From 5efa16bca83f54c4c593e79c7f8cd56fcbdd55a7 Mon Sep 17 00:00:00 2001 From: Apoorva Kulkarni Date: Wed, 5 Apr 2023 16:18:47 -0700 Subject: [PATCH 1/3] fix: csi secrets provider namespace issue due to deprecation --- .../csi-secrets-store-provider-aws/main.tf | 25 ++++++++++++++----- .../secrets-store-csi-driver/locals.tf | 4 +-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf index 3af5f29910..8001399c88 100644 --- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf +++ b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf @@ -1,9 +1,17 @@ locals { - name = try(var.helm_config.name, "csi-secrets-store-provider-aws") + name = try(var.helm_config.name, "secrets-store-csi-driver-provider-aws") namespace = try(var.helm_config.namespace, "kube-system") } +module "secrets_store_csi_driver" { + source = "../secrets-store-csi-driver" + + addon_context = var.addon_context +} + resource "kubernetes_namespace_v1" "csi_secrets_store_provider_aws" { + count = local.namespace == "kube-system" ? 0 : 1 + metadata { name = local.namespace } @@ -12,19 +20,24 @@ resource "kubernetes_namespace_v1" "csi_secrets_store_provider_aws" { module "helm_addon" { source = "../helm-addon" - # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml + # https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/charts/secrets-store-csi-driver-provider-aws/Chart.yaml helm_config = merge( { name = local.name chart = local.name - repository = "https://aws.github.io/eks-charts" - version = "0.0.3" - namespace = kubernetes_namespace_v1.csi_secrets_store_provider_aws.metadata[0].name - description = "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster." + repository = "https://aws.github.io/secrets-store-csi-driver-provider-aws" + version = "0.3.2" + namespace = local.namespace + description = "A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver." }, var.helm_config ) manage_via_gitops = var.manage_via_gitops addon_context = var.addon_context + + depends_on = [ + kubernetes_namespace_v1.csi_secrets_store_provider_aws, + module.secrets_store_csi_driver + ] } diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf b/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf index fe7b6a6771..e1fc7ea07c 100644 --- a/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf +++ b/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf @@ -3,10 +3,10 @@ locals { # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml default_helm_config = { - name = local.name + name = "csi-secrets-store" chart = local.name repository = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" - version = "1.2.4" + version = "1.3.1" namespace = local.name description = "A Helm chart to install the Secrets Store CSI Driver" } From a02f353d688c91339438e352225d450b150e1864 Mon Sep 17 00:00:00 2001 From: Apoorva Kulkarni Date: Wed, 5 Apr 2023 16:51:14 -0700 Subject: [PATCH 2/3] defer namespace creation to helm provider --- .../csi-secrets-store-provider-aws/main.tf | 22 ++++++------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf index 8001399c88..1b56bbb23f 100644 --- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf +++ b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf @@ -9,26 +9,19 @@ module "secrets_store_csi_driver" { addon_context = var.addon_context } -resource "kubernetes_namespace_v1" "csi_secrets_store_provider_aws" { - count = local.namespace == "kube-system" ? 0 : 1 - - metadata { - name = local.namespace - } -} - module "helm_addon" { source = "../helm-addon" # https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/charts/secrets-store-csi-driver-provider-aws/Chart.yaml helm_config = merge( { - name = local.name - chart = local.name - repository = "https://aws.github.io/secrets-store-csi-driver-provider-aws" - version = "0.3.2" - namespace = local.namespace - description = "A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver." + name = local.name + chart = local.name + repository = "https://aws.github.io/secrets-store-csi-driver-provider-aws" + version = "0.3.2" + namespace = local.namespace + create_namespace = local.namespace == "kube-system" ? false : true + description = "A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver." }, var.helm_config ) @@ -37,7 +30,6 @@ module "helm_addon" { addon_context = var.addon_context depends_on = [ - kubernetes_namespace_v1.csi_secrets_store_provider_aws, module.secrets_store_csi_driver ] } From 609513ab84446a9fccb880d679931486b1aafa2b Mon Sep 17 00:00:00 2001 From: Apoorva Kulkarni Date: Wed, 5 Apr 2023 16:55:18 -0700 Subject: [PATCH 3/3] remove dependencies --- .../csi-secrets-store-provider-aws/main.tf | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf index 1b56bbb23f..885ab7d50e 100644 --- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf +++ b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf @@ -3,12 +3,6 @@ locals { namespace = try(var.helm_config.namespace, "kube-system") } -module "secrets_store_csi_driver" { - source = "../secrets-store-csi-driver" - - addon_context = var.addon_context -} - module "helm_addon" { source = "../helm-addon" @@ -28,8 +22,4 @@ module "helm_addon" { manage_via_gitops = var.manage_via_gitops addon_context = var.addon_context - - depends_on = [ - module.secrets_store_csi_driver - ] }