Skip to content

Latest commit

 

History

History
166 lines (148 loc) · 29.4 KB

README.md

File metadata and controls

166 lines (148 loc) · 29.4 KB

Kubernetes Marketplace Terraform Module for Yandex Cloud

Features

  • Install Yandex Cloud Marketplace for Kubernetes listed products using the Helm charts provided
  • Define custom settings supported by the Helm charts

Example Usage

module "helm_addons" {
  source = "./"

  cluster_id = "k8s_cluster_id"

  install_nodelocal_dns = true
}

Requirements

Name Version
terraform >= 1.0
helm >= 2.9
yandex >= 0.108

Providers

Name Version
helm 2.16.1
yandex 0.133.0

Modules

No modules.

Resources

Name Type
helm_release.alb_ingress resource
helm_release.argocd resource
helm_release.cert_manager resource
helm_release.chaos_mesh resource
helm_release.crossplane resource
helm_release.csi_s3 resource
helm_release.external_dns resource
helm_release.external_secrets resource
helm_release.falco resource
helm_release.filebeat resource
helm_release.filebeat_oss resource
helm_release.fluentbit resource
helm_release.gatekeeper resource
helm_release.gateway_api resource
helm_release.gitlab_agent resource
helm_release.gitlab_runner resource
helm_release.ingress_nginx resource
helm_release.istio resource
helm_release.kruise resource
helm_release.kyverno resource
helm_release.loki resource
helm_release.metrics_provider resource
helm_release.nodelocal_dns resource
helm_release.policy_reporter resource
helm_release.prometheus resource
helm_release.vault resource
helm_release.velero resource
yandex_client_config.client data source
yandex_kubernetes_cluster.target data source

Inputs

Name Description Type Default Required
alb_ingress Map for overriding ALB Ingress Controller Helm chart settings 
object({
    name       = optional(string, "alb-ingress")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/yc-alb-ingress")
    chart      = optional(string, "yc-alb-ingress-controller-chart")
    version    = optional(string, "v0.2.11")
    namespace  = optional(string, "alb-ingress")

    folder_id            = optional(string, null)
    cluster_id           = optional(string, null)
    service_account_key  = optional(string, null)
    healthchecks_enabled = optional(bool, false)
  })
 {} no
argocd Map for overriding ArgoCD Helm chart settings 
object({
    name       = optional(string, "argocd")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/argo/chart")
    chart      = optional(string, "argo-cd")
    version    = optional(string, "7.3.11-2")
    namespace  = optional(string, "argocd")
  })
 {} no
cert_manager Map for overriding cert-manager Helm chart settings 
object({
    name       = optional(string, "cert-manager")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/cert-manager-webhook-yandex")
    chart      = optional(string, "cert-manager-webhook-yandex")
    version    = optional(string, "1.0.8-1")
    namespace  = optional(string, "cert-manager")

    service_account_key = optional(string)
    folder_id           = optional(string)
    email_address       = optional(string)
    letsencrypt_server  = optional(string, "https://acme-staging-v02.api.letsencrypt.org/directory")
  })
 {} no
chaos_mesh Map for overriding Chaos Mesh Helm chart settings 
object({
    name       = optional(string, "chaos-mesh")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/chaos-mesh")
    chart      = optional(string, "chaos-mesh")
    version    = optional(string, "2.6.1-1b")
    namespace  = optional(string, "chaos-mesh")
  })
 {} no
cluster_id The ID of the Kubernetes cluster where addons should be installed. string n/a yes
crossplane Map for overriding Crossplane Helm chart settings 
object({
    name       = optional(string, "crossplane")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/crossplane")
    chart      = optional(string, "crossplane")
    version    = optional(string, "1.15.0")
    namespace  = optional(string, "crossplane")

    service_account_key = optional(string)
  })
 {} no
csi_s3 Map for overriding CSI S3 Helm chart settings 
object({
    name       = optional(string, "csi-s3")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3")
    chart      = optional(string, "csi-s3")
    version    = optional(string, "0.35.5")
    namespace  = optional(string, "csi-s3")

    create_storage_class      = optional(bool, true)
    create_secret             = optional(bool, true)
    object_storage_key_id     = optional(string)
    object_storage_key_secret = optional(string)
    single_bucket             = optional(string)
    s3_endpoint               = optional(string, "https://storage.yandexcloud.net")
    mount_options             = optional(string, "--memory-limit 1000 --dir-mode 0777 --file-mode 0666")
    reclaim_policy            = optional(string, "Delete")
    storage_class_name        = optional(string, "csi-s3")
    secret_name               = optional(string, "csi-s3-secret")
    tolerations_all           = optional(bool, false)
  })
 {} no
external_dns Map for overriding External DNS Helm chart settings 
object({
    name       = optional(string, "external-dns")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/externaldns/chart/")
    chart      = optional(string, "externaldns")
    version    = optional(string, "0.5.1-a")
    namespace  = optional(string, "external-dns")

    service_account_key = optional(string)
    folder_id           = optional(string)
    txt_owner_id        = optional(string, "external-dns")
    txt_prefix          = optional(string, "external-dns-")
  })
 {} no
external_secrets Map for overriding External Secrets Helm chart settings 
object({
    name       = optional(string, "external-secrets")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/external-secrets/chart")
    chart      = optional(string, "external-secrets")
    version    = optional(string, "0.9.20")
    namespace  = optional(string, "external-secrets")

    service_account_key = optional(string)
  })
 {} no
falco Map for overriding Falco Helm chart settings 
object({
    name       = optional(string, "falco")
    repository = optional(string, "oci://cr.yandex/yc-marketplace")
    chart      = optional(string, "falco")
    version    = optional(string, "2.2.5")
    namespace  = optional(string, "falco")

    falco_sidekick_enabled      = optional(bool, false)
    falco_sidekick_replicacount = optional(number, 1)
  })
 {} no
filebeat Map for overriding Filebeat Helm chart settings 
object({
    name       = optional(string, "filebeat")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/filebeat/chart")
    chart      = optional(string, "filebeat")
    version    = optional(string, "7.16.3-5")
    namespace  = optional(string, "filebeat")

    elasticsearch_username = optional(string, "admin")
    elasticsearch_password = optional(string)
    elasticsearch_fqdn     = optional(string)
  })
 {} no
filebeat_oss Map for overriding Filebeat OSS Helm chart settings 
object({
    name       = optional(string, "filebeat")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/filebeat-oss/chart")
    chart      = optional(string, "filebeat-oss")
    version    = optional(string, "7.12.1-1")
    namespace  = optional(string, "filebeat")

    opensearch_username = optional(string, "admin")
    opensearch_password = optional(string)
    opensearch_fqdn     = optional(string)
  })
 {} no
fluentbit Map for overriding Fluentbit Helm chart settings 
object({
    name       = optional(string, "fluent-bit")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/fluent-bit")
    chart      = optional(string, "fluent-bit")
    version    = optional(string, "2.1.7-3")
    namespace  = optional(string, "fluent-bit")

    log_group_id              = optional(string)
    service_account_key       = optional(string)
    export_to_s3_enabled      = optional(bool, false)
    object_storage_bucket     = optional(string)
    object_storage_key_id     = optional(string)
    object_storage_key_secret = optional(string)
  })
 {} no
gatekeeper Map for overriding Gatekeeper Helm chart settings 
object({
    name       = optional(string, "gatekeeper")
    repository = optional(string, "oci://cr.yandex/yc-marketplace")
    chart      = optional(string, "gatekeeper")
    version    = optional(string, "3.12.0")
    namespace  = optional(string, "gatekeeper")

    audit_interval           = optional(number, 60)
    violation_limit          = optional(number, 20)
    match_kind_enabled       = optional(bool, false)
    emit_events_enabled      = optional(bool, false)
    namespace_events_enabled = optional(bool, false)
    external_data_enabled    = optional(bool, false)
  })
 {} no
gateway_api Map for overriding Gateway API Helm chart settings 
object({
    name       = optional(string, "gateway-api")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm")
    chart      = optional(string, "gateway-api")
    version    = optional(string, "0.4.31")
    namespace  = optional(string, "gateway-api")

    folder_id           = optional(string)
    vpc_network_id      = optional(string)
    subnet_id_a         = optional(string)
    subnet_id_b         = optional(string)
    subnet_id_d         = optional(string)
    service_account_key = optional(string)
  })
 {} no
gitlab_agent Map for overriding Gitlab Agent Helm chart settings 
object({
    name       = optional(string, "gitlab-agent")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gitlab-org/gitlab-agent/chart")
    chart      = optional(string, "gitlab-agent")
    version    = optional(string, "1.16.0-1")
    namespace  = optional(string, "gitlab-agent")

    gitlab_domain = optional(string)
    gitlab_token  = optional(string)
  })
 {} no
gitlab_runner Map for overriding Gitlab Runner Helm chart settings 
object({
    name       = optional(string, "gitlab-runner")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gitlab-org/gitlab-runner/chart")
    chart      = optional(string, "gitlab-runner")
    version    = optional(string, "0.54.0-8")
    namespace  = optional(string, "gitlab-runner")

    gitlab_domain     = optional(string)
    gitlab_token      = optional(string)
    runner_privileged = optional(bool, false)
    runner_tags       = optional(string)
  })
 {} no
ingress_nginx Map for overriding Ingress NGINX Helm chart settings 
object({
    name       = optional(string, "ingress-nginx")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/ingress-nginx/chart/")
    chart      = optional(string, "ingress-nginx")
    version    = optional(string, "4.10.0")
    namespace  = optional(string, "ingress-nginx")

    replica_count                   = optional(number, 1)
    service_loadbalancer_ip         = optional(string)
    service_external_traffic_policy = optional(string, "Cluster") # Cluster or Local
  })
 {} no
install_alb_ingress Install ALB Ingress Controller bool false no
install_argocd Install ArgoCD bool false no
install_cert_manager Install cert-manager bool false no
install_chaos_mesh Install Chaos Mesh bool false no
install_crossplane Install Crossplane bool false no
install_csi_s3 Install CSI S3 bool false no
install_external_dns Install External DNS bool false no
install_external_secrets Install External Secrets bool false no
install_falco Install Falco bool false no
install_filebeat Install Filebeat bool false no
install_filebeat_oss Install Filebeat OSS bool false no
install_fluentbit Install Fluentbit bool false no
install_gatekeeper Install Gatekeeper bool false no
install_gateway_api Install Gateway API bool false no
install_gitlab_agent Install Gitlab Agent bool false no
install_gitlab_runner Install Gitlab Runner bool false no
install_ingress_nginx Install Ingress NGINX bool false no
install_istio Install Istio bool false no
install_kruise Install Kruise bool false no
install_kyverno Install Kyverno bool false no
install_loki Install Loki bool false no
install_metrics_provider Install Metrics Provider bool false no
install_nodelocal_dns Install NodeLocal NS bool false no
install_policy_reporter Install Policy Reporter bool false no
install_prometheus Install Prometheus bool false no
install_vault Install Vault bool false no
install_velero Install Velero bool false no
istio Map for overriding Istio Helm chart settings 
object({
    name       = optional(string, "istio")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/istio")
    chart      = optional(string, "istio")
    version    = optional(string, "1.21.2-1")
    namespace  = optional(string, "istio-system")

    addons_enabled = optional(bool, false)
  })
 {} no
kruise Map for overriding Kruise Helm chart settings 
object({
    name       = optional(string, "kruise")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/kruise/chart")
    chart      = optional(string, "kruise")
    version    = optional(string, "1.5.0")
    namespace  = optional(string, "kruise")
  })
 {} no
kyverno Map for overriding Kyverno Helm chart settings 
object({
    name       = optional(string, "kyverno")
    repository = optional(string, "oci://cr.yandex/yc-marketplace")
    chart      = optional(string, "multi-kyverno")
    version    = optional(string, "1.0.0")
    namespace  = optional(string, "kyverno")

    kyverno_policies_enabled = optional(bool, true)
    pod_security_profile     = optional(string, "baseline")
    failure_action           = optional(string, "audit") # audit, enforce
  })
 {} no
loki Map for overriding Loki Helm chart settings 
object({
    name       = optional(string, "loki")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/grafana/loki/chart")
    chart      = optional(string, "loki")
    version    = optional(string, "1.2.0-7")
    namespace  = optional(string, "loki")

    object_storage_bucket = optional(string)
    aws_key_value         = optional(string)
    promtail_enabled      = optional(bool, true)
  })
 {} no
metrics_provider Map for overriding Metrics Provider Helm chart settings 
object({
    name       = optional(string, "metrics-provider")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/metric-provider/chart")
    chart      = optional(string, "metrics-provider")
    version    = optional(string, "0.1.12")
    namespace  = optional(string, "metrics-provider")

    metrics_folder_id             = optional(string)
    metrics_window                = optional(string, "2m")
    downsampling_disabled         = optional(bool, true)
    downsampling_grid_aggregation = optional(string, "AVG")
    downsampling_gap_filling      = optional(string, "PREVIOUS")
    downsampling_gap_max_points   = optional(number, 10)
    downsampling_grid_interval    = optional(number, 1)
    service_account_key           = optional(string)
  })
 {} no
nodelocal_dns Map for overriding NodeLocal DNS Helm chart settings 
object({
    name       = optional(string, "node-local-dns")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud")
    chart      = optional(string, "node-local-dns")
    version    = optional(string, "1.5.1")
    namespace  = optional(string, "node-local-dns")
  })
 {} no
policy_reporter Map for overriding Policy Reporter Helm chart settings 
object({
    name       = optional(string, "policy-reporter")
    repository = optional(string, "oci://cr.yandex/yc-marketplace")
    chart      = optional(string, "policy-reporter")
    version    = optional(string, "2.13.11")
    namespace  = optional(string, "policy-reporter")

    cluster_id            = optional(string)
    custom_fields_enabled = optional(bool, false)
    ui_enabled            = optional(bool, false)
    s3_enabled            = optional(bool, false)
    s3_bucket             = optional(string)
    kinesis_enabled       = optional(bool, false)
    kinesis_endpoint      = optional(string)
    kinesis_stream        = optional(string)
    aws_key_value         = optional(string)
  })
 {} no
prometheus Map for overriding Prometheus Helm chart settings 
object({
    name       = optional(string, "prometheus")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/prometheus")
    chart      = optional(string, "kube-prometheus-stack")
    version    = optional(string, "57.2.0-1")
    namespace  = optional(string, "prometheus")

    prometheus_workspace_id = optional(string)
    api_key_value           = optional(string)
  })
 {} no
vault Map for overriding Vault Helm chart settings 
object({
    name       = optional(string, "vault")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/vault/chart")
    chart      = optional(string, "vault")
    version    = optional(string, "0.28.1+yckms")
    namespace  = optional(string, "vault")

    service_account_key = optional(string)
    kms_key_id          = optional(string)
  })
 {} no
velero Map for overriding Velero Helm chart settings 
object({
    name       = optional(string, "velero")
    repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/velero")
    chart      = optional(string, "velero")
    version    = optional(string, "2.30.4-1")
    namespace  = optional(string, "velero")

    object_storage_bucket = optional(string)
    aws_key_value         = optional(string)
  })
 {} no

Outputs

Name Description
alb_ingress_status ALB Ingress deployment status.
argocd_status ArgoCD deployment status.
cert_manager_status cert-manager deployment status.
chaos_mesh_status Chaos Mesh deployment status.
cluster_id Kubernetes cluster ID.
crossplane_status Crossplane deployment status.
csi_s3_status CSI S3 deployment status.
external_dns_status External DNS deployment status.
external_secrets_status External Secrets deployment status.
falco_status Falco deployment status.
filebeat_oss_status Filebeat OSS deployment status.
filebeat_status Filebeat deployment status.
fluentbit_status Fluentbit deployment status.
gatekeeper_status Gatekeeper deployment status.
gateway_api_status Gateway API deployment status.
gitlab_agent_status Gitlab Agent deployment status.
gitlab_runner_status Gitlab Runner deployment status.
ingress_nginx_status NGINX Ingress deployment status.
istio_status Istio deployment status.
kruise_status Kruise deployment status.
kyverno_status Kyverno deployment status.
loki_status Loki deployment status.
metrics_provider_status Metrics Provider deployment status.
nodelocal_dns_status Node-Local DNS deployment status.
policy_reporter_status Policy Reporter deployment status.
prometheus_status Prometheus deployment status.
vault_status Vault deployment status.
velero_status Velero deployment status.