From 42cbad96766378cfddb1e8e7c96fa6b4208a34ff Mon Sep 17 00:00:00 2001
From: Kevin Coleman <kcaws@amazon.com>
Date: Tue, 16 Nov 2021 20:52:08 -0800
Subject: [PATCH] Adding documentation.
---
README.md | 1 +
docs/add-ons/argocd.md | 27 +++++++++++++++
docs/add-ons/aws-for-fluent-bit.md | 12 +++++++
kubernetes-addons.tf | 8 ++---
kubernetes-addons/argocd/README.md | 1 +
kubernetes-addons/argocd/locals.tf | 8 ++---
kubernetes-addons/argocd/main.tf | 4 +--
kubernetes-addons/argocd/variables.tf | 2 +-
kubernetes-addons/aws-for-fluentbit/README.md | 2 ++
.../aws-for-fluentbit/outputs.tf | 6 ++--
.../aws-load-balancer-controller/README.md | 2 ++
.../aws-load-balancer-controller/main.tf | 1 -
.../aws-load-balancer-controller/outputs.tf | 5 ---
.../aws-load-balancer-controller/variables.tf | 7 ----
kubernetes-addons/prometheus/README.md | 5 ++-
kubernetes-addons/prometheus/main.tf | 1 -
kubernetes-addons/prometheus/outputs.tf | 34 -------------------
kubernetes-addons/prometheus/variables.tf | 6 ----
locals.tf | 5 ---
main.tf | 3 +-
20 files changed, 63 insertions(+), 77 deletions(-)
delete mode 100644 kubernetes-addons/prometheus/outputs.tf
diff --git a/README.md b/README.md
index 68f58e2d..93479f2d 100644
--- a/README.md
+++ b/README.md
@@ -183,6 +183,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
| <a name="input_argocd_applications"></a> [argocd\_applications](#input\_argocd\_applications) | ARGO CD Applications config to bootstrap the cluster | `any` | `{}` | no |
| <a name="input_argocd_enable"></a> [argocd\_enable](#input\_argocd\_enable) | Enable ARGO CD Kubernetes Addon | `bool` | `false` | no |
| <a name="input_argocd_helm_chart"></a> [argocd\_helm\_chart](#input\_argocd\_helm\_chart) | ARGO CD Kubernetes Addon Configuration | `any` | `{}` | no |
+| <a name="input_argocd_manage_add_ons"></a> [argocd\_manage\_add\_ons](#input\_argocd\_manage\_add\_ons) | Enables managing add-on configuration via ArgoCD | `bool` | `false` | no |
| <a name="input_aws_auth_additional_labels"></a> [aws\_auth\_additional\_labels](#input\_aws\_auth\_additional\_labels) | Additional kubernetes labels applied on aws-auth ConfigMap | `map(string)` | `{}` | no |
| <a name="input_aws_for_fluentbit_enable"></a> [aws\_for\_fluentbit\_enable](#input\_aws\_for\_fluentbit\_enable) | Enabling FluentBit Addon on EKS Worker Nodes | `bool` | `false` | no |
| <a name="input_aws_for_fluentbit_helm_chart"></a> [aws\_for\_fluentbit\_helm\_chart](#input\_aws\_for\_fluentbit\_helm\_chart) | Helm chart definition for aws\_for\_fluent\_bit | `any` | `{}` | no |
diff --git a/docs/add-ons/argocd.md b/docs/add-ons/argocd.md
index 378483b1..a68d88fd 100644
--- a/docs/add-ons/argocd.md
+++ b/docs/add-ons/argocd.md
@@ -49,3 +49,30 @@ argocd_applications = {
}
}
```
+
+### Add-ons
+
+A common operational pattern is to leverage Infrastructure as Code for provisioning EKS clusters (in addition to other AWS resources) and GitOps for managing cluster configuration. The framework provides support for this approach by leveraging the ArgoCD [App of Apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern.
+
+To configure the framework to leverage ArgoCD for managing add-ons, you must pass configuration for a root ArgoCD Application that points to your desired add-ons. You can specify the root application by setting the `add_on_application` value to true in your application configuration.
+
+Additionally, you must set the `argocd_manage_add_ons` property to true. When this flag is set, the framework will still provision all AWS resources necessary to support add-on functionality, but it will not apply Helm charts directly via Terraform. Instead, the framework will pass AWS resource values needed for each add-on to ArgoCD via the values map of the root add-on Application. For specific values passed for each add-on, see the individual add-on documentation.
+
+Sample configuration can be found below:
+
+```
+argocd_enable = true
+argocd_manage_add_ons = true
+argocd_applications = {
+ infra = {
+ namespace = "argocd"
+ path = "<path>"
+ repo_url = "<repo_url>"
+ target_revision = "HEAD"
+ destination = "https://kubernetes.default.svc"
+ project = "default"
+ values = {}
+ add_on_application = true # Indicates the root add-on application.
+ }
+}
+```
diff --git a/docs/add-ons/aws-for-fluent-bit.md b/docs/add-ons/aws-for-fluent-bit.md
index 66d08910..c8bedfeb 100644
--- a/docs/add-ons/aws-for-fluent-bit.md
+++ b/docs/add-ons/aws-for-fluent-bit.md
@@ -13,3 +13,15 @@ AWS provides a Fluent Bit image with plugins for both CloudWatch Logs and Kinesi
```hcl
aws_for_fluentbit_enable = true
```
+
+### GitOps Configuration
+
+The following properties are made available for use when managing the add-on via GitOps
+
+```
+awsForFluentBit = {
+ enable = true
+ logGroupName = "<log_group_name>"
+ logGroupArn = "<log_group_arn>"
+}
+```
\ No newline at end of file
diff --git a/kubernetes-addons.tf b/kubernetes-addons.tf
index f46e9290..561236f0 100644
--- a/kubernetes-addons.tf
+++ b/kubernetes-addons.tf
@@ -51,9 +51,8 @@ module "prometheus" {
amp_workspace_id = var.aws_managed_prometheus_enable ? module.aws_managed_prometheus[0].amp_workspace_id : ""
amp_ingest_role_arn = var.aws_managed_prometheus_enable ? module.aws_managed_prometheus[0].service_account_amp_ingest_role_arn : ""
service_account_amp_ingest_name = local.service_account_amp_ingest_name
- manage_via_gitops = var.argocd_manage_add_ons
- depends_on = [module.aws_eks]
+ depends_on = [module.aws_eks]
}
module "aws_load_balancer_controller" {
@@ -63,9 +62,8 @@ module "aws_load_balancer_controller" {
lb_ingress_controller_helm_app = var.aws_lb_ingress_controller_helm_app
eks_oidc_issuer_url = module.aws_eks.cluster_oidc_issuer_url
eks_oidc_provider_arn = module.aws_eks.oidc_provider_arn
- manage_via_gitops = var.argocd_manage_add_ons
-
- depends_on = [module.aws_eks]
+
+ depends_on = [module.aws_eks]
}
module "nginx_ingress" {
diff --git a/kubernetes-addons/argocd/README.md b/kubernetes-addons/argocd/README.md
index a4c0a343..9dd12b1f 100644
--- a/kubernetes-addons/argocd/README.md
+++ b/kubernetes-addons/argocd/README.md
@@ -56,6 +56,7 @@ No modules.
| <a name="input_argocd_applications"></a> [argocd\_applications](#input\_argocd\_applications) | ARGO CD Applications config to bootstrap the cluster | `any` | `{}` | no |
| <a name="input_argocd_helm_chart"></a> [argocd\_helm\_chart](#input\_argocd\_helm\_chart) | ArgoCD Helm Chart Config values | `any` | `{}` | no |
| <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | Name for the EKS Cluster | `string` | n/a | yes |
+| <a name="input_gitops_add_on_config"></a> [gitops\_add\_on\_config](#input\_gitops\_add\_on\_config) | Configuration for managing add-ons via ArgoCD | `any` | `{}` | no |
## Outputs
diff --git a/kubernetes-addons/argocd/locals.tf b/kubernetes-addons/argocd/locals.tf
index dd849b88..d95b8cd5 100644
--- a/kubernetes-addons/argocd/locals.tf
+++ b/kubernetes-addons/argocd/locals.tf
@@ -45,10 +45,10 @@ locals {
var.argocd_helm_chart
)
- # Global Application Values
- global_argo_values = {
- region : data.aws_region.current.id
+ # Global Application Values
+ global_application_values = {
+ region : data.aws_region.current.id
account : data.aws_caller_identity.current.account_id
clusterName : var.eks_cluster_name
- }
+ }
}
diff --git a/kubernetes-addons/argocd/main.tf b/kubernetes-addons/argocd/main.tf
index 13ebd7b6..b251dcca 100644
--- a/kubernetes-addons/argocd/main.tf
+++ b/kubernetes-addons/argocd/main.tf
@@ -100,7 +100,7 @@ resource "kubernetes_manifest" "argocd_application" {
releaseName = each.key
values : yamlencode(merge(
each.value.values,
- local.global_argo_values,
+ local.global_application_values,
each.value.add_on_application ? var.gitops_add_on_config : {}
))
}
@@ -132,4 +132,4 @@ resource "kubernetes_manifest" "argocd_application" {
}
}
depends_on = [helm_release.argocd]
-}
\ No newline at end of file
+}
diff --git a/kubernetes-addons/argocd/variables.tf b/kubernetes-addons/argocd/variables.tf
index cb2a1b13..aafa1224 100644
--- a/kubernetes-addons/argocd/variables.tf
+++ b/kubernetes-addons/argocd/variables.tf
@@ -36,5 +36,5 @@ variable "eks_cluster_name" {
variable "gitops_add_on_config" {
type = any
default = {}
- description = "Add-on configuration"
+ description = "Configuration for managing add-ons via ArgoCD"
}
diff --git a/kubernetes-addons/aws-for-fluentbit/README.md b/kubernetes-addons/aws-for-fluentbit/README.md
index 4884c309..b938bb8b 100644
--- a/kubernetes-addons/aws-for-fluentbit/README.md
+++ b/kubernetes-addons/aws-for-fluentbit/README.md
@@ -46,11 +46,13 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_aws_for_fluentbit_helm_chart"></a> [aws\_for\_fluentbit\_helm\_chart](#input\_aws\_for\_fluentbit\_helm\_chart) | Helm chart definition for aws\_for\_fluent\_bit. | `any` | `{}` | no |
| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS cluster Id | `string` | n/a | yes |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
## Outputs
| Name | Description |
|------|-------------|
+| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with GitOps |
| <a name="output_aws_fluent_bit_cw_log_group_arn"></a> [aws\_fluent\_bit\_cw\_log\_group\_arn](#output\_aws\_fluent\_bit\_cw\_log\_group\_arn) | AWS Fluent Bit CloudWatch Log Group ARN |
| <a name="output_aws_fluent_bit_cw_log_group_name"></a> [aws\_fluent\_bit\_cw\_log\_group\_name](#output\_aws\_fluent\_bit\_cw\_log\_group\_name) | AWS Fluent Bit CloudWatch Log Group Name |
diff --git a/kubernetes-addons/aws-for-fluentbit/outputs.tf b/kubernetes-addons/aws-for-fluentbit/outputs.tf
index f18e2c60..6dc61791 100644
--- a/kubernetes-addons/aws-for-fluentbit/outputs.tf
+++ b/kubernetes-addons/aws-for-fluentbit/outputs.tf
@@ -16,18 +16,18 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-output "log_group_name" {
+output "aws_fluent_bit_cw_log_group_name" {
description = "AWS Fluent Bit CloudWatch Log Group Name"
value = aws_cloudwatch_log_group.eks_worker_logs.name
}
-output "log_group_arn" {
+output "aws_fluent_bit_cw_log_group_arn" {
description = "AWS Fluent Bit CloudWatch Log Group ARN"
value = aws_cloudwatch_log_group.eks_worker_logs.arn
}
output "argocd_gitops_config" {
- description = "Configuration needed for GitOps"
+ description = "Configuration used for managing the add-on with GitOps"
value = var.manage_via_gitops ? {
enable = true
logGroupName = aws_cloudwatch_log_group.eks_worker_logs.name
diff --git a/kubernetes-addons/aws-load-balancer-controller/README.md b/kubernetes-addons/aws-load-balancer-controller/README.md
index bf002b09..d5411882 100644
--- a/kubernetes-addons/aws-load-balancer-controller/README.md
+++ b/kubernetes-addons/aws-load-balancer-controller/README.md
@@ -110,11 +110,13 @@ No modules.
| <a name="input_eks_oidc_issuer_url"></a> [eks\_oidc\_issuer\_url](#input\_eks\_oidc\_issuer\_url) | The URL on the EKS cluster OIDC Issuer | `string` | n/a | yes |
| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true`. | `string` | n/a | yes |
| <a name="input_lb_ingress_controller_helm_app"></a> [lb\_ingress\_controller\_helm\_app](#input\_lb\_ingress\_controller\_helm\_app) | Helm chart definition for lb\_ingress\_controller. | `any` | `{}` | no |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
## Outputs
| Name | Description |
|------|-------------|
+| <a name="output_gitops_config"></a> [gitops\_config](#output\_gitops\_config) | Configuration used for managing the add-on with GitOps |
| <a name="output_ingress_name"></a> [ingress\_name](#output\_ingress\_name) | n/a |
| <a name="output_ingress_namespace"></a> [ingress\_namespace](#output\_ingress\_namespace) | n/a |
diff --git a/kubernetes-addons/aws-load-balancer-controller/main.tf b/kubernetes-addons/aws-load-balancer-controller/main.tf
index 77429b0a..43f2f811 100644
--- a/kubernetes-addons/aws-load-balancer-controller/main.tf
+++ b/kubernetes-addons/aws-load-balancer-controller/main.tf
@@ -17,7 +17,6 @@
*/
resource "helm_release" "lb_ingress" {
- count = var.manage_via_gitops ? 0 : 1
name = local.lb_ingress_controller_helm_app["name"]
repository = local.lb_ingress_controller_helm_app["repository"]
chart = local.lb_ingress_controller_helm_app["chart"]
diff --git a/kubernetes-addons/aws-load-balancer-controller/outputs.tf b/kubernetes-addons/aws-load-balancer-controller/outputs.tf
index ff7f74d6..e7889fd3 100644
--- a/kubernetes-addons/aws-load-balancer-controller/outputs.tf
+++ b/kubernetes-addons/aws-load-balancer-controller/outputs.tf
@@ -22,9 +22,4 @@ output "ingress_namespace" {
output "ingress_name" {
value = local.lb_ingress_controller_helm_app["name"]
-}
-
-output "gitops_config" {
- description = "Configuration needed for GitOps"
- value = var.manage_via_gitops ? { enable = true } : null
}
\ No newline at end of file
diff --git a/kubernetes-addons/aws-load-balancer-controller/variables.tf b/kubernetes-addons/aws-load-balancer-controller/variables.tf
index 3bdac8cd..590e5d85 100644
--- a/kubernetes-addons/aws-load-balancer-controller/variables.tf
+++ b/kubernetes-addons/aws-load-balancer-controller/variables.tf
@@ -36,10 +36,3 @@ variable "eks_oidc_provider_arn" {
type = string
description = "The ARN of the OIDC Provider if `enable_irsa = true`."
}
-
-variable "manage_via_gitops" {
- type = bool
- default = false
- description = "Determines if the add-on should be managed via GitOps."
-}
-
diff --git a/kubernetes-addons/prometheus/README.md b/kubernetes-addons/prometheus/README.md
index 85f009b7..5b4e3633 100644
--- a/kubernetes-addons/prometheus/README.md
+++ b/kubernetes-addons/prometheus/README.md
@@ -92,11 +92,14 @@ No modules.
| <a name="input_amp_ingest_role_arn"></a> [amp\_ingest\_role\_arn](#input\_amp\_ingest\_role\_arn) | n/a | `string` | `""` | no |
| <a name="input_amp_workspace_id"></a> [amp\_workspace\_id](#input\_amp\_workspace\_id) | n/a | `string` | `""` | no |
| <a name="input_aws_managed_prometheus_enable"></a> [aws\_managed\_prometheus\_enable](#input\_aws\_managed\_prometheus\_enable) | n/a | `bool` | `false` | no |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
| <a name="input_prometheus_helm_chart"></a> [prometheus\_helm\_chart](#input\_prometheus\_helm\_chart) | n/a | `any` | `{}` | no |
| <a name="input_service_account_amp_ingest_name"></a> [service\_account\_amp\_ingest\_name](#input\_service\_account\_amp\_ingest\_name) | n/a | `string` | `""` | no |
## Outputs
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_gitops_config"></a> [gitops\_config](#output\_gitops\_config) | Configuration needed for managing the add-on with GitOps |
<!--- END_TF_DOCS --->
diff --git a/kubernetes-addons/prometheus/main.tf b/kubernetes-addons/prometheus/main.tf
index efc39a32..e60694a4 100644
--- a/kubernetes-addons/prometheus/main.tf
+++ b/kubernetes-addons/prometheus/main.tf
@@ -17,7 +17,6 @@
*/
resource "helm_release" "prometheus" {
- count = var.manage_via_gitops ? 0 : 1
name = local.prometheus_helm_app["name"]
repository = local.prometheus_helm_app["repository"]
chart = local.prometheus_helm_app["chart"]
diff --git a/kubernetes-addons/prometheus/outputs.tf b/kubernetes-addons/prometheus/outputs.tf
deleted file mode 100644
index f34d609a..00000000
--- a/kubernetes-addons/prometheus/outputs.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: MIT-0
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this
- * software and associated documentation files (the "Software"), to deal in the Software
- * without restriction, including without limitation the rights to use, copy, modify,
- * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
- * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
- * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-output "amp_ingest_role_arn" {
- value = var.amp_ingest_role_arn
-}
-
-output "amp_workspace_url" {
- value = local.amp_workspace_url
-}
-
-output "gitops_config" {
- description = "Configuration needed for GitOps"
- value = var.manage_via_gitops ? {
- enable = true
- ampIngestRoleArn = var.amp_ingest_role_arn
- ampWorkspaceUrl = local.amp_workspace_url
- } : null
-}
diff --git a/kubernetes-addons/prometheus/variables.tf b/kubernetes-addons/prometheus/variables.tf
index 5cc291e8..2185d52a 100644
--- a/kubernetes-addons/prometheus/variables.tf
+++ b/kubernetes-addons/prometheus/variables.tf
@@ -40,9 +40,3 @@ variable "prometheus_helm_chart" {
type = any
default = {}
}
-
-variable "manage_via_gitops" {
- type = bool
- default = false
- description = "Determines if the add-on should be managed via GitOps."
-}
\ No newline at end of file
diff --git a/locals.tf b/locals.tf
index 83d15732..c279725c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -84,13 +84,8 @@ locals {
service_account_amp_ingest_name = format("%s-%s", module.aws_eks.cluster_id, "amp-ingest")
service_account_amp_query_name = format("%s-%s", module.aws_eks.cluster_id, "amp-query")
- # Indicates if add-on modules should deploy Helm charts or not.
- deploy_helm_chart = !var.argocd_manage_add_ons
-
# Configuration for managing add-ons via GitOps.
gitops_add_on_config = {
awsForFluentBit = var.aws_for_fluentbit_enable ? module.aws_for_fluent_bit[0].gitops_config : null
- awsLoadBalancerController = var.aws_load_balancer_controller_enable ? module.aws_load_balancer_controller[0].gitops_config : null
- prometheus = var.prometheus_enable ? module.prometheus[0].gitops_config : null
}
}
diff --git a/main.tf b/main.tf
index 3990f23a..dd7037aa 100644
--- a/main.tf
+++ b/main.tf
@@ -107,5 +107,4 @@ module "emr_on_eks" {
zone = var.zone
depends_on = [module.aws_eks, kubernetes_config_map.aws_auth]
-
-}
\ No newline at end of file
+}
--
GitLab