diff --git a/README.md b/README.md
index 80832f4..7630ada 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
|------|--------|---------|
| [apigatewayv2](#module\_apigatewayv2) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
| [dynamodb](#module\_dynamodb) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| [elasticache](#module\_elasticache) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
| [emrcontainers](#module\_emrcontainers) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
| [eventbridge](#module\_eventbridge) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
| [prometheusservice](#module\_prometheusservice) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
@@ -92,9 +93,11 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
| [dynamodb](#input\_dynamodb) | ACK dynamodb Helm Chart config | `any` | `{}` | no |
| [ecrpublic\_token](#input\_ecrpublic\_token) | Password decoded from the authorization token for accessing public ECR | `string` | `""` | no |
| [ecrpublic\_username](#input\_ecrpublic\_username) | User name decoded from the authorization token for accessing public ECR | `string` | `""` | no |
+| [elasticache](#input\_elasticache) | ACK elasticache Helm Chart config | `any` | `{}` | no |
| [emrcontainers](#input\_emrcontainers) | ACK EMR container Helm Chart config | `any` | `{}` | no |
| [enable\_apigatewayv2](#input\_enable\_apigatewayv2) | Enable ACK API gateway v2 add-on | `bool` | `false` | no |
| [enable\_dynamodb](#input\_enable\_dynamodb) | Enable ACK dynamodb add-on | `bool` | `false` | no |
+| [enable\_elasticache](#input\_enable\_elasticache) | Enable ACK elasticache add-on | `bool` | `false` | no |
| [enable\_emrcontainers](#input\_enable\_emrcontainers) | Enable ACK EMR container add-on | `bool` | `false` | no |
| [enable\_eventbridge](#input\_enable\_eventbridge) | Enable ACK EventBridge add-on | `bool` | `false` | no |
| [enable\_prometheusservice](#input\_enable\_prometheusservice) | Enable ACK prometheusservice add-on | `bool` | `false` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 7256353..a1948f6 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -6,6 +6,7 @@ Configuration in this directory creates an AWS EKS cluster with the following AC
- ACK DynamoDB controller
- ACK RDS controller
- ACK S3 controller
+- ACK Elasticache controller
In addition, this example provisions a sample application which demonstrates using the ACK controllers for resource provisioning.
The arhchitecture looks like this:
@@ -48,6 +49,7 @@ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ack-api-gateway ack-api-gateway-75499bfcfd-d5627 1/1 Running 0 26s
ack-dynamodb ack-dynamodb-76fdf5cf77-jpwd9 1/1 Running 0 26s
+ack-elasticache ack-elasticache-45eeg7dv12-m5asf 1/1 Running 0 26s
ack-rds ack-rds-85c7ccdbf6-tkpvz 1/1 Running 0 26s
ack-s3 ack-s3-7f4c79cbc8-g4tgl 1/1 Running 0 26s
kube-system aws-load-balancer-controller-596d8cb765-wwmzt 1/1 Running 0 26s
diff --git a/examples/complete/sample-app/elasticache.yaml b/examples/complete/sample-app/elasticache.yaml
new file mode 100644
index 0000000..bf83e44
--- /dev/null
+++ b/examples/complete/sample-app/elasticache.yaml
@@ -0,0 +1,82 @@
+---
+# https://aws-controllers-k8s.github.io/community/reference/elasticache/v1alpha1/cacheparametergroup/
+apiVersion: elasticache.services.k8s.aws/v1alpha1
+kind: CacheParameterGroup
+metadata:
+ name: # cache parameter group name
+spec:
+ cacheParameterGroupName: # cache parameter group name
+ cacheParameterGroupFamily: # cache parameter group family
+ description: # cache parameter group description
+ parameterNameValues:
+ # below is an example
+ - parameterName: "TIMEOUT" # parameter name
+ parameterValue: "100" # parameter value
+ # Add more parameter name and value pairs as needed
+
+---
+
+# https://aws-controllers-k8s.github.io/community/reference/ec2/v1alpha1/securitygroup/
+apiVersion: ec2.services.k8s.aws/v1alpha1
+kind: SecurityGroup
+metadata:
+ name: # security group name
+spec:
+ description: # security group description
+ ingressRules:
+ - fromPort: 6379 # allow redis port
+ toPort: 6379 # allow redis port
+ ipProtocol: tcp
+ ipRanges:
+ - cidrIP: # allow traffic from the same VPC ...
+ description:
+ egressRules:
+ - fromPort: 0
+ toPort: 65535
+ ipProtocol: tcp
+---
+
+# https://aws-controllers-k8s.github.io/community/reference/elasticache/v1alpha1/cachesubnetgroup/
+apiVersion: elasticache.services.k8s.aws/v1alpha1
+kind: CacheSubnetGroup
+metadata:
+ name: # cache subnet group name
+spec:
+ cacheSubnetGroupName: # cache subnet group name
+ cacheSubnetGroupDescription: # cache subnet group description
+ description: # cache subnet group description
+ subnetIDs:
+ - # subnet ID 1
+ - # subnet ID 2
+ - # subnet ID 3
+ # Add more subnet IDs as needed
+
+---
+
+# https://aws-controllers-k8s.github.io/community/reference/elasticache/v1alpha1/replicationgroup/
+apiVersion: elasticache.services.k8s.aws/v1alpha1
+kind: ReplicationGroup
+metadata:
+ name: # resource name
+spec:
+ engine: redis
+ engineVersion: 7.1 # or 6.x, check https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html
+ replicationGroupID: # replication group id
+ replicationGroupDescription: # replication group description
+ automaticFailoverEnabled: true # or false
+ cacheNodeType: cache.t2.micro # check https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html
+ numNodeGroups: 1 # depending on your usage
+ replicasPerNodeGroup: 1 # depending on your usage
+ multiAZEnabled: false # or true
+ atRestEncryptionEnabled: false # or true
+ port: 6379 # or 6379
+ snapshotRetentionLimit: 0 # or any number
+ cacheParameterGroupRef:
+ from:
+ name: # cache parameter group name
+ cacheSubnetGroupRef:
+ from:
+ name: # cache subnet group name
+ securityGroupRefs:
+ from:
+ name: # security group name
diff --git a/main.tf b/main.tf
index c892f18..ad67971 100644
--- a/main.tf
+++ b/main.tf
@@ -328,6 +328,104 @@ module "s3" {
tags = var.tags
}
+################################################################################
+# elasticache
+################################################################################
+
+locals {
+ elasticache_name = "ack-elasticache"
+}
+
+module "elasticache" {
+ source = "aws-ia/eks-blueprints-addon/aws"
+ version = "1.1.1"
+
+ create = var.enable_elasticache
+
+ # Disable helm release
+ create_release = var.create_kubernetes_resources
+
+ # public.ecr.aws/aws-controllers-k8s/elasticache-chart:0.0.27
+ name = try(var.elasticache.name, local.elasticache_name)
+ description = try(var.elasticache.description, "Helm Chart for elasticache controller for ACK")
+ namespace = try(var.elasticache.namespace, local.elasticache_name)
+ create_namespace = try(var.elasticache.create_namespace, true)
+ chart = "elasticache-chart"
+ chart_version = try(var.elasticache.chart_version, "0.0.27")
+ repository = try(var.elasticache.repository, "oci://public.ecr.aws/aws-controllers-k8s")
+ values = try(var.elasticache.values, [])
+
+ timeout = try(var.elasticache.timeout, null)
+ repository_key_file = try(var.elasticache.repository_key_file, null)
+ repository_cert_file = try(var.elasticache.repository_cert_file, null)
+ repository_ca_file = try(var.elasticache.repository_ca_file, null)
+ repository_username = try(var.apigatewayv2.repository_username, local.repository_username)
+ repository_password = try(var.apigatewayv2.repository_password, local.repository_password)
+ devel = try(var.elasticache.devel, null)
+ verify = try(var.elasticache.verify, null)
+ keyring = try(var.elasticache.keyring, null)
+ disable_webhooks = try(var.elasticache.disable_webhooks, null)
+ reuse_values = try(var.elasticache.reuse_values, null)
+ reset_values = try(var.elasticache.reset_values, null)
+ force_update = try(var.elasticache.force_update, null)
+ recreate_pods = try(var.elasticache.recreate_pods, null)
+ cleanup_on_fail = try(var.elasticache.cleanup_on_fail, null)
+ max_history = try(var.elasticache.max_history, null)
+ atomic = try(var.elasticache.atomic, null)
+ skip_crds = try(var.elasticache.skip_crds, null)
+ render_subchart_notes = try(var.elasticache.render_subchart_notes, null)
+ disable_openapi_validation = try(var.elasticache.disable_openapi_validation, null)
+ wait = try(var.elasticache.wait, false)
+ wait_for_jobs = try(var.elasticache.wait_for_jobs, null)
+ dependency_update = try(var.elasticache.dependency_update, null)
+ replace = try(var.elasticache.replace, null)
+ lint = try(var.elasticache.lint, null)
+
+ postrender = try(var.elasticache.postrender, [])
+
+ set = concat([
+ {
+ # shortens pod name from `ack-elasticache-elasticache-chart-xxxxxxxxxxxxx` to `ack-elasticache-xxxxxxxxxxxxx`
+ name = "nameOverride"
+ value = "ack-elasticache"
+ },
+ {
+ name = "aws.region"
+ value = local.region
+ },
+ {
+ name = "serviceAccount.name"
+ value = local.elasticache_name
+ }],
+ try(var.elasticache.set, [])
+ )
+ set_sensitive = try(var.elasticache.set_sensitive, [])
+
+
+ # IAM role for service account (IRSA)
+ set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+ create_role = try(var.elasticache.create_role, true)
+ role_name = try(var.elasticache.role_name, "ack-elasticache")
+ role_name_use_prefix = try(var.elasticache.role_name_use_prefix, true)
+ role_path = try(var.elasticache.role_path, "/")
+ role_permissions_boundary_arn = lookup(var.elasticache, "role_permissions_boundary_arn", null)
+ role_description = try(var.elasticache.role_description, "IRSA for elasticache controller for ACK")
+ role_policies = lookup(var.elasticache, "role_policies", {
+ AmazonElastiCacheFullAccess = "${local.iam_role_policy_prefix}/AmazonElastiCacheFullAccess"
+ })
+ create_policy = try(var.elasticache.create_policy, false)
+
+ oidc_providers = {
+ this = {
+ provider_arn = local.oidc_provider_arn
+ # namespace is inherited from chart
+ service_account = local.elasticache_name
+ }
+ }
+
+ tags = var.tags
+}
+
################################################################################
# RDS
################################################################################
diff --git a/outputs.tf b/outputs.tf
index 8270ac9..1c270f9 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -58,6 +58,12 @@ output "gitops_metadata" {
namespace = try(var.eventbridge.namespace, local.eventbridge_name)
service_account = local.eventbridge_name
} : "ack_eventbridge_${k}" => v if var.enable_eventbridge
+ },
+ { for k, v in {
+ iam_role_arn = module.elasticache.iam_role_arn
+ namespace = try(var.elasticache.namespace, local.elasticache_name)
+ service_account = local.elasticache_name
+ } : "ack_elasticache_${k}" => v if var.enable_elasticache
}
)
}
diff --git a/variables.tf b/variables.tf
index eca6f69..966934f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -91,6 +91,22 @@ variable "s3" {
default = {}
}
+################################################################################
+# S3
+################################################################################
+
+variable "enable_elasticache" {
+ description = "Enable ACK elasticache add-on"
+ type = bool
+ default = false
+}
+
+variable "elasticache" {
+ description = "ACK elasticache Helm Chart config"
+ type = any
+ default = {}
+}
+
################################################################################
# RDS
################################################################################