Skip to content

yasinlachiny/terraform-kubernetes-addons

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

terraform-kubernetes-addons

semantic-release terraform-kubernetes-addons

Main components

Name Description Generic AWS Scaleway GCP Azure
admiralty A system of Kubernetes controllers that intelligently schedules workloads across clusters ✔️ ✔️ ✔️ ✔️ ✔️
aws-ebs-csi-driver Enable new feature and the use of gp3 volumes N/A ✔️ N/A N/A N/A
aws-efs-csi-driver Enable EFS Support N/A ✔️ N/A N/A N/A
aws-for-fluent-bit Cloudwatch logging with fluent bit instead of fluentd N/A ✔️ N/A N/A N/A
aws-load-balancer-controller Use AWS ALB/NLB for ingress and services N/A ✔️ N/A N/A N/A
aws-node-termination-handler Manage spot instance lifecyle N/A ✔️ N/A N/A N/A
aws-calico Use calico for network policy N/A ✔️ N/A N/A N/A
secrets-store-csi-driver-provider-aws AWS Secret Store and Parameter store driver for secret store CSI driver ✔️ N/A N/A N/A N/A
cert-manager automatically generate TLS certificates, supports ACME v2 ✔️ ✔️ ✔️ ❌ N/A
cluster-autoscaler scale worker nodes based on workload N/A ✔️ Included Included Included
cni-metrics-helper Provides cloudwatch metrics for VPC CNI plugins N/A ✔️ N/A N/A N/A
external-dns sync ingress and service records in route53 ❌ ✔️ ✔️ ❌ ❌
flux2 Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit ✔️ ✔️ ✔️ ✔️ ✔️
ingress-nginx processes Ingress object and acts as a HTTP/HTTPS proxy (compatible with cert-manager) ✔️ ✔️ ✔️ ❌ ❌
istio-operator Service mesh for Kubernetes ✔️ ✔️ ✔️ ✔️ ✔️
k8gb A cloud native Kubernetes Global Balancer ✔️ ✔️ ✔️ ✔️ ✔️
karma An alertmanager dashboard ✔️ ✔️ ✔️ ✔️ ✔️
keda Kubernetes Event-driven Autoscaling ✔️ ✔️ ✔️ ✔️ ✔️
keycloak Identity and access management ✔️ ✔️ ✔️ ✔️ ✔️
kong API Gateway ingress controller ✔️ ✔️ ✔️ ❌ ❌
kube-prometheus-stack Monitoring / Alerting / Dashboards ✔️ ✔️ ✔️ ❌ ❌
kyverno Kubernetes Native Policy Management ✔️ ✔️ ✔️ ✔️ ✔️
loki-stack Grafana Loki logging stack ✔️ ✔️ 🚧 ❌ ❌
promtail Ship log to loki from other cluster (eg. mTLS) 🚧 ✔️ 🚧 ❌ ❌
prometheus-adapter Prometheus metrics for use with the autoscaling/v2 Horizontal Pod Autoscaler in Kubernetes 1.6+ ✔️ ✔️ ✔️ ✔️ ✔️
prometheus-cloudwatch-exporter An exporter for Amazon CloudWatch, for Prometheus. ✔️ ✔️ ✔️ ✔️ ✔️
prometheus-blackbox-exporter The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. ✔️ ✔️ ✔️ ✔️ ✔️
rabbitmq-cluster-operator The RabbitMQ Cluster Operator automates provisioning, management of RabbitMQ clusters. ✔️ ✔️ ✔️ ✔️ ✔️
metrics-server enable metrics API and horizontal pod scaling (HPA) ✔️ ✔️ Included Included Included
node-problem-detector Forwards node problems to Kubernetes events ✔️ ✔️ Included Included Included
secrets-store-csi-driver Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume. ✔️ ✔️ ✔️ ✔️ ✔️
sealed-secrets Technology agnostic, store secrets on git ✔️ ✔️ ✔️ ✔️ ✔️
strimzi-kafka-operator Apache Kafka running on Kubernetes ✔️ ✔️ ✔️ ✔️ ✔️
thanos Open source, highly available Prometheus setup with long term storage capabilities ❌ ✔️ 🚧 ❌ ❌
thanos-memcached Open source, highly available Prometheus setup with long term storage capabilities ❌ ✔️ 🚧 ❌ ❌
thanos-storegateway Additional storegateway to query multiple object stores ❌ ✔️ 🚧 ❌ ❌
thanos-tls-querier Thanos TLS querier for cross cluster collection ❌ ✔️ 🚧 ❌ ❌
vault A tool for secrets management, encryption as a service, and privileged access management ✔️ ✔️ ✔️ ✔️ ✔️

Submodules

Submodules are used for specific cloud provider configuration such as IAM role for AWS. For a Kubernetes vanilla cluster, generic addons should be used.

Any contribution supporting a new cloud provider is welcomed.

Doc generation

Code formatting and documentation for variables and outputs is generated using pre-commit-terraform hooks which uses terraform-docs.

Follow these instructions to install pre-commit locally.

And install terraform-docs with go get github.com/segmentio/terraform-docs or brew install terraform-docs.

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Requirements

Name Version
terraform >= 1.0
flux ~> 0.21
github ~> 5.0
helm ~> 2.0
http >= 3
kubectl ~> 1.0
kubernetes ~> 2.0, != 2.12
tls ~> 4.0

Providers

Name Version
flux ~> 0.21
github ~> 5.0
helm ~> 2.0
http >= 3
kubectl ~> 1.0
kubernetes ~> 2.0, != 2.12
random n/a
time n/a
tls ~> 4.0

Modules

No modules.

Resources

Name Type
github_branch_default.main resource
github_repository.main resource
github_repository_deploy_key.main resource
github_repository_file.install resource
github_repository_file.kustomize resource
github_repository_file.sync resource
helm_release.admiralty resource
helm_release.cert-manager resource
helm_release.cert-manager-csi-driver resource
helm_release.flux resource
helm_release.ingress-nginx resource
helm_release.istio-operator resource
helm_release.k8gb resource
helm_release.karma resource
helm_release.keda resource
helm_release.keycloak resource
helm_release.kong resource
helm_release.kube-prometheus-stack resource
helm_release.kyverno resource
helm_release.kyverno-crds resource
helm_release.linkerd-viz resource
helm_release.linkerd2 resource
helm_release.linkerd2-cni resource
helm_release.loki-stack resource
helm_release.metrics-server resource
helm_release.node-problem-detector resource
helm_release.prometheus-adapter resource
helm_release.prometheus-blackbox-exporter resource
helm_release.promtail resource
helm_release.rabbitmq-operator resource
helm_release.sealed-secrets resource
helm_release.secrets-store-csi-driver resource
helm_release.strimzi-kafka-operator resource
helm_release.tigera-operator resource
helm_release.traefik resource
helm_release.vault resource
helm_release.victoria-metrics-k8s-stack resource
kubectl_manifest.apply resource
kubectl_manifest.cert-manager_cluster_issuers resource
kubectl_manifest.csi-external-snapshotter resource
kubectl_manifest.kong_crds resource
kubectl_manifest.linkerd resource
kubectl_manifest.prometheus-operator_crds resource
kubectl_manifest.sync resource
kubernetes_config_map.loki-stack_grafana_ds resource
kubernetes_namespace.admiralty resource
kubernetes_namespace.cert-manager resource
kubernetes_namespace.flux resource
kubernetes_namespace.flux2 resource
kubernetes_namespace.ingress-nginx resource
kubernetes_namespace.istio-operator resource
kubernetes_namespace.k8gb resource
kubernetes_namespace.karma resource
kubernetes_namespace.keda resource
kubernetes_namespace.keycloak resource
kubernetes_namespace.kong resource
kubernetes_namespace.kube-prometheus-stack resource
kubernetes_namespace.kyverno resource
kubernetes_namespace.linkerd-viz resource
kubernetes_namespace.linkerd2 resource
kubernetes_namespace.linkerd2-cni resource
kubernetes_namespace.loki-stack resource
kubernetes_namespace.metrics-server resource
kubernetes_namespace.node-problem-detector resource
kubernetes_namespace.prometheus-adapter resource
kubernetes_namespace.prometheus-blackbox-exporter resource
kubernetes_namespace.promtail resource
kubernetes_namespace.rabbitmq-operator resource
kubernetes_namespace.sealed-secrets resource
kubernetes_namespace.secrets-store-csi-driver resource
kubernetes_namespace.strimzi-kafka-operator resource
kubernetes_namespace.tigera-operator resource
kubernetes_namespace.traefik resource
kubernetes_namespace.vault resource
kubernetes_namespace.victoria-metrics-k8s-stack resource
kubernetes_network_policy.admiralty_allow_namespace resource
kubernetes_network_policy.admiralty_default_deny resource
kubernetes_network_policy.cert-manager_allow_control_plane resource
kubernetes_network_policy.cert-manager_allow_monitoring resource
kubernetes_network_policy.cert-manager_allow_namespace resource
kubernetes_network_policy.cert-manager_default_deny resource
kubernetes_network_policy.flux2_allow_monitoring resource
kubernetes_network_policy.flux2_allow_namespace resource
kubernetes_network_policy.flux_allow_monitoring resource
kubernetes_network_policy.flux_allow_namespace resource
kubernetes_network_policy.flux_default_deny resource
kubernetes_network_policy.ingress-nginx_allow_control_plane resource
kubernetes_network_policy.ingress-nginx_allow_ingress resource
kubernetes_network_policy.ingress-nginx_allow_monitoring resource
kubernetes_network_policy.ingress-nginx_allow_namespace resource
kubernetes_network_policy.ingress-nginx_default_deny resource
kubernetes_network_policy.istio-operator_allow_namespace resource
kubernetes_network_policy.istio-operator_default_deny resource
kubernetes_network_policy.k8gb_allow_namespace resource
kubernetes_network_policy.k8gb_default_deny resource
kubernetes_network_policy.karma_allow_ingress resource
kubernetes_network_policy.karma_allow_namespace resource
kubernetes_network_policy.karma_default_deny resource
kubernetes_network_policy.keda_allow_namespace resource
kubernetes_network_policy.keda_default_deny resource
kubernetes_network_policy.keycloak_allow_ingress resource
kubernetes_network_policy.keycloak_allow_monitoring resource
kubernetes_network_policy.keycloak_allow_namespace resource
kubernetes_network_policy.keycloak_default_deny resource
kubernetes_network_policy.kong_allow_ingress resource
kubernetes_network_policy.kong_allow_monitoring resource
kubernetes_network_policy.kong_allow_namespace resource
kubernetes_network_policy.kong_default_deny resource
kubernetes_network_policy.kube-prometheus-stack_allow_control_plane resource
kubernetes_network_policy.kube-prometheus-stack_allow_ingress resource
kubernetes_network_policy.kube-prometheus-stack_allow_namespace resource
kubernetes_network_policy.kube-prometheus-stack_default_deny resource
kubernetes_network_policy.kyverno_allow_namespace resource
kubernetes_network_policy.kyverno_default_deny resource
kubernetes_network_policy.linkerd-viz_allow_namespace resource
kubernetes_network_policy.linkerd-viz_default_deny resource
kubernetes_network_policy.linkerd2-cni_allow_namespace resource
kubernetes_network_policy.linkerd2-cni_default_deny resource
kubernetes_network_policy.loki-stack_allow_ingress resource
kubernetes_network_policy.loki-stack_allow_namespace resource
kubernetes_network_policy.loki-stack_default_deny resource
kubernetes_network_policy.metrics-server_allow_control_plane resource
kubernetes_network_policy.metrics-server_allow_namespace resource
kubernetes_network_policy.metrics-server_default_deny resource
kubernetes_network_policy.npd_allow_namespace resource
kubernetes_network_policy.npd_default_deny resource
kubernetes_network_policy.prometheus-adapter_allow_namespace resource
kubernetes_network_policy.prometheus-adapter_default_deny resource
kubernetes_network_policy.prometheus-blackbox-exporter_allow_namespace resource
kubernetes_network_policy.prometheus-blackbox-exporter_default_deny resource
kubernetes_network_policy.promtail_allow_ingress resource
kubernetes_network_policy.promtail_allow_namespace resource
kubernetes_network_policy.promtail_default_deny resource
kubernetes_network_policy.rabbitmq-operator_allow_namespace resource
kubernetes_network_policy.rabbitmq-operator_default_deny resource
kubernetes_network_policy.sealed-secrets_allow_namespace resource
kubernetes_network_policy.sealed-secrets_default_deny resource
kubernetes_network_policy.secrets-store-csi-driver_allow_namespace resource
kubernetes_network_policy.secrets-store-csi-driver_default_deny resource
kubernetes_network_policy.strimzi-kafka-operator_allow_namespace resource
kubernetes_network_policy.strimzi-kafka-operator_default_deny resource
kubernetes_network_policy.tigera-operator_allow_namespace resource
kubernetes_network_policy.tigera-operator_default_deny resource
kubernetes_network_policy.traefik_allow_ingress resource
kubernetes_network_policy.traefik_allow_monitoring resource
kubernetes_network_policy.traefik_allow_namespace resource
kubernetes_network_policy.traefik_default_deny resource
kubernetes_network_policy.vault_allow_control_plane resource
kubernetes_network_policy.vault_allow_namespace resource
kubernetes_network_policy.vault_default_deny resource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane resource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress resource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace resource
kubernetes_network_policy.victoria-metrics-k8s-stack_default_deny resource
kubernetes_priority_class.kubernetes_addons resource
kubernetes_priority_class.kubernetes_addons_ds resource
kubernetes_role.flux resource
kubernetes_role_binding.flux resource
kubernetes_secret.linkerd_trust_anchor resource
kubernetes_secret.loki-stack-ca resource
kubernetes_secret.main resource
kubernetes_secret.promtail-tls resource
kubernetes_secret.vault-ca resource
kubernetes_secret.webhook_issuer_tls resource
random_string.grafana_password resource
time_sleep.cert-manager_sleep resource
tls_cert_request.promtail-csr resource
tls_cert_request.vault-tls-client-csr resource
tls_locally_signed_cert.promtail-cert resource
tls_locally_signed_cert.vault-tls-client-cert resource
tls_private_key.identity resource
tls_private_key.linkerd_trust_anchor resource
tls_private_key.loki-stack-ca-key resource
tls_private_key.promtail-key resource
tls_private_key.vault-tls-ca-key resource
tls_private_key.vault-tls-client-key resource
tls_private_key.webhook_issuer_tls resource
tls_self_signed_cert.linkerd_trust_anchor resource
tls_self_signed_cert.loki-stack-ca-cert resource
tls_self_signed_cert.vault-tls-ca-cert resource
tls_self_signed_cert.webhook_issuer_tls resource
flux_install.main data source
flux_sync.main data source
github_repository.main data source
http_http.csi-external-snapshotter data source
http_http.kong_crds data source
http_http.prometheus-operator_crds data source
http_http.prometheus-operator_version data source
kubectl_file_documents.apply data source
kubectl_file_documents.csi-external-snapshotter data source
kubectl_file_documents.kong_crds data source
kubectl_file_documents.sync data source
kubectl_path_documents.cert-manager_cluster_issuers data source

Inputs

Name Description Type Default Required
admiralty Customize admiralty chart, see admiralty.tf for supported values any {} no
cert-manager Customize cert-manager chart, see cert-manager.tf for supported values any {} no
cert-manager-csi-driver Customize cert-manager-csi-driver chart, see cert-manager.tf for supported values any {} no
cluster-autoscaler Customize cluster-autoscaler chart, see cluster-autoscaler.tf for supported values any {} no
cluster-name Name of the Kubernetes cluster string "sample-cluster" no
csi-external-snapshotter Customize csi-external-snapshotter, see csi-external-snapshotter.tf for supported values any {} no
external-dns Map of map for external-dns configuration: see external_dns.tf for supported values any {} no
flux Customize Flux chart, see flux.tf for supported values any {} no
flux2 Customize Flux chart, see flux2.tf for supported values any {} no
helm_defaults Customize default Helm behavior any {} no
ingress-nginx Customize ingress-nginx chart, see nginx-ingress.tf for supported values any {} no
istio-operator Customize istio operator deployment, see istio_operator.tf for supported values any {} no
k8gb Customize k8gb chart, see k8gb.tf for supported values any {} no
karma Customize karma chart, see karma.tf for supported values any {} no
keda Customize keda chart, see keda.tf for supported values any {} no
keycloak Customize keycloak chart, see keycloak.tf for supported values any {} no
kong Customize kong-ingress chart, see kong.tf for supported values any {} no
kube-prometheus-stack Customize kube-prometheus-stack chart, see kube-prometheus-stack.tf for supported values any {} no
kyverno Customize kyverno chart, see kyverno.tf for supported values any {} no
labels_prefix Custom label prefix used for network policy namespace matching string "particule.io" no
linkerd-viz Customize linkerd-viz chart, see linkerd-viz.tf for supported values any {} no
linkerd2 Customize linkerd2 chart, see linkerd2.tf for supported values any {} no
linkerd2-cni Customize linkerd2-cni chart, see linkerd2-cni.tf for supported values any {} no
loki-stack Customize loki-stack chart, see loki-stack.tf for supported values any {} no
metrics-server Customize metrics-server chart, see metrics_server.tf for supported values any {} no
npd Customize node-problem-detector chart, see npd.tf for supported values any {} no
priority-class Customize a priority class for addons any {} no
priority-class-ds Customize a priority class for addons daemonsets any {} no
prometheus-adapter Customize prometheus-adapter chart, see prometheus-adapter.tf for supported values any {} no
prometheus-blackbox-exporter Customize prometheus-blackbox-exporter chart, see prometheus-blackbox-exporter.tf for supported values any {} no
promtail Customize promtail chart, see loki-stack.tf for supported values any {} no
rabbitmq-operator Customize rabbitmq-operator chart, see rabbitmq-operator.tf for supported values any {} no
sealed-secrets Customize sealed-secrets chart, see sealed-secrets.tf for supported values any {} no
secrets-store-csi-driver Customize secrets-store-csi-driver chart, see secrets-store-csi-driver.tf for supported values any {} no
strimzi-kafka-operator Customize strimzi-kafka-operator chart, see strimzi-kafka-operator.tf for supported values any {} no
thanos Customize thanos chart, see thanos.tf for supported values any {} no
thanos-memcached Customize thanos chart, see thanos.tf for supported values any {} no
thanos-storegateway Customize thanos chart, see thanos.tf for supported values any {} no
thanos-tls-querier Customize thanos chart, see thanos.tf for supported values any {} no
tigera-operator Customize tigera-operator chart, see tigera-operator.tf for supported values any {} no
traefik Customize traefik chart, see traefik.tf for supported values any {} no
vault Customize Hashicorp Vault chart, see vault.tf for supported values any {} no
victoria-metrics-k8s-stack Customize Victoria Metrics chart, see victoria-metrics-k8s-stack.tf for supported values any {} no

Outputs

Name Description
grafana_password n/a
loki-stack-ca n/a
promtail-cert n/a
promtail-key n/a
vault_ca_key n/a
vault_ca_pem n/a
vault_tls_client_cert_pem n/a
vault_tls_client_key n/a

About

Terraform module to deploy curated Kubernetes middleware on multiple cloud providers

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 98.0%
  • Smarty 2.0%