forked from aws-ia/terraform-aws-eks-blueprints
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add calico to Kubernetes addon (aws-ia#885)
Co-authored-by: Bryant Biggs <[email protected]>
- Loading branch information
Showing
13 changed files
with
184 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Calico | ||
|
||
Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads | ||
Calico provides two major services for Cloud Native applications: network connectivity between workloads and network security policy enforcement between workloads. | ||
[Calico](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm#download-the-helm-chart) docs chart bootstraps Calico infrastructure on a Kubernetes cluster using the Helm package manager. | ||
|
||
For complete project documentation, please visit the [Calico documentation site](https://www.tigera.io/calico-documentation/). | ||
|
||
## Usage | ||
|
||
Calico can be deployed by enabling the add-on via the following. | ||
|
||
```hcl | ||
enable_calico = true | ||
``` | ||
|
||
Deploy Calico with custom `values.yaml` | ||
|
||
```hcl | ||
# Optional Map value; pass calico-values.yaml from consumer module | ||
calico_helm_config = { | ||
name = "calico" # (Required) Release name. | ||
repository = "https://docs.projectcalico.org/charts" # (Optional) Repository URL where to locate the requested chart. | ||
chart = "tigera-operator" # (Required) Chart name to be installed. | ||
version = "v3.24.1" # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/calico/locals.tf | ||
namespace = "tigera-operator" # (Optional) The namespace to install the release into. | ||
values = [templatefile("${path.module}/calico-values.yaml", {})] | ||
} | ||
``` | ||
|
||
### GitOps Configuration | ||
|
||
The following properties are made available for use when managing the add-on via GitOps. | ||
|
||
```sh | ||
calico = { | ||
enable = true | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Calico Helm Chart | ||
Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads. | ||
|
||
For more details checkout [calico](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm#download-the-helm-chart) docs | ||
|
||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 | | ||
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 | | ||
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 | | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br> aws_caller_identity_account_id = string<br> aws_caller_identity_arn = string<br> aws_eks_cluster_endpoint = string<br> aws_partition_id = string<br> aws_region_name = string<br> eks_cluster_id = string<br> eks_oidc_issuer_url = string<br> eks_oidc_provider_arn = string<br> tags = map(string)<br> irsa_iam_role_path = string<br> irsa_iam_permissions_boundary = string<br> })</pre> | n/a | yes | | ||
| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for calico | `any` | `{}` | no | | ||
| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD | | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
locals { | ||
default_helm_config = { | ||
name = "calico" | ||
chart = "tigera-operator" | ||
repository = "https://docs.projectcalico.org/charts" | ||
version = "v3.24.1" | ||
namespace = "tigera-operator" | ||
values = local.default_helm_values | ||
create_namespace = true | ||
description = "calico helm Chart deployment configuration" | ||
} | ||
|
||
helm_config = merge( | ||
local.default_helm_config, | ||
var.helm_config | ||
) | ||
|
||
default_helm_values = [templatefile("${path.module}/values.yaml", {})] | ||
|
||
argocd_gitops_config = { | ||
enable = true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
module "helm_addon" { | ||
source = "../helm-addon" | ||
helm_config = local.helm_config | ||
manage_via_gitops = var.manage_via_gitops | ||
addon_context = var.addon_context | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "argocd_gitops_config" { | ||
description = "Configuration used for managing the add-on with ArgoCD" | ||
value = var.manage_via_gitops ? local.argocd_gitops_config : null | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
installation: | ||
kubernetesProvider: "EKS" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
variable "helm_config" { | ||
description = "Helm Config for calico" | ||
type = any | ||
default = {} | ||
} | ||
|
||
variable "manage_via_gitops" { | ||
description = "Determines if the add-on should be managed via GitOps." | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "addon_context" { | ||
description = "Input configuration for the addon" | ||
type = object({ | ||
aws_caller_identity_account_id = string | ||
aws_caller_identity_arn = string | ||
aws_eks_cluster_endpoint = string | ||
aws_partition_id = string | ||
aws_region_name = string | ||
eks_cluster_id = string | ||
eks_oidc_issuer_url = string | ||
eks_oidc_provider_arn = string | ||
tags = map(string) | ||
irsa_iam_role_path = string | ||
irsa_iam_permissions_boundary = string | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
terraform { | ||
required_version = ">= 1.0.0" | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = ">= 3.72" | ||
} | ||
kubernetes = { | ||
source = "hashicorp/kubernetes" | ||
version = ">= 2.10" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters