Skip to content

Latest commit

 

History

History
93 lines (81 loc) · 11.2 KB

README.md

File metadata and controls

93 lines (81 loc) · 11.2 KB

Terraform Modules Template

Requirements

Name Version
terraform >= 1.0
helm >= 2.5

Providers

Name Version
helm 2.17.0

Modules

Name Source Version
pod_identity terraform-aws-modules/eks-pod-identity/aws ~> 1.10
secrets_manager_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks ~> 5.52

Resources

Name Type
helm_release.ascp resource
helm_release.release resource

Inputs

Name Description Type Default Required
affinity Affinity for Secrets Store CSI Driver pods. Prevents the CSI driver from being scheduled on virtual-kubelet nodes by default map(any) 
{
  "nodeAffinity": {
    "requiredDuringSchedulingIgnoredDuringExecution": {
      "nodeSelectorTerms": [
        {
          "matchExpressions": [
            {
              "key": "type",
              "operator": "NotIn",
              "values": [
                "virtual-kubelet"
              ]
            }
          ]
        }
      ]
    }
  }
}
 no
ascp_chart_name Name of ASCP chart string "secrets-store-csi-driver-provider-aws" no
ascp_chart_namespace Namespace to install the ASCP chart into string "secrets-store-csi-system" no
ascp_chart_repository Helm repository for the ASCP chart string "https://aws.github.io/secrets-store-csi-driver-provider-aws" no
ascp_chart_timeout Timeout to wait for the ASCP chart to be deployed. number 300 no
ascp_chart_version Version of ASCP chart to install. Set to empty to install the latest version string "0.3.11" no
ascp_image_repository Image repository of the ASCP string "public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws" no
ascp_image_tag Image tag of the ASCP string "1.0.r2-80-g8244505-2025.02.10.18.44" no
ascp_node_selector Node selector for ASCP pods map(any) {} no
ascp_pod_annotations Annotations for ASCP pods map(any) {} no
ascp_pod_labels Labels for ASCP pods map(any) {} no
ascp_priority_class_name Priority class name for ASCP pods string "system-node-critical" no
ascp_release_name ASCP helm release name string "csi-secrets-store-provider-aws" no
ascp_resources ASCP container rsources map(any) 
{
  "limits": {
    "cpu": "50m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "50m",
    "memory": "100Mi"
  }
}
 no
ascp_tolerations Tolerations for ASCP pods list(map(string)) [] no
chart_name Helm chart name to provision string "secrets-store-csi-driver" no
chart_namespace Namespace to install the chart into string "secrets-store-csi-system" no
chart_repository Helm repository for the chart string "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" no
chart_timeout Timeout to wait for the Chart to be deployed. number 300 no
chart_version Version of Chart to install. Set to empty to install the latest version string "1.4.8" no
cluster_name Name of Kubernetes Cluster string n/a yes
create_namespace Create the namespace if it does not exist bool true no
enableSecretRotation Enable rotation for secrets bool false no
external_secrets_create_permission Determines whether External Secrets has permission to create/delete secrets bool false no
external_secrets_kms_key_arns List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets list(string) [] no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no
iam_role_name Name of IAM role for controller string "" no
iam_role_type IAM Roles for Service Accounts irsa or pod_identity string "pod_identity" no
image_repository Image repository for the Driver string "registry.k8s.io/csi-secrets-store/driver" no
image_repository_crds Image repository for the CRDs string "registry.k8s.io/csi-secrets-store/driver-crds" no
image_repository_liveness Image repository for the Liveness Probe string "registry.k8s.io/sig-storage/livenessprobe" no
image_repository_registrar Image repository for the Registrar string "registry.k8s.io/sig-storage/csi-node-driver-registrar" no
image_tag Image tag for the Driver and CRDs string "v1.4.8" no
image_tag_liveness Image tag fo the LivenessProbe string "v2.13.1" no
image_tag_registrar Image tag string "v2.11.1" no
max_history Max History for Helm number 20 no
namespace Kubernetes namespace, where the service account want to create string "default" no
node_selector Node selector for Secrets Store CSI Driver pods map(any) {} no
oidc_provider_arn OIDC Provider ARN for IRSA string n/a yes
pod_annotations Annotations for Secrets Store CSI Driver pods map(any) {} no
pod_labels Labels for Secrets Store CSI Driver pods map(any) {} no
release_name Helm release name string "secrets-store-csi-driver" no
resources_driver Driver Resources map(any) 
{
  "limits": {
    "cpu": "200m",
    "memory": "200Mi"
  },
  "requests": {
    "cpu": "50m",
    "memory": "200Mi"
  }
}
 no
resources_liveness Liveness Probe Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "10m",
    "memory": "100Mi"
  }
}
 no
resources_registrar Registrar Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "10m",
    "memory": "100Mi"
  }
}
 no
service_account_name Name of service account to create. Not generated string "csi-secrets-store-provider-aws" no
syncSecretEnabled Sync with kubernetes secrets bool false no
tolerations Tolerations for Secrets Store CSI Driver pods list(map(string)) [] no

Outputs

Name Description
iam_role_arn ARN of IAM role
iam_role_name Name of IAM role
iam_role_path Path of IAM role
iam_role_unique_id Unique ID of IAM role