Kubernetes Marketplace Terraform Module for Yandex Cloud

Features

Install Yandex Cloud Marketplace for Kubernetes listed products using the Helm charts provided
Define custom settings supported by the Helm charts

Example Usage

module "helm_addons" {
  source = "./"

  cluster_id = "k8s_cluster_id"

  install_nodelocal_dns = true
}

Important

There might be a problem after deploying if the Kubernetes cluster being replaced. Helm Marketplace module will "block" the cluster change, if used in the same terraform apply cycle, as Helm provider won't be able to connect to the target Kubernetes cluster during refresh. In that case, applying the change in two steps will help:

# First updating the initial Kubernetes cluster and replacing it
terraform apply -target=module.kube
# Applying all the rest, including Marketplace module
terraform apply

If the cluster changed in a separate (outside) module, but Marketplace won't apply because of outdated information, a simple refresh usually does the trick (after verifying that the cluster_id is valid):

terraform apply -refresh-only

Requirements

Name	Version
terraform	>= 1.0
helm	>= 2.9, < 3.0
yandex	>= 0.108

Providers

Name	Version
helm	2.17.0
yandex	0.140.1

Modules

No modules.

Resources

Name	Type
helm_release.alb_ingress	resource
helm_release.argocd	resource
helm_release.cert_manager	resource
helm_release.chaos_mesh	resource
helm_release.crossplane	resource
helm_release.csi_s3	resource
helm_release.external_dns	resource
helm_release.external_secrets	resource
helm_release.falco	resource
helm_release.filebeat	resource
helm_release.filebeat_oss	resource
helm_release.fluentbit	resource
helm_release.gatekeeper	resource
helm_release.gateway_api	resource
helm_release.gitlab_agent	resource
helm_release.gitlab_runner	resource
helm_release.ingress_nginx	resource
helm_release.istio	resource
helm_release.kruise	resource
helm_release.kyverno	resource
helm_release.loki	resource
helm_release.metrics_provider	resource
helm_release.nodelocal_dns	resource
helm_release.policy_reporter	resource
helm_release.prometheus	resource
helm_release.vault	resource
helm_release.velero	resource
yandex_client_config.client	data source
yandex_kubernetes_cluster.target	data source

Inputs

Name	Description	Type	Default	Required
alb_ingress	Map for overriding ALB Ingress Controller Helm chart settings	object({ name = optional(string, "alb-ingress") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/yc-alb-ingress") chart = optional(string, "yc-alb-ingress-controller-chart") version = optional(string, "v0.2.23") namespace = optional(string, "alb-ingress") folder_id = optional(string, null) cluster_id = optional(string, null) service_account_key = optional(string, null) healthchecks_enabled = optional(bool, false) })	`{}`	no
argocd	Map for overriding ArgoCD Helm chart settings	object({ name = optional(string, "argocd") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/argo/chart") chart = optional(string, "argo-cd") version = optional(string, "7.3.11-2") namespace = optional(string, "argocd") })	`{}`	no
cert_manager	Map for overriding cert-manager Helm chart settings	object({ name = optional(string, "cert-manager") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/cert-manager-webhook-yandex") chart = optional(string, "cert-manager-webhook-yandex") version = optional(string, "1.0.8-1") namespace = optional(string, "cert-manager") service_account_key = optional(string) folder_id = optional(string) email_address = optional(string) letsencrypt_server = optional(string, "https://acme-staging-v02.api.letsencrypt.org/directory") })	`{}`	no
chaos_mesh	Map for overriding Chaos Mesh Helm chart settings	object({ name = optional(string, "chaos-mesh") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/chaos-mesh") chart = optional(string, "chaos-mesh") version = optional(string, "2.6.1-1b") namespace = optional(string, "chaos-mesh") })	`{}`	no
cluster_id	The ID of the Kubernetes cluster where addons should be installed.	`string`	n/a	yes
crossplane	Map for overriding Crossplane Helm chart settings	object({ name = optional(string, "crossplane") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/crossplane") chart = optional(string, "crossplane") version = optional(string, "v1.18.2") namespace = optional(string, "crossplane") service_account_key = optional(string) })	`{}`	no
csi_s3	Map for overriding CSI S3 Helm chart settings	object({ name = optional(string, "csi-s3") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/csi-s3") chart = optional(string, "csi-s3") version = optional(string, "0.42.1") namespace = optional(string, "csi-s3") create_storage_class = optional(bool, true) create_secret = optional(bool, true) object_storage_key_id = optional(string) object_storage_key_secret = optional(string) single_bucket = optional(string) s3_endpoint = optional(string, "https://storage.yandexcloud.net") s3_region = optional(string, "ru-central1") mount_options = optional(string, "--memory-limit 1000 --dir-mode 0777 --file-mode 0666") reclaim_policy = optional(string, "Delete") storage_class_name = optional(string, "csi-s3") secret_name = optional(string, "csi-s3-secret") tolerations_all = optional(bool, false) })	`{}`	no
external_dns	Map for overriding External DNS Helm chart settings	object({ name = optional(string, "external-dns") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/externaldns/chart/") chart = optional(string, "externaldns") version = optional(string, "0.5.1-b") namespace = optional(string, "external-dns") service_account_key = optional(string) folder_id = optional(string) })	`{}`	no
external_secrets	Map for overriding External Secrets Helm chart settings	object({ name = optional(string, "external-secrets") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/external-secrets/chart") chart = optional(string, "external-secrets") version = optional(string, "0.10.5") namespace = optional(string, "external-secrets") service_account_key = optional(string) })	`{}`	no
falco	Map for overriding Falco Helm chart settings	object({ name = optional(string, "falco") repository = optional(string, "oci://cr.yandex/yc-marketplace") chart = optional(string, "falco") version = optional(string, "2.2.5") namespace = optional(string, "falco") falco_sidekick_enabled = optional(bool, false) falco_sidekick_replicacount = optional(number, 1) })	`{}`	no
filebeat	Map for overriding Filebeat Helm chart settings	object({ name = optional(string, "filebeat") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/filebeat/chart") chart = optional(string, "filebeat") version = optional(string, "7.16.3-5") namespace = optional(string, "filebeat") elasticsearch_username = optional(string, "admin") elasticsearch_password = optional(string) elasticsearch_fqdn = optional(string) })	`{}`	no
filebeat_oss	Map for overriding Filebeat OSS Helm chart settings	object({ name = optional(string, "filebeat") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/filebeat-oss/chart") chart = optional(string, "filebeat-oss") version = optional(string, "7.12.1-1") namespace = optional(string, "filebeat") opensearch_username = optional(string, "admin") opensearch_password = optional(string) opensearch_fqdn = optional(string) })	`{}`	no
fluentbit	Map for overriding Fluentbit Helm chart settings	object({ name = optional(string, "fluent-bit") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/fluent-bit") chart = optional(string, "fluent-bit") version = optional(string, "2.1.7-3") namespace = optional(string, "fluent-bit") log_group_id = optional(string) service_account_key = optional(string) export_to_s3_enabled = optional(bool, false) object_storage_bucket = optional(string) object_storage_key_id = optional(string) object_storage_key_secret = optional(string) })	`{}`	no
gatekeeper	Map for overriding Gatekeeper Helm chart settings	object({ name = optional(string, "gatekeeper") repository = optional(string, "oci://cr.yandex/yc-marketplace") chart = optional(string, "gatekeeper") version = optional(string, "3.12.0") namespace = optional(string, "gatekeeper") audit_interval = optional(number, 60) violation_limit = optional(number, 20) match_kind_enabled = optional(bool, false) emit_events_enabled = optional(bool, false) namespace_events_enabled = optional(bool, false) external_data_enabled = optional(bool, false) })	`{}`	no
gateway_api	Map for overriding Gateway API Helm chart settings	object({ name = optional(string, "gateway-api") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm") chart = optional(string, "gateway-api") version = optional(string, "0.6.0") namespace = optional(string, "gateway-api") folder_id = optional(string) vpc_network_id = optional(string) subnet_id_a = optional(string) subnet_id_b = optional(string) subnet_id_d = optional(string) service_account_key = optional(string) })	`{}`	no
gitlab_agent	Map for overriding Gitlab Agent Helm chart settings	object({ name = optional(string, "gitlab-agent") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gitlab-org/gitlab-agent/chart") chart = optional(string, "gitlab-agent") version = optional(string, "1.16.0-1") namespace = optional(string, "gitlab-agent") gitlab_domain = optional(string) gitlab_token = optional(string) })	`{}`	no
gitlab_runner	Map for overriding Gitlab Runner Helm chart settings	object({ name = optional(string, "gitlab-runner") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/gitlab-org/gitlab-runner/chart") chart = optional(string, "gitlab-runner") version = optional(string, "0.54.0-8") namespace = optional(string, "gitlab-runner") gitlab_domain = optional(string) gitlab_token = optional(string) runner_privileged = optional(bool, false) runner_tags = optional(string) })	`{}`	no
ingress_nginx	Map for overriding Ingress NGINX Helm chart settings	object({ name = optional(string, "ingress-nginx") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/ingress-nginx/chart/") chart = optional(string, "ingress-nginx") version = optional(string, "4.12.1") namespace = optional(string, "ingress-nginx") ingress_class_name = optional(string, "nginx") replica_count = optional(number, 1) service_loadbalancer_ip = optional(string) service_external_traffic_policy = optional(string, "Cluster") # Cluster or Local service_session_affinity = optional(string, "None") # None or ClientIP })	`{}`	no
install_alb_ingress	Install ALB Ingress Controller	`bool`	`false`	no
install_argocd	Install ArgoCD	`bool`	`false`	no
install_cert_manager	Install cert-manager	`bool`	`false`	no
install_chaos_mesh	Install Chaos Mesh	`bool`	`false`	no
install_crossplane	Install Crossplane	`bool`	`false`	no
install_csi_s3	Install CSI S3	`bool`	`false`	no
install_external_dns	Install External DNS	`bool`	`false`	no
install_external_secrets	Install External Secrets	`bool`	`false`	no
install_falco	Install Falco	`bool`	`false`	no
install_filebeat	Install Filebeat	`bool`	`false`	no
install_filebeat_oss	Install Filebeat OSS	`bool`	`false`	no
install_fluentbit	Install Fluentbit	`bool`	`false`	no
install_gatekeeper	Install Gatekeeper	`bool`	`false`	no
install_gateway_api	Install Gateway API	`bool`	`false`	no
install_gitlab_agent	Install Gitlab Agent	`bool`	`false`	no
install_gitlab_runner	Install Gitlab Runner	`bool`	`false`	no
install_ingress_nginx	Install Ingress NGINX	`bool`	`false`	no
install_istio	Install Istio	`bool`	`false`	no
install_kruise	Install Kruise	`bool`	`false`	no
install_kyverno	Install Kyverno	`bool`	`false`	no
install_loki	Install Loki	`bool`	`false`	no
install_metrics_provider	Install Metrics Provider	`bool`	`false`	no
install_nodelocal_dns	Install NodeLocal NS	`bool`	`false`	no
install_policy_reporter	Install Policy Reporter	`bool`	`false`	no
install_prometheus	Install Prometheus	`bool`	`false`	no
install_vault	Install Vault	`bool`	`false`	no
install_velero	Install Velero	`bool`	`false`	no
istio	Map for overriding Istio Helm chart settings	object({ name = optional(string, "istio") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/istio") chart = optional(string, "istio") version = optional(string, "1.21.2-1") namespace = optional(string, "istio-system") addons_enabled = optional(bool, false) })	`{}`	no
kruise	Map for overriding Kruise Helm chart settings	object({ name = optional(string, "kruise") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/kruise/chart") chart = optional(string, "kruise") version = optional(string, "1.5.0") namespace = optional(string, "kruise") })	`{}`	no
kyverno	Map for overriding Kyverno Helm chart settings	object({ name = optional(string, "kyverno") repository = optional(string, "oci://cr.yandex/yc-marketplace") chart = optional(string, "multi-kyverno") version = optional(string, "1.0.0") namespace = optional(string, "kyverno") kyverno_policies_enabled = optional(bool, true) pod_security_profile = optional(string, "baseline") failure_action = optional(string, "audit") # audit, enforce })	`{}`	no
loki	Map for overriding Loki Helm chart settings	object({ name = optional(string, "loki") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/grafana/loki/chart") chart = optional(string, "loki") version = optional(string, "1.2.0-7") namespace = optional(string, "loki") object_storage_bucket = optional(string) aws_key_value = optional(string) promtail_enabled = optional(bool, true) })	`{}`	no
metrics_provider	Map for overriding Metrics Provider Helm chart settings	object({ name = optional(string, "metrics-provider") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/metric-provider/chart") chart = optional(string, "metrics-provider") version = optional(string, "0.1.13") namespace = optional(string, "metrics-provider") metrics_folder_id = optional(string) metrics_window = optional(string, "2m") downsampling_disabled = optional(bool, true) downsampling_grid_aggregation = optional(string, "AVG") downsampling_gap_filling = optional(string, "PREVIOUS") downsampling_gap_max_points = optional(number, 10) downsampling_grid_interval = optional(number, 1) service_account_key = optional(string) })	`{}`	no
nodelocal_dns	Map for overriding NodeLocal DNS Helm chart settings	object({ name = optional(string, "node-local-dns") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud") chart = optional(string, "node-local-dns") version = optional(string, "1.5.1") namespace = optional(string, "node-local-dns") })	`{}`	no
policy_reporter	Map for overriding Policy Reporter Helm chart settings	object({ name = optional(string, "policy-reporter") repository = optional(string, "oci://cr.yandex/yc-marketplace") chart = optional(string, "policy-reporter") version = optional(string, "2.13.11") namespace = optional(string, "policy-reporter") cluster_id = optional(string) custom_fields_enabled = optional(bool, false) ui_enabled = optional(bool, false) s3_enabled = optional(bool, false) s3_bucket = optional(string) kinesis_enabled = optional(bool, false) kinesis_endpoint = optional(string) kinesis_stream = optional(string) aws_key_value = optional(string) })	`{}`	no
prometheus	Map for overriding Prometheus Helm chart settings	object({ name = optional(string, "prometheus") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/prometheus") chart = optional(string, "kube-prometheus-stack") version = optional(string, "57.2.0-1") namespace = optional(string, "prometheus") prometheus_workspace_id = optional(string) api_key_value = optional(string) })	`{}`	no
vault	Map for overriding Vault Helm chart settings	object({ name = optional(string, "vault") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/vault/chart") chart = optional(string, "vault") version = optional(string, "0.29.0_yckms") namespace = optional(string, "vault") service_account_key = optional(string) kms_key_id = optional(string) })	`{}`	no
velero	Map for overriding Velero Helm chart settings	object({ name = optional(string, "velero") repository = optional(string, "oci://cr.yandex/yc-marketplace/yandex-cloud/velero") chart = optional(string, "velero") version = optional(string, "8.5.0-4") namespace = optional(string, "velero") object_storage_bucket = optional(string) aws_key_value = optional(string) })	`{}`	no

Outputs

Name	Description
alb_ingress_status	ALB Ingress deployment status.
argocd_status	ArgoCD deployment status.
cert_manager_status	cert-manager deployment status.
chaos_mesh_status	Chaos Mesh deployment status.
cluster_id	Kubernetes cluster ID.
crossplane_status	Crossplane deployment status.
csi_s3_status	CSI S3 deployment status.
external_dns_status	External DNS deployment status.
external_secrets_status	External Secrets deployment status.
falco_status	Falco deployment status.
filebeat_oss_status	Filebeat OSS deployment status.
filebeat_status	Filebeat deployment status.
fluentbit_status	Fluentbit deployment status.
gatekeeper_status	Gatekeeper deployment status.
gateway_api_status	Gateway API deployment status.
gitlab_agent_status	Gitlab Agent deployment status.
gitlab_runner_status	Gitlab Runner deployment status.
ingress_nginx_status	NGINX Ingress deployment status.
istio_status	Istio deployment status.
kruise_status	Kruise deployment status.
kyverno_status	Kyverno deployment status.
loki_status	Loki deployment status.
metrics_provider_status	Metrics Provider deployment status.
nodelocal_dns_status	Node-Local DNS deployment status.
policy_reporter_status	Policy Reporter deployment status.
prometheus_status	Prometheus deployment status.
vault_status	Vault deployment status.
velero_status	Velero deployment status.

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
examples		examples
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
AUTHORS		AUTHORS
CONTRIBUTING.md		CONTRIBUTING.md
README.md		README.md
alb-ingress.tf		alb-ingress.tf
argocd.tf		argocd.tf
cert-manager.tf		cert-manager.tf
chaos-mesh.tf		chaos-mesh.tf
crossplane.tf		crossplane.tf
csi-s3.tf		csi-s3.tf
external-dns.tf		external-dns.tf
external-secrets.tf		external-secrets.tf
falco.tf		falco.tf
filebeat-oss.tf		filebeat-oss.tf
filebeat.tf		filebeat.tf
fluentbit.tf		fluentbit.tf
gatekeeper.tf		gatekeeper.tf
gateway-api.tf		gateway-api.tf
gitlab-agent.tf		gitlab-agent.tf
gitlab-runner.tf		gitlab-runner.tf
istio.tf		istio.tf
jaeger.tf		jaeger.tf
kruise.tf		kruise.tf
kyverno.tf		kyverno.tf
loki.tf		loki.tf
main.tf		main.tf
metrics-provider.tf		metrics-provider.tf
nginx-ingress.tf		nginx-ingress.tf
nodelocaldns.tf		nodelocaldns.tf
outputs.tf		outputs.tf
policy-reporter.tf		policy-reporter.tf
prometheus.tf		prometheus.tf
vault.tf		vault.tf
velero.tf		velero.tf
versions.tf		versions.tf
yc.tfrc		yc.tfrc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Kubernetes Marketplace Terraform Module for Yandex Cloud

Features

Example Usage

Important

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Uh oh!

Releases

Packages

Languages

terraform-yc-modules/terraform-yc-kubernetes-marketplace

Folders and files

Latest commit

History

Repository files navigation

Kubernetes Marketplace Terraform Module for Yandex Cloud

Features

Example Usage

Important

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages