Skip to content

Commit

Permalink
Feature gate "SubnetsClusterTagCheck" to disable subnet cluster tag c…
Browse files Browse the repository at this point in the history
…heck (#3)
  • Loading branch information
franklinpashok authored Sep 29, 2022
1 parent 5e55d58 commit 148a434
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 51 deletions.
32 changes: 13 additions & 19 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,37 +4,34 @@ This module deploys
[AWS LoadBalancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller)
to a Kubernetes Cluster.

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.28 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2 |
| <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.2 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.28 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2 |
| <a name="provider_http"></a> [http](#provider\_http) | >= 2.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.2 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_iam_assumable_role_admin"></a> [iam\_assumable\_role\_admin](#module\_iam\_assumable\_role\_admin) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 4.0 |
| <a name="module_lb_controller_role"></a> [lb\_controller\_role](#module\_lb\_controller\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 4.21.1 |

## Resources

| Name | Type |
|------|------|
| [aws_iam_role_policy.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [helm_release.release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [http_http.iam_policy](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |

## Inputs

Expand All @@ -46,9 +43,9 @@ to a Kubernetes Cluster.
| <a name="input_chart_namespace"></a> [chart\_namespace](#input\_chart\_namespace) | Namespace to install the chart into | `string` | `"kube-system"` | no |
| <a name="input_chart_repository"></a> [chart\_repository](#input\_chart\_repository) | Helm repository for the chart | `string` | `"https://aws.github.io/eks-charts"` | no |
| <a name="input_chart_timeout"></a> [chart\_timeout](#input\_chart\_timeout) | Timeout to wait for the Chart to be deployed. | `number` | `300` | no |
| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of Chart to install. Set to empty to install the latest version | `string` | `"1.3.2"` | no |
| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of Chart to install. Set to empty to install the latest version | `string` | `"1.4.4"` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of Kubernetes Cluster | `string` | n/a | yes |
| <a name="input_cluster_oidc_issuer_url"></a> [cluster\_oidc\_issuer\_url](#input\_cluster\_oidc\_issuer\_url) | OIDC provider URL for EKS cluster | `string` | n/a | yes |
| <a name="input_cluster_tag_check"></a> [cluster\_tag\_check](#input\_cluster\_tag\_check) | Enable or disable subnet tag check | `bool` | `false` | no |
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tags to apply to all AWS resources managed by this controller | `map(string)` | `{}` | no |
| <a name="input_enable_cert_manager"></a> [enable\_cert\_manager](#input\_enable\_cert\_manager) | Enable cert-manager injection of webhook certficates | `bool` | `false` | no |
| <a name="input_enable_pod_readiness_gate_inject"></a> [enable\_pod\_readiness\_gate\_inject](#input\_enable\_pod\_readiness\_gate\_inject) | If enabled, targetHealth readiness gate will get injected to the pod spec for the matching endpoint pods (default true) | `bool` | `true` | no |
Expand All @@ -60,20 +57,16 @@ to a Kubernetes Cluster.
| <a name="input_extra_volumes"></a> [extra\_volumes](#input\_extra\_volumes) | Extra volumes | `list(any)` | `[]` | no |
| <a name="input_fullname_override"></a> [fullname\_override](#input\_fullname\_override) | Full name override for resources | `string` | `""` | no |
| <a name="input_host_network"></a> [host\_network](#input\_host\_network) | Use Host Network for pod | `bool` | `false` | no |
| <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description for IAM role for controller | `string` | `"Used by AWS Load Balancer Controller for EKS"` | no |
| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of IAM role for controller | `string` | `"aws-load-balancer-controller"` | no |
| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM Role path for controller | `string` | `""` | no |
| <a name="input_iam_role_permission_boundary"></a> [iam\_role\_permission\_boundary](#input\_iam\_role\_permission\_boundary) | Permission boundary ARN for IAM Role for controller | `string` | `""` | no |
| <a name="input_iam_role_policy"></a> [iam\_role\_policy](#input\_iam\_role\_policy) | Override the IAM policy for the controller | `string` | `""` | no |
| <a name="input_iam_role_tags"></a> [iam\_role\_tags](#input\_iam\_role\_tags) | Tags for IAM Role for controller | `map(string)` | `{}` | no |
| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name of IAM role for controller | `string` | `""` | no |
| <a name="input_image_repository"></a> [image\_repository](#input\_image\_repository) | Image repository on Dockerhub | `string` | `"amazon/aws-alb-ingress-controller"` | no |
| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Image tag | `string` | `"v2.3.0"` | no |
| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Image tag | `string` | `"v2.4.3"` | no |
| <a name="input_ingress_class"></a> [ingress\_class](#input\_ingress\_class) | The ingress class this controller will satisfy. If not specified, controller will match all ingresses without ingress class annotation and ingresses of type alb | `string` | `"alb"` | no |
| <a name="input_ingress_max_concurrent_reconciles"></a> [ingress\_max\_concurrent\_reconciles](#input\_ingress\_max\_concurrent\_reconciles) | Maximum number of concurrently running reconcile loops for ingress (default 3) | `number` | `3` | no |
| <a name="input_log_level"></a> [log\_level](#input\_log\_level) | Log level. Either `info` or `debug` | `string` | `"info"` | no |
| <a name="input_max_history"></a> [max\_history](#input\_max\_history) | Max History for Helm | `number` | `20` | no |
| <a name="input_metrics_bind_addr"></a> [metrics\_bind\_addr](#input\_metrics\_bind\_addr) | The address the metric endpoint binds to. (default ':8080') | `string` | `":8080"` | no |
| <a name="input_name_override"></a> [name\_override](#input\_name\_override) | Name override for resources | `string` | `""` | no |
| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | OIDC Provider ARN for IRSA | `string` | n/a | yes |
| <a name="input_pdb"></a> [pdb](#input\_pdb) | PDB for pod | `map(any)` | `{}` | no |
| <a name="input_pod_annotations"></a> [pod\_annotations](#input\_pod\_annotations) | Additional annotations on a pod | `map(string)` | `{}` | no |
| <a name="input_pod_labels"></a> [pod\_labels](#input\_pod\_labels) | Additional labels on a pod | `map(string)` | `{}` | no |
Expand Down Expand Up @@ -104,3 +97,4 @@ to a Kubernetes Cluster.
| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | Name of IAM role |
| <a name="output_iam_role_path"></a> [iam\_role\_path](#output\_iam\_role\_path) | Path of IAM role |
| <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Unique ID of IAM role |
<!-- END_TF_DOCS -->
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ locals {
enable_cert_manager = var.enable_cert_manager

cluster_name = var.cluster_name
cluster_tag_check = var.cluster_tag_check
ingress_class = var.ingress_class
region = var.region
vpc_id = var.vpc_id
Expand Down
2 changes: 2 additions & 0 deletions templates/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ fullnameOverride: "${fullname_override}"
# The name of the Kubernetes cluster. A non-empty value is required
clusterName: ${cluster_name}

SubnetsClusterTagCheck: ${cluster_tag_check}

serviceAccount:
# Specifies whether a service account should be created
create: true
Expand Down
40 changes: 8 additions & 32 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ variable "chart_repository" {
variable "chart_version" {
description = "Version of Chart to install. Set to empty to install the latest version"
type = string
default = "1.3.2"
default = "1.4.4"
}

variable "chart_namespace" {
Expand Down Expand Up @@ -64,7 +64,7 @@ variable "prefer_ecr_repositories" {
variable "image_tag" {
description = "Image tag"
type = string
default = "v2.3.0"
default = "v2.4.3"
}

variable "name_override" {
Expand Down Expand Up @@ -204,6 +204,12 @@ variable "cluster_name" {
type = string
}

variable "cluster_tag_check" {
description = "Enable or disable subnet tag check"
type = bool
default = false
}

variable "ingress_class" {
description = "The ingress class this controller will satisfy. If not specified, controller will match all ingresses without ingress class annotation and ingresses of type alb"
type = string
Expand Down Expand Up @@ -319,33 +325,3 @@ variable "iam_role_name" {
type = string
default = ""
}

variable "iam_role_description" {
description = "Description for IAM role for controller"
type = string
default = "Used by AWS Load Balancer Controller for EKS"
}

variable "iam_role_path" {
description = "IAM Role path for controller"
type = string
default = ""
}

variable "iam_role_permission_boundary" {
description = "Permission boundary ARN for IAM Role for controller"
type = string
default = ""
}

variable "iam_role_tags" {
description = "Tags for IAM Role for controller"
type = map(string)
default = {}
}

variable "iam_role_policy" {
description = "Override the IAM policy for the controller"
type = string
default = ""
}

0 comments on commit 148a434

Please sign in to comment.