Skip to content

SPHTech-Platform/terraform-aws-secrets-store-csi

BranchesTags

Repository files navigation

Terraform Modules Template

Requirements

Name Version
terraform >= 1.0
helm >= 2.5

Providers

Name Version
helm 2.10.1

Modules

Name Source Version
secrets_manager_role terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks ~> 4.21.1

Resources

Name Type
helm_release.ascp resource
helm_release.release resource

Inputs

Name Description Type Default Required
affinity Affinity for Secrets Store CSI Driver pods. Prevents the CSI driver from being scheduled on virtual-kubelet nodes by default map(any) 
{
  "nodeAffinity": {
    "requiredDuringSchedulingIgnoredDuringExecution": {
      "nodeSelectorTerms": [
        {
          "matchExpressions": [
            {
              "key": "type",
              "operator": "NotIn",
              "values": [
                "virtual-kubelet"
              ]
            }
          ]
        }
      ]
    }
  }
}
 no
ascp_chart_name Name of ASCP chart string "csi-secrets-store-provider-aws" no
ascp_chart_namespace Namespace to install the ASCP chart into string "secrets-store-csi-system" no
ascp_chart_repository Helm repository for the ASCP chart string "https://aws.github.io/eks-charts" no
ascp_chart_timeout Timeout to wait for the ASCP chart to be deployed. number 300 no
ascp_chart_version Version of ASCP chart to install. Set to empty to install the latest version string "0.0.3" no
ascp_image_registry Image registry of the ASCP string "public.ecr.aws" no
ascp_image_repository Image repository of the ASCP string "aws-secrets-manager/secrets-store-csi-driver-provider-aws" no
ascp_image_tag Image tag of the ASCP string "1.0.r2-6-gee95299-2022.04.14.21.07" no
ascp_node_selector Node selector for ASCP pods map(any) {} no
ascp_pod_annotations Annotations for ASCP pods map(any) {} no
ascp_pod_labels Labels for ASCP pods map(any) {} no
ascp_priority_class_name Priority class name for ASCP pods string "system-node-critical" no
ascp_release_name ASCP helm release name string "csi-secrets-store-provider-aws" no
ascp_resources ASCP container rsources map(any) 
{
  "limits": {
    "cpu": "50m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "50m",
    "memory": "100Mi"
  }
}
 no
ascp_tolerations Tolerations for ASCP pods list(map(string)) [] no
chart_name Helm chart name to provision string "secrets-store-csi-driver" no
chart_namespace Namespace to install the chart into string "secrets-store-csi-system" no
chart_repository Helm repository for the chart string "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" no
chart_timeout Timeout to wait for the Chart to be deployed. number 300 no
chart_version Version of Chart to install. Set to empty to install the latest version string "1.2.2" no
cluster_name Name of Kubernetes Cluster string n/a yes
create_default_irsa Create default IRSA for service account bool true no
create_namespace Create the namespace if it does not exist bool true no
enableSecretRotation Enable rotation for secrets bool false no
external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no
iam_role_name Name of IAM role for controller string "" no
image_repository Image repository for the Driver string "registry.k8s.io/csi-secrets-store/driver" no
image_repository_crds Image repository for the CRDs string "registry.k8s.io/csi-secrets-store/driver-crds" no
image_repository_liveness Image repository for the Liveness Probe string "registry.k8s.io/sig-storage/livenessprobe" no
image_repository_registrar Image repository for the Registrar string "registry.k8s.io/sig-storage/csi-node-driver-registrar" no
image_tag Image tag for the Driver and CRDs string "v1.2.2" no
image_tag_liveness Image tag fo the LivenessProbe string "v2.7.0" no
image_tag_registrar Image tag string "v2.5.1" no
max_history Max History for Helm number 20 no
namespace Kubernetes namespace, where the service account want to create string "default" no
node_selector Node selector for Secrets Store CSI Driver pods map(any) {} no
oidc_provider_arn OIDC Provider ARN for IRSA string n/a yes
pod_annotations Annotations for Secrets Store CSI Driver pods map(any) {} no
pod_labels Labels for Secrets Store CSI Driver pods map(any) {} no
release_name Helm release name string "secrets-store-csi-driver" no
resources_driver Driver Resources map(any) 
{
  "limits": {
    "cpu": "200m",
    "memory": "200Mi"
  },
  "requests": {
    "cpu": "50m",
    "memory": "200Mi"
  }
}
 no
resources_liveness Liveness Probe Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "10m",
    "memory": "100Mi"
  }
}
 no
resources_registrar Registrar Resources map(any) 
{
  "limits": {
    "cpu": "100m",
    "memory": "100Mi"
  },
  "requests": {
    "cpu": "10m",
    "memory": "100Mi"
  }
}
 no
service_account_name Name of service account to create. Not generated string "csi-secrets-store-provider-aws" no
syncSecretEnabled Sync with kubernetes secrets bool false no
tolerations Tolerations for Secrets Store CSI Driver pods list(map(string)) [] no

Outputs

Name Description
iam_role_arn ARN of IAM role
iam_role_name Name of IAM role
iam_role_path Path of IAM role
iam_role_unique_id Unique ID of IAM role

About

Module to install secrets-store csi driver and aws secrets-store provider

registry.terraform.io/modules/SPHTech-Platform/secrets-store-csi/aws/latest

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

2 forks
Report repository

Releases 9

v2.1.0 Latest
May 24, 2024
+ 8 releases

Packages

No packages published

Contributors 5

Languages