Skip to content

Commit

Permalink
Refactor csi secrets store provider addon for v5
Browse files Browse the repository at this point in the history
  • Loading branch information
@fcarta29
fcarta29 committed Apr 27, 2023
1 parent 8cfa9c5 commit 693655d
Show file tree
Hide file tree
Showing 9 changed files with 105 additions and 190 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Please note: not all addons will be supported as they are today in the main EKS
| <a name="module_cloudwatch_metrics"></a> [cloudwatch\_metrics](#module\_cloudwatch\_metrics) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_cluster_autoscaler"></a> [cluster\_autoscaler](#module\_cluster\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#module\_cluster\_proportional\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/csi-secrets-store-provider-aws | n/a |
| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_efs_csi_driver"></a> [efs\_csi\_driver](#module\_efs\_csi\_driver) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./modules/eks-blueprints-addon | n/a |
| <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./modules/eks-blueprints-addon | n/a |
Expand Down Expand Up @@ -108,7 +108,7 @@ Please note: not all addons will be supported as they are today in the main EKS
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
| <a name="input_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#input\_cluster\_proportional\_autoscaler) | Cluster Proportional Autoscaler add-on configurations | `any` | `{}` | no |
| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`) | `string` | n/a | yes |
| <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
| <a name="input_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#input\_csi\_secrets\_store\_provider\_aws) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |
| <a name="input_efs_csi_driver"></a> [efs\_csi\_driver](#input\_efs\_csi\_driver) | EFS CSI Driver addon configuration values | `any` | `{}` | no |
| <a name="input_eks_addons"></a> [eks\_addons](#input\_eks\_addons) | Map of EKS addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | `any` | `{}` | no |
| <a name="input_eks_addons_timeouts"></a> [eks\_addons\_timeouts](#input\_eks\_addons\_timeouts) | Create, update, and delete timeout configurations for the EKS addons | `map(string)` | `{}` | no |
Expand All @@ -123,6 +123,7 @@ Please note: not all addons will be supported as they are today in the main EKS
| <a name="input_enable_cloudwatch_metrics"></a> [enable\_cloudwatch\_metrics](#input\_enable\_cloudwatch\_metrics) | Enable AWS Cloudwatch Metrics add-on for Container Insights | `bool` | `false` | no |
| <a name="input_enable_cluster_autoscaler"></a> [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Enable Cluster autoscaler add-on | `bool` | `false` | no |
| <a name="input_enable_cluster_proportional_autoscaler"></a> [enable\_cluster\_proportional\_autoscaler](#input\_enable\_cluster\_proportional\_autoscaler) | Enable Cluster Proportional Autoscaler | `bool` | `false` | no |
| <a name="input_enable_csi_secrets_store_provider_aws"></a> [enable\_csi\_secrets\_store\_provider\_aws](#input\_enable\_csi\_secrets\_store\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
| <a name="input_enable_efs_csi_driver"></a> [enable\_efs\_csi\_driver](#input\_enable\_efs\_csi\_driver) | Enable AWS EFS CSI Driver add-on | `bool` | `false` | no |
| <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | Enable external-dns operator add-on | `bool` | `false` | no |
| <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |
Expand All @@ -134,7 +135,6 @@ Please note: not all addons will be supported as they are today in the main EKS
| <a name="input_enable_kube_prometheus_stack"></a> [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Kube Prometheus Stack | `bool` | `false` | no |
| <a name="input_enable_metrics_server"></a> [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no |
| <a name="input_enable_secrets_store_csi_driver"></a> [enable\_secrets\_store\_csi\_driver](#input\_enable\_secrets\_store\_csi\_driver) | Enable CSI Secrets Store Provider | `bool` | `false` | no |
| <a name="input_enable_secrets_store_csi_driver_provider_aws"></a> [enable\_secrets\_store\_csi\_driver\_provider\_aws](#input\_enable\_secrets\_store\_csi\_driver\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
| <a name="input_enable_velero"></a> [enable\_velero](#input\_enable\_velero) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
| <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |
| <a name="input_external_dns"></a> [external\_dns](#input\_external\_dns) | external-dns addon configuration values | `any` | `{}` | no |
Expand Down
74 changes: 67 additions & 7 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2108,6 +2108,73 @@ module "secrets_store_csi_driver" {
tags = var.tags
}


################################################################################
# CSI Secrets Store Provider AWS
################################################################################

locals {
csi_secrets_store_provider_aws_name = "secrets-store-csi-driver-provider-aws"
csi_secrets_store_provider_aws_service_account = try(var.csi_secrets_store_provider_aws.service_account_name, "${local.csi_secrets_store_provider_aws_name}-sa")
}

module "csi_secrets_store_provider_aws" {

# source = "aws-ia/eks-blueprints-addon/aws"
source = "./modules/eks-blueprints-addon"

create = var.enable_csi_secrets_store_provider_aws

# https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
name = try(var.csi_secrets_store_provider_aws.name, local.csi_secrets_store_provider_aws_name)
description = try(var.csi_secrets_store_provider_aws.description, "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster.")
namespace = try(var.csi_secrets_store_provider_aws.namespace, "kube-system")
create_namespace = try(var.csi_secrets_store_provider_aws.create_namespace, false)
chart = "secrets-store-csi-driver-provider-aws"
chart_version = try(var.csi_secrets_store_provider_aws.chart_version, "0.3.2")
repository = try(var.csi_secrets_store_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws")
values = try(var.csi_secrets_store_provider_aws.values, [])

timeout = try(var.csi_secrets_store_provider_aws.timeout, null)
repository_key_file = try(var.csi_secrets_store_provider_aws.repository_key_file, null)
repository_cert_file = try(var.csi_secrets_store_provider_aws.repository_cert_file, null)
repository_ca_file = try(var.csi_secrets_store_provider_aws.repository_ca_file, null)
repository_username = try(var.csi_secrets_store_provider_aws.repository_username, null)
repository_password = try(var.csi_secrets_store_provider_aws.repository_password, null)
devel = try(var.csi_secrets_store_provider_aws.devel, null)
verify = try(var.csi_secrets_store_provider_aws.verify, null)
keyring = try(var.csi_secrets_store_provider_aws.keyring, null)
disable_webhooks = try(var.csi_secrets_store_provider_aws.disable_webhooks, null)
reuse_values = try(var.csi_secrets_store_provider_aws.reuse_values, null)
reset_values = try(var.csi_secrets_store_provider_aws.reset_values, null)
force_update = try(var.csi_secrets_store_provider_aws.force_update, null)
recreate_pods = try(var.csi_secrets_store_provider_aws.recreate_pods, null)
cleanup_on_fail = try(var.csi_secrets_store_provider_aws.cleanup_on_fail, null)
max_history = try(var.csi_secrets_store_provider_aws.max_history, null)
atomic = try(var.csi_secrets_store_provider_aws.atomic, null)
skip_crds = try(var.csi_secrets_store_provider_aws.skip_crds, null)
render_subchart_notes = try(var.csi_secrets_store_provider_aws.render_subchart_notes, null)
disable_openapi_validation = try(var.csi_secrets_store_provider_aws.disable_openapi_validation, null)
wait = try(var.csi_secrets_store_provider_aws.wait, null)
wait_for_jobs = try(var.csi_secrets_store_provider_aws.wait_for_jobs, null)
dependency_update = try(var.csi_secrets_store_provider_aws.dependency_update, null)
replace = try(var.csi_secrets_store_provider_aws.replace, null)
lint = try(var.csi_secrets_store_provider_aws.lint, null)

postrender = try(var.csi_secrets_store_provider_aws.postrender, [])
set = concat([
{
name = "serviceAccount.name"
value = local.csi_secrets_store_provider_aws_service_account
}],
try(var.csi_secrets_store_provider_aws.set, [])
)
set_sensitive = try(var.csi_secrets_store_provider_aws.set_sensitive, [])

tags = var.tags
}


################################################################################
# AWS for Fluent-bit
################################################################################
Expand Down Expand Up @@ -2783,13 +2850,6 @@ resource "kubernetes_config_map_v1" "aws_logging" {

#-----------------Kubernetes Add-ons----------------------

module "csi_secrets_store_provider_aws" {
count = var.enable_secrets_store_csi_driver_provider_aws ? 1 : 0
source = "./modules/csi-secrets-store-provider-aws"
helm_config = var.csi_secrets_store_provider_aws_helm_config
addon_context = local.addon_context
}

module "velero" {
count = var.enable_velero ? 1 : 0
source = "./modules/velero"
Expand Down
50 changes: 0 additions & 50 deletions modules/csi-secrets-store-provider-aws/README.md
View file

This file was deleted.

36 changes: 0 additions & 36 deletions modules/csi-secrets-store-provider-aws/main.tf
View file

This file was deleted.

24 changes: 0 additions & 24 deletions modules/csi-secrets-store-provider-aws/outputs.tf
View file

This file was deleted.

28 changes: 0 additions & 28 deletions modules/csi-secrets-store-provider-aws/variables.tf
View file

This file was deleted.

10 changes: 0 additions & 10 deletions modules/csi-secrets-store-provider-aws/versions.tf
View file

This file was deleted.

38 changes: 19 additions & 19 deletions tests/complete/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,25 +132,25 @@ module "eks_blueprints_addons" {
}
}

enable_efs_csi_driver = true
enable_fsx_csi_driver = true
enable_argocd = true
enable_cloudwatch_metrics = true
enable_aws_privateca_issuer = true
enable_cert_manager = true
enable_cluster_autoscaler = true
enable_secrets_store_csi_driver = true
enable_secrets_store_csi_driver_provider_aws = true
enable_kube_prometheus_stack = true
enable_external_dns = true
enable_external_secrets = true
enable_gatekeeper = true
enable_ingress_nginx = true
enable_aws_load_balancer_controller = true
enable_metrics_server = true
enable_vpa = true
enable_aws_for_fluentbit = true
enable_fargate_fluentbit = true
enable_efs_csi_driver = true
enable_fsx_csi_driver = true
enable_argocd = true
enable_cloudwatch_metrics = true
enable_aws_privateca_issuer = true
enable_cert_manager = true
enable_cluster_autoscaler = true
enable_secrets_store_csi_driver = true
enable_csi_secrets_store_provider_aws = true
enable_kube_prometheus_stack = true
enable_external_dns = true
enable_external_secrets = true
enable_gatekeeper = true
enable_ingress_nginx = true
enable_aws_load_balancer_controller = true
enable_metrics_server = true
enable_vpa = true
enable_aws_for_fluentbit = true
enable_fargate_fluentbit = true

enable_aws_node_termination_handler = true
aws_node_termination_handler_asg_arns = [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn]
Expand Down
29 changes: 16 additions & 13 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,22 @@ variable "secrets_store_csi_driver" {
default = {}
}

################################################################################
# CSI Secrets Store Provider AWS
################################################################################

variable "enable_csi_secrets_store_provider_aws" {
description = "Enable AWS CSI Secrets Store Provider"
type = bool
default = false
}

variable "csi_secrets_store_provider_aws" {
description = "CSI Secrets Store Provider add-on configurations"
type = any
default = {}
}

################################################################################
# AWS for Fluentbit
################################################################################
Expand Down Expand Up @@ -519,16 +535,3 @@ variable "velero_backup_s3_bucket" {
type = string
default = ""
}

#-----------AWS CSI Secrets Store Provider-------------
variable "enable_secrets_store_csi_driver_provider_aws" {
type = bool
default = false
description = "Enable AWS CSI Secrets Store Provider"
}

variable "csi_secrets_store_provider_aws_helm_config" {
type = any
default = null
description = "CSI Secrets Store Provider AWS Helm Configurations"
}

0 comments on commit 693655d

Please sign in to comment.