fix: refactor all foundation to use valuesObject instead of parameter…

…s or values, also removed TF modules which are no longer needed and started the example terraform
pelotech · Jan 11, 2024 · 772421d · 772421d
1 parent b535c85
commit 772421d
Show file tree

Hide file tree

Showing 30 changed files with 300 additions and 1,351 deletions.
diff --git a/gitops/base-install/cert-manager/install.yaml b/gitops/base-install/cert-manager/install.yaml
@@ -19,42 +19,42 @@ spec:
     targetRevision: 1.13.2
     helm:
       releaseName: cert-manager
-      parameters:
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
-          value: CERT_MANAGER_ROLE_ARN
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/sts-regional-endpoints
-          value: "true"
-          forceString: true
-        - name: installCRDs
-          value: "true"
-        - name: serviceAccount.create
-          value: "true"
-        - name: extraEnv[0].name
-          value: "AWS_REGION"
-        - name: extraEnv[0].value
-          value: "us-east-1"
-        - name: serviceAccount.name
-          value: "cert-manager"
-        - name: securityContext.fsGroup
-          value: "1001"
-        - name: resources.limits.memory
-          value: "105M"
-        - name: resources.requests.cpu
-          value: "15m"
-        - name: resources.requests.memory
-          value: "105M"
-        - name: webhook.resources.limits.memory
-          value: "105M"
-        - name: webhook.resources.requests.cpu
-          value: "15m"
-        - name: webhook.resources.requests.memory
-          value: "105M"
-        - name: cainjector.resources.limits.memory
-          value: "105M"
-        - name: cainjector.resources.requests.cpu
-          value: "15m"
-        - name: cainjector.resources.requests.memory
-          value: "105M"
+      valuesObject:
+        installCRDs: true
+        serviceAccount:
+          create: true
+          name: cert-manager
+          annotations:
+            eks.amazonaws.com/role-arn: CERT_MANAGER_ROLE_ARN
+            eks.amazonaws.com/sts-regional-endpoint: "true"
+        extraEnv:
+          - name: AWS_REGION
+            value: "us-east-1"
+        securityContext:
+          fsGroup: "1001"
+        resources:
+          requests:
+            cpu: "15m"
+            memory: "105M"
+          limits:
+            cpu: "15m"
+            memory: "105M"
+        webhook:
+          resources:
+            requests:
+              cpu: "15m"
+              memory: "105M"
+            limits:
+              cpu: "15m"
+              memory: "105M"
+        cainjector:
+          resources:
+            requests:
+              cpu: "15m"
+              memory: "105M"
+            limits:
+              cpu: "15m"
+              memory: "105M"
   destination:
     namespace: cert-manager
     name: in-cluster
@@ -75,12 +75,9 @@ spec:
     path: gitops/base-install/cert-manager/create-issuer
     helm:
       releaseName: create-issuer
-      parameters:
-        - name: acmeIssuerEmail
-          value: ACME_ISSUER_EMAIL
-        - name: awsRegion
-          value: AWS_REGION
-
+      valuesObject:
+        acmeIssuerEmail: ACME_ISSUER_EMAIL
+        awsRegion: AWS_REGION
     targetRevision: main
   destination:
     namespace: cert-manager

diff --git a/gitops/base-install/ebs-csi/install.yaml b/gitops/base-install/ebs-csi/install.yaml
@@ -17,57 +17,48 @@ spec:
     targetRevision: 2.26.0
     helm:
       releaseName: aws-ebs-csi-driver
-      parameters:
-        - name: controller.serviceAccount.annotations.eks\.amazonaws\.com/role-arn
-          value: EBS_CSI_ROLE_ARN
-        - name: controller.serviceAccount.create
-          value: "true"
-        - name: controller.serviceAccount.name
-          value: "ebs-csi-driver"
-        - name: controller.serviceAccount.annotations.eks\.amazonaws\.com/sts-regional-endpoints
-          value: "true"
-          forceString: true
-        - name: controller.resources.limits.memory
-          value: "128Mi"
-        - name: controller.resources.requests.cpu
-          value: "100m"
-        - name: controller.resources.requests.memory
-          value: "128Mi"
-        - name: node.serviceAccount.create
-          value: "false"
-        - name: node.serviceAccount.name
-          value: "ebs-csi-driver"
-        - name: node.resources.limits.memory
-          value: "128Mi"
-        - name: node.resources.requests.cpu
-          value: "100m"
-        - name: node.resources.requests.memory
-          value: "128Mi"
-        - name: storageClasses.0.name
-          value: gp3
-        - name: >-
-            storageClasses.0.annotations.storageclass\.kubernetes\.io/is-default-class
-          value: 'true'
-          forceString: true
-        - name: storageClasses.0.parameters.type
-          value: gp3
-# TODO: Encrypting volumes by default seems desirable, but may have unintended consequences
-#        - name: storageClasses.0.parameters.encrypted
-#          value: "true"
-        - name: storageClasses.1.name
-          value: gp2
-        - name: storageClasses.1.parameters.type
-          value: gp2
-# TODO: Encrypting volumes by default seems desirable, but may have unintended consequences
-#        - name: storageClasses.1.parameters.encrypted
-#          value: "true"
-        - name: volumeSnapshotClasses.0.annotations.snapshot\.storage\.kubernetes\.io/is-default-class
-          value: "true"
-          forceString: true
-        - name: volumeSnapshotClasses.0.name
-          value: ebs-snapshot
-        - name: volumeSnapshotClasses.0.deletionPolicy
-          value: Delete
+      valuesObject:
+        controller:
+          serviceAccount:
+            create: "true"
+            name: ebs-csi-driver
+            annotations:
+              eks.amazonaws.com/role-arn: EBS_CSI_ROLE_ARN
+              eks.amazonaws.com/sts-regional-endpoints: "true"
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "128Mi"
+            limits:
+              cpu: "100m"
+              memory: "128Mi"
+        node:
+          serviceAccount:
+            create: "false"
+            name: "ebs-csi-driver"
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "128Mi"
+            limits:
+              cpu: "100m"
+              memory: "128Mi"
+        storageClasses:
+          - name: gp3
+            parameters:
+              type: gp3
+#              encrypted: "true" #TODO: Encrypting volumes by default seems desirable, check side effects
+            annotations:
+              storageclass.kubernetes.io/is-default-class: "true"
+          - name: gp2
+            parameters:
+              type: gp2
+#              encrypted: "true" #TODO: Encrypting volumes by default seems desirable, check side effects
+        volumeSnapshotClasses:
+          - name: ebs-snapshot
+            annotations:
+              snapshot.storage.kubernetes.io/is-default-class
+            deletionPolicy: Delete
   destination:
     namespace: kube-system
     name: in-cluster

diff --git a/gitops/base-install/external-dns/install.yaml b/gitops/base-install/external-dns/install.yaml
@@ -19,16 +19,13 @@ spec:
     targetRevision: 6.28.4
     helm:
       releaseName: external-dns
-      parameters:
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
-          value: EXTERNAL_DNS_ROLE_ARN
-        - name: txtOwnerId
-          value: CLUSTER_NAME
-      values: |
+      valuesObject:
+        txtOwnerId: CLUSTER_NAME
         serviceAccount:
           create: true
           name: external-dns-controller
           annotations:
+            eks.amazonaws.com/role-arn: EXTERNAL_DNS_ROLE_ARN
             eks.amazonaws.com/sts-regional-endpoints: "true"
         provider: aws
         policy: sync

diff --git a/gitops/base-install/image-updater/install.yaml b/gitops/base-install/image-updater/install.yaml
@@ -18,10 +18,7 @@ spec:
     chart: argocd-image-updater
     targetRevision: 0.9.1
     helm:
-      parameters:
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
-          value: IMAGE_UPDATER_ROLE_ARN
-      values: |
+      valuesObject:
         # guide: https://github.com/argoproj-labs/argocd-image-updater/issues/112#issuecomment-1058465942
         config:
           registries:
@@ -53,3 +50,4 @@ spec:
           name: argocd-image-updater
           annotations:
             eks.amazonaws.com/sts-regional-endpoints: "true"
+            eks.amazonaws.com/role-arn: IMAGE_UPDATER_ROLE_ARN
diff --git a/gitops/base-install/ingress-controller/resources.yaml b/gitops/base-install/ingress-controller/resources.yaml
@@ -18,37 +18,30 @@ spec:
     targetRevision: 1.6.2
     helm:
       releaseName: aws-load-balancer-controller
-      parameters:
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
-          value: ALB_ROLE_ARN
-        - name: serviceAccount.annotations.eks\.amazonaws\.com/sts-regional-endpoints
-          value: "true"
-          forceString: true
-        - name: serviceAccount.create
-          value: "true"
-        - name: serviceAccount.name
-          value: "aws-load-balancer-controller"
-        - name: clusterName
-          value: CLUSTER_NAME
-        - name: resources.limits.memory
-          value: "128Mi"
-        - name: resources.requests.cpu
-          value: "100m"
-        - name: resources.requests.memory
-          value: "128Mi"
-        - name: 'tolerations[0].key'
-          value: CriticalAddonsOnly
-        - name: 'tolerations[0].operator'
-          value: Exists
-# NOTE: Currently disabled however may need to bring back to limit aws lb controller.
-#        - name: watchNamespace
-#          value: "ingress-nginx"
+      valuesObject:
+        serviceAccount:
+          create: "true"
+          name: "aws-load-balancer-controller"
+          annotations:
+            eks.amazonaws.com/role-arn: ALB_ROLE_ARN
+            eks.amazonaws.com/sts-regional-endpoints: "true"
+        clusterName: CLUSTER_NAME
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "128Mi"
+          limits:
+            cpu: "100m"
+            memory: "128Mi"
+        tolerations:
+          - key: CriticalAddonsOnly
+            operator: Exists
+#        watchNamespace: ingress-nginx # NOTE: Currently disabled however may need to bring back to limit aws lb controller.
   ignoreDifferences:
     - kind: Secret
       name: aws-load-balancer-tls
       jqPathExpressions:
         - .data
-
   destination:
     namespace: alb
     name: in-cluster

diff --git a/gitops/base-install/reloader/install.yaml b/gitops/base-install/reloader/install.yaml
@@ -24,7 +24,7 @@ spec:
     targetRevision: v1.0.51
     helm:
       releaseName: reloader
-      values: |
+      valuesObject:
         reloader:
           deployment:
             resources:

diff --git a/gitops/base-install/replacements/kustomization.yaml b/gitops/base-install/replacements/kustomization.yaml
@@ -38,7 +38,7 @@ replacements:
           kind: Application
           name: create-issuer
         fieldPaths:
-          - spec.source.helm.parameters.[name=acmeIssuerEmail].value
+          - spec.source.helm.valuesObject.acmeIssuerEmail
 
   - source:
       version: v1
@@ -52,7 +52,7 @@ replacements:
           kind: Application
           name: create-issuer
         fieldPaths:
-          - spec.source.helm.parameters.[name=awsRegion].value
+          - spec.source.helm.valuesObject.awsRegion
 
   - source:
       version: v1
@@ -66,14 +66,14 @@ replacements:
           kind: Application
           name: alb-controller
         fieldPaths:
-          - spec.source.helm.parameters.[name=clusterName].value
+          - spec.source.helm.valuesObject.clusterName
       - select:
           group: argoproj.io
           version: v1alpha1
           kind: Application
           name: external-dns
         fieldPaths:
-          - spec.source.helm.parameters.[name=txtOwnerId].value
+          - spec.source.helm.valuesObject.txtOwnerId
 
   - source:
       version: v1
@@ -87,8 +87,7 @@ replacements:
           kind: Application
           name: alb-controller
         fieldPaths:
-          - spec.source.helm.parameters.0.value # TODO: is there a way to use the [name=serviceAccount.annotations.eks\.amazonaws\.com/role-arn] escapes don't work
-
+          - spec.source.helm.valuesObject.serviceAccount.annotations.[eks.amazonaws.com/role-arn]
 
   - source:
       version: v1
@@ -102,7 +101,7 @@ replacements:
           kind: Application
           name: ebs-csi
         fieldPaths:
-          - spec.sources.[chart=aws-ebs-csi-driver].helm.parameters.0.value # TODO: is there a way to use the [name=controller.serviceAccount.annotations.eks\.amazonaws\.com/role-arn] escapes don't work
+          - spec.sources.[chart=aws-ebs-csi-driver].helm.valuesObject.controller.serviceAccount.annotations.[eks.amazonaws.com/role-arn]
 
   - source:
       version: v1
@@ -116,8 +115,7 @@ replacements:
           kind: Application
           name: external-dns
         fieldPaths:
-          - spec.source.helm.parameters.0.value # TODO: is there a way to use the [name=serviceAccount.annotations.eks\.amazonaws\.com/role-arn] escapes don't work
-
+          - spec.source.helm.valuesObject.serviceAccount.annotations.[eks.amazonaws.com/role-arn]
 
   - source:
       version: v1
@@ -131,8 +129,7 @@ replacements:
           kind: Application
           name: cert-manager
         fieldPaths:
-          - spec.source.helm.parameters.0.value # TODO: is there a way to use the [name=serviceAccount.annotations.eks\.amazonaws\.com/role-arn] escapes don't work
-
+          - spec.source.helm.valuesObject.serviceAccount.annotations.[eks.amazonaws.com/role-arn]
 
   - source:
       version: v1
@@ -146,5 +143,4 @@ replacements:
           kind: Application
           name: argocd-image-updater
         fieldPaths:
-          - spec.source.helm.parameters.0.value # TODO: is there a way to use the [name=serviceAccount.annotations.eks\.amazonaws\.com/role-arn] escapes don't work
-
+          - spec.source.helm.valuesObject.serviceAccount.annotations.[eks.amazonaws.com/role-arn]