y0zg / terraform-helm-shared

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

terraform-helm-shared

About

Provides various helm charts for shared services running on EKS

Main features

  • Common addons with associated IAM permissions if needed:

Requirements

Documentation

User guides, feature documentation and examples are available here

IAM permissions

This module can use either IRSA which is the recommanded method or Kiam.

About Kiam

Kiam prevents pods from accessing EC2 instances IAM role and therefore using the instances role to perform actions on AWS. It also allows pods to assume specific IAM roles if needed. To do so kiam-agent acts as an iptables proxy on nodes. It intercepts requests made to EC2 metadata and redirect them to a kiam-server that fetches IAM credentials and pass them to pods.

Kiam is running with an IAM user and use a secret key and a access key (AK/SK).

Addons that require specific IAM permissions

Some addons interface with AWS API, for example:

  • cluster-autoscaler
  • cni-metric-helper
  • kubernetes-external-secrets

Terraform docs

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a
helm n/a
kubectl n/a
kubernetes n/a
random n/a

Inputs

Name Description Type Default Required
argocd Customise argocd chart, see external-secrets.tf for supported values any {} no
aws AWS provider customization any {} no
cluster-name Name of the Kubernetes cluster string "sample-cluster" no
cluster_autoscaler Customise cluster-autoscaler chart, see cluster_autoscaler.tf for supported values any {} no
cni_metrics_helper Customise cni-metrics-helper deployment, see cni_metrics_helper.tf for supported values any {} no
eks EKS cluster inputs any {} no
external_secrets Customise external-secrets chart, see external-secrets.tf for supported values any {} no
fluentd_cloudwatch Customise fluentd-cloudwatch chart, see fluentd-cloudwatch.tf for supported values any {} no
helm_defaults Customise default Helm behaviour any {} no
kiam Customise kiam chart, see kiam.tf for supported values any {} no
metrics_server Customise metrics-server chart, see metrics_server.tf for supported values any {} no
nginx_ingress Customise nginx-ingress chart, see nginx-ingress.tf for supported values any {} no
npd Customise node-problem-detector chart, see npd.tf for supported values any {} no
priority_class Customise a priority class for addons any {} no
priority_class_ds Customise a priority class for addons daemonsets any {} no
prometheus_operator Customise prometheus-operator chart, see kube_prometheus.tf for supported values any {} no

Outputs

Name Description
grafana_password n/a
kiam-server-role-arn n/a
kiam-server-role-name n/a

About

License:MIT License


Languages

Language:HCL 100.0%