chore: Sync changes from Blueprints examples refactoring (ALB controller + Fargate FluentBit)

.github/workflows/publish-docs.yaml

@@ -0,0 +1,52 @@
+name: Publish docs via GitHub Pages
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+      - README.md
+
+  release:
+    types:
+      - published
+
+env:
+  PYTHON_VERSION: 3.x
+
+jobs:
+  build:
+    name: Deploy docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install mike=1.1.2 mkdocs-material==9.1.4 mkdocs-include-markdown-plugin==4.0.4
+
+      - name: git config
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: mike deploy main
+        if: contains(github.ref, 'refs/heads/main')
+        run: |
+          mike deploy --push main
+
+      - name: mike deploy new version
+        if: contains(github.ref, 'refs/tags/v') && !github.event.release.prerelease
+        run: |
+          VERSION=${GITHUB_REF/refs\/tags\//}
+          mike deploy --rebase --push --update-aliases "${VERSION}" latest

README.md

@@ -1,4 +1,6 @@
-# EKS Blueprints Addons Terraform Module
+# AWS EKS Blueprints Addons
+
+Terraform module to deploy Kubernetes addons on AWS EKS clusters.
 
 ### 🚧 Currently under development 🚧
 
@@ -69,6 +71,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | [aws_cloudwatch_log_group.fargate_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_eks_addon.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_instance_profile.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
+| [aws_iam_policy.fargate_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
@@ -87,6 +90,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | [aws_iam_policy_document.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.external_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.fargate_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.karpenter_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -189,7 +193,7 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="output_eks_addons"></a> [eks\_addons](#output\_eks\_addons) | Map of attributes for each EKS addons enabled |
 | <a name="output_external_dns"></a> [external\_dns](#output\_external\_dns) | Map of attributes of the Helm release and IRSA created |
 | <a name="output_external_secrets"></a> [external\_secrets](#output\_external\_secrets) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_fargate_fluentbit"></a> [fargate\_fluentbit](#output\_fargate\_fluentbit) | Map of attributes of the Helm release and IRSA created |
+| <a name="output_fargate_fluentbit"></a> [fargate\_fluentbit](#output\_fargate\_fluentbit) | Map of attributes of the configmap and IAM policy created |
 | <a name="output_gatekeeper"></a> [gatekeeper](#output\_gatekeeper) | Map of attributes of the Helm release and IRSA created |
 | <a name="output_ingress_nginx"></a> [ingress\_nginx](#output\_ingress\_nginx) | Map of attributes of the Helm release and IRSA created |
 | <a name="output_karpenter"></a> [karpenter](#output\_karpenter) | Map of attributes of the Helm release and IRSA created |

docs/aws-cloudwatch-metrics.md

@@ -0,0 +1,30 @@
+# AWS CloudWatch Metrics
+
+Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.
+
+Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.
+
+## Usage
+
+[aws-cloudwatch-metrics](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-cloudwatch-metrics) can be deployed by enabling the add-on via the following.
+
+```hcl
+enable_aws_cloudwatch_metrics = true
+```
+
+You can also customize the Helm chart that deploys `aws-cloudwatch-metrics` via the following configuration:
+
+
+```hcl
+  enable_aws_cloudwatch_metrics        = true
+
+  aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"]
+  aws_cloudwatch_metrics   = {
+    role_policies = ["IAM Policies"]  # extra policies in addition of CloudWatchAgentServerPolicy
+    name          = "aws-cloudwatch-metrics"
+    repository    = "https://aws.github.io/eks-charts"
+    chart_version = "0.0.9"
+    namespace     = "amazon-cloudwatch"
+    values        = [templatefile("${path.module}/values.yaml", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here
+  }
+```

docs/aws-efs-csi-driver.md

@@ -0,0 +1,42 @@
+# AWS EFS CSI Driver
+
+This add-on deploys the [AWS EFS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) into an EKS cluster.
+
+## Usage
+
+The [AWS EFS CSI driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-efs-csi-driver) can be deployed by enabling the add-on via the following. Check out the full [example](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/examples/stateful/main.tf) to deploy an EKS Cluster with EFS backing the dynamic provisioning of persistent volumes.
+
+```hcl
+  enable_aws_efs_csi_driver = true
+```
+
+Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace.
+
+```sh
+$ kubectl get deployment efs-csi-controller -n kube-system
+
+NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
+efs-csi-controller   2/2     2            2           4m29s
+```
+
+```sh
+$ kubectl get daemonset efs-csi-node -n kube-system
+
+NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
+efs-csi-node   3         3         3       3            3           beta.kubernetes.io/os=linux   4m32s
+```
+
+You can optionally customize the Helm chart that deploys the driver via the following configuration.
+
+```hcl
+  enable_aws_efs_csi_driver = true
+
+  # Optional aws_efs_csi_driver_helm_config
+  aws_efs_csi_driver = {
+    repository     = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
+    chart_version  = "2.4.1"
+  }
+  aws_efs_csi_driver {
+    role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
+  }
+```

docs/aws-load-balancer-controller.md

@@ -0,0 +1,86 @@
+# AWS Load Balancer Controller.
+
+[AWS Load Balancer Controller ](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.
+
+## Usage
+
+In order to deploy the AWS Load Balancer Controller Addon via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+
+  enable_aws_load_balancer_controller = true
+  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+    ]
+  }
+```
+### Helm Chart customization
+
+It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
+
+```hcl
+  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+      {
+        name  = "resources.requests.cpu"
+        value = 100m
+      },
+      {
+        name  = "resources.requests.memory"
+        value = 128Mi
+      },
+    ]
+  }
+}
+```
+
+You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml).
+
+
+## Validate
+
+1. To validate the deployment, check if the `aws-load-balancer-controller` Pods were created in the `kube-system` Namespace, as the following example.
+
+```sh
+kubectl -n kube-system get pods | grep aws-load-balancer-controller
+NAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE
+kube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m
+kube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m
+```
+
+2. Create a Kubernetes Ingress, using the `alb` IngressClass, pointing to an existing Service. In this example we'll use a Service called `example-svc`.
+
+```sh
+kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \
+--annotation alb.ingress.kubernetes.io/scheme=internet-facing \
+--annotation alb.ingress.kubernetes.io/target-type=ip
+```
+
+```sh
+kubectl get ingress  
+NAME                CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
+example-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
+```
+
+## Resources
+
+[GitHub Repo](https://github.com/kubernetes-sigs/aws-load-balancer-controller/)
+[Helm Chart](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller)
+[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)

docs/aws-private-ca-issuer.md

@@ -0,0 +1,65 @@
+# AWS Private CA (PCA) Issuer
+
+[AWS Private CA](https://aws.amazon.com/private-ca/) is an AWS service that can setup and manage private CAs, as well as issue private certifiates. This Add-on deployes the AWS Private CA Issuer as an [external issuer](https://cert-manager.io/docs/configuration/external/) to **cert-manager** that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster.
+
+## Usage
+
+### Pre-requisites
+
+To deploy the AWS PCA, you need to install cert-manager first, refer to this [documentation](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/docs/cert-manager.md) to do it through EKS Blueprints Addons.
+
+### Deployment
+
+With **cert-manager** deployed in place, you can deploy the AWS Private CA Issuer Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+
+  enable_cert_manager         = true
+  enable_aws_privateca_issuer = true
+  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+  }
+}
+```
+
+### Helm Chart customization
+
+It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
+
+```hcl
+  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+    namespace        = "aws-privateca-issuer"
+    create_namespace = true
+  }
+```
+
+You can find all available Helm Chart parameter values [here](https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/values.yaml).
+
+## Validation
+
+1. List all the pods running in `aws-privateca-issuer` and `cert-manager` Namespace.
+
+```sh
+kubectl get pods -n aws-privateca-issuer
+kubectl get pods -n cert-manager
+```
+
+2. Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
+
+```sh
+kubectl get certificate -o wide
+NAME      READY   SECRET                  ISSUER                    STATUS                                          AGE
+example   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m
+
+kubectl get secret example-clusterissuer
+NAME                    TYPE                DATA   AGE
+example-clusterissuer   kubernetes.io/tls   3      43m
+```
+
+## Resources
+
+[GitHub Repo](https://github.com/cert-manager/aws-privateca-issuer)
+[Helm Chart](https://github.com/cert-manager/aws-privateca-issuer/tree/main/charts/aws-pca-issuer)
+[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html)