clouddrove · anmolnagpal · Oct 6, 2023 · Oct 4, 2023 · Oct 5, 2023 · Oct 5, 2023
@@ -67,7 +67,7 @@ jobs:
       - name: Generate TF Docs
         uses: terraform-docs/[email protected]
         with:
-          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda
+          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/reloader
           git-push: true
           template: |-
             <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

@@ -0,0 +1,58 @@
+reloader:
+  autoReloadAll: false
+  isArgoRollouts: false
+  isOpenshift: false
+  ignoreSecrets: false
+  ignoreConfigMaps: false
+  reloadOnCreate: false
+  syncAfterRestart: false
+  reloadStrategy: default # Set to default, env-vars or annotations
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
+  namespaceSelector: "" # Comma separated list of k8s label selectors for namespaces selection
+  resourceLabelSelector: "" # Comma separated list of k8s label selectors for configmap/secret selection
+  logFormat: "" #json
+  watchGlobally: true
+  # Set to true to enable leadership election allowing you to run multiple replicas
+  enableHA: false
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
+  matchLabels: {}
+  deployment:
+    # If you wish to run multiple replicas set reloader.enableHA = true
+    replicas: 1
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
+    containerSecurityContext: {}
+
+    tolerations: []
+
+    topologySpreadConstraints: []
+
+    annotations: {}
+    labels:
+      provider: stakater
+      group: com.stakater.platform
+      version: v1.0.41
+    image:
+      name: ghcr.io/stakater/reloader
+      tag: v1.0.41
+      pullPolicy: IfNotPresent
+
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+  annotations:
+    # configmap.reloader.stakater.com/reload: "test-configmap"
+    # secret.reloader.stakater.com/reload: "test-secret"
+    reloader.stakater.com/auto: "true"
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        ports:
+        - containerPort: 80
+        env:
+        - name: TEST_ENV
+          valueFrom:
+            configMapKeyRef:
+              name: test-configmap
+              key: test_env
+        - name: TEST_PASS
+          valueFrom:
+            secretKeyRef:
+              name: test-secret
+              key: pass
@@ -174,6 +174,7 @@ module "addons" {
   velero                       = true
   keda                         = true
   certification_manager        = true
+  reloader                     = true
 
   # -- Addons with mandatory variable
   istio_ingress    = true
@@ -184,4 +185,4 @@ module "addons" {
 
   # -- Extra helm_release attributes
   velero_extra_configs = var.velero_extra_configs
-}
+}
@@ -0,0 +1,58 @@
+reloader:
+  autoReloadAll: false
+  isArgoRollouts: false
+  isOpenshift: false
+  ignoreSecrets: false
+  ignoreConfigMaps: false
+  reloadOnCreate: false
+  syncAfterRestart: false
+  reloadStrategy: default # Set to default, env-vars or annotations
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
+  namespaceSelector: "" # Comma separated list of k8s label selectors for namespaces selection
+  resourceLabelSelector: "" # Comma separated list of k8s label selectors for configmap/secret selection
+  logFormat: "" #json
+  watchGlobally: true
+  # Set to true to enable leadership election allowing you to run multiple replicas
+  enableHA: false
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
+  matchLabels: {}
+  deployment:
+    # If you wish to run multiple replicas set reloader.enableHA = true
+    replicas: 1
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
+    containerSecurityContext: {}
+
+    tolerations: []
+
+    topologySpreadConstraints: []
+
+    annotations: {}
+    labels:
+      provider: stakater
+      group: com.stakater.platform
+      version: v1.0.41
+    image:
+      name: ghcr.io/stakater/reloader
+      tag: v1.0.41
+      pullPolicy: IfNotPresent
+
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+  annotations:
+    # configmap.reloader.stakater.com/reload: "test-configmap"
+    # secret.reloader.stakater.com/reload: "test-secret"
+    reloader.stakater.com/auto: "true"
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        ports:
+        - containerPort: 80
+        env:
+        - name: TEST_ENV
+          valueFrom:
+            configMapKeyRef:
+              name: test-configmap
+              key: test_env
+        - name: TEST_PASS
+          valueFrom:
+            secretKeyRef:
+              name: test-secret
+              key: pass
@@ -197,6 +197,7 @@ module "addons" {
   kube_state_metrics_helm_config           = { values = [file("./config/override-kube-state-matrics.yaml")] }
   keda_helm_config                         = { values = [file("./config/keda/override-keda.yaml")] }
   certification_manager_helm_config        = { values = [file("./config/override-certification-manager.yaml")] }
+  reloader_helm_config                     = { values = [file("./config/reloader/override-reloader.yaml")] }
 
   # -- Override Helm Release attributes
   metrics_server_extra_configs               = var.metrics_server_extra_configs
@@ -238,6 +239,7 @@ module "addons" {
     })
     secret_manager_name = "external_secrets_addon"
   }
+  reloader_extra_configs = var.reloader_extra_configs
 
   # -- Custom IAM Policy Json for Addon's ServiceAccount
   cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json")

@@ -168,4 +168,10 @@ variable "kiali_manifests" {
 variable "kiali_server_extra_configs" {
   type    = any
   default = {}
+}
+
+# ------------------ RELOADER --------------------------------------------------
+variable "reloader_extra_configs" {
+  type    = any
+  default = {}
 }
@@ -0,0 +1,71 @@
+# Reloader Helm Chart
+
+Reloader manages the following AWS resources
+- A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig 
+
+## Installation
+Below terraform script shows how to use Reloader Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf).
+```bash
+module "addons" {
+  source  = "clouddrove/eks-addons/aws"
+  version = "0.0.1"
+
+  depends_on       = [module.eks.cluster_id]
+  eks_cluster_name = module.eks.cluster_name
+
+  reloader = true
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | n/a | `string` | `""` | no |
+| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
+| <a name="input_reloader_extra_configs"></a> [reloader\_extra\_configs](#input\_aws\_load\_balancer\_controller\_extra\_configs) | Override attributes of helm\_release terraform resource | `any` | `{}` | no |
+| <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | n/a | `string` | `""` | no |
+| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Reloader | `any` | `{}` | no |
+| <a name="input_iampolicy_json_content"></a> [iampolicy\_json\_content](#input\_iampolicy\_json\_content) | Custom IAM Policy for Reloader IRSA | `string` | `null` | no |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_chart_version"></a> [chart\_version](#output\_chart\_version) | n/a |
+| <a name="output_iam_policy"></a> [iam\_policy](#output\_iam\_policy) | n/a |
+| <a name="output_namespace"></a> [namespace](#output\_namespace) | n/a |
+| <a name="output_repository"></a> [repository](#output\_repository) | n/a |
+| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->