forked from aws-ia/terraform-aws-eks-blueprints
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Localize partner addons to remove cyclical/dynamic link pointed …
…at `main` (aws-ia#1634)
- Loading branch information
1 parent
80bd3b9
commit 8a06a6e
Showing
19 changed files
with
366 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,7 @@ on: | |
pull_request_target: | ||
branches: | ||
- main | ||
- v4 | ||
workflow_dispatch: | ||
|
||
concurrency: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ on: | |
pull_request: | ||
branches: | ||
- main | ||
- v4 | ||
paths: | ||
- '**.tf' | ||
- '**.yml' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Portworx add-on for EKS Blueprints | ||
|
||
Local copy of https://github.com/portworx/terraform-eksblueprints-portworx-addon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
resource "random_string" "id" { | ||
length = 4 | ||
special = false | ||
upper = false | ||
} | ||
|
||
locals { | ||
name = "portworx-${random_string.id.result}" | ||
namespace = "kube-system" | ||
service_account_name = "${local.name}-sa-${random_string.id.result}" | ||
|
||
aws_marketplace_config = try(var.helm_config["set"][index(var.helm_config.set[*].name, "aws.marketplace")], null) | ||
use_aws_marketplace = local.aws_marketplace_config != null ? local.aws_marketplace_config["value"] : false | ||
|
||
default_helm_config = { | ||
name = local.name | ||
description = "A Helm chart for portworx" | ||
chart = "portworx" | ||
repository = "https://raw.githubusercontent.com/portworx/eks-blueprint-helm/main/repo/stable" | ||
version = "2.11.0" | ||
namespace = local.namespace | ||
values = local.default_helm_values | ||
} | ||
|
||
helm_config = merge( | ||
local.default_helm_config, | ||
var.helm_config | ||
) | ||
|
||
irsa_iam_policies_list = local.use_aws_marketplace != false ? [aws_iam_policy.portworx_eksblueprint_metering[0].arn] : [] | ||
|
||
irsa_config = { | ||
create_kubernetes_namespace = false | ||
kubernetes_namespace = local.namespace | ||
create_kubernetes_service_account = true | ||
kubernetes_service_account = local.service_account_name | ||
irsa_iam_policies = local.irsa_iam_policies_list | ||
} | ||
|
||
default_helm_values = [templatefile("${path.module}/values.yaml", { | ||
imageVersion = "2.11.0" | ||
clusterName = local.name | ||
drives = "type=gp2,size=200" | ||
useInternalKVDB = true | ||
kvdbDevice = "type=gp2,size=150" | ||
envVars = "" | ||
maxStorageNodesPerZone = 3 | ||
useOpenshiftInstall = false | ||
etcdEndPoint = "" | ||
dataInterface = "" | ||
managementInterface = "" | ||
useStork = true | ||
storkVersion = "2.11.0" | ||
customRegistryURL = "" | ||
registrySecret = "" | ||
licenseSecret = "" | ||
monitoring = false | ||
enableCSI = false | ||
enableAutopilot = false | ||
KVDBauthSecretName = "" | ||
eksServiceAccount = local.service_account_name | ||
awsAccessKeyId = "" | ||
awsSecretAccessKey = "" | ||
deleteType = "UninstallAndWipe" | ||
} | ||
)] | ||
} | ||
|
||
resource "aws_iam_policy" "portworx_eksblueprint_metering" { | ||
count = try(local.use_aws_marketplace, false) ? 1 : 0 | ||
name = "portworx_eksblueprint_metering-${random_string.id.result}" | ||
|
||
policy = jsonencode({ | ||
Version = "2012-10-17" | ||
Statement = [ | ||
{ | ||
Action = [ | ||
"aws-marketplace:MeterUsage", | ||
"aws-marketplace:RegisterUsage" | ||
], | ||
Effect = "Allow", | ||
Resource = "*" | ||
}, | ||
] | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
module "helm_addon" { | ||
source = "../helm-addon" | ||
|
||
addon_context = var.addon_context | ||
helm_config = local.helm_config | ||
irsa_config = local.irsa_config | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
# Please uncomment and specify values for these options as per your requirements. | ||
|
||
deployOperator: true # Deploy the Portworx operator | ||
deployCluster: true # Deploy the Portworx cluster | ||
|
||
imageVersion: ${imageVersion} # Version of the PX Image. | ||
pxOperatorImageVersion: 1.9.0 # Version of the PX operator image. | ||
|
||
openshiftInstall: ${useOpenshiftInstall} # Defaults to false for installing Portworx on Openshift . | ||
isTargetOSCoreOS: false # Is your target OS CoreOS? Defaults to false. | ||
pksInstall: false # installation on PKS (Pivotal Container Service) | ||
EKSInstall: true # installation on EKS. | ||
AKSInstall: false # installation on AKS | ||
etcdEndPoint: ${etcdEndPoint} # The ETCD endpoint. Should be in the format etcd:http://<your-etcd-endpoint>:2379. If there are multiple etcd endpoints they need to be ";" seperated. | ||
# the default value is empty since it requires to be explicity set using either the --set option of -f values.yaml. | ||
clusterName: ${clusterName} # This is the default. please change it to your cluster name. | ||
usefileSystemDrive: false # true/false Instructs PX to use an unmounted Drive even if it has a filesystem. | ||
usedrivesAndPartitions: false # Defaults to false. Change to true and PX will use unmounted drives and partitions. | ||
drives: ${drives} # NOTE: This is a ";" seperated list of drives. For eg: "/dev/sda;/dev/sdb;/dev/sdc" or | ||
# "type=gp2,size=200;type=gp3,size=500". Defaults to use -A switch. | ||
journalDevice: | ||
maxStorageNodesPerZone: ${maxStorageNodesPerZone} # The maximum number of storage nodes desired per zone, in case of cloud drive provisioning | ||
|
||
secretType: k8s # Defaults to k8s, but can be kvdb/k8s/aws-kms/vault/ibm-kp. It is autopopulated to ibm-kp | ||
# if the environment is IKS. | ||
|
||
dataInterface: ${dataInterface} # Name of the interface <ethX> | ||
managementInterface: none # Name of the interface <ethX> | ||
serviceType: none # Kubernetes service type for services deployed by the Operator. Direct Values like | ||
# 'LoadBalancer', 'NodePort' will change all services. To change the types of specific | ||
# services, value can be specified as 'portworx-service:LoadBalancer;portworx-api:ClusterIP' | ||
|
||
envVars: ${envVars} # DEPRECATED: Use envs section to set env variables | ||
# NOTE: This is a ";" seperated list of environment variables. | ||
# For eg: MYENV1=myvalue1;MYENV2=myvalue2 | ||
|
||
envs: # Add environment variables to the Portworx container in all Kubernetes supported formats | ||
# - name: AWS_CA_BUNDLE | ||
# value: "/etc/pwx/objectstore-cert/objectstore.pem" | ||
# - name: AWS_ACCESS_KEY_ID | ||
# valueFrom: | ||
# secretKeyRef: | ||
# name: aws-creds | ||
# key: access-key | ||
|
||
miscArgs: none # Miscellaneous arguments that will be passed to portworx verbatim. Only use this if there is | ||
# no equivalent way to specify these options directly via a StorageCluster spec field. | ||
|
||
disableStorageClass: false # Instructs Operator to not install the default Portworx StorageClasses. | ||
|
||
stork: ${useStork} # Use Stork https://docs.portworx.com/scheduler/kubernetes/stork.html for hyperconvergence. | ||
storkVersion: ${storkVersion} # Optional: version of Stork. For eg: 2.7.0, when it's empty Portworx operator will pick up | ||
# version according to Portworx version. | ||
|
||
storkSpec: # Optional Stork configurations | ||
args: # Pass arguments to Stork container. Example: verbose='true';webhook-controller='false' | ||
volumes: # Add volumes to Stork container. Refer the top level volumes for schema. | ||
|
||
customRegistryURL: ${customRegistryURL} #Url wherre to pull Portworx image from | ||
registrySecret: ${registrySecret} #Image registery credentials to pull Portworx Images from a secure registry | ||
licenseSecret: ${licenseSecret} #Kubernetes secret name that has Portworx licensing information | ||
|
||
monitoring: ${monitoring} | ||
|
||
deployOnMaster: false # For POC only | ||
csi: ${enableCSI} # Enable CSI | ||
aut: ${enableAutopilot} # Enable AutoPilot | ||
|
||
|
||
internalKVDB: ${useInternalKVDB} # internal KVDB | ||
kvdbDevice: ${kvdbDevice} # specify a separate device to store KVDB data, only used when internalKVDB is set to true | ||
|
||
etcd: # DEPRECATED: Use kvdb.authSecretName for configuring secure etcd | ||
credentials: none:none # Username and password for ETCD authentication in the form user:password | ||
certPath: none # Base path where the certificates are placed. (example: if the certificates ca,crt and the key are in /etc/pwx/etcdcerts the value should be provided as /etc/pwx/etcdcerts) | ||
ca: none # Location of CA file for ETCD authentication. Should be /path/to/server.ca | ||
cert: none # Location of certificate for ETCD authentication. Should be /path/to/server.crt | ||
key: none # Location of certificate key for ETCD authentication Should be /path/to/servery.key | ||
|
||
consul: # DEPRECATED: Use kvdb.authSecretName for configuring secure consul | ||
token: none # ACL token value used for Consul authentication. (example: 398073a8-5091-4d9c-871a-bbbeb030d1f6) | ||
|
||
kvdb: | ||
authSecretName: ${KVDBauthSecretName} # Refer https://docs.portworx.com/reference/etcd/#securing-with-certificates-in-kubernetes to | ||
# create a kvdb secret and specify the name of the secret here | ||
|
||
volumes: # Add volumes to Portworx container. Supported volume types: Host, Secret, ConfigMap | ||
# - name: objectstore-cert | ||
# mountPath: /etc/pwx/objectstore-cert | ||
# secret: | ||
# secretName: objectstore-cert | ||
# items: | ||
# - key: objectstore.pem | ||
# path: objectstore.pem | ||
|
||
tolerations: # Add tolerations | ||
# - key: "key" | ||
# operator: "Equal|Exists" | ||
# value: "value" | ||
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" | ||
|
||
serviceAccount: | ||
hook: | ||
create: true | ||
name: | ||
|
||
aws: | ||
marketplace: | ||
eksServiceAccount: ${eksServiceAccount} | ||
accessKeyId: ${awsAccessKeyId} | ||
secretAccessKey: ${awsSecretAccessKey} | ||
|
||
deleteType: ${deleteType} | ||
|
||
clusterToken: | ||
create: true # Create cluster token | ||
secretName: px-vol-encryption # Name of kubernetes secret to be created. Requires clusterToken.create to be true. | ||
serviceAccountName: px-create-cluster-token # Service account name to use for post-install hook to create cluster token | ||
|
||
#requirePxEnabledTag: true # if set to true, portworx will only install on nodes with px/enabled: true label. Not required in most scenarios. | ||
|
||
deleteStrategy: # Optional: Delete strategy for the portworx cluster | ||
type: # Valid values: Uninstall, UninstallAndWipe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
variable "helm_config" { | ||
description = "Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs" | ||
type = any | ||
default = {} | ||
} | ||
|
||
variable "addon_context" { | ||
description = "Input configuration for the addon" | ||
type = any | ||
default = {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
terraform { | ||
required_version = ">= 1.0" | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = ">= 4.67" | ||
} | ||
kubernetes = { | ||
source = "hashicorp/kubernetes" | ||
version = ">= 2.10" | ||
} | ||
random = { | ||
source = "hashicorp/random" | ||
version = ">= 3.0" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Sysdig Addon for EKS Blueprints | ||
|
||
Locally copy of https://github.com/sysdiglabs/terraform-eksblueprints-sysdig-addon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
locals { | ||
name = "sysdig" | ||
namespace = "sysdig" | ||
|
||
set_values = [] | ||
|
||
default_helm_config = { | ||
name = local.name | ||
chart = "sysdig-deploy" | ||
repository = "https://charts.sysdig.com" | ||
version = "1.5.71" | ||
namespace = local.namespace | ||
create_namespace = true | ||
values = local.default_helm_values | ||
set = [] | ||
description = "Sysdig HelmChart Sysdig-Deploy configuration" | ||
wait = false | ||
} | ||
|
||
helm_config = merge( | ||
local.default_helm_config, | ||
var.helm_config | ||
) | ||
|
||
default_helm_values = [templatefile("${path.module}/values-sysdig.yaml", {}, )] | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
module "helm_addon" { | ||
source = "../helm-addon" | ||
|
||
addon_context = var.addon_context | ||
set_values = local.set_values | ||
helm_config = local.helm_config | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "argocd_gitops_config" { | ||
description = "Configuration used for managing the add-on with ArgoCD" | ||
value = var.manage_via_gitops ? { enable = true } : null | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
global: | ||
kspm: | ||
deploy: true | ||
agent: | ||
sysdig: | ||
settings: | ||
collector_port: 6443 | ||
nodeAnalyzer: | ||
nodeAnalyzer: | ||
benchmarkRunner: | ||
deploy: false | ||
runtimeScanner: | ||
settings: | ||
eveEnabled: true | ||
secure: | ||
vulnerabilityManagement: | ||
newEngineOnly: true |
Oops, something went wrong.