added feature for kubeclarity (#3)

* updated variable, description, readme and Added kubeClarity feature
squareops · May 12, 2023 · 1bbe31d · 1bbe31d
1 parent 708e252
commit 1bbe31d
Show file tree

Hide file tree

Showing 8 changed files with 567 additions and 81 deletions.
diff --git a/README.md b/README.md
diff --git a/addons/kubeclarity/values.yaml b/addons/kubeclarity/values.yaml
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -42,9 +42,10 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_ebs_encryption_enable"></a> [ebs\_encryption\_enable](#output\_ebs\_encryption\_enable) | Is AWS EBS encryption is enabled or not? |
-| <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | EFS ID |
+| <a name="output_ebs_encryption_enable"></a> [ebs\_encryption\_enable](#output\_ebs\_encryption\_enable) | Whether Amazon Elastic Block Store (EBS) encryption is enabled or not. |
+| <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
-| <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | Internal NGINX Ingress Controller DNS Hostname |
-| <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | NGINX Ingress Controller DNS Hostname |
+| <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
+| <a name="output_kubeclarity_hostname"></a> [kubeclarity\_hostname](#output\_kubeclarity\_hostname) | Hostname for the kubeclarity. |
+| <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -1,7 +1,7 @@
 locals {
   region      = "us-east-2"
   environment = "prod"
-  name        = "skaf"
+  name        = "addons"
   additional_tags = {
     Owner      = "SquareOps"
     Expires    = "Never"
@@ -22,6 +22,8 @@ module "eks_bootstrap" {
   reloader_enabled              = true
   karpenter_enabled             = true
   single_az_sc_config           = [{ name = "infra-service-sc", zone = "us-east-2a" }]
+  kubeclarity_enabled           = false
+  kubeclarity_hostname          = ""
   cert_manager_enabled          = true
   worker_iam_role_name          = ""
   ingress_nginx_enabled         = true
@@ -54,5 +56,4 @@ module "eks_bootstrap" {
     velero_backup_name              = ""
     backup_bucket_name              = ""
   }
-
 }
diff --git a/examples/complete/output.tf b/examples/complete/output.tf
@@ -4,21 +4,26 @@ output "environment" {
 }
 
 output "nginx_ingress_controller_dns_hostname" {
-  description = "NGINX Ingress Controller DNS Hostname"
+  description = "DNS hostname of the NGINX Ingress Controller."
   value       = module.eks_bootstrap.nginx_ingress_controller_dns_hostname
 }
 
 output "ebs_encryption_enable" {
-  description = "Is AWS EBS encryption is enabled or not?"
+  description = "Whether Amazon Elastic Block Store (EBS) encryption is enabled or not."
   value       = "Encrypted by default"
 }
 
 output "efs_id" {
   value       = module.eks_bootstrap.efs_id
-  description = "EFS ID"
+  description = "ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster."
 }
 
 output "internal_nginx_ingress_controller_dns_hostname" {
-  description = "Internal NGINX Ingress Controller DNS Hostname"
+  description = "DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster."
   value       = module.eks_bootstrap.internal_nginx_ingress_controller_dns_hostname
 }
+
+output "kubeclarity_hostname" {
+  value       = module.eks_bootstrap.kubeclarity_hostname
+  description = "Hostname for the kubeclarity."
+}
diff --git a/main.tf b/main.tf
@@ -244,3 +244,26 @@ data "kubernetes_service" "internal-nginx-ingress" {
     namespace = "internal-ingress-nginx"
   }
 }
+
+##KUBECLARITY
+resource "kubernetes_namespace" "internal_nginx" {
+  count = var.kubeclarity_enabled ? 1 : 0
+  metadata {
+    name = var.namespace
+  }
+}
+
+resource "helm_release" "kubeclarity" {
+  count      = var.kubeclarity_enabled ? 1 : 0
+  name       = "kubeclarity"
+  chart      = "kubeclarity"
+  version    = "2.18.0"
+  namespace  = "kubeclarity"
+  repository = "https://openclarity.github.io/kubeclarity"
+  values = [
+    templatefile("${path.module}/addons/kubeclarity/values.yaml", {
+      hostname  = var.kubeclarity_hostname
+      namespace = var.namespace
+    })
+  ]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -4,21 +4,26 @@ output "environment" {
 }
 
 output "nginx_ingress_controller_dns_hostname" {
-  description = "NGINX Ingress Controller DNS Hostname"
+  description = "DNS hostname of the NGINX Ingress Controller."
   value       = data.kubernetes_service.nginx-ingress.status[0].load_balancer[0].ingress[0].hostname
 }
 
 output "ebs_encryption_enable" {
-  description = "Is AWS EBS encryption is enabled or not?"
+  description = "Whether Amazon Elastic Block Store (EBS) encryption is enabled or not."
   value       = "Encrypted by default"
 }
 
 output "efs_id" {
   value       = module.efs.*.efs_id
-  description = "EFS ID"
+  description = "ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster."
 }
 
 output "internal_nginx_ingress_controller_dns_hostname" {
-  description = "Internal NGINX Ingress Controller DNS Hostname"
+  description = "DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster."
   value       = var.internal_ingress_nginx_enabled ? data.kubernetes_service.internal-nginx-ingress.status[0].load_balancer[0].ingress[0].hostname : null
 }
+
+output "kubeclarity_hostname" {
+  value       = var.hostname
+  description = "Hostname for the kubeclarity."
+}
diff --git a/variables.tf b/variables.tf
@@ -1,54 +1,54 @@
 ## COMMON VARIABLES
 variable "amazon_eks_aws_ebs_csi_driver_enabled" {
-  description = "Enable EKS Managed AWS EBS CSI Driver add-on"
+  description = "Whether to enable the EKS Managed AWS EBS CSI Driver add-on or not."
   default     = false
   type        = bool
 }
 
 variable "single_az_ebs_gp3_storage_class_enabled" {
-  description = "Enable Single az storage class."
+  description = "Whether to enable the Single AZ storage class or not."
   default     = false
   type        = bool
 }
 
 variable "single_az_sc_config" {
-  description = "Define the Name and regions for storage class in Key-Value pair."
+  description = "Name and regions for storage class in Key-Value pair."
   default     = []
   type        = list(any)
 }
 
 variable "cluster_autoscaler_enabled" {
-  description = "Enable Cluster autoscaler add-on"
+  description = "Whether to enable the Cluster Autoscaler add-on or not."
   default     = false
   type        = bool
 }
 
 variable "cluster_autoscaler_chart_version" {
-  description = "Mention the version of the cluster autoscaler helm chart"
+  description = "Version of the cluster autoscaler helm chart"
   default     = "9.19.1"
   type        = string
 }
 
 variable "metrics_server_enabled" {
-  description = "Enable metrics server add-on"
+  description = "Enable or disable the metrics server add-on for EKS cluster."
   default     = false
   type        = bool
 }
 
 variable "metrics_server_helm_version" {
-  description = "Mention the version of the metrics server helm chart"
+  description = "Version of the metrics server helm chart"
   default     = "3.8.2"
   type        = string
 }
 
 variable "cert_manager_enabled" {
-  description = "Set true to enable the cert manager for eks"
+  description = "Enable or disable the cert manager add-on for EKS cluster."
   default     = false
   type        = bool
 }
 
 variable "cert_manager_install_letsencrypt_r53_issuers" {
-  description = "Enable to create route53 issuer"
+  description = "Enable or disable the creation of Route53 issuer while installing cert manager."
   default     = false
   type        = bool
 }
@@ -60,49 +60,49 @@ variable "eks_cluster_name" {
 }
 
 variable "efs_storage_class_enabled" {
-  description = "Set to true if you want to enable the EFS"
+  description = "Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster."
   default     = false
   type        = bool
 }
 
 variable "keda_enabled" {
-  description = "Enable KEDA Event-based autoscaler add-on"
+  description = "Enable or disable Kubernetes Event-driven Autoscaling (KEDA) add-on for autoscaling workloads."
   type        = bool
   default     = false
 }
 
 variable "environment" {
-  description = "Environment identifier for the EKS cluster"
+  description = "Environment identifier for the Amazon Elastic Kubernetes Service (EKS) cluster."
   default     = ""
   type        = string
 }
 
 variable "external_secrets_enabled" {
-  description = "Enable External Secrets operator add-on"
+  description = "Enable or disable External Secrets operator add-on for managing external secrets."
   default     = false
   type        = bool
 }
 
 variable "ingress_nginx_enabled" {
-  description = "Enable Ingress Nginx add-on"
+  description = "Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services."
   default     = false
   type        = bool
 }
 
 variable "enable_aws_load_balancer_controller" {
-  description = "Enable AWS Load Balancer Controller add-on"
+  description = "Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes."
   default     = false
   type        = bool
 }
 
 variable "aws_load_balancer_version" {
-  description = "load balancer version for ingress"
+  description = "Specify the version of the AWS Load Balancer Controller for Ingress"
   default     = "1.4.4"
   type        = string
 }
 
 variable "ingress_nginx_version" {
-  description = "Specify the version of the nginx ingress"
+  description = "Specify the version of the NGINX Ingress Controller"
   default     = "4.1.4"
   type        = string
 }
@@ -120,19 +120,19 @@ variable "vpc_id" {
 }
 
 variable "cert_manager_letsencrypt_email" {
-  description = "Enter cert manager email"
+  description = "Specifies the email address to be used by cert-manager to request Let's Encrypt certificates"
   default     = ""
   type        = string
 }
 
 variable "cert_manager_install_letsencrypt_http_issuers" {
-  description = "Set to true to install http issuer"
+  description = "Enable or disable the HTTP issuer for cert-manager"
   default     = false
   type        = bool
 }
 
 variable "kms_key_arn" {
-  description = "KMS key to Encrypt AWS resources"
+  description = "ARN of the KMS key used to encrypt AWS resources in the EKS cluster."
   default     = ""
   type        = string
 }
@@ -144,19 +144,19 @@ variable "kms_policy_arn" {
 }
 
 variable "cluster_propotional_autoscaler_enabled" {
-  description = "Set true to Enable Cluster propotional autoscaler"
+  description = "Enable or disable Cluster propotional autoscaler add-on"
   default     = false
   type        = bool
 }
 
 variable "karpenter_enabled" {
-  description = "Set it to true to enable Karpenter"
+  description = "Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes."
   default     = false
   type        = bool
 }
 
 variable "reloader_enabled" {
-  description = "Set true to enable reloader"
+  description = "Enable or disable Reloader, a Kubernetes controller to watch changes in ConfigMap and Secret objects and trigger an application reload on their changes."
   default     = false
   type        = bool
 }
@@ -168,19 +168,19 @@ variable "worker_iam_role_name" {
 }
 
 variable "aws_node_termination_handler_enabled" {
-  description = "Set it to true to Enable node termination handler"
+  description = "Enable or disable node termination handler"
   default     = false
   type        = bool
 }
 
 variable "amazon_eks_vpc_cni_enabled" {
-  description = "Set true to install VPC CNI addon."
+  description = "Enable or disable the installation of the Amazon EKS VPC CNI addon. "
   default     = false
   type        = bool
 }
 
 variable "service_monitor_crd_enabled" {
-  description = "Set true to install CRDs for service monitor."
+  description = "Enable or disable the installation of Custom Resource Definitions (CRDs) for Prometheus Service Monitor. "
   default     = false
   type        = bool
 }
@@ -192,12 +192,12 @@ variable "istio_enabled" {
 }
 
 variable "velero_enabled" {
-  description = "Enable velero for eks cluster backup"
+  description = "Enable or disable the installation of Velero, which is a backup and restore solution for Kubernetes clusters."
   default     = false
   type        = bool
 }
 variable "velero_config" {
-  description = "velero configurations"
+  description = "Configuration to provide settings for Velero, including which namespaces to backup, retention period, backup schedule, and backup bucket name."
   default = {
     namespaces                      = "" ## If you want full cluster backup, leave it blank else provide namespace.
     slack_notification_token        = ""
@@ -211,12 +211,12 @@ variable "velero_config" {
 }
 
 variable "karpenter_provisioner_enabled" {
-  description = "Enable karpenter provisioner"
+  description = "Enable or disable the installation of Karpenter, which is a Kubernetes cluster autoscaler."
   default     = false
   type        = bool
 }
 variable "karpenter_provisioner_config" {
-  description = "karpenter provisioner configuration"
+  description = "Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types."
   default = {
     private_subnet_name    = ""
     instance_capacity_type = ["spot"]
@@ -226,7 +226,7 @@ variable "karpenter_provisioner_config" {
 }
 
 variable "internal_ingress_nginx_enabled" {
-  description = "Set it to true to deploy internal ingress controller"
+  description = "Enable or disable the deployment of an internal ingress controller for Kubernetes."
   default     = false
   type        = bool
 }
@@ -236,3 +236,21 @@ variable "node_termination_handler_version" {
   default     = "0.21.0"
   type        = string
 }
+
+variable "kubeclarity_hostname" {
+  description = "Specify the hostname for the Kubeclarity. "
+  default     = ""
+  type        = string
+}
+
+variable "kubeclarity_enabled" {
+  description = "Enable or disable the deployment of an kubeclarity for Kubernetes."
+  default     = false
+  type        = bool
+}
+
+variable "kubeclarity_namespace" {
+  description = "Name of the Kubernetes namespace where the kubeclarity deployment will be deployed."
+  default     = "kubeclarity"
+  type        = string
+}