diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml index 47264c2..713e5f2 100644 --- a/.github/workflows/template-sync.yaml +++ b/.github/workflows/template-sync.yaml @@ -1,6 +1,8 @@ name: Template sync on: + schedule: + - cron: '0 0 * * *' # every day at midnight workflow_dispatch: permissions: @@ -25,8 +27,3 @@ jobs: pr_branch_name_prefix: "feat/universal-addon-sync" pr_title: "feat(sync): sync universal-addon changes" pr_commit_msg: "feat(sync): sync universal-addon changes" - is_allow_hooks: true - hooks: > - precommit: - commands: - - cp examples/integration/addon.tf . diff --git a/.templatesyncignore b/.templatesyncignore index 3f76ac7..6192e4e 100644 --- a/.templatesyncignore +++ b/.templatesyncignore @@ -1,11 +1,6 @@ -examples/integration +modules examples/basic/main.tf -helm -argo.tf -argo-helm.tf -helm.tf -iam.tf main.tf -outputs.tf +variables.tf README.md .secrets.baseline diff --git a/.terraform-docs.yml b/.terraform-docs.yml index adbb6c2..56c83d9 100644 --- a/.terraform-docs.yml +++ b/.terraform-docs.yml @@ -10,6 +10,7 @@ content: |- {{ .Providers }} {{ .Modules }} {{ .Resources }} + {{ include "docs/.inputs.md" }} {{ .Inputs }} {{ .Outputs }} {{ .Footer }} @@ -27,3 +28,7 @@ sections: sort: by: required + +settings: + default: false + required: false diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index ce73883..f9bceba 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudposse/utils" { - version = "1.18.0" + version = "1.19.2" constraints = ">= 0.17.0" hashes = [ - "h1:UdRh991C59aDB5nrpBN1PZzyZucsmbgvoDHq4uHKiE0=", - "zh:1a6a1f1c354a2e1f92369fd331e1578ee8942600406c83629278b1d88e857421", - "zh:35847cc6575844c05e2cbbe199e9d1190c01ed1b91dfe05b897bb6c83825debe", - "zh:3b4f263c7c4b9ab08f59577c133f7112b380487dacc1d75b2802488a53dcb23d", - "zh:42d375186f222f42274eb2343c66301ea33cc3d6220cf36ccd19caceec8c749e", - "zh:59c4444032b29bb22df5236bf768d76d280b9fb52642579c99752e5ce1c7664c", - "zh:646d85575752b76d48fd33a7528f2af02c85270ea24981008d3fb2e9eb446e3b", - "zh:888586850d55e6270d7f8f86f48488c8eb75a595f57d2b0c33ffe786b67cc7a4", - "zh:8acf6aea1cc78256187fd27d3f2935e561e4ae487123347cffcf2bd567f31693", - "zh:8f42211e88b08ed54cb7a608770533fd11e20387830c111def54efd6a24c4b90", - "zh:a0d5670d6d17267b0ef8342fde2cbaa034fa9bb79921ab0ee378df4661ef2076", - "zh:c8a940014de1d1a23bb23dbaeb909d2644f0e1379858b398b8ad173f892a9022", - "zh:d4555331bfe6a6601ece25740a2cbac240ddb72f5ebdbf26778e40e8608afc44", - "zh:f0781a219a72b93282f82bcc75a0ef5e2c2e7e4da48e0d339acc0f28d07446a6", - "zh:f9b1455886ab9716b3d243367bc26e9ac836e281894024aa1d1b7f16f886ca0b", + "h1:yy3kB4scsoyM81yyyUMPxuJXeFvexBL5KMrCKrjrUkE=", + "zh:1002d1c3f458b569119b31eb2f732c093922b7f86aa59d999d77c3f3ca297f53", + "zh:367ca0d95bf24db1ff6632da94affe1ac0b51679e00f6ca3f1b8f927b9724c3b", + "zh:3e48ef23e276d18a88405926f39b476d40fb543859f2fcfc316f70501071c1ed", + "zh:3fe9d58ee267423e65c9c52cb486dda1eb59973f42eea9d84fe4c842108fdb73", + "zh:5e9ee6099ee56c30c3dfec935f749b3cef9ad2d4c6d8ad2cf39ee87587fc496d", + "zh:6babf986f8af41c739f1e441a4c0512262ff8bc36892f9506839b126138fce25", + "zh:6d9e659f1e18e409149ed8090ced8894317f37cdf234b34fe86b5aba354d559b", + "zh:828109b900c0fa9240bd48358423034817ab3a81d706b29d84a0e10401766ae4", + "zh:aff0d59c6ba5713a09e11a4f14dad048d787569e92ed4d6aa4b7778d39f52d31", + "zh:b7f469e47d1f94b276590809388ac216f59e1f4fb2d6b950c3f9fcbe9e4e2161", + "zh:b9003915fcbdd74c9e02ba11935daa6110516bf434bfee58f738ae3f2a595c2b", + "zh:dea118d95fe434b9089321e6db7573a882bd8b36d89fe2527e9adefa538561e1", + "zh:e18ef6d2be2cee7b8d0ac03c5eec362fd132c8f2b48da3999a280a4d778ec6ea", + "zh:f317eb941a57e6a899afa44ed6dc12a5c51228fcdf1b3043823346f3887facc9", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "5.41.0" + version = "5.42.0" constraints = "~> 5.0" hashes = [ - "h1:DiX7N35G2NUQRyRGy90+gyePnhP4w77f8LrJUronotE=", - "zh:0553331a6287c146353b6daf6f71987d8c000f407b5e29d6e004ea88faec2e67", - "zh:1a11118984bb2950e8ee7ef17b0f91fc9eb4a42c8e7a9cafd7eb4aca771d06e4", - "zh:236fedd266d152a8233a7fe27ffdd99ca27d9e66a9618a988a4c3da1ac24a33f", - "zh:34bc482ea04cf30d4d216afa55eecf66854e1acf93892cb28a6b5af91d43c9b7", - "zh:39d7eb15832fe339bf46e3bab9852280762a1817bf1afc459eecd430e20e3ad5", - "zh:39fb07429c51556b05170ec2b6bd55e2487adfe1606761eaf1f2a43c4bb20e47", - "zh:71d7cd3013e2f3fa0f65194af29ee6f5fa905e0df2b72b723761dc953f4512ea", + "h1:Yxsj34z606m8wssYDHyleuBlQ9i+94MHwRs38thQPZU=", + "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", + "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", + "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", + "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", + "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", + "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", + "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", + "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", + "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9b271ae12394e7e2ce6da568b42226a146e90fd705e02a670fcb93618c4aa19f", - "zh:a884dd978859d001709681f9513ba0fbb0753d1d459a7f3434ecc5f1b8699c49", - "zh:b8c3c7dc10ae4f6143168042dcf8dee63527b103cc37abc238ea06150af38b6e", - "zh:ba94ffe0893ad60c0b70c402e163b4df2cf417e93474a9cc1a37535bba18f22d", - "zh:d5ba851d971ff8d796afd9a100acf55eaac0c197c6ab779787797ce66f419f0e", - "zh:e8c090d0c4f730c4a610dc4f0c22b177a0376d6f78679fc3f1d557b469e656f4", - "zh:ed7623acde26834672969dcb5befdb62900d9f216d32e7478a095d2b040a0ea7", + "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", + "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", + "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", + "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", + "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", ] } diff --git a/README.md b/README.md index 737167c..55814cd 100644 --- a/README.md +++ b/README.md @@ -58,106 +58,94 @@ See [Basic example](examples/basic/README.md) for further information. ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [addon](#module\_addon) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.1 | ## Resources | Name | Type | |------|------| -| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.this_additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [helm_release.argo_application](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_job.helm_argo_application_wait](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/job) | resource | -| [kubernetes_manifest.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | -| [kubernetes_role.helm_argo_application_wait](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource | -| [kubernetes_role_binding.helm_argo_application_wait](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource | -| [kubernetes_service_account.helm_argo_application_wait](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [aws_iam_policy_document.this_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.this_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [utils_deep_merge_yaml.argo_helm_values](https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml) | data source | +| [utils_deep_merge_yaml.values](https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml) | data source | +> [!IMPORTANT] +> Variables defined in [variables-addon.tf](variables-addon.tf) defaults to `null` to have them overridable by the addon configuration defined though the [`local.addon.*`](main.tf) local variable with some default values defined in [addon.tf](addon.tf). ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [argo\_apiversion](#input\_argo\_apiversion) | ArgoCD Appliction apiVersion | `string` | `null` | no | -| [argo\_destination\_server](#input\_argo\_destination\_server) | Destination server for ArgoCD Application | `string` | `null` | no | -| [argo\_enabled](#input\_argo\_enabled) | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | `bool` | `null` | no | -| [argo\_helm\_enabled](#input\_argo\_helm\_enabled) | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | `bool` | `null` | no | -| [argo\_helm\_values](#input\_argo\_helm\_values) | Value overrides to use when deploying argo application object with helm | `string` | `null` | no | -| [argo\_helm\_wait\_backoff\_limit](#input\_argo\_helm\_wait\_backoff\_limit) | Backoff limit for ArgoCD Application Helm release wait job | `number` | `null` | no | -| [argo\_helm\_wait\_node\_selector](#input\_argo\_helm\_wait\_node\_selector) | Node selector for ArgoCD Application Helm release wait job | `map(string)` | `null` | no | -| [argo\_helm\_wait\_timeout](#input\_argo\_helm\_wait\_timeout) | Timeout for ArgoCD Application Helm release wait job | `string` | `null` | no | -| [argo\_helm\_wait\_tolerations](#input\_argo\_helm\_wait\_tolerations) | Tolerations for ArgoCD Application Helm release wait job | `list(any)` | `null` | no | -| [argo\_info](#input\_argo\_info) | ArgoCD info manifest parameter | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | -| [argo\_kubernetes\_manifest\_computed\_fields](#input\_argo\_kubernetes\_manifest\_computed\_fields) | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. | `list(string)` | `null` | no | -| [argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts](#input\_argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts) | Forcibly override any field manager conflicts when applying the kubernetes manifest resource | `bool` | `null` | no | -| [argo\_kubernetes\_manifest\_field\_manager\_name](#input\_argo\_kubernetes\_manifest\_field\_manager\_name) | The name of the field manager to use when applying the kubernetes manifest resource. Defaults to Terraform | `string` | `null` | no | -| [argo\_kubernetes\_manifest\_wait\_fields](#input\_argo\_kubernetes\_manifest\_wait\_fields) | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. | `map(string)` | `null` | no | -| [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters | `any` | `null` | no | -| [argo\_namespace](#input\_argo\_namespace) | Namespace to deploy ArgoCD application CRD to | `string` | `"argo"` | no | -| [argo\_project](#input\_argo\_project) | ArgoCD Application project | `string` | `null` | no | -| [argo\_spec](#input\_argo\_spec) | ArgoCD Application spec configuration. Override or create additional spec parameters | `any` | `null` | no | -| [argo\_sync\_policy](#input\_argo\_sync\_policy) | ArgoCD syncPolicy manifest parameter | `any` | `null` | no | -| [cluster\_identity\_oidc\_issuer](#input\_cluster\_identity\_oidc\_issuer) | The OIDC Identity issuer for the cluster | `string` | `null` | no | -| [cluster\_identity\_oidc\_issuer\_arn](#input\_cluster\_identity\_oidc\_issuer\_arn) | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | `null` | no | -| [enabled](#input\_enabled) | Variable indicating whether deployment is enabled | `bool` | `true` | no | -| [helm\_atomic](#input\_helm\_atomic) | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used | `bool` | `null` | no | -| [helm\_chart\_name](#input\_helm\_chart\_name) | Helm chart name to be installed | `string` | `null` | no | -| [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart | `string` | `null` | no | -| [helm\_cleanup\_on\_fail](#input\_helm\_cleanup\_on\_fail) | Allow deletion of new resources created in this helm upgrade when upgrade fails | `bool` | `null` | no | -| [helm\_create\_namespace](#input\_helm\_create\_namespace) | Create the namespace if it does not yet exist | `bool` | `null` | no | -| [helm\_dependency\_update](#input\_helm\_dependency\_update) | Runs helm dependency update before installing the chart | `bool` | `null` | no | -| [helm\_description](#input\_helm\_description) | Set helm release description attribute (visible in the history) | `string` | `null` | no | -| [helm\_devel](#input\_helm\_devel) | Use helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored | `bool` | `null` | no | -| [helm\_disable\_openapi\_validation](#input\_helm\_disable\_openapi\_validation) | If set, the installation process will not validate rendered helm templates against the Kubernetes OpenAPI Schema | `bool` | `null` | no | -| [helm\_disable\_webhooks](#input\_helm\_disable\_webhooks) | Prevent helm chart hooks from running | `bool` | `null` | no | -| [helm\_force\_update](#input\_helm\_force\_update) | Force helm resource update through delete/recreate if needed | `bool` | `null` | no | -| [helm\_keyring](#input\_helm\_keyring) | Location of public keys used for verification. Used only if helm\_package\_verify is true | `string` | `null` | no | -| [helm\_lint](#input\_helm\_lint) | Run the helm chart linter during the plan | `bool` | `null` | no | -| [helm\_package\_verify](#input\_helm\_package\_verify) | Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart | `bool` | `null` | no | -| [helm\_postrender](#input\_helm\_postrender) | Value block with a path to a binary file to run after helm renders the manifest which can alter the manifest contents | `map(any)` | `null` | no | -| [helm\_recreate\_pods](#input\_helm\_recreate\_pods) | Perform pods restart during helm upgrade/rollback | `bool` | `null` | no | -| [helm\_release\_max\_history](#input\_helm\_release\_max\_history) | Maximum number of release versions stored per release | `number` | `null` | no | -| [helm\_release\_name](#input\_helm\_release\_name) | Helm release name | `string` | `null` | no | -| [helm\_render\_subchart\_notes](#input\_helm\_render\_subchart\_notes) | If set, render helm subchart notes along with the parent | `bool` | `null` | no | -| [helm\_replace](#input\_helm\_replace) | Re-use the given name of helm release, only if that name is a deleted release which remains in the history. This is unsafe in production | `bool` | `null` | no | -| [helm\_repo\_ca\_file](#input\_helm\_repo\_ca\_file) | Helm repositories cert file | `string` | `null` | no | -| [helm\_repo\_cert\_file](#input\_helm\_repo\_cert\_file) | Helm repositories cert file | `string` | `null` | no | -| [helm\_repo\_key\_file](#input\_helm\_repo\_key\_file) | Helm repositories cert key file | `string` | `null` | no | -| [helm\_repo\_password](#input\_helm\_repo\_password) | Password for HTTP basic authentication against the helm repository | `string` | `null` | no | -| [helm\_repo\_url](#input\_helm\_repo\_url) | Helm repository | `string` | `null` | no | -| [helm\_repo\_username](#input\_helm\_repo\_username) | Username for HTTP basic authentication against the helm repository | `string` | `null` | no | -| [helm\_reset\_values](#input\_helm\_reset\_values) | When upgrading, reset the values to the ones built into the helm chart | `bool` | `null` | no | -| [helm\_reuse\_values](#input\_helm\_reuse\_values) | When upgrading, reuse the last helm release's values and merge in any overrides. If 'helm\_reset\_values' is specified, this is ignored | `bool` | `null` | no | -| [helm\_set\_sensitive](#input\_helm\_set\_sensitive) | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff | `map(any)` | `null` | no | -| [helm\_skip\_crds](#input\_helm\_skip\_crds) | If set, no CRDs will be installed before helm release | `bool` | `null` | no | -| [helm\_timeout](#input\_helm\_timeout) | Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks) | `number` | `null` | no | -| [helm\_wait](#input\_helm\_wait) | Will wait until all helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout | `bool` | `null` | no | -| [helm\_wait\_for\_jobs](#input\_helm\_wait\_for\_jobs) | If wait is enabled, will wait until all helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout | `bool` | `null` | no | -| [irsa\_additional\_policies](#input\_irsa\_additional\_policies) | Map of the additional policies to be attached to default role. Where key is arbitrary id and value is policy ARN | `map(string)` | `null` | no | -| [irsa\_assume\_role\_arn](#input\_irsa\_assume\_role\_arn) | Assume role ARN. Assume role must be enabled. Applied only if irsa\_assume\_role\_enabled is enabled | `string` | `null` | no | -| [irsa\_assume\_role\_enabled](#input\_irsa\_assume\_role\_enabled) | Whether IRSA is allowed to assume role defined by irsa\_assume\_role\_arn. Mutually exclusive with irsa\_policy\_enabled | `bool` | `null` | no | -| [irsa\_policy](#input\_irsa\_policy) | Policy to be attached to the default role. Applied only if irsa\_policy\_enabled is enabled | `string` | `null` | no | -| [irsa\_policy\_enabled](#input\_irsa\_policy\_enabled) | Whether to create opinionated policy to allow AWS operations. Mutually exclusive with irsa\_assume\_role\_enabled | `bool` | `null` | no | -| [irsa\_role\_create](#input\_irsa\_role\_create) | Whether to create IRSA role and annotate service account | `bool` | `null` | no | -| [irsa\_role\_name\_prefix](#input\_irsa\_role\_name\_prefix) | IRSA role name prefix | `string` | `null` | no | -| [irsa\_tags](#input\_irsa\_tags) | IRSA resources tags | `map(string)` | `null` | no | -| [namespace](#input\_namespace) | The K8s namespace in which the <$addon-name> service account has been created | `string` | `null` | no | -| [rbac\_create](#input\_rbac\_create) | Whether to create and use RBAC resources | `bool` | `null` | no | -| [service\_account\_create](#input\_service\_account\_create) | Whether to create Service Account | `bool` | `null` | no | -| [service\_account\_name](#input\_service\_account\_name) | The k8s <$addon-name> service account name | `string` | `null` | no | -| [settings](#input\_settings) | Additional helm sets which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/<$addon-name> | `map(any)` | `null` | no | -| [values](#input\_values) | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/<$addon-name> | `string` | `null` | no | +| Name | Description | Type | +|------|-------------|------| +| [argo\_apiversion](#input\_argo\_apiversion) | ArgoCD Application apiVersion. Defaults to `"argoproj.io/v1alpha1"`. | `string` | +| [argo\_destination\_server](#input\_argo\_destination\_server) | Destination server for ArgoCD Application. Defaults to `"https://kubernetes.default.svc"`. | `string` | +| [argo\_enabled](#input\_argo\_enabled) | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release. Defaults to `false`. | `bool` | +| [argo\_helm\_enabled](#input\_argo\_helm\_enabled) | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to `false`. | `bool` | +| [argo\_helm\_values](#input\_argo\_helm\_values) | Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to `""`. | `string` | +| [argo\_helm\_wait\_backoff\_limit](#input\_argo\_helm\_wait\_backoff\_limit) | Backoff limit for ArgoCD Application Helm release wait job. Defaults to `6`. | `number` | +| [argo\_helm\_wait\_node\_selector](#input\_argo\_helm\_wait\_node\_selector) | Node selector for ArgoCD Application Helm release wait job. Defaults to `{}`. | `map(string)` | +| [argo\_helm\_wait\_timeout](#input\_argo\_helm\_wait\_timeout) | Timeout for ArgoCD Application Helm release wait job. Defaults to `"10m"`. | `string` | +| [argo\_helm\_wait\_tolerations](#input\_argo\_helm\_wait\_tolerations) | Tolerations for ArgoCD Application Helm release wait job. Defaults to `[]`. | `list(any)` | +| [argo\_info](#input\_argo\_info) | ArgoCD info manifest parameter. Defaults to `[{name="terraform",value=true}]`. | 
list(object({
    name  = string
    value = string
  }))
| +| [argo\_kubernetes\_manifest\_computed\_fields](#input\_argo\_kubernetes\_manifest\_computed\_fields) | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `["metadata.labels", "metadata.annotations", "metadata.finalizers"]`. | `list(string)` | +| [argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts](#input\_argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts) | Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to `false`. | `bool` | +| [argo\_kubernetes\_manifest\_field\_manager\_name](#input\_argo\_kubernetes\_manifest\_field\_manager\_name) | The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to `"Terraform"`. | `string` | +| [argo\_kubernetes\_manifest\_wait\_fields](#input\_argo\_kubernetes\_manifest\_wait\_fields) | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to `{}`. | `map(string)` | +| [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{finalizers=["resources-finalizer.argocd.argoproj.io"]}`. | `any` | +| [argo\_namespace](#input\_argo\_namespace) | Namespace to deploy ArgoCD application CRD to. Defaults to `"argo"`. | `string` | +| [argo\_project](#input\_argo\_project) | ArgoCD Application project. Defaults to `default`. | `string` | +| [argo\_spec](#input\_argo\_spec) | ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to `{}`. | `any` | +| [argo\_sync\_policy](#input\_argo\_sync\_policy) | ArgoCD syncPolicy manifest parameter. Defaults to `{}`. | `any` | +| [cluster\_identity\_oidc\_issuer](#input\_cluster\_identity\_oidc\_issuer) | The OIDC Identity issuer for the cluster. Defaults to `""`. | `string` | +| [cluster\_identity\_oidc\_issuer\_arn](#input\_cluster\_identity\_oidc\_issuer\_arn) | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account. Defaults to `""`. | `string` | +| [enabled](#input\_enabled) | Variable indicating whether deployment is enabled | `bool` | +| [helm\_atomic](#input\_helm\_atomic) | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`. | `bool` | +| [helm\_chart\_name](#input\_helm\_chart\_name) | Helm chart name to be installed. Defaults to `local.addon.name` (required). | `string` | +| [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart. Defaults to `local.addon.helm_chart_version` (required). | `string` | +| [helm\_cleanup\_on\_fail](#input\_helm\_cleanup\_on\_fail) | Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to `false`. | `bool` | +| [helm\_create\_namespace](#input\_helm\_create\_namespace) | Create the namespace if it does not yet exist. Defaults to `true`. | `bool` | +| [helm\_dependency\_update](#input\_helm\_dependency\_update) | Runs Helm dependency update before installing the chart. Defaults to `false`. | `bool` | +| [helm\_description](#input\_helm\_description) | Set Helm release description attribute (visible in the history). Defaults to `""`. | `string` | +| [helm\_devel](#input\_helm\_devel) | Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to `false`. | `bool` | +| [helm\_disable\_openapi\_validation](#input\_helm\_disable\_openapi\_validation) | If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to `false`. | `bool` | +| [helm\_disable\_webhooks](#input\_helm\_disable\_webhooks) | Prevent Helm chart hooks from running. Defaults to `false`. | `bool` | +| [helm\_force\_update](#input\_helm\_force\_update) | Force Helm resource update through delete/recreate if needed. Defaults to `false`. | `bool` | +| [helm\_keyring](#input\_helm\_keyring) | Location of public keys used for verification. Used only if `helm_package_verify` is `true`. Defaults to `"~/.gnupg/pubring.gpg"`. | `string` | +| [helm\_lint](#input\_helm\_lint) | Run the Helm chart linter during the plan. Defaults to `false`. | `bool` | +| [helm\_package\_verify](#input\_helm\_package\_verify) | Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to `false`. | `bool` | +| [helm\_postrender](#input\_helm\_postrender) | Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to `{}`. | `map(any)` | +| [helm\_recreate\_pods](#input\_helm\_recreate\_pods) | Perform pods restart during Helm upgrade/rollback. Defaults to `false`. | `bool` | +| [helm\_release\_max\_history](#input\_helm\_release\_max\_history) | Maximum number of release versions stored per release. Defaults to `0`. | `number` | +| [helm\_release\_name](#input\_helm\_release\_name) | Helm release name. Defaults to `local.addon.name` (required). | `string` | +| [helm\_render\_subchart\_notes](#input\_helm\_render\_subchart\_notes) | If set, render Helm subchart notes along with the parent. Defaults to `true`. | `bool` | +| [helm\_replace](#input\_helm\_replace) | Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`. | `bool` | +| [helm\_repo\_ca\_file](#input\_helm\_repo\_ca\_file) | Helm repositories CA cert file. Defaults to `""`. | `string` | +| [helm\_repo\_cert\_file](#input\_helm\_repo\_cert\_file) | Helm repositories cert file. Defaults to `""`. | `string` | +| [helm\_repo\_key\_file](#input\_helm\_repo\_key\_file) | Helm repositories cert key file. Defaults to `""`. | `string` | +| [helm\_repo\_password](#input\_helm\_repo\_password) | Password for HTTP basic authentication against the Helm repository. Defaults to `""`. | `string` | +| [helm\_repo\_url](#input\_helm\_repo\_url) | Helm repository. Defaults to `local.addon.helm_repo_url` (required). | `string` | +| [helm\_repo\_username](#input\_helm\_repo\_username) | Username for HTTP basic authentication against the Helm repository. Defaults to `""`. | `string` | +| [helm\_reset\_values](#input\_helm\_reset\_values) | When upgrading, reset the values to the ones built into the Helm chart. Defaults to `false`. | `bool` | +| [helm\_reuse\_values](#input\_helm\_reuse\_values) | When upgrading, reuse the last Helm release's values and merge in any overrides. If 'helm\_reset\_values' is specified, this is ignored. Defaults to `false`. | `bool` | +| [helm\_set\_sensitive](#input\_helm\_set\_sensitive) | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to `{}`. | `map(any)` | +| [helm\_skip\_crds](#input\_helm\_skip\_crds) | If set, no CRDs will be installed before Helm release. Defaults to `false`. | `bool` | +| [helm\_timeout](#input\_helm\_timeout) | Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to `300`. | `number` | +| [helm\_wait](#input\_helm\_wait) | Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to `false`. | `bool` | +| [helm\_wait\_for\_jobs](#input\_helm\_wait\_for\_jobs) | If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to `false`. | `bool` | +| [irsa\_additional\_policies](#input\_irsa\_additional\_policies) | Map of the additional policies to be attached to default role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`. | `map(string)` | +| [irsa\_assume\_role\_arn](#input\_irsa\_assume\_role\_arn) | Assume role ARN. Assume role must be enabled. Applied only if `irsa_assume_role_enabled` is `true`. Defaults to `""`. | `string` | +| [irsa\_assume\_role\_enabled](#input\_irsa\_assume\_role\_enabled) | Whether IRSA is allowed to assume role defined by `irsa_assume_role_arn`. Mutually exclusive with `irsa_policy_enabled`. Defaults to `false`. | `bool` | +| [irsa\_policy](#input\_irsa\_policy) | Policy to be attached to the default role. Applied only if `irsa_policy_enabled` is `true`. Defaults to `""`. | `string` | +| [irsa\_policy\_enabled](#input\_irsa\_policy\_enabled) | Whether to create opinionated policy to allow AWS operations. Mutually exclusive with `irsa_assume_role_enabled`. Defaults to `false`. | `bool` | +| [irsa\_role\_create](#input\_irsa\_role\_create) | Whether to create IRSA role and annotate service account. Defaults to `true`. | `bool` | +| [irsa\_role\_name\_prefix](#input\_irsa\_role\_name\_prefix) | IRSA role name prefix. Defaults to `"${local.addon.name}-irsa"`. | `string` | +| [irsa\_tags](#input\_irsa\_tags) | IRSA resources tags. Defaults to `{}`. | `map(string)` | +| [namespace](#input\_namespace) | The Kubernetes Namespace in which the Helm chart will be installed. Defaults to `local.addon.name` (required). | `string` | +| [rbac\_create](#input\_rbac\_create) | Whether to create and use RBAC resources. Defaults to `true`. | `bool` | +| [service\_account\_create](#input\_service\_account\_create) | Whether to create Service Account. Defaults to `true`. | `bool` | +| [service\_account\_name](#input\_service\_account\_name) | The Kubernetes Service Account name. Defaults to `local.addon.name` (required). | `string` | +| [settings](#input\_settings) | Additional Helm sets which will be passed to the Helm chart values. Defaults to `{}`. | `map(any)` | +| [values](#input\_values) | Additional yaml encoded values which will be passed to the Helm chart. Defaults to `""`. | `string` | ## Outputs | Name | Description | |------|-------------| -| [helm\_release\_application\_metadata](#output\_helm\_release\_application\_metadata) | ArgoCD Application Helm release attributes | -| [helm\_release\_metadata](#output\_helm\_release\_metadata) | Helm release attributes | -| [iam\_role\_attributes](#output\_iam\_role\_attributes) | IAM role attributes | -| [kubernetes\_application\_attributes](#output\_kubernetes\_application\_attributes) | ArgoCD Kubernetes manifest attributes | +| [addon](#output\_addon) | The addon module outputs | ## Contributing and reporting issues Feel free to create an issue in this repository if you have questions, suggestions or feature requests. diff --git a/examples/integration/addon.tf b/addon.tf similarity index 99% rename from examples/integration/addon.tf rename to addon.tf index de99102..d238178 100644 --- a/examples/integration/addon.tf +++ b/addon.tf @@ -1,7 +1,6 @@ # IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. module "addon" { - # tflint-ignore: terraform_module_pinned_source - source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git?ref=main" + source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon?ref=v0.0.1" enabled = var.enabled @@ -57,7 +56,7 @@ module "addon" { argo_kubernetes_manifest_field_manager_name = var.argo_kubernetes_manifest_field_manager_name != null ? var.argo_kubernetes_manifest_field_manager_name : try(local.addon.argo_kubernetes_manifest_field_manager_name, "Terraform") argo_kubernetes_manifest_wait_fields = var.argo_kubernetes_manifest_wait_fields != null ? var.argo_kubernetes_manifest_wait_fields : try(local.addon.argo_kubernetes_manifest_wait_fields, tomap({})) argo_metadata = var.argo_metadata != null ? var.argo_metadata : try(local.addon.argo_metadata, { finalizers = ["resources-finalizer.argocd.argoproj.io"] }) - argo_namespace = var.argo_namespace != null ? var.argo_namespace : try(local.addon.argo_namespace, "argocd") + argo_namespace = var.argo_namespace != null ? var.argo_namespace : try(local.addon.argo_namespace, "argoDefaults to ``.") argo_project = var.argo_project != null ? var.argo_project : try(local.addon.argo_project, "default") argo_spec = var.argo_spec != null ? var.argo_spec : try(local.addon.argo_spec, tomap({})) argo_sync_policy = var.argo_sync_policy != null ? var.argo_sync_policy : try(local.addon.argo_sync_policy, tomap({})) diff --git a/docs/.inputs.md b/docs/.inputs.md new file mode 100644 index 0000000..87dfcdf --- /dev/null +++ b/docs/.inputs.md @@ -0,0 +1,2 @@ +> [!IMPORTANT] +> Variables defined in [variables-addon.tf](variables-addon.tf) defaults to `null` to have them overridable by the addon configuration defined though the [`local.addon.*`](main.tf) local variable with some default values defined in [addon.tf](addon.tf). diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 647c350..2d19b9f 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,11 +1,11 @@ module "addon_installation_disabled" { - source = "../integration" + source = "../../" enabled = false } module "addon_installation_helm" { - source = "../integration" + source = "../../" enabled = true argo_enabled = false @@ -18,7 +18,7 @@ module "addon_installation_helm" { # Please, see README.md and Argo Kubernetes deployment method for implications of using Kubernetes installation method module "addon_installation_argo_kubernetes" { - source = "../integration" + source = "../../" enabled = true argo_enabled = true @@ -36,7 +36,7 @@ module "addon_installation_argo_kubernetes" { module "addon_installation_argo_helm" { - source = "../integration" + source = "../../" enabled = true argo_enabled = true diff --git a/examples/integration/versions.tf b/examples/integration/versions.tf deleted file mode 100644 index 9a4479c..0000000 --- a/examples/integration/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.5.0" - - required_providers { - utils = { - source = "cloudposse/utils" - version = ">= 0.17.0" - } - } -} diff --git a/main.tf b/main.tf index 1d1bbc5..6476f26 100644 --- a/main.tf +++ b/main.tf @@ -6,3 +6,18 @@ * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml) * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yml) */ +# FIXME: update addon docs above +locals { + # FIXME: add addon configuration here + addon = { + name = "universal-addon" + + helm_chart_name = "raw" + helm_chart_version = "0.1.0" + helm_repo_url = "https://lablabs.github.io" + + values = yamlencode({ + # FIXME: add default values here or remove `values` if not needed + }) + } +} diff --git a/examples/integration/.terraform.lock.hcl b/modules/addon/.terraform.lock.hcl similarity index 52% rename from examples/integration/.terraform.lock.hcl rename to modules/addon/.terraform.lock.hcl index ce73883..f9bceba 100644 --- a/examples/integration/.terraform.lock.hcl +++ b/modules/addon/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudposse/utils" { - version = "1.18.0" + version = "1.19.2" constraints = ">= 0.17.0" hashes = [ - "h1:UdRh991C59aDB5nrpBN1PZzyZucsmbgvoDHq4uHKiE0=", - "zh:1a6a1f1c354a2e1f92369fd331e1578ee8942600406c83629278b1d88e857421", - "zh:35847cc6575844c05e2cbbe199e9d1190c01ed1b91dfe05b897bb6c83825debe", - "zh:3b4f263c7c4b9ab08f59577c133f7112b380487dacc1d75b2802488a53dcb23d", - "zh:42d375186f222f42274eb2343c66301ea33cc3d6220cf36ccd19caceec8c749e", - "zh:59c4444032b29bb22df5236bf768d76d280b9fb52642579c99752e5ce1c7664c", - "zh:646d85575752b76d48fd33a7528f2af02c85270ea24981008d3fb2e9eb446e3b", - "zh:888586850d55e6270d7f8f86f48488c8eb75a595f57d2b0c33ffe786b67cc7a4", - "zh:8acf6aea1cc78256187fd27d3f2935e561e4ae487123347cffcf2bd567f31693", - "zh:8f42211e88b08ed54cb7a608770533fd11e20387830c111def54efd6a24c4b90", - "zh:a0d5670d6d17267b0ef8342fde2cbaa034fa9bb79921ab0ee378df4661ef2076", - "zh:c8a940014de1d1a23bb23dbaeb909d2644f0e1379858b398b8ad173f892a9022", - "zh:d4555331bfe6a6601ece25740a2cbac240ddb72f5ebdbf26778e40e8608afc44", - "zh:f0781a219a72b93282f82bcc75a0ef5e2c2e7e4da48e0d339acc0f28d07446a6", - "zh:f9b1455886ab9716b3d243367bc26e9ac836e281894024aa1d1b7f16f886ca0b", + "h1:yy3kB4scsoyM81yyyUMPxuJXeFvexBL5KMrCKrjrUkE=", + "zh:1002d1c3f458b569119b31eb2f732c093922b7f86aa59d999d77c3f3ca297f53", + "zh:367ca0d95bf24db1ff6632da94affe1ac0b51679e00f6ca3f1b8f927b9724c3b", + "zh:3e48ef23e276d18a88405926f39b476d40fb543859f2fcfc316f70501071c1ed", + "zh:3fe9d58ee267423e65c9c52cb486dda1eb59973f42eea9d84fe4c842108fdb73", + "zh:5e9ee6099ee56c30c3dfec935f749b3cef9ad2d4c6d8ad2cf39ee87587fc496d", + "zh:6babf986f8af41c739f1e441a4c0512262ff8bc36892f9506839b126138fce25", + "zh:6d9e659f1e18e409149ed8090ced8894317f37cdf234b34fe86b5aba354d559b", + "zh:828109b900c0fa9240bd48358423034817ab3a81d706b29d84a0e10401766ae4", + "zh:aff0d59c6ba5713a09e11a4f14dad048d787569e92ed4d6aa4b7778d39f52d31", + "zh:b7f469e47d1f94b276590809388ac216f59e1f4fb2d6b950c3f9fcbe9e4e2161", + "zh:b9003915fcbdd74c9e02ba11935daa6110516bf434bfee58f738ae3f2a595c2b", + "zh:dea118d95fe434b9089321e6db7573a882bd8b36d89fe2527e9adefa538561e1", + "zh:e18ef6d2be2cee7b8d0ac03c5eec362fd132c8f2b48da3999a280a4d778ec6ea", + "zh:f317eb941a57e6a899afa44ed6dc12a5c51228fcdf1b3043823346f3887facc9", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "5.41.0" + version = "5.42.0" constraints = "~> 5.0" hashes = [ - "h1:DiX7N35G2NUQRyRGy90+gyePnhP4w77f8LrJUronotE=", - "zh:0553331a6287c146353b6daf6f71987d8c000f407b5e29d6e004ea88faec2e67", - "zh:1a11118984bb2950e8ee7ef17b0f91fc9eb4a42c8e7a9cafd7eb4aca771d06e4", - "zh:236fedd266d152a8233a7fe27ffdd99ca27d9e66a9618a988a4c3da1ac24a33f", - "zh:34bc482ea04cf30d4d216afa55eecf66854e1acf93892cb28a6b5af91d43c9b7", - "zh:39d7eb15832fe339bf46e3bab9852280762a1817bf1afc459eecd430e20e3ad5", - "zh:39fb07429c51556b05170ec2b6bd55e2487adfe1606761eaf1f2a43c4bb20e47", - "zh:71d7cd3013e2f3fa0f65194af29ee6f5fa905e0df2b72b723761dc953f4512ea", + "h1:Yxsj34z606m8wssYDHyleuBlQ9i+94MHwRs38thQPZU=", + "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", + "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", + "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", + "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", + "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", + "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", + "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", + "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", + "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9b271ae12394e7e2ce6da568b42226a146e90fd705e02a670fcb93618c4aa19f", - "zh:a884dd978859d001709681f9513ba0fbb0753d1d459a7f3434ecc5f1b8699c49", - "zh:b8c3c7dc10ae4f6143168042dcf8dee63527b103cc37abc238ea06150af38b6e", - "zh:ba94ffe0893ad60c0b70c402e163b4df2cf417e93474a9cc1a37535bba18f22d", - "zh:d5ba851d971ff8d796afd9a100acf55eaac0c197c6ab779787797ce66f419f0e", - "zh:e8c090d0c4f730c4a610dc4f0c22b177a0376d6f78679fc3f1d557b469e656f4", - "zh:ed7623acde26834672969dcb5befdb62900d9f216d32e7478a095d2b040a0ea7", + "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", + "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", + "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", + "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", + "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", ] } diff --git a/argo-helm.tf b/modules/addon/argo-helm.tf similarity index 100% rename from argo-helm.tf rename to modules/addon/argo-helm.tf diff --git a/argo.tf b/modules/addon/argo.tf similarity index 100% rename from argo.tf rename to modules/addon/argo.tf diff --git a/helm.tf b/modules/addon/helm.tf similarity index 100% rename from helm.tf rename to modules/addon/helm.tf diff --git a/helm/argocd-application/.helmignore b/modules/addon/helm/argocd-application/.helmignore similarity index 100% rename from helm/argocd-application/.helmignore rename to modules/addon/helm/argocd-application/.helmignore diff --git a/helm/argocd-application/Chart.yaml b/modules/addon/helm/argocd-application/Chart.yaml similarity index 100% rename from helm/argocd-application/Chart.yaml rename to modules/addon/helm/argocd-application/Chart.yaml diff --git a/helm/argocd-application/templates/_helpers.tpl b/modules/addon/helm/argocd-application/templates/_helpers.tpl similarity index 100% rename from helm/argocd-application/templates/_helpers.tpl rename to modules/addon/helm/argocd-application/templates/_helpers.tpl diff --git a/helm/argocd-application/templates/application.yaml b/modules/addon/helm/argocd-application/templates/application.yaml similarity index 100% rename from helm/argocd-application/templates/application.yaml rename to modules/addon/helm/argocd-application/templates/application.yaml diff --git a/helm/argocd-application/values.yaml b/modules/addon/helm/argocd-application/values.yaml similarity index 100% rename from helm/argocd-application/values.yaml rename to modules/addon/helm/argocd-application/values.yaml diff --git a/iam.tf b/modules/addon/iam.tf similarity index 100% rename from iam.tf rename to modules/addon/iam.tf diff --git a/examples/integration/main.tf b/modules/addon/main.tf similarity index 70% rename from examples/integration/main.tf rename to modules/addon/main.tf index 0a49d4f..1d1bbc5 100644 --- a/examples/integration/main.tf +++ b/modules/addon/main.tf @@ -6,16 +6,3 @@ * [![Terraform validate](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/validate.yaml) * [![pre-commit](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/lablabs/terraform-aws-eks-universal-addon/actions/workflows/pre-commit.yml) */ -locals { - addon = { - name = "universal-addon" - - helm_chart_name = "raw" - helm_chart_version = "0.1.0" - helm_repo_url = "https://lablabs.github.io" - - values = yamlencode({ - # add default values here - }) - } -} diff --git a/modules/addon/outputs.tf b/modules/addon/outputs.tf new file mode 100644 index 0000000..ec34888 --- /dev/null +++ b/modules/addon/outputs.tf @@ -0,0 +1,19 @@ +output "helm_release_metadata" { + description = "Helm release attributes" + value = try(helm_release.this[0].metadata, {}) +} + +output "helm_release_application_metadata" { + description = "ArgoCD Application Helm release attributes" + value = try(helm_release.argo_application[0].metadata, {}) +} + +output "kubernetes_application_attributes" { + description = "ArgoCD Kubernetes manifest attributes" + value = try(kubernetes_manifest.this[0], {}) +} + +output "iam_role_attributes" { + description = "IAM role attributes" + value = try(aws_iam_role.this[0], {}) +} diff --git a/examples/integration/variables.tf b/modules/addon/variables.tf similarity index 100% rename from examples/integration/variables.tf rename to modules/addon/variables.tf diff --git a/modules/addon/versions.tf b/modules/addon/versions.tf new file mode 100644 index 0000000..d2a1597 --- /dev/null +++ b/modules/addon/versions.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.5.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.20.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.6.0" + } + utils = { + source = "cloudposse/utils" + version = ">= 0.17.0" + } + } +} diff --git a/outputs.tf b/outputs.tf index ec34888..f31e55c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,19 +1,5 @@ -output "helm_release_metadata" { - description = "Helm release attributes" - value = try(helm_release.this[0].metadata, {}) -} - -output "helm_release_application_metadata" { - description = "ArgoCD Application Helm release attributes" - value = try(helm_release.argo_application[0].metadata, {}) -} - -output "kubernetes_application_attributes" { - description = "ArgoCD Kubernetes manifest attributes" - value = try(kubernetes_manifest.this[0], {}) -} - -output "iam_role_attributes" { - description = "IAM role attributes" - value = try(aws_iam_role.this[0], {}) +# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. +output "addon" { + description = "The addon module outputs" + value = module.addon } diff --git a/variables-addon.tf b/variables-addon.tf new file mode 100644 index 0000000..f7a8889 --- /dev/null +++ b/variables-addon.tf @@ -0,0 +1,428 @@ +# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. +variable "enabled" { + type = bool + default = true + description = "Variable indicating whether deployment is enabled" +} + +# ================ common variables (required) ================ + +variable "helm_chart_name" { + type = string + default = null + description = "Helm chart name to be installed. Defaults to `local.addon.name` (required)." +} + +variable "helm_chart_version" { + type = string + default = null + description = "Version of the Helm chart. Defaults to `local.addon.helm_chart_version` (required)." +} + +variable "helm_release_name" { + type = string + default = null + description = "Helm release name. Defaults to `local.addon.name` (required)." +} + +variable "helm_repo_url" { + type = string + default = null + description = "Helm repository. Defaults to `local.addon.helm_repo_url` (required)." +} + +variable "helm_create_namespace" { + type = bool + default = null + description = "Create the namespace if it does not yet exist. Defaults to `true`." +} + +variable "namespace" { + type = string + default = null + description = "The Kubernetes Namespace in which the Helm chart will be installed. Defaults to `local.addon.name` (required)." +} + +variable "settings" { + type = map(any) + default = null + description = "Additional Helm sets which will be passed to the Helm chart values. Defaults to `{}`." +} + +variable "values" { + type = string + default = null + description = "Additional yaml encoded values which will be passed to the Helm chart. Defaults to `\"\"`." +} + +# ================ IRSA variables (optional) ================ + + +variable "cluster_identity_oidc_issuer" { + type = string + default = null + description = "The OIDC Identity issuer for the cluster. Defaults to `\"\"`." +} + +variable "cluster_identity_oidc_issuer_arn" { + type = string + default = null + description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account. Defaults to `\"\"`." +} + +variable "rbac_create" { + type = bool + default = null + description = "Whether to create and use RBAC resources. Defaults to `true`." +} + +variable "service_account_create" { + type = bool + default = null + description = "Whether to create Service Account. Defaults to `true`." +} + +variable "service_account_name" { + type = string + default = null + description = "The Kubernetes Service Account name. Defaults to `local.addon.name` (required)." +} + +variable "irsa_role_create" { + type = bool + default = null + description = "Whether to create IRSA role and annotate service account. Defaults to `true`." +} + +variable "irsa_policy_enabled" { + type = bool + default = null + description = "Whether to create opinionated policy to allow AWS operations. Mutually exclusive with `irsa_assume_role_enabled`. Defaults to `false`." +} + +variable "irsa_policy" { + type = string + default = null + description = "Policy to be attached to the default role. Applied only if `irsa_policy_enabled` is `true`. Defaults to `\"\"`." +} + +variable "irsa_assume_role_enabled" { + type = bool + default = null + description = "Whether IRSA is allowed to assume role defined by `irsa_assume_role_arn`. Mutually exclusive with `irsa_policy_enabled`. Defaults to `false`." +} + +variable "irsa_assume_role_arn" { + type = string + default = null + description = "Assume role ARN. Assume role must be enabled. Applied only if `irsa_assume_role_enabled` is `true`. Defaults to `\"\"`." +} + +variable "irsa_additional_policies" { + type = map(string) + default = null + description = "Map of the additional policies to be attached to default role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`." +} + +variable "irsa_role_name_prefix" { + type = string + default = null + description = "IRSA role name prefix. Defaults to `\"$${local.addon.name}-irsa\"`." +} + +variable "irsa_tags" { + type = map(string) + default = null + description = "IRSA resources tags. Defaults to `{}`." +} + +# ================ argo variables (required) ================ + +variable "argo_namespace" { + type = string + default = null + description = "Namespace to deploy ArgoCD application CRD to. Defaults to `\"argo\"`." +} + +variable "argo_enabled" { + type = bool + default = null + description = "If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release. Defaults to `false`." +} + +variable "argo_helm_enabled" { + type = bool + default = null + description = "If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to `false`." +} + +variable "argo_helm_wait_timeout" { + type = string + default = null + description = "Timeout for ArgoCD Application Helm release wait job. Defaults to `\"10m\"`." +} + +variable "argo_helm_wait_node_selector" { + type = map(string) + default = null + description = "Node selector for ArgoCD Application Helm release wait job. Defaults to `{}`." +} + +variable "argo_helm_wait_tolerations" { + type = list(any) + default = null + description = "Tolerations for ArgoCD Application Helm release wait job. Defaults to `[]`." +} + +variable "argo_helm_wait_backoff_limit" { + type = number + default = null + description = "Backoff limit for ArgoCD Application Helm release wait job. Defaults to `6`." +} + +variable "argo_destination_server" { + type = string + default = null + description = "Destination server for ArgoCD Application. Defaults to `\"https://kubernetes.default.svc\"`." +} + +variable "argo_project" { + type = string + default = null + description = "ArgoCD Application project. Defaults to `default`." +} + +variable "argo_info" { + type = list(object({ + name = string + value = string + })) + default = null + description = "ArgoCD info manifest parameter. Defaults to `[{name=\"terraform\",value=true}]`." +} + +variable "argo_sync_policy" { + type = any + default = null + description = "ArgoCD syncPolicy manifest parameter. Defaults to `{}`." +} + +variable "argo_metadata" { + type = any + default = null + description = "ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{finalizers=[\"resources-finalizer.argocd.argoproj.io\"]}`." +} + +variable "argo_apiversion" { + type = string + default = null + description = "ArgoCD Application apiVersion. Defaults to `\"argoproj.io/v1alpha1\"`." +} + +variable "argo_spec" { + type = any + default = null + description = "ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to `{}`." +} + +variable "argo_helm_values" { + type = string + default = null + description = "Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to `\"\"`." +} + +# ================ argo kubernetes manifest variables (required) ================ + +variable "argo_kubernetes_manifest_computed_fields" { + type = list(string) + default = null + description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `[\"metadata.labels\", \"metadata.annotations\", \"metadata.finalizers\"]`." +} + +variable "argo_kubernetes_manifest_field_manager_name" { + type = string + default = null + description = "The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to `\"Terraform\"`." +} + +variable "argo_kubernetes_manifest_field_manager_force_conflicts" { + type = bool + default = null + description = "Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to `false`." +} + +variable "argo_kubernetes_manifest_wait_fields" { + type = map(string) + default = null + description = "A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to `{}`." +} + +# ================ Helm release variables (required) ================ + +variable "helm_repo_key_file" { + type = string + default = null + description = "Helm repositories cert key file. Defaults to `\"\"`." +} + +variable "helm_repo_cert_file" { + type = string + default = null + description = "Helm repositories cert file. Defaults to `\"\"`." +} + +variable "helm_repo_ca_file" { + type = string + default = null + description = "Helm repositories CA cert file. Defaults to `\"\"`." +} + +variable "helm_repo_username" { + type = string + default = null + description = "Username for HTTP basic authentication against the Helm repository. Defaults to `\"\"`." +} + +variable "helm_repo_password" { + type = string + default = null + description = "Password for HTTP basic authentication against the Helm repository. Defaults to `\"\"`." +} + +variable "helm_devel" { + type = bool + default = null + description = "Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to `false`." +} + +variable "helm_package_verify" { + type = bool + default = null + description = "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to `false`." +} + +variable "helm_keyring" { + type = string + default = null + description = "Location of public keys used for verification. Used only if `helm_package_verify` is `true`. Defaults to `\"~/.gnupg/pubring.gpg\"`." +} + +variable "helm_timeout" { + type = number + default = null + description = "Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to `300`." +} + +variable "helm_disable_webhooks" { + type = bool + default = null + description = "Prevent Helm chart hooks from running. Defaults to `false`." +} + +variable "helm_reset_values" { + type = bool + default = null + description = "When upgrading, reset the values to the ones built into the Helm chart. Defaults to `false`." +} + +variable "helm_reuse_values" { + type = bool + default = null + description = "When upgrading, reuse the last Helm release's values and merge in any overrides. If 'helm_reset_values' is specified, this is ignored. Defaults to `false`." +} + +variable "helm_force_update" { + type = bool + default = null + description = "Force Helm resource update through delete/recreate if needed. Defaults to `false`." +} + +variable "helm_recreate_pods" { + type = bool + default = null + description = "Perform pods restart during Helm upgrade/rollback. Defaults to `false`." +} + +variable "helm_cleanup_on_fail" { + type = bool + default = null + description = "Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to `false`." +} + +variable "helm_release_max_history" { + type = number + default = null + description = "Maximum number of release versions stored per release. Defaults to `0`." +} + +variable "helm_atomic" { + type = bool + default = null + description = "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to `false`." +} + +variable "helm_wait" { + type = bool + default = null + description = "Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to `false`." +} + +variable "helm_wait_for_jobs" { + type = bool + default = null + description = "If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to `false`." +} + +variable "helm_skip_crds" { + type = bool + default = null + description = "If set, no CRDs will be installed before Helm release. Defaults to `false`." +} + +variable "helm_render_subchart_notes" { + type = bool + default = null + description = "If set, render Helm subchart notes along with the parent. Defaults to `true`." +} + +variable "helm_disable_openapi_validation" { + type = bool + default = null + description = "If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to `false`." +} + +variable "helm_dependency_update" { + type = bool + default = null + description = "Runs Helm dependency update before installing the chart. Defaults to `false`." +} + +variable "helm_replace" { + type = bool + default = null + description = "Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to `false`." +} + +variable "helm_description" { + type = string + default = null + description = "Set Helm release description attribute (visible in the history). Defaults to `\"\"`." +} + +variable "helm_lint" { + type = bool + default = null + description = "Run the Helm chart linter during the plan. Defaults to `false`." +} + +variable "helm_set_sensitive" { + type = map(any) + default = null + description = "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to `{}`." +} + +variable "helm_postrender" { + type = map(any) + default = null + description = "Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to `{}`." +} diff --git a/variables.tf b/variables.tf index 43a16a0..4242ad2 100644 --- a/variables.tf +++ b/variables.tf @@ -1,428 +1 @@ -# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. -variable "enabled" { - type = bool - default = true - description = "Variable indicating whether deployment is enabled" -} - -# ================ common variables (required) ================ - -variable "helm_chart_name" { - type = string - default = null - description = "Helm chart name to be installed" -} - -variable "helm_chart_version" { - type = string - default = null - description = "Version of the Helm chart" -} - -variable "helm_release_name" { - type = string - default = null - description = "Helm release name" -} - -variable "helm_repo_url" { - type = string - default = null - description = "Helm repository" -} - -variable "helm_create_namespace" { - type = bool - default = null - description = "Create the namespace if it does not yet exist" -} - -variable "namespace" { - type = string - default = null - description = "The K8s namespace in which the <$addon-name> service account has been created" -} - -variable "settings" { - type = map(any) - default = null - description = "Additional helm sets which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/<$addon-name>" -} - -variable "values" { - type = string - default = null - description = "Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/<$addon-name>" -} - -# ================ IRSA variables (optional) ================ - - -variable "cluster_identity_oidc_issuer" { - type = string - default = null - description = "The OIDC Identity issuer for the cluster" -} - -variable "cluster_identity_oidc_issuer_arn" { - type = string - default = null - description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account" -} - -variable "rbac_create" { - type = bool - default = null - description = "Whether to create and use RBAC resources" -} - -variable "service_account_create" { - type = bool - default = null - description = "Whether to create Service Account" -} - -variable "service_account_name" { - type = string - default = null - description = "The k8s <$addon-name> service account name" -} - -variable "irsa_role_create" { - type = bool - default = null - description = "Whether to create IRSA role and annotate service account" -} - -variable "irsa_policy_enabled" { - type = bool - default = null - description = "Whether to create opinionated policy to allow AWS operations. Mutually exclusive with irsa_assume_role_enabled" -} - -variable "irsa_policy" { - type = string - default = null - description = "Policy to be attached to the default role. Applied only if irsa_policy_enabled is enabled" -} - -variable "irsa_assume_role_enabled" { - type = bool - default = null - description = "Whether IRSA is allowed to assume role defined by irsa_assume_role_arn. Mutually exclusive with irsa_policy_enabled" -} - -variable "irsa_assume_role_arn" { - type = string - default = null - description = "Assume role ARN. Assume role must be enabled. Applied only if irsa_assume_role_enabled is enabled" -} - -variable "irsa_additional_policies" { - type = map(string) - default = null - description = "Map of the additional policies to be attached to default role. Where key is arbitrary id and value is policy ARN" -} - -variable "irsa_role_name_prefix" { - type = string - default = null - description = "IRSA role name prefix" -} - -variable "irsa_tags" { - type = map(string) - default = null - description = "IRSA resources tags" -} - -# ================ argo variables (required) ================ - -variable "argo_namespace" { - type = string - default = "argo" - description = "Namespace to deploy ArgoCD application CRD to" -} - -variable "argo_enabled" { - type = bool - default = null - description = "If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release" -} - -variable "argo_helm_enabled" { - type = bool - default = null - description = "If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info" -} - -variable "argo_helm_wait_timeout" { - type = string - default = null - description = "Timeout for ArgoCD Application Helm release wait job" -} - -variable "argo_helm_wait_node_selector" { - type = map(string) - default = null - description = "Node selector for ArgoCD Application Helm release wait job" -} - -variable "argo_helm_wait_tolerations" { - type = list(any) - default = null - description = "Tolerations for ArgoCD Application Helm release wait job" -} - -variable "argo_helm_wait_backoff_limit" { - type = number - default = null - description = "Backoff limit for ArgoCD Application Helm release wait job" -} - -variable "argo_destination_server" { - type = string - default = null - description = "Destination server for ArgoCD Application" -} - -variable "argo_project" { - type = string - default = null - description = "ArgoCD Application project" -} - -variable "argo_info" { - type = list(object({ - name = string - value = string - })) - default = null - description = "ArgoCD info manifest parameter" -} - -variable "argo_sync_policy" { - type = any - description = "ArgoCD syncPolicy manifest parameter" - default = null -} - -variable "argo_metadata" { - type = any - default = null - description = "ArgoCD Application metadata configuration. Override or create additional metadata parameters" -} - -variable "argo_apiversion" { - type = string - default = null - description = "ArgoCD Appliction apiVersion" -} - -variable "argo_spec" { - type = any - default = null - description = "ArgoCD Application spec configuration. Override or create additional spec parameters" -} - -variable "argo_helm_values" { - type = string - default = null - description = "Value overrides to use when deploying argo application object with helm" -} - -# ================ argo kubernetes manifest variables (required) ================ - -variable "argo_kubernetes_manifest_computed_fields" { - type = list(string) - default = null - description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply." -} - -variable "argo_kubernetes_manifest_field_manager_name" { - type = string - default = null - description = "The name of the field manager to use when applying the kubernetes manifest resource. Defaults to Terraform" -} - -variable "argo_kubernetes_manifest_field_manager_force_conflicts" { - type = bool - default = null - description = "Forcibly override any field manager conflicts when applying the kubernetes manifest resource" -} - -variable "argo_kubernetes_manifest_wait_fields" { - type = map(string) - default = null - description = "A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value." -} - -# ================ helm release variables (required) ================ - -variable "helm_repo_key_file" { - type = string - default = null - description = "Helm repositories cert key file" -} - -variable "helm_repo_cert_file" { - type = string - default = null - description = "Helm repositories cert file" -} - -variable "helm_repo_ca_file" { - type = string - default = null - description = "Helm repositories cert file" -} - -variable "helm_repo_username" { - type = string - default = null - description = "Username for HTTP basic authentication against the helm repository" -} - -variable "helm_repo_password" { - type = string - default = null - description = "Password for HTTP basic authentication against the helm repository" -} - -variable "helm_devel" { - type = bool - default = null - description = "Use helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored" -} - -variable "helm_package_verify" { - type = bool - default = null - description = "Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart" -} - -variable "helm_keyring" { - type = string - default = null - description = "Location of public keys used for verification. Used only if helm_package_verify is true" -} - -variable "helm_timeout" { - type = number - default = null - description = "Time in seconds to wait for any individual kubernetes operation (like Jobs for hooks)" -} - -variable "helm_disable_webhooks" { - type = bool - default = null - description = "Prevent helm chart hooks from running" -} - -variable "helm_reset_values" { - type = bool - default = null - description = "When upgrading, reset the values to the ones built into the helm chart" -} - -variable "helm_reuse_values" { - type = bool - default = null - description = "When upgrading, reuse the last helm release's values and merge in any overrides. If 'helm_reset_values' is specified, this is ignored" -} - -variable "helm_force_update" { - type = bool - default = null - description = "Force helm resource update through delete/recreate if needed" -} - -variable "helm_recreate_pods" { - type = bool - default = null - description = "Perform pods restart during helm upgrade/rollback" -} - -variable "helm_cleanup_on_fail" { - type = bool - default = null - description = "Allow deletion of new resources created in this helm upgrade when upgrade fails" -} - -variable "helm_release_max_history" { - type = number - default = null - description = "Maximum number of release versions stored per release" -} - -variable "helm_atomic" { - type = bool - default = null - description = "If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used" -} - -variable "helm_wait" { - type = bool - default = null - description = "Will wait until all helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout" -} - -variable "helm_wait_for_jobs" { - type = bool - default = null - description = "If wait is enabled, will wait until all helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout" -} - -variable "helm_skip_crds" { - type = bool - default = null - description = "If set, no CRDs will be installed before helm release" -} - -variable "helm_render_subchart_notes" { - type = bool - default = null - description = "If set, render helm subchart notes along with the parent" -} - -variable "helm_disable_openapi_validation" { - type = bool - default = null - description = "If set, the installation process will not validate rendered helm templates against the Kubernetes OpenAPI Schema" -} - -variable "helm_dependency_update" { - type = bool - default = null - description = "Runs helm dependency update before installing the chart" -} - -variable "helm_replace" { - type = bool - default = null - description = "Re-use the given name of helm release, only if that name is a deleted release which remains in the history. This is unsafe in production" -} - -variable "helm_description" { - type = string - default = null - description = "Set helm release description attribute (visible in the history)" -} - -variable "helm_lint" { - type = bool - default = null - description = "Run the helm chart linter during the plan" -} - -variable "helm_set_sensitive" { - type = map(any) - default = null - description = "Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff" -} - -variable "helm_postrender" { - type = map(any) - default = null - description = "Value block with a path to a binary file to run after helm renders the manifest which can alter the manifest contents" -} +# IMPORTANT: Add addon specific variables here diff --git a/versions.tf b/versions.tf index d2a1597..58a9f12 100644 --- a/versions.tf +++ b/versions.tf @@ -1,3 +1,4 @@ +# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module. terraform { required_version = ">= 1.5.0"