diff --git a/IAM.md b/IAM.md
index a119b24..8d94f52 100644
--- a/IAM.md
+++ b/IAM.md
@@ -1,7 +1,7 @@
## IAM Permission
The Policy required to deploy this module:
-```hcl
+```json
{
"Version": "2012-10-17",
"Statement": [
@@ -35,3 +35,29 @@ The Policy required to deploy this module:
]
}
```
+## Azure Role Permissions
+
+```hcl
+ permissions {
+ actions = [
+ "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
+ "Microsoft.ManagedIdentity/userAssignedIdentities/read",
+ "Microsoft.ManagedIdentity/userAssignedIdentities/write",
+ "Microsoft.Resources/subscriptions/providers/read",
+ "Microsoft.Resources/subscriptions/resourcegroups/read"]
+ not_actions = []
+ }
+```
+
+## GCP IAM Permissions
+
+```hcl
+ permissions = [
+ "iam.serviceAccounts.create",
+ "iam.serviceAccounts.delete",
+ "iam.serviceAccounts.get",
+ "iam.serviceAccounts.update",
+ "resourcemanager.projects.getIamPolicy",
+ "resourcemanager.projects.setIamPolicy"
+ ]
+```
diff --git a/README.md b/README.md
index 5e6e355..99bb1cf 100644
--- a/README.md
+++ b/README.md
@@ -9,26 +9,32 @@
This ECK module is a Kubernetes operator for Elasticsearch and Kibana that simplifies the deployment, management, and scaling of Elasticsearch and Kibana clusters in Kubernetes environments. The ECK module allows you to easily create and configure Elasticsearch and Kibana clusters, and provides customization options such as persistent volume claim templates and storage classes. Additionally, the ECK module provides security features such as encryption and authentication for Elasticsearch and Kibana clusters. With the ECK module, you can manage Elasticsearch and Kibana clusters in a scalable and efficient manner, while also ensuring the security of your data.
## Important Notes:
-This module is compatible with EKS version 1.23,1.24,1.25 and 1.26 which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+This module is compatible with EKS, AKS & GKE which is great news for users deploying the module on an AWS, Azure & GCP cloud. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
## Supported Versions Table:
-| Resources | Helm Chart Version | K8s supported version |
+| Resources | Helm Chart Version | K8s supported version (EKS, AKS & GKE) |
| :-----: | :--- | :--- |
-| Elastic-Operator | **2.7.0** | **1.23**,**1.24**,**1.25**,**1.26** |
-| ECK | **7.17.3** | **1.23**,**1.24**,**1.25**,**1.26** |
-| Elastalert2 | **2.9.0** | **1.23**,**1.24**,**1.25**,**1.26** |
+| Elastic-Operator | **2.7.0** | **1.23**,**1.24**,**1.25**,**1.26**,**1.27** |
+| ECK | **7.17.3** | **1.23**,**1.24**,**1.25**,**1.26**,**1.27** |
+| Elastalert2 | **2.9.0** | **1.23**,**1.24**,**1.25**,**1.26**,**1.27** |
## Usage Example
```hcl
+module "aws" {
+ source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git//modules/resources/aws"
+ cluster_name = "prod-eks"
+}
+
module "eck" {
source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git"
- cluster_name = "dev-cluster"
+ namespace = "elastic-system"
eck_config = {
- hostname = "eck.squareops.in"
- eck_values = ""
+ provider_type = "aws"
+ hostname = "eck.squareops.in"
+ eck_values = ""
master_node_sc = "gp2"
data_hot_node_sc = "gp2"
data_warm_node_sc = "gp2"
@@ -39,8 +45,9 @@ module "eck" {
master_node_count = 1
data_hot_node_count = 2
data_warm_node_count = 2
+ role_arn = module.aws.role_arn
}
-
+ exporter_enabled = true
elastalert_enabled = false
elastalert_config = {
slack_webhook_url = ""
@@ -50,7 +57,9 @@ module "eck" {
```
-Refer [examples](https://github.com/sq-ia/terraform-kubernetes-elastic/tree/main/examples/complete) for more details.
+- Refer [AWS examples](https://github.com/sq-ia/terraform-kubernetes-elastic/tree/main/examples/complete/aws) for more details.
+- Refer [Azure examples](https://github.com/sq-ia/terraform-kubernetes-elastic/tree/main/examples/complete/azure) for more details.
+- Refer [GCP examples](https://github.com/sq-ia/terraform-kubernetes-elastic/tree/main/examples/complete/gcp) for more details.
## IAM Permissions
The required IAM permissions to create resources from this module can be found [here](https://github.com/sq-ia/terraform-kubernetes-elastic/blob/main/IAM.md)
@@ -72,7 +81,6 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
| [helm](#provider\_helm) | n/a |
| [kubernetes](#provider\_kubernetes) | n/a |
| [time](#provider\_time) | n/a |
@@ -85,15 +93,12 @@ No modules.
| Name | Type |
|------|------|
-| [aws_iam_role.eck_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [helm_release.eck_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.elastalert](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.elastic_stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.elasticsearch_exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.elastic_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [time_sleep.wait_60_sec](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [kubernetes_secret.eck_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
## Inputs
@@ -108,6 +113,8 @@ No modules.
| [elastalert\_enabled](#input\_elastalert\_enabled) | Whether the Elastalert tool should be deployed along with the ECK stack or not. | `bool` | `false` | no |
| [exporter\_enabled](#input\_exporter\_enabled) | Whether the ECK exporter should be deployed along with the ECK stack or not. | `bool` | `true` | no |
| [namespace](#input\_namespace) | Name of the Kubernetes namespace where the ECK deployment will be deployed. | `string` | `"elastic-system"` | no |
+| [provider\_type](#input\_provider\_type) | Choose what type of provider you want (aws, gcp) | `string` | `""` | no |
+| [role\_arn](#input\_role\_arn) | The s3 bucket role arn for the aws bucket provider | `string` | `""` | no |
## Outputs
diff --git a/examples/complete/README.md b/examples/complete/README.md
index cd6b3e6..4703a01 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -16,6 +16,8 @@ No requirements.
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |
+| [google](#provider\_google) | n/a |
+| [azurerm](#provider\_azurerm) | n/a |
## Modules
diff --git a/examples/complete/aws/README.md b/examples/complete/aws/README.md
new file mode 100644
index 0000000..d3a5ce4
--- /dev/null
+++ b/examples/complete/aws/README.md
@@ -0,0 +1,44 @@
+## AWS ECK Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [aws](#module\_aws) | https://github.com/sq-ia/terraform-kubernetes-elastic.git//modules/resources/aws | n/a |
+| [eck](#module\_eck) | https://github.com/sq-ia/terraform-kubernetes-elastic.git | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [eck\_credentials](#output\_eck\_credentials) | ECK\_Info |
+
diff --git a/examples/complete/helm/eck.yaml b/examples/complete/aws/helm/eck.yaml
similarity index 100%
rename from examples/complete/helm/eck.yaml
rename to examples/complete/aws/helm/eck.yaml
diff --git a/examples/complete/helm/elastAlert.yaml b/examples/complete/aws/helm/elastAlert.yaml
similarity index 100%
rename from examples/complete/helm/elastAlert.yaml
rename to examples/complete/aws/helm/elastAlert.yaml
diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf
new file mode 100644
index 0000000..19110c4
--- /dev/null
+++ b/examples/complete/aws/main.tf
@@ -0,0 +1,42 @@
+locals {
+ name = "elastic"
+ region = "us-east-2"
+ environment = "prod"
+ additional_tags = {
+ Owner = "organization_name"
+ Expires = "Never"
+ Department = "Engineering"
+ }
+}
+
+module "aws" {
+ source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git//modules/resources/aws"
+ cluster_name = ""
+}
+
+module "eck" {
+ source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git"
+ namespace = "elastic-system"
+ eck_config = {
+ provider_type = "aws"
+ hostname = "eck.squareops.in"
+ eck_values = file("./helm/eck.yaml")
+ master_node_sc = "gp2"
+ data_hot_node_sc = "gp2"
+ data_warm_node_sc = "gp2"
+ master_node_size = "20Gi"
+ data_hot_node_size = "50Gi"
+ data_warm_node_size = "50Gi"
+ kibana_node_count = 1
+ master_node_count = 1
+ data_hot_node_count = 2
+ data_warm_node_count = 2
+ role_arn = module.aws.role_arn
+ }
+ exporter_enabled = true
+ elastalert_enabled = false
+ elastalert_config = {
+ slack_webhook_url = ""
+ elastalert_values = file("./helm/elastAlert.yaml")
+ }
+}
diff --git a/examples/complete/output.tf b/examples/complete/aws/output.tf
similarity index 100%
rename from examples/complete/output.tf
rename to examples/complete/aws/output.tf
diff --git a/examples/complete/provider.tf b/examples/complete/aws/provider.tf
similarity index 100%
rename from examples/complete/provider.tf
rename to examples/complete/aws/provider.tf
diff --git a/examples/complete/azure/README.md b/examples/complete/azure/README.md
new file mode 100644
index 0000000..8a95a27
--- /dev/null
+++ b/examples/complete/azure/README.md
@@ -0,0 +1,42 @@
+## Azure ECK Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [eck](#module\_eck) | https://github.com/sq-ia/terraform-kubernetes-elastic.git | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [eck\_credentials](#output\_eck\_credentials) | ECK\_Info |
+
diff --git a/examples/complete/azure/helm/eck.yaml b/examples/complete/azure/helm/eck.yaml
new file mode 100644
index 0000000..0cc29fb
--- /dev/null
+++ b/examples/complete/azure/helm/eck.yaml
@@ -0,0 +1,9 @@
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "Monitor-Services"
+ operator: In
+ values:
+ - "true"
diff --git a/examples/complete/azure/helm/elastAlert.yaml b/examples/complete/azure/helm/elastAlert.yaml
new file mode 100644
index 0000000..b6db7ad
--- /dev/null
+++ b/examples/complete/azure/helm/elastAlert.yaml
@@ -0,0 +1,27 @@
+rules:
+ slack_alert: |-
+ ---
+ name: elast_alert
+ type: frequency
+ index: filebeat-*
+ num_events: 5
+ timeframe:
+ minutes: 5
+ filter:
+ - query:
+ query_string:
+ query: "http.response.status_code : 404"
+ alert:
+ - "slack"
+ slack:
+ slack_webhook_url: https://hooks.slack.com/services/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
+
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "Monitor-Services"
+ operator: In
+ values:
+ - "true"
diff --git a/examples/complete/azure/main.tf b/examples/complete/azure/main.tf
new file mode 100644
index 0000000..577dfa0
--- /dev/null
+++ b/examples/complete/azure/main.tf
@@ -0,0 +1,36 @@
+locals {
+ name = "elastic"
+ region = "eastus"
+ environment = "prod"
+ additional_tags = {
+ Owner = "organization_name"
+ Expires = "Never"
+ Department = "Engineering"
+ }
+}
+
+module "eck" {
+ source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git"
+ namespace = "elastic-system"
+ eck_config = {
+ provider_type = "azure"
+ hostname = ""
+ eck_values = file("./helm/eck.yaml")
+ master_node_sc = "infra-service-sc"
+ data_hot_node_sc = "infra-service-sc"
+ data_warm_node_sc = "infra-service-sc"
+ master_node_size = "20Gi"
+ data_hot_node_size = "50Gi"
+ data_warm_node_size = "50Gi"
+ kibana_node_count = 1
+ master_node_count = 1
+ data_hot_node_count = 1
+ data_warm_node_count = 1
+ }
+ exporter_enabled = false
+ elastalert_enabled = false
+ elastalert_config = {
+ slack_webhook_url = ""
+ elastalert_values = file("./helm/elastAlert.yaml")
+ }
+}
diff --git a/examples/complete/azure/output.tf b/examples/complete/azure/output.tf
new file mode 100644
index 0000000..30164f8
--- /dev/null
+++ b/examples/complete/azure/output.tf
@@ -0,0 +1,4 @@
+output "eck_credentials" {
+ description = "ECK_Info"
+ value = module.eck.eck
+}
diff --git a/examples/complete/azure/provider.tf b/examples/complete/azure/provider.tf
new file mode 100644
index 0000000..3bea740
--- /dev/null
+++ b/examples/complete/azure/provider.tf
@@ -0,0 +1,26 @@
+provider "azurerm" {
+ features {}
+}
+
+data "azurerm_kubernetes_cluster" "primary" {
+ name = ""
+ resource_group_name = ""
+}
+
+provider "kubernetes" {
+ host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+ username = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
+ password = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
+ client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+ client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+ cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+ kubernetes {
+ host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+ client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+ client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+ cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+ }
+}
diff --git a/examples/complete/gcp/README.md b/examples/complete/gcp/README.md
new file mode 100644
index 0000000..0d3146a
--- /dev/null
+++ b/examples/complete/gcp/README.md
@@ -0,0 +1,43 @@
+## GCP ECK Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [eck](#module\_eck) | https://github.com/sq-ia/terraform-kubernetes-elastic.git | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [eck\_credentials](#output\_eck\_credentials) | ECK\_Info |
+
diff --git a/examples/complete/gcp/helm/eck.yaml b/examples/complete/gcp/helm/eck.yaml
new file mode 100644
index 0000000..81f45fa
--- /dev/null
+++ b/examples/complete/gcp/helm/eck.yaml
@@ -0,0 +1,9 @@
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "ECK-Services"
+ operator: In
+ values:
+ - "true"
diff --git a/examples/complete/gcp/helm/elastAlert.yaml b/examples/complete/gcp/helm/elastAlert.yaml
new file mode 100644
index 0000000..8887398
--- /dev/null
+++ b/examples/complete/gcp/helm/elastAlert.yaml
@@ -0,0 +1,27 @@
+rules:
+ slack_alert: |-
+ ---
+ name: elast_alert
+ type: frequency
+ index: filebeat-*
+ num_events: 5
+ timeframe:
+ minutes: 5
+ filter:
+ - query:
+ query_string:
+ query: "http.response.status_code : 404"
+ alert:
+ - "slack"
+ slack:
+ slack_webhook_url: https://hooks.slack.com/services/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
+
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "ECK-Services"
+ operator: In
+ values:
+ - "true"
diff --git a/examples/complete/main.tf b/examples/complete/gcp/main.tf
similarity index 85%
rename from examples/complete/main.tf
rename to examples/complete/gcp/main.tf
index d1bed0f..f53549e 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/gcp/main.tf
@@ -10,9 +10,10 @@ locals {
}
module "eck" {
- source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git"
- cluster_name = ""
+ source = "https://github.com/sq-ia/terraform-kubernetes-elastic.git"
+ namespace = "elastic-system"
eck_config = {
+ provider_type = "gcp"
hostname = "eck.squareops.in"
eck_values = file("./helm/eck.yaml")
master_node_sc = "gp2"
diff --git a/examples/complete/gcp/output.tf b/examples/complete/gcp/output.tf
new file mode 100644
index 0000000..30164f8
--- /dev/null
+++ b/examples/complete/gcp/output.tf
@@ -0,0 +1,4 @@
+output "eck_credentials" {
+ description = "ECK_Info"
+ value = module.eck.eck
+}
diff --git a/examples/complete/gcp/provider.tf b/examples/complete/gcp/provider.tf
new file mode 100644
index 0000000..d08fdf6
--- /dev/null
+++ b/examples/complete/gcp/provider.tf
@@ -0,0 +1,21 @@
+data "google_client_config" "default" {}
+
+data "google_container_cluster" "primary" {
+ name = ""
+ location = ""
+ project = ""
+}
+
+provider "kubernetes" {
+ host = "https://${data.google_container_cluster.primary.endpoint}"
+ token = data.google_client_config.default.access_token
+ cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+ kubernetes {
+ host = "https://${data.google_container_cluster.primary.endpoint}"
+ token = data.google_client_config.default.access_token
+ cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+ }
+}
diff --git a/helm/elastic-stack/templates/elasticsearch.yaml b/helm/elastic-stack/templates/elasticsearch.yaml
index 096b293..4c53cff 100644
--- a/helm/elastic-stack/templates/elasticsearch.yaml
+++ b/helm/elastic-stack/templates/elasticsearch.yaml
@@ -28,6 +28,8 @@ spec:
- -c
- |
bin/elasticsearch-plugin install --batch repository-s3
+ bin/elasticsearch-plugin install --batch repository-azure
+ bin/elasticsearch-plugin install --batch repository-gcs
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 10 }}
diff --git a/helm/elastic-stack/values.yaml b/helm/elastic-stack/values.yaml
index d328869..82c5200 100644
--- a/helm/elastic-stack/values.yaml
+++ b/helm/elastic-stack/values.yaml
@@ -61,7 +61,7 @@ affinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: "ECK-Services"
+ - key: "Monitor-Services"
operator: In
values:
- "true"
diff --git a/main.tf b/main.tf
index 57e7ecb..b422153 100644
--- a/main.tf
+++ b/main.tf
@@ -1,17 +1,3 @@
-locals {
- oidc_provider = replace(
- data.aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer,
- "/^https:///",
- ""
- )
-}
-
-data "aws_caller_identity" "current" {}
-
-data "aws_eks_cluster" "kubernetes_cluster" {
- name = var.cluster_name
-}
-
resource "kubernetes_namespace" "elastic_system" {
metadata {
annotations = {}
@@ -52,7 +38,7 @@ resource "helm_release" "elastic_stack" {
es_data_hot_node_size = "${var.eck_config.data_hot_node_size}"
es_data_warm_node_size = "${var.eck_config.data_warm_node_size}"
kibana_node_count = "${var.eck_config.kibana_node_count}"
- s3_role_arn = aws_iam_role.eck_role.arn
+ s3_role_arn = var.provider_type == "aws" ? var.role_arn : ""
}),
var.eck_config.eck_values
]
@@ -105,46 +91,3 @@ resource "helm_release" "elasticsearch_exporter" {
file("${path.module}/helm/elasticsearch-exporter/elasticsearch-exporter.yaml")
]
}
-
-
-resource "aws_iam_role" "eck_role" {
- name = join("-", [var.cluster_name, "elastic-system"])
- assume_role_policy = jsonencode({
- Version = "2012-10-17",
- Statement = [
- {
- Effect = "Allow",
- Principal = {
- Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"
- },
- Action = "sts:AssumeRoleWithWebIdentity",
- Condition = {
- StringEquals = {
- "${local.oidc_provider}:aud" = "sts.amazonaws.com",
- "${local.oidc_provider}:sub" = "system:serviceaccount:elastic-system:sa-elastic"
- }
- }
- }
- ]
- })
- inline_policy {
- name = "AllowS3PutObject"
- policy = jsonencode({
- Version = "2012-10-17"
- Statement = [
- {
- Action = [
- "s3:GetObject",
- "s3:PutObject",
- "s3:ListBucket",
- "s3:DeleteObject",
- "s3:AbortMultipartUpload",
- "s3:ListMultipartUploadParts"
- ]
- Effect = "Allow"
- Resource = "*"
- }
- ]
- })
- }
-}
diff --git a/modules/resources/aws/README.md b/modules/resources/aws/README.md
new file mode 100644
index 0000000..6e9ebb6
--- /dev/null
+++ b/modules/resources/aws/README.md
@@ -0,0 +1,43 @@
+## ECK Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.eck_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster to which the ECK stack should be deployed. | `string` | `"test"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [role\_arn](#output\_role\_arn) | n/a |
+
diff --git a/modules/resources/aws/main.tf b/modules/resources/aws/main.tf
new file mode 100644
index 0000000..6d35d7a
--- /dev/null
+++ b/modules/resources/aws/main.tf
@@ -0,0 +1,56 @@
+locals {
+ oidc_provider = replace(
+ data.aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer,
+ "/^https:///",
+ ""
+ )
+}
+
+data "aws_caller_identity" "current" {
+}
+
+data "aws_eks_cluster" "kubernetes_cluster" {
+ name = var.cluster_name
+}
+
+resource "aws_iam_role" "eck_role" {
+ name = join("-", [var.cluster_name, "elastic-system"])
+ assume_role_policy = jsonencode({
+ Version = "2012-10-17",
+ Statement = [
+ {
+ Effect = "Allow",
+ Principal = {
+ Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"
+ },
+ Action = "sts:AssumeRoleWithWebIdentity",
+ Condition = {
+ StringEquals = {
+ "${local.oidc_provider}:aud" = "sts.amazonaws.com",
+ "${local.oidc_provider}:sub" = "system:serviceaccount:elastic-system:sa-elastic"
+ }
+ }
+ }
+ ]
+ })
+ inline_policy {
+ name = "AllowS3PutObject"
+ policy = jsonencode({
+ Version = "2012-10-17"
+ Statement = [
+ {
+ Action = [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:ListBucket",
+ "s3:DeleteObject",
+ "s3:AbortMultipartUpload",
+ "s3:ListMultipartUploadParts"
+ ]
+ Effect = "Allow"
+ Resource = "*"
+ }
+ ]
+ })
+ }
+}
diff --git a/modules/resources/aws/output.tf b/modules/resources/aws/output.tf
new file mode 100644
index 0000000..b3321d4
--- /dev/null
+++ b/modules/resources/aws/output.tf
@@ -0,0 +1,3 @@
+output "role_arn" {
+ value = aws_iam_role.eck_role.arn
+}
diff --git a/modules/resources/aws/variables.tf b/modules/resources/aws/variables.tf
new file mode 100644
index 0000000..3523a37
--- /dev/null
+++ b/modules/resources/aws/variables.tf
@@ -0,0 +1,5 @@
+variable "cluster_name" {
+ type = string
+ default = "test"
+ description = "Name of the EKS cluster to which the ECK stack should be deployed."
+}
diff --git a/variables.tf b/variables.tf
index 6cfa87f..a3d0479 100644
--- a/variables.tf
+++ b/variables.tf
@@ -61,3 +61,15 @@ variable "namespace" {
default = "elastic-system"
description = "Name of the Kubernetes namespace where the ECK deployment will be deployed."
}
+
+variable "provider_type" {
+ type = string
+ default = ""
+ description = "Choose what type of provider you want (aws, gcp)" // SUPPORTS ONLY: aws, gcp, azure
+}
+
+variable "role_arn" {
+ type = string
+ default = ""
+ description = "The s3 bucket role arn for the aws bucket provider" // SUPPORTS ONLY: aws, gcp
+}