forked from aws-ia/terraform-aws-eks-blueprints
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add support for
istio-csr
addon (aws-ia#1100)
Co-authored-by: Bryant Biggs <[email protected]>
- Loading branch information
Showing
10 changed files
with
141 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# cert-manager-istio-csr | ||
|
||
istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager. | ||
|
||
For complete project documentation, please visit the [cert-manager documentation site](https://cert-manager.io/docs/usage/istio/). | ||
|
||
## Usage | ||
|
||
cert-manger-istio-csr can be deployed by enabling the add-on via the following. | ||
|
||
```hcl | ||
enable_cert_manager_istio_csr = true | ||
``` | ||
|
||
### GitOps Configuration | ||
|
||
The following properties are made available for use when managing the add-on via GitOps. | ||
|
||
``` | ||
certManagerIstioCsr = { | ||
enable = true | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
modules/kubernetes-addons/cert-manager-istio-csr/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Cert-manager-istio-csr Helm Chart | ||
|
||
istio-csr enables the use of cert-manager for issuing certificates in Istio service meshes | ||
|
||
For more details checkout [cert-manager-istio-csr](https://github.com/cert-manager/istio-csr) on GitHub | ||
|
||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 | | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br> aws_caller_identity_account_id = string<br> aws_caller_identity_arn = string<br> aws_eks_cluster_endpoint = string<br> aws_partition_id = string<br> aws_region_name = string<br> eks_cluster_id = string<br> eks_oidc_issuer_url = string<br> eks_oidc_provider_arn = string<br> tags = map(string)<br> irsa_iam_role_path = string<br> irsa_iam_permissions_boundary = string<br> })</pre> | n/a | yes | | ||
| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for istio-csr. | `any` | `{}` | no | | ||
| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD | | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
module "helm_addon" { | ||
source = "../helm-addon" | ||
helm_config = merge( | ||
{ | ||
name = "cert-manager-istio-csr" | ||
chart = "cert-manager-istio-csr" | ||
repository = "https://charts.jetstack.io" | ||
version = "v0.5.0" | ||
namespace = "cert-manager" | ||
create_namespace = false | ||
description = "Cert-manager-istio-csr Helm Chart deployment configuration" | ||
}, | ||
var.helm_config | ||
) | ||
manage_via_gitops = var.manage_via_gitops | ||
addon_context = var.addon_context | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "argocd_gitops_config" { | ||
description = "Configuration used for managing the add-on with ArgoCD" | ||
value = var.manage_via_gitops ? { enable = true } : null | ||
} |
28 changes: 28 additions & 0 deletions
28
modules/kubernetes-addons/cert-manager-istio-csr/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
variable "helm_config" { | ||
description = "Helm Config for istio-csr." | ||
type = any | ||
default = {} | ||
} | ||
|
||
variable "manage_via_gitops" { | ||
description = "Determines if the add-on should be managed via GitOps." | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "addon_context" { | ||
description = "Input configuration for the addon" | ||
type = object({ | ||
aws_caller_identity_account_id = string | ||
aws_caller_identity_arn = string | ||
aws_eks_cluster_endpoint = string | ||
aws_partition_id = string | ||
aws_region_name = string | ||
eks_cluster_id = string | ||
eks_oidc_issuer_url = string | ||
eks_oidc_provider_arn = string | ||
tags = map(string) | ||
irsa_iam_role_path = string | ||
irsa_iam_permissions_boundary = string | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
terraform { | ||
required_version = ">= 1.0.0" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters