diff --git a/README.md b/README.md
index 1ba5495..49fbfb7 100644
--- a/README.md
+++ b/README.md
@@ -11,24 +11,27 @@ This module provides a set of reusable, configurable, and scalable AWS EKS addon
```hcl
module "eks-addons" {
source = "squareops/eks-addons/aws"
- version = "3.1.1"
+ version = "4.0.2"
name = local.name
tags = local.additional_tags
- vpc_id = "vpc-xxxxxx" # pass VPC ID
- private_subnet_ids = ["subnet-xxxxx", "subnet-xxxxx"] # pass Subnet IDs
+ vpc_id = local.vpc_id
+ private_subnet_ids = local.private_subnet_ids # pass the private subnet IDs
+ public_subnet_ids = local.public_subnet_ids # pass the private subnet IDs
environment = local.environment
ipv6_enabled = local.ipv6_enabled
kms_key_arn = local.kms_key_arn
- kms_policy_arn = "arn:aws:iam::xxx:policy/eks-kms-policy" # eks module will create kms_policy_arn
- worker_iam_role_name = "eks-node-role" # enter role name created by eks module
- worker_iam_role_arn = "arn:aws:iam::xxx:role/eks-node-role" # enter roll ARN
+ kms_policy_arn = local.kms_policy_arn
+ worker_iam_role_arn = local.worker_iam_role_arn
+ worker_iam_role_name = local.worker_iam_role_name
eks_cluster_name = data.aws_eks_cluster.cluster.name
#VPC-CNI-DRIVER
- amazon_eks_vpc_cni_enabled = false # enable VPC-CNI
+ amazon_eks_vpc_cni_enabled = true # enable VPC-CNI
+ vpc_cni_version = "v1.19.2-eksbuild.1"
#EBS-CSI-DRIVER
enable_amazon_eks_aws_ebs_csi_driver = false # enable EBS CSI Driver
+ ebs_csi_driver_version = "v1.36.0-eksbuild.1"
amazon_eks_aws_ebs_csi_driver_config = {
values = [file("${path.module}/config/ebs-csi.yaml")]
}
@@ -39,37 +42,47 @@ module "eks-addons" {
## EfS-STORAGE-CLASS
efs_storage_class_enabled = false # to enable EBS storage class
+ efs_version = "2.3.2"
## SERVICE-MONITORING-CRDs
service_monitor_crd_enabled = false # enable service monitor along with K8S-dashboard (required CRD) or when require service monitor in reloader and cert-manager
## METRIC-SERVER
metrics_server_enabled = false # to enable metrics server
+ metrics_server_version = "3.12.1"
metrics_server_helm_config = [file("${path.module}/config/metrics-server.yaml")]
+
+ # VerticalPodAutoscaler
+ vpa_enabled = false
+ vpa_version = "9.9.0"
vpa_config = {
values = [file("${path.module}/config/vpa-crd.yaml")]
}
## CLUSTER-AUTOSCALER
cluster_autoscaler_enabled = false # to enable cluster autoscaller
+ cluster_autoscaler_version = "9.37.0"
cluster_autoscaler_helm_config = [file("${path.module}/config/cluster-autoscaler.yaml")]
## NODE-TERMINATION-HANDLER
aws_node_termination_handler_enabled = false # to enable node termination handler
+ aws_node_termination_handler_version = "0.21.0"
aws_node_termination_handler_helm_config = {
values = [file("${path.module}/config/aws-node-termination-handler.yaml")]
enable_service_monitor = false # to enable monitoring for node termination handler
- enable_notifications = true
+ enable_notifications = false
}
## KEDA
keda_enabled = false # to enable Keda in the EKS cluster
+ keda_version = "2.14.2"
keda_helm_config = {
values = [file("${path.module}/config/keda.yaml")]
}
## KARPENTER
karpenter_enabled = false # to enable Karpenter (installs required CRDs )
+ karpenter_version = "1.0.6"
karpenter_helm_config = {
enable_service_monitor = false # to enable monitoring for kafalserpenter
values = [file("${path.module}/config/karpenter.yaml")]
@@ -81,14 +94,21 @@ module "eks-addons" {
values = [file("${path.module}/config/coredns-hpa.yaml")]
}
+ ## ClusterProportionalAutoscaler (Configured for CoreDNS)
+ cluster_proportional_autoscaler_enabled = false # to enable cluster proportional autoscaler
+ cluster_proportional_autoscaler_chart_version = "1.1.0"
+ cluster_proportional_autoscaler_helm_config = [file("${path.module}/config/cluster-proportional-autoscaler.yaml")]
+
## EXTERNAL-SECRETS
external_secrets_enabled = false # to enable external secrets
+ external_secrets_version = "0.9.19"
external_secrets_helm_config = {
values = [file("${path.module}/config/external-secret.yaml")]
}
## CERT-MANAGER
cert_manager_enabled = false # to enable Cert-manager
+ cert_manager_version = "v1.15.1"
cert_manager_helm_config = {
values = [file("${path.module}/config/cert-manager.yaml")]
enable_service_monitor = false # to enable monitoring for Cert Manager
@@ -97,6 +117,7 @@ module "eks-addons" {
## CONFIG-RELOADER
reloader_enabled = false # to enable config reloader in the EKS cluster
+ reloader_version = "v1.0.115"
reloader_helm_config = {
values = [file("${path.module}/config/reloader.yaml")]
enable_service_monitor = false # to enable monitoring for reloader
@@ -104,16 +125,27 @@ module "eks-addons" {
## INGRESS-NGINX
ingress_nginx_enabled = false # to enable ingress nginx
- private_nlb_enabled = false # to enable Internal (Private) Ingress , set this and ingress_nginx_enable "false" together
+ ingress_nginx_version = "4.11.0"
ingress_nginx_config = {
values = [file("${path.module}/config/ingress-nginx.yaml")]
enable_service_monitor = false # enable monitoring in nginx ingress
- ingress_class_name = "nginx" # enter ingress class name according to your requirement (example: "nginx", "internal-ingress")
- namespace = "nginx" # enter namespace according to the requirement (example: "nginx", "internal-ingress")
+ ingress_class_name = "nginx" # enter ingress class name according to your requirement
+ namespace = "nginx" # enter namespace according to the requirement
+ }
+
+ ## PRIVATE INGRESS-NGINX
+ private_ingress_nginx_enabled = false # to enable Internal (Private) Ingress
+ private_ingress_nginx_version = "4.11.0"
+ private_ingress_nginx_config = {
+ values = [file("${path.module}/config/ingress-nginx.yaml")]
+ enable_service_monitor = false # enable monitoring in nginx ingress
+ ingress_class_name = "private-nginx" # enter ingress class name according to your requirement (example: "nginx", "internal-ingress")
+ namespace = "private-nginx" # enter namespace according to the requirement (example: "nginx", "internal-ingress")
}
## AWS-APPLICATION-LOAD-BALANCER-CONTROLLER
aws_load_balancer_controller_enabled = false # to enable load balancer controller
+ aws_load_balancer_controller_version = "1.8.1"
aws_load_balancer_controller_helm_config = {
values = [file("${path.module}/config/aws-alb.yaml")]
namespace = "alb" # enter namespace according to the requirement (example: "alb")
@@ -122,15 +154,18 @@ module "eks-addons" {
## KUBERNETES-DASHBOARD
kubernetes_dashboard_enabled = false
+ kubernetes_dashboard_version = "6.0.8"
kubernetes_dashboard_config = {
- k8s_dashboard_ingress_load_balancer = "nlb" ##Choose your load balancer type (e.g., NLB or ALB). Enable load balancer controller, if you require ALB, Enable Ingress Nginx if NLB.
+ k8s_dashboard_ingress_load_balancer = "nlb" # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
private_alb_enabled = false # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
alb_acm_certificate_arn = "" # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
k8s_dashboard_hostname = "k8s-dashboard.rnd.squareops.in" # Enter Hostname
+ ingress_class_name = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
}
## ArgoCD
argocd_enabled = false
+ argocd_version = "7.3.11"
argocd_config = {
hostname = "argocd.rnd.squareops.in"
values_yaml = file("${path.module}/config/argocd.yaml")
@@ -139,7 +174,10 @@ module "eks-addons" {
autoscaling_enabled = true
slack_notification_token = ""
argocd_notifications_enabled = false
- ingress_class_name = "nginx" # enter ingress class name according to your requirement (example: "ingress-nginx", "internal-ingress")
+ ingress_class_name = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+ argocd_ingress_load_balancer = "nlb" # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+ private_alb_enabled = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+ alb_acm_certificate_arn = "" # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
}
argoproject_config = {
name = "argo-project" # enter name for aro-project appProjects
@@ -147,12 +185,30 @@ module "eks-addons" {
## ArgoCD-Workflow
argoworkflow_enabled = false
+ argoworkflow_version = "0.29.2"
argoworkflow_config = {
- values = file("${path.module}/config/argocd-workflow.yaml")
- namespace = local.argocd_namespace
- autoscaling_enabled = true
- hostname = "argocd-workflow.rnd.squareops.in"
- ingress_class_name = "nginx" # enter ingress class name according to your requirement (example: "ingress-nginx", "internal-ingress")
+ values = file("${path.module}/config/argocd-workflow.yaml")
+ namespace = local.argocd_namespace
+ autoscaling_enabled = true
+ hostname = "argoworkflow.rnd.squareops.in"
+ ingress_class_name = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+ argoworkflow_ingress_load_balancer = "nlb" # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+ private_alb_enabled = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+ alb_acm_certificate_arn = "" # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
+ }
+
+ ## ArgoRollout
+ argorollout_enabled = false
+ argorollout_config = {
+ values = file("${path.module}/config/argo-rollout.yaml")
+ namespace = local.argocd_namespace
+ hostname = "argo-rollout.rnd.squareops.in"
+ enable_dashboard = false
+ ingress_class_name = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+ argorollout_ingress_load_balancer = "nlb" # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+ private_alb_enabled = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+ alb_acm_certificate_arn = "" # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
+ chart_version = "2.38.0"
}
# VELERO
@@ -172,10 +228,12 @@ module "eks-addons" {
## KUBECLARITY
kubeclarity_enabled = false # to enable kube clarity
+ kubeclarity_version = "2.23.0"
kubeclarity_hostname = "kubeclarity.prod.in"
## KUBECOST
kubecost_enabled = false # to enable kube cost
+ kubecost_version = "v2.1.0-eksbuild.1"
kubecost_hostname = "kubecost.prod.in"
## DEFECT-DOJO
@@ -184,6 +242,7 @@ module "eks-addons" {
## FALCO
falco_enabled = false # to enable falco
+ falco_version = "4.0.0"
slack_webhook = "xoxb-379541400966-iibMHnnoaPzVl"
}
@@ -206,9 +265,13 @@ module "eks-addons" {
| Release 1.1.7 | ✔ | ✔ | ✔ | ✔ | ✔ |
| Release 1.1.8 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Release 3.0.0 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
-| Release 3.1.1 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
+| Release 3.1.0 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
+| Release 3.1.3 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
+| Release 4.0.0 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
+| Release 4.0.1 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
+| Release 4.0.2 | ❌ | ❌ | ❌ | ❌ | ❌ | ✔ | ✔ | ✔ |
-Note: The latest release 3.0.0 support EKS version 1.28, 1.29 and 1.30. For EKS version <=1.27 refer the previous release.
+Note: The latest release 4.0.0 support EKS version 1.28, 1.29 and 1.30. For EKS version <=1.27 refer the previous release.
## IAM Permissions
The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-eks-addons.git/blob/main/IAM.md)
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 83a1f83..2b9cd42 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -21,7 +21,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.0.1 |
+| [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.0.2 |
## Resources
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index fe1fa34..1e63274 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -23,7 +23,7 @@ locals {
module "eks-addons" {
source = "squareops/eks-addons/aws"
- version = "4.0.1"
+ version = "4.0.2"
name = local.name
tags = local.additional_tags
vpc_id = local.vpc_id
diff --git a/locals.tf b/locals.tf
index 2843a76..a788c6a 100644
--- a/locals.tf
+++ b/locals.tf
@@ -48,7 +48,7 @@ locals {
il-central-1 = "066635153087.dkr.ecr.il-central-1.amazonaws.com",
me-south-1 = "558608220178.dkr.ecr.me-south-1.amazonaws.com",
me-central-1 = "759879836304.dkr.ecr.me-central-1.amazonaws.com",
- mx-central-1 = "730335286997.dkr.ecr.mx-central-1.amazonaws.com",
+ mx-central-1 = "730335286997.dkr.ecr.mx-central-1.amazonaws.com",
sa-east-1 = "602401143452.dkr.ecr.sa-east-1.amazonaws.com",
us-east-1 = "602401143452.dkr.ecr.us-east-1.amazonaws.com",
us-east-2 = "602401143452.dkr.ecr.us-east-2.amazonaws.com",
diff --git a/modules/argocd/config/values.yaml b/modules/argocd/config/values.yaml
index 8550dd2..46910b2 100644
--- a/modules/argocd/config/values.yaml
+++ b/modules/argocd/config/values.yaml
@@ -74,6 +74,8 @@ configs:
p, role:readonly, gpgkeys, get, *, allow
p, role:readonly, logs, get, */*, allow
g, qa, role:readonly
+ params:
+ application.namespaces: "*"
server:
config: