Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add support for istio-csr addon #1100

Merged
merged 9 commits into from
Oct 31, 2022
Merged
24 changes: 24 additions & 0 deletions docs/add-ons/cert-manager-istio-csr.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# cert-manager-istio-csr

istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.

For complete project documentation, please visit the [cert-manager documentation site](https://cert-manager.io/docs/usage/istio/).

## Usage

cert-manger-istio-csr can be deployed by enabling the add-on via the following.

```hcl
enable_cert_manager_istio_csr = true
```

### GitOps Configuration

The following properties are made available for use when managing the add-on via GitOps.

```

certManagerIstioCsr = {
enable = true
}
```
315 changes: 315 additions & 0 deletions modules/kubernetes-addons/README.md

Large diffs are not rendered by default.

83 changes: 83 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Cert-manager-istio-csr Helm Chart

istio-csr enables the use of cert-manager for issuing certificates in Istio service meshes

For more details checkout [cert-manager-istio-csr](https://github.com/cert-manager/istio-csr) on GitHub

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |

## Resources

No resources.

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br> aws_caller_identity_account_id = string<br> aws_caller_identity_arn = string<br> aws_eks_cluster_endpoint = string<br> aws_partition_id = string<br> aws_region_name = string<br> eks_cluster_id = string<br> eks_oidc_issuer_url = string<br> eks_oidc_provider_arn = string<br> tags = map(string)<br> irsa_iam_role_path = string<br> irsa_iam_permissions_boundary = string<br> })</pre> | n/a | yes |
| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for kubecost. | `any` | `{}` | no |
| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |

## Resources

No resources.

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br> aws_caller_identity_account_id = string<br> aws_caller_identity_arn = string<br> aws_eks_cluster_endpoint = string<br> aws_partition_id = string<br> aws_region_name = string<br> eks_cluster_id = string<br> eks_oidc_issuer_url = string<br> eks_oidc_provider_arn = string<br> tags = map(string)<br> irsa_iam_role_path = string<br> irsa_iam_permissions_boundary = string<br> })</pre> | n/a | yes |
| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for kubecost. | `any` | `{}` | no |
| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
<!-- END_TF_DOCS -->
22 changes: 22 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/locals.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
locals {
Pacobart marked this conversation as resolved.
Show resolved Hide resolved
name = "kubecost"

default_helm_config = {
name = local.name
chart = "cert-manager-istio-csr"
repository = "https://charts.jetstack.io"
version = "v0.5.0"
namespace = local.name
values = null
description = "Cert-manager-istio-csr Helm Chart deployment configuration"
}

helm_config = merge(
local.default_helm_config,
var.helm_config
)

argocd_gitops_config = {
enable = true
}
}
6 changes: 6 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
module "helm_addon" {
source = "../helm-addon"
helm_config = local.helm_config
manage_via_gitops = var.manage_via_gitops
addon_context = var.addon_context
}
4 changes: 4 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "argocd_gitops_config" {
description = "Configuration used for managing the add-on with ArgoCD"
value = var.manage_via_gitops ? local.argocd_gitops_config : null
}
28 changes: 28 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
variable "helm_config" {
description = "Helm Config for kubecost."
type = any
default = {}
}

variable "manage_via_gitops" {
description = "Determines if the add-on should be managed via GitOps."
type = bool
default = false
}

variable "addon_context" {
description = "Input configuration for the addon"
type = object({
aws_caller_identity_account_id = string
aws_caller_identity_arn = string
aws_eks_cluster_endpoint = string
aws_partition_id = string
aws_region_name = string
eks_cluster_id = string
eks_oidc_issuer_url = string
eks_oidc_provider_arn = string
tags = map(string)
irsa_iam_role_path = string
irsa_iam_permissions_boundary = string
})
}
18 changes: 18 additions & 0 deletions modules/kubernetes-addons/cert-manager-istio-csr/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
terraform {
required_version = ">= 1.0.0"

required_providers {
Pacobart marked this conversation as resolved.
Show resolved Hide resolved
aws = {
source = "hashicorp/aws"
version = ">= 3.72"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.10"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.4.1"
}
}
}
8 changes: 8 additions & 0 deletions modules/kubernetes-addons/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,14 @@ module "cert_manager_csi_driver" {
addon_context = local.addon_context
}

module "cert_manager_istio_csr" {
count = var.enable_cert_manager_istio_csr ? 1 : 0
source = "./cert-manager-istio-csr"
helm_config = var.cert_manager_istio_csr_helm_config
manage_via_gitops = var.argocd_manage_add_ons
addon_context = local.addon_context
}

module "cluster_autoscaler" {
source = "./cluster-autoscaler"

Expand Down
12 changes: 12 additions & 0 deletions modules/kubernetes-addons/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -742,6 +742,18 @@ variable "cert_manager_kubernetes_svc_image_pull_secrets" {
default = []
}

variable "enable_cert_manager_istio_csr" {
description = "Enable Cert Manager istio-csr add-on"
type = bool
default = false
}

variable "cert_manager_istio_csr_helm_config" {
description = "Cert Manager Istio CSR Helm Chart config"
type = any
default = {}
}

#-----------Argo Rollouts ADDON-------------
variable "enable_argo_rollouts" {
description = "Enable Argo Rollouts add-on"
Expand Down