diff --git a/docs/extensibility.md b/docs/extensibility.md
index c205144846..ffe0e5acc4 100644
--- a/docs/extensibility.md
+++ b/docs/extensibility.md
@@ -64,36 +64,23 @@ data "aws_caller_identity" "current" {}
locals {
cni_metrics_name = "cni-metrics-helper"
+}
- default_helm_values = [templatefile("${path.module}/helm-values/cni-metrics-helper-values.yaml", {
- eks_cluster_id = var.eks_cluster_id,
- image = "602401143452.dkr.ecr.${var.region}.amazonaws.com/cni-metrics-helper:v1.10.3",
- sa-name = local.cni_metrics_name
- oidc_url = "oidc.eks.eu-west-1.amazonaws.com/id/E6CASOMETHING55B9D01F7"
- })]
-
- addon_context = {
- aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
- aws_caller_identity_arn = data.aws_caller_identity.current.arn
- aws_eks_cluster_endpoint = data.aws_eks_cluster.cluster.endpoint
- aws_partition_id = data.aws_partition.current.partition
- aws_region_name = var.region
- eks_cluster_id = var.eks_cluster_id
- eks_oidc_issuer_url = local.oidc_url
- eks_oidc_provider_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_url}"
- tags = {}
- }
+module "helm_addon" {
+ source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon"
helm_config = {
name = local.cni_metrics_name
description = "CNI Metrics Helper Helm Chart"
- timeout = "300"
chart = "${path.module}/local-helm-charts/cni-metrics-helper"
version = "0.1.7"
- repository = null
namespace = "kube-system"
- lint = false
- values = local.default_helm_values
+ values = [templatefile("${path.module}/helm-values/cni-metrics-helper-values.yaml", {
+ eks_cluster_id = var.eks_cluster_id,
+ image = "602401143452.dkr.ecr.${var.region}.amazonaws.com/cni-metrics-helper:v1.10.3",
+ sa-name = local.cni_metrics_name
+ oidc_url = "oidc.eks.eu-west-1.amazonaws.com/id/E6CASOMETHING55B9D01F7"
+ })]
}
irsa_config = {
@@ -103,13 +90,18 @@ locals {
create_kubernetes_service_account = true
irsa_iam_policies = [aws_iam_policy.cni_metrics.arn]
}
-}
-module "helm_addon" {
- source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon"
- helm_config = local.helm_config
- irsa_config = local.irsa_config
- addon_context = local.addon_context
+ addon_context = {
+ aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
+ aws_caller_identity_arn = data.aws_caller_identity.current.arn
+ aws_eks_cluster_endpoint = data.aws_eks_cluster.cluster.endpoint
+ aws_partition_id = data.aws_partition.current.partition
+ aws_region_name = var.region
+ eks_cluster_id = var.eks_cluster_id
+ eks_oidc_issuer_url = local.oidc_url
+ eks_oidc_provider_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_url}"
+ tags = {}
+ }
}
resource "aws_iam_policy" "cni_metrics" {
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/main.tf b/modules/kubernetes-addons/aws-for-fluentbit/main.tf
index d540177e4f..a6acfe2339 100644
--- a/modules/kubernetes-addons/aws-for-fluentbit/main.tf
+++ b/modules/kubernetes-addons/aws-for-fluentbit/main.tf
@@ -1,6 +1,8 @@
locals {
namespace = try(var.helm_config.namespace, "aws-for-fluent-bit")
service_account = try(var.helm_config.service_account, "aws-for-fluent-bit-sa")
+
+ log_group_name = coalesce(var.cw_log_group_name, "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs")
}
module "helm_addon" {
@@ -50,7 +52,7 @@ module "helm_addon" {
}
resource "aws_cloudwatch_log_group" "aws_for_fluent_bit" {
- name = coalesce(var.cw_log_group_name, "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs")
+ name = local.log_group_name
retention_in_days = var.cw_log_group_retention
kms_key_id = var.cw_log_group_kms_key_arn == null ? module.kms[0].key_arn : var.cw_log_group_kms_key_arn
tags = var.addon_context.tags
@@ -119,7 +121,7 @@ data "aws_iam_policy_document" "kms" {
condition {
test = "ArnEquals"
variable = "kms:EncryptionContext:aws:logs:arn"
- values = [aws_cloudwatch_log_group.aws_for_fluent_bit.arn]
+ values = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:${local.log_group_name}"]
}
principals {
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md b/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
index 8b5e6928a1..1c14007a8c 100644
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
+++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
@@ -10,7 +10,6 @@ For more details checkout [cluster-proportional-autoscaler](https://github.com/k
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 3.72 |
## Providers
@@ -36,7 +35,5 @@ No resources.
## Outputs
-| Name | Description |
-|------|-------------|
-| [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
+No outputs.
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/locals.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/locals.tf
deleted file mode 100644
index 2da06d5318..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/locals.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-locals {
- name = "cluster-proportional-autoscaler"
-
- default_helm_config = {
- name = local.name
- chart = local.name
- repository = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler"
- version = "1.0.0"
- namespace = "kube-system"
- timeout = "300"
- values = local.default_helm_values
- set = []
- description = "Cluster Proportional Autoscaler Helm Chart"
- }
-
- set_values = []
-
- helm_config = merge(
- local.default_helm_config,
- var.helm_config
- )
-
- default_helm_values = [templatefile("${path.module}/values.yaml", {
- operating_system = "linux"
- })]
-
- argocd_gitops_config = {
- enable = true
- }
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
index 95323d2cdd..3597bcbc97 100644
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
+++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
@@ -1,8 +1,21 @@
module "helm_addon" {
- source = "../helm-addon"
+ source = "../helm-addon"
+
manage_via_gitops = var.manage_via_gitops
- helm_config = local.helm_config
- set_values = local.set_values
- irsa_config = null
- addon_context = var.addon_context
+
+ helm_config = merge(
+ {
+ name = "cluster-proportional-autoscaler"
+ chart = "cluster-proportional-autoscaler"
+ repository = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler"
+ version = "1.0.0"
+ namespace = "kube-system"
+ values = [file("${path.module}/values.yaml")]
+ description = "Cluster Proportional Autoscaler Helm Chart"
+ },
+ var.helm_config
+ )
+
+ irsa_config = null
+ addon_context = var.addon_context
}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
index b30c86b380..e69de29bb2 100644
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
+++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
@@ -1,4 +0,0 @@
-output "argocd_gitops_config" {
- description = "Configuration used for managing the add-on with ArgoCD"
- value = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml b/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
index 2767ef4cc0..33f3f93573 100644
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
+++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
@@ -1,7 +1,3 @@
-# Formula for controlling the replicas. Adjust according to your needs
-# replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
-# replicas = min(replicas, max)
-# replicas = max(replicas, min)
config:
linear:
coresPerReplica: 256
@@ -11,21 +7,12 @@ config:
preventSinglePointFailure: true
includeUnschedulableNodes: true
-# Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).
-# The following option should be defined in user defined values.yaml using var.helm_config
-
-#options:
-# target:
-
podSecurityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
-nodeSelector:
- kubernetes.io/os: ${operating_system}
-
resources:
limits:
cpu: 100m
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
index f92f41b9e7..429c0b36d0 100644
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
+++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
@@ -1,10 +1,3 @@
terraform {
required_version = ">= 1.0.0"
-
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 3.72"
- }
- }
}
diff --git a/modules/kubernetes-addons/external-dns/main.tf b/modules/kubernetes-addons/external-dns/main.tf
index 4ac5727af5..7207ed238d 100644
--- a/modules/kubernetes-addons/external-dns/main.tf
+++ b/modules/kubernetes-addons/external-dns/main.tf
@@ -47,7 +47,7 @@ module "helm_addon" {
]
irsa_config = {
- create_kubernetes_namespace = try(local.helm_config.create_namespace, true)
+ create_kubernetes_namespace = try(var.helm_config.create_namespace, true)
kubernetes_namespace = local.namespace
create_kubernetes_service_account = true
diff --git a/modules/kubernetes-addons/fargate-fluentbit/main.tf b/modules/kubernetes-addons/fargate-fluentbit/main.tf
index 22708530f8..9352f0512f 100755
--- a/modules/kubernetes-addons/fargate-fluentbit/main.tf
+++ b/modules/kubernetes-addons/fargate-fluentbit/main.tf
@@ -1,5 +1,5 @@
locals {
- default_config = mereg({
+ config = merge({
output_conf = <<-EOF
[OUTPUT]
Name cloudwatch_logs
diff --git a/modules/kubernetes-addons/helm-addon/main.tf b/modules/kubernetes-addons/helm-addon/main.tf
index 021ce540e1..2d0f75fe4b 100644
--- a/modules/kubernetes-addons/helm-addon/main.tf
+++ b/modules/kubernetes-addons/helm-addon/main.tf
@@ -1,5 +1,6 @@
resource "helm_release" "addon" {
- count = var.manage_via_gitops ? 0 : 1
+ count = var.manage_via_gitops ? 0 : 1
+
name = var.helm_config["name"]
repository = try(var.helm_config["repository"], null)
chart = var.helm_config["chart"]
diff --git a/modules/kubernetes-addons/helm-addon/outputs.tf b/modules/kubernetes-addons/helm-addon/outputs.tf
index bb21c400d5..be1c88f62a 100644
--- a/modules/kubernetes-addons/helm-addon/outputs.tf
+++ b/modules/kubernetes-addons/helm-addon/outputs.tf
@@ -1,4 +1,4 @@
output "namespace" {
description = "Namespace where Helm chart resources are installed"
- value = helm_release.addon.metadata.0.namespace
+ value = helm_release.addon[0].metadata[0].namespace
}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/main.tf b/modules/kubernetes-addons/kubernetes-dashboard/main.tf
index 9f297c12f3..d96913fa14 100644
--- a/modules/kubernetes-addons/kubernetes-dashboard/main.tf
+++ b/modules/kubernetes-addons/kubernetes-dashboard/main.tf
@@ -3,7 +3,7 @@ module "helm_addon" {
manage_via_gitops = var.manage_via_gitops
- helm_config = mereg(
+ helm_config = merge(
{
name = "kubernetes-dashboard"
chart = "kubernetes-dashboard"
diff --git a/modules/kubernetes-addons/prometheus/README.md b/modules/kubernetes-addons/prometheus/README.md
index a49248a3a2..89b3fb6047 100644
--- a/modules/kubernetes-addons/prometheus/README.md
+++ b/modules/kubernetes-addons/prometheus/README.md
@@ -45,12 +45,14 @@ Repeat the above steps for other 4 images
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [aws](#requirement\_aws) | >= 3.72 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.10 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.72 |
+| [kubernetes](#provider\_kubernetes) | >= 2.10 |
## Modules
@@ -66,6 +68,7 @@ Repeat the above steps for other 4 images
|------|------|
| [aws_iam_policy.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [kubernetes_namespace_v1.prometheus](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [aws_iam_policy_document.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/modules/kubernetes-addons/prometheus/main.tf b/modules/kubernetes-addons/prometheus/main.tf
index 756c493746..0edfa5a326 100644
--- a/modules/kubernetes-addons/prometheus/main.tf
+++ b/modules/kubernetes-addons/prometheus/main.tf
@@ -1,4 +1,6 @@
locals {
+ namespace = kubernetes_namespace_v1.prometheus.metadata[0].name
+
workspace_url = var.amazon_prometheus_workspace_endpoint != null ? "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write" : ""
ingest_service_account = "amp-ingest"
ingest_iam_role_arn = var.enable_amazon_prometheus ? module.irsa_amp_ingest[0].irsa_iam_role_arn : ""
@@ -10,6 +12,12 @@ locals {
} : {}
}
+resource "kubernetes_namespace_v1" "prometheus" {
+ metadata {
+ name = try(var.helm_config.namespace, "prometheus")
+ }
+}
+
module "helm_addon" {
source = "../helm-addon"
@@ -17,13 +25,12 @@ module "helm_addon" {
helm_config = merge(
{
- name = "prometheus"
- chart = "prometheus"
- version = "15.10.1"
- repository = "https://prometheus-community.github.io/helm-charts"
- namespace = "prometheus"
- create_namespace = true
- description = "Prometheus helm Chart deployment configuration"
+ name = "prometheus"
+ chart = "prometheus"
+ version = "15.10.1"
+ repository = "https://prometheus-community.github.io/helm-charts"
+ namespace = local.namespace
+ description = "Prometheus helm Chart deployment configuration"
values = [templatefile("${path.module}/values.yaml", {
operating_system = try(var.helm_config.operating_system, "linux")
})]
@@ -91,7 +98,7 @@ module "irsa_amp_ingest" {
count = var.enable_amazon_prometheus ? 1 : 0
create_kubernetes_namespace = false
- kubernetes_namespace = module.helm_addon.namespace
+ kubernetes_namespace = local.namespace
kubernetes_service_account = local.ingest_service_account
irsa_iam_policies = [aws_iam_policy.ingest[0].arn]
@@ -131,7 +138,7 @@ module "irsa_amp_query" {
count = var.enable_amazon_prometheus ? 1 : 0
create_kubernetes_namespace = false
- kubernetes_namespace = module.helm_addon.namespace
+ kubernetes_namespace = local.namespace
kubernetes_service_account = "amp-query"
irsa_iam_policies = [aws_iam_policy.query[0].arn]
diff --git a/modules/kubernetes-addons/prometheus/versions.tf b/modules/kubernetes-addons/prometheus/versions.tf
index f92f41b9e7..d2ddf87cc2 100644
--- a/modules/kubernetes-addons/prometheus/versions.tf
+++ b/modules/kubernetes-addons/prometheus/versions.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.72"
}
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = ">= 2.10"
+ }
}
}