A DevOps Stack module to deploy the External Secrets Operator and Reloader.
The charts used by this module is shipped in this repository as well, in order to avoid any unwanted behaviors caused by unsupported versions.
| Chart | Current Chart Version | Original Repository | Default Values |
|---|---|---|---|
External Secrets Operator |
0.10.0 |
||
Reloader |
1.0.119 |
This module can be declared by adding the following block on your Terraform configuration:
module "secrets" {
source = "git::https://github.com/camptocamp/devops-stack-module-secrets.git?ref=<RELEASE>"
cluster_name = local.cluster_name
base_domain = local.base_domain
argocd_project = local.cluster_name
dependency_ids = {
argocd = module.argocd.id
}
}The following requirements are needed by this module:
The following resources are used by this module:
-
argocd_application.this (resource)
-
argocd_project.this (resource)
-
null_resource.dependencies (resource)
-
null_resource.this (resource)
-
utils_deep_merge_yaml.values (data source)
The following input variables are optional (have default values):
Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
Type: string
Default: null
Description: Labels to attach to the Argo CD Application resource.
Type: map(string)
Default: {}
Description: Destination cluster where the application should be deployed.
Type: string
Default: "in-cluster"
Description: Override of target revision of the application chart.
Type: string
Default: "v1.0.0"
Description: Enable Prometheus ServiceMonitor in the Helm chart.
Type: bool
Default: true
Description: Helm chart value overrides. They should be passed as a list of HCL structures.
Type: any
Default: []
Description: A boolean flag to enable/disable appending lists instead of overwriting them.
Type: bool
Default: false
Description: Automated sync options for the Argo CD Application resource.
Type:
object({
allow_empty = optional(bool)
prune = optional(bool)
self_heal = optional(bool)
})Default:
{
"allow_empty": false,
"prune": true,
"self_heal": true
}Description: IDs of the other modules on which this module depends on.
Type: map(string)
Default: {}
Description: Resource limits and requests for External Secrets’s and Reloader’s components. Follow the style on official documentation to understand the format of the values.
|
Important
|
These are not production values. You should always adjust them to your needs. |
Type:
object({
external_secrets_operator = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "32Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "128Mi")
}), {})
}), {})
external_secrets_webhook = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "32Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "128Mi")
}), {})
}), {})
external_secrets_cert_controller = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "32Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "128Mi")
}), {})
}), {})
reloader = optional(object({
requests = optional(object({
cpu = optional(string, "10m")
memory = optional(string, "32Mi")
}), {})
limits = optional(object({
cpu = optional(string)
memory = optional(string, "128Mi")
}), {})
}), {})
})Default: {}
Description: Number of replicas for the External Secrets and Reloader components.
Type:
object({
external_secrets = number
reloader = number
})Default:
{
"external_secrets": 1,
"reloader": 1
}Description: Boolean to enable auto reloading for all resources.
In this case, all resources that do not have the auto annotation (or its typed version) set to "false", will be reloaded automatically when their ConfigMaps or Secrets are updated. Notice that setting the auto annotation to an undefined value counts as false as-well. " # TOD
Type: bool
Default: false
The following outputs are exported:
Description: ID to pass other modules in order to refer to this module as a dependency.
Show tables
= Requirements
| Name | Version |
|---|---|
>= 6 |
|
>= 3 |
|
>= 1 |
= Providers
| Name | Version |
|---|---|
>= 3 |
|
>= 6 |
|
>= 1 |
= Resources
| Name | Type |
|---|---|
resource |
|
resource |
|
resource |
|
resource |
|
data source |
= Inputs
| Name | Description | Type | Default | Required | ||
|---|---|---|---|---|---|---|
Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application. |
|
|
no |
|||
Labels to attach to the Argo CD Application resource. |
|
|
no |
|||
Destination cluster where the application should be deployed. |
|
|
no |
|||
Override of target revision of the application chart. |
|
|
no |
|||
Enable Prometheus ServiceMonitor in the Helm chart. |
|
|
no |
|||
Helm chart value overrides. They should be passed as a list of HCL structures. |
|
|
no |
|||
A boolean flag to enable/disable appending lists instead of overwriting them. |
|
|
no |
|||
Automated sync options for the Argo CD Application resource. |
|
|
no |
|||
IDs of the other modules on which this module depends on. |
|
|
no |
|||
Resource limits and requests for External Secrets’s and Reloader’s components. Follow the style on official documentation to understand the format of the values.
|
|
|
no |
|||
Number of replicas for the External Secrets and Reloader components. |
|
|
no |
|||
Boolean to enable auto reloading for all resources. In this case, all resources that do not have the auto annotation (or its typed version) set to "false", will be reloaded automatically when their ConfigMaps or Secrets are updated. Notice that setting the auto annotation to an undefined value counts as false as-well. " # TOD |
|
|
no |
= Outputs
| Name | Description |
|---|---|
ID to pass other modules in order to refer to this module as a dependency. |