Thank you for reading this post, don't forget to subscribe!
модуль для aws external secret
/infra-code/terraform_modules/aws_eks_external_secret/external_secret.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
resource "kubernetes_namespace" "eso_ns" { metadata { annotations = { name = var.namespace } name = var.namespace } provider = kubernetes } resource "helm_release" "eso" { name = "eso" repository = "https://charts.external-secrets.io" chart = "external-secrets" version = var.chart_version namespace = var.namespace create_namespace = false values = [<<EOF global: tolerations: ${indent(4, yamlencode(var.tolerations))} nodeSelector: ${indent(4, yamlencode(var.node_selector))} crds: createClusterExternalSecret: false createClusterSecretStore: true processClusterExternalSecret: false processClusterStore: false serviceMonitor: enabled: true resources: requests: cpu: ${var.controller_resources.requests.cpu} memory: ${var.controller_resources.requests.memory} limits: cpu: ${var.controller_resources.limits.cpu} memory: ${var.controller_resources.limits.memory} webhook: resources: requests: cpu: ${var.webhook_resources.requests.cpu} memory: ${var.webhook_resources.requests.memory} limits: cpu: ${var.webhook_resources.limits.cpu} memory: ${var.webhook_resources.limits.memory} certController: resources: requests: cpu: ${var.certcontroller_resources.requests.cpu} memory: ${var.certcontroller_resources.requests.memory} limits: cpu: ${var.certcontroller_resources.limits.cpu} memory: ${var.certcontroller_resources.limits.memory} EOF ] depends_on = [kubernetes_namespace.eso_ns] provider = helm } |
/infra-code/terraform_modules/aws_eks_external_secret/variable.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
variable "namespace" { description = "namespace for external-secret" type = string default = "external-secret" } variable "chart_version" { description = "helm chart version for external-secret" type = string } variable "node_selector" { type = any default = [ { "kubernetes.io/os" = "linux" } ] } variable "tolerations" { type = any default = [ { key = "CriticalAddonsOnly" operator = "Exists" effect = "NoSchedule" } ] } variable "controller_resources" { type = object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) }) default = { requests = { cpu = "100m" memory = "150Mi" } limits = { cpu = "200m" memory = "150Mi" } } } variable "webhook_resources" { type = object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) }) default = { requests = { cpu = "100m" memory = "150Mi" } limits = { cpu = "200m" memory = "150Mi" } } } variable "certcontroller_resources" { type = object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) }) default = { requests = { cpu = "100m" memory = "150Mi" } limits = { cpu = "200m" memory = "150Mi" } } } |
вызываю тут:
/infra-code/projects/swt/aws-ohio/eks-infra-app.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
module "external_secret" { source = "../../../terraform_modules/aws_eks_external_secret" chart_version = "0.19.2" namespace = "external-secret" tolerations = [ { key = "CriticalAddonsOnly" operator = "Exists" effect = "NoSchedule" } ] node_selector = { "kubernetes.io/os" = "linux" } } |
ставим
terraform apply --target module.external_secret