feat: 🚀 Redis Cluster, version 18.0.4 (#41)

* feat: Redis Cluster, version 18.0.4

* fix- Updated Redis Password

* feat: Using affinity to schedule pod on critical nodes

* fix- tflint, tfchecks warnings

* fix- tfchecks wildcard warnings

* fix- external-eks cluster_name

* fix- tf-checks

* feat- Updated Readme for external-eks example

* fix: namespace name in istio virtualService example file

.github/workflows/readme.yml

@@ -67,7 +67,7 @@ jobs:
       - name: Generate TF Docs
         uses: terraform-docs/gh-actions@v1.0.0
         with:
-          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/reloader,addons/external-dns
+          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis
           git-push: true
           template: |-
             <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

_examples/basic/config/istio/virtual-service.yaml

@@ -1,6 +1,6 @@
 # If application will be deployed using HelmChart(ChartName=myapp) then:
 # replace `appname`      by  `{{ include "myapp.fullname" . }}`  and
-# replace `istio-system` by  `{{ include "myapp.namespace" . }}`
+# replace `default` by  `{{ include "myapp.namespace" . }}`
 
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService

_examples/basic/main.tf

@@ -177,6 +177,7 @@ module "addons" {
   certification_manager        = true
   reloader                     = true
   external_dns                 = true
+  redis                        = true
 
   # -- Addons with mandatory variable
   istio_ingress    = true

_examples/complete/config/istio/virtual-service.yaml

@@ -1,6 +1,6 @@
 # If application will be deployed using HelmChart(ChartName=myapp) then:
 # replace `appname`      by  `{{ include "myapp.fullname" . }}`  and
-# replace `istio-system` by  `{{ include "myapp.namespace" . }}`
+# replace `default` by  `{{ include "myapp.namespace" . }}`
 
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService

_examples/complete/config/override-redis.yaml

@@ -0,0 +1,34 @@
+global:
+  storageClass: ""
+  redis:
+    password: "redisPassword"
+
+# -- master configuration parameters
+master:
+  count: 1
+  persistence:
+    size: 4Gi    
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "eks.amazonaws.com/nodegroup"
+            operator: In
+            values:
+            - "critical"    
+
+# -- replicas configuration parameters
+replica:
+  replicaCount: 3
+  persistence:
+    size: 4Gi
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "eks.amazonaws.com/nodegroup"
+            operator: In
+            values:
+            - "critical"    

_examples/complete/main.tf

@@ -171,6 +171,8 @@ module "addons" {
   filebeat                     = true
   reloader                     = true
   external_dns                 = true
+  redis                        = true
+
 
 
   # -- Addons with mandatory variable
@@ -203,6 +205,8 @@ module "addons" {
   filebeat_helm_config                     = { values = [file("./config/override-filebeat.yaml")] }
   reloader_helm_config                     = { values = [file("./config/reloader/override-reloader.yaml")] }
   external_dns_helm_config                 = { values = [file("./config/override-external-dns.yaml")] }
+  redis_helm_config                        = { values = [file("./config/override-redis.yaml")] }
+
 
   # -- Override Helm Release attributes
   metrics_server_extra_configs               = var.metrics_server_extra_configs
@@ -227,6 +231,7 @@ module "addons" {
   filebeat_extra_configs                     = var.filebeat_extra_configs
   reloader_extra_configs                     = var.reloader_extra_configs
   external_dns_extra_configs                 = var.external_dns_extra_configs
+  redis_extra_configs                        = var.redis_extra_configs
 
   # -- Custom IAM Policy Json for Addon's ServiceAccount
   cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json")

_examples/complete/variables.tf

@@ -192,4 +192,13 @@ variable "reloader_extra_configs" {
 variable "external_dns_extra_configs" {
   type    = any
   default = {}
+}
+
+# ------------------ REDIS --------------------------------------------------
+variable "redis_extra_configs" {
+  type = any
+  default = {
+    atomic  = true
+    timeout = 300
+  }
 }

_examples/external-eks/README.md

@@ -0,0 +1,3 @@
+## examples/external-eks
+
+This example shows that, how to use terraform-aws-eks-addons module if your cluster is already created.

_examples/external-eks/config/calico-tigera-values.yaml

@@ -0,0 +1,11 @@
+installation:
+  kubernetesProvider: "EKS"
+
+## Using limits and requests
+resources:
+  limits:
+    cpu: 300m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi

_examples/external-eks/config/external-secret/external-secret.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-secret                      # -- Provide external secret name
+  namespace: kube-system                     # -- Do not change this namespace field
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: external-secrets-store             # -- Provide previously created secret store name
+    kind: SecretStore
+  target:
+    name: externalsecret-data                # -- Name of Kubernetes secret which will contain data specified below
+    creationPolicy: Owner
+  data:
+  - secretKey: external_secret_key           # -- Kubernetes Secret `externalsecret-data` KEY name
+    remoteRef:
+      key: external_secrets_addon            # -- AWS Secret Name, same as `var.external_secrets_extra_configs.secret_manager_name`
+      property: external_secret              # -- AWS Secret-Manager secret key

_examples/external-eks/config/external-secret/override-values.yaml

@@ -0,0 +1,24 @@
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "eks.amazonaws.com/nodegroup"
+          operator: In
+          values:
+          - "critical"
+
+## Using limits and requests
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi
+
+podAnnotations:
+  co.elastic.logs/enabled: "true"

_examples/external-eks/config/external-secret/secret-store.yaml

@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: external-secrets-store        # -- Provide secret store name
+  namespace: kube-system              # -- Do not change this namespace name
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: us-east-1               # -- Provoide your cluster region
+      auth:
+        jwt:
+          serviceAccountRef:
+            name: external-secrets-sa # -- Do not change this name field

_examples/external-eks/config/external-secret/usage.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ubuntu-pod
+  namespace: kube-system                       # -- keep this namespace same as ExternalSecret namespace
+  labels:
+    app: ubuntu-pod
+spec:
+  containers:
+  - image: ubuntu
+    command:
+      - "sleep"
+      - "604800"
+    imagePullPolicy: IfNotPresent
+    name: ubuntu-pod
+    env:
+      - name: USER_1                           # -- Environment variable of pod
+        valueFrom:
+          secretKeyRef:
+            name: externalsecret-data          # -- kubernetes secret name
+            key: do_not_delete_this_key        # -- Same as spec.data.secretKey field of ExternalSecret         
+            optional: false
+  restartPolicy: Always

_examples/external-eks/config/istio/gateway-internal.yaml

@@ -0,0 +1,17 @@
+# -- Make sure to use same Namespace for Gateway, Ingress & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`.
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: istio-gateway-internal
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingress-internal
+  servers:
+  - hosts:
+    - "*.test.clouddrove.com"
+    - "test.clouddrove.com"
+    port:
+      number: 80
+      name: http
+      protocol: HTTP

_examples/external-eks/config/istio/gateway.yaml

@@ -0,0 +1,17 @@
+# -- Make sure to use same Namespace for Gateway, Ingress & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`.
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: istio-gateway
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingress
+  servers:
+  - hosts:
+    - "*.test.clouddrove.com"
+    - "test.clouddrove.com"
+    port:
+      number: 80
+      name: http
+      protocol: HTTP

_examples/external-eks/config/istio/ingress-internal.yaml

@@ -0,0 +1,21 @@
+# -- Make sure to use same Namespace for Ingress, Gateway & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`.
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: istio-ingress-internal
+  namespace: istio-system
+  annotations:
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internal
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
+spec:
+  rules:
+  - http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: istio-ingress-internal
+              port:
+                number: 80

_examples/external-eks/config/istio/ingress.yaml

@@ -0,0 +1,21 @@
+# -- Make sure to use same Namespace for Ingress, Gateway & var.istio_ingress_extra_configs["namespace"], default namespace is set to `istio-system`.
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: istio-ingress
+  namespace: istio-system
+  annotations:
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
+spec:
+  rules:
+  - http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: istio-ingress
+              port:
+                number: 80

_examples/external-eks/config/istio/override-values.yaml

@@ -0,0 +1,6 @@
+global:
+  defaultNodeSelector:
+    "eks.amazonaws.com/nodegroup" : "critical"
+
+service:
+  type: NodePort

_examples/external-eks/config/istio/virtual-service.yaml

@@ -0,0 +1,27 @@
+# If application will be deployed using HelmChart(ChartName=myapp) then:
+# replace `appname`      by  `{{ include "myapp.fullname" . }}`  and
+# replace `default` by  `{{ include "myapp.namespace" . }}`
+
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  annotations:
+    meta.helm.sh/release-name: appname
+    meta.helm.sh/release-namespace: default
+  generation: 1
+  labels:
+    app.kubernetes.io/instance: appname
+    app.kubernetes.io/name: appname
+  name: appname
+  namespace: default
+spec:
+  gateways:
+  - istio-system/istio-gateway
+  hosts:
+  - test.clouddrove.com
+  http:
+  - route:
+    - destination:
+        host: appname
+        port:
+          number: 80

_examples/external-eks/config/keda/override-keda.yaml

@@ -0,0 +1,9 @@
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "eks.amazonaws.com/nodegroup"
+          operator: In
+          values:
+          - "critical"

_examples/external-eks/config/keda/strategy_example.yaml

@@ -0,0 +1,36 @@
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: nginx-deployment
+  namespace: nginx
+spec:
+  scaleTargetRef:
+    apiVersion:    apps/v1        # Optional. Default: apps/v1
+    kind:          Deployment     # Optional. Default: Deployment
+    name:          nginx      # Mandatory. Must be in the same namespace as the ScaledObject
+  pollingInterval:  5                    # Optional. Default: 5 seconds
+  cooldownPeriod:   20                  # Optional. Default: 300 seconds
+  minReplicaCount:  1                   # Optional. Default: 0
+  maxReplicaCount:  10                    # Optional. Default: 100
+  fallback:                                        # Optional. Section to specify fallback options
+    failureThreshold: 3                            # Mandatory if fallback section is included
+    replicas: 1                                    # Mandatory if fallback section is included
+  advanced:                                        # Optional. Section to specify advanced options
+    restoreToOriginalReplicaCount: true     # Optional. Default: false
+    horizontalPodAutoscalerConfig:          # Optional. Section to specify HPA related options
+      name: keda-hpa-nginx       # Optional. Default: keda-hpa-{scaled-object-name}
+      behavior:                             # Optional. Use to modify HPA's scaling behavior
+        scaleDown:
+          stabilizationWindowSeconds: 60
+          policies:
+            - type: Percent
+              value: 100
+              periodSeconds: 15
+  triggers:
+  - type: cron
+    metadata:
+      # Required
+      timezone: Asia/Kolkata  # The acceptable values would be a value from the IANA Time Zone Database.
+      start: "12 00 * * *"
+      end: "15 00 * * *"
+      desiredReplicas: "5"

_examples/external-eks/config/kiali/kiali_vs.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: kiali
+  namespace: istio-system
+spec:
+  hosts:
+    - dash.test.clouddrove.com
+  gateways:
+  - istio-system/istio-gateway
+  http:
+  - route:
+    - destination:
+        host: kiali
+        port:
+          number: 20001