terraform-kubernetes-addons

Main components

Name	Description	Generic	AWS	Scaleway	GCP	Azure
admiralty	A system of Kubernetes controllers that intelligently schedules workloads across clusters	✔️	✔️	✔️	✔️	✔️
aws-ebs-csi-driver	Enable new feature and the use of `gp3` volumes	N/A	✔️	N/A	N/A	N/A
aws-efs-csi-driver	Enable EFS Support	N/A	✔️	N/A	N/A	N/A
aws-for-fluent-bit	Cloudwatch logging with fluent bit instead of fluentd	N/A	✔️	N/A	N/A	N/A
aws-load-balancer-controller	Use AWS ALB/NLB for ingress and services	N/A	✔️	N/A	N/A	N/A
aws-node-termination-handler	Manage spot instance lifecyle	N/A	✔️	N/A	N/A	N/A
aws-calico	Use calico for network policy	N/A	✔️	N/A	N/A	N/A
cert-manager	automatically generate TLS certificates, supports ACME v2	✔️	✔️	✔️	❌	N/A
cluster-autoscaler	scale worker nodes based on workload	N/A	✔️	Included	Included	Included
cni-metrics-helper	Provides cloudwatch metrics for VPC CNI plugins	N/A	✔️	N/A	N/A	N/A
external-dns	sync ingress and service records in route53	❌	✔️	✔️	❌	❌
flux2	Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit	✔️	✔️	✔️	✔️	✔️
ingress-nginx	processes `Ingress` object and acts as a HTTP/HTTPS proxy (compatible with cert-manager)	✔️	✔️	✔️	❌	❌
istio-operator	Service mesh for Kubernetes	✔️	✔️	✔️	✔️	✔️
k8gb	A cloud native Kubernetes Global Balancer	✔️	✔️	✔️	✔️	✔️
karma	An alertmanager dashboard	✔️	✔️	✔️	✔️	✔️
keda	Kubernetes Event-driven Autoscaling	✔️	✔️	✔️	✔️	✔️
keycloak	Identity and access management	✔️	✔️	✔️	✔️	✔️
kong	API Gateway ingress controller	✔️	✔️	✔️	❌	❌
kube-prometheus-stack	Monitoring / Alerting / Dashboards	✔️	✔️	✔️	❌	❌
kyverno	Kubernetes Native Policy Management	✔️	✔️	✔️	✔️	✔️
loki-stack	Grafana Loki logging stack	✔️	✔️	🚧	❌	❌
promtail	Ship log to loki from other cluster (eg. mTLS)	🚧	✔️	🚧	❌	❌
prometheus-adapter	Prometheus metrics for use with the autoscaling/v2 Horizontal Pod Autoscaler in Kubernetes 1.6+	✔️	✔️	✔️	✔️	✔️
prometheus-cloudwatch-exporter	An exporter for Amazon CloudWatch, for Prometheus.	✔️	✔️	✔️	✔️	✔️
prometheus-blackbox-exporter	The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP.	✔️	✔️	✔️	✔️	✔️
metrics-server	enable metrics API and horizontal pod scaling (HPA)	✔️	✔️	Included	Included	Included
node-problem-detector	Forwards node problems to Kubernetes events	✔️	✔️	Included	Included	Included
sealed-secrets	Technology agnostic, store secrets on git	✔️	✔️	✔️	✔️	✔️
strimzi-kafka-operator	Apache Kafka running on Kubernetes	✔️	✔️	✔️	✔️	✔️
thanos	Open source, highly available Prometheus setup with long term storage capabilities	❌	✔️	🚧	❌	❌
thanos-memcached	Open source, highly available Prometheus setup with long term storage capabilities	❌	✔️	🚧	❌	❌
thanos-storegateway	Additional storegateway to query multiple object stores	❌	✔️	🚧	❌	❌
thanos-tls-querier	Thanos TLS querier for cross cluster collection	❌	✔️	🚧	❌	❌
vault	A tool for secrets management, encryption as a service, and privileged access management	✔️	✔️	✔️	✔️	✔️

Submodules

Submodules are used for specific cloud provider configuration such as IAM role for AWS. For a Kubernetes vanilla cluster, generic addons should be used.

Any contribution supporting a new cloud provider is welcomed.

Doc generation

Code formatting and documentation for variables and outputs is generated using pre-commit-terraform hooks which uses terraform-docs.

Follow these instructions to install pre-commit locally.

And install terraform-docs with go get github.com/segmentio/terraform-docs or brew install terraform-docs.

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Requirements

Name	Version
terraform	>= 0.13
flux	~> 0.2
github	~> 4.5
helm	~> 2.0
kubectl	~> 1.0
kubernetes	~> 2.0

Providers

Name	Version
flux	~> 0.2
github	~> 4.5
helm	~> 2.0
http	n/a
kubectl	~> 1.0
kubernetes	~> 2.0
random	n/a
time	n/a
tls	n/a

Modules

No modules.

Resources

Name	Type
github_branch_default.main	resource
github_repository.main	resource
github_repository_deploy_key.main	resource
github_repository_file.install	resource
github_repository_file.kustomize	resource
github_repository_file.sync	resource
helm_release.admiralty	resource
helm_release.cert-manager	resource
helm_release.flux	resource
helm_release.ingress-nginx	resource
helm_release.istio-operator	resource
helm_release.k8gb	resource
helm_release.karma	resource
helm_release.keda	resource
helm_release.keycloak	resource
helm_release.kong	resource
helm_release.kube-prometheus-stack	resource
helm_release.kyverno	resource
helm_release.loki-stack	resource
helm_release.metrics-server	resource
helm_release.node-problem-detector	resource
helm_release.prometheus-adapter	resource
helm_release.prometheus-blackbox-exporter	resource
helm_release.sealed-secrets	resource
helm_release.strimzi-kafka-operator	resource
helm_release.vault	resource
kubectl_manifest.apply	resource
kubectl_manifest.cert-manager_cluster_issuers	resource
kubectl_manifest.cert-manager_csi_driver	resource
kubectl_manifest.kong_crds	resource
kubectl_manifest.prometheus-operator_crds	resource
kubectl_manifest.sync	resource
kubernetes_namespace.admiralty	resource
kubernetes_namespace.cert-manager	resource
kubernetes_namespace.flux	resource
kubernetes_namespace.flux2	resource
kubernetes_namespace.ingress-nginx	resource
kubernetes_namespace.istio-operator	resource
kubernetes_namespace.k8gb	resource
kubernetes_namespace.karma	resource
kubernetes_namespace.keda	resource
kubernetes_namespace.keycloak	resource
kubernetes_namespace.kong	resource
kubernetes_namespace.kube-prometheus-stack	resource
kubernetes_namespace.kyverno	resource
kubernetes_namespace.loki-stack	resource
kubernetes_namespace.metrics-server	resource
kubernetes_namespace.node-problem-detector	resource
kubernetes_namespace.prometheus-adapter	resource
kubernetes_namespace.prometheus-blackbox-exporter	resource
kubernetes_namespace.sealed-secrets	resource
kubernetes_namespace.strimzi-kafka-operator	resource
kubernetes_namespace.vault	resource
kubernetes_network_policy.admiralty_allow_namespace	resource
kubernetes_network_policy.admiralty_default_deny	resource
kubernetes_network_policy.cert-manager_allow_control_plane	resource
kubernetes_network_policy.cert-manager_allow_monitoring	resource
kubernetes_network_policy.cert-manager_allow_namespace	resource
kubernetes_network_policy.cert-manager_default_deny	resource
kubernetes_network_policy.flux2_allow_monitoring	resource
kubernetes_network_policy.flux2_allow_namespace	resource
kubernetes_network_policy.flux_allow_monitoring	resource
kubernetes_network_policy.flux_allow_namespace	resource
kubernetes_network_policy.flux_default_deny	resource
kubernetes_network_policy.ingress-nginx_allow_control_plane	resource
kubernetes_network_policy.ingress-nginx_allow_ingress	resource
kubernetes_network_policy.ingress-nginx_allow_monitoring	resource
kubernetes_network_policy.ingress-nginx_allow_namespace	resource
kubernetes_network_policy.ingress-nginx_default_deny	resource
kubernetes_network_policy.istio-operator_allow_namespace	resource
kubernetes_network_policy.istio-operator_default_deny	resource
kubernetes_network_policy.k8gb_allow_namespace	resource
kubernetes_network_policy.k8gb_default_deny	resource
kubernetes_network_policy.karma_allow_ingress	resource
kubernetes_network_policy.karma_allow_namespace	resource
kubernetes_network_policy.karma_default_deny	resource
kubernetes_network_policy.keda_allow_namespace	resource
kubernetes_network_policy.keda_default_deny	resource
kubernetes_network_policy.keycloak_allow_ingress	resource
kubernetes_network_policy.keycloak_allow_monitoring	resource
kubernetes_network_policy.keycloak_allow_namespace	resource
kubernetes_network_policy.keycloak_default_deny	resource
kubernetes_network_policy.kong_allow_ingress	resource
kubernetes_network_policy.kong_allow_monitoring	resource
kubernetes_network_policy.kong_allow_namespace	resource
kubernetes_network_policy.kong_default_deny	resource
kubernetes_network_policy.kube-prometheus-stack_allow_control_plane	resource
kubernetes_network_policy.kube-prometheus-stack_allow_ingress	resource
kubernetes_network_policy.kube-prometheus-stack_allow_namespace	resource
kubernetes_network_policy.kube-prometheus-stack_default_deny	resource
kubernetes_network_policy.kyverno_allow_namespace	resource
kubernetes_network_policy.kyverno_default_deny	resource
kubernetes_network_policy.loki-stack_allow_ingress	resource
kubernetes_network_policy.loki-stack_allow_namespace	resource
kubernetes_network_policy.loki-stack_default_deny	resource
kubernetes_network_policy.metrics-server_allow_control_plane	resource
kubernetes_network_policy.metrics-server_allow_namespace	resource
kubernetes_network_policy.metrics-server_default_deny	resource
kubernetes_network_policy.npd_allow_namespace	resource
kubernetes_network_policy.npd_default_deny	resource
kubernetes_network_policy.prometheus-adapter_allow_namespace	resource
kubernetes_network_policy.prometheus-adapter_default_deny	resource
kubernetes_network_policy.prometheus-blackbox-exporter_allow_namespace	resource
kubernetes_network_policy.prometheus-blackbox-exporter_default_deny	resource
kubernetes_network_policy.sealed-secrets_allow_namespace	resource
kubernetes_network_policy.sealed-secrets_default_deny	resource
kubernetes_network_policy.strimzi-kafka-operator_allow_namespace	resource
kubernetes_network_policy.strimzi-kafka-operator_default_deny	resource
kubernetes_network_policy.vault_allow_namespace	resource
kubernetes_network_policy.vault_default_deny	resource
kubernetes_priority_class.kubernetes_addons	resource
kubernetes_priority_class.kubernetes_addons_ds	resource
kubernetes_role.flux	resource
kubernetes_role_binding.flux	resource
kubernetes_secret.main	resource
random_string.grafana_password	resource
time_sleep.cert-manager_sleep	resource
tls_private_key.identity	resource
flux_install.main	data source
flux_sync.main	data source
github_repository.main	data source
http_http.kong_crds	data source
http_http.prometheus-operator_crds	data source
http_http.prometheus-operator_version	data source
kubectl_file_documents.apply	data source
kubectl_file_documents.kong_crds	data source
kubectl_file_documents.sync	data source
kubectl_path_documents.cert-manager_cluster_issuers	data source
kubectl_path_documents.cert-manager_csi_driver	data source

Inputs

Name	Description	Type	Default	Required
admiralty	Customize admiralty chart, see `admiralty.tf` for supported values	`any`	`{}`	no
cert-manager	Customize cert-manager chart, see `cert-manager.tf` for supported values	`any`	`{}`	no
cluster-autoscaler	Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values	`any`	`{}`	no
cluster-name	Name of the Kubernetes cluster	`string`	`"sample-cluster"`	no
external-dns	Map of map for external-dns configuration: see `external_dns.tf` for supported values	`any`	`{}`	no
flux	Customize Flux chart, see `flux.tf` for supported values	`any`	`{}`	no
flux2	Customize Flux chart, see `flux2.tf` for supported values	`any`	`{}`	no
helm_defaults	Customize default Helm behavior	`any`	`{}`	no
ingress-nginx	Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values	`any`	`{}`	no
istio-operator	Customize istio operator deployment, see `istio_operator.tf` for supported values	`any`	`{}`	no
k8gb	Customize k8gb chart, see `k8gb.tf` for supported values	`any`	`{}`	no
karma	Customize karma chart, see `karma.tf` for supported values	`any`	`{}`	no
keda	Customize keda chart, see `keda.tf` for supported values	`any`	`{}`	no
keycloak	Customize keycloak chart, see `keycloak.tf` for supported values	`any`	`{}`	no
kong	Customize kong-ingress chart, see `kong.tf` for supported values	`any`	`{}`	no
kube-prometheus-stack	Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values	`any`	`{}`	no
kyverno	Customize kyverno chart, see `kyverno.tf` for supported values	`any`	`{}`	no
labels_prefix	Custom label prefix used for network policy namespace matching	`string`	`"particule.io"`	no
loki-stack	Customize loki-stack chart, see `loki-stack.tf` for supported values	`any`	`{}`	no
metrics-server	Customize metrics-server chart, see `metrics_server.tf` for supported values	`any`	`{}`	no
npd	Customize node-problem-detector chart, see `npd.tf` for supported values	`any`	`{}`	no
priority-class	Customize a priority class for addons	`any`	`{}`	no
priority-class-ds	Customize a priority class for addons daemonsets	`any`	`{}`	no
prometheus-adapter	Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values	`any`	`{}`	no
prometheus-blackbox-exporter	Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values	`any`	`{}`	no
promtail	Customize promtail chart, see `loki-stack.tf` for supported values	`any`	`{}`	no
sealed-secrets	Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values	`any`	`{}`	no
strimzi-kafka-operator	Customize strimzi-kafka-operator chart, see `strimzi-kafka-operator.tf` for supported values	`any`	`{}`	no
thanos	Customize thanos chart, see `thanos.tf` for supported values	`any`	`{}`	no
thanos-memcached	Customize thanos chart, see `thanos.tf` for supported values	`any`	`{}`	no
thanos-storegateway	Customize thanos chart, see `thanos.tf` for supported values	`any`	`{}`	no
thanos-tls-querier	Customize thanos chart, see `thanos.tf` for supported values	`any`	`{}`	no
vault	Customize Hashicorp Vault chart, see `vault.tf` for supported values	`any`	`{}`	no

Outputs

Name	Description
grafana_password	n/a

anillingutla/terraform-kubernetes-addons