addon-irsa/.terraform.lock.hcl +++ /dev/null @@ -1,27 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.53.0" - constraints = "~> 5.0" - hashes = [ - "h1:6u5Z28ArVnKsadP+ZRQYWPM4kNtTF7OZv7ZLzT2LBDc=", - "h1:ucNFgeMRknvGjwQrVf6FzR9I5kYpFxEl3F0MeVgloBw=", - "h1:yIDopRNeRAXg1UZpPlO6GNofDyzqSPkl/+Eoc3pKW4Q=", - "zh:2adad39412111d19a5195474d6b95577fc25ccf06d88a90019bee0efba33a1e3", - "zh:51226453a14f95b0d1163cfecafc9cf1a92ce5f66e42e6b4065d83a813836a2c", - "zh:62450fadb56db9c18d50bb8b7728a3d009be608d7ee0d4fe95c85ccb521dff83", - "zh:6f3ad977a9cc4800847c136690b1c0a0fd8437705062163d29dc4e9429598950", - "zh:71ca0a16b735b8d34b7127dd7d1e1e5d1eaac9c9f792e08abde291b5beb947d5", - "zh:7ae9cf4838eea80288305be0a3e69b39ffff86ede7b4319be421f06d32d04fb6", - "zh:93abc2db5ad995cfee014eb7446abc7caedc427e141d375a11993e6e199076b5", - "zh:9560b3424d97da804e98ee86b474b7370afefa09baf350cae7f33afb3f1aa209", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9eb57a9b649c217ac4eeb27af2a1935c18bd9bc8fb1be07434e7de74729eff46", - "zh:b5f32dcbe71ea22c2090eeeaec9af3e098d7b8c3e4491f34ffdfdc6f1c1abf81", - "zh:c9fbd5417f266c773055178e87bb4091df7f0542b72bf5ad0a4ae27045a2b7ca", - "zh:d518b3c52c8a9f79769dbe1b3683d25b4cdc8bfc77a3b3cd9c85f74e6c7383e1", - "zh:db741be21f32404bb87d73d25b1b7fd9b813b00aeb20a130ed8806d44dc26680", - "zh:ed1a8bb4d08653d87265ae534d6fc33bbdabae1608692a1ee364fce03548d36c", - ] -} diff --git a/modules/addon-irsa/iam.tf b/modules/addon-irsa/iam.tf deleted file mode 100644 index fece8c4..0000000 --- a/modules/addon-irsa/iam.tf +++ /dev/null @@ -1,75 +0,0 @@ -locals { - irsa_role_create = var.enabled == true && var.rbac_create == true && var.service_account_create == true && var.irsa_role_create == true - irsa_role_name_prefix = try(coalesce(var.irsa_role_name_prefix), "") - irsa_role_name = try(trim("${local.irsa_role_name_prefix}-${var.irsa_role_name}", "-"), "") - irsa_policy_enabled = var.irsa_policy_enabled == true && try(length(var.irsa_policy) > 0, false) - irsa_assume_role_enabled = var.irsa_assume_role_enabled == true && try(length(var.irsa_assume_role_arns) > 0, false) - - irsa_assume_role_policy_condition_values_default = [ - format("system:serviceaccount:%s:%s", var.service_account_namespace != null ? var.service_account_namespace : "", var.service_account_name != null ? var.service_account_name : "") - ] -} - -data "aws_iam_policy_document" "this_assume" { - count = local.irsa_role_create && local.irsa_assume_role_enabled ? 1 : 0 - - statement { - effect = "Allow" - actions = [ - "sts:AssumeRole" - ] - resources = var.irsa_assume_role_arns - } -} - -resource "aws_iam_policy" "this" { - count = local.irsa_role_create && (local.irsa_policy_enabled || local.irsa_assume_role_enabled) ? 1 : 0 - - name = local.irsa_role_name # tflint-ignore: aws_iam_policy_invalid_name - path = "/" - policy = var.irsa_assume_role_enabled ? data.aws_iam_policy_document.this_assume[0].json : var.irsa_policy - - tags = var.irsa_tags -} - -data "aws_iam_policy_document" "this_irsa" { - count = local.irsa_role_create ? 1 : 0 - - statement { - effect = "Allow" - actions = ["sts:AssumeRoleWithWebIdentity"] - - principals { - type = "Federated" - identifiers = [var.cluster_identity_oidc_issuer_arn] - } - - condition { - test = var.irsa_assume_role_policy_condition_test - variable = "${replace(var.cluster_identity_oidc_issuer, "https://", "")}:sub" - - values = coalesce(var.irsa_assume_role_policy_condition_values, local.irsa_assume_role_policy_condition_values_default) - } - } -} - -resource "aws_iam_role" "this" { - count = local.irsa_role_create ? 1 : 0 - name = local.irsa_role_name # tflint-ignore: aws_iam_role_invalid_name - assume_role_policy = data.aws_iam_policy_document.this_irsa[0].json - permissions_boundary = var.irsa_permissions_boundary - tags = var.irsa_tags -} - -resource "aws_iam_role_policy_attachment" "this" { - count = local.irsa_role_create && (local.irsa_policy_enabled || local.irsa_assume_role_enabled) ? 1 : 0 - role = aws_iam_role.this[0].name - policy_arn = aws_iam_policy.this[0].arn -} - -resource "aws_iam_role_policy_attachment" "this_additional" { - for_each = local.irsa_role_create ? var.irsa_additional_policies : {} - - role = aws_iam_role.this[0].name - policy_arn = each.value -} diff --git a/modules/addon-irsa/outputs.tf b/modules/addon-irsa/outputs.tf deleted file mode 100644 index 64a711b..0000000 --- a/modules/addon-irsa/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "irsa_role_enabled" { - description = "Whether is IRSA role enabled" - value = local.irsa_role_create -} - -output "iam_role_attributes" { - description = "IAM role attributes" - value = try(aws_iam_role.this[0], {}) -} diff --git a/modules/addon-irsa/variables.tf b/modules/addon-irsa/variables.tf deleted file mode 100644 index 9b4e997..0000000 --- a/modules/addon-irsa/variables.tf +++ /dev/null @@ -1,115 +0,0 @@ -variable "enabled" { - type = bool - default = true - description = "Set to false to prevent the module from creating any resources" -} - -# ================ IRSA variables (optional) ================ - -variable "cluster_identity_oidc_issuer" { - type = string - default = null - description = "The OIDC Identity issuer for the cluster (required)." -} - -variable "cluster_identity_oidc_issuer_arn" { - type = string - default = null - description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account (required)." -} - -variable "rbac_create" { - type = bool - default = null - description = "Whether to create and use RBAC resources. Defaults to `true`." -} - -variable "service_account_create" { - type = bool - default = null - description = "Whether to create Service Account. Defaults to `true`." -} - -variable "service_account_name" { - type = string - default = null - description = "The Kubernetes Service Account name. Defaults to addon name." -} - -variable "service_account_namespace" { - type = string - default = null - description = "The Kubernetes Service Account namespace. Defaults to addon namespace." -} - -variable "irsa_role_create" { - type = bool - default = null - description = "Whether to create IRSA role and annotate Service Account. Defaults to `true`." -} - -variable "irsa_role_name_prefix" { - type = string - default = null - description = "IRSA role name prefix. Defaults to addon IRSA component name with `irsa` suffix." -} - -variable "irsa_role_name" { - type = string - default = null - description = "IRSA role name. The value is prefixed by `var.irsa_role_name_prefix`. Defaults to addon Helm chart name." -} - -variable "irsa_policy_enabled" { - type = bool - default = null - description = "Whether to create IAM policy specified by `irsa_policy`. Mutually exclusive with `irsa_assume_role_enabled`. Defaults to `false`." -} - -variable "irsa_policy" { - type = string - default = null - description = "Policy to be attached to the IRSA role. Applied only if `irsa_policy_enabled` is `true`." -} - -variable "irsa_assume_role_enabled" { - type = bool - default = null - description = "Whether IRSA is allowed to assume role defined by `irsa_assume_role_arn`. Mutually exclusive with `irsa_policy_enabled`. Defaults to `false`." -} - -variable "irsa_assume_role_arns" { - type = list(string) - default = null - description = "List of ARNs assumable by the IRSA role. Applied only if `irsa_assume_role_enabled` is `true`. Defaults to `[]`." -} - -variable "irsa_permissions_boundary" { - type = string - default = null - description = "ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to `\"\"`." -} - -variable "irsa_additional_policies" { - type = map(string) - default = null - description = "Map of the additional policies to be attached to IRSA role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`." -} - -variable "irsa_tags" { - type = map(string) - default = null - description = "IRSA resources tags. Defaults to `{}`." -} - -variable "irsa_assume_role_policy_condition_test" { - type = string - default = "StringEquals" - description = "Specifies the condition test to use for the assume role trust policy. Defaults to `StringEquals`." -} - -variable "irsa_assume_role_policy_condition_values" { - type = list(string) - default = [] - description = "Specifies the values for the assume role trust policy condition. Each entry in this list must follow the required format `system:serviceaccount:$service_account_namespace:$service_account_name`. If this variable is left as the default, `local.irsa_assume_role_policy_condition_values_default` is used instead, which is a list containing a single value. Note that if this list is defined, the `service_account_name` and `service_account_namespace` variables are ignored." -} diff --git a/modules/addon-irsa/versions.tf b/modules/addon-irsa/versions.tf deleted file mode 100644 index 476b143..0000000 --- a/modules/addon-irsa/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.5.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5" - } - } -} diff --git a/modules/addon/.terraform.lock.hcl b/modules/addon/.terraform.lock.hcl deleted file mode 100644 index e70ba62..0000000 --- a/modules/addon/.terraform.lock.hcl +++ /dev/null @@ -1,95 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/cloudposse/utils" { - version = "1.19.2" - constraints = ">= 0.17.0" - hashes = [ - "h1:gqYR81ADrA9HeWCMnEOg/x9RIMce6dwOXOC/DxjsYto=", - "h1:yy3kB4scsoyM81yyyUMPxuJXeFvexBL5KMrCKrjrUkE=", - "h1:zeLrxuXDYEA5+hArYpigYKZJiIB57WQ3nn7VGTc0QDc=", - "zh:1002d1c3f458b569119b31eb2f732c093922b7f86aa59d999d77c3f3ca297f53", - "zh:367ca0d95bf24db1ff6632da94affe1ac0b51679e00f6ca3f1b8f927b9724c3b", - "zh:3e48ef23e276d18a88405926f39b476d40fb543859f2fcfc316f70501071c1ed", - "zh:3fe9d58ee267423e65c9c52cb486dda1eb59973f42eea9d84fe4c842108fdb73", - "zh:5e9ee6099ee56c30c3dfec935f749b3cef9ad2d4c6d8ad2cf39ee87587fc496d", - "zh:6babf986f8af41c739f1e441a4c0512262ff8bc36892f9506839b126138fce25", - "zh:6d9e659f1e18e409149ed8090ced8894317f37cdf234b34fe86b5aba354d559b", - "zh:828109b900c0fa9240bd48358423034817ab3a81d706b29d84a0e10401766ae4", - "zh:aff0d59c6ba5713a09e11a4f14dad048d787569e92ed4d6aa4b7778d39f52d31", - "zh:b7f469e47d1f94b276590809388ac216f59e1f4fb2d6b950c3f9fcbe9e4e2161", - "zh:b9003915fcbdd74c9e02ba11935daa6110516bf434bfee58f738ae3f2a595c2b", - "zh:dea118d95fe434b9089321e6db7573a882bd8b36d89fe2527e9adefa538561e1", - "zh:e18ef6d2be2cee7b8d0ac03c5eec362fd132c8f2b48da3999a280a4d778ec6ea", - "zh:f317eb941a57e6a899afa44ed6dc12a5c51228fcdf1b3043823346f3887facc9", - ] -} - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.42.0" - constraints = "~> 5.0" - hashes = [ - "h1:0lkSSlK45Qil9fO1kFy8RXVC/k6qfC4LDZIaCKnWcUc=", - "h1:Gwe5HXZYD/3M5j6LwKhp8amb1SraCR9p+G96d381RVc=", - "h1:Yxsj34z606m8wssYDHyleuBlQ9i+94MHwRs38thQPZU=", - "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", - "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", - "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", - "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", - "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", - "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", - "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", - "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", - "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", - "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", - "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", - "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", - "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.1" - constraints = ">= 2.6.0" - hashes = [ - "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", - "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", - "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", - "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", - "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", - "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", - "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", - "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", - "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", - "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", - "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", - "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", - "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", - "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.27.0" - constraints = ">= 2.20.0" - hashes = [ - "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=", - "h1:GzU0FzYAT/+IgAhnSBcFH3bT+4I5N6oSga6iZgNJAus=", - "h1:TrlG/sofnDv8kAbzKOD5pIPeUiI5VQY61NuWH+cItDw=", - "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f", - "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c", - "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef", - "zh:653063d44b44881af3a480f7f8eaa94fa300e0229df2072d30f606bddcc9f025", - "zh:87f306e37efb61d13efa6da53a1e45e97e5996ebc0568b1caf8c3c5e54c05809", - "zh:8c428b9708f9634391e52300218771eab3fe942bb1295d8c0ad50ca4b33db3d9", - "zh:a44e87119a0337ded15479851786a13f412b413d9a463ba550d1210249206b0f", - "zh:aa2c4d110b0de6ef997c0d45f3f23f8a98f5530753095d6eff439a6d91a8ea31", - "zh:eb15ed8781ac6a0dec2f7d03cf090e23cfa05e3225806c6231ff2c574662fd63", - "zh:eb81c563f93bd3303f9620d11cd49f21f3f89ac3475c6d3e821b239feb9c217d", - "zh:f1a344a7f16131123577e4ec994d04a34ea458ec16c1ccac53fe7946bd817b18", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/addon/argo-helm.tf b/modules/addon/argo-helm.tf deleted file mode 100644 index 51f754d..0000000 --- a/modules/addon/argo-helm.tf +++ /dev/null @@ -1,162 +0,0 @@ -locals { - helm_argo_application_enabled = var.enabled == true && var.argo_enabled == true && var.argo_helm_enabled == true - helm_argo_application_wait_enabled = local.helm_argo_application_enabled && try(length(keys(var.argo_kubernetes_manifest_wait_fields)) > 0, false) - helm_argo_application_values = compact([ - one(data.utils_deep_merge_yaml.argo_helm_values[*].output), - var.argo_helm_values - ]) -} - -data "utils_deep_merge_yaml" "argo_helm_values" { - count = local.helm_argo_application_enabled ? 1 : 0 - - input = compact([ - yamlencode({ - apiVersion = var.argo_apiversion - }), - yamlencode({ - spec = local.argo_application_values - }), - yamlencode({ - spec = var.argo_spec - }), - yamlencode( - local.argo_application_metadata - ) - ]) -} - -resource "helm_release" "argo_application" { - count = local.helm_argo_application_enabled ? 1 : 0 - - chart = "${path.module}/helm/argocd-application" - name = var.helm_release_name - namespace = var.argo_namespace - - values = local.helm_argo_application_values -} - -resource "kubernetes_role" "helm_argo_application_wait" { - count = local.helm_argo_application_wait_enabled ? 1 : 0 - - metadata { - name = "${var.helm_release_name}-argo-application-wait" - namespace = var.argo_namespace - labels = local.argo_application_metadata.labels - annotations = local.argo_application_metadata.annotations - } - - rule { - api_groups = ["argoproj.io"] - resources = ["applications"] - verbs = ["get", "list", "watch"] - } -} - -resource "kubernetes_role_binding" "helm_argo_application_wait" { - count = local.helm_argo_application_wait_enabled ? 1 : 0 - - metadata { - name = "${var.helm_release_name}-argo-application-wait" - namespace = var.argo_namespace - labels = local.argo_application_metadata.labels - annotations = local.argo_application_metadata.annotations - } - - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "Role" - name = one(kubernetes_role.helm_argo_application_wait[*].metadata[0].name) - } - - subject { - kind = "ServiceAccount" - name = one(kubernetes_service_account.helm_argo_application_wait[*].metadata[0].name) - namespace = one(kubernetes_service_account.helm_argo_application_wait[*].metadata[0].namespace) - } -} - -resource "kubernetes_service_account" "helm_argo_application_wait" { - count = local.helm_argo_application_wait_enabled ? 1 : 0 - - metadata { - name = "${var.helm_release_name}-argo-application-wait" - namespace = var.argo_namespace - labels = local.argo_application_metadata.labels - annotations = local.argo_application_metadata.annotations - } -} - -resource "kubernetes_job" "helm_argo_application_wait" { - count = local.helm_argo_application_wait_enabled ? 1 : 0 - - metadata { - generate_name = "${var.helm_release_name}-argo-application-wait-" - namespace = var.argo_namespace - labels = local.argo_application_metadata.labels - annotations = local.argo_application_metadata.annotations - } - - spec { - template { - metadata { - labels = local.argo_application_metadata.labels - annotations = local.argo_application_metadata.annotations - } - - spec { - service_account_name = one(kubernetes_service_account.helm_argo_application_wait[*].metadata[0].name) - - dynamic "container" { - for_each = var.argo_kubernetes_manifest_wait_fields - - content { - name = "${lower(replace(container.key, ".", "-"))}-${md5(jsonencode(local.helm_argo_application_values))}" # md5 suffix is a workaround for https://github.com/hashicorp/terraform-provider-kubernetes/issues/1325 - image = "bitnami/kubectl:latest" - command = ["/bin/bash", "-ecx"] - # Waits for ArgoCD Application to be "Healthy", see https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#wait - # i.e. kubectl wait --for=jsonpath='{.status.sync.status}'=Healthy application.argoproj.io <$addon-name> - args = [ - <<-EOT - kubectl wait \ - --namespace ${var.argo_namespace} \ - --for=jsonpath='{.${container.key}}'=${container.value} \ - --timeout=${var.argo_helm_wait_timeout} \ - application.argoproj.io ${var.helm_release_name} - EOT - ] - } - } - - node_selector = var.argo_helm_wait_node_selector - - dynamic "toleration" { - for_each = var.argo_helm_wait_tolerations - - content { - key = try(toleration.value.key, null) - operator = try(toleration.value.operator, null) - value = try(toleration.value.value, null) - effect = try(toleration.value.effect, null) - } - } - - # ArgoCD Application status fields might not be available immediately after creation - restart_policy = "OnFailure" - } - } - - backoff_limit = var.argo_helm_wait_backoff_limit - } - - wait_for_completion = true - - timeouts { - create = var.argo_helm_wait_timeout - update = var.argo_helm_wait_timeout - } - - depends_on = [ - helm_release.argo_application - ] -} diff --git a/modules/addon/argo.tf b/modules/addon/argo.tf deleted file mode 100644 index 3f7bc22..0000000 --- a/modules/addon/argo.tf +++ /dev/null @@ -1,61 +0,0 @@ -locals { - argo_application_metadata = { - labels = try(var.argo_metadata.labels, {}), - annotations = try(var.argo_metadata.annotations, {}), - finalizers = try(var.argo_metadata.finalizers, []) - } - argo_application_values = { - project = var.argo_project - source = { - repoURL = var.helm_repo_url - chart = var.helm_chart_name - targetRevision = var.helm_chart_version - helm = merge( - { - releaseName = var.helm_release_name - values = var.values - }, - length(var.settings) > 0 ? { - parameters = [for k, v in var.settings : tomap({ forceString = true, name = k, value = v })] - } : {} - ) - } - destination = { - server = var.argo_destination_server - namespace = var.namespace - } - syncPolicy = var.argo_sync_policy - info = var.argo_info - } -} - -resource "kubernetes_manifest" "this" { - count = var.enabled == true && var.argo_enabled == true && var.argo_helm_enabled == false ? 1 : 0 - - manifest = { - apiVersion = var.argo_apiversion - kind = "Application" - metadata = merge( - local.argo_application_metadata, - { - name = var.helm_release_name - namespace = var.argo_namespace - }, - ) - spec = merge( - local.argo_application_values, - var.argo_spec - ) - } - - computed_fields = var.argo_kubernetes_manifest_computed_fields - - field_manager { - name = var.argo_kubernetes_manifest_field_manager_name - force_conflicts = var.argo_kubernetes_manifest_field_manager_force_conflicts - } - - wait { - fields = var.argo_kubernetes_manifest_wait_fields - } -} diff --git a/modules/addon/helm.tf b/modules/addon/helm.tf deleted file mode 100644 index e9f3343..0000000 --- a/modules/addon/helm.tf +++ /dev/null @@ -1,66 +0,0 @@ -resource "helm_release" "this" { - count = var.enabled == true && var.argo_enabled == false ? 1 : 0 - chart = var.helm_chart_name - create_namespace = var.helm_create_namespace - namespace = var.namespace - name = var.helm_release_name - version = var.helm_chart_version - repository = var.helm_repo_url - - repository_key_file = var.helm_repo_key_file - repository_cert_file = var.helm_repo_cert_file - repository_ca_file = var.helm_repo_ca_file - repository_username = var.helm_repo_username - repository_password = var.helm_repo_password - devel = var.helm_devel - verify = var.helm_package_verify - keyring = var.helm_keyring - timeout = var.helm_timeout - disable_webhooks = var.helm_disable_webhooks - reset_values = var.helm_reset_values - reuse_values = var.helm_reuse_values - force_update = var.helm_force_update - recreate_pods = var.helm_recreate_pods - cleanup_on_fail = var.helm_cleanup_on_fail - max_history = var.helm_release_max_history - atomic = var.helm_atomic - wait = var.helm_wait - wait_for_jobs = var.helm_wait_for_jobs - skip_crds = var.helm_skip_crds - render_subchart_notes = var.helm_render_subchart_notes - disable_openapi_validation = var.helm_disable_openapi_validation - dependency_update = var.helm_dependency_update - replace = var.helm_replace - description = var.helm_description - lint = var.helm_lint - - values = compact([ - var.values - ]) - - dynamic "set" { - for_each = var.settings - - content { - name = set.key - value = set.value - } - } - - dynamic "set_sensitive" { - for_each = var.helm_set_sensitive - - content { - name = set_sensitive.key - value = set_sensitive.value - } - } - - dynamic "postrender" { - for_each = var.helm_postrender - - content { - binary_path = postrender.value - } - } -} diff --git a/modules/addon/helm/argocd-application/.helmignore b/modules/addon/helm/argocd-application/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/modules/addon/helm/argocd-application/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/modules/addon/helm/argocd-application/Chart.yaml b/modules/addon/helm/argocd-application/Chart.yaml deleted file mode 100644 index b450f61..0000000 --- a/modules/addon/helm/argocd-application/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: argocd-application -description: Helm wrapper for deploying ArgoCD application object - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 diff --git a/modules/addon/helm/argocd-application/templates/_helpers.tpl b/modules/addon/helm/argocd-application/templates/_helpers.tpl deleted file mode 100644 index 6dac3de..0000000 --- a/modules/addon/helm/argocd-application/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "argocd_application.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argocd_application.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "argocd_application.chart" -}} -{{- printf "%s" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "argocd_application.labels" -}} -helm.sh/chart: {{ include "argocd_application.chart" . }} -{{ include "argocd_application.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "argocd_application.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argocd_application.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/modules/addon/helm/argocd-application/templates/application.yaml b/modules/addon/helm/argocd-application/templates/application.yaml deleted file mode 100644 index 3117c37..0000000 --- a/modules/addon/helm/argocd-application/templates/application.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: {{ .Values.apiVersion }} -kind: Application -metadata: - name: {{ include "argocd_application.fullname" . }} - labels: - {{- include "argocd_application.labels" . | nindent 4 }} - {{- if .Values.labels }} - {{ toYaml .Values.labels | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.annotations }} - {{ toYaml .Values.annotations | indent 4 }} - {{- end }} - finalizers: - {{- if .Values.finalizers }} - {{ toYaml .Values.finalizers | indent 4 }} - {{- end }} -spec: - {{ toYaml .Values.spec | nindent 2 }} diff --git a/modules/addon/helm/argocd-application/values.yaml b/modules/addon/helm/argocd-application/values.yaml deleted file mode 100644 index 552d6da..0000000 --- a/modules/addon/helm/argocd-application/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -nameOverride: "" -fullnameOverride: "" diff --git a/modules/addon/outputs.tf b/modules/addon/outputs.tf deleted file mode 100644 index 4315b9e..0000000 --- a/modules/addon/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "helm_release_metadata" { - description = "Helm release attributes" - value = try(helm_release.this[0].metadata, {}) -} - -output "helm_release_application_metadata" { - description = "ArgoCD Application Helm release attributes" - value = try(helm_release.argo_application[0].metadata, {}) -} - -output "kubernetes_application_attributes" { - description = "ArgoCD Kubernetes manifest attributes" - value = try(kubernetes_manifest.this[0], {}) -} diff --git a/modules/addon/variables.tf b/modules/addon/variables.tf deleted file mode 100644 index f1b4d1b..0000000 --- a/modules/addon/variables.tf +++ /dev/null @@ -1,346 +0,0 @@ -variable "enabled" { - type = bool - default = true - description = "Set to false to prevent the module from creating any resources" -} - -# ================ common variables (required) ================ - -variable "helm_chart_name" { - type = string - default = null - description = "Helm chart name to be installed. Defaults to `local.addon.name` (required)." -} - -variable "helm_chart_version" { - type = string - default = null - description = "Version of the Helm chart. Defaults to `local.addon.helm_chart_version` (required)." -} - -variable "helm_release_name" { - type = string - default = null - description = "Helm release name. Defaults to `local.addon.name` (required)." -} - -variable "helm_repo_url" { - type = string - default = null - description = "Helm repository. Defaults to `local.addon.helm_repo_url` (required)." -} - -variable "helm_create_namespace" { - type = bool - default = null - description = "Create the namespace if it does not yet exist. Defaults to `true`." -} - -variable "namespace" { - type = string - default = null - description = "The Kubernetes Namespace in which the Helm chart will be installed. Defaults to `local.addon.name` (required)." -} - -variable "settings" { - type = map(any) - default = null - description = "Additional Helm sets which will be passed to the Helm chart values. Defaults to `{}`." -} - -variable "values" { - type = string - default = null - description = "Additional yaml encoded values which will be passed to the Helm chart. Defaults to `\"\"`." -} - -# ================ argo variables (required) ================ - -variable "argo_namespace" { - type = string - default = null - description = "Namespace to deploy ArgoCD application CRD to. Defaults to `\"argo\"`." -} - -variable "argo_enabled" { - type = bool - default = null - description = "If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release. Defaults to `false`." -} - -variable "argo_helm_enabled" { - type = bool - default = null - description = "If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to `false`." -} - -variable "argo_helm_wait_timeout" { - type = string - default = null - description = "Timeout for ArgoCD Application Helm release wait job. Defaults to `\"10m\"`." -} - -variable "argo_helm_wait_node_selector" { - type = map(string) - default = null - description = "Node selector for ArgoCD Application Helm release wait job. Defaults to `{}`." -} - -variable "argo_helm_wait_tolerations" { - type = list(any) - default = null - description = "Tolerations for ArgoCD Application Helm release wait job. Defaults to `[]`." -} - -variable "argo_helm_wait_backoff_limit" { - type = number - default = null - description = "Backoff limit for ArgoCD Application Helm release wait job. Defaults to `6`." -} - -variable "argo_destination_server" { - type = string - default = null - description = "Destination server for ArgoCD Application. Defaults to `\"https://kubernetes.default.svc\"`." -} - -variable "argo_project" { - type = string - default = null - description = "ArgoCD Application project. Defaults to `default`." -} - -variable "argo_info" { - type = list(object({ - name = string - value = string - })) - default = null - description = "ArgoCD info manifest parameter. Defaults to `[{name=\"terraform\",value=true}]`." -} - -variable "argo_sync_policy" { - type = any - default = null - description = "ArgoCD syncPolicy manifest parameter. Defaults to `{}`." -} - -variable "argo_metadata" { - type = any - default = null - description = "ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{finalizers=[\"resources-finalizer.argocd.argoproj.io\"]}`." -} - -variable "argo_apiversion" { - type = string - default = null - description = "ArgoCD Application apiVersion. Defaults to `\"argoproj.io/v1alpha1\"`." -} - -variable "argo_spec" { - type = any - default = null - description = "ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to `{}`." -} - -variable "argo_helm_values" { - type = string - default = null - description = "Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to `\"\"`." -} - -# ================ argo kubernetes manifest variables (required) ================ - -variable "argo_kubernetes_manifest_computed_fields" { - type = list(string) - default = null - description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `[\"metadata.labels\", \"metadata.annotations\", \"metadata.finalizers\"]`." -} - -variable "argo_kubernetes_manifest_field_manager_name" { - type = string - default = null - description = "The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to `\"Terraform\"`." -} - -variable "argo_kubernetes_manifest_field_manager_force_conflicts" { - type = bool - default = null - description = "Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to `false`." -} - -variable "argo_kubernetes_manifest_wait_fields" { - type = map(string) - default = null - description = "A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to `{}`." -} - -# ================ Helm release variables (required) ================ - -variable "helm_repo_key_file" { - type = string - default = null - description = "Helm repositories cert key file. Defaults to `\"\"`." -} - -variable "helm_repo_cert_file" { - type = string - default = null - description = "Helm repositories cert file. Defaults to `\"\"`." -} - -variable "helm_repo_ca_file" { - type = string - default = null - description = "Helm repositories CA cert file. Defaults to `\"\"`." -} - -variable "helm_repo_username" { - type = string - default = null - description = "Username for HTTP basic authentication against the Helm repository. Defaults to `\"\"`." -} - -variable "helm_repo_password" { - type = string - default = null - description = "Password for HTTP basic authentication against the Helm repository. Defaults to `\"\"`." -} - -variable "helm_devel" { - type = bool - default = null - description = "Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to `false`." -} - -variable "helm_package_verify" { - type = bool - default = null - description = "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to `false`." -} - -variable "helm_keyring" { - type = string - default = null - description = "Location of public keys used for verification. Used only if `helm_package_verify` is `true`. Defaults to `\"~/.gnupg/pubring.gpg\"`." -} - -variable "helm_timeout" { - type = number - default = null - description = "Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to `300`." -} - -variable "helm_disable_webhooks" { - type = bool - default = null - description = "Prevent Helm chart hooks from running. Defaults to `false`." -} - -variable "helm_reset_values" { - type = bool - default = null - description = "When upgrading, reset the values to the ones built into the Helm chart. Defaults to `false`." -} - -variable "helm_reuse_values" { - type = bool - default = null - description = "When upgrading, reuse the last Helm release's values and merge in any overrides. If 'helm_reset_values' is specified, this is ignored. Defaults to `false`." -} - -variable "helm_force_update" { - type = bool - default = null - description = "Force Helm resource update through delete/recreate if needed. Defaults to `false`." -} - -variable "helm_recreate_pods" { - type = bool - default = null - description = "Perform pods restart during Helm upgrade/rollback. Defaults to `false`." -} - -variable "helm_cleanup_on_fail" { - type = bool - default = null - description = "Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to `false`." -} - -variable "helm_release_max_history" { - type = number - default = null - description = "Maximum number of release versions stored per release. Defaults to `0`." -} - -variable "helm_atomic" { - type = bool - default = null - description = "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`." -} - -variable "helm_wait" { - type = bool - default = null - description = "Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to `false`." -} - -variable "helm_wait_for_jobs" { - type = bool - default = null - description = "If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to `false`." -} - -variable "helm_skip_crds" { - type = bool - default = null - description = "If set, no CRDs will be installed before Helm release. Defaults to `false`." -} - -variable "helm_render_subchart_notes" { - type = bool - default = null - description = "If set, render Helm subchart notes along with the parent. Defaults to `true`." -} - -variable "helm_disable_openapi_validation" { - type = bool - default = null - description = "If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to `false`." -} - -variable "helm_dependency_update" { - type = bool - default = null - description = "Runs Helm dependency update before installing the chart. Defaults to `false`." -} - -variable "helm_replace" { - type = bool - default = null - description = "Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`." -} - -variable "helm_description" { - type = string - default = null - description = "Set Helm release description attribute (visible in the history). Defaults to `\"\"`." -} - -variable "helm_lint" { - type = bool - default = null - description = "Run the Helm chart linter during the plan. Defaults to `false`." -} - -variable "helm_set_sensitive" { - type = map(any) - default = null - description = "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to `{}`." -} - -variable "helm_postrender" { - type = map(any) - default = null - description = "Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to `{}`." -} diff --git a/modules/addon/versions.tf b/modules/addon/versions.tf deleted file mode 100644 index d2a1597..0000000 --- a/modules/addon/versions.tf +++ /dev/null @@ -1,22 +0,0 @@ -terraform { - required_version = ">= 1.5.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20.0" - } - helm = { - source = "hashicorp/helm" - version = ">= 2.6.0" - } - utils = { - source = "cloudposse/utils" - version = ">= 0.17.0" - } - } -} diff --git a/variables.tf b/variables.tf index a7ed259..ab6ff9c 100644 --- a/variables.tf +++ b/variables.tf @@ -4,3 +4,9 @@ variable "enabled" { default = true description = "Set to false to prevent the module from creating any resources." } + +variable "exporter_config" { + type = any + default = {} + description = "The configuration for the exporter, see https://github.com/lablabs/aws-service-quotas-exporter/blob/main/config/example.yaml" +}