fix: pulled from external fixed PR(fix/missed-features)

_examples/basic/main.tf

@@ -166,21 +166,25 @@ module "addons" {
   aws_node_termination_handler = true
   aws_efs_csi_driver           = true
   aws_ebs_csi_driver           = true
-  karpenter                    = false
-  calico_tigera                = false
+  kube_state_metrics           = true
+  karpenter                    = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform.
+  calico_tigera                = true
+  new_relic                    = true
   kubeclarity                  = true
   ingress_nginx                = true
   fluent_bit                   = true
-  velero                       = true
   keda                         = true
+  certification_manager        = true
 
   # -- Addons with mandatory variable
   istio_ingress    = true
   istio_manifests  = var.istio_manifests
   kiali_server     = true
   kiali_manifests  = var.kiali_manifests
   external_secrets = true
+  velero           = true
+  velero_extra_configs = {
+    bucket_name = "velero-addons"
+  }
 
-  # -- Extra helm_release attributes
-  velero_extra_configs = var.velero_extra_configs
 }

_examples/basic/variables.tf

@@ -22,14 +22,4 @@ variable "kiali_manifests" {
     kiali_virtualservice_file_path = "./config/kiali/kiali_vs.yaml"
   }
   description = "Path to VirtualService manifest for kiali-dashboard"
-}
-
-#------------ EXTRA CONFIGS -----------
-variable "velero_extra_configs" {
-  type = any
-  default = {
-    timeout     = 300
-    atomic      = true
-    bucket_name = "velero-addons"
-  }
 }

_examples/complete/config/external-secret/external-secret.yaml

@@ -9,10 +9,10 @@ spec:
     name: external-secrets-store             # -- Provide previously created secret store name
     kind: SecretStore
   target:
-    name: externalsecret-data                # -- Name of secret which will contain data specified below
+    name: externalsecret-data                # -- Name of Kubernetes secret which will contain data specified below
     creationPolicy: Owner
   data:
-  - secretKey: do_not_delete_this_key        # -- AWS Secret-Manager secret key
+  - secretKey: external_secret_key           # -- Kubernetes Secret `externalsecret-data` KEY name
     remoteRef:
-      key: external_secrets                  # -- Same as 'externalsecrets_manifest["secret_manager_name"]
-      property: do_not_delete_this_key       # -- AWS Secret-Manager secret key
+      key: external_secrets_addon            # -- AWS Secret Name, same as `var.external_secrets_extra_configs.secret_manager_name`
+      property: external_secret              # -- AWS Secret-Manager secret key

_examples/complete/config/override-certification-manager.yaml

@@ -0,0 +1,21 @@
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "eks.amazonaws.com/nodegroup"
+          operator: In
+          values:
+          - "critical"
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi
+
+installCRDs: true

_examples/complete/custom-iam-policies/external-secrets.json

@@ -0,0 +1,14 @@
+{
+    "Statement": [
+        {
+            "Action": [
+                "secretsmanager:GetSecretValue",
+                "secretsmanager:DescribeSecret"
+            ],
+            "Effect": "Allow",
+            "Resource": "*",
+            "Sid": "ExternalSecretsDefault"
+        }
+    ],
+    "Version": "2012-10-17"
+} 

_examples/complete/main.tf

@@ -167,7 +167,8 @@ module "addons" {
   fluent_bit                   = true
   velero                       = true
   keda                         = true
-  filebeat                     = true 
+  certification_manager        = true
+  filebeat                     = true
 
   # -- Addons with mandatory variable
   istio_ingress    = true
@@ -195,6 +196,7 @@ module "addons" {
   new_relic_helm_config                    = { values = [file("./config/override-new-relic.yaml")] }
   kube_state_metrics_helm_config           = { values = [file("./config/override-kube-state-matrics.yaml")] }
   keda_helm_config                         = { values = [file("./config/keda/override-keda.yaml")] }
+  certification_manager_helm_config        = { values = [file("./config/override-certification-manager.yaml")] }
   filebeat_helm_config                     = { values = [file("./config/override-filebeat.yaml")] }
 
   # -- Override Helm Release attributes
@@ -216,30 +218,12 @@ module "addons" {
   kube_state_metrics_extra_configs           = var.kube_state_metrics_extra_configs
   keda_extra_configs                         = var.keda_extra_configs
   filebeat_extra_configs                     = var.filebeat_extra_configs
-
-  external_secrets_extra_configs = {
-    irsa_assume_role_policy = jsonencode({
-      "Version" : "2012-10-17",
-      "Statement" : [
-        {
-          "Effect" : "Allow",
-          "Principal" : {
-            "Federated" : module.eks.oidc_provider_arn
-          },
-          "Action" : "sts:AssumeRoleWithWebIdentity",
-          "Condition" : {
-            "StringLike" : {
-              "${replace(module.eks.cluster_oidc_issuer_url, "https://", "")}:aud" : "sts.amazonaws.com"
-            }
-          }
-        }
-      ]
-    })
-    secret_manager_name = "external_secrets_addon"
-  }
+  certification_manager_extra_configs        = var.certification_manager_extra_configs
+  external_secrets_extra_configs             = var.external_secrets_extra_configs
 
   # -- Custom IAM Policy Json for Addon's ServiceAccount
   cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json")
+  external_secrets_iampolicy_json_content   = file("./custom-iam-policies/external-secrets.json")
 }
 
 module "addons-internal" {

_examples/complete/outputs.tf

@@ -15,4 +15,8 @@ output "update_kubeconfig" {
 
 output "velero_post_installation" {
   value = indent(2, "Once velero server is up and running you need the client before you can use it - \n  1. wget https://github.com/vmware-tanzu/velero/releases/download/v1.11.1/velero-v1.11.1-darwin-amd64.tar.gz \n  2. tar -xvf velero-v1.11.1-darwin-amd64.tar.gz -C velero-client")
+}
+
+output "istio-ingress" {
+  value = indent(2, "Istio does not support the installation of istio-helmchart in a namespace other than istio-system. We have provided a namespace feature in case Istio-helmchart maintainers fix this issue.")
 }

_examples/complete/variables.tf

@@ -99,6 +99,13 @@ variable "keda_extra_configs" {
   default = {}
 }
 
+# ------------------ CERTIFICATION-MANAGER -----------------------------------------------------
+variable "certification_manager_extra_configs" {
+  type    = any
+  default = {}
+}
+
+
 # ------------------ ISTIO INGRESS ---------------------------------------------
 # -- INTERNET FACING --------------
 variable "istio_manifests" {
@@ -138,13 +145,11 @@ variable "istio_manifests_internal" {
 variable "istio_ingress_extra_configs_internal" {
   type = any
   default = {
-    name                   = "istio-ingress-internal"
-    namespace              = "istio-system"
-    istiobase_release_name = "base-internal"
-    istiod_release_name    = "istiod-internal"
-    create_namespace       = true
-    install_istiobase      = false
-    install_istiod         = false
+    name              = "istio-ingress-internal"
+    namespace         = "istio-system"
+    create_namespace  = false
+    install_istiobase = false
+    install_istiod    = false
   }
 }
 
@@ -163,6 +168,14 @@ variable "kiali_server_extra_configs" {
   default = {}
 }
 
+# ------------------ EXTERNAL SECRETS ------------------------------------------
+variable "external_secrets_extra_configs" {
+  type = any
+  default = {
+    secret_manager_name = "external_secrets_addon"
+  }
+}
+
 # ------------------ FILEBEAT -------------------------------------------------
 variable "filebeat_extra_configs" {
   type    = any

addons/aws-ebs-csi-driver/locals.tf

@@ -12,7 +12,7 @@ locals {
     lint                       = try(var.aws_ebs_csi_driver_extra_configs.lint, "false")
     repository_key_file        = try(var.aws_ebs_csi_driver_extra_configs.repository_key_file, "")
     repository_cert_file       = try(var.aws_ebs_csi_driver_extra_configs.repository_cert_file, "")
-    repository_username        = try(var.aws_ebs_csi_driver_extra_configs.repository_password, "")
+    repository_username        = try(var.aws_ebs_csi_driver_extra_configs.repository_username, "")
     repository_password        = try(var.aws_ebs_csi_driver_extra_configs.repository_password, "")
     verify                     = try(var.aws_ebs_csi_driver_extra_configs.verify, "false")
     keyring                    = try(var.aws_ebs_csi_driver_extra_configs.keyring, "")
@@ -33,11 +33,8 @@ locals {
     replace                    = try(var.aws_ebs_csi_driver_extra_configs.replace, "false")
   }
 
-  aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config,
-    local.aws_ebs_csi_driver_extra_configs
   )
 }

addons/aws-ebs-csi-driver/main.tf

@@ -5,7 +5,6 @@ module "helm_addon" {
   helm_config       = local.helm_config
   addon_context     = var.addon_context
 
-  depends_on = [kubernetes_namespace_v1.this]
   set_values = [
     {
       name  = "controller.serviceAccount.create"
@@ -59,12 +58,4 @@ resource "aws_iam_policy" "policy" {
   ]
 }  
 EOT
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
+}

addons/aws-efs-csi-driver/locals.tf

@@ -12,7 +12,7 @@ locals {
     lint                       = try(var.aws_efs_csi_driver_extra_configs.lint, "false")
     repository_key_file        = try(var.aws_efs_csi_driver_extra_configs.repository_key_file, "")
     repository_cert_file       = try(var.aws_efs_csi_driver_extra_configs.repository_cert_file, "")
-    repository_username        = try(var.aws_efs_csi_driver_extra_configs.repository_password, "")
+    repository_username        = try(var.aws_efs_csi_driver_extra_configs.repository_username, "")
     repository_password        = try(var.aws_efs_csi_driver_extra_configs.repository_password, "")
     verify                     = try(var.aws_efs_csi_driver_extra_configs.verify, "false")
     keyring                    = try(var.aws_efs_csi_driver_extra_configs.keyring, "")

addons/aws-efs-csi-driver/main.tf

@@ -5,7 +5,6 @@ module "helm_addon" {
   helm_config       = local.helm_config
   addon_context     = var.addon_context
 
-  depends_on = [kubernetes_namespace_v1.this]
   set_values = [
     {
       name  = "image.repository"
@@ -93,12 +92,4 @@ resource "aws_iam_policy" "policy" {
     ]
   }  
 EOT
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
+}

addons/aws-load-balancer-controller/locals.tf

@@ -12,7 +12,7 @@ locals {
     lint                       = try(var.aws_load_balancer_controller_extra_configs.lint, "false")
     repository_key_file        = try(var.aws_load_balancer_controller_extra_configs.repository_key_file, "")
     repository_cert_file       = try(var.aws_load_balancer_controller_extra_configs.repository_cert_file, "")
-    repository_username        = try(var.aws_load_balancer_controller_extra_configs.repository_password, "")
+    repository_username        = try(var.aws_load_balancer_controller_extra_configs.repository_username, "")
     repository_password        = try(var.aws_load_balancer_controller_extra_configs.repository_password, "")
     verify                     = try(var.aws_load_balancer_controller_extra_configs.verify, "false")
     keyring                    = try(var.aws_load_balancer_controller_extra_configs.keyring, "")
@@ -33,11 +33,8 @@ locals {
     replace                    = try(var.aws_load_balancer_controller_extra_configs.replace, "false")
   }
 
-  aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config,
-    local.aws_load_balancer_controller_extra_configs
   )
 }

addons/aws-load-balancer-controller/main.tf

@@ -5,7 +5,6 @@ module "helm_addon" {
   helm_config       = local.helm_config
   addon_context     = var.addon_context
 
-  depends_on = [kubernetes_namespace_v1.this]
   set_values = [
     {
       name  = "clusterName"
@@ -289,12 +288,4 @@ resource "aws_iam_policy" "policy" {
     ]
 }  
   EOT
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
+}

addons/aws-node-termination-handler/locals.tf

@@ -12,7 +12,7 @@ locals {
     lint                       = try(var.aws_node_termination_handler_extra_configs.lint, "false")
     repository_key_file        = try(var.aws_node_termination_handler_extra_configs.repository_key_file, "")
     repository_cert_file       = try(var.aws_node_termination_handler_extra_configs.repository_cert_file, "")
-    repository_username        = try(var.aws_node_termination_handler_extra_configs.repository_password, "")
+    repository_username        = try(var.aws_node_termination_handler_extra_configs.repository_username, "")
     repository_password        = try(var.aws_node_termination_handler_extra_configs.repository_password, "")
     verify                     = try(var.aws_node_termination_handler_extra_configs.verify, "false")
     keyring                    = try(var.aws_node_termination_handler_extra_configs.keyring, "")
@@ -33,11 +33,8 @@ locals {
     replace                    = try(var.aws_node_termination_handler_extra_configs.replace, "false")
   }
 
-  aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config,
-    local.aws_node_termination_handler_extra_configs
   )
 }

addons/aws-node-termination-handler/main.tf

@@ -4,14 +4,4 @@ module "helm_addon" {
   manage_via_gitops = var.manage_via_gitops
   helm_config       = local.helm_config
   addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-  }
 }

addons/calico-tigera/locals.tf

@@ -13,7 +13,7 @@ locals {
     lint                       = try(var.calico_tigera_extra_configs.lint, "false")
     repository_key_file        = try(var.calico_tigera_extra_configs.repository_key_file, "")
     repository_cert_file       = try(var.calico_tigera_extra_configs.repository_cert_file, "")
-    repository_username        = try(var.calico_tigera_extra_configs.repository_password, "")
+    repository_username        = try(var.calico_tigera_extra_configs.repository_username, "")
     repository_password        = try(var.calico_tigera_extra_configs.repository_password, "")
     verify                     = try(var.calico_tigera_extra_configs.verify, "false")
     keyring                    = try(var.calico_tigera_extra_configs.keyring, "")
@@ -34,11 +34,8 @@ locals {
     replace                    = try(var.calico_tigera_extra_configs.replace, "false")
   }
 
-  calico_tigera_extra_configs = var.calico_tigera_extra_configs
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config,
-    local.calico_tigera_extra_configs
   )
 }