feat: Adds support for GitOps-Bridge (#47)

Signed-off-by: Carlos Santana <[email protected]>
aws-ia · Oct 4, 2023 · 6545e95 · 6545e95
1 parent 701b266
commit 6545e95
Show file tree

Hide file tree

Showing 4 changed files with 123 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -59,14 +59,14 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_apigatewayv2"></a> [apigatewayv2](#module\_apigatewayv2) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_dynamodb"></a> [dynamodb](#module\_dynamodb) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_emrcontainers"></a> [emrcontainers](#module\_emrcontainers) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_prometheusservice"></a> [prometheusservice](#module\_prometheusservice) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_rds"></a> [rds](#module\_rds) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_s3"></a> [s3](#module\_s3) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
-| <a name="module_sfn"></a> [sfn](#module\_sfn) | aws-ia/eks-blueprints-addon/aws | 1.1.0 |
+| <a name="module_apigatewayv2"></a> [apigatewayv2](#module\_apigatewayv2) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_dynamodb"></a> [dynamodb](#module\_dynamodb) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_emrcontainers"></a> [emrcontainers](#module\_emrcontainers) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_prometheusservice"></a> [prometheusservice](#module\_prometheusservice) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_rds"></a> [rds](#module\_rds) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_s3"></a> [s3](#module\_s3) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_sfn"></a> [sfn](#module\_sfn) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 
 ## Resources
 
@@ -88,9 +88,10 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_create_delay_dependencies"></a> [create\_delay\_dependencies](#input\_create\_delay\_dependencies) | Dependency attribute which must be resolved before starting the `create_delay_duration` | `list(string)` | `[]` | no |
 | <a name="input_create_delay_duration"></a> [create\_delay\_duration](#input\_create\_delay\_duration) | The duration to wait before creating resources | `string` | `"30s"` | no |
+| <a name="input_create_kubernetes_resources"></a> [create\_kubernetes\_resources](#input\_create\_kubernetes\_resources) | Create Kubernetes resource with Helm or Kubernetes provider | `bool` | `true` | no |
 | <a name="input_dynamodb"></a> [dynamodb](#input\_dynamodb) | ACK dynamodb Helm Chart config | `any` | `{}` | no |
-| <a name="input_ecrpublic_token"></a> [ecrpublic\_token](#input\_ecrpublic\_token) | Password decoded from the authorization token for accessing public ECR | `string` | n/a | yes |
-| <a name="input_ecrpublic_username"></a> [ecrpublic\_username](#input\_ecrpublic\_username) | User name decoded from the authorization token for accessing public ECR | `string` | n/a | yes |
+| <a name="input_ecrpublic_token"></a> [ecrpublic\_token](#input\_ecrpublic\_token) | Password decoded from the authorization token for accessing public ECR | `string` | `""` | no |
+| <a name="input_ecrpublic_username"></a> [ecrpublic\_username](#input\_ecrpublic\_username) | User name decoded from the authorization token for accessing public ECR | `string` | `""` | no |
 | <a name="input_emrcontainers"></a> [emrcontainers](#input\_emrcontainers) | ACK EMR container Helm Chart config | `any` | `{}` | no |
 | <a name="input_enable_apigatewayv2"></a> [enable\_apigatewayv2](#input\_enable\_apigatewayv2) | Enable ACK API gateway v2 add-on | `bool` | `false` | no |
 | <a name="input_enable_dynamodb"></a> [enable\_dynamodb](#input\_enable\_dynamodb) | Enable ACK dynamodb add-on | `bool` | `false` | no |
@@ -110,7 +111,9 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_gitops_metadata"></a> [gitops\_metadata](#output\_gitops\_metadata) | GitOps Bridge metadata |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Community

diff --git a/main.tf b/main.tf
@@ -28,8 +28,8 @@ locals {
   iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy"
 
   # ECR Credentials
-  repository_username = var.ecrpublic_username
-  repository_password = var.ecrpublic_token
+  repository_username = var.create_kubernetes_resources ? var.ecrpublic_username : ""
+  repository_password = var.create_kubernetes_resources ? var.ecrpublic_token : ""
 }
 
 
@@ -43,10 +43,13 @@ locals {
 
 module "apigatewayv2" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_apigatewayv2
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/apigatewayv2-chart:1.0.3
   name             = try(var.apigatewayv2.name, local.apigatewayv2_name)
   description      = try(var.apigatewayv2.description, "Helm Chart for apigatewayv2 controller for ACK")
@@ -139,10 +142,13 @@ locals {
 
 module "dynamodb" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_dynamodb
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/dynamodb-chart:1.1.1
   name             = try(var.dynamodb.name, local.dynamodb_name)
   description      = try(var.dynamodb.description, "Helm Chart for dynamodb controller for ACK")
@@ -234,10 +240,13 @@ locals {
 
 module "s3" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_s3
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/s3-chart:1.0.4
   name             = try(var.s3.name, local.s3_name)
   description      = try(var.s3.description, "Helm Chart for s3 controller for ACK")
@@ -329,10 +338,13 @@ locals {
 
 module "rds" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_rds
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/rds-chart:1.1.4
   name             = try(var.rds.name, local.rds_name)
   description      = try(var.rds.description, "Helm Chart for rds controller for ACK")
@@ -424,10 +436,13 @@ locals {
 
 module "prometheusservice" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_prometheusservice
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/prometheusservice_name-chart:1.2.3
   name             = try(var.prometheusservice.name, local.prometheusservice_name)
   description      = try(var.prometheusservice.description, "Helm Chart for prometheusservice controller for ACK")
@@ -519,10 +534,13 @@ locals {
 
 module "emrcontainers" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_emrcontainers
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/emrcontainers_name-chart:1.0.1
   name             = try(var.emrcontainers.name, local.emrcontainers_name)
   description      = try(var.emrcontainers.description, "Helm Chart for emrcontainers controller for ACK")
@@ -699,10 +717,13 @@ locals {
 
 module "sfn" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_sfn
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/sfn_name-chart:1.0.2
   name             = try(var.sfn.name, local.sfn_name)
   description      = try(var.sfn.description, "Helm Chart for sfn controller for ACK")
@@ -821,10 +842,13 @@ locals {
 
 module "eventbridge" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.1.0"
+  version = "1.1.1"
 
   create = var.enable_eventbridge
 
+  # Disable helm release
+  create_release = var.create_kubernetes_resources
+
   # public.ecr.aws/aws-controllers-k8s/eventbridge_name-chart:1.0.1
   name             = try(var.eventbridge.name, local.eventbridge_name)
   description      = try(var.eventbridge.description, "Helm Chart for eventbridge controller for ACK")

diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,63 @@
+
+################################################################################
+# GitOps Bridge
+################################################################################
+/*
+This output is intended to be used with GitOps when the addons' Helm charts
+are going to be installed by a GitOps tool such as ArgoCD or FluxCD.
+We guarantee that this output will be maintained any time a new addon is
+added or an addon is updated, and new metadata for the Helm chart is needed.
+*/
+output "gitops_metadata" {
+  description = "GitOps Bridge metadata"
+  value = merge(
+    { for k, v in {
+      iam_role_arn    = module.apigatewayv2.iam_role_arn
+      namespace       = try(var.apigatewayv2.namespace, local.apigatewayv2_name)
+      service_account = local.apigatewayv2_name
+      } : "ack_apigatewayv2_${k}" => v if var.enable_apigatewayv2
+    },
+    { for k, v in {
+      iam_role_arn    = module.dynamodb.iam_role_arn
+      namespace       = try(var.dynamodb.namespace, local.dynamodb_name)
+      service_account = local.dynamodb_name
+      } : "ack_dynamodb_${k}" => v if var.enable_dynamodb
+    },
+    { for k, v in {
+      iam_role_arn    = module.s3.iam_role_arn
+      namespace       = try(var.s3.namespace, local.s3_name)
+      service_account = local.s3_name
+      } : "ack_s3_${k}" => v if var.enable_s3
+    },
+    { for k, v in {
+      iam_role_arn    = module.rds.iam_role_arn
+      namespace       = try(var.rds.namespace, local.rds_name)
+      service_account = local.rds_name
+      } : "ack_rds_${k}" => v if var.enable_rds
+    },
+    { for k, v in {
+      iam_role_arn    = module.prometheusservice.iam_role_arn
+      namespace       = try(var.prometheusservice.namespace, local.prometheusservice_name)
+      service_account = local.prometheusservice_name
+      } : "ack_prometheusservice_${k}" => v if var.enable_prometheusservice
+    },
+    { for k, v in {
+      iam_role_arn    = module.emrcontainers.iam_role_arn
+      namespace       = try(var.emrcontainers.namespace, local.emrcontainers_name)
+      service_account = local.emrcontainers_name
+      } : "ack_emrcontainers_${k}" => v if var.enable_emrcontainers
+    },
+    { for k, v in {
+      iam_role_arn    = module.sfn.iam_role_arn
+      namespace       = try(var.sfn.namespace, local.sfn_name)
+      service_account = local.sfn_name
+      } : "ack_sfn_${k}" => v if var.enable_sfn
+    },
+    { for k, v in {
+      iam_role_arn    = module.eventbridge.iam_role_arn
+      namespace       = try(var.eventbridge.namespace, local.eventbridge_name)
+      service_account = local.eventbridge_name
+      } : "ack_eventbridge_${k}" => v if var.enable_eventbridge
+    }
+  )
+}
diff --git a/variables.tf b/variables.tf
@@ -28,11 +28,13 @@ variable "create_delay_dependencies" {
 variable "ecrpublic_username" {
   description = "User name decoded from the authorization token for accessing public ECR"
   type        = string
+  default     = ""
 }
 
 variable "ecrpublic_token" {
   description = "Password decoded from the authorization token for accessing public ECR"
   type        = string
+  default     = ""
 }
 
 variable "tags" {
@@ -168,3 +170,13 @@ variable "eventbridge" {
   type        = any
   default     = {}
 }
+
+################################################################################
+# GitOps Bridge
+################################################################################
+
+variable "create_kubernetes_resources" {
+  description = "Create Kubernetes resource with Helm or Kubernetes provider"
+  type        = bool
+  default     = true
+}