Skip to content

Latest commit

 

History

History
295 lines (257 loc) · 36.2 KB

README.md

File metadata and controls

295 lines (257 loc) · 36.2 KB

terraform-helm-charts

This repository contains Terraform managed Helm charts used by StreamNative Platform, contained within the modules directory. For more information on the Helm provider for Terraform, please refer to the official documentation.

Example Usage

The submodules in this repo can be used in a standalone fashion. However, the root module (contained in the root main.tf file) composes all of the submodules to be used in concert with each other, depending on your configuration needs.

Here is a simple example of how to use the root module in this repo for the common StreamNative Platform use case. It will install the Vault, Prometheus, Pulsar, and Function Mesh operators:

data "aws_eks_cluster" "cluster" {
  name = "my_eks_cluster_id"
}

data "aws_eks_cluster_auth" "cluster" {
  name = "my_eks_cluster_id"
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  insecure               = false
}

provider "helm" {
  kubernetes {
    config_path = "./my-eks-kube-config"
  }
}

module "sn_bootstrap" {
  source = "streamnative/charts/helm"

  enable_vault_operator         = true
  enable_function_mesh_operator = true
  enable_prometheus_operator    = true
  enable_pulsar_operator        = true
}

To apply the configuration above, simply run:

terraform init && terraform apply

Why are all the variable defaults null?

The submodules contained in this repo are typically composed in the root module, and as such many of the submodules variables get duplicated in the root module.

This introduces a problem where we don't want to duplicate default values in both places, i.e. managing a default value in the root module and in the submodule, as they are difficult to synchronize and have historically drifted away from each other.

In a perfect world, the approach we would like to take is:

  • Have the root module's variables that map to a submodule's variables default to null
  • Have the submodule's variables default to their expected value

However, when we do this, the root module overrides the submodule's default value with null, rather than respect it and treat null as an omission. This, unfortunately, is expected](hashicorp/terraform#24142 (comment)) behavior](hashicorp/terraform#24142 (comment)) in Terraform, where null is actually a valid value in some module configurations (instead of being "the absence of a value", like we want it to be and also like the Terraform documentation states).

To work around this, we set the default values in both the root module and submodules to null, then use a locals() configuration in the submodule to manage the expected default values. To illustrate, here is a simple example:

Submodule: streamnative/terraform-helm-charts/modules/submodule_a/main.tf

variable "input_1" {
  default = null
  type    = string
}

locals (
  input_1 = var.input_1 != null ? : var.input_1 : "my_default_value" // This is where we set the default value
)

output "submodule_a" {
  value = local.input_1
}

Root module: streamnative/terraform-helm-charts/main.tf

variable "submodule_a_input_1" {
  default = null
}

module "submodule_a" {
  source = "./modules/submodule_a"

  input_1 = var.submodule_a_input_1
}

And in a module composition, we could override the default value:

module "terraform-helm-charts" {
  source = "streamnative/terraform-helm-charts"

  submodule_a_input = "my_custom_value" 
}

While this pattern has some limitations, it is a sufficient workaround for our (opinionated) needs in these modules.

Requirements

Name Version
terraform >=1.0.0
helm 2.2.0
kubernetes >=2.6.1

Providers

No providers.

Modules

Name Source Version
cloud-manager-agent ./modules/cloud-manager-agent n/a
function_mesh_operator ./modules/function-mesh-operator n/a
istio_operator ./modules/istio-operator n/a
olm ./modules/operator-lifecycle-manager n/a
olm_subscriptions ./modules/olm-subscriptions n/a
otel_collector ./modules/otel-collector n/a
prometheus_operator ./modules/prometheus-operator n/a
pulsar_operator ./modules/pulsar-operator n/a
vault_operator ./modules/vault-operator n/a
vector_agent ./modules/vector-agent n/a
vmagent ./modules/victoria-metrics-agent n/a

Resources

No resources.

Inputs

Name Description Type Default Required
cma_environment Whether this is for a test, staging, or production environment. string "production" no
cma_namespace The namespace used by cloud-manager-agent and its resources string "sn-system" no
cma_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
cma_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") any null no
create_function_mesh_operator_namespace Create a namespace for the deployment. bool false no
create_istio_operator_namespace Create a namespace for the deployment. Defaults to "true". bool true no
create_istio_system_namespace Create a namespace where istio components will be installed. bool false no
create_kiali_cr Create a Kiali CR for the Kiali deployment. bool null no
create_kiali_operator_namespace Create a namespace for the deployment. bool true no
create_olm_install_namespace Create a namespace for the deployment. Defaults to "true". bool false no
create_olm_namespace Whether or not to create the namespace used for OLM and its resources. Defaults to "true". bool true no
create_otel_collector_namespace Wether or not to create the namespace used for the Otel Collector. bool null no
create_prometheus_operator_namespace Create a namespace for the deployment. bool null no
create_pulsar_operator_namespace Create a namespace for the deployment. bool false no
create_vault_operator_namespace Create a namespace for the deployment. bool false no
create_vector_agent_namespace Create a namespace for the deployment. bool false no
create_vmagent_namespace Create a namespace for the deployment. bool false no
enable_cma Enables Cloud Manager Agent. Disabled by default. bool false no
enable_function_mesh_operator Enables the StreamNative Function Mesh Operator. Set to "true" by default, but disabled if OLM is enabled. bool true no
enable_istio_operator Enables the Istio Operator. Set to "false" by default. bool false no
enable_kiali_operator Enables the Kiali Operator. Set to "false" by default. bool false no
enable_olm Enables Operator Lifecycle Manager (OLM), and disables installing operators via Helm. OLM is disabled by default. Set to "true" to have OLM manage the operators. bool false no
enable_otel_collector Enables Open Telemetry. Set to "false" by default. bool false no
enable_prometheus_operator Enables the Prometheus Operator and other components via kube-stack-prometheus. Set to "true" by default. bool true no
enable_pulsar_operator Enables the Pulsar Operator on the EKS cluster. Enabled by default, but disabled if var.disable_olm is set to true bool true no
enable_vault_operator Enables Hashicorp Vault on the EKS cluster. bool true no
enable_vector_agent Enables the Vector Agent on the EKS cluster. Enabled by default, but must be passed a configuration in order to function bool false no
enable_vmagent Enables the Victoria Metrics stack on the EKS cluster. Disabled by default bool false no
function_mesh_operator_chart_name The name of the Helm chart to install string null no
function_mesh_operator_chart_repository The repository containing the Helm chart to install string null no
function_mesh_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
function_mesh_operator_namespace The namespace used for the operator deployment string "sn-system" no
function_mesh_operator_release_name The name of the helm release string null no
function_mesh_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
function_mesh_operator_timeout Time in seconds to wait for any individual kubernetes operation number null no
function_mesh_operator_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
install_prometheus_cluster_role Installs the well-known Prometheus server ClusterRole resource on the cluster. bool null no
istio_cluster_name The name of the kubernetes cluster where Istio is being configured. This is required when "enable_istio_operator" is set to "true". string null no
istio_mesh_id The ID used by the Istio mesh. This is also the ID of the StreamNative Cloud Pool used for the workload environments. This is required when "enable_istio_operator" is set to "true". string null no
istio_network The name of network used for the Istio deployment. string null no
istio_operator_chart_name The name of the Helm chart to install string null no
istio_operator_chart_repository The repository containing the Helm chart to install string null no
istio_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
istio_operator_namespace The namespace used for the Istio operator deployment string "istio-operator" no
istio_operator_release_name The name of the helm release string null no
istio_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
istio_operator_timeout Time in seconds to wait for any individual kubernetes operation number null no
istio_operator_values Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. any null no
istio_profile The path or name for an Istio profile to load. Set to the profile "default" if not specified. string null no
istio_revision_tag The revision tag value use for the Istio label "istio.io/rev". Defaults to "sn-stable". string null no
istio_system_namespace The namespace used for the Istio components. string "sn-system" no
istio_trust_domain The trust domain used for the Istio operator, which corresponds to the root of a system. This is required when "enable_istio_operator" is set to "true". string null no
kiali_namespace The namespace used for the Kiali operator. string "sn-system" no
kiali_operator_chart_name The name of the Helm chart to install string null no
kiali_operator_chart_repository The repository containing the Helm chart to install string null no
kiali_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
kiali_operator_namespace The namespace used for the Kiali operator deployment string "kiali-operator" no
kiali_operator_release_name The name of the Kiali release string null no
kiali_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
kiali_operator_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
olm_enable_istio Apply Istio authorization policies for OLM operators. Defaults to "false". bool false no
olm_install_namespace The namespace used for installing the operators managed by OLM string "sn-system" no
olm_istio_system_namespace The namespace for Istio authorization policies. Set to the Istio root namespace for cluster-wide policies. string "istio-system" no
olm_namespace The namespace used by OLM and its resources string "olm" no
olm_registry The registry containing StreamNative's operator catalog images string null no
olm_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
olm_subscription_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
olm_subscription_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
olm_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
otel_collector_chart_name The name of the helm chart to install. string null no
otel_collector_chart_repository The repository containing the helm chart to install. string null no
otel_collector_chart_version The version of the helm chart to install. string null no
otel_collector_image_version The version of the OpenTelemetry Collector image to use. string null no
otel_collector_namespace The namespace used for the Otel Collector. string "sn-system" no
otel_collector_release_name The name of the Helm release. string null no
otel_collector_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
otel_collector_timeout Time in seconds to wait for any individual kubernetes operation number null no
otel_collector_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
prometheus_operator_chart_name The name of the Helm chart to install string null no
prometheus_operator_chart_repository The repository containing the Helm chart to install string null no
prometheus_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
prometheus_operator_namespace The namespace used for the operator deployment string "sn-system" no
prometheus_operator_release_name The name of the helm release string null no
prometheus_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
prometheus_operator_timeout Time in seconds to wait for any individual kubernetes operation number null no
prometheus_operator_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
pulsar_operator_chart_name The name of the Helm chart to install string null no
pulsar_operator_chart_repository The repository containing the Helm chart to install string null no
pulsar_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
pulsar_operator_namespace The namespace used for the operator deployment string "sn-system" no
pulsar_operator_release_name The name of the helm release string null no
pulsar_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
pulsar_operator_timeout Time in seconds to wait for any individual kubernetes operation number null no
pulsar_operator_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
service_domain The DNS domain for external service endpoints. This must be set when enabling Istio or else the deployment will fail. string null no
vault_operator_chart_name The name of the Helm chart to install string null no
vault_operator_chart_repository The repository containing the Helm chart to install string null no
vault_operator_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
vault_operator_namespace The namespace used for the operator deployment string "sn-system" no
vault_operator_release_name The name of the helm release string null no
vault_operator_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
vault_operator_timeout Time in seconds to wait for any individual kubernetes operation number null no
vault_operator_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml"). any null no
vector_agent_chart_name The name of the Helm chart to install string null no
vector_agent_chart_repository The repository containing the Helm chart to install. See https://github.com/timberio/vector/tree/master/distribution/helm/vector-agent for available configuration options string null no
vector_agent_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
vector_agent_namespace The namespace used for the operator deployment. string "sn-system" no
vector_agent_release_name The name of the helm release string null no
vector_agent_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
vector_agent_timeout Time in seconds to wait for any individual kubernetes operation number null no
vector_agent_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") any null no
vector_sink_endpoint The endpoint to which Vector will send logs. string null no
vector_sink_name The name of the vector sink. string null no
vector_sink_oauth_audience The OAuth audience for the sink authorization config. string null no
vector_sink_oauth_credentials_url A base64 encoded string containing the OAuth credentials URL for the sink authorization config. string null no
vector_sink_oauth_issuer_url The OAuth issuer URL for the sink authorization config. string null no
vector_sink_topic The topic for the sink to which Vector will send logs. string null no
vmagent_basicauth_enabled Enable basic auth for remote write endpoint. Requires providing a username and base64 encoded password. bool null no
vmagent_basicauth_password If basic auth is enabled, provide the base64 encoded password to use for the VMAgent client connection string null no
vmagent_basicauth_username If basic auth is enabled, provate the username for the VMAgent client string null no
vmagent_chart_name The name of the Helm chart to install string null no
vmagent_chart_repository The repository containing the Helm chart to install. string null no
vmagent_chart_version The version of the Helm chart to install. Set to the submodule default. string null no
vmagent_gsa_audience If using GSA for auth to send metrics, the audience to use for token generation string null no
vmagent_gtoken_image The image URL to use for the gtoken container string null no
vmagent_gtoken_image_version The image version to use for the gtoken container string null no
vmagent_namespace The namespace used for the operator deployment. string "sn-system" no
vmagent_oauth2_client_id If OAuth2 is enabled, provide the client id for the VMAgent client string null no
vmagent_oauth2_client_secret If OAuth2 is enabled, provide a base64 encoded secret to use for the VMAgent client connection. string null no
vmagent_oauth2_enabled Enable OAuth2 authentication for remote write endpoint. Requires providing a client id and secret. bool null no
vmagent_oauth2_token_url If OAuth2 is enabled, provide the token url to use for the VMAgent client connection string null no
vmagent_pods_scrape_namespaces A list of additional namespaces to scrape pod metrics. Defaults to "sn-system". list(string) null no
vmagent_release_name The name of the helm release string null no
vmagent_remote_write_urls A list of URL(s) for the remote write endpoint(s). list(string) null no
vmagent_settings Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. map(any) null no
vmagent_timeout Time in seconds to wait for any individual kubernetes operation number null no
vmagent_values A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") any null no

Outputs

No outputs.