aws-ia · askulkarni2 · Mar 4, 2022 · Mar 2, 2022 · Mar 2, 2022 · Mar 1, 2022
@@ -59,7 +59,7 @@ No modules.
 | <a name="input_create_kubernetes_service_account"></a> [create\_kubernetes\_service\_account](#input\_create\_kubernetes\_service\_account) | Should the module create the Service Account | `bool` | `true` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM Role path | `string` | `"/"` | no |
 | <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM Policy ARN for IRSA IAM role permissions boundary | `string` | `""` | no |
-| <a name="input_irsa_iam_policies"></a> [irsa\_iam\_policies](#input\_irsa\_iam\_policies) | IAM Policies for IRSA IAM role | `list(string)` | n/a | yes |
+| <a name="input_irsa_iam_policies"></a> [irsa\_iam\_policies](#input\_irsa\_iam\_policies) | IAM Policies for IRSA IAM role | `list(string)` | `[]` | no |
 | <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | Kubernetes Namespace name | `string` | n/a | yes |
 | <a name="input_kubernetes_service_account"></a> [kubernetes\_service\_account](#input\_kubernetes\_service\_account) | Kubernetes Service Account Name | `string` | n/a | yes |
 

@@ -32,7 +32,7 @@ resource "kubernetes_service_account_v1" "irsa" {
   metadata {
     name        = var.kubernetes_service_account
     namespace   = var.kubernetes_namespace
-    annotations = { "eks.amazonaws.com/role-arn" : aws_iam_role.irsa.arn }
+    annotations = var.irsa_iam_policies != null ? { "eks.amazonaws.com/role-arn" : aws_iam_role.irsa[0].arn } : null
     labels = {
       "app.kubernetes.io/managed-by" = "terraform-ssp-amazon-eks"
     }
@@ -42,6 +42,8 @@ resource "kubernetes_service_account_v1" "irsa" {
 }
 
 resource "aws_iam_role" "irsa" {
+  count = var.irsa_iam_policies != null ? 1 : 0
+
   name                  = format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")
   description           = "AWS IAM Role for the Kubernetes service account ${var.kubernetes_service_account}."
   assume_role_policy    = join("", data.aws_iam_policy_document.irsa_with_oidc.*.json)
@@ -59,7 +61,8 @@ resource "aws_iam_role" "irsa" {
 }
 
 resource "aws_iam_role_policy_attachment" "irsa" {
-  count      = length(var.irsa_iam_policies)
+  count = var.irsa_iam_policies != null ? length(var.irsa_iam_policies) : 0
+
   policy_arn = var.irsa_iam_policies[count.index]
-  role       = aws_iam_role.irsa.name
+  role       = aws_iam_role.irsa[0].name
 }
@@ -18,10 +18,10 @@
 
 output "irsa_iam_role_arn" {
   description = "IAM role ARN for your service account"
-  value       = aws_iam_role.irsa.arn
+  value       = var.irsa_iam_policies != null ? aws_iam_role.irsa[0].arn : null
 }
 
 output "irsa_iam_role_name" {
   description = "IAM role name for your service account"
-  value       = aws_iam_role.irsa.name
+  value       = var.irsa_iam_policies != null ? aws_iam_role.irsa[0].name : null
 }
@@ -47,6 +47,7 @@ variable "iam_role_path" {
 variable "irsa_iam_policies" {
   type        = list(string)
   description = "IAM Policies for IRSA IAM role"
+  default     = []
 }
 
 variable "irsa_iam_permissions_boundary" {

@@ -56,7 +56,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | ./ingress-nginx | n/a |
 | <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | ./karpenter | n/a |
 | <a name="module_keda"></a> [keda](#module\_keda) | ./keda | n/a |
-| <a name="module_kube_state_metrics"></a> [kube\_state\_metrics](#module\_kube\_state\_metrics) | askulkarni2/kube-state-metrics-addon/eksblueprints | 0.0.2 |
+| <a name="module_kube_state_metrics"></a> [kube\_state\_metrics](#module\_kube\_state\_metrics) | askulkarni2/kube-state-metrics-addon/eksblueprints | 0.0.3 |
 | <a name="module_kubernetes_dashboard"></a> [kubernetes\_dashboard](#module\_kubernetes\_dashboard) | ./kubernetes-dashboard | n/a |
 | <a name="module_metrics_server"></a> [metrics\_server](#module\_metrics\_server) | ./metrics-server | n/a |
 | <a name="module_prometheus"></a> [prometheus](#module\_prometheus) | ./prometheus | n/a |
@@ -135,7 +135,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | <a name="input_enable_prometheus"></a> [enable\_prometheus](#input\_enable\_prometheus) | Enable Community Prometheus add-on | `bool` | `false` | no |
 | <a name="input_enable_spark_k8s_operator"></a> [enable\_spark\_k8s\_operator](#input\_enable\_spark\_k8s\_operator) | Enable Spark on K8s Operator add-on | `bool` | `false` | no |
 | <a name="input_enable_traefik"></a> [enable\_traefik](#input\_enable\_traefik) | Enable Traefik add-on | `bool` | `false` | no |
-| <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Kubernetes Vertical Pod Autoscaler add-on | `bool` | `false` | no |
+| <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |
 | <a name="input_enable_yunikorn"></a> [enable\_yunikorn](#input\_enable\_yunikorn) | Enable Apache YuniKorn K8s scheduler add-on | `bool` | `false` | no |
 | <a name="input_fargate_fluentbit_addon_config"></a> [fargate\_fluentbit\_addon\_config](#input\_fargate\_fluentbit\_addon\_config) | Fargate fluentbit add-on config | `any` | `{}` | no |
 | <a name="input_ingress_nginx_helm_config"></a> [ingress\_nginx\_helm\_config](#input\_ingress\_nginx\_helm\_config) | Ingress Nginx Helm Chart config | `any` | `{}` | no |
@@ -159,7 +159,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | <a name="input_spark_k8s_operator_helm_config"></a> [spark\_k8s\_operator\_helm\_config](#input\_spark\_k8s\_operator\_helm\_config) | Spark on K8s Operator Helm Chart config | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
 | <a name="input_traefik_helm_config"></a> [traefik\_helm\_config](#input\_traefik\_helm\_config) | Traefik Helm Chart config | `any` | `{}` | no |
-| <a name="input_vpa_helm_config"></a> [vpa\_helm\_config](#input\_vpa\_helm\_config) | Vertical Pod Autoscaler Helm Chart config | `any` | `{}` | no |
+| <a name="input_vpa_helm_config"></a> [vpa\_helm\_config](#input\_vpa\_helm\_config) | VPA Helm Chart config | `any` | `null` | no |
 | <a name="input_yunikorn_helm_config"></a> [yunikorn\_helm\_config](#input\_yunikorn\_helm\_config) | Yunikorn Helm Chart config | `any` | `null` | no |
 | <a name="input_yunikorn_irsa_permissions_boundary"></a> [yunikorn\_irsa\_permissions\_boundary](#input\_yunikorn\_irsa\_permissions\_boundary) | IAM Policy ARN for IRSA IAM role permissions boundary | `string` | `""` | no |
 | <a name="input_yunikorn_irsa_policies"></a> [yunikorn\_irsa\_policies](#input\_yunikorn\_irsa\_policies) | IAM policy ARNs for Yunikorn IRSA | `list(string)` | `[]` | no |

@@ -36,7 +36,7 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
 | <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Add-on helm chart config, provide repository and version at the minimum.<br>See https://registry.terraform.io/providers/hashicorp/helm/latest/docs. | `any` | n/a | yes |
-| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | <pre>object({<br>    kubernetes_namespace              = string<br>    create_kubernetes_namespace       = bool<br>    kubernetes_service_account        = string<br>    create_kubernetes_service_account = bool<br>    eks_cluster_id                    = string<br>    iam_role_path                     = string<br>    tags                              = map(string)<br>    irsa_iam_policies                 = list(string)<br>    irsa_iam_permissions_boundary     = string<br>  })</pre> | n/a | yes |
+| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | <pre>object({<br>    kubernetes_namespace              = string<br>    create_kubernetes_namespace       = optional(bool)<br>    kubernetes_service_account        = string<br>    create_kubernetes_service_account = optional(bool)<br>    eks_cluster_id                    = string<br>    iam_role_path                     = optional(string)<br>    tags                              = optional(map(string))<br>    irsa_iam_policies                 = optional(list(string))<br>    irsa_iam_permissions_boundary     = optional(string)<br>  })</pre> | n/a | yes |
 | <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
 | <a name="input_set_sensitive_values"></a> [set\_sensitive\_values](#input\_set\_sensitive\_values) | Forced set\_sensitive values | `any` | `[]` | no |
 | <a name="input_set_values"></a> [set\_values](#input\_set\_values) | Forced set values | `any` | `[]` | no |

@@ -0,0 +1,11 @@
+terraform {
+  experiments = [module_variable_optional_attrs]
+}
+
+locals {
+  irsa_config = defaults(var.irsa_config, {
+    create_kubernetes_namespace       = true
+    create_kubernetes_service_account = true
+    iam_role_path                     = "/"
+  })
+}
@@ -27,14 +27,14 @@ variable "manage_via_gitops" {
 variable "irsa_config" {
   type = object({
     kubernetes_namespace              = string
-    create_kubernetes_namespace       = bool
+    create_kubernetes_namespace       = optional(bool)
     kubernetes_service_account        = string
-    create_kubernetes_service_account = bool
+    create_kubernetes_service_account = optional(bool)
     eks_cluster_id                    = string
-    iam_role_path                     = string
-    tags                              = map(string)
-    irsa_iam_policies                 = list(string)
-    irsa_iam_permissions_boundary     = string
+    iam_role_path                     = optional(string)
+    tags                              = optional(map(string))
+    irsa_iam_policies                 = optional(list(string))
+    irsa_iam_permissions_boundary     = optional(string)
   })
   description = "Input configuration for IRSA module"
 }

@@ -213,6 +213,7 @@ module "vpa" {
   source            = "./vpa"
   helm_config       = var.vpa_helm_config
   manage_via_gitops = var.argocd_manage_add_ons
+  addon_context     = local.addon_context
 }
 
 module "yunikorn" {
@@ -229,13 +230,12 @@ module "yunikorn" {
 module "kube_state_metrics" {
   count                     = var.enable_kube_state_metrics ? 1 : 0
   source                    = "askulkarni2/kube-state-metrics-addon/eksblueprints"
-  version                   = "0.0.2"
-  eks_cluster_id            = var.eks_cluster_id
+  version                   = "0.0.3"
   helm_config               = var.kube_state_metrics_helm_config
   irsa_policies             = var.kube_state_metrics_irsa_policies
   irsa_permissions_boundary = var.kube_state_metrics_irsa_permissions_boundary
-  tags                      = var.tags
   manage_via_gitops         = var.argocd_manage_add_ons
+  addon_context             = local.addon_context
 }
 
 module "kubernetes_dashboard" {

@@ -432,17 +432,17 @@ variable "keda_irsa_policies" {
   default     = []
 }
 
-#-----------Vertical Pod Autoscaler(VPA) ADDON-------------
+#------Vertical Pod Autoscaler(VPA) ADDON--------
 variable "enable_vpa" {
   type        = bool
   default     = false
-  description = "Enable Kubernetes Vertical Pod Autoscaler add-on"
+  description = "Enable Vertical Pod Autoscaler add-on"
 }
 
 variable "vpa_helm_config" {
   type        = any
-  default     = {}
-  description = "Vertical Pod Autoscaler Helm Chart config"
+  default     = null
+  description = "VPA Helm Chart config"
 }
 
 #-----------Apache YuniKorn ADDON-------------

@@ -9,48 +9,32 @@
 
 
 <!--- BEGIN_TF_DOCS --->
-Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: MIT-0
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this
-software and associated documentation files (the "Software"), to deal in the Software
-without restriction, including without limitation the rights to use, copy, modify,
-merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
-PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
 ## Requirements
 
 No requirements.
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
+No providers.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
 
 ## Resources
 
-| Name | Type |
-|------|------|
-| [helm_release.vpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+No resources.
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Kubernetes Vertical Pod Autoscaler Helm chart config | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
+| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
+| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
+| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for VPA | `any` | `{}` | no |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
 
 ## Outputs
 

@@ -1,71 +1,34 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: MIT-0
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this
- * software and associated documentation files (the "Software"), to deal in the Software
- * without restriction, including without limitation the rights to use, copy, modify,
- * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
- * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
- * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
 locals {
+  name                 = "vpa"
   service_account_name = "vpa-sa"
-  namespace            = "vpa"
 
   default_helm_config = {
-    name                       = "vpa"
-    chart                      = "vpa"
-    repository                 = "https://charts.fairwinds.com/stable"
-    version                    = "1.0.0"
-    namespace                  = "vpa"
-    timeout                    = "1200"
-    create_namespace           = true
-    description                = "Kubernetes Vertical Pod Autoscaler"
-    lint                       = false
-    wait                       = true
-    wait_for_jobs              = false
-    verify                     = false
-    keyring                    = ""
-    repository_key_file        = ""
-    repository_cert_file       = ""
-    repository_ca_file         = ""
-    repository_username        = ""
-    repository_password        = ""
-    disable_webhooks           = false
-    reuse_values               = false
-    reset_values               = false
-    force_update               = false
-    recreate_pods              = false
-    cleanup_on_fail            = false
-    max_history                = 0
-    atomic                     = false
-    skip_crds                  = false
-    render_subchart_notes      = true
-    disable_openapi_validation = false
-    dependency_update          = false
-    replace                    = false
-    postrender                 = ""
-    set                        = []
-    set_sensitive              = []
-    values                     = local.default_helm_values
+    name        = local.name
+    chart       = local.name
+    repository  = "https://charts.fairwinds.com/stable"
+    version     = "1.0.0"
+    namespace   = local.name
+    description = "Kubernetes Vertical Pod Autoscaler"
+    values      = local.default_helm_values
+    timeout     = "1200"
   }
 
+  default_helm_values = [templatefile("${path.module}/values.yaml", {
+    sa-name = local.service_account_name
+  })]
+
   helm_config = merge(
     local.default_helm_config,
     var.helm_config
   )
 
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    vpa_sa_name = local.service_account_name
-  })]
+  irsa_config = {
+    kubernetes_namespace              = local.helm_config["namespace"]
+    kubernetes_service_account        = local.service_account_name
+    create_kubernetes_namespace       = true
+    create_kubernetes_service_account = true
+    eks_cluster_id                    = var.addon_context.eks_cluster_id
+  }
 
   argocd_gitops_config = {
     enable             = true