Provides various addons that are often used on Kubernetes with AWS It can be used with existing EKS terraform module Follows clusterfrak-dynamics terraform-kubernetes-addons approach
- Common addons with associated IAM permissions if needed:
- kubernetes-external-secrets: external secret management systems
- filebeat: open source file harvester
- metricbeat: Metricbeat fetches a set of metrics
- wave/pusher: Kubernetes configuration tracking controller
User guides, feature documentation and examples are available here
This module can use either IRSA which is the recommanded method or Kiam.
Kiam prevents pods from accessing EC2 instances IAM role and therefore using the instances role to perform actions on AWS. It also allows pods to assume specific IAM roles if needed. To do so kiam-agent acts as an iptables proxy on nodes. It intercepts requests made to EC2 metadata and redirect them to a kiam-server that fetches IAM credentials and pass them to pods.
Kiam is running with an IAM user and use a secret key and a access key (AK/SK).
Some addons interface with AWS API, for example:
external-secrets
| Name | Version |
|---|---|
| aws | n/a |
| helm | n/a |
| http | n/a |
| kubectl | n/a |
| kubernetes | n/a |
| random | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws | AWS provider customization | any |
{} |
no |
| external-secrets | Customize external-secrets chart, see external-secrets.tf for supported values |
any |
{} |
no |
| pusher-wave | Customize external-secrets chart, see pusher-wave.tf for supported values |
any |
{} |
no |
| filebeat | Customize filebeat chart, see filebeat.tf for supported values |
any |
{} |
no |
| metricbeat | Customize external-secrets chart, see metricbeat.tf for supported values |
any |
{} |
no |
| Name | Description |
|---|---|
| example_output | n/a |