A Terraform module to deploy the KEDA on Amazon EKS cluster.
Check out other Terraform Kubernetes addons.
We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/.
Deploy Helm chart via Helm resource (default method, set enabled = true
)
Deploy Helm chart as ArgoCD Application via Kubernetes manifest resource (set enabled = true
and argo_enabled = true
)
Warning
When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.
To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the
argo_helm_enabled
variable totrue
.
Deploy Helm chart as ArgoCD Application via Helm resource (set enabled = true
, argo_enabled = true
and argo_helm_enabled = true
)
See Basic example for further information.
Name | Version |
---|---|
terraform | >= 1.5.0 |
aws | ~> 5 |
helm | >= 2.6.0 |
kubernetes | >= 2.20.0 |
utils | >= 0.17.0 |
Name | Source | Version |
---|---|---|
addon | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.5 |
addon-irsa | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa | v0.0.5 |
Name | Type |
---|---|
utils_deep_merge_yaml.values | data source |
Important
Variables defined in variables-addon.tf defaults to null
to have them overridable by the addon configuration defined though the local.addon.*
local variable with some default values defined in addon.tf.
Name | Description | Type |
---|---|---|
argo_apiversion | ArgoCD Application apiVersion. Defaults to "argoproj.io/v1alpha1" . |
string |
argo_destination_server | Destination server for ArgoCD Application. Defaults to "https://kubernetes.default.svc" . |
string |
argo_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release. Defaults to false . |
bool |
argo_helm_enabled | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to false . |
bool |
argo_helm_values | Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to "" . |
string |
argo_helm_wait_backoff_limit | Backoff limit for ArgoCD Application Helm release wait job. Defaults to 6 . |
number |
argo_helm_wait_node_selector | Node selector for ArgoCD Application Helm release wait job. Defaults to {} . |
map(string) |
argo_helm_wait_timeout | Timeout for ArgoCD Application Helm release wait job. Defaults to "10m" . |
string |
argo_helm_wait_tolerations | Tolerations for ArgoCD Application Helm release wait job. Defaults to [] . |
list(any) |
argo_info | ArgoCD info manifest parameter. Defaults to [{name="terraform",value=true}] . |
list(object({ |
argo_kubernetes_manifest_computed_fields | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to ["metadata.labels", "metadata.annotations", "metadata.finalizers"] . |
list(string) |
argo_kubernetes_manifest_field_manager_force_conflicts | Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to false . |
bool |
argo_kubernetes_manifest_field_manager_name | The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to "Terraform" . |
string |
argo_kubernetes_manifest_wait_fields | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to {} . |
map(string) |
argo_metadata | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to {finalizers=["resources-finalizer.argocd.argoproj.io"]} . |
any |
argo_namespace | Namespace to deploy ArgoCD application CRD to. Defaults to "argo" . |
string |
argo_project | ArgoCD Application project. Defaults to default . |
string |
argo_spec | ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to {} . |
any |
argo_sync_policy | ArgoCD syncPolicy manifest parameter. Defaults to {} . |
any |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster (required). | string |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account (required). | string |
enabled | Set to false to prevent the module from creating any resources. | bool |
helm_atomic | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to false . |
bool |
helm_chart_name | Helm chart name to be installed. Defaults to local.addon.name (required). |
string |
helm_chart_version | Version of the Helm chart. Defaults to local.addon.helm_chart_version (required). |
string |
helm_cleanup_on_fail | Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to false . |
bool |
helm_create_namespace | Create the namespace if it does not yet exist. Defaults to true . |
bool |
helm_dependency_update | Runs Helm dependency update before installing the chart. Defaults to false . |
bool |
helm_description | Set Helm release description attribute (visible in the history). Defaults to "" . |
string |
helm_devel | Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to false . |
bool |
helm_disable_openapi_validation | If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to false . |
bool |
helm_disable_webhooks | Prevent Helm chart hooks from running. Defaults to false . |
bool |
helm_force_update | Force Helm resource update through delete/recreate if needed. Defaults to false . |
bool |
helm_keyring | Location of public keys used for verification. Used only if helm_package_verify is true . Defaults to "~/.gnupg/pubring.gpg" . |
string |
helm_lint | Run the Helm chart linter during the plan. Defaults to false . |
bool |
helm_package_verify | Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to false . |
bool |
helm_postrender | Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to {} . |
map(any) |
helm_recreate_pods | Perform pods restart during Helm upgrade/rollback. Defaults to false . |
bool |
helm_release_max_history | Maximum number of release versions stored per release. Defaults to 0 . |
number |
helm_release_name | Helm release name. Defaults to local.addon.name (required). |
string |
helm_render_subchart_notes | If set, render Helm subchart notes along with the parent. Defaults to true . |
bool |
helm_replace | Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to false . |
bool |
helm_repo_ca_file | Helm repositories CA cert file. Defaults to "" . |
string |
helm_repo_cert_file | Helm repositories cert file. Defaults to "" . |
string |
helm_repo_key_file | Helm repositories cert key file. Defaults to "" . |
string |
helm_repo_password | Password for HTTP basic authentication against the Helm repository. Defaults to "" . |
string |
helm_repo_url | Helm repository. Defaults to local.addon.helm_repo_url (required). |
string |
helm_repo_username | Username for HTTP basic authentication against the Helm repository. Defaults to "" . |
string |
helm_reset_values | When upgrading, reset the values to the ones built into the Helm chart. Defaults to false . |
bool |
helm_reuse_values | When upgrading, reuse the last Helm release's values and merge in any overrides. If 'helm_reset_values' is specified, this is ignored. Defaults to false . |
bool |
helm_set_sensitive | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to {} . |
map(any) |
helm_skip_crds | If set, no CRDs will be installed before Helm release. Defaults to false . |
bool |
helm_timeout | Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to 300 . |
number |
helm_wait | Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to false . |
bool |
helm_wait_for_jobs | If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to false . |
bool |
irsa_additional_policies | Map of the additional policies to be attached to IRSA role. Where key is arbitrary id and value is policy ARN. Defaults to {} . |
map(string) |
irsa_assume_role_arns | List of ARNs assumable by the IRSA role. Applied only if irsa_assume_role_enabled is true . |
list(string) |
irsa_assume_role_enabled | Whether IRSA is allowed to assume role defined by irsa_assume_role_arn . Mutually exclusive with irsa_policy_enabled . Defaults to false . |
bool |
irsa_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to "" . |
string |
irsa_policy | Policy to be attached to the IRSA role. Applied only if irsa_policy_enabled is true . |
string |
irsa_policy_enabled | Whether to create IAM policy specified by irsa_policy . Mutually exclusive with irsa_assume_role_enabled . Defaults to false . |
bool |
irsa_role_create | Whether to create IRSA role and annotate Service Account. Defaults to true . |
bool |
irsa_role_name | IRSA role name. The value is prefixed by var.irsa_role_name_prefix . Defaults to addon Helm chart name. |
string |
irsa_role_name_prefix | IRSA role name prefix. Defaults to addon IRSA component name with irsa suffix. |
string |
irsa_tags | IRSA resources tags. Defaults to {} . |
map(string) |
keda_metric_server_irsa_additional_policies | Map of the additional policies to be attached to default role of the KEDA metrics server. Where key is arbitrary id and value is policy ARN. | map(string) |
keda_metric_server_irsa_assume_role_arns | Assume role ARNs for the KEDA metrics server. Applied only if keda_metric_server_irsa_assume_role_enabled is true . |
list(string) |
keda_metric_server_irsa_assume_role_enabled | Whether IRSA for the KEDA metrics server is allowed to assume role defined by keda_metric_server_irsa_assume_role_arn . Mutually exclusive with keda_metric_server_irsa_policy_enabled . |
bool |
keda_metric_server_irsa_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IRSA role of the KEDA metrics server. Defaults to "" . |
string |
keda_metric_server_irsa_policy | Policy to be attached to the default role of the KEDA metrics server. Applied only if keda_metric_server_irsa_policy_enabled is true . |
string |
keda_metric_server_irsa_policy_enabled | Whether to create IAM policy specified by keda_metric_server_irsa_policy for the KEDA metrics server. Mutually exclusive with keda_metric_server_irsa_assume_role_enabled . |
bool |
keda_metric_server_irsa_role_create | Whether to create the IRSA role for the KEDA metrics server. | bool |
keda_metric_server_service_account_create | Whether to create the Service Account for the KEDA metrics server. | bool |
keda_metric_server_service_account_name | The name of the Service Account for the KEDA metrics server. | string |
keda_operator_irsa_additional_policies | Map of the additional policies to be attached to default role of the KEDA operator. Where key is arbitrary id and value is policy ARN. | map(string) |
keda_operator_irsa_assume_role_arns | Assume role ARNs for the KEDA operator. Applied only if keda_operator_irsa_assume_role_enabled is true . |
list(string) |
keda_operator_irsa_assume_role_enabled | Whether IRSA for the KEDA operator is allowed to assume role defined by keda_operator_irsa_assume_role_arn . Mutually exclusive with keda_operator_irsa_policy_enabled . |
bool |
keda_operator_irsa_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IRSA role of the KEDA operator. Defaults to "" . |
string |
keda_operator_irsa_policy | Policy to be attached to the default role of the KEDA operator. Applied only if keda_operator_irsa_policy_enabled is true . |
string |
keda_operator_irsa_policy_enabled | Whether to create IAM policy specified by keda_operator_irsa_policy for the KEDA operator. Mutually exclusive with keda_operator_irsa_assume_role_enabled . |
bool |
keda_operator_irsa_role_create | Whether to create the IRSA role for the KEDA operator. | bool |
keda_operator_service_account_create | Whether to create the Service Account for the KEDA operator. | bool |
keda_operator_service_account_name | The name of the Service Account for the KEDA operator. | string |
keda_webhooks_irsa_additional_policies | Map of the additional policies to be attached to default role of the KEDA webhooks. Where key is arbitrary id and value is policy ARN. | map(string) |
keda_webhooks_irsa_assume_role_arns | Assume role ARNs for the KEDA webhooks. Applied only if keda_webhooks_irsa_assume_role_enabled is true . |
list(string) |
keda_webhooks_irsa_assume_role_enabled | Whether IRSA for the KEDA webhooks is allowed to assume role defined by keda_webhooks_irsa_assume_role_arn . Mutually exclusive with keda_webhooks_irsa_policy_enabled . |
bool |
keda_webhooks_irsa_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IRSA role of the KEDA webhooks. Defaults to "" . |
string |
keda_webhooks_irsa_policy | Policy to be attached to the default role of the KEDA webhooks. Applied only if keda_webhooks_irsa_policy_enabled is true . |
string |
keda_webhooks_irsa_policy_enabled | Whether to create IAM policy specified by keda_webhooks_irsa_policy for the KEDA operator. Mutually exclusive with keda_webhooks_irsa_assume_role_enabled . |
bool |
keda_webhooks_irsa_role_create | Whether to create the IRSA role for the KEDA webhooks. | bool |
keda_webhooks_service_account_create | Whether to create the Service Account for the KEDA webhooks. | bool |
keda_webhooks_service_account_name | The name of the Service Account for the KEDA webhooks. | string |
namespace | The Kubernetes Namespace in which the Helm chart will be installed. Defaults to local.addon.name (required). |
string |
rbac_create | Whether to create and use RBAC resources. Defaults to true . |
bool |
service_account_create | Whether to create Service Account. Defaults to true . |
bool |
service_account_name | The Kubernetes Service Account name. Defaults to addon name. | string |
service_account_namespace | The Kubernetes Service Account namespace. Defaults to addon namespace. | string |
settings | Additional Helm sets which will be passed to the Helm chart values. Defaults to {} . |
map(any) |
values | Additional yaml encoded values which will be passed to the Helm chart. Defaults to "" . |
string |
Name | Description |
---|---|
addon | The addon module outputs |
addon_irsa | The addon IRSA module outputs |
Feel free to create an issue in this repository if you have questions, suggestions or feature requests.
We want to provide high quality code and modules. For this reason we are using several pre-commit hooks and GitHub Actions workflows. A pull-request to the main branch will trigger these validations and lints automatically. Please check your code before you will create pull-requests. See pre-commit documentation and GitHub Actions documentation for further details.
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.