From ff31b8c277135b1e6de334393e484a44b3f2ee34 Mon Sep 17 00:00:00 2001
From: "Ankush.upadhyay" <ankush.upadhyay@squareops.com>
Date: Thu, 30 Jan 2025 14:47:16 +0530
Subject: [PATCH] Updated readme and argocd configs

---
 README.md                         | 103 ++++++++++++++++++++++++------
 examples/complete/README.md       |   2 +-
 examples/complete/main.tf         |   2 +-
 locals.tf                         |   2 +-
 modules/argocd/config/values.yaml |   2 +
 5 files changed, 88 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 1ba5495..49fbfb7 100644
--- a/README.md
+++ b/README.md
@@ -11,24 +11,27 @@ This module provides a set of reusable, configurable, and scalable AWS EKS addon
 ```hcl
 module "eks-addons" {
   source               = "squareops/eks-addons/aws"
-  version              = "3.1.1"
+  version              = "4.0.2"
   name                 = local.name
   tags                 = local.additional_tags
-  vpc_id               = "vpc-xxxxxx"                     # pass VPC ID
-  private_subnet_ids   = ["subnet-xxxxx", "subnet-xxxxx"] # pass Subnet IDs
+  vpc_id               = local.vpc_id
+  private_subnet_ids   = local.private_subnet_ids # pass the private subnet IDs
+  public_subnet_ids    = local.public_subnet_ids  # pass the private subnet IDs
   environment          = local.environment
   ipv6_enabled         = local.ipv6_enabled
   kms_key_arn          = local.kms_key_arn
-  kms_policy_arn       = "arn:aws:iam::xxx:policy/eks-kms-policy" # eks module will create kms_policy_arn
-  worker_iam_role_name = "eks-node-role"                          # enter role name created by eks module
-  worker_iam_role_arn  = "arn:aws:iam::xxx:role/eks-node-role"    # enter roll ARN
+  kms_policy_arn       = local.kms_policy_arn
+  worker_iam_role_arn  = local.worker_iam_role_arn
+  worker_iam_role_name = local.worker_iam_role_name
   eks_cluster_name     = data.aws_eks_cluster.cluster.name
 
   #VPC-CNI-DRIVER
-  amazon_eks_vpc_cni_enabled = false # enable VPC-CNI
+  amazon_eks_vpc_cni_enabled = true # enable VPC-CNI
+  vpc_cni_version            = "v1.19.2-eksbuild.1"
 
   #EBS-CSI-DRIVER
   enable_amazon_eks_aws_ebs_csi_driver = false # enable EBS CSI Driver
+  ebs_csi_driver_version               = "v1.36.0-eksbuild.1"
   amazon_eks_aws_ebs_csi_driver_config = {
     values = [file("${path.module}/config/ebs-csi.yaml")]
   }
@@ -39,37 +42,47 @@ module "eks-addons" {
 
   ## EfS-STORAGE-CLASS
   efs_storage_class_enabled = false # to enable EBS storage class
+  efs_version               = "2.3.2"
 
   ## SERVICE-MONITORING-CRDs
   service_monitor_crd_enabled = false # enable service monitor along with K8S-dashboard (required CRD) or when require service monitor in reloader and cert-manager
 
   ## METRIC-SERVER
   metrics_server_enabled     = false # to enable metrics server
+  metrics_server_version     = "3.12.1"
   metrics_server_helm_config = [file("${path.module}/config/metrics-server.yaml")]
+
+  # VerticalPodAutoscaler
+  vpa_enabled = false
+  vpa_version = "9.9.0"
   vpa_config = {
     values = [file("${path.module}/config/vpa-crd.yaml")]
   }
 
   ## CLUSTER-AUTOSCALER
   cluster_autoscaler_enabled     = false # to enable cluster autoscaller
+  cluster_autoscaler_version     = "9.37.0"
   cluster_autoscaler_helm_config = [file("${path.module}/config/cluster-autoscaler.yaml")]
 
   ## NODE-TERMINATION-HANDLER
   aws_node_termination_handler_enabled = false # to enable node termination handler
+  aws_node_termination_handler_version = "0.21.0"
   aws_node_termination_handler_helm_config = {
     values                 = [file("${path.module}/config/aws-node-termination-handler.yaml")]
     enable_service_monitor = false # to enable monitoring for node termination handler
-    enable_notifications   = true
+    enable_notifications   = false
   }
 
   ## KEDA
   keda_enabled = false # to enable Keda in the EKS cluster
+  keda_version = "2.14.2"
   keda_helm_config = {
     values = [file("${path.module}/config/keda.yaml")]
   }
 
   ## KARPENTER
   karpenter_enabled = false # to enable Karpenter (installs required CRDs )
+  karpenter_version = "1.0.6"
   karpenter_helm_config = {
     enable_service_monitor = false # to enable monitoring for kafalserpenter
     values                 = [file("${path.module}/config/karpenter.yaml")]
@@ -81,14 +94,21 @@ module "eks-addons" {
     values = [file("${path.module}/config/coredns-hpa.yaml")]
   }
 
+  ## ClusterProportionalAutoscaler (Configured for CoreDNS)
+  cluster_proportional_autoscaler_enabled       = false # to enable cluster proportional autoscaler
+  cluster_proportional_autoscaler_chart_version = "1.1.0"
+  cluster_proportional_autoscaler_helm_config   = [file("${path.module}/config/cluster-proportional-autoscaler.yaml")]
+
   ## EXTERNAL-SECRETS
   external_secrets_enabled = false # to enable external secrets
+  external_secrets_version = "0.9.19"
   external_secrets_helm_config = {
     values = [file("${path.module}/config/external-secret.yaml")]
   }
 
   ## CERT-MANAGER
   cert_manager_enabled = false # to enable Cert-manager
+  cert_manager_version = "v1.15.1"
   cert_manager_helm_config = {
     values                         = [file("${path.module}/config/cert-manager.yaml")]
     enable_service_monitor         = false # to enable monitoring for Cert Manager
@@ -97,6 +117,7 @@ module "eks-addons" {
 
   ## CONFIG-RELOADER
   reloader_enabled = false # to enable config reloader in the EKS cluster
+  reloader_version = "v1.0.115"
   reloader_helm_config = {
     values                 = [file("${path.module}/config/reloader.yaml")]
     enable_service_monitor = false # to enable monitoring for reloader
@@ -104,16 +125,27 @@ module "eks-addons" {
 
   ## INGRESS-NGINX
   ingress_nginx_enabled = false # to enable ingress nginx
-  private_nlb_enabled   = false # to enable Internal (Private) Ingress , set this and ingress_nginx_enable "false" together
+  ingress_nginx_version = "4.11.0"
   ingress_nginx_config = {
     values                 = [file("${path.module}/config/ingress-nginx.yaml")]
     enable_service_monitor = false   # enable monitoring in nginx ingress
-    ingress_class_name     = "nginx" # enter ingress class name according to your requirement (example: "nginx", "internal-ingress")
-    namespace              = "nginx" # enter namespace according to the requirement (example: "nginx", "internal-ingress")
+    ingress_class_name     = "nginx" # enter ingress class name according to your requirement
+    namespace              = "nginx" # enter namespace according to the requirement
+  }
+
+  ## PRIVATE INGRESS-NGINX
+  private_ingress_nginx_enabled = false # to enable Internal (Private) Ingress
+  private_ingress_nginx_version = "4.11.0"
+  private_ingress_nginx_config = {
+    values                 = [file("${path.module}/config/ingress-nginx.yaml")]
+    enable_service_monitor = false           # enable monitoring in nginx ingress
+    ingress_class_name     = "private-nginx" # enter ingress class name according to your requirement (example: "nginx", "internal-ingress")
+    namespace              = "private-nginx" # enter namespace according to the requirement (example: "nginx", "internal-ingress")
   }
 
   ## AWS-APPLICATION-LOAD-BALANCER-CONTROLLER
   aws_load_balancer_controller_enabled = false # to enable load balancer controller
+  aws_load_balancer_controller_version = "1.8.1"
   aws_load_balancer_controller_helm_config = {
     values                        = [file("${path.module}/config/aws-alb.yaml")]
     namespace                     = "alb" # enter namespace according to the requirement (example: "alb")
@@ -122,15 +154,18 @@ module "eks-addons" {
 
   ## KUBERNETES-DASHBOARD
   kubernetes_dashboard_enabled = false
+  kubernetes_dashboard_version = "6.0.8"
   kubernetes_dashboard_config = {
-    k8s_dashboard_ingress_load_balancer = "nlb"                            ##Choose your load balancer type (e.g., NLB or ALB). Enable load balancer controller, if you require ALB, Enable Ingress Nginx if NLB.
+    k8s_dashboard_ingress_load_balancer = "nlb"                            # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
     private_alb_enabled                 = false                            # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
     alb_acm_certificate_arn             = ""                               # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
     k8s_dashboard_hostname              = "k8s-dashboard.rnd.squareops.in" # Enter Hostname
+    ingress_class_name                  = "nginx"                          # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
   }
 
   ## ArgoCD
   argocd_enabled = false
+  argocd_version = "7.3.11"
   argocd_config = {
     hostname                     = "argocd.rnd.squareops.in"
     values_yaml                  = file("${path.module}/config/argocd.yaml")
@@ -139,7 +174,10 @@ module "eks-addons" {
     autoscaling_enabled          = true
     slack_notification_token     = ""
     argocd_notifications_enabled = false
-    ingress_class_name           = "nginx" # enter ingress class name according to your requirement (example: "ingress-nginx", "internal-ingress")
+    ingress_class_name           = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+    argocd_ingress_load_balancer = "nlb"   # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+    private_alb_enabled          = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+    alb_acm_certificate_arn      = ""      # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
   }
   argoproject_config = {
     name = "argo-project" # enter name for aro-project appProjects
@@ -147,12 +185,30 @@ module "eks-addons" {
 
   ## ArgoCD-Workflow
   argoworkflow_enabled = false
+  argoworkflow_version = "0.29.2"
   argoworkflow_config = {
-    values              = file("${path.module}/config/argocd-workflow.yaml")
-    namespace           = local.argocd_namespace
-    autoscaling_enabled = true
-    hostname            = "argocd-workflow.rnd.squareops.in"
-    ingress_class_name  = "nginx" # enter ingress class name according to your requirement (example: "ingress-nginx", "internal-ingress")
+    values                             = file("${path.module}/config/argocd-workflow.yaml")
+    namespace                          = local.argocd_namespace
+    autoscaling_enabled                = true
+    hostname                           = "argoworkflow.rnd.squareops.in"
+    ingress_class_name                 = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+    argoworkflow_ingress_load_balancer = "nlb"   # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+    private_alb_enabled                = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+    alb_acm_certificate_arn            = ""      # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
+  }
+
+  ## ArgoRollout
+  argorollout_enabled = false
+  argorollout_config = {
+    values                            = file("${path.module}/config/argo-rollout.yaml")
+    namespace                         = local.argocd_namespace
+    hostname                          = "argo-rollout.rnd.squareops.in"
+    enable_dashboard                  = false
+    ingress_class_name                = "nginx" # For public nlb use "nginx", for private NLB use "private-nginx", For ALB, use "alb"
+    argorollout_ingress_load_balancer = "nlb"   # Pass either "nlb/alb" to choose load balancer controller as ingress-nginx controller or ALB controller
+    private_alb_enabled               = "false" # to enable Internal (Private) ALB , set this and aws_load_balancer_controller_enabled "true" together
+    alb_acm_certificate_arn           = ""      # If using ALB in above parameter, ensure you provide the ACM certificate ARN for SSL.
+    chart_version                     = "2.38.0"
   }
 
   # VELERO
@@ -172,10 +228,12 @@ module "eks-addons" {
 
   ## KUBECLARITY
   kubeclarity_enabled  = false # to enable kube clarity
+  kubeclarity_version  = "2.23.0"
   kubeclarity_hostname = "kubeclarity.prod.in"
 
   ## KUBECOST
   kubecost_enabled  = false # to enable kube cost
+  kubecost_version  = "v2.1.0-eksbuild.1"
   kubecost_hostname = "kubecost.prod.in"
 
   ## DEFECT-DOJO
@@ -184,6 +242,7 @@ module "eks-addons" {
 
   ## FALCO
   falco_enabled = false # to enable falco
+  falco_version = "4.0.0"
   slack_webhook = "xoxb-379541400966-iibMHnnoaPzVl"
 }
 
@@ -206,9 +265,13 @@ module "eks-addons" {
 | Release 1.1.7  | &#x2714;  | &#x2714;  | &#x2714; | &#x2714; | &#x2714; |
 | Release 1.1.8  | &#x2714;  | &#x2714;  | &#x2714; | &#x2714; | &#x2714; | &#x2714; |
 | Release 3.0.0  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
-| Release 3.1.1  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
+| Release 3.1.0  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
+| Release 3.1.3  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
+| Release 4.0.0  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
+| Release 4.0.1  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
+| Release 4.0.2  | &#x274C;  | &#x274C;  | &#x274C; | &#x274C; | &#x274C; | &#x2714; | &#x2714; | &#x2714; |
 
-Note: The latest release 3.0.0 support EKS version 1.28, 1.29 and 1.30. For EKS version <=1.27 refer the previous release.
+Note: The latest release 4.0.0 support EKS version 1.28, 1.29 and 1.30. For EKS version <=1.27 refer the previous release.
 ## IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-eks-addons.git/blob/main/IAM.md)
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 83a1f83..2b9cd42 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -21,7 +21,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.0.1 |
+| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.0.2 |
 
 ## Resources
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index fe1fa34..1e63274 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -23,7 +23,7 @@ locals {
 
 module "eks-addons" {
   source               = "squareops/eks-addons/aws"
-  version              = "4.0.1"
+  version              = "4.0.2"
   name                 = local.name
   tags                 = local.additional_tags
   vpc_id               = local.vpc_id
diff --git a/locals.tf b/locals.tf
index 2843a76..a788c6a 100644
--- a/locals.tf
+++ b/locals.tf
@@ -48,7 +48,7 @@ locals {
       il-central-1   = "066635153087.dkr.ecr.il-central-1.amazonaws.com",
       me-south-1     = "558608220178.dkr.ecr.me-south-1.amazonaws.com",
       me-central-1   = "759879836304.dkr.ecr.me-central-1.amazonaws.com",
-      mx-central-1   = "730335286997.dkr.ecr.mx-central-1.amazonaws.com", 
+      mx-central-1   = "730335286997.dkr.ecr.mx-central-1.amazonaws.com",
       sa-east-1      = "602401143452.dkr.ecr.sa-east-1.amazonaws.com",
       us-east-1      = "602401143452.dkr.ecr.us-east-1.amazonaws.com",
       us-east-2      = "602401143452.dkr.ecr.us-east-2.amazonaws.com",
diff --git a/modules/argocd/config/values.yaml b/modules/argocd/config/values.yaml
index 8550dd2..46910b2 100644
--- a/modules/argocd/config/values.yaml
+++ b/modules/argocd/config/values.yaml
@@ -74,6 +74,8 @@ configs:
       p, role:readonly, gpgkeys, get, *, allow
       p, role:readonly, logs, get, */*, allow
       g, qa, role:readonly
+  params:
+    application.namespaces: "*"
 
 server:
   config: