Release 3.1.0 (#75)

* Addons restructure and Version Updates for 1.30 cluster (#34)

* update directory structure for alb,Node -termination-manager.cert-manager ,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret, reloader,metric-server

* version updste in alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* udate default addons and example calling module

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* Update addons directory structure for default addons, alb,Node -termination-manager,cert-manager,cluster-autoscaller,cluster-proportional-autoscaller,core dns-hpa,external-secret,config reloader,metric-server-hpa

* add akansha singh changes manually

* structure update in cert-manager and corednshpa

* structure update in cert-manager and corednshpa

* Changes of modules and version update

* Changes of modules and version update

* update structre

* kubernetes dashboard terraform addon module

* update cert-manager config

* solve kuberetes-dashboard ingress error

* Modifying addons module and version update of phase1

* update aws-ebs-csi-driver module

* update reloader configuration

* Updated the module names and corrected local.tf file.

* corrected module names which restructuring

* albhactically arrange modules

* Integrated ingress and private ingress in one module

* ingress-nginx logic implemented for private nlb

* comment update

* add karpenter-provisioner configuration for multiple labels

* change order of module names according to alphabatically

* Testing for public and private ingress has been done

* add keda configuration

* corrected pre-commit errors and warnings

* fixed the vpc-cni and ebs-csi-driver versions and resource limits

* Updated readme.md file

* standardized modules and variables

* resource limit update keda, cluster-autoscaler, cert-manager

* readme.md modified by pre-commit

* support for EKS version >=1.28

---------

Co-authored-by: Divyanshu jain <divyanshu.jain@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Added KMS key encryption for Karpenter, Version Update for Keda and m… (#35)

* Added KMS key encryption for Karpenter, Version Update for Keda and metric-server-vpa along with improving the limit and request of resources

* Added comments in main.tf for better understanding

* Added comments in main.tf for better understanding

* Kubernetes-dashboard improved version

---------

Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Release 3.0.0 Fixes (#36)

* Updated some changes

* ebs-csi-driver policy addition and version update

* efs-csi-driver fixed

* Kubernetes-dashboard module depends_on added

* cluster autoscaler fixes for 1.30 EKS cluster

* Cert-Manager Fixes

* Karpenter and Velero changes

* added condition for internal ingress

* EFS Driver policy updates

* Fixed the indentation and comments in velero

---------

Co-authored-by: Ankush.upadhyay <ankush.upadhyay@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* Policy update in efs-csi-driver

* Policy update in efs-csi-driver (#39)

Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>

* FIxed coredns HPA bug (#38)

* Release 3.0.0 (#40)

* Updated example calling module and readme files

* Updated example's main.tf file

* add nginx-ingress outputs

* Karpenter on single AZ

* Terraform destroy script

* Added note for terraform destroy script

* Revert "Karpenter on single AZ"

This reverts commit 1fe021d.

* Removed istio module and moved to z-archieve folder

* Added private alb option in K8S-dashabord ingress annotation

* Karpenter, VPC-cni fixes

* added cost tags in additional_aws_tags in calling module

* Modified karpenter provisioner block

* Support cost tags in all aws services

* modified email

* Optimized Resource request and limit (#49)

* added spot instance policy for service-lined-role

* Optimized Resource request and limit

* Updated cost related tags in all the addons services (#50)

* Support cost tags in all aws services

* modified email

* Release 3.0.1 (#51)

* added spot instance policy for service-lined-role

* Modifed main config for cert manager CRD's

* Update main.tf

"}" missing

* ArgoCD and ArgoProject support in Addons Module

* Updated coreDNS HPA memory metric type

* Output block added for argocd creds

* Add namespace support for ArgoCD

* Provide support of additional tags in all the aws resources

* Argo-Workflow Module added

* argocd namespace changes

* Variablizing name and namespace in argo project

* Argo-workflow token output

* Solved K8S-dashboard ingress terminating issue

* Bug fux for certmanager and ingress-nginx

* Updated HPA for argocd and workflow

* alb-controller-bug-fix

* Update argo-workflow calling module

* Updated aws nth module, added notification functionality as optional

* Updated calling module

* Fixed ingress-nginx destroying issue

* Ran pre-commit checks

* ran pre-commit  checks

* Updated example calling module in readme file

* Updated karpenter version and added bottlerocket ami support

* Added cert-manager dependency on vpc-cni

* Added argocd and workflow dependency on ingress module

* Update main.tf

---------

Co-authored-by: AkankshaSquareops <akanksha.singh@squareops.com>
Co-authored-by: Divyanshu jain <divyanshu.jain@squareops.com>
Co-authored-by: Akanksha Singh <akanksha.singh@squareops.in>
Co-authored-by: vinayakgautamops <95210787+vinayakgautamops@users.noreply.github.com>
Co-authored-by: jshre898 <shreya.jain@squareops.com>
Co-authored-by: Monachawla1712 <chawalamona44@gmail.com>
Co-authored-by: vinayakops <vinayak.gautam@revnue.com>
Co-authored-by: Monachawla1712 <146841568+Monachawla1712@users.noreply.github.com>

Author: 9 people

README.md

@@ -21,7 +21,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | n/a |
+| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 3.1.1 |
 
 ## Resources
 
@@ -38,12 +38,14 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_argocd"></a> [argocd](#output\_argocd) | ArgoCD Credentials |
+| <a name="output_argoworkflow_credentials"></a> [argoworkflow\_credentials](#output\_argoworkflow\_credentials) | Argocd Workflow credentials |
+| <a name="output_argoworkflow_hostname"></a> [argoworkflow\_hostname](#output\_argoworkflow\_hostname) | Argocd Workflow hostname |
 | <a name="output_defectdojo"></a> [defectdojo](#output\_defectdojo) | DefectDojo endpoint and credentials |
 | <a name="output_ebs_encryption_enable"></a> [ebs\_encryption\_enable](#output\_ebs\_encryption\_enable) | Whether Amazon Elastic Block Store (EBS) encryption is enabled or not. |
 | <a name="output_efs_id"></a> [efs\_id](#output\_efs\_id) | ID of the Amazon Elastic File System (EFS) that has been created for the EKS cluster. |
 | <a name="output_environment"></a> [environment](#output\_environment) | Environment Name for the EKS cluster |
 | <a name="output_internal_nginx_ingress_controller_dns_hostname"></a> [internal\_nginx\_ingress\_controller\_dns\_hostname](#output\_internal\_nginx\_ingress\_controller\_dns\_hostname) | DNS hostname of the NGINX Ingress Controller that can be used to access it from within the cluster. |
-| <a name="output_istio_ingressgateway_dns_hostname"></a> [istio\_ingressgateway\_dns\_hostname](#output\_istio\_ingressgateway\_dns\_hostname) | DNS hostname of the Istio Ingress Gateway |
 | <a name="output_k8s_dashboard_admin_token"></a> [k8s\_dashboard\_admin\_token](#output\_k8s\_dashboard\_admin\_token) | Kubernetes-Dashboard Admin Token |
 | <a name="output_k8s_dashboard_read_only_token"></a> [k8s\_dashboard\_read\_only\_token](#output\_k8s\_dashboard\_read\_only\_token) | Kubernetes-Dashboard Read Only Token |
 | <a name="output_kubeclarity"></a> [kubeclarity](#output\_kubeclarity) | Kubeclarity endpoint and credentials |

examples/complete/README.md

@@ -0,0 +1,46 @@
+controller:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+executor:
+  resources:
+   limits:
+     cpu: 20m
+     memory: 100Mi
+   requests:
+     cpu: 10m
+     memory: 50Mi
+
+server:
+  resources:
+   limits:
+     cpu: 20m
+     memory: 100Mi
+   requests:
+     cpu: 10m
+     memory: 50Mi
+
+logging:
+  resources:
+   limits:
+     cpu: 20m
+     memory: 100Mi
+   requests:
+     cpu: 10m
+     memory: 50Mi
+
+mainContainer:
+  resources:
+   limits:
+     cpu: 20m
+     memory: 100Mi
+   requests:
+     cpu: 10m
+     memory: 50Mi

examples/complete/config/argocd-workflow.yaml

@@ -0,0 +1,137 @@
+configs:
+  cm:
+    accounts.admin: apiKey
+
+controller:
+  resources:
+   limits:
+     cpu: 100m
+     memory: 500Mi
+   requests:
+     cpu: 50m
+     memory: 250Mi
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+repoServer:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+  resources:
+   limits:
+     cpu: 20m
+     memory: 200Mi
+   requests:
+     cpu: 10m
+     memory: 100Mi
+
+
+notifications:
+  resources:
+   limits:
+     cpu: 20m
+     memory: 100Mi
+   requests:
+     cpu: 10m
+     memory: 50Mi
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+server:
+  resources:
+   limits:
+     cpu: 100m
+     memory: 200Mi
+   requests:
+     cpu: 50m
+     memory: 100Mi
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+redis:
+  resources:
+   limits:
+     cpu: 100m
+     memory: 150Mi
+   requests:
+     cpu: 50m
+     memory: 75Mi
+
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+dex:
+  resources:
+   limits:
+     cpu: 40m
+     memory: 100Mi
+   requests:
+     cpu: 20m
+     memory: 50Mi
+
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
+applicationSet:
+  resources:
+   limits:
+     cpu: 40m
+     memory: 100Mi
+   requests:
+     cpu: 20m
+     memory: 50Mi
+
+
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"

examples/complete/config/argocd.yaml

@@ -5,6 +5,7 @@ crds:
   # This option decides if the CRDs should be installed
   # as part of the Helm installation.
   enabled: true
+  keep: false
 ## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
 
 affinity:
@@ -19,11 +20,11 @@ affinity:
 
 resources:
   limits:
-    cpu: 20m
-    memory: 400Mi
-  requests:
     cpu: 10m
     memory: 200Mi
+  requests:
+    cpu: 5m
+    memory: 100Mi
 
 webhook:
   affinity:
@@ -38,11 +39,11 @@ webhook:
 
   resources:
     limits:
-      cpu: 20m
-      memory: 150Mi
-    requests:
       cpu: 10m
-      memory: 75Mi
+      memory: 100Mi
+    requests:
+      cpu: 8m
+      memory: 50Mi
 
 cainjector:
   affinity:
@@ -57,8 +58,8 @@ cainjector:
 
   resources:
     limits:
-      cpu: 20m
-      memory: 480Mi
+      cpu: 16m
+      memory: 300Mi
     requests:
-      cpu: 10m
-      memory: 240Mi
+      cpu: 8m
+      memory: 150Mi

examples/complete/config/cert-manager.yaml

@@ -14,8 +14,8 @@ affinity:
 
 resources:
   limits:
-    cpu: 20m
-    memory: 200Mi
+    cpu: 50m
+    memory: 250Mi
   requests:
-    cpu: 10m
-    memory: 100Mi
+    cpu: 25m
+    memory: 250Mi

examples/complete/config/cluster-autoscaler.yaml

@@ -1,9 +1,9 @@
 resources:
   limits:
-    cpu: 20m
+    cpu: 10m
     memory: 100Mi
   requests:
-    cpu: 10m
+    cpu: 5m
     memory: 50Mi
 
 affinity:
@@ -19,10 +19,10 @@ affinity:
 webhook:
   resources:
     limits:
-      cpu: 20m
+      cpu: 10m
       memory: 100Mi
     requests:
-      cpu: 10m
+      cpu: 8m
       memory: 50Mi
 
   affinity:
@@ -38,10 +38,10 @@ webhook:
 certController:
   resources:
     limits:
-      cpu: 20m
+      cpu: 10m
       memory: 100Mi
     requests:
-      cpu: 10m
+      cpu: 8m
       memory: 50Mi
 
   affinity:

examples/complete/config/external-secret.yaml

@@ -1,3 +1,4 @@
+controller:
   resources:
     limits:
       cpu: 100m

examples/complete/config/ingress-nginx.yaml

@@ -35,24 +35,24 @@ webhooks:
 resources:
   operator:
     limits:
-      cpu: 200m
-      memory: 200Mi
+      cpu: 20m
+      memory: 180Mi
     requests:
-      cpu: 100m
-      memory: 100Mi
+      cpu: 10m
+      memory: 60Mi
   metricServer:
     limits:
-      cpu: 200m
-      memory: 200Mi
-    requests:
       cpu: 100m
       memory: 100Mi
+    requests:
+      cpu: 50m
+      memory: 50Mi
   webhooks:
     limits:
-      cpu: 20m
+      cpu: 10m
       memory: 20Mi
     requests:
-      cpu: 10m
+      cpu: 5m
       memory: 10Mi
 
 affinity: