├── .devcontainer ├── Dockerfile ├── README.md └── devcontainer.json ├── .dockerignore ├── .github └── workflows │ ├── terraform-pipeline-dev.yaml │ ├── terraform-pipeline-staging.yaml │ ├── terragrunt-dev-destroy.yaml │ └── terragrunt-dev.yaml ├── .gitignore ├── .vscode ├── launch.json └── settings.json ├── LICENSE ├── README.md ├── docs ├── README.md ├── accessing-private-vpc-from-ci-system.md ├── aws-transit-gateway │ ├── transit-gateway-network.drawio │ └── transit-gateway-network.png ├── cidr-ranges.md ├── cluster-operations.md ├── deployment.md ├── diagrams │ ├── images │ │ ├── AWS-Secrets-Configuration-Provider-2021-1.png │ │ ├── external-secrets.png │ │ ├── loki-explore.png │ │ ├── loki-logs-nginx.png │ │ ├── loki-search-by-dropdown.png │ │ ├── loki-search-help.png │ │ └── loki-select-datasource.png │ ├── istio-k8s.drawio │ └── istio-k8s.png ├── eks.md ├── how-to-add-in-a-new-app.md ├── images │ ├── aws-kops │ │ ├── Topology-aws-kops.png │ │ └── Topology-aws-kops.xml │ ├── ci-cd-fargate-runner │ │ ├── ci-cd-fargate-runner.drawio │ │ └── ci-cd-fargate-runner.png │ ├── eks-logs-cloudwatch-log-groups.png │ ├── eks-logs-setting.png │ ├── gcp-gke │ │ ├── topology-gcp-gke.png │ │ └── topology-gcp-gke.xml │ ├── gcp-groups │ │ ├── GCP-Groups.png │ │ └── GCP-Groups.xml │ ├── istio-networking.png │ └── the-stack │ │ ├── kubernetes-managed-service-stack-v1.png │ │ ├── kubernetes-managed-service-stack-v1.xml │ │ ├── kubernetes-managed-service-stack-v2.png │ │ └── kubernetes-managed-service-stack-v2.xml ├── kubernetes-secrets.md ├── kubernetes-security │ ├── README.md │ └── images │ │ ├── deployment-workflow.drawio │ │ ├── deployment-workflow.png │ │ ├── example-application.drawio │ │ ├── example-application.png │ │ ├── kubernetes-controle-plane.drawio │ │ ├── kubernetes-controle-plane.png │ │ ├── n-tier-application-architecture.drawio │ │ └── n-tier-application-architecture.png ├── observability.md ├── terraform-github-action-pipeline.md ├── terraform-troubleshooting.md ├── tools.md ├── wip-thoughts.md └── wireguard │ ├── README.md │ ├── client-wg-config.conf │ └── server-wg-config.conf ├── old ├── clusters │ ├── aws │ │ └── kops │ │ │ ├── .gitignore │ │ │ ├── clusters │ │ │ ├── ci-pipeline │ │ │ │ └── values.yaml │ │ │ ├── dev-example │ │ │ │ └── values.yaml │ │ │ ├── dev-test │ │ │ │ └── values.yaml │ │ │ ├── dev │ │ │ │ └── values.yaml │ │ │ ├── prod │ │ │ │ └── values.yaml │ │ │ ├── qa │ │ │ │ └── values.yaml │ │ │ ├── staging │ │ │ │ └── values.yaml │ │ │ └── values.yaml │ │ │ ├── kops.sh │ │ │ └── template │ │ │ └── cluster.yml │ └── local │ │ └── kind │ │ ├── README.md │ │ └── config.yaml ├── containers │ └── kubernetes │ │ └── clusters │ │ └── kops │ │ ├── Dockerfile │ │ ├── README.md │ │ ├── ci-pipeline.sh │ │ ├── cleanup.sh │ │ ├── create-cluster.sh │ │ ├── e2e-tests.sh │ │ ├── fargate │ │ ├── task-definition-template.json │ │ ├── task-definition.json │ │ ├── task-execution-policy.json │ │ ├── task-policy.json │ │ └── task-role-trust-relationship.json │ │ ├── run.sh │ │ ├── setup.sh │ │ └── update-cluster.sh ├── docs │ ├── the-easier-way.md │ ├── the-manual-way.md │ └── updating-a-kops-cluster.md ├── kubernetes │ └── helm │ │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── .gitignore │ │ │ ├── Chart.lock │ │ │ ├── Chart.yaml │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── charts │ │ │ │ └── cert-manager-v0.14.0.tgz │ │ │ └── values.yaml │ │ └── cluster-issuer │ │ │ ├── .gitignore │ │ │ ├── Chart.yaml │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── environments │ │ │ ├── aws-dev │ │ │ │ └── values.yaml │ │ │ └── gcp-dev │ │ │ │ └── values.yaml │ │ │ ├── templates │ │ │ ├── aws-route53-credentials-secret.yaml │ │ │ ├── dns01.yaml │ │ │ └── http01.yaml │ │ │ └── values.yaml │ │ ├── cluster-autoscaler │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── charts │ │ │ └── cluster-autoscaler-0.13.3.tgz │ │ ├── environments │ │ │ └── dev │ │ │ │ └── values.yaml │ │ ├── requirements.lock │ │ ├── requirements.yaml │ │ └── values.yaml │ │ ├── external-dns │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── charts │ │ │ └── external-dns-2.5.3.tgz │ │ ├── environments │ │ │ ├── aws-dev │ │ │ │ └── values.yaml │ │ │ └── gcp-dev │ │ │ │ └── values.yaml │ │ ├── requirements.lock │ │ ├── requirements.yaml │ │ └── values.yaml │ │ ├── flux │ │ ├── README.md │ │ ├── flux │ │ │ ├── Chart.yaml │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── charts │ │ │ │ └── flux-1.2.0.tgz │ │ │ ├── environments │ │ │ │ └── dev │ │ │ │ │ └── values.yaml │ │ │ ├── requirements.lock │ │ │ └── values.yaml │ │ ├── helm-operator │ │ │ ├── Chart.yaml │ │ │ ├── Makefile │ │ │ ├── README.md │ │ │ ├── charts │ │ │ │ └── helm-operator-0.7.0.tgz │ │ │ ├── environments │ │ │ │ └── dev │ │ │ │ │ └── values.yaml │ │ │ ├── requirements.lock │ │ │ └── values.yaml │ │ └── namespaces │ │ │ └── namespace.yaml │ │ ├── http-echo │ │ ├── README.md │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── namespace.yaml │ │ └── service.yaml │ │ ├── jenkins │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── charts │ │ │ └── jenkins-1.2.2.tgz │ │ ├── requirements.lock │ │ ├── requirements.yaml │ │ ├── values-infrastructure.yaml │ │ └── values.yaml │ │ ├── kube-bench │ │ └── kops │ │ │ ├── job-master.yaml │ │ │ └── job-node.yaml │ │ ├── kube-metrics-adapter │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── custom-metrics-apiservice.yaml │ │ │ ├── deployment.yaml │ │ │ ├── external-metrics-apiservice.yaml │ │ │ ├── rbac.yaml │ │ │ └── service.yaml │ │ ├── test-usage │ │ │ ├── deployment.yaml │ │ │ ├── hpa-pod-metric.yaml │ │ │ ├── hpa-prometheus-metric-v2beta1.yaml │ │ │ └── hpa-prometheus-metric-v2beta2.yaml │ │ └── values.yaml │ │ ├── nginx-ingress │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── charts │ │ │ └── nginx-ingress-1.33.4.tgz │ │ ├── diagrams │ │ │ ├── nginx-ingress-diagram.png │ │ │ └── nginx-ingress-diagram.svg │ │ ├── environments │ │ │ ├── dev │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ │ ├── gke-dev │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ │ ├── kind │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ │ ├── prod │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ │ ├── qa │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ │ └── staging │ │ │ │ ├── values-external.yaml │ │ │ │ └── values-internal.yaml │ │ ├── mermaid │ │ │ └── nginx-ingress-diagram-flow.txt │ │ ├── namespace.yaml │ │ ├── namespaces │ │ │ └── namespace.yaml │ │ ├── requirements.lock │ │ ├── test │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ ├── integration_controller_deployment_test.go │ │ │ ├── template_controller_configmap_test.go │ │ │ └── template_controller_deployment_test.go │ │ └── values.yaml │ │ ├── prometheus-blackbox-exporter │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── charts │ │ │ └── prometheus-blackbox-exporter-0.3.0.tgz │ │ ├── environments │ │ │ └── dev-us │ │ │ │ └── servicemonitor.yaml │ │ ├── requirements.lock │ │ ├── requirements.yaml │ │ └── values.yaml │ │ ├── prometheus-operator │ │ ├── .gitignore │ │ ├── Chart.yaml │ │ ├── Makefile │ │ ├── README.md │ │ ├── alertrules │ │ │ ├── cluster-health.yaml │ │ │ ├── cpu-rules.yaml │ │ │ ├── disk-rules.yaml │ │ │ ├── kube-apiserver.yaml │ │ │ ├── kube-controller-manager.yaml │ │ │ ├── kube-node-status.yaml │ │ │ ├── kube-scheduler.yaml │ │ │ ├── kube-state-metric-pod.yaml │ │ │ └── memory-rules.yaml │ │ ├── charts │ │ │ └── prometheus-operator-8.11.1.tgz │ │ ├── dashboards │ │ │ ├── analysis-by-cluster.yaml │ │ │ ├── analysis-by-namespace.yaml │ │ │ └── analysis-by-pod.yaml │ │ ├── environments │ │ │ └── dev │ │ │ │ └── values.yaml │ │ ├── requirements.lock │ │ └── values.yaml │ │ └── sealed-secrets │ │ ├── README.md │ │ └── environments │ │ └── gcp-dev │ │ └── pub-cert.pem ├── ops │ └── vpc.sh ├── tf-environments │ ├── README.md │ ├── aws │ │ ├── dev │ │ │ ├── _env_defaults │ │ │ │ ├── aws.tfvars │ │ │ │ └── main.tf │ │ │ ├── rds │ │ │ │ └── terragrunt.hcl │ │ │ ├── ssm │ │ │ │ ├── documents │ │ │ │ │ └── sessions │ │ │ │ │ │ ├── user-no-sudo │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ │ │ └── user-sudo │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── ec2-roles │ │ │ │ │ └── dev │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── s3_bucket_interactive_session_logs │ │ │ │ │ └── terragrunt.hcl │ │ │ │ └── user-policies │ │ │ │ │ ├── attach-to-user-list │ │ │ │ │ └── SSM-user-sudo │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ │ └── restrict-by-ssm-document │ │ │ │ │ ├── SSM-user-no-sudo │ │ │ │ │ └── terragrunt.hcl │ │ │ │ │ └── SSM-user-sudo │ │ │ │ │ └── terragrunt.hcl │ │ │ └── vpc │ │ │ │ └── terragrunt.hcl │ │ ├── infrastructure │ │ │ └── aws │ │ │ │ └── transit-gateway │ │ │ │ ├── _env_defaults │ │ │ │ └── transit-gateway.tfvars │ │ │ │ ├── terragrunt.hcl │ │ │ │ ├── us-east-1 │ │ │ │ ├── _env_defaults │ │ │ │ │ └── aws.tfvars │ │ │ │ ├── add-tg-routes │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── tg-internal-attach-vpc │ │ │ │ │ ├── dev-us │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway-route-table │ │ │ │ │ ├── us-east-2 │ │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ │ └── us-west-2 │ │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway │ │ │ │ │ └── terragrunt.hcl │ │ │ │ └── vpc │ │ │ │ │ └── production-test-vpc │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── us-east-2 │ │ │ │ ├── _env_defaults │ │ │ │ │ └── aws.tfvars │ │ │ │ ├── add-tg-routes │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── tg-internal-attach-vpc │ │ │ │ │ └── production-test-vpc │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway-route-table │ │ │ │ │ └── us-east-1 │ │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway │ │ │ │ │ └── terragrunt.hcl │ │ │ │ └── vpc │ │ │ │ │ └── production-test-vpc │ │ │ │ │ └── terragrunt.hcl │ │ │ │ └── us-west-2 │ │ │ │ ├── _env_defaults │ │ │ │ └── aws.tfvars │ │ │ │ ├── add-tg-routes │ │ │ │ └── production-test-vpc │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── tg-internal-attach-vpc │ │ │ │ └── production-test-vpc │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway-route-table │ │ │ │ └── us-east-1 │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── transit-gateway │ │ │ │ └── terragrunt.hcl │ │ │ │ └── vpc │ │ │ │ └── production-test-vpc │ │ │ │ └── terragrunt.hcl │ │ └── terragrunt.hcl │ ├── azure │ │ ├── dev │ │ │ └── aks │ │ │ │ ├── cluster │ │ │ │ └── terragrunt.hcl │ │ │ │ └── node_pools │ │ │ │ └── generic-1 │ │ │ │ └── terragrunt.hcl │ │ └── terragrunt.hcl │ └── gcp │ │ ├── dev │ │ ├── _env_defaults │ │ │ └── gcp.tfvars │ │ ├── firewall-rules │ │ │ └── prometheus │ │ │ │ └── terragrunt.hcl │ │ ├── gke-cluster │ │ │ └── terragrunt.hcl │ │ ├── gke-subnets │ │ │ └── terragrunt.hcl │ │ ├── nodepools │ │ │ ├── pool-1 │ │ │ │ └── terragrunt.hcl │ │ │ └── pool-2 │ │ │ │ └── terragrunt.hcl │ │ └── vpc │ │ │ └── terragrunt.hcl │ │ └── terragrunt.hcl └── tf-modules │ ├── aws │ ├── iam │ │ └── policies │ │ │ └── source-ip-controls │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ ├── networks │ │ ├── README.md │ │ ├── add-tg-routes │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ │ ├── diagrams │ │ │ ├── ec2-1-instance.png │ │ │ ├── ec2-1-security-group.png │ │ │ ├── ec2-1-subnet.png │ │ │ ├── ec2-1-vpc-route-table.png │ │ │ ├── ec2-2-instance.png │ │ │ ├── ec2-2-vpc-route-table.png │ │ │ ├── transit-gateway-diagram.png │ │ │ ├── transit-gateway.drawio │ │ │ ├── us-east-1-tg-attachments.png │ │ │ ├── us-east-1-tg-route-table.png │ │ │ ├── us-west-2-tg-attachment-peering.png │ │ │ ├── us-west-2-tg-attachments.png │ │ │ ├── us-west-2-tg-route-table.png │ │ │ └── us-west-2-transit-gateway.png │ │ ├── peer-transit-gateway-internal │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── vars.tf │ │ ├── tg-external-attach-to-vpc │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ │ ├── tg-internal-attach-to-vpc │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ │ ├── transit-gateway-route-table │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── vars.tf │ │ └── transit-gateway │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ ├── rds │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── ssm │ │ ├── AWS-SSM.png │ │ ├── AWS-SSM.xml │ │ ├── README.md │ │ ├── documents │ │ │ └── sessions │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── vars.tf │ │ │ │ └── versions.tf │ │ ├── ec2-role │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── vars.tf │ │ │ └── versions.tf │ │ ├── user-policies │ │ │ ├── attach-policy-to-group │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── vars.tf │ │ │ │ └── versions.tf │ │ │ ├── attach-policy-to-user │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── vars.tf │ │ │ │ └── versions.tf │ │ │ └── restrict-by-ssm-document │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── vars.tf │ │ │ │ └── versions.tf │ │ └── vpc-endpoints │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── vars.tf │ └── vpc │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ ├── README.md │ └── aks │ │ ├── cluster │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf │ │ └── node_pool │ │ ├── main.tf │ │ └── vars.tf │ └── gcp │ ├── firewall-rules │ └── prometheus │ │ ├── main.tf │ │ ├── vars.tf │ │ └── version.tf │ ├── gke-subnets │ ├── main.tf │ ├── outputs.tf │ ├── vars.tf │ └── versions.tf │ ├── nodepool │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── vars.tf │ └── versions.tf │ ├── private-gke-cluster │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── vars.tf │ └── versions.tf │ └── vpc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── vars.tf │ └── versions.tf ├── terraform-environments ├── aws │ ├── dev │ │ ├── 10-vpc │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ ├── 20-eks │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ ├── 25-eks-cluster-autoscaler │ │ │ └── main.tf │ │ ├── 5-route53-hostedzone │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ └── helm │ │ │ ├── cert-manager │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ ├── external-dns │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ ├── grafana-loki │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ ├── ingress-nginx-external │ │ │ ├── README.md │ │ │ ├── certificate.tpl.yaml │ │ │ ├── helm_values.tpl.yaml │ │ │ └── main.tf │ │ │ ├── istio-networking │ │ │ ├── gateway.tpl.yaml │ │ │ ├── main.tf │ │ │ └── virtualservice.tpl.yaml │ │ │ ├── istio │ │ │ ├── istio_base_values.yaml │ │ │ ├── istio_ingress_values.yaml │ │ │ ├── istiod_values.yaml │ │ │ └── main.tf │ │ │ ├── kubernetes-external-secrets │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ └── opentelemetry │ │ │ ├── 10-grafana-tempo-server-single │ │ │ ├── terragrunt.hcl │ │ │ └── values.yaml │ │ │ ├── 20-opentelemetry-operator │ │ │ ├── terragrunt.hcl │ │ │ └── values.yaml │ │ │ ├── 30-opentelemetry-collector │ │ │ ├── terragrunt.hcl │ │ │ └── yaml │ │ │ │ └── collector.yaml │ │ │ ├── README.md │ │ │ └── generate-apm-data.yaml │ ├── staging │ │ ├── 10-vpc │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ ├── 20-eks │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ ├── 25-eks-cluster-autoscaler │ │ │ └── main.tf │ │ ├── 5-route53-hostedzone │ │ │ ├── main.tf │ │ │ └── outputs.tf │ │ ├── README.md │ │ └── helm │ │ │ ├── cert-manager │ │ │ ├── helm_values.yaml │ │ │ └── main.tf │ │ │ ├── external-dns │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ ├── grafana-loki │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ ├── ingress-nginx-external │ │ │ ├── README.md │ │ │ ├── helm_values.tpl.yaml │ │ │ └── main.tf │ │ │ ├── kube-prometheus-stack │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── values.yaml │ │ │ └── sample-app │ │ │ ├── helm_values.yaml │ │ │ ├── main.tf │ │ │ └── variables.tf │ └── terragrunt-dev │ │ ├── README.md │ │ ├── common.hcl │ │ ├── progress.md │ │ ├── provider_k8s_helm_for_eks.template.hcl │ │ ├── terragrunt.hcl │ │ └── us-east-1 │ │ ├── region.hcl │ │ └── terragrunt-dev │ │ ├── 050-github-aws-permissions │ │ ├── .terraform.lock.hcl │ │ ├── README.md │ │ ├── policy.json │ │ └── terragrunt.hcl │ │ ├── 100-route53-hostedzone │ │ ├── terraform.lock.hcl │ │ └── terragrunt.hcl │ │ ├── 150-vpc │ │ ├── .terraform.lock.hcl │ │ └── terragrunt.hcl │ │ ├── 200-eks │ │ ├── .terraform.lock.hcl │ │ └── terragrunt.hcl │ │ ├── 250-eks-cluster-autoscaler │ │ ├── .terraform.lock.hcl │ │ └── terragrunt.hcl │ │ ├── 300-kubernetes │ │ ├── 100-cert-manager │ │ │ ├── 10-cert-manager │ │ │ │ ├── terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ │ └── 20-issuers │ │ │ │ ├── terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ ├── 110-testkube │ │ │ ├── 10-testkube │ │ │ │ ├── terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ │ ├── 20-infra-base │ │ │ │ ├── terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ │ └── 30-local-tests │ │ │ │ ├── terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ ├── 120-external-dns │ │ │ ├── .terraform.lock.hcl │ │ │ ├── README.md │ │ │ ├── terragrunt.hcl │ │ │ └── values.yaml │ │ ├── 130-external-secrets │ │ │ ├── 10-external-secrets │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.tpl.yaml │ │ │ └── 20-external-secret-store │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ ├── 200-istio │ │ │ ├── 10-istio │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── istio_base_values.yaml │ │ │ │ ├── istio_ingress_values.tpl.yaml │ │ │ │ ├── istiod_values.yaml │ │ │ │ └── terragrunt.hcl │ │ │ ├── 20-domain-wildcard-cert │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── yaml │ │ │ │ │ └── certificate.yaml │ │ │ ├── 30-gw-vs │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── yaml │ │ │ │ │ └── gateway.yaml │ │ │ └── 40-istio-kiali │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── README.md │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ ├── 210-kube-prometheus-stack │ │ │ └── 10-kube-prometheus-stack │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ ├── 220-grafana-loki │ │ │ └── 10-grafana-loki │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ ├── 230-opentelemetry │ │ │ ├── 10-grafana-tempo-server-single │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ │ ├── 20-opentelemetry-operator │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ │ └── 30-opentelemetry-collector │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── yaml │ │ │ │ └── collector.yaml │ │ ├── 500-sample-app-opentel-1 │ │ │ ├── README.md │ │ │ ├── app │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── helm_values.tpl.yaml │ │ │ │ └── terragrunt.hcl │ │ │ └── backend │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── helm_values.tpl.yaml │ │ │ │ └── terragrunt.hcl │ │ └── 510-sample-app-opentel-2 │ │ │ ├── .terraform.lock.hcl │ │ │ ├── README.md │ │ │ ├── helm_values.tpl.yaml │ │ │ └── terragrunt.hcl │ │ └── environment.hcl └── azure │ └── dev │ ├── common.hcl │ ├── east-us-2 │ ├── dev │ │ ├── 10-network │ │ │ ├── 10-vnet │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ │ └── 30-vnet-peering │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ ├── 100-kubernetes │ │ │ ├── 130-external-secrets │ │ │ │ ├── 10-install │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── 20-secret-store │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ └── terragrunt.hcl │ │ │ │ └── 30-test-secrets │ │ │ │ │ ├── README.md │ │ │ │ │ └── test-secret-1.yaml │ │ │ ├── 140-external-dns │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── README.md │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ │ ├── 200-istio │ │ │ │ ├── 10-istio │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ ├── istio_base_values.yaml │ │ │ │ │ ├── istio_ingress_values.tpl.yaml │ │ │ │ │ ├── istiod_values.yaml │ │ │ │ │ └── terragrunt.hcl │ │ │ │ ├── 20-domain-wildcard-cert │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ ├── README.md │ │ │ │ │ ├── terragrunt.hcl │ │ │ │ │ └── yaml │ │ │ │ │ │ └── external_secret.yaml │ │ │ │ ├── 30-gw-vs │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ ├── terragrunt.hcl │ │ │ │ │ └── yaml │ │ │ │ │ │ └── gateway.yaml │ │ │ │ └── 40-istio-kiali │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ ├── terragrunt.hcl │ │ │ │ │ └── values.yaml │ │ │ ├── 210-kube-prometheus-stack │ │ │ │ └── 10-kube-prometheus-stack │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ ├── terragrunt.hcl │ │ │ │ │ └── values.yaml │ │ │ └── 220-grafana-loki │ │ │ │ └── 10-grafana-loki │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ ├── terragrunt.hcl │ │ │ │ └── values.yaml │ │ ├── 20-aks │ │ │ ├── 10-cluster │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ │ ├── 20-node_pools │ │ │ │ └── 10-generic1 │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ └── terragrunt.hcl │ │ │ └── README.md │ │ ├── 30-vault │ │ │ ├── .terraform.lock.hcl │ │ │ └── terragrunt.hcl │ │ ├── 40-dns │ │ │ ├── private │ │ │ │ └── dev.managedkube.com │ │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ │ └── terragrunt.hcl │ │ │ └── public │ │ │ │ ├── .terraform.lock.hcl │ │ │ │ └── terragrunt.hcl │ │ └── environment.hcl │ └── region.hcl │ ├── env-common.hcl │ ├── provider_k8s_helm.template.hcl │ └── terragrunt.hcl └── terraform-modules ├── README.md ├── aws ├── airflow │ ├── README.md │ ├── default_iam_policy.json │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── amplify │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── apigateway │ └── vpc_link │ │ └── main.tf ├── athena │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── cloudposse │ └── aws-cloudtrail-cloudwatch-alarms │ │ ├── README.md │ │ ├── context.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── cluster-autoscaler │ ├── README.md │ ├── helm_values.yaml.tpl │ ├── main.tf │ └── variables.tf ├── data-modules │ ├── README.md │ └── eks │ │ └── main.tf ├── ec2-tag │ ├── README.md │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── eks-efs-csi-driver │ ├── README.md │ ├── efs-policy.json │ ├── helm_values.tpl.yaml │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── eks │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test │ │ ├── go.mod │ │ ├── go.sum │ │ └── terratest_test.go │ └── variables.tf ├── emr │ └── security_configuration │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── grafana │ └── loki │ │ └── promtail │ │ ├── README.md │ │ ├── main.tf │ │ └── variables.tf ├── helm │ ├── argocd │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── values.yaml │ │ └── variables.tf │ ├── cert-manager-issuers │ │ ├── dns01-cluster-issuer.tpl.yaml │ │ ├── http01-cluster-issuer.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf │ ├── cert-manager │ │ ├── dns01-cluster-issuer.tpl.yaml │ │ ├── helm_values.tpl.yaml │ │ ├── http01-cluster-issuer.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf │ ├── external-dns │ │ ├── helm_values.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf │ ├── external-secrets │ │ ├── README.md │ │ ├── install │ │ │ ├── helm_values.tpl.yaml │ │ │ ├── iam-policy.tpl.json │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── secret_store │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ └── secrets │ │ │ ├── main.tf │ │ │ └── variables.tf │ ├── helm_generic │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── istio-kiali │ │ ├── main.tf │ │ ├── values.yaml │ │ └── variables.tf │ ├── kube-prometheus-stack │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── values_local.yaml │ │ └── variables.tf │ ├── kubernetes-external-secrets │ │ ├── README.md │ │ ├── helm_values.tpl.yaml │ │ ├── iam-policy.tpl.json │ │ ├── main.tf │ │ └── variables.tf │ └── nginx-ingress │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── values.yaml │ │ └── variables.tf ├── iam │ └── generic │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── istio-networking │ └── main-gateway │ │ ├── README.md │ │ ├── certificate.tpl.yaml │ │ ├── gateway.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf ├── istio │ ├── README.md │ ├── istio-1.11.0 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── bin │ │ │ └── istioctl │ │ ├── manifest.yaml │ │ ├── manifests │ │ │ ├── charts │ │ │ │ ├── README-helm3.md │ │ │ │ ├── README.md │ │ │ │ ├── UPDATING-CHARTS.md │ │ │ │ ├── base │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── crds │ │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ │ └── crd-operator.yaml │ │ │ │ │ ├── files │ │ │ │ │ │ └── gen-istio-cluster.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── crds.yaml │ │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── services.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── gateways │ │ │ │ │ ├── istio-egress │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ │ ├── templates │ │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── istio-ingress │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ ├── install-OpenShift.md │ │ │ │ ├── istio-cni │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── istio-control │ │ │ │ │ └── istio-discovery │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ │ ├── files │ │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ │ ├── gen-istio.yaml │ │ │ │ │ │ ├── grpc-agent.yaml │ │ │ │ │ │ ├── grpc-simple.yaml │ │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── configmap-jwks.yaml │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ │ ├── revision-tags.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ ├── telemetryv2_1.10.yaml │ │ │ │ │ │ ├── telemetryv2_1.11.yaml │ │ │ │ │ │ ├── telemetryv2_1.9.yaml │ │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ ├── istio-operator │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── crds │ │ │ │ │ │ └── crd-operator.yaml │ │ │ │ │ ├── files │ │ │ │ │ │ └── gen-operator.yaml │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrole_binding.yaml │ │ │ │ │ │ ├── crds.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── namespace.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── service_account.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istiod-remote │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ ├── crd-operator.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── examples │ │ │ │ ├── customresource │ │ │ │ │ └── istio_v1alpha1_istiooperator_cr.yaml │ │ │ │ └── user-gateway │ │ │ │ │ └── ingress-gateway-only.yaml │ │ │ └── profiles │ │ │ │ ├── default.yaml │ │ │ │ ├── demo.yaml │ │ │ │ ├── empty.yaml │ │ │ │ ├── external.yaml │ │ │ │ ├── minimal.yaml │ │ │ │ ├── openshift.yaml │ │ │ │ ├── preview.yaml │ │ │ │ └── remote.yaml │ │ ├── samples │ │ │ ├── README.md │ │ │ ├── addons │ │ │ │ ├── README.md │ │ │ │ ├── extras │ │ │ │ │ ├── prometheus-operator.yaml │ │ │ │ │ ├── prometheus_vm.yaml │ │ │ │ │ ├── prometheus_vm_tls.yaml │ │ │ │ │ └── zipkin.yaml │ │ │ │ ├── grafana.yaml │ │ │ │ ├── jaeger.yaml │ │ │ │ ├── kiali.yaml │ │ │ │ └── prometheus.yaml │ │ │ ├── bookinfo │ │ │ │ ├── README.md │ │ │ │ ├── build_push_update_images.sh │ │ │ │ ├── networking │ │ │ │ │ ├── bookinfo-gateway.yaml │ │ │ │ │ ├── certmanager-gateway.yaml │ │ │ │ │ ├── destination-rule-all-mtls.yaml │ │ │ │ │ ├── destination-rule-all.yaml │ │ │ │ │ ├── destination-rule-reviews.yaml │ │ │ │ │ ├── egress-rule-google-apis.yaml │ │ │ │ │ ├── fault-injection-details-v1.yaml │ │ │ │ │ ├── virtual-service-all-v1.yaml │ │ │ │ │ ├── virtual-service-details-v2.yaml │ │ │ │ │ ├── virtual-service-ratings-db.yaml │ │ │ │ │ ├── virtual-service-ratings-mysql-vm.yaml │ │ │ │ │ ├── virtual-service-ratings-mysql.yaml │ │ │ │ │ ├── virtual-service-ratings-test-abort.yaml │ │ │ │ │ ├── virtual-service-ratings-test-delay.yaml │ │ │ │ │ ├── virtual-service-reviews-50-v3.yaml │ │ │ │ │ ├── virtual-service-reviews-80-20.yaml │ │ │ │ │ ├── virtual-service-reviews-90-10.yaml │ │ │ │ │ ├── virtual-service-reviews-jason-v2-v3.yaml │ │ │ │ │ ├── virtual-service-reviews-test-v2.yaml │ │ │ │ │ ├── virtual-service-reviews-v2-v3.yaml │ │ │ │ │ └── virtual-service-reviews-v3.yaml │ │ │ │ ├── platform │ │ │ │ │ └── kube │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ ├── bookinfo-certificate.yaml │ │ │ │ │ │ ├── bookinfo-db.yaml │ │ │ │ │ │ ├── bookinfo-details-v2.yaml │ │ │ │ │ │ ├── bookinfo-details.yaml │ │ │ │ │ │ ├── bookinfo-ingress.yaml │ │ │ │ │ │ ├── bookinfo-mysql.yaml │ │ │ │ │ │ ├── bookinfo-ratings-discovery.yaml │ │ │ │ │ │ ├── bookinfo-ratings-v2-mysql-vm.yaml │ │ │ │ │ │ ├── bookinfo-ratings-v2-mysql.yaml │ │ │ │ │ │ ├── bookinfo-ratings-v2.yaml │ │ │ │ │ │ ├── bookinfo-ratings.yaml │ │ │ │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ │ │ │ ├── bookinfo.yaml │ │ │ │ │ │ ├── cleanup.sh │ │ │ │ │ │ └── productpage-nodeport.yaml │ │ │ │ ├── policy │ │ │ │ │ └── productpage_envoy_ratelimit.yaml │ │ │ │ ├── src │ │ │ │ │ ├── build-services.sh │ │ │ │ │ ├── mongodb │ │ │ │ │ │ ├── ratings_data.json │ │ │ │ │ │ └── script.sh │ │ │ │ │ ├── productpage │ │ │ │ │ │ ├── requirements.txt │ │ │ │ │ │ └── test-requirements.txt │ │ │ │ │ └── ratings │ │ │ │ │ │ └── package.json │ │ │ │ └── swagger.yaml │ │ │ ├── certs │ │ │ │ ├── README.md │ │ │ │ ├── ca-cert-alt.pem │ │ │ │ ├── ca-cert.pem │ │ │ │ ├── ca-key-alt.pem │ │ │ │ ├── ca-key.pem │ │ │ │ ├── cert-chain-alt.pem │ │ │ │ ├── cert-chain.pem │ │ │ │ ├── generate-workload.sh │ │ │ │ ├── root-cert-alt.pem │ │ │ │ ├── root-cert.pem │ │ │ │ ├── workload-bar-cert.pem │ │ │ │ ├── workload-bar-key.pem │ │ │ │ ├── workload-foo-cert.pem │ │ │ │ └── workload-foo-key.pem │ │ │ ├── custom-bootstrap │ │ │ │ ├── README.md │ │ │ │ ├── custom-bootstrap.yaml │ │ │ │ └── example-app.yaml │ │ │ ├── extauthz │ │ │ │ ├── README.md │ │ │ │ ├── ext-authz.yaml │ │ │ │ ├── local-ext-authz.yaml │ │ │ │ └── src │ │ │ │ │ └── Makefile │ │ │ ├── external │ │ │ │ ├── README.md │ │ │ │ ├── aptget.yaml │ │ │ │ ├── github.yaml │ │ │ │ └── pypi.yaml │ │ │ ├── health-check │ │ │ │ ├── liveness-command.yaml │ │ │ │ └── liveness-http-same-port.yaml │ │ │ ├── helloworld │ │ │ │ ├── README.md │ │ │ │ ├── gen-helloworld.sh │ │ │ │ ├── helloworld-gateway.yaml │ │ │ │ ├── helloworld.yaml │ │ │ │ ├── loadgen.sh │ │ │ │ └── src │ │ │ │ │ ├── build_service.sh │ │ │ │ │ └── requirements.txt │ │ │ ├── httpbin │ │ │ │ ├── README.md │ │ │ │ ├── httpbin-gateway.yaml │ │ │ │ ├── httpbin-nodeport.yaml │ │ │ │ ├── httpbin-vault.yaml │ │ │ │ ├── httpbin.yaml │ │ │ │ └── sample-client │ │ │ │ │ └── fortio-deploy.yaml │ │ │ ├── jwt-server │ │ │ │ ├── jwt-server.yaml │ │ │ │ └── src │ │ │ │ │ └── Makefile │ │ │ ├── kubernetes-blog │ │ │ │ ├── bookinfo-ratings.yaml │ │ │ │ ├── bookinfo-reviews-v2.yaml │ │ │ │ └── bookinfo-v1.yaml │ │ │ ├── multicluster │ │ │ │ ├── README.md │ │ │ │ ├── expose-istiod-https.yaml │ │ │ │ ├── expose-istiod.yaml │ │ │ │ ├── expose-services.yaml │ │ │ │ └── gen-eastwest-gateway.sh │ │ │ ├── operator │ │ │ │ ├── cni-on.yaml │ │ │ │ ├── default-install.yaml │ │ │ │ ├── pilot-advanced-override.yaml │ │ │ │ ├── pilot-k8s.yaml │ │ │ │ ├── values-global.yaml │ │ │ │ └── values-pilot.yaml │ │ │ ├── ratelimit │ │ │ │ └── rate-limit-service.yaml │ │ │ ├── security │ │ │ │ └── psp │ │ │ │ │ └── sidecar-psp.yaml │ │ │ ├── sleep │ │ │ │ ├── README.md │ │ │ │ ├── sleep-vault.yaml │ │ │ │ └── sleep.yaml │ │ │ ├── tcp-echo │ │ │ │ ├── README.md │ │ │ │ ├── tcp-echo-20-v2.yaml │ │ │ │ ├── tcp-echo-all-v1.yaml │ │ │ │ ├── tcp-echo-services.yaml │ │ │ │ └── tcp-echo.yaml │ │ │ └── websockets │ │ │ │ ├── README.md │ │ │ │ ├── app.yaml │ │ │ │ └── route.yaml │ │ └── tools │ │ │ ├── _istioctl │ │ │ ├── certs │ │ │ ├── Makefile.k8s.mk │ │ │ ├── Makefile.selfsigned.mk │ │ │ ├── README.md │ │ │ └── common.mk │ │ │ └── istioctl.bash │ ├── istio-1.12.6 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── manifest.yaml │ │ └── manifests │ │ │ ├── charts │ │ │ ├── README-helm3.md │ │ │ ├── README.md │ │ │ ├── UPDATING-CHARTS.md │ │ │ ├── base │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── crds │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-istio-cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── default.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── services.yaml │ │ │ │ └── values.yaml │ │ │ ├── default │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ └── validatingwebhook.yaml │ │ │ │ └── values.yaml │ │ │ ├── gateway │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── hpa.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ ├── values.schema.json │ │ │ │ └── values.yaml │ │ │ ├── gateways │ │ │ │ ├── istio-egress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-ingress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── install-OpenShift.md │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ ├── resourcequota.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-control │ │ │ │ └── istio-discovery │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ ├── gen-istio.yaml │ │ │ │ │ ├── grpc-agent.yaml │ │ │ │ │ ├── grpc-simple.yaml │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-jwks.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── revision-tags.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ ├── telemetryv2_1.10.yaml │ │ │ │ │ ├── telemetryv2_1.11.yaml │ │ │ │ │ ├── telemetryv2_1.12.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-operator │ │ │ │ ├── Chart.yaml │ │ │ │ ├── crds │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-operator.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrole_binding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── service_account.yaml │ │ │ │ └── values.yaml │ │ │ └── istiod-remote │ │ │ │ ├── Chart.yaml │ │ │ │ ├── NOTES.txt │ │ │ │ ├── files │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ └── injection-template.yaml │ │ │ │ ├── templates │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ ├── crd-operator.yaml │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ ├── role.yaml │ │ │ │ ├── rolebinding.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ ├── telemetryv2_1.10.yaml │ │ │ │ ├── telemetryv2_1.11.yaml │ │ │ │ ├── telemetryv2_1.12.yaml │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ └── values.yaml │ │ │ ├── examples │ │ │ ├── customresource │ │ │ │ └── istio_v1alpha1_istiooperator_cr.yaml │ │ │ └── user-gateway │ │ │ │ └── ingress-gateway-only.yaml │ │ │ └── profiles │ │ │ ├── default.yaml │ │ │ ├── demo.yaml │ │ │ ├── empty.yaml │ │ │ ├── external.yaml │ │ │ ├── minimal.yaml │ │ │ ├── openshift.yaml │ │ │ ├── preview.yaml │ │ │ └── remote.yaml │ ├── istio-1.14.3 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── manifest.yaml │ │ └── manifests │ │ │ ├── charts │ │ │ ├── README.md │ │ │ ├── UPDATING-CHARTS.md │ │ │ ├── base │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── crds │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-istio-cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── default.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── services.yaml │ │ │ │ └── values.yaml │ │ │ ├── default │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ └── validatingwebhook.yaml │ │ │ │ └── values.yaml │ │ │ ├── gateway │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── hpa.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ ├── values.schema.json │ │ │ │ └── values.yaml │ │ │ ├── gateways │ │ │ │ ├── istio-egress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-ingress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── install-OpenShift.md │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ ├── resourcequota.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-control │ │ │ │ └── istio-discovery │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ ├── gen-istio.yaml │ │ │ │ │ ├── grpc-agent.yaml │ │ │ │ │ ├── grpc-simple.yaml │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-jwks.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── revision-tags.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ ├── telemetryv2_1.11.yaml │ │ │ │ │ ├── telemetryv2_1.12.yaml │ │ │ │ │ ├── telemetryv2_1.13.yaml │ │ │ │ │ ├── telemetryv2_1.14.yaml │ │ │ │ │ ├── telemetryv2_1.15.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-operator │ │ │ │ ├── Chart.yaml │ │ │ │ ├── crds │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-operator.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrole_binding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── service_account.yaml │ │ │ │ └── values.yaml │ │ │ └── istiod-remote │ │ │ │ ├── Chart.yaml │ │ │ │ ├── NOTES.txt │ │ │ │ ├── files │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ └── injection-template.yaml │ │ │ │ ├── templates │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ ├── crd-operator.yaml │ │ │ │ ├── endpoints.yaml │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ ├── role.yaml │ │ │ │ ├── rolebinding.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ ├── services.yaml │ │ │ │ ├── telemetryv2_1.11.yaml │ │ │ │ ├── telemetryv2_1.12.yaml │ │ │ │ ├── telemetryv2_1.13.yaml │ │ │ │ ├── telemetryv2_1.14.yaml │ │ │ │ ├── telemetryv2_1.15.yaml │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ └── values.yaml │ │ │ ├── examples │ │ │ ├── customresource │ │ │ │ └── istio_v1alpha1_istiooperator_cr.yaml │ │ │ └── user-gateway │ │ │ │ └── ingress-gateway-only.yaml │ │ │ └── profiles │ │ │ ├── default.yaml │ │ │ ├── demo.yaml │ │ │ ├── empty.yaml │ │ │ ├── external.yaml │ │ │ ├── minimal.yaml │ │ │ ├── openshift.yaml │ │ │ ├── preview.yaml │ │ │ └── remote.yaml │ ├── istio-1.15.0 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── manifest.yaml │ │ └── manifests │ │ │ ├── charts │ │ │ ├── README.md │ │ │ ├── UPDATING-CHARTS.md │ │ │ ├── base │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── crds │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-istio-cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── default.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ └── services.yaml │ │ │ │ └── values.yaml │ │ │ ├── default │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ └── validatingwebhook.yaml │ │ │ │ └── values.yaml │ │ │ ├── gateway │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── hpa.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ ├── values.schema.json │ │ │ │ └── values.yaml │ │ │ ├── gateways │ │ │ │ ├── istio-egress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-ingress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── install-OpenShift.md │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ ├── resourcequota.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-control │ │ │ │ └── istio-discovery │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ ├── gen-istio.yaml │ │ │ │ │ ├── grpc-agent.yaml │ │ │ │ │ ├── grpc-simple.yaml │ │ │ │ │ └── injection-template.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-jwks.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── revision-tags.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ ├── telemetryv2_1.13.yaml │ │ │ │ │ ├── telemetryv2_1.14.yaml │ │ │ │ │ ├── telemetryv2_1.15.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-operator │ │ │ │ ├── Chart.yaml │ │ │ │ ├── crds │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── files │ │ │ │ │ └── gen-operator.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrole_binding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── service_account.yaml │ │ │ │ └── values.yaml │ │ │ └── istiod-remote │ │ │ │ ├── Chart.yaml │ │ │ │ ├── NOTES.txt │ │ │ │ ├── files │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ └── injection-template.yaml │ │ │ │ ├── templates │ │ │ │ ├── clusterrole.yaml │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ ├── crd-operator.yaml │ │ │ │ ├── default.yaml │ │ │ │ ├── endpoints.yaml │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ ├── role.yaml │ │ │ │ ├── rolebinding.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ ├── services.yaml │ │ │ │ ├── telemetryv2_1.13.yaml │ │ │ │ ├── telemetryv2_1.14.yaml │ │ │ │ ├── telemetryv2_1.15.yaml │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ └── values.yaml │ │ │ ├── examples │ │ │ ├── customresource │ │ │ │ └── istio_v1alpha1_istiooperator_cr.yaml │ │ │ └── user-gateway │ │ │ │ └── ingress-gateway-only.yaml │ │ │ └── profiles │ │ │ ├── default.yaml │ │ │ ├── demo.yaml │ │ │ ├── empty.yaml │ │ │ ├── external.yaml │ │ │ ├── minimal.yaml │ │ │ ├── openshift.yaml │ │ │ └── preview.yaml │ ├── istio-1.20.0 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── manifest.yaml │ │ └── manifests │ │ │ ├── charts │ │ │ ├── README.md │ │ │ ├── UPDATING-CHARTS.md │ │ │ ├── base │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── crds │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── default.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ └── services.yaml │ │ │ │ └── values.yaml │ │ │ ├── default │ │ │ │ ├── Chart.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ └── validatingwebhook.yaml │ │ │ │ └── values.yaml │ │ │ ├── gateway │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── openshift-values.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── hpa.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ ├── values.schema.json │ │ │ │ └── values.yaml │ │ │ ├── gateways │ │ │ │ ├── istio-egress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── istio-ingress │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── templates │ │ │ │ │ ├── _affinity.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── injected-deployment.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebindings.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── install-OpenShift.md │ │ │ ├── istio-cni │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── ambient-values.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-cni.yaml │ │ │ │ │ ├── daemonset.yaml │ │ │ │ │ ├── network-attachment-definition.yaml │ │ │ │ │ ├── resourcequota.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── values.yaml │ │ │ ├── istio-control │ │ │ │ └── istio-discovery │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── ambient-values.yaml │ │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ ├── grpc-agent.yaml │ │ │ │ │ ├── grpc-simple.yaml │ │ │ │ │ ├── injection-template.yaml │ │ │ │ │ ├── kube-gateway.yaml │ │ │ │ │ └── waypoint.yaml │ │ │ │ │ ├── templates │ │ │ │ │ ├── NOTES.txt │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── autoscale.yaml │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap-jwks.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── poddisruptionbudget.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── revision-tags.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ ├── telemetryv2_1.17.yaml │ │ │ │ │ ├── telemetryv2_1.18.yaml │ │ │ │ │ ├── telemetryv2_1.19.yaml │ │ │ │ │ ├── telemetryv2_1.20.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ │ └── values.yaml │ │ │ ├── istio-operator │ │ │ │ ├── Chart.yaml │ │ │ │ ├── crds │ │ │ │ │ └── crd-operator.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrole_binding.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── service.yaml │ │ │ │ │ └── service_account.yaml │ │ │ │ └── values.yaml │ │ │ ├── istiod-remote │ │ │ │ ├── Chart.yaml │ │ │ │ ├── NOTES.txt │ │ │ │ ├── files │ │ │ │ │ ├── gateway-injection-template.yaml │ │ │ │ │ └── injection-template.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── crd-all.gen.yaml │ │ │ │ │ ├── crd-operator.yaml │ │ │ │ │ ├── default.yaml │ │ │ │ │ ├── endpoints.yaml │ │ │ │ │ ├── istiod-injector-configmap.yaml │ │ │ │ │ ├── mutatingwebhook.yaml │ │ │ │ │ ├── reader-clusterrole.yaml │ │ │ │ │ ├── reader-clusterrolebinding.yaml │ │ │ │ │ ├── reader-serviceaccount.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ ├── services.yaml │ │ │ │ │ ├── telemetryv2_1.17.yaml │ │ │ │ │ ├── telemetryv2_1.18.yaml │ │ │ │ │ ├── telemetryv2_1.19.yaml │ │ │ │ │ ├── telemetryv2_1.20.yaml │ │ │ │ │ └── validatingwebhookconfiguration.yaml │ │ │ │ └── values.yaml │ │ │ └── ztunnel │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── daemonset.yaml │ │ │ │ └── rbac.yaml │ │ │ │ └── values.yaml │ │ │ ├── examples │ │ │ ├── customresource │ │ │ │ └── istio_v1alpha1_istiooperator_cr.yaml │ │ │ └── user-gateway │ │ │ │ └── ingress-gateway-only.yaml │ │ │ └── profiles │ │ │ ├── ambient.yaml │ │ │ ├── default.yaml │ │ │ ├── demo.yaml │ │ │ ├── empty.yaml │ │ │ ├── external.yaml │ │ │ ├── minimal.yaml │ │ │ ├── openshift.yaml │ │ │ ├── preview.yaml │ │ │ └── remote.yaml │ ├── main.tf │ └── variables.tf ├── kms │ ├── cloudtrail │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── cloudwatch_log_group │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── kubernetes-efs-volume │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── kubernetes │ ├── manifest │ │ ├── main.tf │ │ └── variables.tf │ ├── manifest_set │ │ ├── main.tf │ │ └── variables.tf │ ├── namespace │ │ ├── main.tf │ │ └── variables.tf │ └── pod_assumable_role │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── loki-distributed │ ├── README.md │ ├── helm_values.tpl.yaml │ ├── helm_values_promtail.tpl.yaml │ ├── main.tf │ └── variables.tf ├── loki-stack │ ├── README.md │ ├── main.tf │ ├── values.yaml │ └── variables.tf ├── mongodb-atlas-alerts │ ├── README.md │ ├── alert_list_041122.json │ ├── main.tf │ └── variables.tf ├── mongodb-atlas-user-list │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mongodb-atlas-users │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── mongodb-atlas │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── msk │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── msk_1.0.9 │ ├── README.md │ ├── main.tf │ ├── module │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── README.yaml │ │ ├── context.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── security-group-variables.tf │ │ ├── variables-deprecated.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── outputs.tf │ ├── variables-deprecated.tf │ └── variables.tf ├── msk_cluster_policy │ ├── README.md │ ├── main.tf │ └── variables.tf ├── msk_vpc_connection │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── nlb │ ├── README.md │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── opensearch │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── postgres │ ├── README.md │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── prometheus │ ├── README.md │ ├── iam-policy.tpl.json │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── qldb │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── route53 │ └── hosted-zone │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── test │ │ ├── go.mod │ │ ├── go.sum │ │ └── terratest_test.go │ │ └── variables.tf ├── s3 │ ├── bucket │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── folders │ │ ├── README.md │ │ ├── main.tf │ │ └── variables.tf ├── secret-manager │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── securitygroup-network-interface-attachment │ ├── README.md │ ├── main.tf │ └── variables.tf ├── securitygroup │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ses │ ├── dkim │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── email_identity │ │ ├── main.tf │ │ └── variables.tf ├── sns │ └── suscription │ │ ├── README.md │ │ ├── main.tf │ │ └── variables.tf ├── ssm │ ├── AWS-SSM.png │ ├── AWS-SSM.xml │ ├── README.md │ ├── ec2-role │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── vars.tf │ │ └── versions.tf │ └── vpc-endpoints │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf ├── testkube │ ├── base-tests │ │ └── test-suites │ │ │ └── infra-base │ │ │ ├── main.tf │ │ │ └── yaml │ │ │ ├── prometheus-endpoint.yaml │ │ │ └── ts.yaml │ └── local │ │ ├── README.md │ │ ├── main.tf │ │ ├── variables.tf │ │ └── yaml │ │ ├── alert-manager-slack-config.yaml │ │ └── ts.yaml.tftpl ├── vpc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── test │ │ ├── go.mod │ │ ├── go.sum │ │ └── terratest_test.go │ └── variables.tf └── workspaces │ ├── README.md │ ├── workspaces_directory │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf │ ├── workspaces_ip_group │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf │ └── workspaces_workspace │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── azure ├── README.md ├── active_directory │ └── groups │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf ├── aks │ ├── README.md │ ├── cluster │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf │ ├── cluster2 │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── node_pool │ │ ├── README.md │ │ ├── main.tf │ │ └── vars.tf ├── container_registry │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── dns │ ├── private │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── public │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── kubernetes │ ├── external-dns │ │ ├── README.md │ │ ├── azure.json │ │ ├── helm_values.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf │ └── external-secrets │ │ ├── README.md │ │ ├── install │ │ ├── helm_values.tpl.yaml │ │ ├── main.tf │ │ └── variables.tf │ │ └── secret_store │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── yaml │ │ └── cluster_secret_store.yaml ├── networking │ ├── peering │ │ └── same-account │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ └── variables.tf │ ├── subnet │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── vars.tf │ └── vnet │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── vault-access │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── vault │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── data-modules ├── README.md └── from-terraform-cloud │ └── aks │ └── main.tf └── datadog └── api_key ├── main.tf ├── outputs.tf └── variables.tf /.devcontainer/README.md: -------------------------------------------------------------------------------- 1 | Source: https://github.com/microsoft/vscode-remote-try-go 2 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | // Use IntelliSense to learn about possible attributes. 3 | // Hover to view descriptions of existing attributes. 4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 5 | "version": "0.2.0", 6 | "configurations": [ 7 | { 8 | "name": "Launch", 9 | "type": "go", 10 | "request": "launch", 11 | "mode": "auto", 12 | "program": "${fileDirname}", 13 | "env": {}, 14 | "args": [] 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "go.inferGopath": false 3 | } -------------------------------------------------------------------------------- /docs/aws-transit-gateway/transit-gateway-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/aws-transit-gateway/transit-gateway-network.png -------------------------------------------------------------------------------- /docs/deployment.md: -------------------------------------------------------------------------------- 1 | # Deployment 2 | 3 | ![alt text](./diagrams/x2-image-build-pipeline.jpeg "Title") 4 | 5 | How to deploy to dev, test, pre-prod, prod?? 6 | 7 | -------------------------------------------------------------------------------- /docs/diagrams/images/AWS-Secrets-Configuration-Provider-2021-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/AWS-Secrets-Configuration-Provider-2021-1.png -------------------------------------------------------------------------------- /docs/diagrams/images/external-secrets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/external-secrets.png -------------------------------------------------------------------------------- /docs/diagrams/images/loki-explore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/loki-explore.png -------------------------------------------------------------------------------- /docs/diagrams/images/loki-logs-nginx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/loki-logs-nginx.png -------------------------------------------------------------------------------- /docs/diagrams/images/loki-search-by-dropdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/loki-search-by-dropdown.png -------------------------------------------------------------------------------- /docs/diagrams/images/loki-search-help.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/loki-search-help.png -------------------------------------------------------------------------------- /docs/diagrams/images/loki-select-datasource.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/images/loki-select-datasource.png -------------------------------------------------------------------------------- /docs/diagrams/istio-k8s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/diagrams/istio-k8s.png -------------------------------------------------------------------------------- /docs/how-to-add-in-a-new-app.md: -------------------------------------------------------------------------------- 1 | # How to add in a new app 2 | 3 | 4 | If a new github repo is added, what all activities need to be done to deploy its code in production -------------------------------------------------------------------------------- /docs/images/aws-kops/Topology-aws-kops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/aws-kops/Topology-aws-kops.png -------------------------------------------------------------------------------- /docs/images/ci-cd-fargate-runner/ci-cd-fargate-runner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/ci-cd-fargate-runner/ci-cd-fargate-runner.png -------------------------------------------------------------------------------- /docs/images/eks-logs-cloudwatch-log-groups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/eks-logs-cloudwatch-log-groups.png -------------------------------------------------------------------------------- /docs/images/eks-logs-setting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/eks-logs-setting.png -------------------------------------------------------------------------------- /docs/images/gcp-gke/topology-gcp-gke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/gcp-gke/topology-gcp-gke.png -------------------------------------------------------------------------------- /docs/images/gcp-groups/GCP-Groups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/gcp-groups/GCP-Groups.png -------------------------------------------------------------------------------- /docs/images/istio-networking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/istio-networking.png -------------------------------------------------------------------------------- /docs/images/the-stack/kubernetes-managed-service-stack-v1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/the-stack/kubernetes-managed-service-stack-v1.png -------------------------------------------------------------------------------- /docs/images/the-stack/kubernetes-managed-service-stack-v2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/images/the-stack/kubernetes-managed-service-stack-v2.png -------------------------------------------------------------------------------- /docs/kubernetes-security/images/deployment-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/kubernetes-security/images/deployment-workflow.png -------------------------------------------------------------------------------- /docs/kubernetes-security/images/example-application.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/kubernetes-security/images/example-application.png -------------------------------------------------------------------------------- /docs/kubernetes-security/images/kubernetes-controle-plane.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/kubernetes-security/images/kubernetes-controle-plane.png -------------------------------------------------------------------------------- /docs/kubernetes-security/images/n-tier-application-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/docs/kubernetes-security/images/n-tier-application-architecture.png -------------------------------------------------------------------------------- /docs/wireguard/client-wg-config.conf: -------------------------------------------------------------------------------- 1 | [Interface] 2 | PrivateKey = 3 | Address = 10.2.200.1/24 4 | DNS = 10.2.0.2 5 | 6 | # The wireguard server 7 | [Peer] 8 | # The wireguards server's public key 9 | PublicKey = 5kK5yQBhcbzwPWmbPXLAChO5h3jvlVsA0QSNPS5XLzA= 10 | 11 | # Send only traffic destined for the network 12 | #AllowedIPs = 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16 13 | 14 | # Send all local traffic through the VPN 15 | AllowedIPs = 0.0.0.0/0 16 | 17 | # The wireguard endpoint 18 | Endpoint = 3.237.75.177:51820 19 | -------------------------------------------------------------------------------- /docs/wireguard/server-wg-config.conf: -------------------------------------------------------------------------------- 1 | [Interface] 2 | PrivateKey = 3 | Address = 10.2.200.0/24 4 | ListenPort = 51820 5 | SaveConfig = true 6 | 7 | PostUp = ufw route allow in on wg0 out on eth0 8 | PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE 9 | PreDown = ufw route delete allow in on wg0 out on eth0 10 | PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 11 | -------------------------------------------------------------------------------- /old/clusters/aws/kops/.gitignore: -------------------------------------------------------------------------------- 1 | kops*.yaml 2 | -------------------------------------------------------------------------------- /old/clusters/aws/kops/clusters/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Topology 3 | topology: 4 | dns: 5 | type: Public 6 | masters: private 7 | nodes: private 8 | 9 | api: 10 | # Sets the Master's API to Internal or Public 11 | # Docs: https://github.com/kubernetes/kops/blob/master/docs/topology.md#changing-topology-of-the-api-server 12 | loadBalancer: 13 | type: Internal 14 | 15 | # etcd 16 | etcd: 17 | version: 3.3.10 18 | 19 | docker: 20 | overrides: false 21 | bridgeIP: 172.26.0.1/16 22 | -------------------------------------------------------------------------------- /old/containers/kubernetes/clusters/kops/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | # Add the entire repository into the container 4 | ADD ./ /opt/repo/ 5 | 6 | WORKDIR /opt/repo/containers/kubernetes/clusters/kops 7 | 8 | RUN ./setup.sh 9 | 10 | WORKDIR /opt/repo -------------------------------------------------------------------------------- /old/containers/kubernetes/clusters/kops/fargate/task-execution-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ecr:GetAuthorizationToken", 8 | "ecr:BatchCheckLayerAvailability", 9 | "ecr:GetDownloadUrlForLayer", 10 | "ecr:BatchGetImage", 11 | "logs:CreateLogStream", 12 | "logs:PutLogEvents" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /old/containers/kubernetes/clusters/kops/fargate/task-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /old/containers/kubernetes/clusters/kops/fargate/task-role-trust-relationship.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "Service": "ecs-tasks.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cert-manager/.gitignore: -------------------------------------------------------------------------------- 1 | helm-output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cert-manager/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cert-manager 3 | repository: https://charts.jetstack.io 4 | version: v0.14.0 5 | digest: sha256:b21ccf331d7a85083a8ca3166416575968013168b891618dc54a59d6f1494bf5 6 | generated: "2020-03-17T19:46:12.068991985-07:00" 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cert-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager 3 | version: v0.14.0 4 | appVersion: v0.14.0 5 | description: A Helm chart for cert-manager 6 | dependencies: 7 | - name: cert-manager 8 | version: v0.14.0 9 | repository: https://charts.jetstack.io 10 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.14.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.14.0.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | cert-manager: 3 | global: 4 | leaderElection: 5 | namespace: cert-manager 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cluster-issuer/.gitignore: -------------------------------------------------------------------------------- 1 | templated-output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cluster-issuer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-issuer 3 | version: v0.1.1 4 | appVersion: v0.1.1 5 | description: A Helm chart to create the cert-manager cluster issuers 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cluster-issuer/environments/aws-dev/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | aws: 3 | region: us-east-1 4 | accessKeyID: xxx 5 | secretKey: xxx 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cluster-issuer/templates/aws-route53-credentials-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.provider "aws" }} 2 | {{- if .Values.issuer.dns.enabled }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: aws-route53-credentials-secret 8 | type: Opaque 9 | data: 10 | # Base64 encoded string of the aws private key 11 | secret-access-key: {{ .Values.aws.accessSecret | b64enc }} 12 | 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cert-manager/cluster-issuer/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | email: devops@managedkube.com 3 | 4 | namespace: cert-manager 5 | 6 | letsencrypt: 7 | server: https://acme-v02.api.letsencrypt.org/directory 8 | 9 | issuer: 10 | dns: 11 | enabled: true 12 | name: issuer-dns01 13 | 14 | http: 15 | enabled: true 16 | name: issuer-http01 17 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cluster-autoscaler/.gitignore: -------------------------------------------------------------------------------- 1 | output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cluster-autoscaler/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cluster-autoscaler 3 | version: 0.13.3 4 | appVersion: 1.13.1 5 | description: Scales worker nodes within autoscaling groups. 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cluster-autoscaler/charts/cluster-autoscaler-0.13.3.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/cluster-autoscaler/charts/cluster-autoscaler-0.13.3.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/cluster-autoscaler/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cluster-autoscaler 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 0.13.3 5 | digest: sha256:1715d9e5a2b10a22b1024cf42134b19aeeb5214af4f6b9c776164ece88ee280e 6 | generated: 2019-06-26T18:49:43.267728397-07:00 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/cluster-autoscaler/requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - name: cluster-autoscaler 4 | version: 0.13.3 5 | repository: https://kubernetes-charts.storage.googleapis.com/ 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/.gitignore: -------------------------------------------------------------------------------- 1 | credentials.json 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | version: 2.5.3 3 | appVersion: 0.5.15 4 | description: external-dns 5 | name: external-dns 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/charts/external-dns-2.5.3.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/external-dns/charts/external-dns-2.5.3.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/environments/aws-dev/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | external-dns: 3 | 4 | ## The dns provider 5 | provider: aws 6 | 7 | txtOwnerId: "k8s-aws-dev" 8 | 9 | ## List of domains that can be managed 10 | domainFilters: ["dev.us-east-1.managedkube.com"] 11 | 12 | aws: 13 | credentials: 14 | secretKey: "" 15 | accessKey: "" 16 | region: us-east-1 17 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: external-dns 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 2.5.3 5 | digest: sha256:bff49d84e7d194f445e9997f8bd94de2497d602ddcbb798cd016eda8ee4eef33 6 | generated: 2019-08-14T20:07:12.135322678-07:00 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - name: external-dns 4 | version: 2.5.3 5 | repository: https://kubernetes-charts.storage.googleapis.com/ 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/external-dns/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | external-dns: 3 | 4 | resources: 5 | limits: 6 | memory: 50Mi 7 | requests: 8 | memory: 50Mi 9 | cpu: 10m 10 | 11 | # DNS Creation 12 | # upsert-only: would prevent ExternalDNS from deleting any records, omit to enable full synchronization 13 | # sync: would allow for deletes 14 | policy: upsert-only 15 | 16 | # These help tell which records are owned by external-dns. 17 | registry: "txt" 18 | txtOwnerId: "k8s" 19 | 20 | logLevel: debug 21 | 22 | rbac: 23 | create: true 24 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/flux/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.18.0" 3 | version: 1.2.0 4 | kubeVersion: ">=1.9.0-0" 5 | name: flux 6 | description: Flux is a tool that automatically ensures that the state of a cluster matches what is specified in version control 7 | home: https://fluxcd.io 8 | sources: 9 | - https://github.com/fluxcd/flux 10 | 11 | dependencies: 12 | - name: flux 13 | version: 1.2.0 14 | repository: https://charts.fluxcd.io 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/flux/charts/flux-1.2.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/flux/flux/charts/flux-1.2.0.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/flux/environments/dev/values.yaml: -------------------------------------------------------------------------------- 1 | flux: 2 | git: 3 | url: git@github.com:ManagedKube/kubernetes-ops.git 4 | branch: master 5 | path: "kubernetes/flux/releases/gcp/dev" 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/flux/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: flux 3 | repository: https://charts.fluxcd.io 4 | version: 1.2.0 5 | digest: sha256:e714caf6399f11e6cbc14ae04dbdae6b21d7730f17caed768a50a4db2b0a1b52 6 | generated: "2020-03-07T13:33:19.663636901-08:00" 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/flux/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/flux/flux/values.yaml -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/helm-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | appVersion: "1.0.0-rc9" 4 | version: 0.7.0 5 | kubeVersion: ">=1.11.0-0" 6 | name: helm-operator 7 | description: Flux Helm Operator is a CRD controller for declarative helming 8 | home: https://fluxcd.io 9 | sources: 10 | - https://github.com/fluxcd/helm-operator 11 | 12 | dependencies: 13 | - name: helm-operator 14 | version: 0.7.0 15 | repository: https://charts.fluxcd.io 16 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/helm-operator/charts/helm-operator-0.7.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/flux/helm-operator/charts/helm-operator-0.7.0.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/helm-operator/environments/dev/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/flux/helm-operator/environments/dev/values.yaml -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/helm-operator/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: helm-operator 3 | repository: https://charts.fluxcd.io 4 | version: 0.7.0 5 | digest: sha256:077f7f42fb0f354389c43538850ff769ef4abc17e7f2a082efc3806ee6e51e95 6 | generated: "2020-03-09T05:57:46.805206448-07:00" 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/helm-operator/values.yaml: -------------------------------------------------------------------------------- 1 | helm-operator: 2 | helm: 3 | versions: v3 4 | 5 | git: 6 | ssh: 7 | secretName: flux-git-deploy 8 | -------------------------------------------------------------------------------- /old/kubernetes/helm/flux/namespaces/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux 6 | labels: 7 | name: flux 8 | -------------------------------------------------------------------------------- /old/kubernetes/helm/http-echo/README.md: -------------------------------------------------------------------------------- 1 | HTTP Echo 2 | ============ 3 | 4 | Source: https://github.com/kelseyhightower/gke-service-accounts-tutorial 5 | -------------------------------------------------------------------------------- /old/kubernetes/helm/http-echo/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: echoserver 5 | annotations: 6 | # kubernetes.io/tls-acme: "true" 7 | kubernetes.io/ingress.class: "nginx-external" 8 | spec: 9 | # tls: 10 | # - hosts: 11 | # - echo.example.com 12 | # secretName: echoserver-tls 13 | rules: 14 | - host: gar1.example.com 15 | http: 16 | paths: 17 | - path: / 18 | backend: 19 | serviceName: echoserver 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /old/kubernetes/helm/http-echo/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: http-echo 5 | labels: 6 | name: http-ech 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/http-echo/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: echoserver 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 8080 9 | protocol: TCP 10 | selector: 11 | app: echoserver 12 | -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/.gitignore: -------------------------------------------------------------------------------- 1 | output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/README.md: -------------------------------------------------------------------------------- 1 | Jenkins 2 | ============ 3 | 4 | Source Chart: https://github.com/helm/charts/tree/master/stable/jenkins 5 | -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/charts/jenkins-1.2.2.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/jenkins/charts/jenkins-1.2.2.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: jenkins 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 1.2.2 5 | digest: sha256:85557de12aea7fcd68cf6fc0fea3b4583883de8091bfa181ad1f043914433fd4 6 | generated: 2019-06-14T18:14:43.292223386-07:00 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - name: jenkins 4 | version: 1.2.2 5 | repository: https://kubernetes-charts.storage.googleapis.com/ 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/jenkins/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | jenkins: 3 | master: 4 | # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to 5 | # set allowed inbound rules on the security group assigned to the master load balancer 6 | # loadBalancerSourceRanges: 7 | # # Office IPs 8 | # - 12.190.239.210/32 9 | # - 67.207.97.74/32 10 | # - 13.52.67.208/32 11 | serviceType: ClusterIP 12 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: kube-metrics-adapter 3 | version: v0.1.0 4 | appVersion: v0.1.0 5 | description: Kube Metrics Adapter is a general purpose metrics adapter for Kubernetes that can collect and serve custom and external metrics for Horizontal Pod Autoscaling. 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/README.md: -------------------------------------------------------------------------------- 1 | kube-metrics-adapter 2 | ===================== 3 | 4 | Source: https://github.com/zalando-incubator/kube-metrics-adapter 5 | 6 | Kube Metrics Adapter is a general purpose metrics adapter for Kubernetes that can collect and serve custom and external metrics for Horizontal Pod Autoscaling. 7 | 8 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/templates/custom-metrics-apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1beta1 2 | kind: APIService 3 | metadata: 4 | name: v1beta1.custom.metrics.k8s.io 5 | spec: 6 | service: 7 | name: kube-metrics-adapter 8 | namespace: kube-system 9 | group: custom.metrics.k8s.io 10 | version: v1beta1 11 | insecureSkipTLSVerify: true 12 | groupPriorityMinimum: 100 13 | versionPriority: 100 14 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/templates/external-metrics-apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1beta1 2 | kind: APIService 3 | metadata: 4 | name: v1beta1.external.metrics.k8s.io 5 | spec: 6 | service: 7 | name: kube-metrics-adapter 8 | namespace: kube-system 9 | group: external.metrics.k8s.io 10 | version: v1beta1 11 | insecureSkipTLSVerify: true 12 | groupPriorityMinimum: 100 13 | versionPriority: 100 14 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-metrics-adapter 5 | namespace: kube-system 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: 443 10 | selector: 11 | application: kube-metrics-adapter 12 | -------------------------------------------------------------------------------- /old/kubernetes/helm/kube-metrics-adapter/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: v0.1.2 3 | 4 | aws: 5 | region: us-east-1 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/.gitignore: -------------------------------------------------------------------------------- 1 | templated-output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | version: 1.33.4 3 | appVersion: 0.30.0 4 | description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. 5 | name: nginx-ingress 6 | 7 | dependencies: 8 | - name: nginx-ingress 9 | version: 1.33.4 10 | repository: https://kubernetes-charts.storage.googleapis.com/ 11 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/charts/nginx-ingress-1.33.4.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/nginx-ingress/charts/nginx-ingress-1.33.4.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/diagrams/nginx-ingress-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/nginx-ingress/diagrams/nginx-ingress-diagram.png -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/dev/values-external.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-external 4 | ingressClass: nginx-external 5 | 6 | # service: 7 | # annotations: 8 | # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 9 | 10 | # Whitelisting IPs inbound 11 | # loadBalancerSourceRanges: 12 | # # Temporary ManagedKube 13 | # - 38.30.8.138/32 14 | # - 1.1.1.1/32 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/dev/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 9 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 10 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/gke-dev/values-external.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-external 4 | ingressClass: nginx-external 5 | 6 | # service: 7 | # annotations: 8 | # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 9 | 10 | # Whitelisting IPs inbound 11 | # loadBalancerSourceRanges: 12 | # # Temporary ManagedKube 13 | # - 38.30.8.138/32 14 | # - 1.1.1.1/32 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/gke-dev/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | cloud.google.com/load-balancer-type: "Internal" 9 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/kind/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 9 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 10 | 11 | type: NodePort 12 | nodePorts: 13 | http: "31080" 14 | https: "31443" 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/prod/values-external.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-external 4 | ingressClass: nginx-external 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 9 | 10 | # Whitelisting IPs inbound 11 | # loadBalancerSourceRanges: 12 | # # Temporary ManagedKube 13 | # - 38.30.8.138/32 14 | # - 1.1.1.1/32 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/prod/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 9 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 10 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/qa/values-external.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-external 4 | ingressClass: nginx-external 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 9 | 10 | # Whitelisting IPs inbound 11 | # loadBalancerSourceRanges: 12 | # # Temporary ManagedKube 13 | # - 38.30.8.138/32 14 | # - 1.1.1.1/32 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/qa/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 9 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 10 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/staging/values-external.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-external 4 | ingressClass: nginx-external 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 9 | 10 | # Whitelisting IPs inbound 11 | # loadBalancerSourceRanges: 12 | # # Temporary ManagedKube 13 | # - 38.30.8.138/32 14 | # - 1.1.1.1/32 15 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/environments/staging/values-internal.yaml: -------------------------------------------------------------------------------- 1 | nginx-ingress: 2 | controller: 3 | electionID: ingress-controller-leader-internal 4 | ingressClass: nginx-internal 5 | 6 | service: 7 | annotations: 8 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 9 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:11111111111:certificate/1111111-1111-1111-1111-111111111" 10 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/mermaid/nginx-ingress-diagram-flow.txt: -------------------------------------------------------------------------------- 1 | graph TD 2 | A[User/Internet] -->|HTTP:80/HTTPS:443| B[ELB] 3 | B --> |HTTP:80/HTTPS:443| C[Nginx Ingress] 4 | C -->|HTTP| D[Service 1] 5 | C -->|HTTP| E[Service 2] 6 | C -->|HTTP| F[Service 3] 7 | 8 | D -->|HTTP| G[Pod 1] 9 | D -->|HTTP| H[Pod 2] 10 | 11 | E -->|HTTP| I[Pod 1] 12 | E -->|HTTP| J[Pod 2] 13 | 14 | F -->|HTTP| K[Pod 1] 15 | F -->|HTTP| L[Pod 2] 16 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress 5 | labels: 6 | name: ingress 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/namespaces/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ingress 6 | labels: 7 | name: ingress 8 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: nginx-ingress 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 1.33.4 5 | digest: sha256:e41cf4da7f6c9d890f56034927595867f27bdb7e8c96b147efa4effc725dc88e 6 | generated: "2020-03-09T06:45:36.579364997-07:00" 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/nginx-ingress/test/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/ManagedKube/kubernetes-ops 2 | 3 | go 1.12 4 | 5 | require ( 6 | github.com/gruntwork-io/terratest v0.26.0 7 | k8s.io/api v0.17.4 8 | ) 9 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/.gitignore: -------------------------------------------------------------------------------- 1 | templated-output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Prometheus Blackbox Exporter 3 | name: prometheus-blackbox-exporter 4 | version: 0.3.0 5 | appVersion: 0.14.0 6 | home: https://github.com/prometheus/blackbox_exporter 7 | sources: 8 | - https://github.com/prometheus/blackbox_exporter 9 | keywords: 10 | - prometheus 11 | - blackbox 12 | - monitoring 13 | maintainers: 14 | - name: gianrubio 15 | email: gianrubio@gmail.com 16 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/charts/prometheus-blackbox-exporter-0.3.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/prometheus-blackbox-exporter/charts/prometheus-blackbox-exporter-0.3.0.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: prometheus-blackbox-exporter 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 0.3.0 5 | digest: sha256:51c9e9ed66f6d5731e7330f749d72f17867fa4e74b6fdde6049c7c5e533c2b74 6 | generated: 2019-05-28T10:59:23.890793679-07:00 7 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - name: prometheus-blackbox-exporter 4 | version: 0.3.0 5 | repository: https://kubernetes-charts.storage.googleapis.com/ 6 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-blackbox-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prometheus-blackbox-exporter: 3 | resources: 4 | limits: 5 | memory: 300Mi 6 | requests: 7 | memory: 50Mi 8 | 9 | config: 10 | modules: 11 | http_2xx: 12 | prober: http 13 | timeout: 5s 14 | http: 15 | valid_http_versions: ["HTTP/1.1", "HTTP/2"] 16 | no_follow_redirects: false 17 | preferred_ip_protocol: "ip4" 18 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-operator/.gitignore: -------------------------------------------------------------------------------- 1 | templated-output.yaml 2 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: prometheus-operator 3 | name: prometheus-operator 4 | version: 8.11.1 5 | appVersion: 0.36.0 6 | 7 | dependencies: 8 | - name: prometheus-operator 9 | version: 8.11.1 10 | repository: https://kubernetes-charts.storage.googleapis.com/ 11 | -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-operator/charts/prometheus-operator-8.11.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/kubernetes/helm/prometheus-operator/charts/prometheus-operator-8.11.1.tgz -------------------------------------------------------------------------------- /old/kubernetes/helm/prometheus-operator/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: prometheus-operator 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 8.11.1 5 | digest: sha256:95e28ca145d943625b90e9045f9b6106fe873ee2a28828bb59909f4bd26f710e 6 | generated: "2020-03-09T07:08:15.992630096-07:00" 7 | -------------------------------------------------------------------------------- /old/tf-environments/aws/dev/_env_defaults/aws.tfvars: -------------------------------------------------------------------------------- 1 | environment_name = "dev" 2 | region = "us-east-1" 3 | vpc_cidr = "10.10.0.0/16" 4 | aws_availability_zone_1 = "a" 5 | aws_availability_zone_2 = "b" 6 | aws_availability_zone_3 = "c" 7 | -------------------------------------------------------------------------------- /old/tf-environments/aws/dev/_env_defaults/main.tf: -------------------------------------------------------------------------------- 1 | output environment_name { 2 | value = "dev" 3 | } 4 | 5 | output aws_region { 6 | value = "us-east-1" 7 | } 8 | 9 | output vpc_cidr { 10 | value = "10.10.0.0/16" 11 | } 12 | 13 | output vpc_id { 14 | value = "vpc-fill-me-in-after-your-vpc-has-been-created" 15 | } 16 | 17 | output aws_availability_zone_1 { 18 | value = "a" 19 | } 20 | 21 | output aws_availability_zone_2 { 22 | value = "b" 23 | } 24 | 25 | output aws_availability_zone_3 { 26 | value = "c" 27 | } 28 | -------------------------------------------------------------------------------- /old/tf-environments/aws/dev/ssm/user-policies/restrict-by-ssm-document/SSM-user-no-sudo/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | terraform { 6 | source = "git::ssh://git@github.q-internal.tech/qadium/terraform-modules.git//aws/ssm/user-policies/restrict-by-ssm-document?ref=v1.14.12" 7 | } 8 | 9 | inputs = { 10 | 11 | name = "SSM-user-no-sudo" 12 | document_name = "SSM-no-sudo" 13 | } 14 | -------------------------------------------------------------------------------- /old/tf-environments/aws/dev/ssm/user-policies/restrict-by-ssm-document/SSM-user-sudo/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | terraform { 6 | source = "git::ssh://git@github.q-internal.tech/qadium/terraform-modules.git//aws/ssm/user-policies/restrict-by-ssm-document?ref=v1.14.12" 7 | } 8 | 9 | inputs = { 10 | 11 | name = "SSM-user-sudo" 12 | document_name = "SSM-sudo" 13 | } 14 | -------------------------------------------------------------------------------- /old/tf-environments/aws/infrastructure/aws/transit-gateway/_env_defaults/transit-gateway.tfvars: -------------------------------------------------------------------------------- 1 | # Infrastructure account: 2 | aws_first_access_key = "" 3 | aws_first_secret_key = "" 4 | 5 | # second account: 6 | aws_second_access_key = "" 7 | aws_second_secret_key = "" 8 | -------------------------------------------------------------------------------- /old/tf-environments/aws/infrastructure/aws/transit-gateway/us-east-1/_env_defaults/aws.tfvars: -------------------------------------------------------------------------------- 1 | environment_name = "production-test-vpc" 2 | region = "us-east-1" 3 | vpc_cidr = "10.35.0.0/16" 4 | -------------------------------------------------------------------------------- /old/tf-environments/aws/infrastructure/aws/transit-gateway/us-east-2/_env_defaults/aws.tfvars: -------------------------------------------------------------------------------- 1 | environment_name = "production-test-vpc" 2 | region = "us-east-2" 3 | vpc_cidr = "10.36.0.0/16" 4 | -------------------------------------------------------------------------------- /old/tf-environments/aws/infrastructure/aws/transit-gateway/us-west-2/_env_defaults/aws.tfvars: -------------------------------------------------------------------------------- 1 | environment_name = "production-test-vpc" 2 | region = "us-west-2" 3 | vpc_cidr = "10.37.0.0/16" 4 | -------------------------------------------------------------------------------- /old/tf-environments/gcp/dev/_env_defaults/gcp.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-central1" 2 | project_name = "managedkube" 3 | 4 | # regional cluster with 3 masters use the region with the zone (eg. us-central1). This cost $0.10/hour. 5 | # zonal cluster that has only one master and in one zone. Add the zone to the region. (eg. us-central1-a). There is no GCP charge for this. 6 | google_container_cluster_location = "us-central1-a" -------------------------------------------------------------------------------- /old/tf-environments/gcp/dev/firewall-rules/prometheus/terragrunt.hcl: -------------------------------------------------------------------------------- 1 | include { 2 | path = find_in_parent_folders() 3 | } 4 | 5 | terraform { 6 | source = "../../../../../tf-modules/gcp/firewall-rules/prometheus" 7 | 8 | } 9 | 10 | inputs = { 11 | region = "us-central1-a" 12 | project_name = "managedkube" 13 | 14 | network_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../../vpc")) 15 | 16 | source_range_list = ["10.0.0.0/8"] 17 | } 18 | -------------------------------------------------------------------------------- /old/tf-modules/aws/iam/policies/source-ip-controls/outputs.tf: -------------------------------------------------------------------------------- 1 | output "name" { 2 | value = aws_iam_policy.policy.name 3 | } 4 | 5 | output "arn" { 6 | value = aws_iam_policy.policy.arn 7 | } 8 | -------------------------------------------------------------------------------- /old/tf-modules/aws/iam/policies/source-ip-controls/vars.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | default = "source-ip-control" 3 | } 4 | 5 | variable "description" { 6 | default = "Controls the source IP allowed to access the AWS API. Managed by Terraform." 7 | } 8 | 9 | variable "path" { 10 | default = "/" 11 | } 12 | 13 | variable "source-ip-list" { 14 | type = list 15 | default = [] 16 | } 17 | -------------------------------------------------------------------------------- /old/tf-modules/aws/iam/policies/source-ip-controls/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/add-tg-routes/README.md: -------------------------------------------------------------------------------- 1 | add-tg-routes 2 | =============== 3 | 4 | This module adds transit gateway routes to a VPC routing table 5 | 6 | ## AWS credentials 7 | 8 | This module uses the local shell's environment to get the AWS credentials. 9 | 10 | (not from the `./_env_defaults/transit-gateway.tfvars`) 11 | 12 | If you are exporting the AWS credentials to your environment, you need at the minimum: 13 | 14 | ``` 15 | AWS_SECRET_ACCESS_KEY=xxxx 16 | AWS_ACCESS_KEY_ID=xxxx 17 | ``` -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/add-tg-routes/vars.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" {} 2 | 3 | variable "route_table_id_list" { 4 | type = list(string) 5 | description = "route table ID to add route to" 6 | } 7 | 8 | variable "transit-gateway-id" { 9 | description = "Transit gateway ID for the route" 10 | } 11 | 12 | variable "routes-list" { 13 | type = list(string) 14 | description = "Route list for the first AWS account. A list of destination CIDRs to route to via the this transit gateway id." 15 | 16 | default = [] 17 | } 18 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/add-tg-routes/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-1-instance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-1-instance.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-1-security-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-1-security-group.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-1-subnet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-1-subnet.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-1-vpc-route-table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-1-vpc-route-table.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-2-instance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-2-instance.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/ec2-2-vpc-route-table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/ec2-2-vpc-route-table.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/transit-gateway-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/transit-gateway-diagram.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-east-1-tg-attachments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-east-1-tg-attachments.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-east-1-tg-route-table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-east-1-tg-route-table.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-west-2-tg-attachment-peering.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-west-2-tg-attachment-peering.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-west-2-tg-attachments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-west-2-tg-attachments.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-west-2-tg-route-table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-west-2-tg-route-table.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/diagrams/us-west-2-transit-gateway.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/diagrams/us-west-2-transit-gateway.png -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/peer-transit-gateway-internal/README.md: -------------------------------------------------------------------------------- 1 | # peer-transit-gateway-internal 2 | 3 | This module uses one AWS accounts (#1). 4 | 5 | It will peer two transit gateways together 6 | 7 | ## Assumptions 8 | 9 | - AWS account #1 owns both of the Transit Gateway and it is already created. 10 | 11 | ## This module will: 12 | 13 | - 14 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/peer-transit-gateway-internal/vars.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/peer-transit-gateway-internal/vars.tf -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/tg-external-attach-to-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws_route_table_id" { 2 | value = aws_route_table.route-table.id 3 | } 4 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/tg-external-attach-to-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/tg-internal-attach-to-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws_route_table_id" { 2 | value = aws_route_table.route-table.id 3 | } 4 | 5 | output "aws_ec2_transit_gateway_vpc_attachment_id" { 6 | value = aws_ec2_transit_gateway_vpc_attachment.transit-gateway.id 7 | } 8 | 9 | output "aws_ec2_transit_gateway_vpc_attachment_vpc_owner_id" { 10 | value = aws_ec2_transit_gateway_vpc_attachment.transit-gateway.vpc_owner_id 11 | } 12 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/tg-internal-attach-to-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/transit-gateway-route-table/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/networks/transit-gateway-route-table/outputs.tf -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/transit-gateway/README.md: -------------------------------------------------------------------------------- 1 | transit-gateway 2 | =========================== 3 | 4 | This module creates a Transit Gateway in the specified region. 5 | 6 | ## AWS credentials 7 | 8 | This module uses the local shell's environment to get the AWS credentials. 9 | 10 | (not from the `./_env_defaults/transit-gateway.tfvars`) 11 | 12 | If you are exporting the AWS credentials to your environment, you need at the minimum: 13 | 14 | ``` 15 | AWS_SECRET_ACCESS_KEY=xxxx 16 | AWS_ACCESS_KEY_ID=xxxx 17 | ``` -------------------------------------------------------------------------------- /old/tf-modules/aws/networks/transit-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/rds/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws_db_instance_id" { 2 | value = aws_db_instance.database.id 3 | } 4 | 5 | output "aws_db_instance_address" { 6 | value = aws_db_instance.database.address 7 | } 8 | 9 | output "aws_db_instance_arn" { 10 | value = aws_db_instance.database.arn 11 | } 12 | 13 | output "aws_db_instance_endpoint" { 14 | value = aws_db_instance.database.endpoint 15 | } 16 | 17 | -------------------------------------------------------------------------------- /old/tf-modules/aws/rds/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/AWS-SSM.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/ssm/AWS-SSM.png -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/documents/sessions/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | } 4 | } 5 | 6 | resource "aws_ssm_document" "ssm_document" { 7 | name = var.document_name 8 | document_type = var.document_type 9 | 10 | content = var.document_content 11 | 12 | tags = var.tags 13 | 14 | } 15 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/documents/sessions/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/ssm/documents/sessions/outputs.tf -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/documents/sessions/vars.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | type = map(string) 3 | 4 | default = { 5 | Environment = "env" 6 | Account = "dev" 7 | Group = "devops" 8 | Region = "us-east-1" 9 | managed_by = "Terraform" 10 | } 11 | } 12 | 13 | variable "document_name" { 14 | default = "" 15 | } 16 | 17 | variable "document_type" { 18 | default = "Session" 19 | } 20 | 21 | variable "document_content" { 22 | default = "" 23 | } 24 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/documents/sessions/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/ec2-role/README.md: -------------------------------------------------------------------------------- 1 | EC2 SSM Role 2 | ============= 3 | 4 | This is a required role that is created to be attached EC2 instances to give it access to SSM and the S3 bucket for the interactive session logs output. 5 | 6 | https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html 7 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/ec2-role/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/ssm/ec2-role/outputs.tf -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/ec2-role/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-group/README.md: -------------------------------------------------------------------------------- 1 | attach-policy-to-group 2 | ======================== 3 | 4 | This module adds an AWS IAM policy to a group. 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-group/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | } 4 | } 5 | 6 | resource "aws_iam_group_policy_attachment" "attach" { 7 | count = length(var.group_list) 8 | group = var.group_list[count.index] 9 | policy_arn = var.policy_arn 10 | } 11 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-group/vars.tf: -------------------------------------------------------------------------------- 1 | variable "group_list" { 2 | description = "A list of AWS IAM groups" 3 | type = list 4 | default = [] 5 | } 6 | 7 | variable "policy_arn" { 8 | description = "the policy arn to assign to the group_list" 9 | default = "" 10 | } 11 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-group/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-user/README.md: -------------------------------------------------------------------------------- 1 | attach-policy-to-user 2 | ===================== 3 | 4 | This module attaches an AWS IAM policy to a list of users. 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-user/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | } 4 | } 5 | 6 | resource "aws_iam_user_policy_attachment" "attach" { 7 | count = length(var.user_list) 8 | user = var.user_list[count.index] 9 | policy_arn = var.policy_arn 10 | } 11 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-user/vars.tf: -------------------------------------------------------------------------------- 1 | variable "user_list" { 2 | description = "A list of AWS IAM users" 3 | type = list 4 | default = [] 5 | } 6 | 7 | variable "policy_arn" { 8 | description = "the policy arn to assign to the user_list" 9 | default = "" 10 | } 11 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/attach-policy-to-user/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/restrict-by-ssm-document/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws_iam_policy_id" { 2 | value = aws_iam_policy.policy.id 3 | } 4 | 5 | output "aws_iam_policy_arn" { 6 | value = aws_iam_policy.policy.arn 7 | } 8 | 9 | output "aws_iam_policy_name" { 10 | value = aws_iam_policy.policy.name 11 | } 12 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/restrict-by-ssm-document/vars.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "The postfix to add to the name" 3 | default = "" 4 | } 5 | 6 | variable "document_name" { 7 | description = "The name of the SSM Session document" 8 | default = "" 9 | } 10 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/user-policies/restrict-by-ssm-document/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/aws/ssm/vpc-endpoints/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/aws/ssm/vpc-endpoints/outputs.tf -------------------------------------------------------------------------------- /old/tf-modules/aws/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "region" { 2 | value = var.region 3 | } 4 | 5 | output "aws_vpc_id" { 6 | value = aws_vpc.main.id 7 | } 8 | 9 | output "aws_nat_gateway_id" { 10 | value = aws_nat_gateway.main.*.id 11 | } -------------------------------------------------------------------------------- /old/tf-modules/aws/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/azure/aks/cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_id" { 2 | value = azurerm_kubernetes_cluster.cluster.id 3 | } 4 | 5 | output "client_certificate" { 6 | value = azurerm_kubernetes_cluster.cluster.kube_config.0.client_certificate 7 | } 8 | 9 | output "kube_config" { 10 | value = azurerm_kubernetes_cluster.cluster.kube_config_raw 11 | } 12 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/firewall-rules/prometheus/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" {} 3 | } 4 | 5 | provider "google" { 6 | region = var.region 7 | project = var.project_name 8 | credentials = file(var.credentials_file_path) 9 | version = "~> 2.10.0" 10 | } 11 | 12 | resource "google_compute_firewall" "default" { 13 | name = "prometheus-adapter" 14 | network = var.network_name 15 | 16 | allow { 17 | protocol = "tcp" 18 | ports = ["6443", "8443"] 19 | } 20 | 21 | source_ranges = var.source_range_list 22 | } 23 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/firewall-rules/prometheus/vars.tf: -------------------------------------------------------------------------------- 1 | variable "project_name" { 2 | description = "The GCP project name" 3 | } 4 | 5 | variable "region" { 6 | description = "The region to launch the vpc in." 7 | } 8 | 9 | variable "credentials_file_path" { 10 | description = "A local path to a service account json credentials file." 11 | } 12 | 13 | variable "network_name" { 14 | description = "The name of this network" 15 | } 16 | 17 | variable "source_range_list" { 18 | type = list 19 | description = "The source range list of IPs" 20 | } 21 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/firewall-rules/prometheus/version.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/gke-subnets/outputs.tf: -------------------------------------------------------------------------------- 1 | output "private_subnet_name" { 2 | value = google_compute_subnetwork.private_subnet.name 3 | } 4 | 5 | output "public_subnet_name" { 6 | value = google_compute_subnetwork.public_subnet.name 7 | } 8 | 9 | output "private_subnet_cidr" { 10 | value = google_compute_subnetwork.private_subnet.ip_cidr_range 11 | } 12 | 13 | output "public_subnet_cidr" { 14 | value = google_compute_subnetwork.public_subnet.ip_cidr_range 15 | } 16 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/gke-subnets/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/nodepool/README.md: -------------------------------------------------------------------------------- 1 | # GKE nodepool 2 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/nodepool/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/old/tf-modules/gcp/nodepool/outputs.tf -------------------------------------------------------------------------------- /old/tf-modules/gcp/nodepool/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/private-gke-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = google_container_cluster.primary.name 3 | } 4 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/private-gke-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/vpc/README.md: -------------------------------------------------------------------------------- 1 | GCP VPC 2 | ==================== 3 | -------------------------------------------------------------------------------- /old/tf-modules/gcp/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/10-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "The ID of the VPC" 3 | value = module.vpc.vpc_id 4 | } 5 | 6 | output "private_subnets" { 7 | description = "A list of private subnets" 8 | value = module.vpc.private_subnets 9 | } 10 | 11 | output "public_subnets" { 12 | description = "A list of public subnets" 13 | value = module.vpc.public_subnets 14 | } 15 | 16 | output "k8s_subnets" { 17 | description = "A list of k8s subnets" 18 | value = module.vpc.k8s_subnets 19 | } 20 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/20-eks/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_endpoint" { 2 | value = module.eks.cluster_endpoint 3 | } 4 | 5 | output "cluster_certificate_authority_data" { 6 | value = module.eks.cluster_certificate_authority_data 7 | } 8 | 9 | output "cluster_id" { 10 | value = module.eks.cluster_id 11 | } 12 | 13 | output "cluster_oidc_issuer_url" { 14 | value = module.eks.cluster_oidc_issuer_url 15 | } 16 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/5-route53-hostedzone/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | description = "The hosted zone ID" 3 | value = module.route53-hostedzone.zone_id 4 | } 5 | 6 | output "name_servers" { 7 | description = "The hosted zone name servers" 8 | value = module.route53-hostedzone.name_servers 9 | } 10 | 11 | output "domain_name" { 12 | value = local.domain_name 13 | } 14 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/external-dns/README.md: -------------------------------------------------------------------------------- 1 | # external-dns 2 | 3 | Source chart: https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/grafana-loki/README.md: -------------------------------------------------------------------------------- 1 | # Grafana Loki 2 | 3 | Helm install instructions: https://grafana.com/docs/loki/latest/installation/helm/ 4 | 5 | Chart source: https://github.com/grafana/helm-charts 6 | 7 | Loki-stack: https://github.com/grafana/helm-charts/tree/main/charts/loki-stack 8 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/ingress-nginx-external/README.md: -------------------------------------------------------------------------------- 1 | # nginx-ingress 2 | 3 | Source: https://github.com/kubernetes/ingress-nginx 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/istio-networking/virtualservice.tpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: monitoring 5 | namespace: monitoring 6 | spec: 7 | hosts: 8 | - "grafana-istio.dev.k8s.managedkube.com" 9 | gateways: 10 | - monitoring 11 | http: 12 | - match: 13 | - uri: 14 | prefix: / 15 | route: 16 | - destination: 17 | port: 18 | number: 80 19 | host: kube-prometheus-stack-grafana 20 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/istio/istio_base_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/istio/istio_ingress_values.yaml: -------------------------------------------------------------------------------- 1 | # gateways: 2 | # istio-ingressgateway: 3 | # serviceAnnotations: 4 | # # Setting to an internal load balancer 5 | # # https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer 6 | # service.beta.kubernetes.io/aws-load-balancer-internal: "true" 7 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/istio/istiod_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ## Discovery Settings 3 | pilot: 4 | # Resources for a small pilot install 5 | # This setting is for development only. It is recommended to comment this out for production systems 6 | # and use the istio defaults. 7 | resources: 8 | requests: 9 | cpu: 10m 10 | memory: 256Mi 11 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/kubernetes-external-secrets/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | env: 3 | AWS_REGION: us-east-1 4 | AWS_DEFAULT_REGION: us-east-1 5 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/opentelemetry/10-grafana-tempo-server-single/values.yaml: -------------------------------------------------------------------------------- 1 | # source: https://github.com/grafana/helm-charts/tree/main/charts/tempo 2 | --- 3 | persistence: 4 | enabled: true 5 | # storageClassName: local-path 6 | accessModes: 7 | - ReadWriteOnce 8 | size: 25Gi 9 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/opentelemetry/20-opentelemetry-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # source: https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-operator 2 | --- 3 | -------------------------------------------------------------------------------- /terraform-environments/aws/dev/helm/opentelemetry/README.md: -------------------------------------------------------------------------------- 1 | # OpenTelemetry 2 | 3 | Doc: https://opentelemetry.io/docs/ 4 | 5 | ## Install sequence 6 | 7 | 1. opentelemetry-operator 8 | 2. opentelemetry-collector 9 | 3. grafana-tempo-server 10 | 11 | ## Data Path 12 | 13 | 1. App with OpenTelemetry SDK 14 | 2. App sends to an OpenTelemetry Collector 15 | 3. The OpenTelemetry Collector exporter sends to a Tempo server 16 | 4. Grafana adds the Tempo server as the datasource 17 | 5. User can query the Grafana frontend the traces 18 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/10-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | description = "The ID of the VPC" 3 | value = module.vpc.vpc_id 4 | } 5 | 6 | output "private_subnets" { 7 | description = "A list of private subnets" 8 | value = module.vpc.private_subnets 9 | } 10 | 11 | output "public_subnets" { 12 | description = "A list of public subnets" 13 | value = module.vpc.public_subnets 14 | } 15 | 16 | output "k8s_subnets" { 17 | description = "A list of k8s subnets" 18 | value = module.vpc.k8s_subnets 19 | } 20 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/20-eks/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_endpoint" { 2 | value = module.eks.cluster_endpoint 3 | } 4 | 5 | output "cluster_certificate_authority_data" { 6 | value = module.eks.cluster_certificate_authority_data 7 | } 8 | 9 | output "cluster_id" { 10 | value = module.eks.cluster_id 11 | } 12 | 13 | output "cluster_oidc_issuer_url" { 14 | value = module.eks.cluster_oidc_issuer_url 15 | } 16 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/5-route53-hostedzone/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | description = "The hosted zone ID" 3 | value = module.route53-hostedzone.zone_id 4 | } 5 | 6 | output "name_servers" { 7 | description = "The hosted zone name servers" 8 | value = module.route53-hostedzone.name_servers 9 | } 10 | 11 | output "domain_name" { 12 | value = local.domain_name 13 | } 14 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/README.md: -------------------------------------------------------------------------------- 1 | # Staging Environment 2 | You can view [this tutorial](https://www.pluralsight.com/courses/eks-getting-started) for a complete walkthrough of setting up a staging environment in EKS using the code in this folder. 3 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/cert-manager/helm_values.yaml: -------------------------------------------------------------------------------- 1 | installCRDs: true 2 | extraArgs: 3 | # https://github.com/jetstack/cert-manager/issues/1933 4 | - --dns01-recursive-nameservers=8.8.8.8:53 5 | - --dns01-recursive-nameservers-only -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/external-dns/README.md: -------------------------------------------------------------------------------- 1 | # external-dns 2 | 3 | Source chart: https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/grafana-loki/README.md: -------------------------------------------------------------------------------- 1 | # Grafana Loki 2 | 3 | Helm install instructions: https://grafana.com/docs/loki/latest/installation/helm/ 4 | 5 | Chart source: https://github.com/grafana/helm-charts 6 | 7 | Loki-stack: https://github.com/grafana/helm-charts/tree/main/charts/loki-stack 8 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/ingress-nginx-external/README.md: -------------------------------------------------------------------------------- 1 | # nginx-ingress 2 | 3 | Source: https://github.com/kubernetes/ingress-nginx 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/ingress-nginx-external/helm_values.tpl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-environments/aws/staging/helm/ingress-nginx-external/helm_values.tpl.yaml -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/kube-prometheus-stack/README.md: -------------------------------------------------------------------------------- 1 | # helm chart - kube-prometheus-stack 2 | 3 | Chart source: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/staging/helm/sample-app/variables.tf: -------------------------------------------------------------------------------- 1 | variable "repository" { 2 | default = "123456789101.dkr.ecr.us-east-1.amazonaws.com/sample-repo" 3 | } 4 | 5 | variable "tag" { 6 | default = "sample-app2" 7 | } 8 | 9 | variable "namespace" { 10 | type = string 11 | default = "sample-app" 12 | description = "Namespace to deploy the image into" 13 | } 14 | 15 | variable "fullnameOverride" { 16 | type = string 17 | default = "sample-app" 18 | description = "Chart name" 19 | } -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/region.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | aws_region = "us-east-1" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/050-github-aws-permissions/policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/100-cert-manager/10-cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/110-testkube/10-testkube/values.yaml: -------------------------------------------------------------------------------- 1 | # Doc: https://github.com/kubeshop/helm-charts/tree/main/charts/testkube 2 | # https://kubeshop.github.io 3 | --- 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/120-external-dns/README.md: -------------------------------------------------------------------------------- 1 | # external-dns 2 | 3 | Source chart: https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns 4 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/130-external-secrets/10-external-secrets/values.tpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | env: 3 | AWS_REGION: ${aws_region} 4 | AWS_DEFAULT_REGION: ${aws_region} 5 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/200-istio/10-istio/istio_base_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/200-istio/40-istio-kiali/README.md: -------------------------------------------------------------------------------- 1 | # Istio Kiali 2 | 3 | Docs: https://kiali.io/docs/installation/installation-guide/install-with-helm/ 4 | 5 | Helm chart: https://github.com/kiali/helm-charts/blob/master/kiali-operator 6 | 7 | Release numbers can be found here: 8 | * https://kiali.io/news/release-notes/ 9 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/230-opentelemetry/10-grafana-tempo-server-single/values.yaml: -------------------------------------------------------------------------------- 1 | # source: https://github.com/grafana/helm-charts/tree/main/charts/tempo 2 | --- 3 | persistence: 4 | enabled: true 5 | # storageClassName: local-path 6 | accessModes: 7 | - ReadWriteOnce 8 | size: 25Gi 9 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/230-opentelemetry/20-opentelemetry-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # source: https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-operator 2 | --- 3 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/500-sample-app-opentel-1/README.md: -------------------------------------------------------------------------------- 1 | # This is a set of pods that will generate APM metrics into the setup so that you 2 | # can view the spans in Grafana. There are two apps in here 3 | 4 | # app 1: opentelemtry-example-app - this app has a frontend and a backend. You will 5 | # have to port forward to this app and visit the website to induce any action 6 | 7 | # Inspired source: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/examples/tracing/docker-compose.yml 8 | -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/300-kubernetes/510-sample-app-opentel-2/README.md: -------------------------------------------------------------------------------- 1 | # example from: 2 | https://grafana.com/blog/2021/04/13/how-to-send-traces-to-grafana-clouds-tempo-service-with-opentelemetry-collector/ -------------------------------------------------------------------------------- /terraform-environments/aws/terragrunt-dev/us-east-1/terragrunt-dev/environment.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | cluster_name = "terragrunt-dev" 3 | domain_name = "terragrunt-dev.managedkube.com" 4 | vpc = { 5 | availability_zones = ["a", "b", "c"] 6 | cidr = "10.0.0.0/16" 7 | private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 8 | public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 9 | } 10 | ingress_class = "istio" 11 | } 12 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/common.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | 3 | repository_name = "kubernetes-ops" 4 | base_repository_path = "terraform-environments/azure/dev" 5 | 6 | # Terraform cloud parameters 7 | # terraform_cloud = { 8 | # organization = "managedkube" 9 | # base_prefix = "kubernetes-ops" 10 | # } 11 | } 12 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/130-external-secrets/30-test-secrets/README.md: -------------------------------------------------------------------------------- 1 | # Test Secrets 2 | This is a test file to test if this setup can pull a secret. 3 | 4 | This is to be applied manually via `kubectl` 5 | 6 | ## Azure Vault Permissions to add in a secret 7 | Add the following into your Azure Vault: 8 | 9 | 1. Vault IAM Role 10 | 2. Access Policies 11 | 12 | 13 | ### 1. Vault IAM Role 14 | Grant yourself the `Key Vault Administrator` role 15 | 16 | ### 2. Access Policies 17 | Give yourslelf all permissions 18 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/140-external-dns/README.md: -------------------------------------------------------------------------------- 1 | # External-DNS 2 | 3 | Docs: 4 | * https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md 5 | 6 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/140-external-dns/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/140-external-dns/values.yaml -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/200-istio/10-istio/istio_base_values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/100-kubernetes/200-istio/20-domain-wildcard-cert/README.md: -------------------------------------------------------------------------------- 1 | # External Secrets 2 | 3 | ## Creating secrets with newline 4 | Used here for the TLS certs which has newlines in the cert file: 5 | * https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets 6 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/dev/environment.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | azure_resource_group_name = "kubernetes-ops-dev" 3 | 4 | # must be globally unique 5 | vault_name = "vault-001" 6 | 7 | root_domain_name = "managedkube.com" 8 | 9 | aks_cluster_name = "dev" 10 | 11 | domain_name = "dev.managedkube.com" 12 | } 13 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/east-us-2/region.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | azure_region = "eastus2" 3 | } 4 | -------------------------------------------------------------------------------- /terraform-environments/azure/dev/env-common.hcl: -------------------------------------------------------------------------------- 1 | locals { 2 | environment_name = "dev" 3 | root_domain_name = "managedkube.com" 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/airflow/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = aws_mwaa_environment.this.arn 3 | } 4 | 5 | output "webserver_url" { 6 | value = aws_mwaa_environment.this.webserver_url 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/athena/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_athena_database" "this" { 2 | name = var.name 3 | bucket = var.s3_bucket_name 4 | 5 | encryption_configuration { 6 | encryption_option = var.encryption_option 7 | kms_key = var.kms_key 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/athena/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = aws_athena_database.this.id 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/athena/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | default = "" 4 | description = "The instance name" 5 | } 6 | 7 | variable "s3_bucket_name" { 8 | type = string 9 | default = "" 10 | description = "The S3 bucket to point Athena to" 11 | } 12 | 13 | variable encryption_option { 14 | type = string 15 | default = "SSE_S3" 16 | description = "Encryption option" 17 | } 18 | 19 | variable "kms_key" { 20 | type = string 21 | default = null 22 | description = "The kms key" 23 | } 24 | -------------------------------------------------------------------------------- /terraform-modules/aws/cloudposse/aws-cloudtrail-cloudwatch-alarms/outputs.tf: -------------------------------------------------------------------------------- 1 | output "sns_topic_arn" { 2 | value = module.cis_alarms.sns_topic_arn 3 | } 4 | 5 | output "dashboard_individual" { 6 | value = module.cis_alarms.dashboard_individual 7 | } 8 | 9 | output "dashboard_combined" { 10 | value = module.cis_alarms.dashboard_combined 11 | } -------------------------------------------------------------------------------- /terraform-modules/aws/cluster-autoscaler/README.md: -------------------------------------------------------------------------------- 1 | # EKS cluster autoscaler 2 | 3 | source: https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/irsa 4 | 5 | Chart: https://github.com/kubernetes/autoscaler 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/cluster-autoscaler/helm_values.yaml.tpl: -------------------------------------------------------------------------------- 1 | awsRegion: ${awsRegion} 2 | 3 | rbac: 4 | create: true 5 | serviceAccount: 6 | # This value should match local.k8s_service_account_name in locals.tf 7 | name: ${serviceAccountName} 8 | annotations: 9 | # This value should match the ARN of the role created by module.iam_assumable_role_admin in irsa.tf 10 | eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/cluster-autoscaler-${clusterName}" 11 | 12 | autoDiscovery: 13 | clusterName: ${clusterName} 14 | enabled: true 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/data-modules/eks/main.tf: -------------------------------------------------------------------------------- 1 | variable "backend_organization" {} 2 | variable "workspace_name" {} 3 | 4 | data "terraform_remote_state" "eks" { 5 | backend = "remote" 6 | config = { 7 | organization = var.backend_organization 8 | workspaces = { 9 | name = var.workspace_name 10 | } 11 | } 12 | } 13 | 14 | output "all_outputs" { 15 | value = data.terraform_remote_state.eks.outputs 16 | } 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/ec2-tag/output.tf: -------------------------------------------------------------------------------- 1 | output "instance_tags" { 2 | value = var.account_tags[data.aws_caller_identity.current.account_id] 3 | } -------------------------------------------------------------------------------- /terraform-modules/aws/eks-efs-csi-driver/README.md: -------------------------------------------------------------------------------- 1 | # EKS EFS CSI Driver 2 | 3 | source: https://github.com/kubernetes-sigs/aws-efs-csi-driver 4 | 5 | 6 | Creates: 7 | * AWS IAM policies for the efs-csi-driver to access EFS 8 | * Deploys the aws-efs-csi-driver helm chart into an EKS cluster 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/eks-efs-csi-driver/helm_values.tpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /terraform-modules/aws/eks-efs-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | # output "arn" { 2 | # value = module.eks-efs-csi-driver.arn 3 | # } 4 | 5 | # output "id" { 6 | # value = module.eks-efs-csi-driver.id 7 | # } 8 | 9 | # output "dns_name" { 10 | # value = module.eks-efs-csi-driver.dns_name 11 | # } 12 | -------------------------------------------------------------------------------- /terraform-modules/aws/eks/test/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/ManagedKube/kubernetes-ops 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/gruntwork-io/terratest v0.32.24 7 | github.com/stretchr/testify v1.7.0 8 | ) 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/emr/security_configuration/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_emr_security_configuration" "this" { 2 | name = var.name 3 | 4 | configuration = var.configuration 5 | } 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/emr/security_configuration/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = aws_emr_security_configuration.this.id 3 | } 4 | 5 | output "name" { 6 | value = aws_emr_security_configuration.this.name 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/grafana/loki/promtail/README.md: -------------------------------------------------------------------------------- 1 | # Loki Promtail 2 | 3 | Source: https://github.com/grafana/loki/tree/main/tools/lambda-promtail 4 | 5 | ## Why a sub module for this 6 | In the Terraform module, it has a provider with a hardcoded region: https://github.com/grafana/loki/blob/main/tools/lambda-promtail/main.tf#L1 7 | * We need to be able to specify our own region 8 | * When using this with certain Terraform, we are already providing a "Terraform Provider" block and there can only be one 9 | 10 | We are basically copying the entire thing at the source here. 11 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/argocd/README.md: -------------------------------------------------------------------------------- 1 | # helm chart - argocd 2 | 3 | Chart source: https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/argocd/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "helm_chart" { 2 | chart = "argo-cd" 3 | namespace = var.namespace 4 | create_namespace = "true" 5 | name = var.chart_name 6 | version = var.helm_version 7 | verify = var.verify 8 | repository = "https://argoproj.github.io/argo-helm" 9 | 10 | values = [ 11 | file("${path.module}/values.yaml"), 12 | var.helm_values, 13 | ] 14 | 15 | } 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/argocd/outputs.tf: -------------------------------------------------------------------------------- 1 | output chart { 2 | value = helm_release.helm_chart.chart 3 | } 4 | 5 | output status { 6 | value = helm_release.helm_chart.status 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/argocd/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | installCRDs: false 3 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/cert-manager-issuers/http01-cluster-issuer.tpl.yaml: -------------------------------------------------------------------------------- 1 | # doc: https://cert-manager.io/docs/configuration/acme/http01/ 2 | --- 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-prod-http01 7 | spec: 8 | acme: 9 | server: ${letsEncryptServer} 10 | email: ${emailAddress} 11 | privateKeySecretRef: 12 | name: http01-issuer-account-key 13 | solvers: 14 | - http01: 15 | ingress: 16 | class: ${ingressClass} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/cert-manager/helm_values.tpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | installCRDs: true 3 | 4 | serviceAccount: 5 | annotations: 6 | eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/${chartName}-${clusterName}" 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/cert-manager/http01-cluster-issuer.tpl.yaml: -------------------------------------------------------------------------------- 1 | # doc: https://cert-manager.io/docs/configuration/acme/http01/ 2 | --- 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-prod-http01 7 | spec: 8 | acme: 9 | server: ${letsEncryptServer} 10 | email: ${emailAddress} 11 | privateKeySecretRef: 12 | name: http01-issuer-account-key 13 | solvers: 14 | - http01: 15 | ingress: 16 | class: ${ingressClass} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/external-secrets/install/helm_values.tpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | extraEnv: 3 | - name: AWS_REGION 4 | value: ${awsRegion} 5 | - name: AWS_DEFAULT_REGION 6 | value: ${awsRegion} 7 | 8 | serviceAccount: 9 | name: ${resource_name} 10 | annotations: 11 | eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/${resource_name}" 12 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/external-secrets/install/iam-policy.tpl.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "secretsmanager:GetResourcePolicy", 8 | "secretsmanager:GetSecretValue", 9 | "secretsmanager:DescribeSecret", 10 | "secretsmanager:ListSecretVersionIds", 11 | "sts:AssumeRole" 12 | ], 13 | "Resource": [ 14 | "arn:aws:secretsmanager:${awsRegion}:${awsAccountID}:secret:${secretsPrefix}*" 15 | ] 16 | } 17 | ] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/external-secrets/secrets/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | base_name = "external-secrets" 3 | } 4 | 5 | data "aws_region" "current" {} 6 | 7 | resource "kubernetes_manifest" "external_secret" { 8 | manifest = yamldecode(var.yaml) 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/external-secrets/secrets/variables.tf: -------------------------------------------------------------------------------- 1 | variable "yaml" { 2 | type = string 3 | description = "A yaml of the kind: ExternalSecret" 4 | default = "---" 5 | } 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/helm_generic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "chart" { 2 | value = helm_release.helm_chart.chart 3 | } 4 | 5 | output "status" { 6 | value = helm_release.helm_chart.status 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/istio-kiali/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "helm_chart" { 2 | chart = "kiali-operator" 3 | namespace = var.namespace 4 | create_namespace = "true" 5 | name = var.chart_name 6 | version = var.helm_version 7 | verify = var.verify 8 | repository = "https://kiali.org/helm-charts" 9 | 10 | values = [ 11 | file("${path.module}/values.yaml"), 12 | var.helm_values, 13 | ] 14 | 15 | } 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/kube-prometheus-stack/outputs.tf: -------------------------------------------------------------------------------- 1 | output chart { 2 | value = helm_release.helm_chart.chart 3 | } 4 | 5 | output status { 6 | value = helm_release.helm_chart.status 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/kubernetes-external-secrets/helm_values.tpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | env: 3 | AWS_REGION: us-east-1 4 | AWS_DEFAULT_REGION: us-east-1 5 | 6 | serviceAccount: 7 | name: ${resource_name} 8 | annotations: 9 | eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/${resource_name}" 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/nginx-ingress/README.md: -------------------------------------------------------------------------------- 1 | # helm chart - argocd 2 | 3 | Chart source: https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/nginx-ingress/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "helm_chart" { 2 | chart = "ingress-nginx" 3 | namespace = var.namespace 4 | create_namespace = "true" 5 | name = var.chart_name 6 | version = var.helm_version 7 | verify = var.verify 8 | repository = "https://kubernetes.github.io/ingress-nginx" 9 | 10 | values = [ 11 | file("${path.module}/values.yaml"), 12 | var.helm_values, 13 | ] 14 | 15 | } 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/helm/nginx-ingress/outputs.tf: -------------------------------------------------------------------------------- 1 | output chart { 2 | value = helm_release.helm_chart.chart 3 | } 4 | 5 | output status { 6 | value = helm_release.helm_chart.status 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/iam/generic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "iam_arn" { 2 | description = "Amazon Resource Name (ARN) specifying the role." 3 | value = aws_iam_role.this.arn 4 | } 5 | 6 | output "iam_instance_profile_arn" { 7 | description = "Amazon Resource Name (ARN) specifying instance profiel the role." 8 | value = aws_iam_instance_profile.this[0].arn 9 | } -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/bin/istioctl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-modules/aws/istio/istio-1.11.0/bin/istioctl -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | version: 1.11.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio cluster resources and CRDs 6 | keywords: 7 | - istio 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/latest/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/base/NOTES.txt: -------------------------------------------------------------------------------- 1 | Installs Istio cluster resources: CRDs, cluster bindings and associated service accounts. 2 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio-cluster.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{ .Files.Get "crds/crd-operator.yaml" }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | version: 1.11.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio gateways 6 | keywords: 7 | - istio 8 | - egressgateway 9 | - gateways 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/gateways/istio-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-ingress 3 | version: 1.11.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio gateways 6 | keywords: 7 | - istio 8 | - ingressgateway 9 | - gateways 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-cni 3 | version: 1.11.0 4 | description: Helm chart for istio-cni components 5 | keywords: 6 | - istio-cni 7 | - istio 8 | sources: 9 | - http://github.com/istio/cni 10 | engine: gotpl 11 | icon: https://istio.io/latest/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-discovery 3 | version: 1.11.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for istio control plane 6 | keywords: 7 | - istio 8 | - istiod 9 | - istio-discovery 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-control/istio-discovery/NOTES.txt: -------------------------------------------------------------------------------- 1 | Minimal control plane for Istio. Pilot and mesh config are included. 2 | 3 | MCP and injector should optionally be installed in the same namespace. Alternatively remote 4 | address of an MCP server can be set. 5 | 6 | 7 | Thank you for installing Istio 1.11. Please take a few minutes to tell us about your install/upgrade experience! 8 | https://forms.gle/kWULBRjUv7hHci7T6 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-control/istio-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 11 | namespace: {{ .Values.global.istioNamespace }} 12 | labels: 13 | app: istiod 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-operator 3 | version: 1.11.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for deploying Istio operator 6 | keywords: 7 | - istio 8 | - operator 9 | sources: 10 | - https://github.com/istio/istio/tree/master/operator 11 | engine: gotpl 12 | icon: https://istio.io/latest/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-operator/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: {{.Values.operatorNamespace}} 5 | labels: 6 | istio-operator-managed: Reconcile 7 | istio-injection: disabled 8 | --- 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: {{.Values.operatorNamespace}} 5 | labels: 6 | name: istio-operator 7 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 8 | spec: 9 | ports: 10 | - name: http-metrics 11 | port: 8383 12 | targetPort: 8383 13 | protocol: TCP 14 | selector: 15 | name: istio-operator 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istio-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: {{.Values.operatorNamespace}} 5 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 | {{- if .Values.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range .Values.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | --- 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istiod-remote/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: config 3 | version: 1.2.0 4 | tillerVersion: ">=2.7.2" 5 | description: Helm chart for a remote cluster using an external istio control plane 6 | keywords: 7 | - istio 8 | - external-istiod 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/latest/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/charts/istiod-remote/NOTES.txt: -------------------------------------------------------------------------------- 1 | Install for a remote cluster using an external control plane. 2 | 3 | The templates in this directory are copies of base and istio-discovery templates. 4 | DO NOT EDIT! Make changes in the corresponding files in base or istio-discovery and they will be copied here by make gen. 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/examples/customresource/istio_v1alpha1_istiooperator_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | metadata: 5 | namespace: istio-system 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/examples/user-gateway/ingress-gateway-only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | ingressGateways: 7 | - enabled: true 8 | namespace: my-namespace 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/profiles/empty.yaml: -------------------------------------------------------------------------------- 1 | # The empty profile has everything disabled 2 | # This is useful as a base for custom user configuration 3 | apiVersion: install.istio.io/v1alpha1 4 | kind: IstioOperator 5 | spec: 6 | components: 7 | base: 8 | enabled: false 9 | pilot: 10 | enabled: false 11 | ingressGateways: 12 | - name: istio-ingressgateway 13 | enabled: false 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | # The minimal profile will install just the core control plane 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: 5 | components: 6 | ingressGateways: 7 | - name: istio-ingressgateway 8 | enabled: false 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/manifests/profiles/remote.yaml: -------------------------------------------------------------------------------- 1 | # Deprecated. Use the `default` profile instead. 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: {} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/README.md: -------------------------------------------------------------------------------- 1 | # Istio Samples 2 | 3 | This directory contains sample applications highlighting various Istio features. 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/destination-rule-reviews.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: reviews 5 | spec: 6 | host: reviews 7 | trafficPolicy: 8 | loadBalancer: 9 | simple: RANDOM 10 | subsets: 11 | - name: v1 12 | labels: 13 | version: v1 14 | - name: v2 15 | labels: 16 | version: v2 17 | - name: v3 18 | labels: 19 | version: v3 20 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-details-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: details 5 | spec: 6 | hosts: 7 | - details 8 | http: 9 | - route: 10 | - destination: 11 | host: details 12 | subset: v2 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-80-20.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 80 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 20 18 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-90-10.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 90 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | weight: 10 18 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v3 21 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - match: 10 | - headers: 11 | end-user: 12 | exact: jason 13 | route: 14 | - destination: 15 | host: reviews 16 | subset: v2 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v1 21 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-v2-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 18 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/networking/virtual-service-reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/platform/kube/README.md: -------------------------------------------------------------------------------- 1 | See the [Bookinfo guide](https://istio.io/docs/guides/bookinfo.html) in Istio 2 | docs for instructions on how to run this demo application. 3 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/src/mongodb/ratings_data.json: -------------------------------------------------------------------------------- 1 | {rating: 5} 2 | {rating: 4} 3 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/src/productpage/test-requirements.txt: -------------------------------------------------------------------------------- 1 | requests-mock==1.5.2 2 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/bookinfo/src/ratings/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "scripts": { 3 | "start": "node ratings.js" 4 | }, 5 | "dependencies": { 6 | "httpdispatcher": "1.0.0", 7 | "mongodb": "^3.6.0", 8 | "mysql": "^2.15.0" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/custom-bootstrap/custom-bootstrap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-custom-bootstrap-config 5 | namespace: default 6 | data: 7 | custom_bootstrap.json: | 8 | { 9 | "tracing": { 10 | "http": { 11 | "name": "envoy.zipkin", 12 | "config": { 13 | "collector_cluster": "zipkin", 14 | "collector_endpoint": "/api/v1/spans/custom", 15 | "trace_id_128bit": "true" 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/helloworld/src/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | flask 3 | flask_json 4 | flask_bootstrap 5 | json2html 6 | simplejson 7 | gevent 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/multicluster/expose-services.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: cross-network-gateway 5 | spec: 6 | selector: 7 | istio: eastwestgateway 8 | servers: 9 | - port: 10 | number: 15443 11 | name: tls 12 | protocol: TLS 13 | tls: 14 | mode: AUTO_PASSTHROUGH 15 | hosts: 16 | - "*.local" 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/operator/cni-on.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | cni: 6 | enabled: true 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/operator/default-install.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | namespace: istio-system 5 | name: istio-operator 6 | spec: 7 | profile: default 8 | 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/operator/pilot-k8s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | pilot: 6 | k8s: 7 | resources: 8 | requests: 9 | cpu: 1000m # override from default 500m 10 | memory: 4096Mi # ... default 2048Mi 11 | hpaSpec: 12 | maxReplicas: 10 # ... default 5 13 | minReplicas: 2 # ... default 1 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/operator/values-global.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | global: 6 | logging: 7 | level: "default:warning" # override from info 8 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.11.0/samples/operator/values-pilot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | pilot: 6 | traceSampling: 0.1 # override from 1.0 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio cluster resources and CRDs 9 | keywords: 10 | - istio 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio-cluster.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/base/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Istio base successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{ .Files.Get "crds/crd-operator.yaml" }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/default/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-default 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.0.0 6 | appVersion: 1.0.0 7 | description: Helm chart for istio default revision components. 8 | keywords: 9 | - istio 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: gateway 3 | description: Helm chart for deploying Istio gateways 4 | type: application 5 | 6 | # This version is never actually shipped. istio/release-builder will replace it at build-time 7 | # with the appropriate version 8 | version: 1.12.6 9 | appVersion: 1.12.6 10 | 11 | sources: 12 | - http://github.com/istio/istio 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | keywords: 15 | - istio 16 | - gateways -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ include "gateway.name" . }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | 7 | Next steps: 8 | * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ 9 | * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - egressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/gateways/istio-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-ingress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - ingressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cni 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | description: Helm chart for istio-cni components 8 | keywords: 9 | - istio-cni 10 | - istio 11 | sources: 12 | - http://github.com/istio/cni 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-cni/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ .Release.Name }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-cni/templates/resourcequota.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cni.resourceQuotas.enabled }} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: istio-cni-resource-quota 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | hard: 9 | pods: {{ .Values.cni.resourceQuotas.pods | quote }} 10 | scopeSelector: 11 | matchExpressions: 12 | - operator: In 13 | scopeName: PriorityClass 14 | values: 15 | - system-node-critical 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istiod 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for istio control plane 9 | keywords: 10 | - istio 11 | - istiod 12 | - istio-discovery 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-control/istio-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 11 | namespace: {{ .Values.global.istioNamespace }} 12 | labels: 13 | app: istiod 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-operator 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.12.6 6 | appVersion: 1.12.6 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio operator 9 | keywords: 10 | - istio 11 | - operator 12 | sources: 13 | - https://github.com/istio/istio/tree/master/operator 14 | engine: gotpl 15 | icon: https://istio.io/latest/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | labels: 6 | name: istio-operator 7 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 8 | spec: 9 | ports: 10 | - name: http-metrics 11 | port: 8383 12 | targetPort: 8383 13 | protocol: TCP 14 | selector: 15 | name: istio-operator 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istio-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 | {{- if .Values.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range .Values.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | --- 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/charts/istiod-remote/NOTES.txt: -------------------------------------------------------------------------------- 1 | Install for a remote cluster using an external control plane. 2 | 3 | The templates in this directory are copies of base and istio-discovery templates. 4 | DO NOT EDIT! Make changes in the corresponding files in base or istio-discovery and they will be copied here by make gen. 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/examples/customresource/istio_v1alpha1_istiooperator_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | metadata: 5 | namespace: istio-system 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/examples/user-gateway/ingress-gateway-only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | ingressGateways: 7 | - enabled: true 8 | namespace: my-namespace 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/profiles/empty.yaml: -------------------------------------------------------------------------------- 1 | # The empty profile has everything disabled 2 | # This is useful as a base for custom user configuration 3 | apiVersion: install.istio.io/v1alpha1 4 | kind: IstioOperator 5 | spec: 6 | components: 7 | base: 8 | enabled: false 9 | pilot: 10 | enabled: false 11 | ingressGateways: 12 | - name: istio-ingressgateway 13 | enabled: false 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | # The minimal profile will install just the core control plane 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: 5 | components: 6 | ingressGateways: 7 | - name: istio-ingressgateway 8 | enabled: false 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.12.6/manifests/profiles/remote.yaml: -------------------------------------------------------------------------------- 1 | # Deprecated. Use the `default` profile instead. 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: {} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio cluster resources and CRDs 9 | keywords: 10 | - istio 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio-cluster.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/base/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Istio base successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{ .Files.Get "crds/crd-operator.yaml" }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/default/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-default 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.0.0 6 | appVersion: 1.0.0 7 | description: Helm chart for istio default revision components. 8 | keywords: 9 | - istio 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: gateway 3 | description: Helm chart for deploying Istio gateways 4 | type: application 5 | 6 | # This version is never actually shipped. istio/release-builder will replace it at build-time 7 | # with the appropriate version 8 | version: 1.14.3 9 | appVersion: 1.14.3 10 | 11 | sources: 12 | - http://github.com/istio/istio 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | keywords: 15 | - istio 16 | - gateways -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ include "gateway.name" . }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | 7 | Next steps: 8 | * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ 9 | * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - egressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/gateways/istio-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-ingress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - ingressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cni 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | description: Helm chart for istio-cni components 8 | keywords: 9 | - istio-cni 10 | - istio 11 | sources: 12 | - http://github.com/istio/cni 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-cni/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ .Release.Name }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-cni/templates/resourcequota.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cni.resourceQuotas.enabled }} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: istio-cni-resource-quota 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | hard: 9 | pods: {{ .Values.cni.resourceQuotas.pods | quote }} 10 | scopeSelector: 11 | matchExpressions: 12 | - operator: In 13 | scopeName: PriorityClass 14 | values: 15 | - system-node-critical 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istiod 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for istio control plane 9 | keywords: 10 | - istio 11 | - istiod 12 | - istio-discovery 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-control/istio-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 11 | namespace: {{ .Values.global.istioNamespace }} 12 | labels: 13 | app: istiod 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-operator 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.14.3 6 | appVersion: 1.14.3 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio operator 9 | keywords: 10 | - istio 11 | - operator 12 | sources: 13 | - https://github.com/istio/istio/tree/master/operator 14 | engine: gotpl 15 | icon: https://istio.io/latest/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | labels: 6 | name: istio-operator 7 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 8 | spec: 9 | ports: 10 | - name: http-metrics 11 | port: 8383 12 | targetPort: 8383 13 | protocol: TCP 14 | selector: 15 | name: istio-operator 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istio-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 | {{- if .Values.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range .Values.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | --- 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/charts/istiod-remote/NOTES.txt: -------------------------------------------------------------------------------- 1 | Install for a remote cluster using an external control plane. 2 | 3 | The templates in this directory are copies of base and istio-discovery templates. 4 | DO NOT EDIT! Make changes in the corresponding files in base or istio-discovery and they will be copied here by make gen. 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/examples/customresource/istio_v1alpha1_istiooperator_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | metadata: 5 | namespace: istio-system 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/examples/user-gateway/ingress-gateway-only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | ingressGateways: 7 | - enabled: true 8 | namespace: my-namespace 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/profiles/empty.yaml: -------------------------------------------------------------------------------- 1 | # The empty profile has everything disabled 2 | # This is useful as a base for custom user configuration 3 | apiVersion: install.istio.io/v1alpha1 4 | kind: IstioOperator 5 | spec: 6 | components: 7 | base: 8 | enabled: false 9 | pilot: 10 | enabled: false 11 | ingressGateways: 12 | - name: istio-ingressgateway 13 | enabled: false 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | # The minimal profile will install just the core control plane 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: 5 | components: 6 | ingressGateways: 7 | - name: istio-ingressgateway 8 | enabled: false 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.14.3/manifests/profiles/remote.yaml: -------------------------------------------------------------------------------- 1 | # Deprecated. Use the `default` profile instead. 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: {} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio cluster resources and CRDs 9 | keywords: 10 | - istio 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio-cluster.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/base/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Istio base successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{ .Files.Get "crds/crd-operator.yaml" }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/default/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-default 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.0.0 6 | appVersion: 1.0.0 7 | description: Helm chart for istio default revision components. 8 | keywords: 9 | - istio 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: gateway 3 | description: Helm chart for deploying Istio gateways 4 | type: application 5 | 6 | # This version is never actually shipped. istio/release-builder will replace it at build-time 7 | # with the appropriate version 8 | version: 1.15.0 9 | appVersion: 1.15.0 10 | 11 | sources: 12 | - http://github.com/istio/istio 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | keywords: 15 | - istio 16 | - gateways -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ include "gateway.name" . }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | 7 | Next steps: 8 | * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ 9 | * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - egressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/gateways/istio-ingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-ingress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio gateways 9 | keywords: 10 | - istio 11 | - ingressgateway 12 | - gateways 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cni 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | description: Helm chart for istio-cni components 8 | keywords: 9 | - istio-cni 10 | - istio 11 | sources: 12 | - http://github.com/istio/cni 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-cni/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ .Release.Name }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-cni/templates/resourcequota.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cni.resourceQuotas.enabled }} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: istio-cni-resource-quota 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | hard: 9 | pods: {{ .Values.cni.resourceQuotas.pods | quote }} 10 | scopeSelector: 11 | matchExpressions: 12 | - operator: In 13 | scopeName: PriorityClass 14 | values: 15 | - system-node-critical 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istiod 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for istio control plane 9 | keywords: 10 | - istio 11 | - istiod 12 | - istio-discovery 13 | sources: 14 | - http://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-control/istio-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - files/gen-istio.yaml 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 11 | namespace: {{ .Values.global.istioNamespace }} 12 | labels: 13 | app: istiod 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-operator 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.15.0 6 | appVersion: 1.15.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio operator 9 | keywords: 10 | - istio 11 | - operator 12 | sources: 13 | - https://github.com/istio/istio/tree/master/operator 14 | engine: gotpl 15 | icon: https://istio.io/latest/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | labels: 6 | name: istio-operator 7 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 8 | spec: 9 | ports: 10 | - name: http-metrics 11 | port: 8383 12 | targetPort: 8383 13 | protocol: TCP 14 | selector: 15 | name: istio-operator 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istio-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 | {{- if .Values.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range .Values.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | --- 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/charts/istiod-remote/NOTES.txt: -------------------------------------------------------------------------------- 1 | Install for a remote cluster using an external control plane. 2 | 3 | The templates in this directory are copies of base and istio-discovery templates. 4 | DO NOT EDIT! Make changes in the corresponding files in base or istio-discovery and they will be copied here by make gen. 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/examples/customresource/istio_v1alpha1_istiooperator_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | metadata: 5 | namespace: istio-system 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/examples/user-gateway/ingress-gateway-only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | ingressGateways: 7 | - enabled: true 8 | namespace: my-namespace 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/profiles/empty.yaml: -------------------------------------------------------------------------------- 1 | # The empty profile has everything disabled 2 | # This is useful as a base for custom user configuration 3 | apiVersion: install.istio.io/v1alpha1 4 | kind: IstioOperator 5 | spec: 6 | components: 7 | base: 8 | enabled: false 9 | pilot: 10 | enabled: false 11 | ingressGateways: 12 | - name: istio-ingressgateway 13 | enabled: false 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.15.0/manifests/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | # The minimal profile will install just the core control plane 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: 5 | components: 6 | ingressGateways: 7 | - name: istio-ingressgateway 8 | enabled: false 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio cluster resources and CRDs 9 | keywords: 10 | - istio 11 | sources: 12 | - https://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/base/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Istio base successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{ .Files.Get "crds/crd-operator.yaml" }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/default/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-default 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.0.0 6 | appVersion: 1.0.0 7 | description: Helm chart for istio default revision components. 8 | keywords: 9 | - istio 10 | sources: 11 | - https://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: gateway 3 | description: Helm chart for deploying Istio gateways 4 | type: application 5 | 6 | # This version is never actually shipped. istio/release-builder will replace it at build-time 7 | # with the appropriate version 8 | version: 1.20.0 9 | appVersion: 1.20.0 10 | 11 | sources: 12 | - https://github.com/istio/istio 13 | icon: https://istio.io/latest/favicons/android-192x192.png 14 | keywords: 15 | - istio 16 | - gateways -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateway/openshift-values.yaml: -------------------------------------------------------------------------------- 1 | containerSecurityContext: 2 | capabilities: 3 | drop: 4 | - ALL 5 | allowPrivilegeEscalation: false 6 | privileged: false 7 | readOnlyRootFilesystem: true 8 | runAsNonRoot: true 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ include "gateway.name" . }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | 7 | Next steps: 8 | * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ 9 | * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateway/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "gateway.name" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4}} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "gateway.selectorLabels" . | nindent 6 }} 13 | {{- with .Values.podDisruptionBudget }} 14 | {{- toYaml . | nindent 2 }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/gateways/istio-egress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-egress 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | description: Helm chart for deploying Istio gateways 8 | keywords: 9 | - istio 10 | - egressgateway 11 | - gateways 12 | sources: 13 | - https://github.com/istio/istio 14 | engine: gotpl 15 | icon: https://istio.io/latest/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cni 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | description: Helm chart for istio-cni components 8 | keywords: 9 | - istio-cni 10 | - istio 11 | sources: 12 | - https://github.com/istio/istio/tree/release-1.20/cni 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-cni/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ .Release.Name }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-cni/templates/network-attachment-definition.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.cni.provider "multus" }} 2 | apiVersion: k8s.cni.cncf.io/v1 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: istio-cni 6 | namespace: default 7 | labels: 8 | operator.istio.io/component: "Cni" 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-cni/templates/resourcequota.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cni.resourceQuotas.enabled }} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: istio-cni-resource-quota 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | hard: 9 | pods: {{ .Values.cni.resourceQuotas.pods | quote }} 10 | scopeSelector: 11 | matchExpressions: 12 | - operator: In 13 | scopeName: PriorityClass 14 | values: 15 | - system-node-critical 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-control/istio-discovery/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istiod 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for istio control plane 9 | keywords: 10 | - istio 11 | - istiod 12 | - istio-discovery 13 | sources: 14 | - https://github.com/istio/istio 15 | engine: gotpl 16 | icon: https://istio.io/latest/favicons/android-192x192.png 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-control/istio-discovery/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- if .Values.global.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range .Values.global.imagePullSecrets }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 11 | namespace: {{ .Values.global.istioNamespace }} 12 | labels: 13 | app: istiod 14 | release: {{ .Release.Name }} 15 | --- 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-operator 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | tillerVersion: ">=2.7.2" 8 | description: Helm chart for deploying Istio operator 9 | keywords: 10 | - istio 11 | - operator 12 | sources: 13 | - https://github.com/istio/istio/tree/master/operator 14 | engine: gotpl 15 | icon: https://istio.io/latest/favicons/android-192x192.png 16 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | labels: 6 | name: istio-operator 7 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 8 | spec: 9 | ports: 10 | - name: http-metrics 11 | port: 8383 12 | targetPort: 8383 13 | protocol: TCP 14 | selector: 15 | name: istio-operator 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istio-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | namespace: {{.Release.Namespace}} 5 | name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 | {{- if .Values.imagePullSecrets }} 7 | imagePullSecrets: 8 | {{- range .Values.imagePullSecrets }} 9 | - name: {{ . }} 10 | {{- end }} 11 | {{- end }} 12 | --- 13 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/istiod-remote/NOTES.txt: -------------------------------------------------------------------------------- 1 | Install for a remote cluster using an external control plane. 2 | 3 | The templates in this directory are copies of base and istio-discovery templates. 4 | DO NOT EDIT! Make changes in the corresponding files in base or istio-discovery and they will be copied here by make gen. 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/ztunnel/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: ztunnel 3 | # This version is never actually shipped. istio/release-builder will replace it at build-time 4 | # with the appropriate version 5 | version: 1.20.0 6 | appVersion: 1.20.0 7 | description: Helm chart for istio ztunnel components 8 | keywords: 9 | - istio-ztunnel 10 | - istio 11 | sources: 12 | - https://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/latest/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/ztunnel/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ztunnel successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/charts/ztunnel/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | {{- with .Values.imagePullSecrets }} 4 | imagePullSecrets: 5 | {{- range . }} 6 | - name: {{ . }} 7 | {{- end }} 8 | {{- end }} 9 | metadata: 10 | name: ztunnel 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | {{- .Values.labels | toYaml | nindent 4}} 14 | annotations: 15 | {{- .Values.annotations | toYaml | nindent 4 }} 16 | --- 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/examples/customresource/istio_v1alpha1_istiooperator_cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | metadata: 5 | namespace: istio-system 6 | name: example-istiocontrolplane 7 | spec: 8 | profile: demo 9 | ... 10 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/examples/user-gateway/ingress-gateway-only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | ingressGateways: 7 | - enabled: true 8 | namespace: my-namespace 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/profiles/empty.yaml: -------------------------------------------------------------------------------- 1 | # The empty profile has everything disabled 2 | # This is useful as a base for custom user configuration 3 | apiVersion: install.istio.io/v1alpha1 4 | kind: IstioOperator 5 | spec: 6 | components: 7 | base: 8 | enabled: false 9 | pilot: 10 | enabled: false 11 | ingressGateways: 12 | - name: istio-ingressgateway 13 | enabled: false 14 | -------------------------------------------------------------------------------- /terraform-modules/aws/istio/istio-1.20.0/manifests/profiles/minimal.yaml: -------------------------------------------------------------------------------- 1 | # The minimal profile will install just the core control plane 2 | apiVersion: install.istio.io/v1alpha1 3 | kind: IstioOperator 4 | spec: 5 | components: 6 | ingressGateways: 7 | - name: istio-ingressgateway 8 | enabled: false 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/kms/cloudtrail/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kms_arn" { 2 | description = "Arn of kms created" 3 | value = aws_kms_key.kms.arn 4 | } -------------------------------------------------------------------------------- /terraform-modules/aws/kms/cloudwatch_log_group/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kms_arn" { 2 | description = "Arn of kms for log group of cloudwatch" 3 | value = aws_kms_key.kms.arn 4 | } -------------------------------------------------------------------------------- /terraform-modules/aws/kubernetes-efs-volume/README.md: -------------------------------------------------------------------------------- 1 | # kubernetes-efs-volume 2 | 3 | Depends on the `eks-efs-csi-driver` module to be instantiated in the cluster first. 4 | 5 | This module will: 6 | * Create an AWS EFS resource with the appropriate security group and IAM permisisons 7 | * Create a persistent volume (pv) pointing to this EFS endpoint 8 | * Create a persistent volume claim (pvc) pointing to the `pv` 9 | 10 | You can then readily use the `pvc` to mount to any resources in Kubernetes. 11 | -------------------------------------------------------------------------------- /terraform-modules/aws/kubernetes-efs-volume/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubernetes_persistent_volume_claim_name" { 2 | value = var.efs_name 3 | description = "Name of the pvc claim" 4 | } 5 | 6 | output "kubernetes_persistent_volume_name" { 7 | value = var.efs_name 8 | } -------------------------------------------------------------------------------- /terraform-modules/aws/kubernetes/manifest/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_manifest" "manifest" { 2 | manifest = yamldecode(var.manifest) 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/kubernetes/manifest/variables.tf: -------------------------------------------------------------------------------- 1 | variable "manifest" { 2 | type = string 3 | default = < folder } 3 | } 4 | 5 | resource "aws_s3_object" "directory_structure" { 6 | for_each = local.folder_structure_map 7 | 8 | bucket = var.bucket_name 9 | key = each.value 10 | content_type = "application/x-directory" 11 | } -------------------------------------------------------------------------------- /terraform-modules/aws/s3/folders/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_name" { 2 | description = "The name of the S3 bucket" 3 | } 4 | 5 | variable "folder_structure" { 6 | type = list(string) 7 | description = <<-EOT 8 | The folder structure to create in S3. 9 | Example usage: 10 | [ 11 | "folder1", 12 | "folder2", 13 | "folder3", 14 | "folder4/subfolder1/subfolder2" 15 | ] 16 | EOT 17 | } -------------------------------------------------------------------------------- /terraform-modules/aws/securitygroup/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = aws_security_group.sg.id 3 | description = "ID of the security group." 4 | } 5 | 6 | output "arn" { 7 | value = aws_security_group.sg.arn 8 | description = "ARN of the security group." 9 | } 10 | 11 | output "name" { 12 | value = aws_security_group.sg.name 13 | description = "The name of the security group" 14 | } -------------------------------------------------------------------------------- /terraform-modules/aws/ses/dkim/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ses_domain_identity" "this" { 2 | domain = var.domain 3 | } 4 | resource "aws_ses_domain_dkim" "this" { 5 | domain = aws_ses_domain_identity.this.domain 6 | } -------------------------------------------------------------------------------- /terraform-modules/aws/ses/dkim/outputs.tf: -------------------------------------------------------------------------------- 1 | output "dkim_tokens" { 2 | description = "DKIM tokens generated by SES." 3 | value = aws_ses_domain_dkim.this.dkim_tokens 4 | } -------------------------------------------------------------------------------- /terraform-modules/aws/ses/dkim/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | description = "Verified domain name to generate DKIM tokens for" 3 | } 4 | 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/ses/email_identity/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ses_email_identity" "this" { 2 | email = var.email 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/aws/ses/email_identity/variables.tf: -------------------------------------------------------------------------------- 1 | variable "email" { 2 | description = "The email to add" 3 | } -------------------------------------------------------------------------------- /terraform-modules/aws/sns/suscription/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic_subscription" "user_updates_sqs_target" { 2 | topic_arn = var.topic_arn 3 | protocol = var.protocol 4 | endpoint = var.endpoint 5 | } -------------------------------------------------------------------------------- /terraform-modules/aws/sns/suscription/variables.tf: -------------------------------------------------------------------------------- 1 | variable "protocol" { 2 | description = "(Required) Protocol to use. Valid values are: sqs, sms, lambda, firehose, and application. Protocols email, email-json, http and https" 3 | } 4 | 5 | variable "endpoint" { 6 | description = "(Required) In email endpoint is an email address." 7 | } 8 | 9 | variable "topic_arn" { 10 | description = "(Required) ARN of the SNS topic to subscribe to." 11 | } -------------------------------------------------------------------------------- /terraform-modules/aws/ssm/AWS-SSM.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-modules/aws/ssm/AWS-SSM.png -------------------------------------------------------------------------------- /terraform-modules/aws/ssm/ec2-role/README.md: -------------------------------------------------------------------------------- 1 | EC2 SSM Role 2 | ============= 3 | 4 | This is a required role that is created to be attached EC2 instances to give it access to SSM and the S3 bucket for the interactive session logs output. 5 | 6 | https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/ssm/ec2-role/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws_iam_instance_profile_arn" { 2 | value = aws_iam_instance_profile.profile.arn 3 | } 4 | 5 | output "aws_iam_instance_profile_id" { 6 | value = aws_iam_instance_profile.profile.id 7 | } 8 | 9 | output "aws_iam_role_arn" { 10 | value = aws_iam_role.role.arn 11 | } 12 | 13 | output "aws_iam_role_id" { 14 | value = aws_iam_role.role.id 15 | } 16 | 17 | output "aws_iam_role_name" { 18 | value = aws_iam_role.role.name 19 | } 20 | -------------------------------------------------------------------------------- /terraform-modules/aws/ssm/ec2-role/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/ssm/vpc-endpoints/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-modules/aws/ssm/vpc-endpoints/outputs.tf -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/base-tests/test-suites/infra-base/main.tf: -------------------------------------------------------------------------------- 1 | module "manifest_set" { 2 | source = "github.com/ManagedKube/kubernetes-ops.git//terraform-modules/aws/kubernetes/manifest_set?ref=v2.0.12" 3 | 4 | upload_source_path = path.cwd 5 | upload_directory = "yaml" 6 | } 7 | -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/base-tests/test-suites/infra-base/yaml/prometheus-endpoint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tests.testkube.io/v2 2 | kind: Test 3 | metadata: 4 | name: infra-base-prometheus-endpoint 5 | namespace: testkube 6 | spec: 7 | content: 8 | data: | 9 | { 10 | "command": [ 11 | "curl", 12 | "http://prometheus-operated.monitoring.svc:9090/-/ready" 13 | ], 14 | "expected_status": "200", 15 | "expected_body": "Prometheus" 16 | } 17 | type: string 18 | type: curl/test 19 | -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/base-tests/test-suites/infra-base/yaml/ts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tests.testkube.io/v1 2 | kind: TestSuite 3 | metadata: 4 | name: infra-base 5 | namespace: testkube 6 | spec: 7 | description: Infra testsuite 8 | steps: 9 | - execute: 10 | name: infra-base-prometheus-endpoint 11 | namespace: testkube 12 | type: testExecution 13 | # - delay: 14 | # duration: 2000 15 | # type: delay 16 | # - execute: 17 | # name: infra-base-alertmanager-slack-config 18 | # namespace: testkube 19 | # type: testExecution 20 | -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/local/main.tf: -------------------------------------------------------------------------------- 1 | module "manifest_set" { 2 | source = "github.com/ManagedKube/kubernetes-ops.git//terraform-modules/aws/kubernetes/manifest_set?ref=v2.0.12" 3 | 4 | upload_source_path = path.cwd 5 | upload_directory = "yaml" 6 | fileset_pattern = "**/*.yaml.tftpl" 7 | template_vars = { 8 | namespace = var.app_namespace 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/local/variables.tf: -------------------------------------------------------------------------------- 1 | variable "app_namespace" { 2 | default = "my-app" 3 | description = "The namespace that the applications are in" 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/local/yaml/alert-manager-slack-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tests.testkube.io/v2 2 | kind: Test 3 | metadata: 4 | name: infra-base-alertmanager-slack-config 5 | namespace: testkube 6 | spec: 7 | content: 8 | data: | 9 | { 10 | "command": [ 11 | "curl", 12 | "http://alertmanager-operated.monitoring.svc:9093/api/v2/status" 13 | ], 14 | "expected_status": "200", 15 | "expected_body": "slack_configs" 16 | } 17 | type: string 18 | type: curl/test -------------------------------------------------------------------------------- /terraform-modules/aws/testkube/local/yaml/ts.yaml.tftpl: -------------------------------------------------------------------------------- 1 | apiVersion: tests.testkube.io/v1 2 | kind: TestSuite 3 | metadata: 4 | name: infra-local 5 | namespace: testkube 6 | spec: 7 | description: Infra local testsuite 8 | steps: 9 | - execute: 10 | name: local-my-app-endpoint 11 | namespace: testkube 12 | type: testExecution 13 | # - delay: 14 | # duration: 2000 15 | # type: delay 16 | 17 | -------------------------------------------------------------------------------- /terraform-modules/aws/vpc/test/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/ManagedKube/kubernetes-ops 2 | 3 | go 1.15 4 | 5 | require ( 6 | github.com/gruntwork-io/terratest v0.32.24 7 | github.com/stretchr/testify v1.7.0 8 | ) 9 | -------------------------------------------------------------------------------- /terraform-modules/aws/workspaces/workspaces_ip_group/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_workspaces_ip_group" "users" { 2 | name = "Users of AWS Workspaces VDI ${var.account_name}" 3 | description = "Users IP access control group" 4 | tags = var.tags 5 | 6 | dynamic "rules" { 7 | for_each = var.ip_group_rules 8 | content { 9 | source = rules.value.source 10 | description = rules.value.description 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /terraform-modules/aws/workspaces/workspaces_ip_group/outputs.tf: -------------------------------------------------------------------------------- 1 | output "workspaces_ip_group_id" { 2 | description = "The IP group identifier." 3 | value = aws_workspaces_ip_group.users.id 4 | } -------------------------------------------------------------------------------- /terraform-modules/azure/active_directory/groups/main.tf: -------------------------------------------------------------------------------- 1 | resource "azuread_group" "this" { 2 | count = length(var.groups) 3 | 4 | display_name = var.groups[count.index].display_name 5 | owners = var.groups[count.index].owners 6 | security_enabled = var.groups[count.index].security_enabled 7 | 8 | members = var.groups[count.index].members 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/azure/active_directory/groups/outputs.tf: -------------------------------------------------------------------------------- 1 | output "groups" { 2 | value = azuread_group.this.* 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/azure/active_directory/groups/vars.tf: -------------------------------------------------------------------------------- 1 | variable "groups" { 2 | description = "A list of Azure Active Directory groups to create" 3 | type = any 4 | default = [ 5 | { 6 | display_name = "my-group" 7 | owners = ["user object ID as the owner of the group"] 8 | security_enabled = true 9 | members = ["user object ID as members"] 10 | }, 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /terraform-modules/azure/container_registry/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ManagedKube/kubernetes-ops/9de0081765d80fad59d4eb9636efa04480f32499/terraform-modules/azure/container_registry/outputs.tf -------------------------------------------------------------------------------- /terraform-modules/azure/dns/private/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | value = azurerm_private_dns_zone.this.id 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/azure/dns/public/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | value = azurerm_dns_zone.this.id 3 | } 4 | 5 | output "nameservers" { 6 | value = azurerm_dns_zone.this.name_servers 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/azure/kubernetes/external-dns/azure.json: -------------------------------------------------------------------------------- 1 | { 2 | "tenantId": "${tenant_id}", 3 | "subscriptionId": "${subscription_id}", 4 | "resourceGroup": "${azure_resource_group_name}", 5 | "useManagedIdentityExtension": true, 6 | "userAssignedIdentityID": "${client_id}" 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/azure/kubernetes/external-secrets/secret_store/outputs.tf: -------------------------------------------------------------------------------- 1 | output "app_client_id" { 2 | value = azuread_application.app.application_id 3 | } 4 | 5 | output "k8s_service_account_name" { 6 | value = "secret-store-${local.base_name}-${var.environment_name}" 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/azure/kubernetes/external-secrets/secret_store/yaml/cluster_secret_store.yaml: -------------------------------------------------------------------------------- 1 | # https://external-secrets.io/v0.6.1/provider/azure-key-vault/#workload-identity 2 | --- 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: ${secret_store_name} 7 | # No namspace. ClusterSecretStore are global 8 | spec: 9 | provider: 10 | azurekv: 11 | authType: WorkloadIdentity 12 | vaultUrl: ${vault_url} 13 | serviceAccountRef: 14 | name: ${k8s_serviceaccount_name} 15 | namespace: ${namespace_name} 16 | -------------------------------------------------------------------------------- /terraform-modules/azure/networking/peering/same-account/README.md: -------------------------------------------------------------------------------- 1 | # network/peering/same-account 2 | 3 | This will create a vnet peering in the same account. This means that user running this 4 | module needs to have access to both of the account. 5 | -------------------------------------------------------------------------------- /terraform-modules/azure/networking/subnet/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_subnet" "this" { 2 | count = length(var.subnets) 3 | name = var.subnets[count.index].name 4 | resource_group_name = var.resource_group_name 5 | virtual_network_name = var.virtual_network_name 6 | address_prefixes = var.subnets[count.index].address_prefixes 7 | 8 | } 9 | -------------------------------------------------------------------------------- /terraform-modules/azure/networking/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnets" { 2 | value = azurerm_subnet.this.* 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/azure/vault-access/README.md: -------------------------------------------------------------------------------- 1 | # Vault Access 2 | This module grants permissions to access an Azure Vault instance to get 3 | keys, secrets, certificates. 4 | 5 | Console path: key vault -> -> Access policies 6 | -------------------------------------------------------------------------------- /terraform-modules/azure/vault-access/outputs.tf: -------------------------------------------------------------------------------- 1 | output "azurerm_key_vault_access_policy_id" { 2 | value = azurerm_key_vault_access_policy.this.*.id 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/azure/vault/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_key_vault" "this" { 2 | name = var.vault_name 3 | location = var.azure_location 4 | resource_group_name = var.resource_group_name 5 | tenant_id = var.tenant_id 6 | sku_name = var.sku_name 7 | 8 | public_network_access_enabled = var.public_network_access_enabled 9 | 10 | soft_delete_retention_days = var.soft_delete_retention_days 11 | 12 | purge_protection_enabled = var.purge_protection_enabled 13 | } 14 | -------------------------------------------------------------------------------- /terraform-modules/azure/vault/outputs.tf: -------------------------------------------------------------------------------- 1 | output "azurerm_key_vault_id" { 2 | value = azurerm_key_vault.this.id 3 | } 4 | 5 | output "azurerm_key_vault_uri" { 6 | value = azurerm_key_vault.this.vault_uri 7 | } 8 | -------------------------------------------------------------------------------- /terraform-modules/data-modules/from-terraform-cloud/aks/main.tf: -------------------------------------------------------------------------------- 1 | variable "backend_organization" {} 2 | variable "workspace_name" {} 3 | 4 | data "terraform_remote_state" "this" { 5 | backend = "remote" 6 | config = { 7 | organization = var.backend_organization 8 | workspaces = { 9 | name = var.workspace_name 10 | } 11 | } 12 | } 13 | 14 | output "all_outputs" { 15 | value = data.terraform_remote_state.this.outputs 16 | } 17 | -------------------------------------------------------------------------------- /terraform-modules/datadog/api_key/main.tf: -------------------------------------------------------------------------------- 1 | resource "datadog_api_key" "this" { 2 | name = var.name 3 | } 4 | -------------------------------------------------------------------------------- /terraform-modules/datadog/api_key/outputs.tf: -------------------------------------------------------------------------------- 1 | output "api_key" { 2 | value = datadog_api_key.this.key 3 | sensitive = true 4 | description = "The Datadog API key" 5 | } 6 | -------------------------------------------------------------------------------- /terraform-modules/datadog/api_key/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | default = "datadog_api_key" 4 | description = "The API key's name" 5 | } 6 | --------------------------------------------------------------------------------