Added Istio Ingressgateway DNS value as output, code refactoring as p…

…er pre-commit hooks
squareops · Jul 21, 2023 · 60794ff · 60794ff
1 parent c1335c3
commit 60794ff
Show file tree

Hide file tree

Showing 23 changed files with 120 additions and 68 deletions.
diff --git a/README.md b/README.md
@@ -208,7 +208,6 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_efs"></a> [efs](#module\_efs) | ./addons/efs | n/a |
-| <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./addons/external_secrets | n/a |
 | <a name="module_istio"></a> [istio](#module\_istio) | ./addons/istio | n/a |
 | <a name="module_k8s_addons"></a> [k8s\_addons](#module\_k8s\_addons) | ./EKS-Blueprint/modules/kubernetes-addons | n/a |
 | <a name="module_karpenter_provisioner"></a> [karpenter\_provisioner](#module\_karpenter\_provisioner) | ./addons/karpenter_provisioner | n/a |
@@ -223,8 +222,11 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | [aws_eks_addon.kubecost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_instance_profile.karpenter_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
 | [helm_release.cert_manager_le_http](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.coredns-hpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.internal_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kubeclarity](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.metrics-server-vpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vpa-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_ingress_v1.kubecost](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource |
 | [kubernetes_namespace.internal_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube_clarity](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -236,6 +238,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [kubernetes_service.internal-nginx-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
+| [kubernetes_service.istio-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
 | [kubernetes_service.nginx-ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
 
 ## Inputs
@@ -254,6 +257,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_cluster_autoscaler_enabled"></a> [cluster\_autoscaler\_enabled](#input\_cluster\_autoscaler\_enabled) | Whether to enable the Cluster Autoscaler add-on or not. | `bool` | `false` | no |
 | <a name="input_cluster_issuer"></a> [cluster\_issuer](#input\_cluster\_issuer) | Specify the letsecrypt cluster-issuer for ingress tls. | `string` | `"letsencrypt-prod"` | no |
 | <a name="input_cluster_propotional_autoscaler_enabled"></a> [cluster\_propotional\_autoscaler\_enabled](#input\_cluster\_propotional\_autoscaler\_enabled) | Enable or disable Cluster propotional autoscaler add-on | `bool` | `false` | no |
+| <a name="input_core_dns_hpa_config"></a> [core\_dns\_hpa\_config](#input\_core\_dns\_hpa\_config) | Configuration to provide settings of hpa over core dns | `any` | <pre>{<br>  "corednsdeploymentname": "coredns",<br>  "maxReplicas": 10,<br>  "minReplicas": 2,<br>  "targetCPUUtilizationPercentage": 80,<br>  "targetMemoryUtilizationPercentage": "150Mi"<br>}</pre> | no |
 | <a name="input_efs_storage_class_enabled"></a> [efs\_storage\_class\_enabled](#input\_efs\_storage\_class\_enabled) | Enable or disable the Amazon Elastic File System (EFS) add-on for EKS cluster. | `bool` | `false` | no |
 | <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | Fetch Cluster ID of the cluster | `string` | `""` | no |
 | <a name="input_enable_aws_load_balancer_controller"></a> [enable\_aws\_load\_balancer\_controller](#input\_enable\_aws\_load\_balancer\_controller) | Enable or disable AWS Load Balancer Controller add-on for managing and controlling load balancers in Kubernetes. | `bool` | `false` | no |
@@ -262,7 +266,8 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_ingress_nginx_enabled"></a> [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable or disable Nginx Ingress Controller add-on for routing external traffic to Kubernetes services. | `bool` | `false` | no |
 | <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Specify the version of the NGINX Ingress Controller | `string` | `"4.7.0"` | no |
 | <a name="input_internal_ingress_nginx_enabled"></a> [internal\_ingress\_nginx\_enabled](#input\_internal\_ingress\_nginx\_enabled) | Enable or disable the deployment of an internal ingress controller for Kubernetes. | `bool` | `false` | no |
-| <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | Whether enable IPv6 or not | `bool` | `false` | no |
+| <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | whether IPv6 enabled or not | `bool` | `false` | no |
+| <a name="input_istio_config"></a> [istio\_config](#input\_istio\_config) | Configuration to provide settings for Istio | `any` | <pre>{<br>  "cert_manager_cluster_issuer_enabled": false,<br>  "egress_gateway_enabled": false,<br>  "egress_gateway_namespace": "istio-egressgateway",<br>  "envoy_access_logs_enabled": false,<br>  "ingress_gateway_enabled": true,<br>  "ingress_gateway_namespace": "istio-ingressgateway",<br>  "observability_enabled": true,<br>  "prometheus_monitoring_enabled": false<br>}</pre> | no |
 | <a name="input_istio_enabled"></a> [istio\_enabled](#input\_istio\_enabled) | Enable istio for service mesh. | `bool` | `false` | no |
 | <a name="input_karpenter_enabled"></a> [karpenter\_enabled](#input\_karpenter\_enabled) | Enable or disable Karpenter, a Kubernetes-native, multi-tenant, and auto-scaling solution for containerized workloads on Kubernetes. | `bool` | `false` | no |
 | <a name="input_karpenter_provisioner_config"></a> [karpenter\_provisioner\_config](#input\_karpenter\_provisioner\_config) | Configuration to provide settings for Karpenter, including which private subnet to use, instance capacity types, and excluded instance types. | `any` | <pre>{<br>  "excluded_instance_type": [<br>    "nano",<br>    "micro",<br>    "small"<br>  ],<br>  "instance_capacity_type": [<br>    "spot"<br>  ],<br>  "instance_hypervisor": [<br>    "nitro"<br>  ],<br>  "private_subnet_name": ""<br>}</pre> | no |
@@ -277,6 +282,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="input_kubecost_hostname"></a> [kubecost\_hostname](#input\_kubecost\_hostname) | Specify the hostname for the kubecsot. | `string` | `""` | no |
 | <a name="input_metrics_server_enabled"></a> [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable or disable the metrics server add-on for EKS cluster. | `bool` | `false` | no |
 | <a name="input_metrics_server_helm_version"></a> [metrics\_server\_helm\_version](#input\_metrics\_server\_helm\_version) | Version of the metrics server helm chart | `string` | `"3.8.2"` | no |
+| <a name="input_metrics_server_vpa_config"></a> [metrics\_server\_vpa\_config](#input\_metrics\_server\_vpa\_config) | Configuration to provide settings of vpa over metrics server | `any` | <pre>{<br>  "maxCPU": "100m",<br>  "maxMemory": "500Mi",<br>  "metricsServerDeploymentName": "metrics-server",<br>  "minCPU": "25m",<br>  "minMemory": "150Mi"<br>}</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | Specify the name prefix of the EKS cluster resources. | `string` | `""` | no |
 | <a name="input_node_termination_handler_version"></a> [node\_termination\_handler\_version](#input\_node\_termination\_handler\_version) | Specify the version of node termination handler | `string` | `"0.21.0"` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets of the VPC which can be used by EFS | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
@@ -298,6 +304,7 @@ Before enabling the **Kubecost** addon for your Amazon EKS cluster, please make
 | <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
 | <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
+| <a name="output_istio_ingressgateway_dns_hostname"></a> [istio\_ingressgateway\_dns\_hostname](#output\_istio\_ingressgateway\_dns\_hostname) | DNS hostname of the Istio Ingress Gateway. |
 | <a name="output_kubeclarity"></a> [kubeclarity](#output\_kubeclarity) | Kubeclarity\_Info |
 | <a name="output_kubecost"></a> [kubecost](#output\_kubecost) | Kubecost\_Info |
 | <a name="output_nginx_ingress_controller_dns_hostname"></a> [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller. |

diff --git a/addons/core_dns_hpa/Chart.yaml b/addons/core_dns_hpa/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart add hpa on coredns
 name: corednshpa
-version: 1.0.0
+version: 1.0.0
diff --git a/addons/core_dns_hpa/templates/hpa.yaml b/addons/core_dns_hpa/templates/hpa.yaml
@@ -26,10 +26,10 @@ spec:
    name: coredns
  minReplicas: {{ .Values.minReplicas}}
  maxReplicas: {{ .Values.maxReplicas}}
- metrics: 
+ metrics:
   - type: Resource
     resource:
-      name: memory 
+      name: memory
       target:
-        type: Utilization 
-        averageValue: {{ .Values.targetMemoryUtilizationPercentage}}
+        type: Utilization
+        averageValue: {{ .Values.targetMemoryUtilizationPercentage}}
diff --git a/addons/core_dns_hpa/values.yaml b/addons/core_dns_hpa/values.yaml
@@ -2,4 +2,4 @@ corednsdeploymentname: ${corednsdeploymentname}
 minReplicas: ${minReplicas}
 maxReplicas: ${maxReplicas}
 targetCPUUtilizationPercentage: ${targetCPUUtilizationPercentage}
-targetMemoryUtilizationPercentage: ${targetMemoryUtilizationPercentage}
+targetMemoryUtilizationPercentage: ${targetMemoryUtilizationPercentage}
diff --git a/addons/istio/README.md b/addons/istio/README.md
@@ -25,13 +25,27 @@ No modules.
 | Name | Type |
 |------|------|
 | [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.istio_egress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.istio_ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.istio_observability](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.istio_egress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cert_manager_cluster_issuer_enabled"></a> [cert\_manager\_cluster\_issuer\_enabled](#input\_cert\_manager\_cluster\_issuer\_enabled) | Enable or disable the installation of LetsEncrypt Cluster issuer with istio Class | `bool` | `false` | no |
+| <a name="input_cert_manager_letsencrypt_email"></a> [cert\_manager\_letsencrypt\_email](#input\_cert\_manager\_letsencrypt\_email) | Specifies the email address to be used by cert-manager to request Let's Encrypt certificates | `string` | n/a | yes |
+| <a name="input_egress_gateway_enabled"></a> [egress\_gateway\_enabled](#input\_egress\_gateway\_enabled) | Enable or disable the installation of Istio Egress Gateway. | `bool` | `false` | no |
+| <a name="input_egress_gateway_namespace"></a> [egress\_gateway\_namespace](#input\_egress\_gateway\_namespace) | Name of the Kubernetes namespace where the Istio Egress Gateway will be deployed. | `string` | `"istio-egressgateway"` | no |
+| <a name="input_envoy_access_logs_enabled"></a> [envoy\_access\_logs\_enabled](#input\_envoy\_access\_logs\_enabled) | Enable or disable the installation of Envoy access logs across Mesh | `bool` | `false` | no |
+| <a name="input_ingress_gateway_enabled"></a> [ingress\_gateway\_enabled](#input\_ingress\_gateway\_enabled) | Enable or disable the installation of Istio Ingress Gateway. | `bool` | `true` | no |
+| <a name="input_ingress_gateway_namespace"></a> [ingress\_gateway\_namespace](#input\_ingress\_gateway\_namespace) | Name of the Kubernetes namespace where the Istio Ingress Gateway will be deployed | `string` | `"istio-ingressgateway"` | no |
+| <a name="input_observability_enabled"></a> [observability\_enabled](#input\_observability\_enabled) | Enable or disable the installation of observability components | `bool` | `false` | no |
+| <a name="input_prometheus_monitoring_enabled"></a> [prometheus\_monitoring\_enabled](#input\_prometheus\_monitoring\_enabled) | Enable or disable the installation of Prometheus Operator's servicemonitor to monitor Istio Controlplane and Dataplane | `bool` | `false` | no |
 
 ## Outputs
 

diff --git a/addons/istio/istio-observability/templates/clusterissuer.yaml b/addons/istio/istio-observability/templates/clusterissuer.yaml
@@ -14,4 +14,4 @@ spec:
     - http01:
         ingress:
           class: istio
-{{- end }}
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/enable-access-logs.yaml b/addons/istio/istio-observability/templates/enable-access-logs.yaml
@@ -8,4 +8,4 @@ spec:
   accessLogging:
     - providers:
       - name: envoy
-{{- end }}
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/service-monitor-control-plane.yaml b/addons/istio/istio-observability/templates/service-monitor-control-plane.yaml
@@ -17,4 +17,4 @@ spec:
   endpoints:
   - port: http-monitoring
     interval: 15s
-{{- end }}
+{{- end }}
diff --git a/addons/istio/istio-observability/templates/service-monitor-dataplane.yaml b/addons/istio/istio-observability/templates/service-monitor-dataplane.yaml
@@ -29,4 +29,4 @@ spec:
     - sourceLabels: [__meta_kubernetes_pod_name]
       action: replace
       targetLabel: pod_name
-{{- end }}
+{{- end }}
diff --git a/addons/istio/istio-observability/values.yaml b/addons/istio/istio-observability/values.yaml
@@ -6,4 +6,4 @@ monitoring:
 
 clusterIssuer:
   enabled: "${cert_manager_cluster_issuer_enabled}"
-  email: "${cert_manager_letsencrypt_email}"
+  email: "${cert_manager_letsencrypt_email}"
diff --git a/addons/istio/main.tf b/addons/istio/main.tf
@@ -28,7 +28,7 @@ resource "helm_release" "istiod" {
 resource "kubernetes_namespace" "istio_ingress" {
 
   depends_on = [helm_release.istiod]
-  count  = var.ingress_gateway_enabled ? 1: 0
+  count      = var.ingress_gateway_enabled ? 1 : 0
 
   metadata {
     name = var.ingress_gateway_namespace
@@ -38,7 +38,7 @@ resource "kubernetes_namespace" "istio_ingress" {
 
 resource "helm_release" "istio_ingress" {
   depends_on = [helm_release.istiod, kubernetes_namespace.istio_ingress]
-  count  = var.ingress_gateway_enabled ? 1: 0
+  count      = var.ingress_gateway_enabled ? 1 : 0
   name       = "istio-ingressgateway"
   repository = "https://istio-release.storage.googleapis.com/charts"
   chart      = "gateway"
@@ -67,7 +67,7 @@ resource "helm_release" "istio_ingress" {
 resource "kubernetes_namespace" "istio_egress" {
 
   depends_on = [helm_release.istiod]
-  count  = var.egress_gateway_enabled ? 1: 0
+  count      = var.egress_gateway_enabled ? 1 : 0
 
   metadata {
     name = var.egress_gateway_namespace
@@ -76,7 +76,7 @@ resource "kubernetes_namespace" "istio_egress" {
 }
 resource "helm_release" "istio_egress" {
   depends_on = [helm_release.istiod, kubernetes_namespace.istio_egress]
-  count  = var.egress_gateway_enabled ? 1: 0
+  count      = var.egress_gateway_enabled ? 1 : 0
 
   name       = "istio-egressgateway"
   repository = "https://istio-release.storage.googleapis.com/charts"
@@ -103,7 +103,7 @@ resource "helm_release" "istio_egress" {
 
 resource "helm_release" "istio_observability" {
   depends_on = [helm_release.istiod]
-  count  = var.observability_enabled ? 1: 0
+  count      = var.observability_enabled ? 1 : 0
   name       = "istio-observability"
   chart      = "${path.module}/istio-observability/"
   namespace  = "istio-system"
@@ -123,4 +123,4 @@ resource "helm_release" "istio_observability" {
     name  = "clusterIssuer.email"
     value = var.cert_manager_letsencrypt_email
   }
-}
+}
diff --git a/addons/istio/variables.tf b/addons/istio/variables.tf
@@ -49,5 +49,3 @@ variable "cert_manager_letsencrypt_email" {
   description = "Specifies the email address to be used by cert-manager to request Let's Encrypt certificates"
   type        = string
 }
-
-
diff --git a/addons/metrics_server/metrics_server.yaml b/addons/metrics_server/metrics_server.yaml
@@ -32,4 +32,4 @@ resources:
 podAnnotations:
   co.elastic.logs/enabled: "true"
 
-replicas: 2
+replicas: 2
diff --git a/addons/metrics_server_vpa/Chart.yaml b/addons/metrics_server_vpa/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart add vpa on metrics-server
 name: metricsservervpa
-version: 1.0.0
+version: 1.0.0
diff --git a/addons/metrics_server_vpa/templates/vpa.yaml b/addons/metrics_server_vpa/templates/vpa.yaml
@@ -7,16 +7,16 @@ spec:
   targetRef:
     apiVersion: "apps/v1"
     kind: Deployment
-    name: {{ .Values.metricsServerDeploymentName}}   
+    name: {{ .Values.metricsServerDeploymentName}}
   updatePolicy:
-    updateMode: "Auto"       
+    updateMode: "Auto"
   resourcePolicy:
     containerPolicies:
       - containerName: '*'
         minAllowed:
-          cpu: {{ .Values.minCPU}}  
-          memory: {{ .Values.minMemory}}   
+          cpu: {{ .Values.minCPU}}
+          memory: {{ .Values.minMemory}}
         maxAllowed:
-          cpu: {{ .Values.maxCPU}}     
-          memory: {{ .Values.maxMemory}} 
+          cpu: {{ .Values.maxCPU}}
+          memory: {{ .Values.maxMemory}}
         controlledResources: ["cpu", "memory"]
diff --git a/addons/metrics_server_vpa/values.yaml b/addons/metrics_server_vpa/values.yaml
@@ -2,4 +2,4 @@ metricsServerDeploymentName: ${metricsServerDeploymentName}
 minCPU: ${minCPU}
 minMemory: ${minMemory}
 maxCPU: ${maxCPU}
-maxMemory: ${maxMemory}
+maxMemory: ${maxMemory}
diff --git a/addons/velero/main.tf b/addons/velero/main.tf
@@ -75,7 +75,7 @@ resource "aws_iam_policy" "velero_iam_policy" {
             "s3:GetObjectVersion",
             "s3:ListObjects",
             "s3:ListBucketVersions",
-            "sts:AssumeRole"	,			
+            "sts:AssumeRole"	,
             "autoscaling:CreateAutoScalingGroup",
             "autoscaling:DeleteAutoScalingGroup",
             "autoscaling:UpdateAutoScalingGroup",