Skip to content

SPHTech-Platform/terraform-aws-secrets-store-csi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

119c1e3 · Feb 21, 2025

History

44 Commits
Jul 4, 2023
Jun 9, 2022
Jun 9, 2022
Nov 11, 2024
Jun 9, 2022
Feb 21, 2025
Feb 21, 2025
Jun 13, 2022
Feb 21, 2025
Feb 21, 2025
Nov 11, 2024
Jun 16, 2022
Feb 21, 2025
Aug 2, 2022

Repository files navigation

Terraform Modules Template

Requirements

Name Version
terraform >= 1.0
helm >= 2.5

Providers

Name Version
helm 2.17.0

Modules

Name Source Version
pod_identity terraform-aws-modules/eks-pod-identity/aws ~> 1.10
secrets_manager_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks ~> 5.52

Resources

Name Type
helm_release.ascp resource
helm_release.release resource

Inputs

Name Description Type Default Required
affinity Affinity for Secrets Store CSI Driver pods. Prevents the CSI driver from being scheduled on virtual-kubelet nodes by default map(any)
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "type",
"operator": "NotIn",
"values": [
"virtual-kubelet"
]
}
]
}
]
}
}
}
no
ascp_chart_name Name of ASCP chart string "secrets-store-csi-driver-provider-aws" no
ascp_chart_namespace Namespace to install the ASCP chart into string "secrets-store-csi-system" no
ascp_chart_repository Helm repository for the ASCP chart string "https://aws.github.io/secrets-store-csi-driver-provider-aws" no
ascp_chart_timeout Timeout to wait for the ASCP chart to be deployed. number 300 no
ascp_chart_version Version of ASCP chart to install. Set to empty to install the latest version string "0.3.11" no
ascp_image_repository Image repository of the ASCP string "public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws" no
ascp_image_tag Image tag of the ASCP string "1.0.r2-80-g8244505-2025.02.10.18.44" no
ascp_node_selector Node selector for ASCP pods map(any) {} no
ascp_pod_annotations Annotations for ASCP pods map(any) {} no
ascp_pod_labels Labels for ASCP pods map(any) {} no
ascp_priority_class_name Priority class name for ASCP pods string "system-node-critical" no
ascp_release_name ASCP helm release name string "csi-secrets-store-provider-aws" no
ascp_resources ASCP container rsources map(any)
{
"limits": {
"cpu": "50m",
"memory": "100Mi"
},
"requests": {
"cpu": "50m",
"memory": "100Mi"
}
}
no
ascp_tolerations Tolerations for ASCP pods list(map(string)) [] no
chart_name Helm chart name to provision string "secrets-store-csi-driver" no
chart_namespace Namespace to install the chart into string "secrets-store-csi-system" no
chart_repository Helm repository for the chart string "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" no
chart_timeout Timeout to wait for the Chart to be deployed. number 300 no
chart_version Version of Chart to install. Set to empty to install the latest version string "1.4.8" no
cluster_name Name of Kubernetes Cluster string n/a yes
create_namespace Create the namespace if it does not exist bool true no
enableSecretRotation Enable rotation for secrets bool false no
external_secrets_create_permission Determines whether External Secrets has permission to create/delete secrets bool false no
external_secrets_kms_key_arns List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets list(string) [] no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string)
[
"arn:aws:secretsmanager:::secret:*"
]
no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string)
[
"arn:aws:ssm:::parameter/*"
]
no
iam_role_name Name of IAM role for controller string "" no
iam_role_type IAM Roles for Service Accounts irsa or pod_identity string "pod_identity" no
image_repository Image repository for the Driver string "registry.k8s.io/csi-secrets-store/driver" no
image_repository_crds Image repository for the CRDs string "registry.k8s.io/csi-secrets-store/driver-crds" no
image_repository_liveness Image repository for the Liveness Probe string "registry.k8s.io/sig-storage/livenessprobe" no
image_repository_registrar Image repository for the Registrar string "registry.k8s.io/sig-storage/csi-node-driver-registrar" no
image_tag Image tag for the Driver and CRDs string "v1.4.8" no
image_tag_liveness Image tag fo the LivenessProbe string "v2.13.1" no
image_tag_registrar Image tag string "v2.11.1" no
max_history Max History for Helm number 20 no
namespace Kubernetes namespace, where the service account want to create string "default" no
node_selector Node selector for Secrets Store CSI Driver pods map(any) {} no
oidc_provider_arn OIDC Provider ARN for IRSA string n/a yes
pod_annotations Annotations for Secrets Store CSI Driver pods map(any) {} no
pod_labels Labels for Secrets Store CSI Driver pods map(any) {} no
release_name Helm release name string "secrets-store-csi-driver" no
resources_driver Driver Resources map(any)
{
"limits": {
"cpu": "200m",
"memory": "200Mi"
},
"requests": {
"cpu": "50m",
"memory": "200Mi"
}
}
no
resources_liveness Liveness Probe Resources map(any)
{
"limits": {
"cpu": "100m",
"memory": "100Mi"
},
"requests": {
"cpu": "10m",
"memory": "100Mi"
}
}
no
resources_registrar Registrar Resources map(any)
{
"limits": {
"cpu": "100m",
"memory": "100Mi"
},
"requests": {
"cpu": "10m",
"memory": "100Mi"
}
}
no
service_account_name Name of service account to create. Not generated string "csi-secrets-store-provider-aws" no
syncSecretEnabled Sync with kubernetes secrets bool false no
tolerations Tolerations for Secrets Store CSI Driver pods list(map(string)) [] no

Outputs

Name Description
iam_role_arn ARN of IAM role
iam_role_name Name of IAM role
iam_role_path Path of IAM role
iam_role_unique_id Unique ID of IAM role