fix(priority-class): DMVP-5359 add priority class

README.md

@@ -217,6 +217,7 @@ worker_groups = {
 | <a name="module_node-problem-detector"></a> [node-problem-detector](#module\_node-problem-detector) | ./modules/node-problem-detector | n/a |
 | <a name="module_olm"></a> [olm](#module\_olm) | ./modules/olm | n/a |
 | <a name="module_portainer"></a> [portainer](#module\_portainer) | ./modules/portainer | n/a |
+| <a name="module_priority_class"></a> [priority\_class](#module\_priority\_class) | ./modules/priority-class/ | n/a |
 | <a name="module_sso-rbac"></a> [sso-rbac](#module\_sso-rbac) | ./modules/sso-rbac | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | dasmeta/vpc/aws | 1.0.1 |
 | <a name="module_weave-scope"></a> [weave-scope](#module\_weave-scope) | ./modules/weave-scope | n/a |
@@ -278,6 +279,7 @@ worker_groups = {
 | <a name="input_node_groups_default"></a> [node\_groups\_default](#input\_node\_groups\_default) | Map of EKS managed node group default configurations | `any` | <pre>{<br>  "disk_size": 50,<br>  "iam_role_additional_policies": [<br>    "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"<br>  ],<br>  "instance_types": [<br>    "t3.large"<br>  ]<br>}</pre> | no |
 | <a name="input_node_security_group_additional_rules"></a> [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | n/a | `any` | <pre>{<br>  "ingress_cluster_10250": {<br>    "description": "Metric server to node groups",<br>    "from_port": 10250,<br>    "protocol": "tcp",<br>    "self": true,<br>    "to_port": 10250,<br>    "type": "ingress"<br>  },<br>  "ingress_cluster_8443": {<br>    "description": "Metric server to node groups",<br>    "from_port": 8443,<br>    "protocol": "tcp",<br>    "source_cluster_security_group": true,<br>    "to_port": 8443,<br>    "type": "ingress"<br>  }<br>}</pre> | no |
 | <a name="input_portainer_config"></a> [portainer\_config](#input\_portainer\_config) | Portainer hostname and ingress config. | <pre>object({<br>    host           = optional(string, "portainer.dasmeta.com")<br>    enable_ingress = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_priority_class"></a> [priority\_class](#input\_priority\_class) | Defines Priority Classes in Kubernetes, used to assign different levels of priority to pods. By default, this module creates three Priority Classes: 'high', 'medium' and 'low' . You can also provide a custom list of Priority Classes if needed. | `list(any)` | <pre>[<br>  {}<br>]</pre> | no |
 | <a name="input_prometheus_metrics"></a> [prometheus\_metrics](#input\_prometheus\_metrics) | Prometheus Metrics | `any` | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region name. | `string` | `null` | no |
 | <a name="input_roles"></a> [roles](#input\_roles) | Variable describes which role will user have K8s | <pre>list(object({<br>    actions   = list(string)<br>    resources = list(string)<br>  }))</pre> | `[]` | no |

examples/spot-instance/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.41 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
 
 ## Modules
 

fluent-bit.tf

@@ -14,7 +14,7 @@ module "fluent-bit" {
   log_group_name        = try(var.fluent_bit_configs.log_group_name, "") != "" ? var.fluent_bit_configs.log_group_name : "fluent-bit-cloudwatch-${module.eks-cluster[0].cluster_id}"
   system_log_group_name = try(var.fluent_bit_configs.system_log_group_name, "")
   log_retention_days    = try(var.fluent_bit_configs.log_retention_days, 90)
-  image_pull_secrets    = try(var.fluent_bit_configs.image_pull_secrets, [])
+  imagePullSecrets      = try(var.fluent_bit_configs.imagePullSecrets, [])
 
   values_yaml = try(var.fluent_bit_configs.values_yaml, "")
 

modules/efs-csi/README.md

@@ -57,6 +57,7 @@ No modules.
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Parent cluster name | `string` | n/a | yes |
 | <a name="input_cluster_oidc_arn"></a> [cluster\_oidc\_arn](#input\_cluster\_oidc\_arn) | oidc arn of cluster | `string` | n/a | yes |
 | <a name="input_efs_id"></a> [efs\_id](#input\_efs\_id) | Id of EFS filesystem in AWS (Required) | `string` | n/a | yes |
+| <a name="input_helm_install"></a> [helm\_install](#input\_helm\_install) | Helm Install | `bool` | `false` | no |
 | <a name="input_storage_classes"></a> [storage\_classes](#input\_storage\_classes) | Additional storage class configurations: by default, 2 storage classes are created - efs-sc and efs-sc-root which has 0 uid. One can add another storage classes besides these 2. | <pre>list(object({<br>    name : string<br>    provisioning_mode : optional(string, "efs-ap")<br>    file_system_id : string<br>    directory_perms : optional(string, "755")<br>    base_path : optional(string, "/")<br>    uid : optional(number)<br>  }))</pre> | `[]` | no |
 
 ## Outputs

modules/efs-csi/main.tf

@@ -1,4 +1,5 @@
 resource "helm_release" "efs-driver" {
+  count      = var.helm_install ? 1 : 0
   name       = "efs-csi"
   repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
   chart      = "aws-efs-csi-driver"

modules/efs-csi/variables.tf

@@ -13,6 +13,12 @@ variable "cluster_name" {
   type        = string
 }
 
+variable "helm_install" {
+  description = "Helm Install"
+  type        = bool
+  default     = false
+}
+
 variable "storage_classes" {
   description = "Additional storage class configurations: by default, 2 storage classes are created - efs-sc and efs-sc-root which has 0 uid. One can add another storage classes besides these 2."
   type = list(object({

modules/fluent-bit/README.md

@@ -55,6 +55,7 @@ No modules.
 | <a name="input_eks_oidc_root_ca_thumbprint"></a> [eks\_oidc\_root\_ca\_thumbprint](#input\_eks\_oidc\_root\_ca\_thumbprint) | n/a | `string` | n/a | yes |
 | <a name="input_fluent_bit_config"></a> [fluent\_bit\_config](#input\_fluent\_bit\_config) | You can add other inputs,outputs and filters which module doesn't have by default | `any` | <pre>{<br>  "cloudwatch_outputs_enabled": true,<br>  "filters": "",<br>  "inputs": "",<br>  "outputs": ""<br>}</pre> | no |
 | <a name="input_fluent_bit_name"></a> [fluent\_bit\_name](#input\_fluent\_bit\_name) | Container resource name. | `string` | `"fluent-bit"` | no |
+| <a name="input_imagePullSecrets"></a> [imagePullSecrets](#input\_imagePullSecrets) | Secret name which can we use for download image | `list(string)` | `[]` | no |
 | <a name="input_image_pull_secrets"></a> [image\_pull\_secrets](#input\_image\_pull\_secrets) | Secret name which can we use for download image | `list(string)` | `[]` | no |
 | <a name="input_kube_namespaces"></a> [kube\_namespaces](#input\_kube\_namespaces) | Kubernates namespaces | `list(string)` | <pre>[<br>  "kube.*",<br>  "meta.*",<br>  "adot.*",<br>  "devops.*",<br>  "cert-manager.*",<br>  "git.*",<br>  "opentelemetry.*",<br>  "stakater.*",<br>  "renovate.*"<br>]</pre> | no |
 | <a name="input_log_filters"></a> [log\_filters](#input\_log\_filters) | Fluent bit doesn't send logs if message consists of this values | `list(string)` | <pre>[<br>  "kube-probe",<br>  "health",<br>  "prometheus",<br>  "liveness"<br>]</pre> | no |

modules/fluent-bit/main.tf

@@ -29,6 +29,11 @@ resource "helm_release" "fluent-bit" {
     value = var.cluster_name
   }
 
+  set {
+    name  = "imagePullSecrets"
+    value = var.imagePullSecrets
+  }
+
   set {
     name  = "serviceAccount.name"
     value = "fluent-bit"

modules/fluent-bit/variables.tf

@@ -25,6 +25,12 @@ variable "namespace" {
   description = "k8s namespace fluent-bit should be deployed into."
 }
 
+variable "imagePullSecrets" {
+  type        = list(string)
+  default     = []
+  description = "Secret name which can we use for download image"
+}
+
 variable "create_namespace" {
   type        = bool
   default     = false

modules/priority-class/README.md

@@ -0,0 +1,37 @@
+# priority-class
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~>2.23 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | ~>2.23 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_priority_class.example](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_priority_class"></a> [priority\_class](#input\_priority\_class) | Defines Priority Classes in Kubernetes, used to assign different levels of priority to pods. By default, this module creates three Priority Classes: 'high', 'medium' and 'low' . You can also provide a custom list of Priority Classes if needed. | `list(any)` | <pre>[<br>  {}<br>]</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_priority_class"></a> [priority\_class](#output\_priority\_class) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/priority-class/main.tf

@@ -0,0 +1,33 @@
+locals {
+  priority_class_default = [
+    {
+      name  = "high"
+      value = "1000000"
+    },
+    {
+      name  = "medium"
+      value = "500000"
+    },
+    {
+      name  = "low"
+      value = "250000"
+    }
+  ]
+  merged_priority_class = concat(local.priority_class_default, var.priority_class)
+  priority_class        = [for map in local.merged_priority_class : map if length(map) > 0]
+}
+
+output "priority_class" {
+  value = local.priority_class
+}
+
+resource "kubernetes_priority_class" "example" {
+  # Transform the list of maps into a key-value map suitable for for_each
+  for_each = { for pc in local.priority_class : pc.name => pc }
+
+  metadata {
+    name = each.key
+  }
+
+  value = each.value.value
+}

modules/priority-class/tests/add-new-priority-class/README.md

@@ -0,0 +1,37 @@
+# add-new-priority-class
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_test"></a> [test](#module\_test) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_iam_openid_connect_provider.test-cluster-oidc-provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_priority_class"></a> [priority\_class](#output\_priority\_class) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/priority-class/tests/add-new-priority-class/main.tf

@@ -0,0 +1,14 @@
+module "test" {
+  source = "../../"
+
+  priority_class = [
+    {
+      name  = "important"
+      value = "2000000"
+    },
+  ]
+}
+
+output "priority_class" {
+  value = module.test.priority_class
+}

modules/priority-class/tests/add-new-priority-class/providers.tf

@@ -0,0 +1,27 @@
+locals {
+  cluster_name = "stage"
+}
+
+data "aws_eks_cluster" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_eks_cluster_auth" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_iam_openid_connect_provider" "test-cluster-oidc-provider" {
+  url = data.aws_eks_cluster.test-cluster.identity[0].oidc[0].issuer
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.test-cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.test-cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.test-cluster.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "--region", "eu-central-1", "get-token", "--cluster-name", local.cluster_name]
+    command     = "aws"
+  }
+}

modules/priority-class/tests/basic/README.md

@@ -0,0 +1,37 @@
+# basic
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_test"></a> [test](#module\_test) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_iam_openid_connect_provider.test-cluster-oidc-provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_priority_class"></a> [priority\_class](#output\_priority\_class) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/priority-class/tests/basic/main.tf

@@ -0,0 +1,7 @@
+module "test" {
+  source = "../../"
+}
+
+output "priority_class" {
+  value = module.test.priority_class
+}

modules/priority-class/tests/basic/providers.tf

@@ -0,0 +1,27 @@
+locals {
+  cluster_name = "stage"
+}
+
+data "aws_eks_cluster" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_eks_cluster_auth" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_iam_openid_connect_provider" "test-cluster-oidc-provider" {
+  url = data.aws_eks_cluster.test-cluster.identity[0].oidc[0].issuer
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.test-cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.test-cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.test-cluster.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "--region", "eu-central-1", "get-token", "--cluster-name", local.cluster_name]
+    command     = "aws"
+  }
+}

modules/priority-class/variables.tf

@@ -0,0 +1,5 @@
+variable "priority_class" {
+  type        = list(any)
+  description = "Defines Priority Classes in Kubernetes, used to assign different levels of priority to pods. By default, this module creates three Priority Classes: 'high', 'medium' and 'low' . You can also provide a custom list of Priority Classes if needed."
+  default     = [{}]
+}

modules/priority-class/version.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~>2.23"
+    }
+  }
+}

priority-class.tf

@@ -0,0 +1,5 @@
+module "priority_class" {
+  source = "./modules/priority-class/"
+
+  priority_class = var.priority_class
+}

tests/basic/README.md

@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 

tests/eks-fluent-bit/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.41 |
 
 ## Modules
 

variables.tf

@@ -563,3 +563,9 @@ variable "alarms" {
   })
   description = "Alarms enabled by default you need set sns topic name for send alarms for customize alarms threshold use custom_values"
 }
+
+variable "priority_class" {
+  type        = list(any)
+  description = "Defines Priority Classes in Kubernetes, used to assign different levels of priority to pods. By default, this module creates three Priority Classes: 'high', 'medium' and 'low' . You can also provide a custom list of Priority Classes if needed."
+  default     = [{}]
+}