Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Update crossplane module #1220

Merged
merged 43 commits into from
Dec 14, 2022
Merged
Show file tree
Hide file tree
Changes from 39 commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
3a879ff
update crossplane module
csantanapr Nov 30, 2022
6cf1811
remove jet
csantanapr Nov 30, 2022
8915ce5
replace sa name for role name
csantanapr Nov 30, 2022
c4afc68
allow partial attributes for crossplane
csantanapr Dec 1, 2022
9050369
move service account to proper place
csantanapr Dec 1, 2022
1135a6e
fix template
csantanapr Dec 1, 2022
0a6d832
fix controller config aws
csantanapr Dec 1, 2022
aaf0fa9
fix kubernetes provider
csantanapr Dec 1, 2022
b65b1e3
rollback aws service account
csantanapr Dec 1, 2022
bc99993
add wait for aws provider
csantanapr Dec 1, 2022
dced7cb
fix syntax for wait
csantanapr Dec 1, 2022
71f4a87
trying wait for
csantanapr Dec 1, 2022
ba8682e
switch to use kubernetes
csantanapr Dec 1, 2022
bef6403
update referecens
csantanapr Dec 1, 2022
3bb5d3a
update reference
csantanapr Dec 1, 2022
4fa4352
revert the wait
csantanapr Dec 1, 2022
ff88b13
fix reference
csantanapr Dec 1, 2022
2062b0e
use local
csantanapr Dec 1, 2022
a62cb6e
correct service account role arn
csantanapr Dec 1, 2022
cf91177
name kube providerconfig default
csantanapr Dec 2, 2022
be709f8
Merge branch 'main' into crossplane-updates-11-28
csantanapr Dec 5, 2022
07bb3ca
revert back to default 30s
csantanapr Dec 5, 2022
3c2d340
Update modules/kubernetes-addons/crossplane/locals.tf
csantanapr Dec 8, 2022
929f523
fix indent in aws controller config
csantanapr Dec 8, 2022
01d6352
Update modules/kubernetes-addons/crossplane/aws-provider/aws-provider…
csantanapr Dec 8, 2022
401ff62
drop the specific version for kuberentes provider
csantanapr Dec 8, 2022
5636b1b
Update modules/kubernetes-addons/crossplane/main.tf
csantanapr Dec 8, 2022
278cd16
Update modules/kubernetes-addons/crossplane/main.tf
csantanapr Dec 8, 2022
ef47c91
Update modules/kubernetes-addons/crossplane/main.tf
csantanapr Dec 8, 2022
472d197
Update modules/kubernetes-addons/crossplane/main.tf
csantanapr Dec 8, 2022
194744b
Update modules/kubernetes-addons/crossplane/main.tf
csantanapr Dec 8, 2022
6582638
single instance
csantanapr Dec 9, 2022
2ffa327
add time for kuberentes providerconfig
csantanapr Dec 9, 2022
7a5a492
fmt
csantanapr Dec 9, 2022
0e8dd45
reference on role
csantanapr Dec 9, 2022
35f5f95
remove depends on
csantanapr Dec 9, 2022
7e23773
remove depends on
csantanapr Dec 9, 2022
145e6b1
fix error on array
csantanapr Dec 9, 2022
2a763f3
need crossplane install first
csantanapr Dec 10, 2022
4912cae
add back terrajet provider
csantanapr Dec 10, 2022
1c72ae5
add jet variables to module crossplane
csantanapr Dec 10, 2022
46e0b4e
Merge branch 'main' of github.com:aws-ia/terraform-aws-eks-blueprints…
bryantbiggs Dec 13, 2022
79feea6
chore: Update terraform docs for CI pass
bryantbiggs Dec 13, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions modules/kubernetes-addons/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,10 +159,9 @@
| <a name="input_consul_helm_config"></a> [consul\_helm\_config](#input\_consul\_helm\_config) | Consul Helm Chart config | `any` | `{}` | no |
| <a name="input_coredns_autoscaler_helm_config"></a> [coredns\_autoscaler\_helm\_config](#input\_coredns\_autoscaler\_helm\_config) | CoreDNS Autoscaler Helm Chart config | `any` | `{}` | no |
| <a name="input_coredns_cluster_proportional_autoscaler_helm_config"></a> [coredns\_cluster\_proportional\_autoscaler\_helm\_config](#input\_coredns\_cluster\_proportional\_autoscaler\_helm\_config) | Helm provider config for the CoreDNS cluster-proportional-autoscaler | `any` | `{}` | no |
| <a name="input_crossplane_aws_provider"></a> [crossplane\_aws\_provider](#input\_crossplane\_aws\_provider) | AWS Provider config for Crossplane | <pre>object({<br> enable = bool<br> provider_aws_version = string<br> additional_irsa_policies = list(string)<br> })</pre> | <pre>{<br> "additional_irsa_policies": [],<br> "enable": false,<br> "provider_aws_version": "v0.24.1"<br>}</pre> | no |
| <a name="input_crossplane_aws_provider"></a> [crossplane\_aws\_provider](#input\_crossplane\_aws\_provider) | AWS Provider config for Crossplane | `any` | <pre>{<br> "enable": false<br>}</pre> | no |
| <a name="input_crossplane_helm_config"></a> [crossplane\_helm\_config](#input\_crossplane\_helm\_config) | Crossplane Helm Chart config | `any` | `null` | no |
| <a name="input_crossplane_jet_aws_provider"></a> [crossplane\_jet\_aws\_provider](#input\_crossplane\_jet\_aws\_provider) | AWS Provider Jet AWS config for Crossplane | <pre>object({<br> enable = bool<br> provider_aws_version = string<br> additional_irsa_policies = list(string)<br> })</pre> | <pre>{<br> "additional_irsa_policies": [],<br> "enable": false,<br> "provider_aws_version": "v0.24.1"<br>}</pre> | no |
| <a name="input_crossplane_kubernetes_provider"></a> [crossplane\_kubernetes\_provider](#input\_crossplane\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | <pre>object({<br> enable = bool<br> provider_kubernetes_version = string<br> })</pre> | <pre>{<br> "enable": false,<br> "provider_kubernetes_version": "v0.4.1"<br>}</pre> | no |
| <a name="input_crossplane_kubernetes_provider"></a> [crossplane\_kubernetes\_provider](#input\_crossplane\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | `any` | <pre>{<br> "enable": false<br>}</pre> | no |
| <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
| <a name="input_custom_image_registry_uri"></a> [custom\_image\_registry\_uri](#input\_custom\_image\_registry\_uri) | Custom image registry URI map of `{region = dkr.endpoint }` | `map(string)` | `{}` | no |
| <a name="input_data_plane_wait_arn"></a> [data\_plane\_wait\_arn](#input\_data\_plane\_wait\_arn) | Addon deployment will not proceed until this value is known. Set to node group/Fargate profile ARN to wait for data plane to be ready before provisioning addons | `string` | `""` | no |
Expand Down
16 changes: 3 additions & 13 deletions modules/kubernetes-addons/crossplane/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ Refer to [docs](../../../docs/add-ons/crossplane.md) on how to deploy AWS Provid

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 1.14 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
| <a name="provider_time"></a> [time](#provider\_time) | >= 0.7 |
Expand All @@ -50,40 +49,31 @@ Refer to [docs](../../../docs/add-ons/crossplane.md) on how to deploy AWS Provid
|------|--------|---------|
| <a name="module_aws_provider_irsa"></a> [aws\_provider\_irsa](#module\_aws\_provider\_irsa) | ../../../modules/irsa | n/a |
| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
| <a name="module_jet_aws_provider_irsa"></a> [jet\_aws\_provider\_irsa](#module\_jet\_aws\_provider\_irsa) | ../../../modules/irsa | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_iam_policy.aws_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.jet_aws_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [kubectl_manifest.aws_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.aws_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.aws_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.jet_aws_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.jet_aws_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.jet_aws_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kubernetes_controller_clusterolebinding](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kubernetes_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kubernetes_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kubernetes_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubernetes_namespace_v1.crossplane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_service_account_v1.kubernetes_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
| [time_sleep.wait_30_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [aws_iam_policy_document.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [time_sleep.wait_30_seconds_kubernetes](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | Current AWS Account ID | `string` | n/a | yes |
| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br> aws_caller_identity_account_id = string<br> aws_caller_identity_arn = string<br> aws_eks_cluster_endpoint = string<br> aws_partition_id = string<br> aws_region_name = string<br> eks_cluster_id = string<br> eks_oidc_issuer_url = string<br> eks_oidc_provider_arn = string<br> tags = map(string)<br> irsa_iam_role_path = string<br> irsa_iam_permissions_boundary = string<br> })</pre> | n/a | yes |
| <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | AWS Identifier of the current partition e.g., aws or aws-cn | `string` | n/a | yes |
| <a name="input_aws_provider"></a> [aws\_provider](#input\_aws\_provider) | AWS Provider config for Crossplane | <pre>object({<br> enable = bool<br> provider_aws_version = string<br> additional_irsa_policies = list(string)<br> })</pre> | n/a | yes |
| <a name="input_aws_provider"></a> [aws\_provider](#input\_aws\_provider) | AWS Provider config for Crossplane | `any` | n/a | yes |
| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Argo Rollouts | `any` | `{}` | no |
| <a name="input_jet_aws_provider"></a> [jet\_aws\_provider](#input\_jet\_aws\_provider) | AWS Provider Jet AWS config for Crossplane | <pre>object({<br> enable = bool<br> provider_aws_version = string<br> additional_irsa_policies = list(string)<br> })</pre> | n/a | yes |
| <a name="input_kubernetes_provider"></a> [kubernetes\_provider](#input\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | <pre>object({<br> enable = bool<br> provider_kubernetes_version = string<br> })</pre> | n/a | yes |
| <a name="input_kubernetes_provider"></a> [kubernetes\_provider](#input\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | `any` | n/a | yes |

## Outputs

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: aws-controller-config
name: ${aws-controller-config}
annotations:
eks.amazonaws.com/role-arn: ${iam-role-arn}
spec:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: aws-provider-config
name: ${aws-provider-config}
spec:
credentials:
source: InjectedIdentity
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ kind: Provider
metadata:
name: ${aws-provider-name}
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-aws:${coalesce(provider-aws-version, "v0.33.0")}
package: xpkg.upbound.io/crossplane-contrib/provider-aws:${provider-aws-version}
controllerConfigRef:
name: aws-controller-config
name: ${aws-controller-config}

This file was deleted.

This file was deleted.

This file was deleted.

24 changes: 0 additions & 24 deletions modules/kubernetes-addons/crossplane/data.tf

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ subjects:
namespace: ${namespace}
roleRef:
kind: ClusterRole
name: cluster-admin
name: ${cluster-role}
apiGroup: rbac.authorization.k8s.io
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: kubernetes-controller-config
name: ${kubernetes-controller-config}
spec:
serviceAccountName: ${kubernetes-serviceaccount-name}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: kubernetes-provider-config
name: ${kubernetes-provider-config}
spec:
credentials:
source: InjectedIdentity
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ kind: Provider
metadata:
name: ${kubernetes-provider-name}
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:${coalesce(provider-kubernetes-version, "v0.5.0")}
package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:${provider-kubernetes-version}
controllerConfigRef:
name: kubernetes-controller-config
name: ${kubernetes-controller-config}
csantanapr marked this conversation as resolved.
Show resolved Hide resolved
24 changes: 19 additions & 5 deletions modules/kubernetes-addons/crossplane/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,23 @@ locals {
operating-system = "linux"
})]

aws_provider_sa = "aws-provider"
jet_aws_provider_sa = "jet-aws-provider"
kubernetes_provider_sa = try(var.helm_config.service_account, "kubernetes-provider")
aws_current_account_id = var.account_id
aws_current_partition = var.aws_partition
aws_provider = merge({
provider_aws_version = "v0.34.0"
additional_irsa_policies = ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AdministratorAccess"]
name = "aws-provider"
service_account = "aws-provider"
provider_config = "default"
controller_config = "aws-controller-config"
},
var.aws_provider
)
kubernetes_provider = merge({
provider_kubernetes_version = "v0.5.0"
name = "kubernetes-provider"
service_account = "kubernetes-provider"
provider_config = "default"
controller_config = "kubernetes-controller-config"
cluster_role = "cluster-admin"
},
var.kubernetes_provider)
}
Loading