Skip to content

cookielab/terraform-kubernetes-cluster-apps

BranchesTags

Repository files navigation

Example usage

module "cluster_apps" {
  source  = "cookielab/cluster-apps/kubernetes"
  version = "1.5.0"

  namespace = {
    create = true
    name   = "cluster-apps"
  }

  cluster_name = "<cluster_name>"

  node_selector = {}

  grafana_alloy = {
    metrics = {
      endpoint = "<mimir_http_endpoint>"
      ssl_enabled = false
    }
    loki = {
      enabled = true
      url = "http://loki:3100/loki/api/v1/push"
    }
    aws = {
      account = data.aws_caller_identity.current.account_id
      region  = data.aws_region.current.name
    }
  }

  cert_manager = {
    enabled = true
  }

  external_secrets = {
    enabled = false
  }

  karpenter = {
    enabled = false
  }

  kyverno = {
    enabled = false
  }

  vpa = {
    enabled = false
  }

  metrics_server = {
    enabled = true
    node_selector = {
      "node-role.kubernetes.io/control-plane" = ""
    }
    tolerations = [
      {
        key      = "CriticalAddonsOnly"
        operator = "Exists"
      },
      {
        key      = "node-role.kubernetes.io/control-plane"
        operator = "Exists"
      }
    ]
  }
}

Requirements

Name Version
terraform >= 1.9, < 2.0
aws >= 5.27
helm ~> 3.0
kubernetes ~> 3.0

Providers

Name Version
kubernetes ~> 3.0

Modules

Name Source Version
cert_manager ./modules/cert-manager n/a
external_secrets ./modules/external-secrets n/a
fluent-bit ./modules/fluent-bit n/a
grafana_alloy_cluster cookielab/grafana-alloy/kubernetes//modules/cluster v0.0.6
grafana_alloy_loki cookielab/grafana-alloy/kubernetes//modules/loki-logs v0.0.6
grafana_alloy_node cookielab/grafana-alloy/kubernetes//modules/node v0.0.6
karpenter ./modules/karpenter n/a
keda ./modules/keda n/a
kyverno ./modules/kyverno n/a
metrics_server ./modules/metrics-server n/a
vpa ./modules/vpa n/a

Resources

Name Type
kubernetes_namespace_v1.this resource

Inputs

Name Description Type Default Required
cert_manager cert manager configuration 
object({
    enabled       = optional(bool, false)
    node_selector = optional(map(string), null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), null)
    resources = optional(object({
      cert_manager = optional(object({
        replicas = optional(number, 1)
        limits = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
        requests = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
      }), {})
      cainjector = optional(object({
        replicas = optional(number, 1)
        limits = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
        requests = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
      }), {})
      webhook = optional(object({
        replicas = optional(number, 1)
        limits = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
        requests = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
      }), {})
    }), {})
  })
 {} no
cluster_name name of the EKS cluster string n/a yes
external_secrets external secrets configuration 
object({
    enabled       = optional(bool, true)
    repository    = optional(string, "oci.external-secrets.io/external-secrets/external-secrets")
    node_selector = optional(map(string), null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), null)
    resources = optional(object({
      replicas = optional(number, 1)
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
      requests = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
    }), {})
    webhook = optional(object({
      replicas = optional(number, 1)
      resources = optional(object({
        limits = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
        requests = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
      }), {})
    }), {})
    certController = optional(object({
      replicas = optional(number, 1)
      resources = optional(object({
        limits = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
        requests = optional(object({
          cpu    = optional(string)
          memory = optional(string)
        }), {})
      }), {})
    }), {})
  })
 {} no
fluent_bit fluent bit configuration 
object({
    enabled      = optional(bool, false)
    logs_storage = optional(string, "loki")
    loki = optional(object({
      tenant_id         = optional(string, null)
      logs_endpoint_url = optional(string, null)
      basic_auth = optional(object({
        enabled  = optional(bool, false)
        username = optional(string, null)
        password = optional(string, null)
      }), {})
      bearer_token = optional(object({
        enabled = optional(bool, false)
        token   = optional(string, null)
      }), {})
    }), {})
    elasticsearch = optional(object({
      auth = optional(object({
        enabled  = optional(bool, false)
        username = optional(string, null)
        password = optional(string, null)
      }), {})
    }), {})
    use_defaults = optional(object({
      outputs = optional(bool, true)
      filters = optional(bool, true)
      inputs  = optional(bool, true)
    }), {})
    logs_custom = optional(object({
      outputs = optional(map(string), {})
      filters = optional(map(string), {})
      inputs  = optional(map(string), {})
    }), {})
    logs_endpoint_url = optional(string, null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = string
      effect   = string
    })), [])
    node_selector   = optional(map(string), {})
    labels          = optional(map(string), {})
    pod_annotations = optional(map(string), {})
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
      requests = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
    }), {})
  })
 {} no
grafana_alloy grafana alloy configuration 
object({
    image = optional(object({
      repository = optional(string, "grafana/alloy")
    }), {})
    metrics = optional(object({
      endpoint    = optional(string, null)
      tenant      = optional(string, null)
      ssl_enabled = optional(bool, false)
      tenant_id   = optional(string, null)
    }), {})
    cluster = optional(object({
      enabled  = optional(bool, true)
      replicas = optional(number, 3)
      requests = optional(object({
        cpu    = optional(string, "100m")
        memory = optional(string, "256Mi")
      }), {})
      limits = optional(object({
        cpu    = optional(string, "100m")
        memory = optional(string, "256Mi")
      }), {})

    }), {})
    node = optional(object({
      enabled = optional(bool, true)
      requests = optional(object({
        cpu    = optional(string, "100m")
        memory = optional(string, "128Mi")
      }), {})
      limits = optional(object({
        cpu    = optional(string, "100m")
        memory = optional(string, "256Mi")
      }), {})
    }), {})
    loki = optional(object({
      enabled                = optional(bool, false)
      url                    = optional(string, null)
      tenant_id              = optional(string, "default")
      username               = optional(string, "")
      password               = optional(string, "")
      scrape_pods_global     = optional(bool, true)
      scrape_pods_annotation = optional(string, "")
      clustering_enabled     = optional(bool, false)
      scrape_logs_method     = optional(string, "api")
      replicas               = optional(number, 1)
    }), {})
    aws = optional(object({
      account = optional(string, "")
      region  = optional(string, "")
    }), {})
  })
 {} no
karpenter karperter configuration 
object({
    enabled       = optional(bool, true)
    repository    = optional(string, "public.ecr.aws/karpenter/controller")
    node_selector = optional(map(string), null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), null)
    replicas                   = optional(number, 2)
    tag_key                    = optional(string, "eks:eks-cluster-name")
    enable_disruption          = optional(bool, true)
    batch_max_duration         = optional(string, "10s")
    batch_idle_duration        = optional(string, "1s")
    spot_to_spot_consolidation = optional(bool, false)
    pod_annotations            = optional(map(string), {})
    node_role_arn              = optional(string, null)
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string, "10")
        memory = optional(string, "300Mi")
      }), {})
      requests = optional(object({
        cpu    = optional(string, "300m")
        memory = optional(string, "256Mi")
      }), {})
    }), {})
  })
 {} no
keda Keda configuration 
object({
    enabled                 = optional(bool, false)
    repository              = optional(string, "https://kedacore.github.io/charts")
    namespace               = optional(string, "cluster-apps")
    replicas                = optional(number, 1)
    webhooks_replicas       = optional(number, 1)
    metrics_server_replicas = optional(number, 1)
    log_level               = optional(string, "info")
    metrics_server          = optional(bool, true)
    node_selector           = optional(map(string), {})
    role_arn                = optional(string, null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), [])
    pod_annotations = optional(map(string), {})
    resources = optional(object({
      operator = optional(object({
        limits = optional(object({
          cpu    = optional(string, "1")
          memory = optional(string, "1000Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "100m")
          memory = optional(string, "100Mi")
        }), {})
        }), {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      })
      metricServer = optional(object({
        limits = optional(object({
          cpu    = optional(string, "1")
          memory = optional(string, "1000Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "100m")
          memory = optional(string, "100Mi")
        }), {})
        }), {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      })
      webhooks = optional(object({
        limits = optional(object({
          cpu    = optional(string, "1")
          memory = optional(string, "1000Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "100m")
          memory = optional(string, "100Mi")
        }), {})
        }), {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      })
      }), {
      operator = {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      }
      metricServer = {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      }
      webhooks = {
        limits   = { cpu = "1", memory = "1000Mi" }
        requests = { cpu = "100m", memory = "100Mi" }
      }
    })
    pod_disruption_budget = optional(object({
      operator = optional(object({
        enabled        = optional(bool, false)
        minAvailable   = optional(string, null)
        maxUnavailable = optional(string, "1")
      }), {})
      metricServer = optional(object({
        enabled        = optional(bool, false)
        minAvailable   = optional(string, null)
        maxUnavailable = optional(string, "1")
      }), {})
      webhooks = optional(object({
        enabled        = optional(bool, false)
        minAvailable   = optional(string, null)
        maxUnavailable = optional(string, "1")
      }), {})
    }), {})
  })
 {} no
kyverno kyverno configuration 
object({
    namespace           = optional(string, "kyverno")
    create_namespace    = optional(bool, true)
    enabled             = optional(bool, false)
    registry            = optional(string, "ghcr.io")
    docker_hub_registry = optional(string, "docker.io")
    node_selector       = optional(map(string), null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), null)
    admission_controller = optional(
      object(
        {
          replicas = optional(number, 2)
          container = optional(object(
            {
              resources = object({
                requests = object({
                  cpu    = optional(string, "300m")
                  memory = optional(string, "384Mi")
                }),
                limits = object({
                  memory = optional(string, "384Mi")
                })
              })
            }
            ),
            {
              resources = {
                requests = {
                  cpu    = "300m"
                  memory = "384Mi"
                }
                limits = {
                  memory = "384Mi"
                }
              }
            }
          )
        }
      ),
      {
        replicas = 2
        container = {
          resources = {
            requests = {
              cpu    = "300m"
              memory = "384Mi"
            }
            limits = {
              memory = "384Mi"
            }
          }
        }
      }
    )
  })
 {} no
metrics_server metrics server configuration 
object({
    enabled       = optional(bool, true)
    repository    = optional(string, "registry.k8s.io/metrics-server/metrics-server")
    replicas      = optional(number, 1)
    node_selector = optional(map(string), null)
    tolerations = optional(list(object({
      key      = string
      operator = string
      value    = optional(string, null)
      effect   = optional(string, null)
    })), null)
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
      requests = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }), {})
    }), {})
  })
 {} no
namespace value of the namespace to deploy cluster apps 
object({
    name   = string
    create = bool
  })
 
{
  "create": true,
  "name": "cluster-apps"
}
 no
node_selector node selector to deploy cluster apps map(string) 
{
  "node.kubernetes.io/pool": "critical"
}
 no
tolerations tolerations to deploy cluster apps 
list(object({
    key      = string
    operator = string
    value    = optional(string, null)
    effect   = optional(string, null)
  }))
 
[
  {
    "effect": "NoSchedule",
    "key": "CriticalAddonsOnly",
    "operator": "Exists"
  }
]
 no
vpa vpa configuration 
object({
    enabled      = optional(bool, false)
    release_name = optional(string, "vpa")
    crds = optional(object({
      enabled = optional(bool, true)
    }), {})
    recommender = optional(object({
      enabled                 = optional(bool, true)
      replica_count           = optional(number, 1)
      service_account_enabled = optional(bool, true)
      resources = optional(object({
        limits = optional(object({
          cpu    = optional(string, "200m")
          memory = optional(string, "200Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "10m")
          memory = optional(string, "70Mi")
        }), {})
      }), {})
    }), {})
    updater = optional(object({
      enabled                 = optional(bool, true)
      replica_count           = optional(number, 1)
      service_account_enabled = optional(bool, true)
      resources = optional(object({
        limits = optional(object({
          cpu    = optional(string, "200m")
          memory = optional(string, "200Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "10m")
          memory = optional(string, "70Mi")
        }), {})
      }), {})
    }), {})
    admissionController = optional(object({
      enabled                 = optional(bool, true)
      replica_count           = optional(number, 1)
      service_account_enabled = optional(bool, true)
      resources = optional(object({
        limits = optional(object({
          cpu    = optional(string, "200m")
          memory = optional(string, "200Mi")
        }), {})
        requests = optional(object({
          cpu    = optional(string, "10m")
          memory = optional(string, "50Mi")
        }), {})
      }), {})
    }), {})
  })
 {} no

Outputs

Name Description
namespace n/a

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases 25

3.5.0 Latest
Apr 7, 2026
+ 24 releases

Packages

 
 
 

Contributors

Languages