We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/
A terraform module to deploy an Cert Manager on Amazon EKS cluster.
Check out other terraform kubernetes addons.
See Basic example for further information.
When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.
To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the argo_application_use_helm variable to true.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | >= 2.0 |
| helm | >= 1.0.0 |
| kubernetes | >= 2.6 |
| time | >= 0.6 |
| utils | >= 0.14.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_iam_role_policy_attachment.this_additional | resource |
| helm_release.argocd_application | resource |
| helm_release.default_cluster_issuer | resource |
| helm_release.this | resource |
| kubernetes_manifest.this | resource |
| time_sleep.default_cluster_issuer | resource |
| aws_iam_policy_document.this | data source |
| aws_iam_policy_document.this_irsa | data source |
| utils_deep_merge_yaml.argo_application_values | data source |
| utils_deep_merge_yaml.default_cluster_issuer_values | data source |
| utils_deep_merge_yaml.values | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string |
n/a | yes |
| cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string |
n/a | yes |
| argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool |
false |
no |
| argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool |
false |
no |
| argo_application_values | Value overrides to use when deploying argo application object with helm | string |
"" |
no |
| argo_destionation_server | Destination server for ArgoCD Application | string |
"https://kubernetes.default.svc" |
no |
| argo_info | ArgoCD info manifest parameter | list |
[ |
no |
| argo_namespace | Namespace to deploy ArgoCD application CRD to | string |
"argo" |
no |
| argo_project | ArgoCD Application project | string |
"default" |
no |
| argo_sync_policy | ArgoCD syncPolicy manifest parameter | map |
{} |
no |
| cluster_issuer_enabled | Variable indicating whether default ClusterIssuer CRD is enabled | bool |
false |
no |
| cluster_issuer_settings | Additional settings which will be passed to the Helm chart cluster_issuer values, see https://github.com/lablabs/terraform-aws-eks-cert-manager/blob/main/helm/defaultClusterIssuer/values.yaml | map(any) |
{} |
no |
| cluster_issuers_values | Additional values for cert manager cluster issuers helm chart. Values will be merged, in order, as Helm does with multiple -f options | string |
"" |
no |
| enabled | Variable indicating whether deployment is enabled | bool |
true |
no |
| helm_chart_name | Helm chart name to be installed | string |
"cert-manager" |
no |
| helm_chart_version | Version of the Helm chart | string |
"1.5.3" |
no |
| helm_create_namespace | Whether to create k8s namespace with name defined by k8s_namespace |
bool |
true |
no |
| helm_release_name | Helm release name | string |
"cert-manager" |
no |
| helm_repo_url | Helm repository | string |
"https://charts.jetstack.io" |
no |
| k8s_assume_role_arns | Allow IRSA to assume specified role arns. Assume role must be enabled. | list(string) |
[] |
no |
| k8s_assume_role_enabled | Whether IRSA is allowed to assume role defined by k8s_assume_role_arn. Useful for hosted zones in another AWS account. | bool |
false |
no |
| k8s_irsa_additional_policies | Map of the additional policies to be attached to default role. Where key is arbiraty id and value is policy arn. | map(string) |
{} |
no |
| k8s_irsa_policy_enabled | Whether to create opinionated policy to allow operations on specified zones in policy_allowed_zone_ids. |
bool |
true |
no |
| k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool |
true |
no |
| k8s_irsa_role_name_prefix | The IRSA role name prefix for prometheus | string |
"cert-manager-irsa" |
no |
| k8s_namespace | The K8s namespace in which the external-dns will be installed | string |
"kube-system" |
no |
| k8s_rbac_create | Whether to create and use RBAC resources | bool |
true |
no |
| k8s_service_account_create | Whether to create Service Account | bool |
true |
no |
| k8s_service_account_name | The k8s cert-manager service account name | string |
"cert-manager" |
no |
| policy_allowed_zone_ids | List of the Route53 zone ids for service account IAM role access | list(string) |
[ |
no |
| settings | Additional settings which will be passed to the Helm chart values, see https://artifacthub.io/packages/helm/cert-manager/cert-manager | map(any) |
{} |
no |
| tags | AWS resources tags | map(string) |
{} |
no |
| values | Additional values for cert manager helm chart. Values will be merged, in order, as Helm does with multiple -f options | string |
"" |
no |
| Name | Description |
|---|---|
| helm_release_application_metadata | Argo application helm release attributes |
| helm_release_metadata | Helm release attributes |
| iam_role_attributes | Prometheus IAM role atributes |
| kubernetes_application_attributes | Argo kubernetes manifest attributes |
Feel free to create an issue in this repository if you have questions, suggestions or feature requests.
We want to provide high quality code and modules. For this reason we are using several pre-commit hooks and GitHub Actions workflow. A pull-request to the master branch will trigger these validations and lints automatically. Please check your code before you will create pull-requests. See pre-commit documentation and GitHub Actions documentation for further details.
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.