add new addons

marcincuber · Jan 5, 2024 · 45060aa · 45060aa
1 parent bb91b59
commit 45060aa
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ Module creates:
 * VPC Endpoints- S3, ECR, STS, APS, GuardDuty
 * EKS Cluster
 * EKS Node Group to run cluster critical services
-* EKS Addons- coredns, kube-proxy, guardduty, aws-ebs-csi-driver, adot (requires cert-manger to be installed), kubecost and cloudwatch
+* EKS Addons- coredns, kube-proxy, guardduty, aws-ebs-csi-driver, adot (requires cert-manger to be installed), kubecost, cloudwatch observability, snapshot-controller and identity agent
 * IAM Roles for worker nodes and Karpenter nodes
 * Additional IAM Roles for operators- load-balancer-controller, external-dns, cert-manager, adot-collector
 * SQS queue configuration to be used with Karpeneter while utlising Spot Instances.

diff --git a/terraform/eks-addons.tf b/terraform/eks-addons.tf
@@ -139,3 +139,37 @@ resource "aws_eks_addon" "cloudwatch" {
     "eks_addon" = "amazon-cloudwatch-observability"
   }
 }
+
+resource "aws_eks_addon" "snapshot_controller" {
+  count = var.eks_addon_version_snapshot_controller != null ? 1 : 0
+
+  cluster_name  = aws_eks_cluster.cluster.name
+  addon_name    = "snapshot-controller"
+  addon_version = var.eks_addon_version_snapshot_controller
+
+  resolve_conflicts_on_create = "OVERWRITE"
+  resolve_conflicts_on_update = "OVERWRITE"
+
+  preserve = true
+
+  tags = {
+    "eks_addon" = "snapshot-controller"
+  }
+}
+
+resource "aws_eks_addon" "identity_agent" {
+  count = var.eks_addon_version_identity_agent != null ? 1 : 0
+
+  cluster_name  = aws_eks_cluster.cluster.name
+  addon_name    = "eks-pod-identity-agent"
+  addon_version = var.eks_addon_version_identity_agent
+
+  resolve_conflicts_on_create = "OVERWRITE"
+  resolve_conflicts_on_update = "OVERWRITE"
+
+  preserve = true
+
+  tags = {
+    "eks_addon" = "eks-pod-identity-agent"
+  }
+}
diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
@@ -8,17 +8,19 @@ azs                   = ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
 eks_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
 eks_service_ipv4_cidr = "10.190.0.0/16"
 
-instance_types = ["m6i.4xlarge"]
+instance_types = ["m7i.4xlarge"]
 
 eks_public_access_cidrs = [
   "0.0.0.0/0"
 ]
 
 eks_version = "1.28"
 
-eks_addon_version_kube_proxy     = "v1.28.2-eksbuild.2"
-eks_addon_version_core_dns       = "v1.10.1-eksbuild.5"
-eks_addon_version_ebs_csi_driver = "v1.25.0-eksbuild.1"
-eks_addon_version_kubecost       = "v1.103.3-eksbuild.0"
-eks_addon_version_guardduty      = "v1.3.1-eksbuild.1"
-eks_addon_version_cloudwatch     = "v1.1.1-eksbuild.1"
+eks_addon_version_kube_proxy          = "v1.28.4-eksbuild.1"
+eks_addon_version_core_dns            = "v1.10.1-eksbuild.5"
+eks_addon_version_ebs_csi_driver      = "v1.25.0-eksbuild.1"
+eks_addon_version_kubecost            = "v1.103.3-eksbuild.0"
+eks_addon_version_guardduty           = "v1.3.1-eksbuild.1"
+eks_addon_version_cloudwatch          = "v1.1.1-eksbuild.1"
+eks_addon_version_snapshot_controller = "v6.3.2-eksbuild.1"
+eks_addon_version_identity_agent      = "v1.0.0-eksbuild.1"
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -122,6 +122,18 @@ variable "eks_addon_version_cloudwatch" {
   default     = null
 }
 
+variable "eks_addon_version_snapshot_controller" {
+  type        = string
+  description = "CSI Snapshot Controller EKS addon version."
+  default     = null
+}
+
+variable "eks_addon_version_identity_agent" {
+  type        = string
+  description = "Pod Identity Agent EKS addon version."
+  default     = null
+}
+
 #####
 # EKS Default Managed Node Group 
 #####

diff --git a/terraform/versions.tf b/terraform/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.14"
+      version = ">= 5.31"
     }
 
     tls = {