This repository contains Terraform managed Helm charts used by StreamNative Platform, contained within the modules directory. For more information on the Helm provider for Terraform, please refer to the official documentation.
The submodules in this repo can be used in a standalone fashion. However, the root module (contained in the root main.tf
file) composes all of the submodules to be used in concert with eachother, depending on your configuration needs.
Here is a simple example on how to use the root module in this repo for the common StreamNative Platform usecase. It will installs the Vault, Prometheus, Pulsar, and Function Mesh operators:
data "aws_eks_cluster" "cluster" {
name = "my_eks_cluster_id"
}
data "aws_eks_cluster_auth" "cluster" {
name = "my_eks_cluster_id"
}
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
insecure = false
}
provider "helm" {
kubernetes {
config_path = "./my-eks-kube-config"
}
}
module "sn_bootstrap" {
source = "streamnative/charts/helm"
enable_vault_operator = true
enable_function_mesh_operator = true
enable_prometheus_operator = true
enable_pulsar_operator = true
}
To apply the configuration above, simply run:
terraform init && terraform apply
The submodules contained in this repo are typically composed in the root module, and as such many of a submodules variables get duplicated in the root module.
This introduces a problem where we don't want to also duplicate default values in both places, i.e. managing a default value in the root module and in the submodule, as they are difficult to synchronize and have historically drifted away from eachother.
In a perfect world, the approach we would like to take is:
- Have the root module's variables that map to a submodule's variables default to
null
- Have the submodule's variables default to their expected value
However when we do this, the root module overrides the submodule's default value with null
, rather than respect it and treat null
as an omission. This unfortuately is expected behavior in Terraform, where null
is actually a valid value in some module configurations (instead of being "the absence of a value", like we want it to be and also like the Terraform documentation states).
To work around this, we set the default values in both the root module and submodules to null
, then use a locals()
configuration in the submodule to manage the expected default values. To illustrate, here is a simple example:
Submodule: streamnative/terraform-helm-charts/modules/submodule_a/main.tf
variable "input_1" {
default = null
type = string
}
locals (
input_1 = var.input_1 != null ? : var.input_1 : "my_default_value" // This is where we set the default value
)
output "submodule_a" {
value = local.input_1
}
Root module: streamnative/terraform-helm-charts/main.tf
variable "submodule_a_input_1" {
default = null
}
module "submodule_a" {
source = "./modules/submodule_a"
input_1 = var.submodule_a_input_1
}
And in a module composition, we could override the default value:
module "terraform-helm-charts" {
source = "streamnative/terraform-helm-charts"
submodule_a_input = "my_custom_value"
}
While this pattern has some limitations, it is a sufficient workaround for our (opinionated) needs in these modules.
Name | Version |
---|---|
terraform | >=1.0.0 |
helm | 2.2.0 |
kubernetes | >=2.6.1 |
No providers.
Name | Source | Version |
---|---|---|
cloud-manager-agent | ./modules/cloud-manager-agent | n/a |
function_mesh_operator | ./modules/function-mesh-operator | n/a |
istio_operator | ./modules/istio-operator | n/a |
olm | ./modules/operator-lifecycle-manager | n/a |
olm_subscriptions | ./modules/olm-subscriptions | n/a |
otel_collector | ./modules/otel-collector | n/a |
prometheus_operator | ./modules/prometheus-operator | n/a |
pulsar_operator | ./modules/pulsar-operator | n/a |
vault_operator | ./modules/vault-operator | n/a |
vector_agent | ./modules/vector-agent | n/a |
vmagent | ./modules/victoria-metrics-agent | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cma_environment | Whether this is for a test, staging, or production environment. | string |
"production" |
no |
cma_namespace | The namespace used by cloud-manager-agent and its resources | string |
"sn-system" |
no |
cma_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
cma_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") |
any |
null |
no |
create_function_mesh_operator_namespace | Create a namespace for the deployment. | bool |
false |
no |
create_istio_operator_namespace | Create a namespace for the deployment. Defaults to "true". | bool |
true |
no |
create_istio_system_namespace | Create a namespace where istio components will be installed. | bool |
false |
no |
create_kiali_cr | Create a Kiali CR for the Kiali deployment. | bool |
null |
no |
create_kiali_operator_namespace | Create a namespace for the deployment. | bool |
true |
no |
create_olm_install_namespace | Create a namespace for the deployment. Defaults to "true". | bool |
false |
no |
create_olm_namespace | Whether or not to create the namespace used for OLM and its resources. Defaults to "true". | bool |
true |
no |
create_otel_collector_namespace | Wether or not to create the namespace used for the Otel Collector. | bool |
null |
no |
create_prometheus_operator_namespace | Create a namespace for the deployment. | bool |
null |
no |
create_pulsar_operator_namespace | Create a namespace for the deployment. | bool |
false |
no |
create_vault_operator_namespace | Create a namespace for the deployment. | bool |
false |
no |
create_vector_agent_namespace | Create a namespace for the deployment. | bool |
false |
no |
create_vmagent_namespace | Create a namespace for the deployment. | bool |
false |
no |
enable_cma | Enables Cloud Manager Agent. Disabled by default. | bool |
false |
no |
enable_function_mesh_operator | Enables the StreamNative Function Mesh Operator. Set to "true" by default, but disabled if OLM is enabled. | bool |
true |
no |
enable_istio_operator | Enables the Istio Operator. Set to "false" by default. | bool |
false |
no |
enable_kiali_operator | Enables the Kiali Operator. Set to "false" by default. | bool |
false |
no |
enable_olm | Enables Operator Lifecycle Manager (OLM), and disables installing operators via Helm. OLM is disabled by default. Set to "true" to have OLM manage the operators. | bool |
false |
no |
enable_otel_collector | Enables Open Telemetry. Set to "false" by default. | bool |
false |
no |
enable_prometheus_operator | Enables the Prometheus Operator and other components via kube-stack-prometheus. Set to "true" by default. | bool |
true |
no |
enable_pulsar_operator | Enables the Pulsar Operator on the EKS cluster. Enabled by default, but disabled if var.disable_olm is set to true |
bool |
true |
no |
enable_vault_operator | Enables Hashicorp Vault on the EKS cluster. | bool |
true |
no |
enable_vector_agent | Enables the Vector Agent on the EKS cluster. Enabled by default, but must be passed a configuration in order to function | bool |
false |
no |
enable_vmagent | Enables the Victoria Metrics stack on the EKS cluster. Disabled by default | bool |
false |
no |
function_mesh_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
function_mesh_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
function_mesh_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
function_mesh_operator_namespace | The namespace used for the operator deployment | string |
"sn-system" |
no |
function_mesh_operator_release_name | The name of the helm release | string |
null |
no |
function_mesh_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
function_mesh_operator_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
function_mesh_operator_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
istio_cluster_name | The name of the kubernetes cluster where Istio is being configured. This is required when "enable_istio_operator" is set to "true". | string |
null |
no |
istio_mesh_id | The ID used by the Istio mesh. This is also the ID of the StreamNative Cloud Pool used for the workload environments. This is required when "enable_istio_operator" is set to "true". | string |
null |
no |
istio_network | The name of network used for the Istio deployment. | string |
null |
no |
istio_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
istio_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
istio_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
istio_operator_namespace | The namespace used for the Istio operator deployment | string |
"istio-operator" |
no |
istio_operator_release_name | The name of the helm release | string |
null |
no |
istio_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
istio_operator_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
istio_operator_values | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | any |
null |
no |
istio_profile | The path or name for an Istio profile to load. Set to the profile "default" if not specified. | string |
null |
no |
istio_revision_tag | The revision tag value use for the Istio label "istio.io/rev". Defaults to "sn-stable". | string |
null |
no |
istio_system_namespace | The namespace used for the Istio components. | string |
"sn-system" |
no |
istio_trust_domain | The trust domain used for the Istio operator, which corresponds to the root of a system. This is required when "enable_istio_operator" is set to "true". | string |
null |
no |
kiali_namespace | The namespace used for the Kiali operator. | string |
"sn-system" |
no |
kiali_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
kiali_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
kiali_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
kiali_operator_namespace | The namespace used for the Kiali operator deployment | string |
"kiali-operator" |
no |
kiali_operator_release_name | The name of the Kiali release | string |
null |
no |
kiali_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
kiali_operator_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
olm_enable_istio | Apply Istio authorization policies for OLM operators. Defaults to "false". | bool |
false |
no |
olm_install_namespace | The namespace used for installing the operators managed by OLM | string |
"sn-system" |
no |
olm_istio_system_namespace | The namespace for Istio authorization policies. Set to the Istio root namespace for cluster-wide policies. | string |
"istio-system" |
no |
olm_namespace | The namespace used by OLM and its resources | string |
"olm" |
no |
olm_registry | The registry containing StreamNative's operator catalog images | string |
null |
no |
olm_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
olm_subscription_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
olm_subscription_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
olm_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
otel_collector_chart_name | The name of the helm chart to install. | string |
null |
no |
otel_collector_chart_repository | The repository containing the helm chart to install. | string |
null |
no |
otel_collector_chart_version | The version of the helm chart to install. | string |
null |
no |
otel_collector_image_version | The version of the OpenTelemetry Collector image to use. | string |
null |
no |
otel_collector_namespace | The namespace used for the Otel Collector. | string |
"sn-system" |
no |
otel_collector_release_name | The name of the Helm release. | string |
null |
no |
otel_collector_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
otel_collector_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
otel_collector_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
prometheus_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
prometheus_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
prometheus_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
prometheus_operator_namespace | The namespace used for the operator deployment | string |
"sn-system" |
no |
prometheus_operator_release_name | The name of the helm release | string |
null |
no |
prometheus_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
prometheus_operator_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
prometheus_operator_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
pulsar_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
pulsar_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
pulsar_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
pulsar_operator_namespace | The namespace used for the operator deployment | string |
"sn-system" |
no |
pulsar_operator_release_name | The name of the helm release | string |
null |
no |
pulsar_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
pulsar_operator_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
pulsar_operator_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
service_domain | The DNS domain for external service endpoints. This must be set when enabling Istio or else the deployment will fail. | string |
null |
no |
vault_operator_chart_name | The name of the Helm chart to install | string |
null |
no |
vault_operator_chart_repository | The repository containing the Helm chart to install | string |
null |
no |
vault_operator_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
vault_operator_namespace | The namespace used for the operator deployment | string |
"sn-system" |
no |
vault_operator_release_name | The name of the helm release | string |
null |
no |
vault_operator_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
vault_operator_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
vault_operator_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") . |
any |
null |
no |
vector_agent_chart_name | The name of the Helm chart to install | string |
null |
no |
vector_agent_chart_repository | The repository containing the Helm chart to install. See https://github.com/timberio/vector/tree/master/distribution/helm/vector-agent for available configuration options | string |
null |
no |
vector_agent_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
vector_agent_namespace | The namespace used for the operator deployment. | string |
"sn-system" |
no |
vector_agent_release_name | The name of the helm release | string |
null |
no |
vector_agent_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
vector_agent_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
vector_agent_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") |
any |
null |
no |
vector_sink_endpoint | The endpoint to which Vector will send logs. | string |
null |
no |
vector_sink_name | The name of the vector sink. | string |
null |
no |
vector_sink_oauth_audience | The OAuth audience for the sink authorization config. | string |
null |
no |
vector_sink_oauth_credentials_url | A base64 encoded string containing the OAuth credentials URL for the sink authorization config. | string |
null |
no |
vector_sink_oauth_issuer_url | The OAuth issuer URL for the sink authorization config. | string |
null |
no |
vector_sink_topic | The topic for the sink to which Vector will send logs. | string |
null |
no |
vmagent_basicauth_enabled | Enable basic auth for remote write endpoint. Requires providing a username and base64 encoded password. | bool |
null |
no |
vmagent_basicauth_password | If basic auth is enabled, provide the base64 encoded password to use for the VMAgent client connection | string |
null |
no |
vmagent_basicauth_username | If basic auth is enabled, provate the username for the VMAgent client | string |
null |
no |
vmagent_chart_name | The name of the Helm chart to install | string |
null |
no |
vmagent_chart_repository | The repository containing the Helm chart to install. | string |
null |
no |
vmagent_chart_version | The version of the Helm chart to install. Set to the submodule default. | string |
null |
no |
vmagent_gsa_audience | If using GSA for auth to send metrics, the audience to use for token generation | string |
null |
no |
vmagent_gtoken_image | The image URL to use for the gtoken container | string |
null |
no |
vmagent_gtoken_image_version | The image version to use for the gtoken container | string |
null |
no |
vmagent_namespace | The namespace used for the operator deployment. | string |
"sn-system" |
no |
vmagent_oauth2_client_id | If OAuth2 is enabled, provide the client id for the VMAgent client | string |
null |
no |
vmagent_oauth2_client_secret | If OAuth2 is enabled, provide a base64 encoded secret to use for the VMAgent client connection. | string |
null |
no |
vmagent_oauth2_enabled | Enable OAuth2 authentication for remote write endpoint. Requires providing a client id and secret. | bool |
null |
no |
vmagent_oauth2_token_url | If OAuth2 is enabled, provide the token url to use for the VMAgent client connection | string |
null |
no |
vmagent_pods_scrape_namespaces | A list of additional namespaces to scrape pod metrics. Defaults to "sn-system". | list(string) |
null |
no |
vmagent_release_name | The name of the helm release | string |
null |
no |
vmagent_remote_write_urls | A list of URL(s) for the remote write endpoint(s). | list(string) |
null |
no |
vmagent_settings | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | map(any) |
null |
no |
vmagent_timeout | Time in seconds to wait for any individual kubernetes operation | number |
null |
no |
vmagent_values | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the file() function, i.e. file("my/values.yaml") |
any |
null |
no |
No outputs.