squareops · rachit89 · Mar 13, 2024 · Mar 15, 2024 · Mar 20, 2024 · Mar 20, 2024
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -1,7 +1,25 @@
 locals {
-  region      = "us-east-2"
+  region      = "us-west-2"
   environment = "prod"
   name        = "addons"
+  velero_s3_bucket_lifecycle_rules = {
+    rule1 = {
+      id              = "rule1"
+      expiration_days = 120
+      filter_prefix   = "log/"
+      status          = "Enabled"
+      transitions = [
+        {
+          days          = 30
+          storage_class = "ONEZONE_IA"
+        },
+        {
+          days          = 90
+          storage_class = "DEEP_ARCHIVE"
+        }
+      ]
+    }
+  }
   additional_tags = {
     Owner      = "Organization_Name"
     Expires    = "Never"
@@ -13,30 +31,30 @@ locals {
 module "eks-addons" {
   source                                  = "squareops/eks-addons/aws"
   name                                    = local.name
-  vpc_id                                  = "vpc-abcd5245c2331xyz"
+  vpc_id                                  = "vpc-0727eb64ef19add68"
   environment                             = local.environment
   ipv6_enabled                            = local.ipv6_enabled
-  kms_key_arn                             = "arn:aws:kms:us-east-2:xxxxxxxxxx:key/mrk-abd9394bda5947cc864adc657d90386f"
+  kms_key_arn                             = "arn:aws:kms:us-west-2:654654551614:key/86ec1819-8531-442b-88ba-0e80a96a0d1d"
   keda_enabled                            = true
-  kms_policy_arn                          = "arn:aws:iam::xxxxxxxxxxxx:policy/policy_name" ## eks module will create kms_policy_arn
-  eks_cluster_name                        = "cluster_name"
+  kms_policy_arn                          = "arn:aws:iam::654654551614:policy/proddd-eks-kubernetes-pvc-kms-policy" ## eks module will create kms_policy_arn
+  eks_cluster_name                        = "proddd-eks"
   reloader_enabled                        = true
   kubernetes_dashboard_enabled            = true
   k8s_dashboard_hostname                  = "dashboard.prod.in"
   karpenter_enabled                       = true
-  private_subnet_ids                      = ["subnet-xxxxxxxxxxxx", "subnet-xxxxxxxxxxxx"]
+  private_subnet_ids                      = ["subnet-0f579bfe647370932", "subnet-07da41a7e8387d8bd"]
   single_az_ebs_gp3_storage_class_enabled = true
   single_az_sc_config                     = [{ name = "infra-service-sc", zone = "${local.region}a" }]
   coredns_hpa_enabled                     = true
-  kubeclarity_enabled                     = true
+  kubeclarity_enabled                     = false
   kubeclarity_hostname                    = "kubeclarity.prod.in"
   kubecost_enabled                        = false
   kubecost_hostname                       = "kubecost.prod.in"
-  defectdojo_enabled                      = true
+  defectdojo_enabled                      = false
   defectdojo_hostname                     = "defectdojo.prod.in"
   cert_manager_enabled                    = true
-  worker_iam_role_name                    = "node-role"
-  worker_iam_role_arn                     = "arn:aws:iam::xxxxxxxxxx:role/node-role"
+  worker_iam_role_name                    = "proddd-eks-node-role"
+  worker_iam_role_arn                     = "arn:aws:iam::654654551614:role/proddd-eks-node-role"
   ingress_nginx_enabled                   = true
   metrics_server_enabled                  = true
   external_secrets_enabled                = true
@@ -46,7 +64,7 @@ module "eks-addons" {
   aws_load_balancer_controller_enabled    = true
   falco_enabled                           = true
   slack_webhook                           = "xoxb-379541400966-iibMHnnoaPzVl"
-  istio_enabled                           = true
+  istio_enabled                           = false
   istio_config = {
     ingress_gateway_enabled       = true
     egress_gateway_enabled        = true
@@ -61,7 +79,7 @@ module "eks-addons" {
     excluded_instance_type = ["nano", "micro", "small"]
     instance_hypervisor    = ["nitro"]
   }
-  cert_manager_letsencrypt_email                = "email@email.com"
+  cert_manager_letsencrypt_email                = "rachit.maheshwari@squareops.com"
   internal_ingress_nginx_enabled                = true
   efs_storage_class_enabled                     = true
   aws_node_termination_handler_enabled          = true
@@ -70,12 +88,17 @@ module "eks-addons" {
   cert_manager_install_letsencrypt_http_issuers = true
   velero_enabled                                = true
   velero_config = {
-    namespaces                      = "" ## If you want full cluster backup, leave it blank else provide namespace.
-    slack_notification_token        = "xoxb-379541400966-iibMHnnoaPzVl"
-    slack_notification_channel_name = "slack-notification-channel"
-    retention_period_in_days        = 45
-    schedule_backup_cron_time       = "* 6 * * *"
-    velero_backup_name              = "application-backup"
-    backup_bucket_name              = "velero-bucket"
+    namespaces                          = "" ## If you want full cluster backup, leave it blank else provide namespace.
+    slack_notification_token            = "xoxb-379541400966-iibMHnnoaPzVl"
+    slack_notification_channel_name     = "slack-notification-channel"
+    retention_period_in_days            = 45
+    schedule_backup_cron_time           = "* 6 * * *"
+    velero_backup_name                  = "application-backup"
+    backup_bucket_name                  = "test-velero-bucket-1"
+    velero_s3_bucket_lifecycle_rules    = local.velero_s3_bucket_lifecycle_rules
+    velero_s3_bucket_object_lock_mode   = "GOVERNANCE"
+    velero_s3_bucket_object_lock_days   = "0"
+    velero_s3_bucket_object_lock_years  = "2"
+    velero_s3_bucket_enable_object_lock = true
   }
 }
diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf
@@ -6,11 +6,11 @@ provider "aws" {
 }
 
 data "aws_eks_cluster" "cluster" {
-  name = ""
+  name = "proddd-eks"
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = ""
+  name = "proddd-eks"
 }
 
 provider "kubernetes" {

diff --git a/main.tf b/main.tf
@@ -1,3 +1,4 @@
+
 data "aws_region" "current" {}
 
 data "aws_eks_cluster" "eks" {

diff --git a/modules/velero/main.tf b/modules/velero/main.tf
@@ -1,30 +1,45 @@
 #velero bucket lifecycle policy
-resource "aws_s3_bucket_lifecycle_configuration" "velero_bucket_policy" {
-
+resource "aws_s3_bucket_lifecycle_configuration" "velero_s3_bucket_lifecycle_rules" {
   bucket = var.velero_config.backup_bucket_name
+
+  dynamic "rule" {
+    for_each = var.velero_s3_bucket_lifecycle_rules
+
+    content {
+      id = rule.value.id
+
+      expiration {
+        days = rule.value.expiration_days
+      }
+
+      filter {
+        prefix = rule.value.filter_prefix
+      }
+
+      status = rule.value.status
 
-  rule {
-    id     = "archive"
-    status = "Enabled"
-    filter {
-      and {
-        prefix = "archive/"
-        tags = {
-          rule      = "archival"
-          autoclean = "true"
+      dynamic "transition" {
+        for_each = rule.value.transitions
+
+        content {
+          days          = transition.value.days
+          storage_class = transition.value.storage_class
         }
       }
     }
-    transition {
-      days          = 30
-      storage_class = "STANDARD_IA"
-    }
+  }
+}
 
-    expiration {
-      days = var.velero_config.retention_period_in_days
+resource "aws_s3_bucket_object_lock_configuration" "velero_s3_bucket_object_lock" {
+  count  = var.velero_s3_bucket_enable_object_lock ? 1 : 0
+  bucket = var.velero_config.backup_bucket_name
+    rule {
+      default_retention {
+        mode  = var.velero_s3_bucket_object_lock_mode
+        days  = var.velero_s3_bucket_object_lock_days > 0 ? var.velero_s3_bucket_object_lock_days : var.velero_s3_bucket_object_lock_years * 365
+      }
     }
   }
-}
 
 resource "aws_iam_policy" "velero_iam_policy" {
   name        = format("%s-%s-velero-policy", var.name, var.environment)

diff --git a/modules/velero/variable.tf b/modules/velero/variable.tf
@@ -35,3 +35,74 @@ variable "velero_config" {
     backup_bucket_name       = ""
   }
 }
+
+variable "velero_s3_bucket_enable_object_lock" {
+  description = "Whether to enable object lock for loki-scalable S3 bucket."
+  type        = bool
+  default     = true
+}
+
+variable "velero_s3_bucket_object_lock_mode" {
+  description = "Default Object Lock retention mode you want to apply to new objects placed in the loki-scalable S3 bucket. Valid values: COMPLIANCE, GOVERNANCE."
+  type        = string
+  default     = "GOVERNANCE"
+}
+
+variable "velero_s3_bucket_object_lock_days" {
+  description = "Optional, Required if years is not specified. Number of days that you want to specify for the default retention period in loki-scalable S3 bucket."
+  type        = number
+  default     = 0
+}
+
+variable "velero_s3_bucket_object_lock_years" {
+  description = "Optional, Required if days is not specified. Number of years that you want to specify for the default retention period in loki-scalable S3 bucket."
+  type        = number
+  default     = 0
+}
+
+variable "velero_s3_bucket_lifecycle_rules" {
+  type = map(object({
+    id                = string
+    expiration_days   = number
+    filter_prefix     = string
+    status            = string
+    transitions       = list(object({
+      days          = number
+      storage_class = string
+    }))
+  }))
+  default = {
+    rule1 = {
+      id                = "rule1"
+      expiration_days   = 30
+      filter_prefix     = "prefix1"
+      status            = "Enabled"
+      transitions = [
+        {
+          days          = 60
+          storage_class = "STANDARD_IA"
+        },
+        {
+          days          = 90
+          storage_class = "GLACIER"
+        }
+      ]
+    }
+    rule2 = {
+      id                = "rule2"
+      expiration_days   = 60
+      filter_prefix     = "prefix2"
+      status            = "Enabled"
+      transitions = [
+        {
+          days          = 90
+          storage_class = "STANDARD_IA"
+        },
+        {
+          days          = 120
+          storage_class = "GLACIER"
+        }
+      ]
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,25 @@
+variable "additional_tags" {
+  description = "Additional tags to be applied to AWS resources"
+  type        = map(string)
+  default = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+}
+
+variable "aws_region" {
+  description = "Name of the AWS region where S3 bucket is to be created."
+  default     = "us-east-1"
+  type        = string
+}
+
+variable "aws_account_id" {
+  description = "Account ID of the AWS Account."
+  default     = ""
+  type        = string
+}
+
 variable "amazon_eks_aws_ebs_csi_driver_enabled" {
   description = "Whether to enable the EKS Managed AWS EBS CSI Driver add-on or not."
   default     = false
@@ -16,25 +38,25 @@ variable "single_az_sc_config" {
   type        = list(any)
 }
 
-variable "cluster_autoscaler_enabled" {
+variable "eks_cluster_autoscaler_enabled" {
   description = "Whether to enable the Cluster Autoscaler add-on or not."
   default     = false
   type        = bool
 }
 
-variable "cluster_autoscaler_chart_version" {
+variable "eks_cluster_autoscaler_chart_version" {
   description = "Version of the cluster autoscaler helm chart"
   default     = "9.29.0"
   type        = string
 }
 
-variable "metrics_server_enabled" {
+variable "eks_cluster_metrics_server_enabled" {
   description = "Enable or disable the metrics server add-on for EKS cluster."
   default     = false
   type        = bool
 }
 
-variable "metrics_server_helm_version" {
+variable "eks_cluster_metrics_server_helm_version" {
   description = "Version of the metrics server helm chart"
   default     = "3.11.0"
   type        = string
@@ -64,7 +86,7 @@ variable "efs_storage_class_enabled" {
   type        = bool
 }
 
-variable "private_subnet_ids" {
+variable "vpc_private_subnet_ids" {
   description = "Private subnets of the VPC which can be used by EFS"
   default     = [""]
   type        = list(string)
@@ -148,7 +170,7 @@ variable "kms_policy_arn" {
   type        = string
 }
 
-variable "cluster_propotional_autoscaler_enabled" {
+variable "eks_cluster_propotional_autoscaler_enabled" {
   description = "Enable or disable Cluster propotional autoscaler add-on"
   default     = false
   type        = bool
@@ -222,7 +244,6 @@ variable "istio_config" {
   }
 }
 
-
 variable "velero_enabled" {
   description = "Enable or disable the installation of Velero, which is a backup and restore solution for Kubernetes clusters."
   default     = false

diff --git a/versions.tf b/versions.tf
@@ -2,15 +2,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.23"
+      version = ">= 5.0.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.13"
+      version = ">= 2.20.0"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.6"
+      version = ">= 2.10.0"
     }
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1,4 @@

		data "aws_region" "current" {}

		data "aws_eks_cluster" "eks" {
Expand Down