refactor: Refactor csi secrets store provider for v5 addon

README.md

@@ -38,7 +38,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="module_cloudwatch_metrics"></a> [cloudwatch\_metrics](#module\_cloudwatch\_metrics) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_cluster_autoscaler"></a> [cluster\_autoscaler](#module\_cluster\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#module\_cluster\_proportional\_autoscaler) | ./modules/eks-blueprints-addon | n/a |
-| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/csi-secrets-store-provider-aws | n/a |
+| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_efs_csi_driver"></a> [efs\_csi\_driver](#module\_efs\_csi\_driver) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./modules/eks-blueprints-addon | n/a |
@@ -108,7 +108,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#input\_cluster\_proportional\_autoscaler) | Cluster Proportional Autoscaler add-on configurations | `any` | `{}` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`) | `string` | n/a | yes |
-| <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
+| <a name="input_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#input\_csi\_secrets\_store\_provider\_aws) | CSI Secrets Store Provider add-on configurations | `any` | `{}` | no |
 | <a name="input_efs_csi_driver"></a> [efs\_csi\_driver](#input\_efs\_csi\_driver) | EFS CSI Driver addon configuration values | `any` | `{}` | no |
 | <a name="input_eks_addons"></a> [eks\_addons](#input\_eks\_addons) | Map of EKS addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | `any` | `{}` | no |
 | <a name="input_eks_addons_timeouts"></a> [eks\_addons\_timeouts](#input\_eks\_addons\_timeouts) | Create, update, and delete timeout configurations for the EKS addons | `map(string)` | `{}` | no |
@@ -123,6 +123,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_enable_cloudwatch_metrics"></a> [enable\_cloudwatch\_metrics](#input\_enable\_cloudwatch\_metrics) | Enable AWS Cloudwatch Metrics add-on for Container Insights | `bool` | `false` | no |
 | <a name="input_enable_cluster_autoscaler"></a> [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Enable Cluster autoscaler add-on | `bool` | `false` | no |
 | <a name="input_enable_cluster_proportional_autoscaler"></a> [enable\_cluster\_proportional\_autoscaler](#input\_enable\_cluster\_proportional\_autoscaler) | Enable Cluster Proportional Autoscaler | `bool` | `false` | no |
+| <a name="input_enable_csi_secrets_store_provider_aws"></a> [enable\_csi\_secrets\_store\_provider\_aws](#input\_enable\_csi\_secrets\_store\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
 | <a name="input_enable_efs_csi_driver"></a> [enable\_efs\_csi\_driver](#input\_enable\_efs\_csi\_driver) | Enable AWS EFS CSI Driver add-on | `bool` | `false` | no |
 | <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | Enable external-dns operator add-on | `bool` | `false` | no |
 | <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |
@@ -134,7 +135,6 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_enable_kube_prometheus_stack"></a> [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Kube Prometheus Stack | `bool` | `false` | no |
 | <a name="input_enable_metrics_server"></a> [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no |
 | <a name="input_enable_secrets_store_csi_driver"></a> [enable\_secrets\_store\_csi\_driver](#input\_enable\_secrets\_store\_csi\_driver) | Enable CSI Secrets Store Provider | `bool` | `false` | no |
-| <a name="input_enable_secrets_store_csi_driver_provider_aws"></a> [enable\_secrets\_store\_csi\_driver\_provider\_aws](#input\_enable\_secrets\_store\_csi\_driver\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
 | <a name="input_enable_velero"></a> [enable\_velero](#input\_enable\_velero) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
 | <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |
 | <a name="input_external_dns"></a> [external\_dns](#input\_external\_dns) | external-dns addon configuration values | `any` | `{}` | no |

main.tf

@@ -2108,6 +2108,73 @@ module "secrets_store_csi_driver" {
   tags = var.tags
 }
 
+
+################################################################################
+# CSI Secrets Store Provider AWS
+################################################################################
+
+locals {
+  csi_secrets_store_provider_aws_name            = "secrets-store-csi-driver-provider-aws"
+  csi_secrets_store_provider_aws_service_account = try(var.csi_secrets_store_provider_aws.service_account_name, "${local.csi_secrets_store_provider_aws_name}-sa")
+}
+
+module "csi_secrets_store_provider_aws" {
+
+  # source = "aws-ia/eks-blueprints-addon/aws"
+  source = "./modules/eks-blueprints-addon"
+
+  create = var.enable_csi_secrets_store_provider_aws
+
+  # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
+  name             = try(var.csi_secrets_store_provider_aws.name, local.csi_secrets_store_provider_aws_name)
+  description      = try(var.csi_secrets_store_provider_aws.description, "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster.")
+  namespace        = try(var.csi_secrets_store_provider_aws.namespace, "kube-system")
+  create_namespace = try(var.csi_secrets_store_provider_aws.create_namespace, false)
+  chart            = "secrets-store-csi-driver-provider-aws"
+  chart_version    = try(var.csi_secrets_store_provider_aws.chart_version, "0.3.2")
+  repository       = try(var.csi_secrets_store_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws")
+  values           = try(var.csi_secrets_store_provider_aws.values, [])
+
+  timeout                    = try(var.csi_secrets_store_provider_aws.timeout, null)
+  repository_key_file        = try(var.csi_secrets_store_provider_aws.repository_key_file, null)
+  repository_cert_file       = try(var.csi_secrets_store_provider_aws.repository_cert_file, null)
+  repository_ca_file         = try(var.csi_secrets_store_provider_aws.repository_ca_file, null)
+  repository_username        = try(var.csi_secrets_store_provider_aws.repository_username, null)
+  repository_password        = try(var.csi_secrets_store_provider_aws.repository_password, null)
+  devel                      = try(var.csi_secrets_store_provider_aws.devel, null)
+  verify                     = try(var.csi_secrets_store_provider_aws.verify, null)
+  keyring                    = try(var.csi_secrets_store_provider_aws.keyring, null)
+  disable_webhooks           = try(var.csi_secrets_store_provider_aws.disable_webhooks, null)
+  reuse_values               = try(var.csi_secrets_store_provider_aws.reuse_values, null)
+  reset_values               = try(var.csi_secrets_store_provider_aws.reset_values, null)
+  force_update               = try(var.csi_secrets_store_provider_aws.force_update, null)
+  recreate_pods              = try(var.csi_secrets_store_provider_aws.recreate_pods, null)
+  cleanup_on_fail            = try(var.csi_secrets_store_provider_aws.cleanup_on_fail, null)
+  max_history                = try(var.csi_secrets_store_provider_aws.max_history, null)
+  atomic                     = try(var.csi_secrets_store_provider_aws.atomic, null)
+  skip_crds                  = try(var.csi_secrets_store_provider_aws.skip_crds, null)
+  render_subchart_notes      = try(var.csi_secrets_store_provider_aws.render_subchart_notes, null)
+  disable_openapi_validation = try(var.csi_secrets_store_provider_aws.disable_openapi_validation, null)
+  wait                       = try(var.csi_secrets_store_provider_aws.wait, null)
+  wait_for_jobs              = try(var.csi_secrets_store_provider_aws.wait_for_jobs, null)
+  dependency_update          = try(var.csi_secrets_store_provider_aws.dependency_update, null)
+  replace                    = try(var.csi_secrets_store_provider_aws.replace, null)
+  lint                       = try(var.csi_secrets_store_provider_aws.lint, null)
+
+  postrender = try(var.csi_secrets_store_provider_aws.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.csi_secrets_store_provider_aws_service_account
+    }],
+    try(var.csi_secrets_store_provider_aws.set, [])
+  )
+  set_sensitive = try(var.csi_secrets_store_provider_aws.set_sensitive, [])
+
+  tags = var.tags
+}
+
+
 ################################################################################
 # AWS for Fluent-bit
 ################################################################################
@@ -2783,13 +2850,6 @@ resource "kubernetes_config_map_v1" "aws_logging" {
 
 #-----------------Kubernetes Add-ons----------------------
 
-module "csi_secrets_store_provider_aws" {
-  count         = var.enable_secrets_store_csi_driver_provider_aws ? 1 : 0
-  source        = "./modules/csi-secrets-store-provider-aws"
-  helm_config   = var.csi_secrets_store_provider_aws_helm_config
-  addon_context = local.addon_context
-}
-
 module "velero" {
   count            = var.enable_velero ? 1 : 0
   source           = "./modules/velero"

tests/complete/main.tf

@@ -132,25 +132,25 @@ module "eks_blueprints_addons" {
     }
   }
 
-  enable_efs_csi_driver                        = true
-  enable_fsx_csi_driver                        = true
-  enable_argocd                                = true
-  enable_cloudwatch_metrics                    = true
-  enable_aws_privateca_issuer                  = true
-  enable_cert_manager                          = true
-  enable_cluster_autoscaler                    = true
-  enable_secrets_store_csi_driver              = true
-  enable_secrets_store_csi_driver_provider_aws = true
-  enable_kube_prometheus_stack                 = true
-  enable_external_dns                          = true
-  enable_external_secrets                      = true
-  enable_gatekeeper                            = true
-  enable_ingress_nginx                         = true
-  enable_aws_load_balancer_controller          = true
-  enable_metrics_server                        = true
-  enable_vpa                                   = true
-  enable_aws_for_fluentbit                     = true
-  enable_fargate_fluentbit                     = true
+  enable_efs_csi_driver                 = true
+  enable_fsx_csi_driver                 = true
+  enable_argocd                         = true
+  enable_cloudwatch_metrics             = true
+  enable_aws_privateca_issuer           = true
+  enable_cert_manager                   = true
+  enable_cluster_autoscaler             = true
+  enable_secrets_store_csi_driver       = true
+  enable_csi_secrets_store_provider_aws = true
+  enable_kube_prometheus_stack          = true
+  enable_external_dns                   = true
+  enable_external_secrets               = true
+  enable_gatekeeper                     = true
+  enable_ingress_nginx                  = true
+  enable_aws_load_balancer_controller   = true
+  enable_metrics_server                 = true
+  enable_vpa                            = true
+  enable_aws_for_fluentbit              = true
+  enable_fargate_fluentbit              = true
 
   enable_aws_node_termination_handler   = true
   aws_node_termination_handler_asg_arns = [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn]

variables.tf

@@ -281,6 +281,22 @@ variable "secrets_store_csi_driver" {
   default     = {}
 }
 
+################################################################################
+# CSI Secrets Store Provider AWS
+################################################################################
+
+variable "enable_csi_secrets_store_provider_aws" {
+  description = "Enable AWS CSI Secrets Store Provider"
+  type        = bool
+  default     = false
+}
+
+variable "csi_secrets_store_provider_aws" {
+  description = "CSI Secrets Store Provider add-on configurations"
+  type        = any
+  default     = {}
+}
+
 ################################################################################
 # AWS for Fluentbit
 ################################################################################
@@ -519,16 +535,3 @@ variable "velero_backup_s3_bucket" {
   type        = string
   default     = ""
 }
-
-#-----------AWS CSI Secrets Store Provider-------------
-variable "enable_secrets_store_csi_driver_provider_aws" {
-  type        = bool
-  default     = false
-  description = "Enable AWS CSI Secrets Store Provider"
-}
-
-variable "csi_secrets_store_provider_aws_helm_config" {
-  type        = any
-  default     = null
-  description = "CSI Secrets Store Provider AWS Helm Configurations"
-}