A Terraform module to deploy the Traefik Ingress controller on Amazon EKS cluster.
Check out other Terraform Kubernetes addons.
We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/.
Deploy Helm chart via Helm resource (default method, set enabled = true)
Deploy Helm chart as ArgoCD Application via Kubernetes manifest resource (set enabled = true and argo_enabled = true)
Warning
When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.
To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the
argo_helm_enabledvariable totrue.
Deploy Helm chart as ArgoCD Application via Helm resource (set enabled = true, argo_enabled = true and argo_helm_enabled = true)
See basic example for further information.
| Name | Version |
|---|---|
| terraform | >= 1.5.0 |
| aws | ~> 5 |
| helm | >= 2.6.0 |
| kubernetes | >= 2.20.0 |
| utils | >= 0.17.0 |
| Name | Source | Version |
|---|---|---|
| addon | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.14 |
| crds | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.14 |
| Name | Type |
|---|---|
| utils_deep_merge_yaml.crds_values | data source |
| utils_deep_merge_yaml.values | data source |
Important
Variables defined in variables-addon[-irsa|oidc].tf defaults to null to have them overridable by the addon configuration defined though the local.addon[_irsa|oidc].* local variable with the default values defined in addon[-irsa|oidc].tf.
| Name | Description | Type |
|---|---|---|
| argo_apiversion | ArgoCD Application apiVersion. Defaults to argoproj.io/v1alpha1. |
string |
| argo_destination_server | Destination server for ArgoCD Application. Defaults to https://kubernetes.default.svc. |
string |
| argo_enabled | If set to true, the module will be deployed as ArgoCD Application, otherwise it will be deployed as a Helm release. Defaults to false. |
bool |
| argo_helm_enabled | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to false. |
bool |
| argo_helm_values | Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to "". |
string |
| argo_helm_wait_backoff_limit | Backoff limit for ArgoCD Application Helm release wait job. Defaults to 6. |
number |
| argo_helm_wait_kubectl_version | Version of kubectl to use for ArgoCD Application wait job. Defaults to 1.32.3. |
string |
| argo_helm_wait_node_selector | Node selector for ArgoCD Application Helm release wait job. Defaults to {}. |
map(string) |
| argo_helm_wait_timeout | Timeout for ArgoCD Application Helm release wait job. Defaults to 10m. |
string |
| argo_helm_wait_tolerations | Tolerations for ArgoCD Application Helm release wait job. Defaults to []. |
list(any) |
| argo_info | ArgoCD Application manifest info parameter. Defaults to [{"name": "terraform", "value": "true"}]. |
list(any) |
| argo_kubernetes_manifest_computed_fields | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to ["metadata.labels", "metadata.annotations", "metadata.finalizers"]. |
list(string) |
| argo_kubernetes_manifest_field_manager_force_conflicts | Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to false. |
bool |
| argo_kubernetes_manifest_field_manager_name | The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to Terraform. |
string |
| argo_kubernetes_manifest_wait_fields | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to {}. |
map(string) |
| argo_metadata | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to {"finalizers": ["resources-finalizer.argocd.argoproj.io"]}. |
any |
| argo_name | Name of the ArgoCD Application. Required if argo_source_type is set to kustomize or directory. If argo_source_type is set to helm, ArgoCD Application name will equal helm_release_name. Defaults to null. |
string |
| argo_namespace | Namespace to deploy ArgoCD Application to. Defaults to argo. |
string |
| argo_operation | ArgoCD Application manifest operation parameter. Defaults to {}. |
any |
| argo_project | ArgoCD Application project. Defaults to default. |
string |
| argo_source_path | ArgoCD Application source path. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| argo_source_repo_url | ArgoCD Application source repo URL. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| argo_source_target_revision | ArgoCD Application source target revision. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| argo_source_type | Source type for ArgoCD Application. Can be either helm, kustomize, or directory. Defaults to helm. |
string |
| argo_spec | ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to {}. |
any |
| argo_sync_policy | ArgoCD Application manifest syncPolicy parameter. Defaults to {}. |
any |
| crds_argo_apiversion | ArgoCD Application apiVersion. Defaults to argoproj.io/v1alpha1. |
string |
| crds_argo_destination_server | Destination server for ArgoCD Application. Defaults to https://kubernetes.default.svc. |
string |
| crds_argo_enabled | If set to true, the module will be deployed as ArgoCD Application, otherwise it will be deployed as a Helm release. Defaults to false. |
bool |
| crds_argo_helm_enabled | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to false. |
bool |
| crds_argo_helm_values | Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to "". |
string |
| crds_argo_helm_wait_backoff_limit | Backoff limit for ArgoCD Application Helm release wait job. Defaults to 6. |
number |
| crds_argo_helm_wait_kubectl_version | Version of kubectl to use for ArgoCD Application wait job. Defaults to 1.32.3. |
string |
| crds_argo_helm_wait_node_selector | Node selector for ArgoCD Application Helm release wait job. Defaults to {}. |
map(string) |
| crds_argo_helm_wait_timeout | Timeout for ArgoCD Application Helm release wait job. Defaults to 10m. |
string |
| crds_argo_helm_wait_tolerations | Tolerations for ArgoCD Application Helm release wait job. Defaults to []. |
list(any) |
| crds_argo_info | ArgoCD Application manifest info parameter. Defaults to [{"name": "terraform", "value": "true"}]. |
list(any) |
| crds_argo_kubernetes_manifest_computed_fields | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to ["metadata.labels", "metadata.annotations", "metadata.finalizers"]. |
list(string) |
| crds_argo_kubernetes_manifest_field_manager_force_conflicts | Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to false. |
bool |
| crds_argo_kubernetes_manifest_field_manager_name | The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to Terraform. |
string |
| crds_argo_kubernetes_manifest_wait_fields | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to {}. |
map(string) |
| crds_argo_metadata | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to {"finalizers": ["resources-finalizer.argocd.argoproj.io"]}. |
any |
| crds_argo_name | Name of the ArgoCD Application. Required if argo_source_type is set to kustomize or directory. If argo_source_type is set to helm, ArgoCD Application name will equal helm_release_name. Defaults to null. |
string |
| crds_argo_namespace | Namespace to deploy ArgoCD Application to. Defaults to argo. |
string |
| crds_argo_operation | ArgoCD Application manifest operation parameter. Defaults to {}. |
any |
| crds_argo_project | ArgoCD Application project. Defaults to default. |
string |
| crds_argo_source_path | ArgoCD Application source path. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| crds_argo_source_repo_url | ArgoCD Application source repo URL. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| crds_argo_source_target_revision | ArgoCD Application source target revision. Required if argo_source_type is set to kustomize or directory. Defaults to null. |
string |
| crds_argo_source_type | Source type for ArgoCD Application. Can be either helm, kustomize, or directory. Defaults to helm. |
string |
| crds_argo_spec | ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to {}. |
any |
| crds_argo_sync_policy | ArgoCD Application manifest syncPolicy parameter. Defaults to {}. |
any |
| crds_enabled | Set to false to prevent the module from creating CRD resources. | bool |
| crds_helm_atomic | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to false. |
bool |
| crds_helm_chart_name | Helm chart name to be installed. Required if argo_source_type is set to helm. Defaults to null. |
string |
| crds_helm_chart_version | Version of the Helm chart. Required if argo_source_type is set to helm. Defaults to null. |
string |
| crds_helm_cleanup_on_fail | Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to false. |
bool |
| crds_helm_create_namespace | Create the Namespace if it does not yet exist. Defaults to true. |
bool |
| crds_helm_dependency_update | Runs Helm dependency update before installing the chart. Defaults to false. |
bool |
| crds_helm_description | Set Helm release description attribute (visible in the history). Defaults to "". |
string |
| crds_helm_devel | Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to false. |
bool |
| crds_helm_disable_openapi_validation | If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to false. |
bool |
| crds_helm_disable_webhooks | Prevent Helm chart hooks from running. Defaults to false. |
bool |
| crds_helm_enabled | Set to false to prevent installation of the module via Helm release. Defaults to true. |
bool |
| crds_helm_force_update | Force Helm resource update through delete/recreate if needed. Defaults to false. |
bool |
| crds_helm_keyring | Location of public keys used for verification. Used only if helm_package_verify is true. Defaults to ~/.gnupg/pubring.gpg. |
string |
| crds_helm_lint | Run the Helm chart linter during the plan. Defaults to false. |
bool |
| crds_helm_package_verify | Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to false. |
bool |
| crds_helm_postrender | Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to {}. |
map(any) |
| crds_helm_recreate_pods | Perform pods restart during Helm upgrade/rollback. Defaults to false. |
bool |
| crds_helm_release_max_history | Maximum number of release versions stored per release. Defaults to 0. |
number |
| crds_helm_release_name | Helm release name. Required if argo_source_type is set to helm. Defaults to null. |
string |
| crds_helm_render_subchart_notes | If set, render Helm subchart notes along with the parent. Defaults to true. |
bool |
| crds_helm_replace | Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to false. |
bool |
| crds_helm_repo_ca_file | Helm repositories CA cert file. Defaults to "". |
string |
| crds_helm_repo_cert_file | Helm repositories cert file. Defaults to "". |
string |
| crds_helm_repo_key_file | Helm repositories cert key file. Defaults to "". |
string |
| crds_helm_repo_password | Password for HTTP basic authentication against the Helm repository. Defaults to "". |
string |
| crds_helm_repo_url | Helm repository. Required if argo_source_type is set to helm. Defaults to null. |
string |
| crds_helm_repo_username | Username for HTTP basic authentication against the Helm repository. Defaults to "". |
string |
| crds_helm_reset_values | When upgrading, reset the values to the ones built into the Helm chart. Defaults to false. |
bool |
| crds_helm_reuse_values | When upgrading, reuse the last Helm release's values and merge in any overrides. If helm_reset_values is specified, this is ignored. Defaults to false. |
bool |
| crds_helm_set_sensitive | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to {}. |
map(any) |
| crds_helm_skip_crds | If set, no CRDs will be installed before Helm release. Defaults to false. |
bool |
| crds_helm_timeout | Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to 300. |
number |
| crds_helm_wait | Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to false. |
bool |
| crds_helm_wait_for_jobs | If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to false. |
bool |
| crds_settings | Additional Helm sets which will be passed to the Helm chart values or Kustomize or directory configuration which will be passed to ArgoCD Application source. Defaults to {}. |
map(any) |
| crds_values | Additional YAML encoded values which will be passed to the Helm chart. Defaults to "". |
string |
| enabled | Set to false to prevent the module from creating any resources. | bool |
| helm_atomic | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used. Defaults to false. |
bool |
| helm_chart_name | Helm chart name to be installed. Required if argo_source_type is set to helm. Defaults to null. |
string |
| helm_chart_version | Version of the Helm chart. Required if argo_source_type is set to helm. Defaults to null. |
string |
| helm_cleanup_on_fail | Allow deletion of new resources created in this Helm upgrade when upgrade fails. Defaults to false. |
bool |
| helm_create_namespace | Create the Namespace if it does not yet exist. Defaults to true. |
bool |
| helm_dependency_update | Runs Helm dependency update before installing the chart. Defaults to false. |
bool |
| helm_description | Set Helm release description attribute (visible in the history). Defaults to "". |
string |
| helm_devel | Use Helm chart development versions, too. Equivalent to version '>0.0.0-0'. If version is set, this is ignored. Defaults to false. |
bool |
| helm_disable_openapi_validation | If set, the installation process will not validate rendered Helm templates against the Kubernetes OpenAPI Schema. Defaults to false. |
bool |
| helm_disable_webhooks | Prevent Helm chart hooks from running. Defaults to false. |
bool |
| helm_enabled | Set to false to prevent installation of the module via Helm release. Defaults to true. |
bool |
| helm_force_update | Force Helm resource update through delete/recreate if needed. Defaults to false. |
bool |
| helm_keyring | Location of public keys used for verification. Used only if helm_package_verify is true. Defaults to ~/.gnupg/pubring.gpg. |
string |
| helm_lint | Run the Helm chart linter during the plan. Defaults to false. |
bool |
| helm_package_verify | Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart. Defaults to false. |
bool |
| helm_postrender | Value block with a path to a binary file to run after Helm renders the manifest which can alter the manifest contents. Defaults to {}. |
map(any) |
| helm_recreate_pods | Perform pods restart during Helm upgrade/rollback. Defaults to false. |
bool |
| helm_release_max_history | Maximum number of release versions stored per release. Defaults to 0. |
number |
| helm_release_name | Helm release name. Required if argo_source_type is set to helm. Defaults to null. |
string |
| helm_render_subchart_notes | If set, render Helm subchart notes along with the parent. Defaults to true. |
bool |
| helm_replace | Re-use the given name of Helm release, only if that name is a deleted release which remains in the history. This is unsafe in production. Defaults to false. |
bool |
| helm_repo_ca_file | Helm repositories CA cert file. Defaults to "". |
string |
| helm_repo_cert_file | Helm repositories cert file. Defaults to "". |
string |
| helm_repo_key_file | Helm repositories cert key file. Defaults to "". |
string |
| helm_repo_password | Password for HTTP basic authentication against the Helm repository. Defaults to "". |
string |
| helm_repo_url | Helm repository. Required if argo_source_type is set to helm. Defaults to null. |
string |
| helm_repo_username | Username for HTTP basic authentication against the Helm repository. Defaults to "". |
string |
| helm_reset_values | When upgrading, reset the values to the ones built into the Helm chart. Defaults to false. |
bool |
| helm_reuse_values | When upgrading, reuse the last Helm release's values and merge in any overrides. If helm_reset_values is specified, this is ignored. Defaults to false. |
bool |
| helm_set_sensitive | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. Defaults to {}. |
map(any) |
| helm_skip_crds | If set, no CRDs will be installed before Helm release. Defaults to false. |
bool |
| helm_timeout | Time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks). Defaults to 300. |
number |
| helm_wait | Will wait until all Helm release resources are in a ready state before marking the release as successful. It will wait for as long as timeout. Defaults to false. |
bool |
| helm_wait_for_jobs | If wait is enabled, will wait until all Helm Jobs have been completed before marking the release as successful. It will wait for as long as timeout. Defaults to false. |
bool |
| namespace | The Kubernetes Namespace in which the Helm chart will be installed (required). | string |
| settings | Additional Helm sets which will be passed to the Helm chart values or Kustomize or directory configuration which will be passed to ArgoCD Application source. Defaults to {}. |
map(any) |
| values | Additional YAML encoded values which will be passed to the Helm chart. Defaults to "". |
string |
| Name | Description |
|---|---|
| addon | The addon module outputs |
| crds | The CRDs module outputs |
Feel free to create an issue in this repository if you have questions, suggestions or feature requests.
We want to provide high quality code and modules. For this reason we are using several pre-commit hooks and GitHub Actions workflows. A pull-request to the main branch will trigger these validations and lints automatically. Please check your code before you will create pull-requests. See pre-commit documentation and GitHub Actions documentation for further details.
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.