Home

Awesome

terraform-kubernetes-addons

semantic-release terraform-kubernetes-addons

Main components

NameDescriptionGenericAWSScalewayGCPAzure
admiraltyA system of Kubernetes controllers that intelligently schedules workloads across clusters:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
aws-ebs-csi-driverEnable new feature and the use of gp3 volumesN/A:heavy_check_mark:N/AN/AN/A
aws-efs-csi-driverEnable EFS SupportN/A:heavy_check_mark:N/AN/AN/A
aws-for-fluent-bitCloudwatch logging with fluent bit instead of fluentdN/A:heavy_check_mark:N/AN/AN/A
aws-load-balancer-controllerUse AWS ALB/NLB for ingress and servicesN/A:heavy_check_mark:N/AN/AN/A
aws-node-termination-handlerManage spot instance lifecyleN/A:heavy_check_mark:N/AN/AN/A
aws-calicoUse calico for network policyN/A:heavy_check_mark:N/AN/AN/A
secrets-store-csi-driver-provider-awsAWS Secret Store and Parameter store driver for secret store CSI driver:heavy_check_mark:N/AN/AN/AN/A
cert-managerautomatically generate TLS certificates, supports ACME v2:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:N/A
cluster-autoscalerscale worker nodes based on workloadN/A:heavy_check_mark:IncludedIncludedIncluded
cni-metrics-helperProvides cloudwatch metrics for VPC CNI pluginsN/A:heavy_check_mark:N/AN/AN/A
external-dnssync ingress and service records in route53:x::heavy_check_mark::heavy_check_mark::heavy_check_mark::x:
flux2Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
ingress-nginxprocesses Ingress object and acts as a HTTP/HTTPS proxy (compatible with cert-manager):heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::x:
k8gbA cloud native Kubernetes Global Balancer:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
karmaAn alertmanager dashboard:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
kedaKubernetes Event-driven Autoscaling:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
kongAPI Gateway ingress controller:heavy_check_mark::heavy_check_mark::heavy_check_mark::x::x:
kube-prometheus-stackMonitoring / Alerting / Dashboards:heavy_check_mark::heavy_check_mark::heavy_check_mark::x::x:
loki-stackGrafana Loki logging stack:heavy_check_mark::heavy_check_mark::construction::x::x:
promtailShip log to loki from other cluster (eg. mTLS):construction::heavy_check_mark::construction::x::x:
prometheus-adapterPrometheus metrics for use with the autoscaling/v2 Horizontal Pod Autoscaler in Kubernetes 1.6+:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
prometheus-cloudwatch-exporterAn exporter for Amazon CloudWatch, for Prometheus.:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
prometheus-blackbox-exporterThe blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP.:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
rabbitmq-cluster-operatorThe RabbitMQ Cluster Operator automates provisioning, management of RabbitMQ clusters.:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
metrics-serverenable metrics API and horizontal pod scaling (HPA):heavy_check_mark::heavy_check_mark:IncludedIncludedIncluded
node-problem-detectorForwards node problems to Kubernetes events:heavy_check_mark::heavy_check_mark:IncludedIncludedIncluded
secrets-store-csi-driverSecrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
sealed-secretsTechnology agnostic, store secrets on git:heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark::heavy_check_mark:
thanosOpen source, highly available Prometheus setup with long term storage capabilities:x::heavy_check_mark::construction::x::x:
thanos-memcachedOpen source, highly available Prometheus setup with long term storage capabilities:x::heavy_check_mark::construction::x::x:
thanos-storegatewayAdditional storegateway to query multiple object stores:x::heavy_check_mark::construction::x::x:
thanos-tls-querierThanos TLS querier for cross cluster collection:x::heavy_check_mark::construction::x::x:

Submodules

Submodules are used for specific cloud provider configuration such as IAM role for AWS. For a Kubernetes vanilla cluster, generic addons should be used.

Any contribution supporting a new cloud provider is welcomed.

Doc generation

Code formatting and documentation for variables and outputs is generated using pre-commit-terraform hooks which uses terraform-docs.

Follow these instructions to install pre-commit locally.

And install terraform-docs with go get github.com/segmentio/terraform-docs or brew install terraform-docs.

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

<!-- BEGIN_TF_DOCS -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.3.2
<a name="requirement_flux"></a> flux~> 1.0
<a name="requirement_github"></a> github~> 6.0
<a name="requirement_helm"></a> helm~> 2.0
<a name="requirement_http"></a> http>= 3
<a name="requirement_kubectl"></a> kubectl~> 2.0
<a name="requirement_kubernetes"></a> kubernetes~> 2.0, != 2.12
<a name="requirement_tls"></a> tls~> 4.0

Providers

NameVersion
<a name="provider_flux"></a> flux~> 1.0
<a name="provider_github"></a> github~> 6.0
<a name="provider_helm"></a> helm~> 2.0
<a name="provider_http"></a> http>= 3
<a name="provider_kubectl"></a> kubectl~> 2.0
<a name="provider_kubernetes"></a> kubernetes~> 2.0, != 2.12
<a name="provider_random"></a> randomn/a
<a name="provider_time"></a> timen/a
<a name="provider_tls"></a> tls~> 4.0

Modules

No modules.

Resources

NameType
flux_bootstrap_git.fluxresource
github_branch_default.mainresource
github_repository.mainresource
github_repository_deploy_key.mainresource
helm_release.admiraltyresource
helm_release.cert-managerresource
helm_release.cert-manager-csi-driverresource
helm_release.ingress-nginxresource
helm_release.k8gbresource
helm_release.karmaresource
helm_release.kedaresource
helm_release.kongresource
helm_release.kube-prometheus-stackresource
helm_release.linkerd-control-planeresource
helm_release.linkerd-crdsresource
helm_release.linkerd-vizresource
helm_release.linkerd2-cniresource
helm_release.loki-stackresource
helm_release.metrics-serverresource
helm_release.node-problem-detectorresource
helm_release.prometheus-adapterresource
helm_release.prometheus-blackbox-exporterresource
helm_release.promtailresource
helm_release.reloaderresource
helm_release.sealed-secretsresource
helm_release.secrets-store-csi-driverresource
helm_release.tigera-operatorresource
helm_release.traefikresource
helm_release.victoria-metrics-k8s-stackresource
kubectl_manifest.calico_crdsresource
kubectl_manifest.cert-manager_cluster_issuersresource
kubectl_manifest.csi-external-snapshotterresource
kubectl_manifest.kong_crdsresource
kubectl_manifest.linkerdresource
kubectl_manifest.linkerd-vizresource
kubectl_manifest.prometheus-operator_crdsresource
kubectl_manifest.tigera-operator_crdsresource
kubernetes_config_map.loki-stack_grafana_dsresource
kubernetes_namespace.admiraltyresource
kubernetes_namespace.cert-managerresource
kubernetes_namespace.flux2resource
kubernetes_namespace.ingress-nginxresource
kubernetes_namespace.k8gbresource
kubernetes_namespace.karmaresource
kubernetes_namespace.kedaresource
kubernetes_namespace.kongresource
kubernetes_namespace.kube-prometheus-stackresource
kubernetes_namespace.linkerdresource
kubernetes_namespace.linkerd-vizresource
kubernetes_namespace.linkerd2-cniresource
kubernetes_namespace.loki-stackresource
kubernetes_namespace.metrics-serverresource
kubernetes_namespace.node-problem-detectorresource
kubernetes_namespace.prometheus-adapterresource
kubernetes_namespace.prometheus-blackbox-exporterresource
kubernetes_namespace.promtailresource
kubernetes_namespace.reloaderresource
kubernetes_namespace.sealed-secretsresource
kubernetes_namespace.secrets-store-csi-driverresource
kubernetes_namespace.tigera-operatorresource
kubernetes_namespace.traefikresource
kubernetes_namespace.victoria-metrics-k8s-stackresource
kubernetes_network_policy.admiralty_allow_namespaceresource
kubernetes_network_policy.admiralty_default_denyresource
kubernetes_network_policy.cert-manager_allow_control_planeresource
kubernetes_network_policy.cert-manager_allow_monitoringresource
kubernetes_network_policy.cert-manager_allow_namespaceresource
kubernetes_network_policy.cert-manager_default_denyresource
kubernetes_network_policy.flux2_allow_monitoringresource
kubernetes_network_policy.flux2_allow_namespaceresource
kubernetes_network_policy.ingress-nginx_allow_control_planeresource
kubernetes_network_policy.ingress-nginx_allow_ingressresource
kubernetes_network_policy.ingress-nginx_allow_linkerd_vizresource
kubernetes_network_policy.ingress-nginx_allow_monitoringresource
kubernetes_network_policy.ingress-nginx_allow_namespaceresource
kubernetes_network_policy.ingress-nginx_default_denyresource
kubernetes_network_policy.k8gb_allow_namespaceresource
kubernetes_network_policy.k8gb_default_denyresource
kubernetes_network_policy.karma_allow_ingressresource
kubernetes_network_policy.karma_allow_namespaceresource
kubernetes_network_policy.karma_default_denyresource
kubernetes_network_policy.keda_allow_namespaceresource
kubernetes_network_policy.keda_default_denyresource
kubernetes_network_policy.kong_allow_ingressresource
kubernetes_network_policy.kong_allow_monitoringresource
kubernetes_network_policy.kong_allow_namespaceresource
kubernetes_network_policy.kong_default_denyresource
kubernetes_network_policy.kube-prometheus-stack_allow_control_planeresource
kubernetes_network_policy.kube-prometheus-stack_allow_ingressresource
kubernetes_network_policy.kube-prometheus-stack_allow_namespaceresource
kubernetes_network_policy.kube-prometheus-stack_default_denyresource
kubernetes_network_policy.linkerd-viz_allow_control_planeresource
kubernetes_network_policy.linkerd-viz_allow_monitoringresource
kubernetes_network_policy.linkerd-viz_allow_namespaceresource
kubernetes_network_policy.linkerd-viz_default_denyresource
kubernetes_network_policy.linkerd2-cni_allow_namespaceresource
kubernetes_network_policy.linkerd2-cni_default_denyresource
kubernetes_network_policy.loki-stack_allow_ingressresource
kubernetes_network_policy.loki-stack_allow_namespaceresource
kubernetes_network_policy.loki-stack_default_denyresource
kubernetes_network_policy.metrics-server_allow_control_planeresource
kubernetes_network_policy.metrics-server_allow_namespaceresource
kubernetes_network_policy.metrics-server_default_denyresource
kubernetes_network_policy.npd_allow_namespaceresource
kubernetes_network_policy.npd_default_denyresource
kubernetes_network_policy.prometheus-adapter_allow_namespaceresource
kubernetes_network_policy.prometheus-adapter_default_denyresource
kubernetes_network_policy.prometheus-blackbox-exporter_allow_namespaceresource
kubernetes_network_policy.prometheus-blackbox-exporter_default_denyresource
kubernetes_network_policy.promtail_allow_ingressresource
kubernetes_network_policy.promtail_allow_namespaceresource
kubernetes_network_policy.promtail_default_denyresource
kubernetes_network_policy.reloader_allow_namespaceresource
kubernetes_network_policy.reloader_default_denyresource
kubernetes_network_policy.sealed-secrets_allow_namespaceresource
kubernetes_network_policy.sealed-secrets_default_denyresource
kubernetes_network_policy.secrets-store-csi-driver_allow_namespaceresource
kubernetes_network_policy.secrets-store-csi-driver_default_denyresource
kubernetes_network_policy.tigera-operator_allow_namespaceresource
kubernetes_network_policy.tigera-operator_default_denyresource
kubernetes_network_policy.traefik_allow_ingressresource
kubernetes_network_policy.traefik_allow_monitoringresource
kubernetes_network_policy.traefik_allow_namespaceresource
kubernetes_network_policy.traefik_default_denyresource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_planeresource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingressresource
kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespaceresource
kubernetes_network_policy.victoria-metrics-k8s-stack_default_denyresource
kubernetes_priority_class.kubernetes_addonsresource
kubernetes_priority_class.kubernetes_addons_dsresource
kubernetes_secret.linkerd_trust_anchorresource
kubernetes_secret.loki-stack-caresource
kubernetes_secret.promtail-tlsresource
kubernetes_secret.webhook_issuer_tlsresource
random_string.grafana_passwordresource
time_sleep.cert-manager_sleepresource
tls_cert_request.promtail-csrresource
tls_locally_signed_cert.promtail-certresource
tls_private_key.identityresource
tls_private_key.linkerd_trust_anchorresource
tls_private_key.loki-stack-ca-keyresource
tls_private_key.promtail-keyresource
tls_private_key.webhook_issuer_tlsresource
tls_self_signed_cert.linkerd_trust_anchorresource
tls_self_signed_cert.loki-stack-ca-certresource
tls_self_signed_cert.webhook_issuer_tlsresource
github_repository.maindata source
http_http.calico_crdsdata source
http_http.csi-external-snapshotterdata source
http_http.kong_crdsdata source
http_http.prometheus-operator_crdsdata source
http_http.prometheus-operator_versiondata source
http_http.tigera-operator_crdsdata source
kubectl_file_documents.calico_crdsdata source
kubectl_file_documents.csi-external-snapshotterdata source
kubectl_file_documents.kong_crdsdata source
kubectl_file_documents.tigera-operator_crdsdata source
kubectl_path_documents.cert-manager_cluster_issuersdata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_admiralty"></a> admiraltyCustomize admiralty chart, see admiralty.tf for supported valuesany{}no
<a name="input_cert-manager"></a> cert-managerCustomize cert-manager chart, see cert-manager.tf for supported valuesany{}no
<a name="input_cert-manager-csi-driver"></a> cert-manager-csi-driverCustomize cert-manager-csi-driver chart, see cert-manager.tf for supported valuesany{}no
<a name="input_cluster-autoscaler"></a> cluster-autoscalerCustomize cluster-autoscaler chart, see cluster-autoscaler.tf for supported valuesany{}no
<a name="input_cluster-name"></a> cluster-nameName of the Kubernetes clusterstring"sample-cluster"no
<a name="input_csi-external-snapshotter"></a> csi-external-snapshotterCustomize csi-external-snapshotter, see csi-external-snapshotter.tf for supported valuesany{}no
<a name="input_external-dns"></a> external-dnsMap of map for external-dns configuration: see external_dns.tf for supported valuesany{}no
<a name="input_flux2"></a> flux2Customize Flux chart, see flux2.tf for supported valuesany{}no
<a name="input_helm_defaults"></a> helm_defaultsCustomize default Helm behaviorany{}no
<a name="input_ingress-nginx"></a> ingress-nginxCustomize ingress-nginx chart, see nginx-ingress.tf for supported valuesany{}no
<a name="input_ip-masq-agent"></a> ip-masq-agentConfigure ip masq agent chart, see ip-masq-agent.tf for supported values. This addon works only on GCP.any{}no
<a name="input_k8gb"></a> k8gbCustomize k8gb chart, see k8gb.tf for supported valuesany{}no
<a name="input_karma"></a> karmaCustomize karma chart, see karma.tf for supported valuesany{}no
<a name="input_keda"></a> kedaCustomize keda chart, see keda.tf for supported valuesany{}no
<a name="input_kong"></a> kongCustomize kong-ingress chart, see kong.tf for supported valuesany{}no
<a name="input_kube-prometheus-stack"></a> kube-prometheus-stackCustomize kube-prometheus-stack chart, see kube-prometheus-stack.tf for supported valuesany{}no
<a name="input_labels_prefix"></a> labels_prefixCustom label prefix used for network policy namespace matchingstring"particule.io"no
<a name="input_linkerd"></a> linkerdCustomize linkerd chart, see linkerd.tf for supported valuesany{}no
<a name="input_linkerd-viz"></a> linkerd-vizCustomize linkerd-viz chart, see linkerd-viz.tf for supported valuesany{}no
<a name="input_linkerd2"></a> linkerd2Customize linkerd2 chart, see linkerd2.tf for supported valuesany{}no
<a name="input_linkerd2-cni"></a> linkerd2-cniCustomize linkerd2-cni chart, see linkerd2-cni.tf for supported valuesany{}no
<a name="input_loki-stack"></a> loki-stackCustomize loki-stack chart, see loki-stack.tf for supported valuesany{}no
<a name="input_metrics-server"></a> metrics-serverCustomize metrics-server chart, see metrics_server.tf for supported valuesany{}no
<a name="input_npd"></a> npdCustomize node-problem-detector chart, see npd.tf for supported valuesany{}no
<a name="input_priority-class"></a> priority-classCustomize a priority class for addonsany{}no
<a name="input_priority-class-ds"></a> priority-class-dsCustomize a priority class for addons daemonsetsany{}no
<a name="input_prometheus-adapter"></a> prometheus-adapterCustomize prometheus-adapter chart, see prometheus-adapter.tf for supported valuesany{}no
<a name="input_prometheus-blackbox-exporter"></a> prometheus-blackbox-exporterCustomize prometheus-blackbox-exporter chart, see prometheus-blackbox-exporter.tf for supported valuesany{}no
<a name="input_promtail"></a> promtailCustomize promtail chart, see loki-stack.tf for supported valuesany{}no
<a name="input_reloader"></a> reloaderCustomize reloader chart, see reloader.tf for supported valuesany{}no
<a name="input_sealed-secrets"></a> sealed-secretsCustomize sealed-secrets chart, see sealed-secrets.tf for supported valuesany{}no
<a name="input_secrets-store-csi-driver"></a> secrets-store-csi-driverCustomize secrets-store-csi-driver chart, see secrets-store-csi-driver.tf for supported valuesany{}no
<a name="input_thanos"></a> thanosCustomize thanos chart, see thanos.tf for supported valuesany{}no
<a name="input_thanos-memcached"></a> thanos-memcachedCustomize thanos chart, see thanos.tf for supported valuesany{}no
<a name="input_thanos-receive"></a> thanos-receiveCustomize thanos chart, see thanos-receive.tf for supported valuesany{}no
<a name="input_thanos-storegateway"></a> thanos-storegatewayCustomize thanos chart, see thanos.tf for supported valuesany{}no
<a name="input_thanos-tls-querier"></a> thanos-tls-querierCustomize thanos chart, see thanos.tf for supported valuesany{}no
<a name="input_tigera-operator"></a> tigera-operatorCustomize tigera-operator chart, see tigera-operator.tf for supported valuesany{}no
<a name="input_traefik"></a> traefikCustomize traefik chart, see traefik.tf for supported valuesany{}no
<a name="input_velero"></a> veleroCustomize velero chart, see velero.tf for supported valuesany{}no
<a name="input_victoria-metrics-k8s-stack"></a> victoria-metrics-k8s-stackCustomize Victoria Metrics chart, see victoria-metrics-k8s-stack.tf for supported valuesany{}no

Outputs

NameDescription
<a name="output_grafana_password"></a> grafana_passwordn/a
<a name="output_loki-stack-ca"></a> loki-stack-can/a
<a name="output_promtail-cert"></a> promtail-certn/a
<a name="output_promtail-key"></a> promtail-keyn/a
<!-- END_TF_DOCS -->