Adding option to manage add-ons via GitOps

kubernetes-addons.tf

@@ -45,14 +45,15 @@ module "prometheus" {
   count                 = var.create_eks && var.prometheus_enable ? 1 : 0
   source                = "./kubernetes-addons/prometheus"
   prometheus_helm_chart = var.prometheus_helm_chart
-  
+
   #AWS Managed Prometheus Workspace
   aws_managed_prometheus_enable   = var.aws_managed_prometheus_enable
   amp_workspace_id                = var.aws_managed_prometheus_enable ? module.aws_managed_prometheus[0].amp_workspace_id : ""
   amp_ingest_role_arn             = var.aws_managed_prometheus_enable ? module.aws_managed_prometheus[0].service_account_amp_ingest_role_arn : ""
   service_account_amp_ingest_name = local.service_account_amp_ingest_name
+  manage_via_gitops               = var.argocd_manage_add_ons
 
-  depends_on = [module.aws_eks]
+  depends_on                      = [module.aws_eks]
 }
 
 module "aws_load_balancer_controller" {
@@ -62,8 +63,9 @@ module "aws_load_balancer_controller" {
   lb_ingress_controller_helm_app = var.aws_lb_ingress_controller_helm_app
   eks_oidc_issuer_url            = module.aws_eks.cluster_oidc_issuer_url
   eks_oidc_provider_arn          = module.aws_eks.oidc_provider_arn
-
-  depends_on = [module.aws_eks]
+  manage_via_gitops              = var.argocd_manage_add_ons
+  
+  depends_on                     = [module.aws_eks]
 }
 
 module "nginx_ingress" {
@@ -79,6 +81,7 @@ module "aws-for-fluent-bit" {
   source                       = "./kubernetes-addons/aws-for-fluentbit"
   aws_for_fluentbit_helm_chart = var.aws_for_fluentbit_helm_chart
   eks_cluster_id               = module.aws_eks.cluster_id
+  manage_via_gitops            = var.argocd_manage_add_ons
 
   depends_on = [module.aws_eks]
 }
@@ -141,11 +144,12 @@ module "aws_opentelemetry_collector" {
 }
 
 module "argocd" {
-  count               = var.create_eks && var.argocd_enable ? 1 : 0
-  source              = "./kubernetes-addons/argocd"
-  argocd_helm_chart   = var.argocd_helm_chart
-  argocd_applications = var.argocd_applications
-  eks_cluster_name    = module.aws_eks.cluster_id
+  count                = var.create_eks && var.argocd_enable ? 1 : 0
+  source               = "./kubernetes-addons/argocd"
+  argocd_helm_chart    = var.argocd_helm_chart
+  argocd_applications  = var.argocd_applications
+  eks_cluster_name     = module.aws_eks.cluster_id
+  gitops_add_on_config = local.gitops_add_on_config
 
   depends_on = [module.aws_eks]
 }
@@ -161,4 +165,4 @@ module "keda" {
 
   depends_on = [module.aws_eks]
 
-}
+}
\ No newline at end of file

kubernetes-addons/argocd/locals.tf

@@ -45,10 +45,10 @@ locals {
     var.argocd_helm_chart
   )
 
-  # Global Values for ArgoCD App of Apps.
-  global_values = {
-    region : data.aws_region.current.id
+	# Global Application Values
+	global_argo_values = {
+		region : data.aws_region.current.id
     account : data.aws_caller_identity.current.account_id
     clusterName : var.eks_cluster_name
-  }
+	}
 }

kubernetes-addons/argocd/main.tf

@@ -100,10 +100,11 @@ resource "kubernetes_manifest" "argocd_application" {
           releaseName = each.key
           values : yamlencode(merge(
             each.value.values,
-            local.global_values
+            local.global_argo_values,
+            each.value.add_on_application ? var.gitops_add_on_config : {}
           ))
         }
-        path : each.value.repo_path
+        path : each.value.path
         repoURL : each.value.repo_url
         targetRevision : each.value.target_revision
       }
@@ -131,4 +132,4 @@ resource "kubernetes_manifest" "argocd_application" {
     }
   }
   depends_on = [helm_release.argocd]
-}
+}
\ No newline at end of file

kubernetes-addons/argocd/variables.tf

@@ -32,3 +32,9 @@ variable "eks_cluster_name" {
   type        = string
   description = "Name for the EKS Cluster"
 }
+
+variable "gitops_add_on_config" {
+  type        = any
+  default     = {}
+  description = "Add-on configuration"
+}

kubernetes-addons/aws-for-fluentbit/main.tf

@@ -24,6 +24,7 @@ resource "aws_cloudwatch_log_group" "eks_worker_logs" {
 }
 
 resource "helm_release" "aws_for_fluent_bit" {
+  count                      = var.manage_via_gitops ? 0 : 1
   name                       = local.aws_for_fluentbit_helm_app["name"]
   repository                 = local.aws_for_fluentbit_helm_app["repository"]
   chart                      = local.aws_for_fluentbit_helm_app["chart"]

kubernetes-addons/aws-for-fluentbit/outputs.tf

@@ -16,11 +16,21 @@
  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
-output "aws_fluent_bit_cw_log_group_name" {
+output "log_group_name" {
   description = "AWS Fluent Bit CloudWatch Log Group Name"
   value       = aws_cloudwatch_log_group.eks_worker_logs.name
 }
-output "aws_fluent_bit_cw_log_group_arn" {
+
+output "log_group_arn" {
   description = "AWS Fluent Bit CloudWatch Log Group ARN"
   value       = aws_cloudwatch_log_group.eks_worker_logs.arn
 }
+
+output "argocd_gitops_config" {
+  description = "Configuration needed for GitOps"
+  value = var.manage_via_gitops ? {
+    enable       = true
+    logGroupName = aws_cloudwatch_log_group.eks_worker_logs.name
+    logGroupArn  = aws_cloudwatch_log_group.eks_worker_logs.arn
+  } : null
+}
\ No newline at end of file

kubernetes-addons/aws-for-fluentbit/variables.tf

@@ -26,3 +26,9 @@ variable "eks_cluster_id" {
   type        = string
   description = "EKS cluster Id"
 }
+
+variable "manage_via_gitops" {
+  type        = bool
+  default     = false
+  description = "Determines if the add-on should be managed via GitOps."
+}

kubernetes-addons/aws-load-balancer-controller/main.tf

@@ -17,6 +17,7 @@
  */
 
 resource "helm_release" "lb_ingress" {
+  count                      = var.manage_via_gitops ? 0 : 1
   name                       = local.lb_ingress_controller_helm_app["name"]
   repository                 = local.lb_ingress_controller_helm_app["repository"]
   chart                      = local.lb_ingress_controller_helm_app["chart"]

kubernetes-addons/aws-load-balancer-controller/outputs.tf

@@ -17,9 +17,14 @@
  */
 
 output "ingress_namespace" {
-  value = helm_release.lb_ingress.metadata[0].namespace
+  value = local.lb_ingress_controller_helm_app["namespace"]
 }
 
 output "ingress_name" {
-  value = helm_release.lb_ingress.metadata[0].name
+  value = local.lb_ingress_controller_helm_app["name"]
 }
+
+output "gitops_config" {
+  description = "Configuration needed for GitOps"
+  value       = var.manage_via_gitops ? { enable = true } : null
+}
\ No newline at end of file

kubernetes-addons/aws-load-balancer-controller/variables.tf

@@ -36,3 +36,10 @@ variable "eks_oidc_provider_arn" {
   type        = string
   description = "The ARN of the OIDC Provider if `enable_irsa = true`."
 }
+
+variable "manage_via_gitops" {
+  type        = bool
+  default     = false
+  description = "Determines if the add-on should be managed via GitOps."
+}
+

kubernetes-addons/prometheus/locals.tf

@@ -5,8 +5,8 @@ locals {
 
   default_helm_values = [templatefile("${path.module}/values.yaml", {
     aws_region           = data.aws_region.current.name,
-    ingest_role_arn      = var.amp_ingest_role_arn
     service_account_name = var.service_account_amp_ingest_name
+    amp_ingest_role_arn  = var.amp_ingest_role_arn
     amp_workspace_url    = local.amp_workspace_url
   })]
 

kubernetes-addons/prometheus/main.tf

@@ -17,6 +17,7 @@
  */
 
 resource "helm_release" "prometheus" {
+  count                      = var.manage_via_gitops ? 0 : 1
   name                       = local.prometheus_helm_app["name"]
   repository                 = local.prometheus_helm_app["repository"]
   chart                      = local.prometheus_helm_app["chart"]

kubernetes-addons/prometheus/outputs.tf

+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: MIT-0
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this
+ * software and associated documentation files (the "Software"), to deal in the Software
+ * without restriction, including without limitation the rights to use, copy, modify,
+ * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+output "amp_ingest_role_arn" {
+  value = var.amp_ingest_role_arn
+}
+
+output "amp_workspace_url" {
+  value = local.amp_workspace_url
+}
+
+output "gitops_config" {
+  description = "Configuration needed for GitOps"
+  value = var.manage_via_gitops ? {
+    enable           = true
+    ampIngestRoleArn = var.amp_ingest_role_arn
+    ampWorkspaceUrl  = local.amp_workspace_url
+  } : null
+}

kubernetes-addons/prometheus/values.yaml

@@ -2,7 +2,7 @@ serviceAccounts:
   server:
     name: ${service_account_name}
     annotations: 
-        eks.amazonaws.com/role-arn: ${ingest_role_arn}
+        eks.amazonaws.com/role-arn: ${amp_ingest_role_arn}
 server:
   remoteWrite:
     - url: ${amp_workspace_url}

kubernetes-addons/prometheus/variables.tf

@@ -40,3 +40,9 @@ variable "prometheus_helm_chart" {
   type    = any
   default = {}
 }
+
+variable "manage_via_gitops" {
+  type        = bool
+  default     = false
+  description = "Determines if the add-on should be managed via GitOps."
+}
\ No newline at end of file

locals.tf

@@ -84,4 +84,13 @@ locals {
   service_account_amp_ingest_name = format("%s-%s", module.aws_eks.cluster_id, "amp-ingest")
   service_account_amp_query_name  = format("%s-%s", module.aws_eks.cluster_id, "amp-query")
 
+  # Indicates if add-on modules should deploy Helm charts or not. 
+  deploy_helm_chart = !var.argocd_manage_add_ons
+
+  # Configuration for managing add-ons via GitOps.
+  gitops_add_on_config = {
+    awsForFluentBit           = var.aws_for_fluentbit_enable ? module.aws_for_fluent_bit[0].gitops_config : null
+    awsLoadBalancerController = var.aws_load_balancer_controller_enable ? module.aws_load_balancer_controller[0].gitops_config : null
+    prometheus                = var.prometheus_enable ? module.prometheus[0].gitops_config : null
+  }
 }

main.tf

@@ -90,7 +90,6 @@ module "aws_managed_prometheus" {
   service_account_amp_ingest_name = local.service_account_amp_ingest_name
   service_account_amp_query_name  = local.service_account_amp_query_name
   amp_workspace_name              = var.aws_managed_prometheus_workspace_name
-
 }
 
 module "emr_on_eks" {
@@ -109,4 +108,4 @@ module "emr_on_eks" {
 
   depends_on = [module.aws_eks, kubernetes_config_map.aws_auth]
 
-}
+}
\ No newline at end of file

variables.tf

@@ -199,12 +199,15 @@ variable "aws_auth_additional_labels" {
   default     = {}
   type        = map(string)
 }
+
 # KUBERNETES ADDONS VARIABLES
+
 variable "enable_emr_on_eks" {
   type        = bool
   default     = false
   description = "Enabling EMR on EKS Config"
 }
+
 variable "emr_on_eks_teams" {
   description = "EMR on EKS Teams configuration"
   type        = any
@@ -376,6 +379,12 @@ variable "argocd_applications" {
   default     = {}
   description = "ARGO CD Applications config to bootstrap the cluster"
 }
+variable "argocd_manage_add_ons" {
+  type        = bool
+  default     = false
+  description = "Enables managing add-on configuration via ArgoCD"
+}
+
 #-----------KEDA ADDON-------------
 variable "keda_enable" {
   type        = bool