├── addons ├── service_monitor_crd │ ├── service_monitor │ │ ├── values.yaml │ │ └── .helmignore │ ├── main.tf │ └── README.md ├── cert-manager-le-http │ ├── values.yaml │ ├── Chart.yaml │ └── templates │ │ ├── ClusterIssuer-prod.yaml │ │ ├── ClusterIssuer-staging.yaml │ │ └── ClusterIssuer-istio.yaml ├── efs │ ├── outputs.tf │ └── versions.tf ├── velero │ ├── velero_job │ │ ├── values.yaml │ │ ├── .helmignore │ │ └── templates │ │ │ └── backup_job.yaml │ ├── helm │ │ └── values.yaml │ └── variable.tf ├── core_dns_hpa │ ├── Chart.yaml │ ├── values.yaml │ └── templates │ │ └── hpa.yaml ├── metrics_server_vpa │ ├── Chart.yaml │ ├── values.yaml │ └── templates │ │ └── vpa.yaml ├── aws_node_termination_handler │ └── aws_nth.yaml ├── karpenter_provisioner │ └── karpenter-provisioner │ │ ├── values.yaml │ │ ├── ipv4-values.yaml │ │ ├── ipv6-values.yaml │ │ └── .helmignore ├── istio │ ├── istio-observability │ │ ├── values.yaml │ │ ├── templates │ │ │ ├── enable-access-logs.yaml │ │ │ ├── clusterissuer.yaml │ │ │ └── service-monitor-control-plane.yaml │ │ └── .helmignore │ └── versions.tf ├── aws-ebs-storage-class │ ├── versions.tf │ ├── main.tf │ └── variables.tf ├── reloader │ └── reloader.yaml ├── aws_alb │ └── aws_alb.yaml ├── karpenter │ └── karpenter.yaml ├── metrics_server │ └── metrics_server.yaml └── cluster_autoscaler │ └── cluster_autoscaler.yaml ├── EKS-Blueprint └── modules │ ├── kubernetes-addons │ ├── app-2048 │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── aws-kube-proxy │ │ ├── outputs.tf │ │ ├── versions.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── fargate-fluentbit │ │ ├── outputs.tf │ │ ├── versions.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── aws-cloudwatch-metrics │ │ ├── values.yaml │ │ ├── main.tf │ │ ├── versions.tf │ │ └── outputs.tf │ ├── calico │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── cilium │ │ ├── versions.tf │ │ └── outputs.tf │ ├── kubecost │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── values.yaml │ │ └── variables.tf │ ├── kyverno │ │ ├── versions.tf │ │ └── outputs.tf │ ├── promtail │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── reloader │ │ ├── versions.tf │ │ ├── outputs.tf │ │ ├── main.tf │ │ └── variables.tf │ ├── chaos-mesh │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── gatekeeper │ │ ├── versions.tf │ │ ├── outputs.tf │ │ ├── main.tf │ │ └── variables.tf │ ├── tetrate-istio │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── locals_tid.tf │ ├── crossplane │ │ ├── values.yaml │ │ ├── aws-provider │ │ │ ├── aws-provider-config.yaml │ │ │ ├── jet-aws-provider-config.yaml │ │ │ ├── jet-aws-provider.yaml │ │ │ ├── aws-provider.yaml │ │ │ ├── aws-controller-config.yaml │ │ │ └── jet-aws-controller-config.yaml │ │ ├── kubernetes-provider │ │ │ ├── kubernetes-controller-config.yaml │ │ │ ├── kubernetes-provider-config.yaml │ │ │ ├── kubernetes-provider.yaml │ │ │ └── kubernetes-controller-clusterrolebinding.yaml │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── data.tf │ ├── datadog-operator │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── smb-csi-driver │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── cert-manager-csi-driver │ │ ├── versions.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── cert-manager-istio-csr │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── nvidia-device-plugin │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── spark-history-server │ │ ├── versions.tf │ │ ├── values.yaml │ │ ├── main.tf │ │ └── outputs.tf │ ├── strimzi-kafka-operator │ │ ├── versions.tf │ │ ├── values.yaml │ │ ├── outputs.tf │ │ └── main.tf │ ├── local-volume-provisioner │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── local-static-provisioner │ │ │ ├── templates │ │ │ │ └── serviceaccount.yaml │ │ │ └── Chart.yaml │ │ ├── outputs.tf │ │ └── variables.tf │ ├── cluster-proportional-autoscaler │ │ ├── versions.tf │ │ ├── outputs.tf │ │ ├── main.tf │ │ └── variables.tf │ ├── cert-manager │ │ ├── values.yaml │ │ ├── cert-manager-letsencrypt │ │ │ ├── values.yaml │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ │ ├── clusterissuer-staging.yaml │ │ │ │ └── clusterissuer-production.yaml │ │ ├── cert-manager-ca │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── clusterissuers.yaml │ │ │ │ └── certificate.yaml │ │ │ └── values.yaml │ │ ├── versions.tf │ │ ├── data.tf │ │ └── outputs.tf │ ├── agones │ │ ├── data.tf │ │ ├── versions.tf │ │ ├── values.yaml │ │ ├── outputs.tf │ │ └── locals.tf │ ├── aws-load-balancer-controller │ │ ├── values.yaml │ │ ├── versions.tf │ │ └── main.tf │ ├── keda │ │ ├── values.yaml │ │ ├── versions.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── adot-collector-haproxy │ │ ├── otel-config │ │ │ ├── Chart.yaml │ │ │ ├── values.yaml │ │ │ └── templates │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ └── clusterrole.yaml │ │ ├── versions.tf │ │ └── outputs.tf │ ├── adot-collector-java │ │ ├── otel-config │ │ │ ├── Chart.yaml │ │ │ ├── values.yaml │ │ │ └── templates │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ └── clusterrole.yaml │ │ ├── versions.tf │ │ └── outputs.tf │ ├── adot-collector-nginx │ │ ├── otel-config │ │ │ ├── Chart.yaml │ │ │ ├── values.yaml │ │ │ └── templates │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ └── clusterrole.yaml │ │ ├── versions.tf │ │ └── outputs.tf │ ├── adot-collector-memcached │ │ ├── otel-config │ │ │ ├── Chart.yaml │ │ │ ├── values.yaml │ │ │ └── templates │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ └── clusterrole.yaml │ │ ├── versions.tf │ │ └── outputs.tf │ ├── aws-node-termination-handler │ │ ├── values.yaml │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── data.tf │ ├── grafana │ │ ├── versions.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── karpenter │ │ ├── versions.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── velero │ │ ├── versions.tf │ │ ├── values.yaml │ │ └── outputs.tf │ ├── argocd │ │ ├── argocd-application │ │ │ └── helm │ │ │ │ ├── Chart.yaml │ │ │ │ └── values.yaml │ │ ├── values.yaml │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── data.tf │ ├── aws-vpc-cni │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── external-dns │ │ ├── versions.tf │ │ └── outputs.tf │ ├── helm-addon │ │ ├── versions.tf │ │ └── outputs.tf │ ├── appmesh-controller │ │ ├── versions.tf │ │ └── outputs.tf │ ├── aws-ebs-csi-driver │ │ ├── versions.tf │ │ └── outputs.tf │ ├── aws-efs-csi-driver │ │ ├── versions.tf │ │ └── outputs.tf │ ├── aws-for-fluentbit │ │ ├── versions.tf │ │ └── values.yaml │ ├── aws-fsx-csi-driver │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── main.tf │ ├── aws-privateca-issuer │ │ ├── versions.tf │ │ ├── data.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── cluster-autoscaler │ │ ├── versions.tf │ │ ├── values.yaml │ │ └── outputs.tf │ ├── external-secrets │ │ ├── versions.tf │ │ ├── data.tf │ │ ├── main.tf │ │ └── outputs.tf │ ├── vpa │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── traefik │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── yunikorn │ │ ├── versions.tf │ │ ├── values.yaml │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── argo-rollouts │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── ingress-nginx │ │ ├── versions.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── kuberay-operator │ │ ├── versions.tf │ │ ├── kuberay-operator-config │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ │ ├── serviceaccount.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── leader-rolebinding.yaml │ │ │ │ ├── rolebinding.yaml │ │ │ │ └── leader-role.yaml │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── metrics-server │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── kube-prometheus-stack │ │ ├── versions.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── values.yaml │ ├── kubernetes-dashboard │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── spark-k8s-operator │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── secrets-store-csi-driver │ │ ├── versions.tf │ │ ├── main.tf │ │ ├── locals.tf │ │ └── outputs.tf │ ├── csi-secrets-store-provider-aws │ │ ├── versions.tf │ │ └── outputs.tf │ ├── versions.tf │ ├── airflow │ │ ├── versions.tf │ │ ├── values.yaml │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── prometheus │ │ ├── versions.tf │ │ └── outputs.tf │ ├── argo-workflows │ │ ├── versions.tf │ │ └── outputs.tf │ ├── opentelemetry-operator │ │ ├── versions.tf │ │ └── outputs.tf │ ├── aws-coredns │ │ ├── versions.tf │ │ └── outputs.tf │ └── data.tf │ ├── aws-kms │ ├── versions.tf │ ├── outputs.tf │ └── main.tf │ ├── launch-templates │ ├── versions.tf │ ├── templates │ │ └── userdata-bottlerocket.tpl │ └── variables.tf │ ├── aws-eks-fargate-profiles │ ├── versions.tf │ ├── variables.tf │ └── outputs.tf │ ├── aws-eks-managed-node-groups │ ├── versions.tf │ ├── templates │ │ └── userdata-bottlerocket.tpl │ └── data.tf │ ├── aws-eks-self-managed-node-groups │ ├── versions.tf │ └── data.tf │ ├── irsa │ ├── versions.tf │ └── outputs.tf │ ├── emr-on-eks │ ├── outputs.tf │ ├── data.tf │ ├── locals.tf │ ├── versions.tf │ └── variables.tf │ └── aws-eks-teams │ ├── versions.tf │ ├── locals.tf │ ├── variables.tf │ └── data.tf ├── examples └── complete │ ├── version.tf │ └── provider.tf ├── versions.tf └── .gitignore /addons/service_monitor_crd/service_monitor/values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/app-2048/outputs.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/app-2048/variables.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-kube-proxy/outputs.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/fargate-fluentbit/outputs.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /addons/cert-manager-le-http/values.yaml: -------------------------------------------------------------------------------- 1 | # email: 2 | 3 | ingressClass: nginx 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-cloudwatch-metrics/values.yaml: -------------------------------------------------------------------------------- 1 | clusterName: ${eks_cluster_id} 2 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/calico/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cilium/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubecost/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kyverno/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/promtail/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/reloader/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /addons/efs/outputs.tf: -------------------------------------------------------------------------------- 1 | output "efs_id" { 2 | value = module.efs.*.id 3 | description = "EFS ID" 4 | } 5 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/chaos-mesh/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/gatekeeper/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/tetrate-istio/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/values.yaml: -------------------------------------------------------------------------------- 1 | nodeSelector: 2 | kubernetes.io/os: ${operating-system} 3 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/datadog-operator/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/smb-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-istio-csr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/nvidia-device-plugin/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-history-server/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/strimzi-kafka-operator/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /addons/velero/velero_job/values.yaml: -------------------------------------------------------------------------------- 1 | velero_backup_name: cluster_backup 2 | schedule_cron_time: "*/10 * * * *" 3 | namespaces: "*" 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | } 4 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | extraArgs: 2 | - --enable-certificate-owner-ref=true 3 | 4 | installCRDs: true 5 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/agones/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_security_group" "eks_worker_group" { 2 | id = var.eks_worker_security_group_id 3 | } 4 | -------------------------------------------------------------------------------- /addons/core_dns_hpa/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: A Helm chart add hpa on coredns 4 | name: corednshpa 5 | version: 1.0.0 6 | -------------------------------------------------------------------------------- /addons/metrics_server_vpa/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: A Helm chart add vpa on metrics-server 4 | name: metricsservervpa 5 | version: 1.0.0 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/values.yaml: -------------------------------------------------------------------------------- 1 | clusterName: ${eks_cluster_id} 2 | region: ${aws_region} 3 | image: 4 | repository: ${repository} 5 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/values.yaml: -------------------------------------------------------------------------------- 1 | # email: user@example.com 2 | 3 | # region: global 4 | 5 | # dnsZones: 6 | # - domain.name 7 | -------------------------------------------------------------------------------- /addons/metrics_server_vpa/values.yaml: -------------------------------------------------------------------------------- 1 | metricsServerDeploymentName: ${metricsServerDeploymentName} 2 | minCPU: ${minCPU} 3 | minMemory: ${minMemory} 4 | maxCPU: ${maxCPU} 5 | maxMemory: ${maxMemory} 6 | -------------------------------------------------------------------------------- /addons/aws_node_termination_handler/aws_nth.yaml: -------------------------------------------------------------------------------- 1 | enableSqsTerminationDraining: false 2 | enablePrometheusServer: ${enable_service_monitor} 3 | 4 | podAnnotations: 5 | co.elastic.logs/enabled: "true" 6 | -------------------------------------------------------------------------------- /addons/service_monitor_crd/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "service-monitor-crd" { 2 | name = "service-monitor-crd" 3 | chart = "${path.module}/service_monitor/" 4 | timeout = 600 5 | } 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-history-server/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | sparkHistoryOpts: "-Dspark.history.fs.logDirectory="${s3a_path} 3 | 4 | nodeSelector: 5 | kubernetes.io/os: ${operating_system} 6 | -------------------------------------------------------------------------------- /addons/cert-manager-le-http/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager-le-http 3 | description: A Helm chart to install a Cert Manager CA 4 | type: application 5 | version: 0.1.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | helm_config = local.helm_config 4 | addon_context = var.addon_context 5 | } 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-kms/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/keda/values.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | limits: 3 | cpu: 1 4 | memory: 1000Mi 5 | requests: 6 | cpu: 100m 7 | memory: 100Mi 8 | 9 | nodeSelector: 10 | kubernetes.io/os: linux 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/otel-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: opentelemetry 3 | description: A Helm chart to install otel operator 4 | type: application 5 | version: 0.2.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/otel-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: opentelemetry 3 | description: A Helm chart to install otel operator 4 | type: application 5 | version: 0.2.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/otel-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: opentelemetry 3 | description: A Helm chart to install otel operator 4 | type: application 5 | version: 0.2.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-ca/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager-ca 3 | description: A Helm chart to install a Cert Manager CA 4 | type: application 5 | version: 0.2.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/otel-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: opentelemetry 3 | description: A Helm chart to install otel operator 4 | type: application 5 | version: 0.2.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/launch-templates/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-node-termination-handler/values.yaml: -------------------------------------------------------------------------------- 1 | enableSqsTerminationDraining: true 2 | enablePrometheusServer: true 3 | %{ if length(autoscaling_group_names) == 0 ~} 4 | checkASGTagBeforeDraining: false 5 | %{ endif ~} 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/keda/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-fargate-profiles/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-managed-node-groups/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/grafana/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/karpenter/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/strimzi-kafka-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for strimzi-kafka-operator. 2 | 3 | resources: 4 | limits: 5 | memory: 1Gi 6 | cpu: 1000m 7 | requests: 8 | memory: 1Gi 9 | cpu: 1000m 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/tetrate-istio/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/velero/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-self-managed-node-groups/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/argocd-application/helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: argo-application 3 | description: A Helm chart that installs an ArgoCD Application resource. 4 | type: application 5 | version: 0.1.0 6 | appVersion: 0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-kube-proxy/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-vpc-cni/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-dns/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/helm-addon/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | helm = { 6 | source = "hashicorp/helm" 7 | version = ">= 2.4.1" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/launch-templates/templates/userdata-bottlerocket.tpl: -------------------------------------------------------------------------------- 1 | ${pre_userdata} 2 | [settings.kubernetes] 3 | api-server = "${cluster_endpoint}" 4 | cluster-certificate = "${cluster_ca_base64}" 5 | cluster-name = "${eks_cluster_id}" 6 | ${post_userdata} 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/appmesh-controller/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-ebs-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-efs-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-for-fluentbit/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-fsx-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-privateca-issuer/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-autoscaler/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/aws-provider-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: aws-provider-config 6 | spec: 7 | credentials: 8 | source: InjectedIdentity 9 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-secrets/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/vpa/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/app-2048/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/nvidia-device-plugin/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | helm_config = local.helm_config 5 | addon_context = var.addon_context 6 | } 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/traefik/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl: -------------------------------------------------------------------------------- 1 | ${pre_userdata} 2 | [settings.kubernetes] 3 | api-server = "${cluster_endpoint}" 4 | cluster-certificate = "${cluster_ca_base64}" 5 | cluster-name = "${eks_cluster_id}" 6 | ${post_userdata} 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-rollouts/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-node-termination-handler/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/ingress-nginx/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/metrics-server/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.jet.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: jet-aws-provider-config 6 | spec: 7 | credentials: 8 | source: InjectedIdentity 9 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/fargate-fluentbit/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kube-prometheus-stack/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubernetes-dashboard/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-k8s-operator/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/secrets-store-csi-driver/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /addons/core_dns_hpa/values.yaml: -------------------------------------------------------------------------------- 1 | corednsdeploymentname: ${corednsdeploymentname} 2 | minReplicas: ${minReplicas} 3 | maxReplicas: ${maxReplicas} 4 | targetCPUUtilizationPercentage: ${targetCPUUtilizationPercentage} 5 | targetMemoryUtilizationPercentage: ${targetMemoryUtilizationPercentage} 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/csi-secrets-store-provider-aws/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | kubernetes = { 6 | source = "hashicorp/kubernetes" 7 | version = ">= 2.10" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cert-manager-letsencrypt 3 | description: Cert Manager Cluster Issuers for Let's Encrypt certificates with DNS01 protocol 4 | type: application 5 | version: 0.1.0 6 | appVersion: v0.1.0 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1alpha1 2 | kind: ControllerConfig 3 | metadata: 4 | name: kubernetes-controller-config 5 | spec: 6 | serviceAccountName: ${kubernetes-serviceaccount-name} 7 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubernetes.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: kubernetes-provider-config 6 | spec: 7 | credentials: 8 | source: InjectedIdentity 9 | -------------------------------------------------------------------------------- /addons/karpenter_provisioner/karpenter-provisioner/values.yaml: -------------------------------------------------------------------------------- 1 | subnet_selector_name: "${subnet_selector_name}" 2 | sg_selector_name: "${sg_selector_name}" 3 | karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}" 4 | excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}" 5 | -------------------------------------------------------------------------------- /addons/karpenter_provisioner/karpenter-provisioner/ipv4-values.yaml: -------------------------------------------------------------------------------- 1 | subnet_selector_name: "${subnet_selector_name}" 2 | sg_selector_name: "${sg_selector_name}" 3 | karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}" 4 | excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}" 5 | -------------------------------------------------------------------------------- /addons/istio/istio-observability/values.yaml: -------------------------------------------------------------------------------- 1 | accessLogging: 2 | enabled: "${envoy_access_logs_enabled}" 3 | 4 | monitoring: 5 | enabled: "${prometheus_monitoring_enabled}" 6 | 7 | clusterIssuer: 8 | enabled: "${cert_manager_cluster_issuer_enabled}" 9 | email: "${cert_manager_letsencrypt_email}" 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-kms/outputs.tf: -------------------------------------------------------------------------------- 1 | output "key_id" { 2 | description = "The globally unique identifier for the key." 3 | value = aws_kms_key.this.key_id 4 | } 5 | 6 | output "key_arn" { 7 | description = "The Amazon Resource Name (ARN) of the key." 8 | value = aws_kms_key.this.arn 9 | } 10 | -------------------------------------------------------------------------------- /examples/complete/version.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = ">= 3.43.0" 7 | } 8 | kubernetes = { 9 | source = "hashicorp/kubernetes" 10 | version = ">= 2.0.2" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: kuberay-operator 5 | version: 0.1.0 6 | icon: https://github.com/ray-project/ray/raw/master/doc/source/images/ray_header_logo.png 7 | type: application 8 | -------------------------------------------------------------------------------- /addons/istio/istio-observability/templates/enable-access-logs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.accessLogging.enabled -}} 2 | apiVersion: telemetry.istio.io/v1alpha1 3 | kind: Telemetry 4 | metadata: 5 | name: mesh-default 6 | namespace: istio-system 7 | spec: 8 | accessLogging: 9 | - providers: 10 | - name: envoy 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/irsa/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: ${aws-provider-name} 6 | spec: 7 | package: crossplane/provider-jet-aws:${provider-aws-version} 8 | controllerConfigRef: 9 | name: jet-aws-controller-config 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | time = { 10 | source = "hashicorp/time" 11 | version = ">= 0.8" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/otel-config/values.yaml: -------------------------------------------------------------------------------- 1 | ampurl: ${amp_url} 2 | region: ${region} 3 | prometheusMetricsEndpoint: ${prometheus_metrics_endpoint} 4 | prometheusMetricsPort: ${prometheus_metrics_port} 5 | scrapeInterval: ${scrape_interval} 6 | scrapeTimeout: ${scrape_timeout} 7 | scrapeSampleLimit: ${scrape_sample_limit} 8 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/otel-config/values.yaml: -------------------------------------------------------------------------------- 1 | ampurl: ${amp_url} 2 | region: ${region} 3 | prometheusMetricsEndpoint: ${prometheus_metrics_endpoint} 4 | prometheusMetricsPort: ${prometheus_metrics_port} 5 | scrapeInterval: ${scrape_interval} 6 | scrapeTimeout: ${scrape_timeout} 7 | scrapeSampleLimit: ${scrape_sample_limit} 8 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-cloudwatch-metrics/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.10" 8 | } 9 | helm = { 10 | source = "hashicorp/helm" 11 | version = ">= 2.4.1" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "kuberay-operator.serviceAccountName" . }} 6 | labels: 7 | {{ include "kuberay-operator.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-history-server/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | helm_config = local.helm_config 5 | set_values = local.set_values 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/otel-config/values.yaml: -------------------------------------------------------------------------------- 1 | ampurl: ${amp_url} 2 | region: ${region} 3 | prometheusMetricsEndpoint: ${prometheus_metrics_endpoint} 4 | prometheusMetricsPort: ${prometheus_metrics_port} 5 | scrapeInterval: ${scrape_interval} 6 | scrapeTimeout: ${scrape_timeout} 7 | scrapeSampleLimit: ${scrape_sample_limit} 8 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/otel-config/values.yaml: -------------------------------------------------------------------------------- 1 | ampurl: ${amp_url} 2 | region: ${region} 3 | prometheusMetricsEndpoint: ${prometheus_metrics_endpoint} 4 | prometheusMetricsPort: ${prometheus_metrics_port} 5 | scrapeInterval: ${scrape_interval} 6 | scrapeTimeout: ${scrape_timeout} 7 | scrapeSampleLimit: ${scrape_sample_limit} 8 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/agones/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/airflow/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/prometheus/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /addons/karpenter_provisioner/karpenter-provisioner/ipv6-values.yaml: -------------------------------------------------------------------------------- 1 | subnet_selector_name: "${subnet_selector_name}" 2 | sg_selector_name: "${sg_selector_name}" 3 | karpenter_ec2_capacity_type: "${karpenter_ec2_capacity_type}" 4 | excluded_karpenter_ec2_instance_type: "${excluded_karpenter_ec2_instance_type}" 5 | karpenter_instance_hypervisor: "${instance_hypervisor}" 6 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-workflows/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = ">= 4.23" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | version = ">= 2.13" 10 | } 11 | helm = { 12 | source = "hashicorp/helm" 13 | version = ">= 2.6" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/emr-on-eks/outputs.tf: -------------------------------------------------------------------------------- 1 | output "emr_on_eks_role_arn" { 2 | description = "IAM execution role ARN for EMR on EKS" 3 | value = aws_iam_role.emr_on_eks_execution[*].arn 4 | } 5 | 6 | output "emr_on_eks_role_id" { 7 | description = "IAM execution role ID for EMR on EKS" 8 | value = aws_iam_role.emr_on_eks_execution[*].id 9 | } 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/aws-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: ${aws-provider-name} 6 | spec: 7 | package: xpkg.upbound.io/crossplane-contrib/provider-aws:${coalesce(provider-aws-version, "v0.33.0")} 8 | controllerConfigRef: 9 | name: aws-controller-config 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-managed-node-groups/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "managed_ng_assume_role_policy" { 2 | statement { 3 | sid = "EKSWorkerAssumeRole" 4 | 5 | actions = [ 6 | "sts:AssumeRole", 7 | ] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = [local.ec2_principal] 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/aws-controller-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1alpha1 3 | kind: ControllerConfig 4 | metadata: 5 | name: aws-controller-config 6 | annotations: 7 | eks.amazonaws.com/role-arn: ${iam-role-arn} 8 | spec: 9 | podSecurityContext: 10 | fsGroup: 2000 11 | args: 12 | - --debug 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/opentelemetry-operator/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /addons/efs/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = ">= 3.43.0" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | version = ">= 2.0.2" 10 | } 11 | helm = { 12 | source = "hashicorp/helm" 13 | version = ">= 2.0.2" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/emr-on-eks/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | 3 | data "aws_iam_policy_document" "emr_assume_role" { 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["elasticmapreduce.amazonaws.com"] 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-vpc-cni/outputs.tf: -------------------------------------------------------------------------------- 1 | output "irsa_arn" { 2 | description = "IAM role ARN for the service account" 3 | value = try(module.irsa_addon[0].irsa_iam_role_arn, null) 4 | } 5 | 6 | output "irsa_name" { 7 | description = "IAM role name for the service account" 8 | value = try(module.irsa_addon[0].irsa_iam_role_name, null) 9 | } 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-controller-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1alpha1 3 | kind: ControllerConfig 4 | metadata: 5 | name: jet-aws-controller-config 6 | annotations: 7 | eks.amazonaws.com/role-arn: ${iam-role-arn} 8 | spec: 9 | podSecurityContext: 10 | fsGroup: 2000 11 | args: 12 | - --debug 13 | -------------------------------------------------------------------------------- /addons/istio/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = ">= 3.43.0" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | version = ">= 2.0.2" 10 | } 11 | helm = { 12 | source = "hashicorp/helm" 13 | version = ">= 2.0.2" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-privateca-issuer/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "aws_privateca_issuer" { 2 | statement { 3 | effect = "Allow" 4 | resources = [var.aws_privateca_acmca_arn] 5 | actions = [ 6 | "acm-pca:DescribeCertificateAuthority", 7 | "acm-pca:GetCertificate", 8 | "acm-pca:IssueCertificate", 9 | ] 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-autoscaler/values.yaml: -------------------------------------------------------------------------------- 1 | awsRegion: ${aws_region} 2 | 3 | autoDiscovery: 4 | clusterName: ${eks_cluster_id} 5 | extraArgs: 6 | aws-use-static-instance-list: true 7 | 8 | image: 9 | tag: ${image_tag} 10 | 11 | resources: 12 | limits: 13 | cpu: 200m 14 | memory: 512Mi 15 | requests: 16 | cpu: 200m 17 | memory: 512Mi 18 | -------------------------------------------------------------------------------- /addons/aws-ebs-storage-class/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = ">= 3.43.0" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | version = ">= 2.0.2" 10 | } 11 | helm = { 12 | source = "hashicorp/helm" 13 | version = ">= 2.0.2" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/emr-on-eks/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | 3 | default_emr_eks_team = { 4 | namespace = "emr-on-eks-spark" 5 | job_execution_role = "emr-on-eks-job-role" 6 | additional_iam_policies = [] 7 | } 8 | 9 | emr_on_eks_team = merge( 10 | local.default_emr_eks_team, 11 | var.emr_on_eks_teams 12 | ) 13 | 14 | emr_service_name = "emr-containers" 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: ${kubernetes-provider-name} 6 | spec: 7 | package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:${coalesce(provider-kubernetes-version, "v0.5.0")} 8 | controllerConfigRef: 9 | name: kubernetes-controller-config 10 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/clusterissuers.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.clusterIssuers }} 2 | --- 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: {{ .name }} 7 | spec: 8 | {{- if eq .type "selfSigned" }} 9 | selfSigned: {} 10 | {{- else if eq .type "CA" }} 11 | ca: 12 | secretName: {{ .secretName }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/emr-on-eks/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | null = { 14 | source = "hashicorp/null" 15 | version = ">= 3.1" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-ca/values.yaml: -------------------------------------------------------------------------------- 1 | clusterIssuers: 2 | - name: cert-manager-selfsigned 3 | type: selfSigned 4 | - name: cert-manager-ca 5 | type: CA 6 | secretName: cert-manager-ca-root 7 | privateKey: 8 | algorithm: ECDSA 9 | size: 256 10 | issuer: 11 | name: cert-manager-selfsigned 12 | kind: ClusterIssuer 13 | group: cert-manager.io 14 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-coredns/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 4.10" 8 | } 9 | null = { 10 | source = "hashicorp/null" 11 | version = ">= 3.0" 12 | } 13 | time = { 14 | source = "hashicorp/time" 15 | version = ">= 0.8" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/launch-templates/variables.tf: -------------------------------------------------------------------------------- 1 | variable "launch_template_config" { 2 | description = "Launch template configuration" 3 | type = any 4 | } 5 | 6 | variable "eks_cluster_id" { 7 | description = "EKS Cluster ID" 8 | type = string 9 | } 10 | 11 | variable "tags" { 12 | description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)" 13 | type = map(string) 14 | default = {} 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-teams/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | kubectl = { 14 | source = "gavinbunney/kubectl" 15 | version = ">= 1.14" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: otel-prometheus-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: otel-prometheus-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: adot-collector-java 12 | namespace: adot-collector-java 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: otel-prometheus-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: otel-prometheus-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: adot-collector-nginx 12 | namespace: adot-collector-nginx 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-for-fluentbit/values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | create: false 3 | name: ${service_account} 4 | 5 | cloudWatch: 6 | enabled: true 7 | region: ${aws_region} 8 | logGroupName: ${log_group_name} 9 | 10 | firehose: 11 | enabled: false 12 | region: ${aws_region} 13 | 14 | kinesis: 15 | enabled: false 16 | region: ${aws_region} 17 | 18 | elasticsearch: 19 | enabled: false 20 | region: ${aws_region} 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/velero/values.yaml: -------------------------------------------------------------------------------- 1 | initContainers: 2 | - name: velero-plugin-for-aws 3 | image: velero/velero-plugin-for-aws:v1.5.0 4 | volumeMounts: 5 | - mountPath: /target 6 | name: plugins 7 | 8 | configuration: 9 | provider: aws 10 | backupStorageLocation: 11 | bucket: ${bucket} 12 | volumeSnapshotLocation: 13 | config: 14 | region: ${region} 15 | 16 | credentials: 17 | useSecret: false 18 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: otel-prometheus-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: otel-prometheus-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: adot-collector-haproxy 12 | namespace: adot-collector-haproxy 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-cloudwatch-metrics/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | helm = { 14 | source = "hashicorp/helm" 15 | version = ">= 2.4.1" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: otel-prometheus-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: otel-prometheus-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: adot-collector-memcached 12 | namespace: adot-collector-memcached 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: ${kubernetes-serviceaccount-name} 5 | subjects: 6 | - kind: ServiceAccount 7 | name: ${kubernetes-serviceaccount-name} 8 | namespace: ${namespace} 9 | roleRef: 10 | kind: ClusterRole 11 | name: cluster-admin 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /addons/velero/velero_job/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/values.yaml: -------------------------------------------------------------------------------- 1 | redis-ha: 2 | enabled: true 3 | 4 | controller: 5 | enableStatefulSet: true 6 | 7 | server: 8 | autoscaling: 9 | enabled: true 10 | minReplicas: 2 11 | 12 | repoServer: 13 | autoscaling: 14 | enabled: true 15 | minReplicas: 2 16 | 17 | configs: 18 | cm: 19 | #use annotation for tracking but keep labels for compatibility with other tools 20 | application.resourceTrackingMethod: annotation+label 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/values.yaml: -------------------------------------------------------------------------------- 1 | operatorPlugins: general,spark-k8s-operator 2 | 3 | service: 4 | type: ClusterIP 5 | port: 9080 6 | port_web: 9889 7 | 8 | # When this flag is true, the admission controller will be installed along with the scheduler. 9 | # When this flag is false, the admission controller will not be installed. 10 | # Once the admission controller is installed, all traffic will be routing to yunikorn. 11 | embedAdmissionController: false 12 | -------------------------------------------------------------------------------- /addons/istio/istio-observability/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /addons/velero/helm/values.yaml: -------------------------------------------------------------------------------- 1 | initContainers: 2 | - name: velero-plugin-for-aws 3 | image: velero/velero-plugin-for-aws:v1.5.0 4 | volumeMounts: 5 | - mountPath: /target 6 | name: plugins 7 | 8 | configuration: 9 | provider: aws 10 | backupStorageLocation: 11 | bucket: ${bucket} 12 | volumeSnapshotLocation: 13 | config: 14 | region: ${region} 15 | 16 | credentials: 17 | useSecret: false 18 | 19 | podAnnotations: 20 | co.elastic.logs/enabled: "true" 21 | -------------------------------------------------------------------------------- /addons/service_monitor_crd/service_monitor/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /addons/karpenter_provisioner/karpenter-provisioner/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-kms/main.tf: -------------------------------------------------------------------------------- 1 | # Create a KMS customer managed key 2 | resource "aws_kms_key" "this" { 3 | description = var.description 4 | policy = var.policy 5 | enable_key_rotation = var.enable_key_rotation 6 | deletion_window_in_days = var.deletion_window_in_days 7 | tags = var.tags 8 | } 9 | 10 | # Assign an alias to the key 11 | resource "aws_kms_alias" "this" { 12 | name = var.alias 13 | target_key_id = aws_kms_key.this.key_id 14 | } 15 | -------------------------------------------------------------------------------- /addons/reloader/reloader.yaml: -------------------------------------------------------------------------------- 1 | reloader: 2 | deployment: 3 | affinity: 4 | nodeAffinity: 5 | requiredDuringSchedulingIgnoredDuringExecution: 6 | nodeSelectorTerms: 7 | - matchExpressions: 8 | - key: "Infra-Services" 9 | operator: In 10 | values: 11 | - "true" 12 | 13 | pod: 14 | annotations: 15 | co.elastic.logs/enabled: "true" 16 | 17 | serviceMonitor: 18 | enabled: ${enable_service_monitor} 19 | -------------------------------------------------------------------------------- /addons/istio/istio-observability/templates/clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.accessLogging.enabled -}} 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-istio 6 | namespace: istio-system 7 | spec: 8 | acme: 9 | email: {{ .Values.clusterIssuer.email }} 10 | server: https://acme-v02.api.letsencrypt.org/directory 11 | privateKeySecretRef: 12 | name: letsencrypt-istio 13 | solvers: 14 | - http01: 15 | ingress: 16 | class: istio 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | default_helm_config = { 3 | name = "local-static-provisioner" 4 | chart = "${path.module}/local-static-provisioner" 5 | version = "2.6.0-alpha.1" 6 | namespace = "local-static-provisioner" 7 | create_namespace = true 8 | description = "local provisioner helm chart configuration" 9 | } 10 | 11 | helm_config = merge( 12 | local.default_helm_config, 13 | var.helm_config 14 | ) 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | helm = { 14 | source = "hashicorp/helm" 15 | version = ">= 2.4.1" 16 | } 17 | kubectl = { 18 | source = "gavinbunney/kubectl" 19 | version = ">= 1.14" 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = ">= 3.72" 8 | } 9 | kubernetes = { 10 | source = "hashicorp/kubernetes" 11 | version = ">= 2.10" 12 | } 13 | kubectl = { 14 | source = "gavinbunney/kubectl" 15 | version = ">= 1.14" 16 | } 17 | time = { 18 | source = "hashicorp/time" 19 | version = ">= 0.7" 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-secrets/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "external_secrets" { 2 | statement { 3 | actions = ["ssm:GetParameter"] 4 | resources = var.external_secrets_ssm_parameter_arns 5 | } 6 | 7 | statement { 8 | actions = [ 9 | "secretsmanager:GetResourcePolicy", 10 | "secretsmanager:GetSecretValue", 11 | "secretsmanager:DescribeSecret", 12 | "secretsmanager:ListSecretVersionIds", 13 | ] 14 | resources = var.external_secrets_secrets_manager_arns 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-fargate-profiles/variables.tf: -------------------------------------------------------------------------------- 1 | variable "fargate_profile" { 2 | description = "Map of maps of `eks_node_groups` to create" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "context" { 8 | description = "Input configuration for Fargate" 9 | type = object({ 10 | eks_cluster_id = string 11 | aws_partition_id = string 12 | iam_role_path = string 13 | iam_role_permissions_boundary = string 14 | tags = map(string) 15 | }) 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-rollouts/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | manage_via_gitops = var.manage_via_gitops 5 | helm_config = local.helm_config 6 | addon_context = var.addon_context 7 | 8 | depends_on = [kubernetes_namespace_v1.this] 9 | } 10 | 11 | resource "kubernetes_namespace_v1" "this" { 12 | count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0 13 | metadata { 14 | name = local.helm_config["namespace"] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | manage_via_gitops = var.manage_via_gitops 5 | helm_config = local.helm_config 6 | addon_context = var.addon_context 7 | 8 | depends_on = [kubernetes_namespace_v1.yunikorn] 9 | } 10 | 11 | resource "kubernetes_namespace_v1" "yunikorn" { 12 | count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0 13 | metadata { 14 | name = local.helm_config["namespace"] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/airflow/values.yaml: -------------------------------------------------------------------------------- 1 | securityContext: 2 | fsGroup: 65534 3 | 4 | executor: "KubernetesExecutor" 5 | 6 | workers: 7 | replicas: 0 8 | 9 | postgresql: 10 | enabled: true 11 | 12 | scheduler: 13 | replicas: 1 14 | waitForMigrations: 15 | enabled: false 16 | 17 | webserver: 18 | replicas: 1 19 | waitForMigrations: 20 | enabled: false 21 | 22 | migrateDatabaseJob: 23 | enabled: true 24 | 25 | triggerer: 26 | enabled: true 27 | waitForMigrations: 28 | enabled: false 29 | 30 | redis: 31 | enabled: false 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/metrics-server/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | manage_via_gitops = var.manage_via_gitops 5 | helm_config = local.helm_config 6 | addon_context = var.addon_context 7 | 8 | depends_on = [kubernetes_namespace_v1.this] 9 | } 10 | 11 | resource "kubernetes_namespace_v1" "this" { 12 | count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0 13 | 14 | metadata { 15 | name = local.helm_config["namespace"] 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/karpenter/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | helm_config = local.helm_config 5 | set_values = local.set_values 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "karpenter" { 11 | name = "${var.addon_context.eks_cluster_id}-karpenter" 12 | description = "IAM Policy for Karpenter" 13 | policy = data.aws_iam_policy_document.karpenter.json 14 | } 15 | -------------------------------------------------------------------------------- /addons/aws-ebs-storage-class/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_storage_class_v1" "single_az_sc" { 2 | count = var.single_az_ebs_gp3_storage_class ? 1 : 0 3 | metadata { 4 | name = var.single_az_ebs_gp3_storage_class_name 5 | } 6 | storage_provisioner = "kubernetes.io/aws-ebs" 7 | reclaim_policy = "Retain" 8 | allow_volume_expansion = true 9 | volume_binding_mode = "WaitForFirstConsumer" 10 | parameters = { 11 | type = "gp3" 12 | encrypted = true 13 | kmskeyId = var.kms_key_id 14 | zone = var.availability_zone 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/secrets-store-csi-driver/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace_v1" "secrets_store_csi_driver" { 2 | metadata { 3 | name = local.name 4 | 5 | labels = { 6 | "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints" 7 | } 8 | } 9 | } 10 | 11 | module "helm_addon" { 12 | source = "../helm-addon" 13 | manage_via_gitops = var.manage_via_gitops 14 | helm_config = local.helm_config 15 | addon_context = var.addon_context 16 | 17 | depends_on = [kubernetes_namespace_v1.secrets_store_csi_driver] 18 | } 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "kuberay-operator.fullname" . }} 5 | labels: 6 | {{ include "kuberay-operator.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "kuberay-operator.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.common.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "provisioner.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | helm.sh/chart: {{ template "provisioner.chart" . }} 9 | app.kubernetes.io/name: {{ template "provisioner.name" . }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-fargate-profiles/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eks_fargate_profile_arn" { 2 | description = "Amazon Resource Name (ARN) of the EKS Fargate Profile" 3 | value = aws_eks_fargate_profile.eks_fargate.arn 4 | } 5 | 6 | output "eks_fargate_profile_role_name" { 7 | description = "Name of the EKS Fargate Profile IAM role" 8 | value = try(aws_iam_role.fargate[0].name, null) 9 | } 10 | 11 | output "eks_fargate_profile_id" { 12 | description = "EKS Cluster name and EKS Fargate Profile name separated by a colon" 13 | value = aws_eks_fargate_profile.eks_fargate.id 14 | } 15 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-teams/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | partition = data.aws_partition.current.partition 3 | account_id = data.aws_caller_identity.current.account_id 4 | eks_oidc_issuer_url = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "") 5 | eks_oidc_provider_arn = "arn:${local.partition}:iam::${local.account_id}:oidc-provider/${local.eks_oidc_issuer_url}" 6 | 7 | team_manifests = flatten([ 8 | for team_name, team_data in var.application_teams : 9 | try(fileset(path.root, "${team_data.manifests_dir}/*"), []) 10 | ]) 11 | 12 | } 13 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.clusterIssuers }} 2 | {{- if eq .type "CA" }} 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: {{ .name }} 7 | namespace: {{ $.Release.Namespace }} 8 | spec: 9 | isCA: true 10 | commonName: {{ .name }} 11 | secretName: {{ .secretName }} 12 | {{- with .privateKey }} 13 | privateKey: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | {{- with .issuer }} 17 | issuerRef: 18 | {{- toYaml . | nindent 4 }} 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /addons/velero/velero_job/templates/backup_job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: velero.io/v1 2 | kind: Schedule 3 | metadata: 4 | name: {{ .Values.velero_backup_name }} 5 | namespace: velero 6 | spec: 7 | schedule: "{{ .Values.schedule_cron_time }}" 8 | template: 9 | includedNamespaces: 10 | - '{{ .Values.namespaces }}' 11 | includedResources: 12 | - '*' 13 | includeClusterResources: true 14 | snapshotVolumes: true 15 | storageLocation: default 16 | volumeSnapshotLocations: 17 | - default 18 | ttl: 24h0m0s 19 | status: 20 | phase: "Enabled" 21 | lastBackup: 22 | validationErrors: 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnable }} 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | labels: 6 | {{ include "kuberay-operator.labels" . | indent 4 }} 7 | name: {{ include "kuberay-operator.fullname" . }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ .Values.serviceAccount.name }} 11 | namespace: {{ .Release.Namespace }} 12 | roleRef: 13 | kind: Role 14 | name: {{ include "kuberay-operator.fullname" . }} 15 | apiGroup: rbac.authorization.k8s.io 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /addons/aws_alb/aws_alb.yaml: -------------------------------------------------------------------------------- 1 | ## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" 2 | 3 | affinity: 4 | nodeAffinity: 5 | requiredDuringSchedulingIgnoredDuringExecution: 6 | nodeSelectorTerms: 7 | - matchExpressions: 8 | - key: "Infra-Services" 9 | operator: In 10 | values: 11 | - "true" 12 | 13 | ## Using limits and requests 14 | 15 | resources: 16 | limits: 17 | cpu: 100m 18 | memory: 200Mi 19 | requests: 20 | cpu: 50m 21 | memory: 100Mi 22 | 23 | podAnnotations: 24 | co.elastic.logs/enabled: "true" 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/grafana/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "grafana" { 11 | description = "IAM policy for Grafana Pod" 12 | name = "${var.addon_context.eks_cluster_id}-grafana" 13 | path = var.addon_context.irsa_iam_role_path 14 | policy = data.aws_iam_policy_document.this.json 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnable }} 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | labels: 6 | {{ include "kuberay-operator.labels" . | indent 4 }} 7 | name: {{ include "kuberay-operator.fullname" . }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ .Values.serviceAccount.name }} 11 | namespace: {{ .Release.Namespace }} 12 | roleRef: 13 | kind: ClusterRole 14 | name: {{ include "kuberay-operator.fullname" . }} 15 | apiGroup: rbac.authorization.k8s.io 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/agones/values.yaml: -------------------------------------------------------------------------------- 1 | agones: 2 | ping: 3 | http: 4 | annotations: 5 | service.beta.kubernetes.io/aws-load-balancer-internal: "false" 6 | service.beta.kubernetes.io/aws-load-balancer-type: "nlb" 7 | udp: 8 | annotations: 9 | service.beta.kubernetes.io/aws-load-balancer-internal: "false" 10 | service.beta.kubernetes.io/aws-load-balancer-type: "nlb" 11 | allocator: 12 | http: 13 | annotations: 14 | service.beta.kubernetes.io/aws-load-balancer-internal: "false" 15 | service.beta.kubernetes.io/aws-load-balancer-type: "nlb" 16 | -------------------------------------------------------------------------------- /addons/cert-manager-le-http/templates/ClusterIssuer-prod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-prod 5 | spec: 6 | acme: 7 | # The ACME server URL 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | # Email address used for ACME registration 10 | email: {{ .Values.email }} 11 | # Name of a secret used to store the ACME account private key 12 | privateKeySecretRef: 13 | name: letsencrypt-prod 14 | # Enable the HTTP-01 challenge provider 15 | solvers: 16 | - http01: 17 | ingress: 18 | class: {{ .Values.ingressClass }} 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_partition" "current" {} 2 | data "aws_caller_identity" "current" {} 3 | data "aws_region" "current" {} 4 | 5 | resource "time_sleep" "dataplane" { 6 | create_duration = "10s" 7 | 8 | triggers = { 9 | data_plane_wait_arn = var.data_plane_wait_arn # this waits for the data plane to be ready 10 | eks_cluster_id = var.eks_cluster_id # this ties it to downstream resources 11 | } 12 | } 13 | 14 | data "aws_eks_cluster" "eks_cluster" { 15 | # this makes downstream resources wait for data plane to be ready 16 | name = time_sleep.dataplane.triggers["eks_cluster_id"] 17 | } 18 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/airflow/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-rollouts/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "argo-rollouts" 3 | 4 | # https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://argoproj.github.io/argo-helm" 9 | version = "2.21.1" 10 | namespace = local.name 11 | description = "Argo Rollouts AddOn Helm Chart" 12 | } 13 | 14 | helm_config = merge( 15 | local.default_helm_config, 16 | var.helm_config 17 | ) 18 | 19 | argocd_gitops_config = { 20 | enable = true 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /addons/istio/istio-observability/templates/service-monitor-control-plane.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.monitoring.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: prometheus-oper-istio-controlplane 6 | labels: 7 | release: prometheus-operator 8 | monitoring: istio-controlplane 9 | spec: 10 | jobLabel: istio 11 | selector: 12 | matchExpressions: 13 | - {key: istio, operator: In, values: [mixer,pilot,galley,citadel,sidecar-injector]} 14 | namespaceSelector: 15 | matchNames: 16 | - istio-system 17 | endpoints: 18 | - port: http-monitoring 19 | interval: 15s 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 2 | *.out 3 | *.lock 4 | *.tfvars 5 | *.pem 6 | *.txt 7 | 8 | # Local .terraform directories 9 | **/.terraform/* 10 | .terraform* 11 | 12 | # .tfstate files 13 | *.tfstate 14 | *.tfstate.* 15 | 16 | # Crash log files 17 | crash.log 18 | crash.*.log 19 | 20 | *.tfvars 21 | *.tfvars.json 22 | 23 | # Ignore override files as they are usually used to override resources locally and so 24 | # are not checked in 25 | override.tf 26 | override.tf.json 27 | *_override.tf 28 | *_override.tf.json 29 | 30 | # Ignore CLI configuration files 31 | .terraformrc 32 | terraform.rc 33 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/appmesh-controller/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/crossplane/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "s3_policy" { 2 | statement { 3 | sid = "VisualEditor0" 4 | effect = "Allow" 5 | resources = ["arn:${var.addon_context.aws_partition_id}:s3:::*"] 6 | 7 | actions = [ 8 | "s3:CreateBucket", 9 | "s3:DeleteBucket", 10 | "s3:DeleteObject", 11 | "s3:DeleteObjectVersion", 12 | "s3:Get*", 13 | "s3:ListBucket", 14 | "s3:Put*", 15 | ] 16 | } 17 | 18 | statement { 19 | sid = "VisualEditor1" 20 | effect = "Allow" 21 | resources = ["*"] 22 | actions = ["s3:ListAllMyBuckets"] 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-load-balancer-controller/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "aws_load_balancer_controller" { 11 | name = "${var.addon_context.eks_cluster_id}-lb-irsa" 12 | description = "Allows lb controller to manage ALB and NLB" 13 | policy = data.aws_iam_policy_document.aws_lb.json 14 | tags = var.addon_context.tags 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-istio-csr/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | helm_config = merge( 4 | { 5 | name = "cert-manager-istio-csr" 6 | chart = "cert-manager-istio-csr" 7 | repository = "https://charts.jetstack.io" 8 | version = "v0.5.0" 9 | namespace = "cert-manager" 10 | create_namespace = false 11 | description = "Cert-manager-istio-csr Helm Chart deployment configuration" 12 | }, 13 | var.helm_config 14 | ) 15 | manage_via_gitops = var.manage_via_gitops 16 | addon_context = var.addon_context 17 | } 18 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: otel-prometheus-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes 10 | - nodes/proxy 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - extensions 20 | resources: 21 | - ingresses 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - nonResourceURLs: 27 | - /metrics 28 | verbs: 29 | - get 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: otel-prometheus-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes 10 | - nodes/proxy 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - extensions 20 | resources: 21 | - ingresses 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - nonResourceURLs: 27 | - /metrics 28 | verbs: 29 | - get 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: otel-prometheus-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes 10 | - nodes/proxy 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - extensions 20 | resources: 21 | - ingresses 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - nonResourceURLs: 27 | - /metrics 28 | verbs: 29 | - get 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-node-termination-handler/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /addons/cert-manager-le-http/templates/ClusterIssuer-staging.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-staging-http 5 | spec: 6 | acme: 7 | # The staging ACME server URL 8 | server: https://acme-staging-v02.api.letsencrypt.org/directory 9 | # Email address used for ACME registration 10 | email: {{ .Values.email }} 11 | # Name of a secret used to store the ACME account private key 12 | privateKeySecretRef: 13 | name: letsencrypt-staging-http 14 | # Enable the HTTP-01 challenge provider 15 | solvers: 16 | - http01: 17 | ingress: 18 | class: {{ .Values.ingressClass }} 19 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: otel-prometheus-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes 10 | - nodes/proxy 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - extensions 20 | resources: 21 | - ingresses 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - nonResourceURLs: 27 | - /metrics 28 | verbs: 29 | - get 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-privateca-issuer/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "aws_privateca_issuer" { 11 | description = "AWS PCA issuer IAM policy" 12 | name = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa" 13 | policy = data.aws_iam_policy_document.aws_privateca_issuer.json 14 | tags = var.addon_context.tags 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubernetes-dashboard/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | manage_via_gitops = var.manage_via_gitops 5 | helm_config = local.helm_config 6 | addon_context = var.addon_context 7 | 8 | depends_on = [kubernetes_namespace_v1.this] 9 | } 10 | 11 | resource "kubernetes_namespace_v1" "this" { 12 | count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0 13 | 14 | metadata { 15 | name = local.helm_config["namespace"] 16 | labels = { 17 | "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints" 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kyverno/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = module.kyverno_helm_addon.release_metadata 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = module.kyverno_helm_addon.irsa_arn 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = module.kyverno_helm_addon.irsa_name 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.kyverno_helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/irsa/outputs.tf: -------------------------------------------------------------------------------- 1 | output "irsa_iam_role_arn" { 2 | description = "IAM role ARN for your service account" 3 | value = try(aws_iam_role.irsa[0].arn, null) 4 | } 5 | 6 | output "irsa_iam_role_name" { 7 | description = "IAM role name for your service account" 8 | value = try(aws_iam_role.irsa[0].name, null) 9 | } 10 | 11 | output "namespace" { 12 | description = "IRSA Namespace" 13 | value = try(kubernetes_namespace_v1.irsa[0].id, var.kubernetes_namespace) 14 | } 15 | 16 | output "service_account" { 17 | description = "IRSA Service Account" 18 | value = try(kubernetes_service_account_v1.irsa[0].id, var.kubernetes_service_account) 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-csi-driver/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/cert-manager/csi-driver/blob/main/deploy/charts/csi-driver/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "cert-manager-csi-driver" 8 | chart = "cert-manager-csi-driver" 9 | repository = "https://charts.jetstack.io" 10 | version = "v0.4.2" 11 | namespace = "cert-manager" 12 | description = "Cert Manager CSI Driver Add-on" 13 | }, 14 | var.helm_config 15 | ) 16 | 17 | manage_via_gitops = var.manage_via_gitops 18 | addon_context = var.addon_context 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubernetes-dashboard/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "kubernetes-dashboard" 3 | 4 | # https://github.com/kubernetes/dashboard/blob/master/charts/helm-chart/kubernetes-dashboard/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://kubernetes.github.io/dashboard/" 9 | version = "5.11.0" 10 | namespace = local.name 11 | description = "Kubernetes Dashboard Helm Chart" 12 | } 13 | 14 | helm_config = merge( 15 | local.default_helm_config, 16 | var.helm_config 17 | ) 18 | 19 | argocd_gitops_config = { 20 | enable = true 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /addons/cert-manager-le-http/templates/ClusterIssuer-istio.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: cert-manager.io/v1 2 | # kind: ClusterIssuer 3 | # metadata: 4 | # name: letsencrypt-istio 5 | # namespace: istio-system 6 | # spec: 7 | # acme: 8 | # # The ACME server URL 9 | # server: https://acme-v02.api.letsencrypt.org/directory 10 | # # Email address used for ACME registration 11 | # email: {{ .Values.email }} 12 | # # Name of a secret used to store the ACME account private key 13 | # privateKeySecretRef: 14 | # name: letsencrypt-istio 15 | # # Enable the HTTP-01 challenge provider 16 | # solvers: 17 | # - http01: 18 | # ingress: 19 | # class: istio 20 | -------------------------------------------------------------------------------- /addons/service_monitor_crd/README.md: -------------------------------------------------------------------------------- 1 | # service_monitor_crd 2 | 3 | 4 | ## Requirements 5 | 6 | No requirements. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [helm](#provider\_helm) | n/a | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [helm_release.service-monitor-crd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 23 | 24 | ## Inputs 25 | 26 | No inputs. 27 | 28 | ## Outputs 29 | 30 | No outputs. 31 | 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cilium/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = module.helm_addon.service_account 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/metrics-server/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "metrics-server" 3 | 4 | # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://kubernetes-sigs.github.io/metrics-server/" 9 | version = "3.8.2" 10 | namespace = "kube-system" 11 | description = "Metric server helm Chart deployment configuration" 12 | } 13 | 14 | helm_config = merge( 15 | local.default_helm_config, 16 | var.helm_config 17 | ) 18 | 19 | argocd_gitops_config = { 20 | enable = true 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-coredns/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = try(module.helm_addon[0].release_metadata, null) 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = try(module.helm_addon[0].irsa_arn, null) 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = try(module.helm_addon[0].irsa_name, null) 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = try(module.helm_addon[0].service_account, null) 19 | } 20 | -------------------------------------------------------------------------------- /addons/karpenter/karpenter.yaml: -------------------------------------------------------------------------------- 1 | nodeSelector: 2 | kubernetes.io/os: linux 3 | clusterName: ${eks_cluster_id} 4 | clusterEndpoint: ${eks_cluster_endpoint} 5 | aws: 6 | defaultInstanceProfile: ${node_iam_instance_profile} 7 | 8 | controller: 9 | resources: 10 | requests: 11 | cpu: 50m 12 | memory: 200Mi 13 | limits: 14 | cpu: 500m 15 | memory: 1Gi 16 | 17 | podAnnotations: 18 | co.elastic.logs/enabled: "true" 19 | 20 | affinity: 21 | nodeAffinity: 22 | requiredDuringSchedulingIgnoredDuringExecution: 23 | nodeSelectorTerms: 24 | - matchExpressions: 25 | - key: "Infra-Services" 26 | operator: In 27 | values: 28 | - "true" 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/keda/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "keda_irsa" { 11 | description = "KEDA IAM role policy for SQS and CloudWatch" 12 | name = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa" 13 | path = var.addon_context.irsa_iam_role_path 14 | policy = data.aws_iam_policy_document.keda_irsa.json 15 | tags = var.addon_context.tags 16 | } 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/promtail/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/grafana/helm-charts/blob/main/charts/promtail/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "promtail" 8 | chart = "promtail" 9 | repository = "https://grafana.github.io/helm-charts" 10 | version = "6.6.0" 11 | namespace = "promtail" 12 | create_namespace = true 13 | description = "Promtail helm Chart deployment configuration" 14 | }, 15 | var.helm_config 16 | ) 17 | 18 | manage_via_gitops = var.manage_via_gitops 19 | addon_context = var.addon_context 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-ebs-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = try(module.helm_addon[0].release_metadata, null) 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = try(module.helm_addon[0].irsa_arn, null) 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = try(module.helm_addon[0].irsa_name, null) 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = try(module.helm_addon[0].service_account, null) 19 | } 20 | -------------------------------------------------------------------------------- /addons/metrics_server_vpa/templates/vpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "autoscaling.k8s.io/v1" 2 | kind: VerticalPodAutoscaler 3 | metadata: 4 | name: metrics-server-vpa 5 | namespace: kube-system 6 | spec: 7 | targetRef: 8 | apiVersion: "apps/v1" 9 | kind: Deployment 10 | name: {{ .Values.metricsServerDeploymentName}} 11 | updatePolicy: 12 | updateMode: "Auto" 13 | resourcePolicy: 14 | containerPolicies: 15 | - containerName: '*' 16 | minAllowed: 17 | cpu: {{ .Values.minCPU}} 18 | memory: {{ .Values.minMemory}} 19 | maxAllowed: 20 | cpu: {{ .Values.maxCPU}} 21 | memory: {{ .Values.maxMemory}} 22 | controlledResources: ["cpu", "memory"] 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/chaos-mesh/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/chaos-mesh/chaos-mesh/blob/master/helm/chaos-mesh/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "chaos-mesh" 8 | chart = "chaos-mesh" 9 | repository = "https://charts.chaos-mesh.org" 10 | version = "2.4.1" 11 | namespace = "chaos-testing" 12 | create_namespace = true 13 | description = "chaos mesh helm Chart deployment configuration" 14 | }, 15 | var.helm_config 16 | ) 17 | 18 | manage_via_gitops = var.manage_via_gitops 19 | addon_context = var.addon_context 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/opentelemetry-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "release_metadata" { 2 | description = "Map of attributes of the Helm release metadata" 3 | value = try(module.helm_addon[0].release_metadata, null) 4 | } 5 | 6 | output "irsa_arn" { 7 | description = "IAM role ARN for the service account" 8 | value = try(module.helm_addon[0].irsa_arn, null) 9 | } 10 | 11 | output "irsa_name" { 12 | description = "IAM role name for the service account" 13 | value = try(module.helm_addon[0].irsa_name, null) 14 | } 15 | 16 | output "service_account" { 17 | description = "Name of Kubernetes service account" 18 | value = try(module.helm_addon[0].service_account, null) 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/smb-csi-driver/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/kubernetes-csi/csi-driver-smb/blob/master/charts/latest/csi-driver-smb/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "csi-driver-smb" 8 | chart = "csi-driver-smb" 9 | repository = "https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts" 10 | version = "v1.9.0" 11 | namespace = "kube-system" 12 | description = "SMB CSI driver helm Chart deployment configuration" 13 | }, 14 | var.helm_config 15 | ) 16 | 17 | manage_via_gitops = var.manage_via_gitops 18 | addon_context = var.addon_context 19 | } 20 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/emr-on-eks/variables.tf: -------------------------------------------------------------------------------- 1 | variable "eks_cluster_id" { 2 | description = "EKS Cluster ID" 3 | type = string 4 | } 5 | 6 | variable "tags" { 7 | description = "Common Tags for AWS resources" 8 | type = map(string) 9 | } 10 | 11 | variable "emr_on_eks_teams" { 12 | description = "EMR on EKS Teams configuration" 13 | type = any 14 | default = {} 15 | } 16 | 17 | variable "iam_role_path" { 18 | description = "IAM role path" 19 | type = string 20 | default = "/" 21 | } 22 | 23 | variable "iam_role_permissions_boundary" { 24 | description = "ARN of the policy that is used to set the permissions boundary for the IAM role" 25 | type = string 26 | default = null 27 | } 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/datadog-operator/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "datadog-operator" 3 | } 4 | 5 | module "helm_addon" { 6 | source = "../helm-addon" 7 | 8 | # https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/Chart.yaml 9 | helm_config = merge( 10 | { 11 | name = local.name 12 | chart = local.name 13 | repository = "https://helm.datadoghq.com" 14 | version = "0.8.8" 15 | namespace = local.name 16 | create_namespace = true 17 | description = "Datadog Operator" 18 | }, 19 | var.helm_config 20 | ) 21 | manage_via_gitops = var.manage_via_gitops 22 | 23 | addon_context = var.addon_context 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-secrets/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | manage_via_gitops = var.manage_via_gitops 4 | set_values = local.set_values 5 | helm_config = local.helm_config 6 | irsa_config = local.irsa_config 7 | addon_context = var.addon_context 8 | } 9 | 10 | resource "aws_iam_policy" "external_secrets" { 11 | name = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa" 12 | path = var.addon_context.irsa_iam_role_path 13 | description = "Provides permissions to for External Secrets to retrieve secrets from AWS SSM and AWS Secrets Manager" 14 | policy = data.aws_iam_policy_document.external_secrets.json 15 | } 16 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "secrets-store-csi-driver" 3 | 4 | # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" 9 | version = "1.2.4" 10 | namespace = local.name 11 | description = "A Helm chart to install the Secrets Store CSI Driver" 12 | } 13 | 14 | helm_config = merge( 15 | local.default_helm_config, 16 | var.helm_config 17 | ) 18 | 19 | argocd_gitops_config = { 20 | enable = true 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/data.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # SSH Key 3 | # --------------------------------------------------------------------------------------------------------------------- 4 | 5 | data "aws_secretsmanager_secret" "ssh_key" { 6 | for_each = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null } 7 | name = each.value.ssh_key_secret_name 8 | } 9 | 10 | data "aws_secretsmanager_secret_version" "ssh_key_version" { 11 | for_each = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null } 12 | secret_id = data.aws_secretsmanager_secret.ssh_key[each.key].id 13 | } 14 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbacEnable }} 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | labels: 6 | {{ include "kuberay-operator.labels" . | indent 4 }} 7 | name: {{ include "kuberay-operator.fullname" . }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - configmaps/status 25 | verbs: 26 | - get 27 | - update 28 | - patch 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - events 33 | verbs: 34 | - create 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /addons/aws-ebs-storage-class/variables.tf: -------------------------------------------------------------------------------- 1 | variable "kms_key_id" { 2 | type = string 3 | default = "" 4 | description = "KMS key to Encrypt storage class." 5 | } 6 | 7 | variable "storage_class_name" { 8 | description = "storage class name" 9 | default = "" 10 | type = string 11 | } 12 | 13 | variable "single_az_ebs_gp3_storage_class_name" { 14 | type = string 15 | default = "" 16 | description = "Name for the single az storage class" 17 | } 18 | 19 | variable "single_az_ebs_gp3_storage_class" { 20 | type = bool 21 | default = false 22 | description = "Enable Single az storage class." 23 | } 24 | 25 | variable "availability_zone" { 26 | type = any 27 | description = "List of Azs" 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/fargate-fluentbit/variables.tf: -------------------------------------------------------------------------------- 1 | variable "addon_config" { 2 | description = "Fargate fluentbit configuration" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | tags = map(string) 19 | }) 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argocd/argocd-application/helm/values.yaml: -------------------------------------------------------------------------------- 1 | # Application Name 2 | name: "" 3 | 4 | # The ArgoCD Project the Application belongs to. 5 | project: "default" 6 | 7 | # Source config for the Application 8 | source: 9 | 10 | # Git Repo the Application points to. 11 | repoUrl: "" 12 | 13 | # Target revision for the repo. 14 | targetRevision: "HEAD" 15 | 16 | # Path in the repo Argo should look for manifests. 17 | path: "" 18 | 19 | # Helm configuration. 20 | helm : 21 | values: "" 22 | 23 | # Destination cluster. 24 | destination: 25 | server: "https://kubernetes.default.svc" 26 | 27 | ignoreDifferences: 28 | # - group: argoproj.io 29 | # kind: Application 30 | # jsonPointers: 31 | # - /spec/syncPolicy 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-kube-proxy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "addon_config" { 2 | description = "Amazon EKS Managed Add-on config for Kube Proxy" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | tags = map(string) 19 | }) 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-autoscaler/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { 4 | enable = true 5 | serviceAccountName = local.service_account 6 | } : null 7 | } 8 | 9 | output "release_metadata" { 10 | description = "Map of attributes of the Helm release metadata" 11 | value = module.helm_addon.release_metadata 12 | } 13 | 14 | output "irsa_arn" { 15 | description = "IAM role ARN for the service account" 16 | value = module.helm_addon.irsa_arn 17 | } 18 | 19 | output "service_account" { 20 | description = "Name of Kubernetes service account" 21 | value = module.helm_addon.service_account 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for local volume provisioner" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | tags = map(string) 19 | }) 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/nvidia-device-plugin/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "nvidia-device-plugin" 3 | 4 | # https://github.com/NVIDIA/k8s-device-plugin/blob/master/deployments/helm/nvidia-device-plugin/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://nvidia.github.io/k8s-device-plugin" 9 | version = "0.12.3" 10 | namespace = local.name 11 | description = "nvidia-device-plugin Helm Chart deployment configuration" 12 | create_namespace = true 13 | } 14 | 15 | helm_config = merge( 16 | local.default_helm_config, 17 | var.helm_config 18 | ) 19 | 20 | argocd_gitops_config = { 21 | enable = true 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "yunikorn" 3 | 4 | # https://github.com/apache/yunikorn-release/blob/master/helm-charts/yunikorn/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://apache.github.io/yunikorn-release" 9 | version = "1.1.0" 10 | namespace = local.name 11 | description = "Apache YuniKorn (Incubating) is a light-weight, universal resource scheduler for container orchestrator systems" 12 | values = [file("${path.module}/values.yaml")] 13 | } 14 | 15 | helm_config = merge( 16 | local.default_helm_config, 17 | var.helm_config 18 | ) 19 | 20 | argocd_gitops_config = { 21 | enable = true 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubecost/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/kubecost/cost-analyzer-helm-chart/blob/develop/cost-analyzer/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "kubecost" 8 | chart = "cost-analyzer" 9 | repository = "oci://public.ecr.aws/kubecost" 10 | version = "1.97.0" 11 | namespace = "kubecost" 12 | values = [file("${path.module}/values.yaml")] 13 | create_namespace = true 14 | description = "Kubecost Helm Chart deployment configuration" 15 | }, 16 | var.helm_config 17 | ) 18 | 19 | manage_via_gitops = var.manage_via_gitops 20 | addon_context = var.addon_context 21 | } 22 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-teams/variables.tf: -------------------------------------------------------------------------------- 1 | variable "application_teams" { 2 | description = "Map of maps of teams to create" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "platform_teams" { 8 | description = "Map of maps of teams to create" 9 | type = any 10 | default = {} 11 | } 12 | 13 | variable "tags" { 14 | description = "A map of tags to add to all resources" 15 | type = map(string) 16 | default = {} 17 | } 18 | 19 | variable "eks_cluster_id" { 20 | description = "EKS Cluster name" 21 | type = string 22 | } 23 | 24 | variable "iam_role_permissions_boundary" { 25 | description = "ARN of the policy that is used to set the permissions boundary for the IAM role" 26 | type = string 27 | default = null 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: provisioner 3 | description: local provisioner chart 4 | keywords: 5 | - storage 6 | - local 7 | 8 | # This is the chart version. This version number should be incremented each time you make changes 9 | # to the chart and its templates, including the app version. 10 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 11 | version: 2.6.0-alpha.1 12 | 13 | # This is the version number of the application being deployed. This version number should be 14 | # incremented each time you make changes to the application. Versions are not expected to 15 | # follow Semantic Versioning. They should reflect the version the application is using. 16 | appVersion: 2.4.0 17 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/tetrate-istio/locals_tid.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | tetrate_istio_distribution_helm_config = { 3 | description = "Tetrate Istio Distribution - Simple, safe enterprise-grade Istio distribution" 4 | } 5 | 6 | tetrate_istio_distribution_helm_values = { 7 | cni = tolist([yamlencode({ 8 | "global" : { 9 | "hub" : "containers.istio.tetratelabs.com", 10 | "tag" : "${lookup(var.cni_helm_config, "version", local.default_helm_config.version)}-tetratefips-v0", 11 | } 12 | })]) 13 | istiod = tolist([yamlencode({ 14 | "global" : { 15 | "hub" : "containers.istio.tetratelabs.com", 16 | "tag" : "${lookup(var.istiod_helm_config, "version", local.default_helm_config.version)}-tetratefips-v0", 17 | } 18 | })]) 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/calico/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/projectcalico/calico/blob/master/charts/tigera-operator/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "calico" 8 | chart = "tigera-operator" 9 | repository = "https://docs.projectcalico.org/charts" 10 | version = "v3.24.3" 11 | namespace = "tigera-operator" 12 | values = [ 13 | <<-EOT 14 | installation: 15 | kubernetesProvider: "EKS" 16 | EOT 17 | ] 18 | create_namespace = true 19 | description = "calico helm Chart deployment configuration" 20 | }, 21 | var.helm_config 22 | ) 23 | manage_via_gitops = var.manage_via_gitops 24 | addon_context = var.addon_context 25 | } 26 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/vpa/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /addons/metrics_server/metrics_server.yaml: -------------------------------------------------------------------------------- 1 | ## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" 2 | 3 | affinity: 4 | nodeAffinity: 5 | requiredDuringSchedulingIgnoredDuringExecution: 6 | nodeSelectorTerms: 7 | - matchExpressions: 8 | - key: "Infra-Services" 9 | operator: In 10 | values: 11 | - "true" 12 | 13 | ## Particular args to be passed in deployment 14 | 15 | extraArgs: 16 | - --kubelet-preferred-address-types=InternalIP 17 | - --v=2 18 | 19 | apiService: 20 | create: true 21 | 22 | ## Using limits and requests 23 | 24 | resources: 25 | limits: 26 | cpu: 200m 27 | memory: 250Mi 28 | requests: 29 | cpu: 50m 30 | memory: 150Mi 31 | 32 | podAnnotations: 33 | co.elastic.logs/enabled: "true" 34 | 35 | replicas: 2 36 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/calico/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubecost/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/promtail/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/traefik/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/chaos-mesh/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/ingress-nginx/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/keda/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubecost/values.yaml: -------------------------------------------------------------------------------- 1 | # https://github.com/kubecost/cost-analyzer-helm-chart/blob/master/cost-analyzer/values-eks-cost-monitoring.yaml 2 | global: 3 | grafana: 4 | enabled: false 5 | proxy: false 6 | 7 | imageVersion: prod-1.97.0 8 | kubecostFrontend: 9 | image: public.ecr.aws/kubecost/frontend 10 | 11 | kubecostModel: 12 | image: public.ecr.aws/kubecost/cost-model 13 | 14 | kubecostMetrics: 15 | emitPodAnnotations: true 16 | emitNamespaceAnnotations: true 17 | 18 | prometheus: 19 | server: 20 | image: 21 | repository: public.ecr.aws/kubecost/prometheus 22 | tag: v2.35.0 23 | 24 | configmapReload: 25 | prometheus: 26 | image: 27 | repository: public.ecr.aws/bitnami/configmap-reload 28 | tag: 0.7.1 29 | 30 | reporting: 31 | productAnalytics: false 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/smb-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/agones/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/airflow/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for the airflow." 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | tags = map(string) 19 | irsa_iam_role_path = string 20 | irsa_iam_permissions_boundary = string 21 | }) 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/datadog-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/gatekeeper/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/grafana/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/karpenter/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/reloader/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-k8s-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/velero/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-rollouts/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-workflows/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-dns/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with GitOps" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for KubeRay Operator" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | irsa_iam_permissions_boundary = string 19 | irsa_iam_role_path = string 20 | tags = map(string) 21 | }) 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/metrics-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/strimzi-kafka-operator/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-fsx-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-privateca-issuer/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/external-secrets/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubernetes-dashboard/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/nvidia-device-plugin/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-history-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-cloudwatch-metrics/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/csi-secrets-store-provider-aws/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { enable = true } : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kube-prometheus-stack/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for kube-prometheus-stack" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "addon_context" { 8 | description = "Input configuration for the addon" 9 | type = object({ 10 | aws_caller_identity_account_id = string 11 | aws_caller_identity_arn = string 12 | aws_eks_cluster_endpoint = string 13 | aws_partition_id = string 14 | aws_region_name = string 15 | eks_cluster_id = string 16 | eks_oidc_issuer_url = string 17 | eks_oidc_provider_arn = string 18 | tags = map(string) 19 | irsa_iam_role_path = string 20 | irsa_iam_permissions_boundary = string 21 | }) 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kuberay-operator/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "kuberay-operator" 3 | namespace = try(var.helm_config.namespace, local.name) 4 | } 5 | 6 | resource "kubernetes_namespace_v1" "this" { 7 | metadata { 8 | name = local.namespace 9 | } 10 | } 11 | 12 | module "helm_addon" { 13 | source = "../helm-addon" 14 | 15 | # https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/Chart.yaml 16 | helm_config = merge( 17 | { 18 | name = local.name 19 | chart = "${path.module}/kuberay-operator-config" 20 | version = "0.3.0" 21 | namespace = kubernetes_namespace_v1.this.metadata[0].name 22 | description = "KubeRay Operator Helm Chart deployment configuration" 23 | }, 24 | var.helm_config 25 | ) 26 | 27 | addon_context = var.addon_context 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/secrets-store-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = module.helm_addon.release_metadata 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = module.helm_addon.irsa_arn 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = module.helm_addon.irsa_name 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = module.helm_addon.service_account 24 | } 25 | -------------------------------------------------------------------------------- /examples/complete/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.region 3 | default_tags { 4 | tags = local.additional_tags 5 | } 6 | } 7 | 8 | data "aws_eks_cluster" "cluster" { 9 | name = "" 10 | } 11 | 12 | data "aws_eks_cluster_auth" "cluster" { 13 | name = "" 14 | } 15 | 16 | provider "kubernetes" { 17 | host = data.aws_eks_cluster.cluster.endpoint 18 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) 19 | token = data.aws_eks_cluster_auth.cluster.token 20 | } 21 | 22 | provider "helm" { 23 | kubernetes { 24 | host = data.aws_eks_cluster.cluster.endpoint 25 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) 26 | token = data.aws_eks_cluster_auth.cluster.token 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-node-termination-handler/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "aws_node_termination_handler_queue_policy_document" { 2 | statement { 3 | actions = [ 4 | "sqs:SendMessage" 5 | ] 6 | principals { 7 | type = "Service" 8 | identifiers = [ 9 | "events.amazonaws.com", 10 | "sqs.amazonaws.com" 11 | ] 12 | } 13 | resources = [ 14 | aws_sqs_queue.aws_node_termination_handler_queue.arn 15 | ] 16 | } 17 | } 18 | 19 | data "aws_iam_policy_document" "irsa_policy" { 20 | statement { 21 | actions = [ 22 | "autoscaling:CompleteLifecycleAction", 23 | "autoscaling:DescribeAutoScalingInstances", 24 | "autoscaling:DescribeTags", 25 | "ec2:DescribeInstances", 26 | "sqs:DeleteMessage", 27 | "sqs:ReceiveMessage", 28 | ] 29 | resources = ["*"] 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/prometheus/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? merge( 4 | { enable = true }, 5 | local.amp_gitops_config 6 | ) : null 7 | } 8 | 9 | output "release_metadata" { 10 | description = "Map of attributes of the Helm release metadata" 11 | value = module.helm_addon.release_metadata 12 | } 13 | 14 | output "irsa_arn" { 15 | description = "IAM role ARN for the service account" 16 | value = module.helm_addon.irsa_arn 17 | } 18 | 19 | output "irsa_name" { 20 | description = "IAM role name for the service account" 21 | value = module.helm_addon.irsa_name 22 | } 23 | 24 | output "service_account" { 25 | description = "Name of Kubernetes service account" 26 | value = module.helm_addon.service_account 27 | } 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf: -------------------------------------------------------------------------------- 1 | module "helm_addon" { 2 | source = "../helm-addon" 3 | 4 | # https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/blob/master/charts/cluster-proportional-autoscaler/Chart.yaml 5 | helm_config = merge( 6 | { 7 | name = "cluster-proportional-autoscaler" 8 | chart = "cluster-proportional-autoscaler" 9 | repository = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler" 10 | version = "1.0.1" 11 | namespace = "kube-system" 12 | values = [templatefile("${path.module}/values.yaml", { 13 | operating_system = "linux" 14 | })] 15 | description = "Cluster Proportional Autoscaler Helm Chart" 16 | }, 17 | var.helm_config 18 | ) 19 | 20 | manage_via_gitops = var.manage_via_gitops 21 | addon_context = var.addon_context 22 | } 23 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/reloader/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "reloader" 3 | 4 | argocd_gitops_config = { 5 | enable = true 6 | serviceAccountName = local.name 7 | } 8 | } 9 | 10 | module "helm_addon" { 11 | source = "../helm-addon" 12 | 13 | # https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/chart/reloader/Chart.yaml 14 | helm_config = merge( 15 | { 16 | name = local.name 17 | chart = local.name 18 | repository = "https://stakater.github.io/stakater-charts" 19 | version = "v0.0.124" 20 | namespace = local.name 21 | create_namespace = true 22 | description = "Reloader Helm Chart deployment configuration" 23 | }, 24 | var.helm_config 25 | ) 26 | 27 | manage_via_gitops = var.manage_via_gitops 28 | addon_context = var.addon_context 29 | } 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/chaos-mesh/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for calico" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/vpa/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for VPA" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? { 4 | enable = true 5 | serviceAccountName = local.service_account 6 | } : null 7 | } 8 | 9 | output "release_metadata" { 10 | description = "Map of attributes of the Helm release metadata" 11 | value = module.helm_addon.release_metadata 12 | } 13 | 14 | output "irsa_arn" { 15 | description = "IAM role ARN for the service account" 16 | value = module.helm_addon.irsa_arn 17 | } 18 | 19 | output "irsa_name" { 20 | description = "IAM role name for the service account" 21 | value = module.helm_addon.irsa_name 22 | } 23 | 24 | output "service_account" { 25 | description = "Name of Kubernetes service account" 26 | value = module.helm_addon.service_account 27 | } 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/datadog-operator/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for calico" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/traefik/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for Traefik" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-staging.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: {{ .Release.Name }}-staging-route53 5 | labels: 6 | ca: letsencrypt 7 | environment: staging 8 | solver: dns01 9 | provider: route53 10 | spec: 11 | acme: 12 | {{- if .Values.email }} 13 | email: {{ .Values.email }} 14 | {{- end }} 15 | server: https://acme-staging-v02.api.letsencrypt.org/directory 16 | preferredChain: ISRG Root X1 17 | privateKeySecretRef: 18 | name: {{ .Release.Name }}-staging-route53 19 | solvers: 20 | - dns01: 21 | route53: 22 | region: {{ .Values.region | default "global" }} 23 | {{- if .Values.dnsZones }} 24 | selector: 25 | dnsZones: 26 | {{- .Values.dnsZones | toYaml | nindent 12 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-production.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: {{ .Release.Name }}-production-route53 5 | labels: 6 | ca: letsencrypt 7 | environment: production 8 | solver: dns01 9 | provider: route53 10 | spec: 11 | acme: 12 | {{- if .Values.email }} 13 | email: {{ .Values.email }} 14 | {{- end }} 15 | server: https://acme-v02.api.letsencrypt.org/directory 16 | preferredChain: ISRG Root X1 17 | privateKeySecretRef: 18 | name: {{ .Release.Name }}-production-route53 19 | solvers: 20 | - dns01: 21 | route53: 22 | region: {{ .Values.region | default "global" }} 23 | {{- if .Values.dnsZones }} 24 | selector: 25 | dnsZones: 26 | {{- .Values.dnsZones | toYaml | nindent 12 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/ingress-nginx/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Ingress NGINX Helm Configuration" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/smb-csi-driver/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for SMB CSI driver" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-kube-proxy/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "kube-proxy" 3 | } 4 | 5 | data "aws_eks_addon_version" "this" { 6 | addon_name = local.name 7 | kubernetes_version = var.addon_config.kubernetes_version 8 | most_recent = try(var.addon_config.most_recent, false) 9 | } 10 | 11 | resource "aws_eks_addon" "kube_proxy" { 12 | cluster_name = var.addon_context.eks_cluster_id 13 | addon_name = local.name 14 | addon_version = try(var.addon_config.addon_version, data.aws_eks_addon_version.this.version) 15 | resolve_conflicts = try(var.addon_config.resolve_conflicts, "OVERWRITE") 16 | service_account_role_arn = try(var.addon_config.service_account_role_arn, null) 17 | preserve = try(var.addon_config.preserve, true) 18 | 19 | tags = merge( 20 | var.addon_context.tags, 21 | try(var.addon_config.tags, {}) 22 | ) 23 | } 24 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/metrics-server/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for Metrics Server" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/agones/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "agones" 3 | namespace = "agones-system" 4 | 5 | # https://github.com/googleforgames/agones/blob/main/install/helm/agones/Chart.yaml 6 | default_helm_config = { 7 | name = local.name 8 | chart = local.name 9 | repository = "https://agones.dev/chart/stable" 10 | version = "1.27.0" 11 | namespace = local.namespace 12 | description = "Agones Gaming Server Helm Chart deployment configuration" 13 | values = local.default_helm_values 14 | gameserver_minport = 7000 15 | gameserver_maxport = 8000 16 | } 17 | 18 | default_helm_values = [templatefile("${path.module}/values.yaml", {})] 19 | 20 | helm_config = merge( 21 | local.default_helm_config, 22 | var.helm_config 23 | ) 24 | 25 | argocd_gitops_config = { 26 | enable = true 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/argo-rollouts/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for the Argo Rollouts" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-fsx-csi-driver/main.tf: -------------------------------------------------------------------------------- 1 | #------------------------------------------------- 2 | # FSx for Lustre Helm Add-on 3 | #------------------------------------------------- 4 | module "helm_addon" { 5 | source = "../helm-addon" 6 | manage_via_gitops = var.manage_via_gitops 7 | set_values = local.set_values 8 | helm_config = local.helm_config 9 | irsa_config = local.irsa_config 10 | addon_context = var.addon_context 11 | } 12 | 13 | #------------------------------------------------- 14 | # IRSA IAM policy for FSx for Lustre 15 | #------------------------------------------------- 16 | resource "aws_iam_policy" "aws_fsx_csi_driver" { 17 | name = "${var.addon_context.eks_cluster_id}-fsx-csi-policy" 18 | description = "IAM Policy for AWS FSx CSI Driver" 19 | policy = data.aws_iam_policy_document.aws_fsx_csi_driver.json 20 | tags = var.addon_context.tags 21 | } 22 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_route53_zone" "selected" { 2 | for_each = toset(var.domain_names) 3 | 4 | name = each.key 5 | } 6 | 7 | data "aws_iam_policy_document" "cert_manager_iam_policy_document" { 8 | statement { 9 | effect = "Allow" 10 | resources = ["arn:${var.addon_context.aws_partition_id}:route53:::change/*"] 11 | actions = ["route53:GetChange"] 12 | } 13 | 14 | dynamic "statement" { 15 | for_each = { for k, v in toset(var.domain_names) : k => data.aws_route53_zone.selected[k].arn } 16 | 17 | content { 18 | effect = "Allow" 19 | resources = [statement.value] 20 | actions = [ 21 | "route53:ChangeresourceRecordSets", 22 | "route53:ListresourceRecordSets" 23 | ] 24 | } 25 | } 26 | 27 | statement { 28 | effect = "Allow" 29 | resources = ["*"] 30 | actions = ["route53:ListHostedZonesByName"] 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/spark-k8s-operator/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for Spark K8s Operator" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubernetes-dashboard/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for the Kubernetes Dashboard" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cluster-proportional-autoscaler/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for the Karpenter" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/fargate-fluentbit/main.tf: -------------------------------------------------------------------------------- 1 | # Help on Fargate Logging with Fluentbit and CloudWatch 2 | # https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html 3 | 4 | resource "kubernetes_namespace" "aws_observability" { 5 | metadata { 6 | name = "aws-observability" 7 | 8 | labels = { 9 | aws-observability = "enabled" 10 | } 11 | } 12 | } 13 | 14 | # fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging 15 | resource "kubernetes_config_map" "aws_logging" { 16 | metadata { 17 | name = "aws-logging" 18 | namespace = kubernetes_namespace.aws_observability.id 19 | } 20 | 21 | data = { 22 | "parsers.conf" = local.config["parsers_conf"] 23 | "filters.conf" = local.config["filters_conf"] 24 | "output.conf" = local.config["output_conf"] 25 | "flb_log_cw" = local.config["flb_log_cw"] 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/strimzi-kafka-operator/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "strimzi" 3 | default_helm_config = { 4 | name = local.name 5 | chart = "strimzi-kafka-operator" 6 | repository = "https://strimzi.io/charts/" 7 | version = "0.31.1" 8 | namespace = local.name 9 | create_namespace = true 10 | values = [templatefile("${path.module}/values.yaml", {})] 11 | description = "Strimzi - Apache Kafka on Kubernetes" 12 | } 13 | helm_config = merge(local.default_helm_config, var.helm_config) 14 | } 15 | 16 | #------------------------------------------------- 17 | # Strimzi Kafka Helm Add-on 18 | #------------------------------------------------- 19 | module "helm_addon" { 20 | source = "../helm-addon" 21 | helm_config = local.helm_config 22 | addon_context = var.addon_context 23 | manage_via_gitops = var.manage_via_gitops 24 | } 25 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-teams/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | 3 | data "aws_caller_identity" "current" {} 4 | 5 | data "aws_eks_cluster" "eks_cluster" { 6 | name = var.eks_cluster_id 7 | } 8 | 9 | data "aws_partition" "current" {} 10 | 11 | data "aws_iam_policy_document" "platform_team_eks_access" { 12 | count = length(var.platform_teams) > 0 ? 1 : 0 13 | statement { 14 | sid = "AllowPlatformTeamEKSAccess" 15 | actions = [ 16 | "eks:AccessKubernetesApi", 17 | "eks:DescribeCluster", 18 | "eks:DescribeNodegroup", 19 | "eks:ListClusters", 20 | "eks:ListFargateProfiles", 21 | "eks:ListNodegroups", 22 | "eks:ListUpdates", 23 | "ssm:GetParameter", 24 | ] 25 | resources = [ 26 | data.aws_eks_cluster.eks_cluster.arn 27 | ] 28 | } 29 | 30 | statement { 31 | sid = "AllowListClusters" 32 | actions = ["eks:ListClusters"] 33 | resources = ["*"] 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/airflow/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "airflow" 3 | 4 | # https://github.com/apache/airflow/blob/main/chart/Chart.yaml 5 | default_helm_config = { 6 | name = local.name 7 | chart = local.name 8 | repository = "https://airflow.apache.org" 9 | version = "1.7.0" 10 | namespace = local.name 11 | create_namespace = true 12 | values = [templatefile("${path.module}/values.yaml", {})] 13 | description = "Apache Airflow v2 Helm chart deployment configuration" 14 | } 15 | 16 | helm_config = merge(local.default_helm_config, var.helm_config) 17 | } 18 | 19 | #------------------------------------------------- 20 | # Apache Airflow Helm Add-on 21 | #------------------------------------------------- 22 | module "helm_addon" { 23 | source = "../helm-addon" 24 | 25 | helm_config = local.helm_config 26 | addon_context = var.addon_context 27 | } 28 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/aws-vpc-cni/variables.tf: -------------------------------------------------------------------------------- 1 | variable "addon_config" { 2 | description = "Amazon EKS Managed Add-on" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "enable_ipv6" { 8 | description = "Enable IPV6 CNI policy" 9 | type = any 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kube-prometheus-stack/values.yaml: -------------------------------------------------------------------------------- 1 | # Create default rules for monitoring the cluster 2 | # Disable rules for unreachable components 3 | defaultRules: 4 | create: true 5 | rules: 6 | etcd: false 7 | kubeScheduler: false 8 | 9 | # Disable component scraping for the kube controller manager, etcd, and kube-scheduler 10 | # These components are not reachable on EKS 11 | kubeControllerManager: 12 | enabled: false 13 | kubeEtcd: 14 | enabled: false 15 | kubeScheduler: 16 | enabled: false 17 | 18 | prometheus: 19 | prometheusSpec: 20 | # Prometheus StorageSpec for persistent data on AWS EBS 21 | # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md 22 | storageSpec: 23 | volumeClaimTemplate: 24 | spec: 25 | storageClassName: gp2 26 | accessModes: ["ReadWriteOnce"] 27 | resources: 28 | requests: 29 | storage: 20Gi 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_gitops_config" { 2 | description = "Configuration used for managing the add-on with ArgoCD" 3 | value = var.manage_via_gitops ? local.argocd_gitops_config : null 4 | } 5 | 6 | output "eks_cluster_id" { 7 | description = "Current AWS EKS Cluster ID" 8 | value = var.addon_context.eks_cluster_id 9 | } 10 | 11 | output "release_metadata" { 12 | description = "Map of attributes of the Helm release metadata" 13 | value = module.helm_addon.release_metadata 14 | } 15 | 16 | output "irsa_arn" { 17 | description = "IAM role ARN for the service account" 18 | value = module.helm_addon.irsa_arn 19 | } 20 | 21 | output "irsa_name" { 22 | description = "IAM role name for the service account" 23 | value = module.helm_addon.irsa_name 24 | } 25 | 26 | output "service_account" { 27 | description = "Name of Kubernetes service account" 28 | value = module.helm_addon.service_account 29 | } 30 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/aws-eks-self-managed-node-groups/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "self_managed_ng_assume_role_policy" { 2 | statement { 3 | sid = "EKSWorkerAssumeRole" 4 | 5 | actions = [ 6 | "sts:AssumeRole", 7 | ] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = [local.ec2_principal] 12 | } 13 | } 14 | } 15 | 16 | # Default AWS-provided EKS optimized AMIs 17 | data "aws_ami" "predefined" { 18 | for_each = local.predefined_ami_names 19 | most_recent = true 20 | owners = ["amazon"] 21 | filter { 22 | name = "name" 23 | values = [each.value] 24 | } 25 | } 26 | 27 | data "aws_iam_policy_document" "eks_windows_cni" { 28 | statement { 29 | sid = "" 30 | effect = "Allow" 31 | resources = ["*"] 32 | 33 | actions = [ 34 | "ec2:DescribeInstances", 35 | "ec2:DescribeInstanceTypes", 36 | "ec2:DescribeNetworkInterfaces", 37 | "ec2:DescribeTags", 38 | ] 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /addons/cluster_autoscaler/cluster_autoscaler.yaml: -------------------------------------------------------------------------------- 1 | ## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" 2 | 3 | affinity: 4 | nodeAffinity: 5 | requiredDuringSchedulingIgnoredDuringExecution: 6 | nodeSelectorTerms: 7 | - matchExpressions: 8 | - key: "Infra-Services" 9 | operator: In 10 | values: 11 | - "true" 12 | 13 | podAnnotations: 14 | co.elastic.logs/enabled: "true" 15 | 16 | ## Extra Arguments for cluster autoscaler 17 | 18 | extraArgs: 19 | expander: least-waste 20 | balance-similar-node-groups: true 21 | skip-nodes-with-system-pods: false 22 | skip-nodes-with-local-storage: false 23 | aws-use-static-instance-list: true 24 | 25 | awsRegion: ${aws_region} 26 | 27 | autoDiscovery: 28 | clusterName: ${eks_cluster_id} 29 | 30 | 31 | ## Using limits and requests 32 | 33 | resources: 34 | limits: 35 | cpu: 500m 36 | memory: 1000Mi 37 | requests: 38 | cpu: 50m 39 | memory: 800Mi 40 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/calico/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for calico" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/helm-addon/outputs.tf: -------------------------------------------------------------------------------- 1 | output "helm_release" { 2 | description = "Map of attributes of the Helm release created without sensitive outputs" 3 | value = try({ for k, v in helm_release.addon : k => v if k != "repository_password" }, {}) 4 | } 5 | 6 | output "release_metadata" { 7 | description = "Map of attributes of the Helm release metadata" 8 | value = try(helm_release.addon[0].metadata, null) 9 | } 10 | 11 | output "irsa_arn" { 12 | description = "IAM role ARN for the service account" 13 | value = try(module.irsa[0].irsa_iam_role_arn, null) 14 | } 15 | 16 | output "irsa_name" { 17 | description = "IAM role name for the service account" 18 | value = try(module.irsa[0].irsa_iam_role_name, null) 19 | } 20 | 21 | output "service_account" { 22 | description = "Name of Kubernetes service account" 23 | value = try(coalesce(try(module.irsa[0].service_account, null), lookup(var.irsa_config, "kubernetes_service_account", null)), null) 24 | } 25 | -------------------------------------------------------------------------------- /addons/core_dns_hpa/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: core-dns-hpa-cpu 5 | namespace: kube-system 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: {{ .Values.corednsdeploymentname}} 11 | minReplicas: {{ .Values.minReplicas}} 12 | maxReplicas: {{ .Values.maxReplicas}} 13 | targetCPUUtilizationPercentage: {{ .Values.targetCPUUtilizationPercentage}} 14 | 15 | --- 16 | --- 17 | apiVersion: autoscaling/v2 18 | kind: HorizontalPodAutoscaler 19 | metadata: 20 | name: core-dns-hpa-memory 21 | namespace: kube-system 22 | spec: 23 | scaleTargetRef: 24 | apiVersion: apps/v1 25 | kind: Deployment 26 | name: coredns 27 | minReplicas: {{ .Values.minReplicas}} 28 | maxReplicas: {{ .Values.maxReplicas}} 29 | metrics: 30 | - type: Resource 31 | resource: 32 | name: memory 33 | target: 34 | type: Utilization 35 | averageValue: {{ .Values.targetMemoryUtilizationPercentage}} 36 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/kubecost/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for kubecost." 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/promtail/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for promtail" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/ingress-nginx/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = try(var.helm_config.name, "ingress-nginx") 3 | namespace = try(var.helm_config.namespace, local.name) 4 | } 5 | 6 | resource "kubernetes_namespace_v1" "this" { 7 | count = try(var.helm_config.create_namespace, true) && local.namespace != "kube-system" ? 1 : 0 8 | 9 | metadata { 10 | name = local.namespace 11 | } 12 | } 13 | 14 | module "helm_addon" { 15 | source = "../helm-addon" 16 | 17 | helm_config = merge( 18 | { 19 | name = local.name 20 | chart = local.name 21 | repository = "https://kubernetes.github.io/ingress-nginx" 22 | version = "4.1.4" 23 | namespace = try(kubernetes_namespace_v1.this[0].metadata[0].name, local.namespace) 24 | description = "The NGINX HelmChart Ingress Controller deployment configuration" 25 | }, 26 | var.helm_config 27 | ) 28 | 29 | manage_via_gitops = var.manage_via_gitops 30 | addon_context = var.addon_context 31 | } 32 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/yunikorn/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for Yunikorn" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps" 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/reloader/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for Reloader." 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/cert-manager-istio-csr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm Config for istio-csr." 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /addons/velero/variable.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "Specify the name prefix of the EKS cluster resources." 3 | type = string 4 | default = "" 5 | } 6 | 7 | variable "cluster_id" { 8 | description = "Provide name of cluster to take backup." 9 | type = string 10 | default = "" 11 | } 12 | 13 | variable "region" { 14 | description = "AWS region for the EKS cluster" 15 | default = "us-east-2" 16 | type = string 17 | } 18 | 19 | variable "environment" { 20 | description = "Environment identifier for the EKS cluster" 21 | default = "" 22 | type = string 23 | } 24 | 25 | variable "velero_config" { 26 | description = "velero configurations" 27 | type = any 28 | default = { 29 | slack_token = "" 30 | slack_channel_name = "" 31 | retention_period_in_days = 45 32 | namespaces = "" 33 | schedule_cron_time = "" 34 | velero_backup_name = "" 35 | backup_bucket_name = "" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/gatekeeper/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | argocd_gitops_config = { 3 | enable = true 4 | clusterName = var.addon_context.eks_cluster_id 5 | } 6 | } 7 | 8 | module "helm_addon" { 9 | source = "../helm-addon" 10 | 11 | # https://github.com/open-policy-agent/gatekeeper/blob/master/charts/gatekeeper/Chart.yaml 12 | helm_config = merge( 13 | { 14 | name = "gatekeeper" 15 | chart = "gatekeeper" 16 | description = "gatekeeper Helm Chart deployment configuration" 17 | repository = "https://open-policy-agent.github.io/gatekeeper/charts" 18 | version = "3.10.0" 19 | namespace = "gatekeeper-system" 20 | create_namespace = true 21 | values = [ 22 | <<-EOT 23 | clusterName: ${var.addon_context.eks_cluster_id} 24 | EOT 25 | ] 26 | }, 27 | var.helm_config 28 | ) 29 | 30 | manage_via_gitops = var.manage_via_gitops 31 | addon_context = var.addon_context 32 | } 33 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/gatekeeper/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config aws-cloudwatch-metrics." 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /EKS-Blueprint/modules/kubernetes-addons/nvidia-device-plugin/variables.tf: -------------------------------------------------------------------------------- 1 | variable "helm_config" { 2 | description = "Helm provider config for the add-on" 3 | type = any 4 | default = {} 5 | } 6 | 7 | variable "manage_via_gitops" { 8 | description = "Determines if the add-on should be managed via GitOps." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "addon_context" { 14 | description = "Input configuration for the addon" 15 | type = object({ 16 | aws_caller_identity_account_id = string 17 | aws_caller_identity_arn = string 18 | aws_eks_cluster_endpoint = string 19 | aws_partition_id = string 20 | aws_region_name = string 21 | eks_cluster_id = string 22 | eks_oidc_issuer_url = string 23 | eks_oidc_provider_arn = string 24 | tags = map(string) 25 | irsa_iam_role_path = string 26 | irsa_iam_permissions_boundary = string 27 | }) 28 | } 29 | --------------------------------------------------------------------------------