diff --git a/helm-charts/istio/README.md b/helm-charts/istio/README.md
deleted file mode 100644
index 50422eb0..00000000
--- a/helm-charts/istio/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-Istio doesn't have public accessible helm chart.
-You need to download istio-release from the official site and copy istio-operator helm chart here.
-
-```bash
-curl -L https://istio.io/downloadIstio | sh -
-cp -r istio-1.8.2/manifests/charts/istio-operator helm-charts/istio
-```
\ No newline at end of file
diff --git a/helm-charts/istio/istio-operator-resources/.helmignore b/helm-charts/istio/istio-operator-resources/.helmignore
deleted file mode 100644
index 0e8a0eb3..00000000
--- a/helm-charts/istio/istio-operator-resources/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/helm-charts/istio/istio-operator-resources/Chart.yaml b/helm-charts/istio/istio-operator-resources/Chart.yaml
deleted file mode 100644
index 92ba9a32..00000000
--- a/helm-charts/istio/istio-operator-resources/Chart.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v2
-name: istio-operator-resources
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.16.0
diff --git a/helm-charts/istio/istio-operator-resources/templates/isito-profile.yaml b/helm-charts/istio/istio-operator-resources/templates/isito-profile.yaml
deleted file mode 100644
index daf2a185..00000000
--- a/helm-charts/istio/istio-operator-resources/templates/isito-profile.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: install.istio.io/v1alpha1
-kind: IstioOperator
-metadata:
- name: istio-default-profile
-spec:
- profile: default
- {{- toYaml .Values.istioOperator | nindent 2 }}
diff --git a/helm-charts/istio/istio-operator-resources/values.yaml b/helm-charts/istio/istio-operator-resources/values.yaml
deleted file mode 100644
index e69de29b..00000000
diff --git a/helm-charts/istio/istio-operator/Chart.yaml b/helm-charts/istio/istio-operator/Chart.yaml
deleted file mode 100644
index 807caae8..00000000
--- a/helm-charts/istio/istio-operator/Chart.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-name: istio-operator
-version: 1.7.0
-tillerVersion: ">=2.7.2"
-description: Helm chart for deploying Istio operator
-keywords:
- - istio
- - operator
-sources:
- - https://github.com/istio/istio/tree/master/operator
-engine: gotpl
-icon: https://istio.io/latest/favicons/android-192x192.png
diff --git a/helm-charts/istio/istio-operator/crds/crd-operator.yaml b/helm-charts/istio/istio-operator/crds/crd-operator.yaml
deleted file mode 100644
index 6b85c37c..00000000
--- a/helm-charts/istio/istio-operator/crds/crd-operator.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-# SYNC WITH manifests/charts/base/files
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
- name: istiooperators.install.istio.io
-spec:
- group: install.istio.io
- names:
- kind: IstioOperator
- plural: istiooperators
- singular: istiooperator
- shortNames:
- - iop
- scope: Namespaced
- subresources:
- status: {}
- validation:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- spec:
- description: 'Specification of the desired state of the istio control plane resource.
- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- type: object
- status:
- description: 'Status describes each of istio control plane component status at the current time.
- 0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
- More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
- https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- type: object
- versions:
- - name: v1alpha1
- served: true
- storage: true
----
diff --git a/helm-charts/istio/istio-operator/files/gen-operator.yaml b/helm-charts/istio/istio-operator/files/gen-operator.yaml
deleted file mode 100644
index 6c8d618a..00000000
--- a/helm-charts/istio/istio-operator/files/gen-operator.yaml
+++ /dev/null
@@ -1,214 +0,0 @@
----
-# Source: istio-operator/templates/namespace.yaml
-apiVersion: v1
-kind: Namespace
-metadata:
- name: istio-operator
- labels:
- istio-operator-managed: Reconcile
- istio-injection: disabled
----
-# Source: istio-operator/templates/service_account.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- namespace: istio-operator
- name: istio-operator
----
-# Source: istio-operator/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- creationTimestamp: null
- name: istio-operator
-rules:
-# istio groups
-- apiGroups:
- - authentication.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - config.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - install.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - networking.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - security.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-# k8s groups
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - mutatingwebhookconfigurations
- - validatingwebhookconfigurations
- verbs:
- - '*'
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions.apiextensions.k8s.io
- - customresourcedefinitions
- verbs:
- - '*'
-- apiGroups:
- - apps
- - extensions
- resources:
- - daemonsets
- - deployments
- - deployments/finalizers
- - ingresses
- - replicasets
- - statefulsets
- verbs:
- - '*'
-- apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - '*'
-- apiGroups:
- - monitoring.coreos.com
- resources:
- - servicemonitors
- verbs:
- - get
- - create
- - update
-- apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
- verbs:
- - '*'
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterrolebindings
- - clusterroles
- - roles
- - rolebindings
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - events
- - namespaces
- - pods
- - pods/proxy
- - persistentvolumeclaims
- - secrets
- - services
- - serviceaccounts
- verbs:
- - '*'
----
-# Source: istio-operator/templates/clusterrole_binding.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: istio-operator
-subjects:
-- kind: ServiceAccount
- name: istio-operator
- namespace: istio-operator
-roleRef:
- kind: ClusterRole
- name: istio-operator
- apiGroup: rbac.authorization.k8s.io
----
-# Source: istio-operator/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- namespace: istio-operator
- labels:
- name: istio-operator
- name: istio-operator
-spec:
- ports:
- - name: http-metrics
- port: 8383
- targetPort: 8383
- protocol: TCP
- selector:
- name: istio-operator
----
-# Source: istio-operator/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: istio-operator
- name: istio-operator
-spec:
- replicas: 1
- selector:
- matchLabels:
- name: istio-operator
- template:
- metadata:
- labels:
- name: istio-operator
- spec:
- serviceAccountName: istio-operator
- containers:
- - name: istio-operator
- image: gcr.io/istio-testing/operator:1.8-dev
- command:
- - operator
- - server
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- readOnlyRootFilesystem: true
- runAsGroup: 1337
- runAsUser: 1337
- runAsNonRoot: true
- imagePullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 200m
- memory: 256Mi
- requests:
- cpu: 50m
- memory: 128Mi
- env:
- - name: WATCH_NAMESPACE
- value: "istio-system"
- - name: LEADER_ELECTION_NAMESPACE
- value: "istio-operator"
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: OPERATOR_NAME
- value: "istio-operator"
- - name: WAIT_FOR_RESOURCES_TIMEOUT
- value: "300s"
- - name: REVISION
- value: ""
diff --git a/helm-charts/istio/istio-operator/templates/clusterrole.yaml b/helm-charts/istio/istio-operator/templates/clusterrole.yaml
deleted file mode 100644
index ef92c5e5..00000000
--- a/helm-charts/istio/istio-operator/templates/clusterrole.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- creationTimestamp: null
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-rules:
-# istio groups
-- apiGroups:
- - authentication.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - config.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - install.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - networking.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - security.istio.io
- resources:
- - '*'
- verbs:
- - '*'
-# k8s groups
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - mutatingwebhookconfigurations
- - validatingwebhookconfigurations
- verbs:
- - '*'
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions.apiextensions.k8s.io
- - customresourcedefinitions
- verbs:
- - '*'
-- apiGroups:
- - apps
- - extensions
- resources:
- - daemonsets
- - deployments
- - deployments/finalizers
- - ingresses
- - replicasets
- - statefulsets
- verbs:
- - '*'
-- apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - '*'
-- apiGroups:
- - monitoring.coreos.com
- resources:
- - servicemonitors
- verbs:
- - get
- - create
- - update
-- apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
- verbs:
- - '*'
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterrolebindings
- - clusterroles
- - roles
- - rolebindings
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - events
- - namespaces
- - pods
- - pods/proxy
- - persistentvolumeclaims
- - secrets
- - services
- - serviceaccounts
- verbs:
- - '*'
----
diff --git a/helm-charts/istio/istio-operator/templates/clusterrole_binding.yaml b/helm-charts/istio/istio-operator/templates/clusterrole_binding.yaml
deleted file mode 100644
index 9b9df7da..00000000
--- a/helm-charts/istio/istio-operator/templates/clusterrole_binding.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-subjects:
-- kind: ServiceAccount
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
- namespace: {{.Values.operatorNamespace}}
-roleRef:
- kind: ClusterRole
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
- apiGroup: rbac.authorization.k8s.io
----
diff --git a/helm-charts/istio/istio-operator/templates/crds.yaml b/helm-charts/istio/istio-operator/templates/crds.yaml
deleted file mode 100644
index a3703650..00000000
--- a/helm-charts/istio/istio-operator/templates/crds.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-{{- if .Values.enableCRDTemplates -}}
-{{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}}
----
-{{ $.Files.Get $path }}
-{{- end -}}
-{{- end -}}
diff --git a/helm-charts/istio/istio-operator/templates/deployment.yaml b/helm-charts/istio/istio-operator/templates/deployment.yaml
deleted file mode 100644
index 1baaa8df..00000000
--- a/helm-charts/istio/istio-operator/templates/deployment.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: {{.Values.operatorNamespace}}
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-spec:
- replicas: 1
- selector:
- matchLabels:
- name: istio-operator
- template:
- metadata:
- labels:
- name: istio-operator
- spec:
- serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
- containers:
- - name: istio-operator
- image: {{.Values.hub}}/operator:{{.Values.tag}}
- command:
- - operator
- - server
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- readOnlyRootFilesystem: true
- runAsGroup: 1337
- runAsUser: 1337
- runAsNonRoot: true
- imagePullPolicy: IfNotPresent
- resources:
-{{ toYaml .Values.operator.resources | trim | indent 12 }}
- env:
- - name: WATCH_NAMESPACE
- value: {{.Values.watchedNamespaces | quote}}
- - name: LEADER_ELECTION_NAMESPACE
- value: {{.Values.operatorNamespace | quote}}
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: OPERATOR_NAME
- value: {{.Values.operatorNamespace | quote}}
- - name: WAIT_FOR_RESOURCES_TIMEOUT
- value: {{.Values.waitForResourcesTimeout | quote}}
- - name: REVISION
- value: {{.Values.revision | quote}}
----
diff --git a/helm-charts/istio/istio-operator/templates/namespace.yaml b/helm-charts/istio/istio-operator/templates/namespace.yaml
deleted file mode 100644
index 31dc5aae..00000000
--- a/helm-charts/istio/istio-operator/templates/namespace.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: {{.Values.operatorNamespace}}
- labels:
- istio-operator-managed: Reconcile
- istio-injection: disabled
----
diff --git a/helm-charts/istio/istio-operator/templates/service.yaml b/helm-charts/istio/istio-operator/templates/service.yaml
deleted file mode 100644
index ab3ed570..00000000
--- a/helm-charts/istio/istio-operator/templates/service.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- namespace: {{.Values.operatorNamespace}}
- labels:
- name: istio-operator
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
-spec:
- ports:
- - name: http-metrics
- port: 8383
- targetPort: 8383
- protocol: TCP
- selector:
- name: istio-operator
----
diff --git a/helm-charts/istio/istio-operator/templates/service_account.yaml b/helm-charts/istio/istio-operator/templates/service_account.yaml
deleted file mode 100644
index cb708eee..00000000
--- a/helm-charts/istio/istio-operator/templates/service_account.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- namespace: {{.Values.operatorNamespace}}
- name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
----
diff --git a/helm-charts/istio/istio-operator/values.yaml b/helm-charts/istio/istio-operator/values.yaml
deleted file mode 100644
index bd2568a8..00000000
--- a/helm-charts/istio/istio-operator/values.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-hub: gcr.io/istio-testing
-tag: latest
-
-operatorNamespace: istio-operator
-
-# Used to replace istioNamespace to support operator watch multiple namespaces.
-watchedNamespaces: istio-system
-waitForResourcesTimeout: 300s
-
-# Used for helm2 to add the CRDs to templates.
-enableCRDTemplates: false
-
-# revision for the operator resources
-revision: ""
-
-# Operator resource defaults
-operator:
- resources:
- limits:
- cpu: 200m
- memory: 256Mi
- requests:
- cpu: 50m
- memory: 128Mi
diff --git a/helm-charts/istio/istio-resources/.helmignore b/helm-charts/istio/istio-resources/.helmignore
deleted file mode 100644
index 0e8a0eb3..00000000
--- a/helm-charts/istio/istio-resources/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/helm-charts/istio/istio-resources/Chart.yaml b/helm-charts/istio/istio-resources/Chart.yaml
deleted file mode 100644
index 3ad63ca9..00000000
--- a/helm-charts/istio/istio-resources/Chart.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v2
-name: istio-resources
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.16.0
diff --git a/helm-charts/istio/istio-resources/templates/gateway.yaml b/helm-charts/istio/istio-resources/templates/gateway.yaml
deleted file mode 100644
index f23c1983..00000000
--- a/helm-charts/istio/istio-resources/templates/gateway.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
- name: ingress-gateway
-spec:
- selector:
- istio: ingressgateway
- servers:
- {{- toYaml .Values.ingressGateway.servers | nindent 2 }}
diff --git a/helm-charts/istio/istio-resources/templates/servicemonitor-controlplane.yaml b/helm-charts/istio/istio-resources/templates/servicemonitor-controlplane.yaml
deleted file mode 100644
index b7595648..00000000
--- a/helm-charts/istio/istio-resources/templates/servicemonitor-controlplane.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: istio-controlplane
- labels:
- release: kube-prometheus-stack
-spec:
- jobLabel: istio
- selector:
- matchExpressions:
- - {key: istio, operator: In, values: [mixer,pilot,galley,citadel,sidecar-injector]}
- namespaceSelector:
- any: true
- endpoints:
- - port: http-monitoring
- interval: 15s
- - port: http-policy-monitoring
- interval: 15s
diff --git a/helm-charts/istio/istio-resources/templates/servicemonitor-dataplane.yaml b/helm-charts/istio/istio-resources/templates/servicemonitor-dataplane.yaml
deleted file mode 100644
index ba9f241b..00000000
--- a/helm-charts/istio/istio-resources/templates/servicemonitor-dataplane.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: istio-dataplane
- labels:
- monitoring: istio-dataplane
- release: kube-prometheus-stack
-spec:
- selector:
- matchExpressions:
- - {key: istio-prometheus-ignore, operator: DoesNotExist}
- namespaceSelector:
- any: true
- jobLabel: envoy-stats
- endpoints:
- - path: /stats/prometheus
- targetPort: http-envoy-prom
- interval: 15s
- relabelings:
- - sourceLabels: [__meta_kubernetes_pod_container_port_name]
- action: keep
- regex: '.*-envoy-prom'
- - action: labelmap
- regex: "__meta_kubernetes_pod_label_(.+)"
- - sourceLabels: [__meta_kubernetes_namespace]
- action: replace
- targetLabel: namespace
- - sourceLabels: [__meta_kubernetes_pod_name]
- action: replace
- targetLabel: pod_name
diff --git a/helm-charts/istio/istio-resources/values.yaml b/helm-charts/istio/istio-resources/values.yaml
deleted file mode 100644
index e69de29b..00000000
diff --git a/terraform/layer1-aws/README.md b/terraform/layer1-aws/README.md
index 36d93dec..53f41f30 100644
--- a/terraform/layer1-aws/README.md
+++ b/terraform/layer1-aws/README.md
@@ -1,5 +1,114 @@
## Requirements
+| Name | Version |
+| ---------------------------------------------------------------------------- | ------- |
+| [terraform](#requirement\_terraform) | 1.0.10 |
+| [aws](#requirement\_aws) | 3.64.2 |
+| [kubernetes](#requirement\_kubernetes) | 2.6.1 |
+
+## Providers
+
+| Name | Version |
+| ------------------------------------------------- | ------- |
+| [aws](#provider\_aws) | 3.64.2 |
+
+## Modules
+
+| Name | Source | Version |
+| ------------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | ------- |
+| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 3.2.0 |
+| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 17.23.0 |
+| [pritunl](#module\_pritunl) | ../modules/aws-ec2-pritunl | n/a |
+| [r53\_zone](#module\_r53\_zone) | terraform-aws-modules/route53/aws//modules/zones | 2.3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.11.0 |
+| [vpc\_gateway\_endpoints](#module\_vpc\_gateway\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 3.11.0 |
+
+## Resources
+
+| Name | Type |
+| --------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| [aws_ebs_encryption_by_default.this](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/ebs_encryption_by_default) | resource |
+| [aws_eks_addon.coredns](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
+| [aws_eks_addon.kube_proxy](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
+| [aws_eks_addon.vpc_cni](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
+| [aws_kms_key.eks](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/kms_key) | resource |
+| [aws_acm_certificate.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/acm_certificate) | data source |
+| [aws_ami.bottlerocket_ami](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/ami) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_route53_zone.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/route53_zone) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/security_group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: |
+| [addon\_coredns\_version](#input\_addon\_coredns\_version) | The version of coredns add-on | `string` | `"v1.8.3-eksbuild.1"` | no |
+| [addon\_create\_coredns](#input\_addon\_create\_coredns) | Enable coredns add-on or not | `bool` | `true` | no |
+| [addon\_create\_kube\_proxy](#input\_addon\_create\_kube\_proxy) | Enable kube-proxy add-on or not | `bool` | `true` | no |
+| [addon\_create\_vpc\_cni](#input\_addon\_create\_vpc\_cni) | Enable vpc-cni add-on or not | `bool` | `true` | no |
+| [addon\_kube\_proxy\_version](#input\_addon\_kube\_proxy\_version) | The version of kube-proxy add-on | `string` | `"v1.20.4-eksbuild.2"` | no |
+| [addon\_vpc\_cni\_version](#input\_addon\_vpc\_cni\_version) | The version of vpc-cni add-on | `string` | `"v1.9.1-eksbuild.1"` | no |
+| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
+| [allowed\_ips](#input\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
+| [az\_count](#input\_az\_count) | Count of avaiablity zones, min 2 | `number` | `3` | no |
+| [cidr](#input\_cidr) | Default CIDR block for VPC | `string` | `"10.0.0.0/16"` | no |
+| [create\_acm\_certificate](#input\_create\_acm\_certificate) | Whether to create acm certificate or use existing | `bool` | `false` | no |
+| [create\_r53\_zone](#input\_create\_r53\_zone) | Create R53 zone for main public domain | `bool` | `false` | no |
+| [domain\_name](#input\_domain\_name) | Main public domain name | `any` | n/a | yes |
+| [eks\_cluster\_enabled\_log\_types](#input\_eks\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler | `list(string)` | [
"audit"
]
| no |
+| [eks\_cluster\_encryption\_config\_enable](#input\_eks\_cluster\_encryption\_config\_enable) | Enable or not encryption for k8s secrets with aws-kms | `bool` | `false` | no |
+| [eks\_cluster\_log\_retention\_in\_days](#input\_eks\_cluster\_log\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no |
+| [eks\_cluster\_version](#input\_eks\_cluster\_version) | Version of the EKS K8S cluster | `string` | `"1.21"` | no |
+| [eks\_map\_roles](#input\_eks\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | list(object({
rolearn = string
username = string
groups = list(string)
})) | `[]` | no |
+| [eks\_workers\_additional\_policies](#input\_eks\_workers\_additional\_policies) | Additional IAM policy attached to EKS worker nodes | `list(any)` | [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
]
| no |
+| [eks\_write\_kubeconfig](#input\_eks\_write\_kubeconfig) | Flag for eks module to write kubeconfig | `bool` | `false` | no |
+| [environment](#input\_environment) | Env name in case workspace wasn't used | `string` | `"demo"` | no |
+| [name](#input\_name) | Project name, required to create unique resource names | `any` | n/a | yes |
+| [node\_group\_br](#input\_node\_group\_br) | Bottlerocket node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [node\_group\_ci](#input\_node\_group\_ci) | CI node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [node\_group\_ondemand](#input\_node\_group\_ondemand) | Default ondemand node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "ON_DEMAND",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium"
],
"max_capacity": 5,
"min_capacity": 1
} | no |
+| [node\_group\_spot](#input\_node\_group\_spot) | Spot node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [pritunl\_vpn\_server\_enable](#input\_pritunl\_vpn\_server\_enable) | Indicates whether or not the Pritunl VPN server is deployed. | `bool` | `false` | no |
+| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
+| [short\_region](#input\_short\_region) | The abbreviated name of the region, required to form unique resource names | `map` | {
"ap-east-1": "ape1",
"ap-northeast-1": "apn1",
"ap-northeast-2": "apn2",
"ap-south-1": "aps1",
"ap-southeast-1": "apse1",
"ap-southeast-2": "apse2",
"ca-central-1": "cac1",
"cn-north-1": "cnn1",
"cn-northwest-1": "cnnw1",
"eu-central-1": "euc1",
"eu-north-1": "eun1",
"eu-west-1": "euw1",
"eu-west-2": "euw2",
"eu-west-3": "euw3",
"sa-east-1": "sae1",
"us-east-1": "use1",
"us-east-2": "use2",
"us-gov-east-1": "usge1",
"us-gov-west-1": "usgw1",
"us-west-1": "usw1",
"us-west-2": "usw2"
} | no |
+| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Flag to create single nat gateway for all AZs | `bool` | `true` | no |
+| [zone\_id](#input\_zone\_id) | R53 zone id for public domain | `any` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+| ----------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
+| [allowed\_ips](#output\_allowed\_ips) | List of allowed ip's, used for direct ssh access to instances. |
+| [az\_count](#output\_az\_count) | Count of avaiablity zones, min 2 |
+| [domain\_name](#output\_domain\_name) | Domain name |
+| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for EKS control plane. |
+| [eks\_cluster\_id](#output\_eks\_cluster\_id) | n/a |
+| [eks\_cluster\_security\_group\_id](#output\_eks\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. |
+| [eks\_config\_map\_aws\_auth](#output\_eks\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. |
+| [eks\_kubectl\_config](#output\_eks\_kubectl\_config) | kubectl config as generated by the module. |
+| [eks\_kubectl\_console\_config](#output\_eks\_kubectl\_console\_config) | description |
+| [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | ARN of EKS oidc provider |
+| [env](#output\_env) | Suffix for the hostname depending on workspace |
+| [name](#output\_name) | Project name, required to form unique resource names |
+| [name\_wo\_region](#output\_name\_wo\_region) | Project name, required to form unique resource names without short region |
+| [region](#output\_region) | Target region for all infrastructure resources |
+| [route53\_zone\_id](#output\_route53\_zone\_id) | ID of domain zone |
+| [short\_region](#output\_short\_region) | The abbreviated name of the region, required to form unique resource names |
+| [ssl\_certificate\_arn](#output\_ssl\_certificate\_arn) | ARN of SSL certificate |
+| [vpc\_cidr](#output\_vpc\_cidr) | CIDR block of infra VPC |
+| [vpc\_database\_subnets](#output\_vpc\_database\_subnets) | Database subnets of infra VPC |
+| [vpc\_id](#output\_vpc\_id) | ID of infra VPC |
+| [vpc\_intra\_subnets](#output\_vpc\_intra\_subnets) | Private intra subnets |
+| [vpc\_name](#output\_vpc\_name) | Name of infra VPC |
+| [vpc\_private\_subnets](#output\_vpc\_private\_subnets) | Private subnets of infra VPC |
+| [vpc\_public\_subnets](#output\_vpc\_public\_subnets) | Public subnets of infra VPC |
+
+
+## Requirements
+
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | 1.0.10 |
@@ -33,7 +142,6 @@
| [aws_eks_addon.vpc_cni](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
| [aws_kms_key.eks](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/kms_key) | resource |
| [aws_acm_certificate.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/acm_certificate) | data source |
-| [aws_ami.bottlerocket_ami](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/ami) | data source |
| [aws_availability_zones.available](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster) | data source |
@@ -105,3 +213,4 @@
| [vpc\_name](#output\_vpc\_name) | Name of infra VPC |
| [vpc\_private\_subnets](#output\_vpc\_private\_subnets) | Private subnets of infra VPC |
| [vpc\_public\_subnets](#output\_vpc\_public\_subnets) | Public subnets of infra VPC |
+
\ No newline at end of file
diff --git a/terraform/layer2-k8s/README.md b/terraform/layer2-k8s/README.md
index 80c6a2b3..5e0dcbcc 100644
--- a/terraform/layer2-k8s/README.md
+++ b/terraform/layer2-k8s/README.md
@@ -67,7 +67,6 @@
| [kubernetes](#provider\_kubernetes) | 2.6.1 |
| [random](#provider\_random) | 3.1.0 |
| [terraform](#provider\_terraform) | n/a |
-| [time](#provider\_time) | 0.7.2 |
## Modules
@@ -121,15 +120,16 @@
| [helm_release.external_secrets](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.gitlab_runner](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.ingress_nginx](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.istio_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.istio_operator_resources](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.istio_resources](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.istio_base](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.istiod](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.kedacore](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.kiali](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.loki_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.prometheus_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.reloader](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
| [helm_release.victoria_metrics_k8s_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [kubectl_manifest.istio_prometheus_service_monitor_cp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
+| [kubectl_manifest.istio_prometheus_service_monitor_dp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
| [kubectl_manifest.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
| [kubernetes_secret.elasticsearch_certificates](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
| [kubernetes_secret.elasticsearch_credentials](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
@@ -141,7 +141,6 @@
| [random_string.kibana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [random_string.kube_prometheus_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [random_string.victoria_metrics_k8s_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [time_sleep.wait_10_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/caller_identity) | data source |
| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster) | data source |
| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster_auth) | data source |
diff --git a/terraform/layer2-k8s/eks-istio.tf b/terraform/layer2-k8s/eks-istio.tf
index 239bc360..c5c2a856 100644
--- a/terraform/layer2-k8s/eks-istio.tf
+++ b/terraform/layer2-k8s/eks-istio.tf
@@ -1,27 +1,11 @@
locals {
- istio_operator = {
- name = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].id
- enabled = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].enabled
- chart = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].chart
- repository = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].repository
- chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].chart_version
- namespace = local.helm_releases[index(local.helm_releases.*.id, "istio-operator")].namespace
- }
- istio_operator_resources = {
- name = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].id
- enabled = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].enabled
- chart = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].chart
- repository = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].repository
- chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].chart_version
- namespace = local.helm_releases[index(local.helm_releases.*.id, "istio-operator-resources")].namespace
- }
- istio_resources = {
- name = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].id
- enabled = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].enabled
- chart = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].chart
- repository = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].repository
- chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].chart_version
- namespace = local.helm_releases[index(local.helm_releases.*.id, "istio-resources")].namespace
+ istio = {
+ name = local.helm_releases[index(local.helm_releases.*.id, "istio")].id
+ enabled = local.helm_releases[index(local.helm_releases.*.id, "istio")].enabled
+ chart = local.helm_releases[index(local.helm_releases.*.id, "istio")].chart
+ repository = local.helm_releases[index(local.helm_releases.*.id, "istio")].repository
+ chart_version = local.helm_releases[index(local.helm_releases.*.id, "istio")].chart_version
+ namespace = local.helm_releases[index(local.helm_releases.*.id, "istio")].namespace
}
kiali_server = {
name = local.helm_releases[index(local.helm_releases.*.id, "kiali")].id
@@ -31,100 +15,242 @@ locals {
chart_version = local.helm_releases[index(local.helm_releases.*.id, "kiali")].chart_version
namespace = local.helm_releases[index(local.helm_releases.*.id, "kiali")].namespace
}
- istio_operator_values = <