feat: align module to the addon-template

Author: tomas-balaz

.github/RELEASE_DRAFTER.yml

@@ -7,11 +7,25 @@ categories:
       - 'enhancement'
   - title: 'Bug Fixes'
     labels:
-      - 'fix'
-      - 'bugfix'
       - 'bug'
   - title: 'Documentation'
     label: 'documentation'
+  - title: 'CI'
+    label: 'ci'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'feature'
+      - 'enhancement'
+  patch:
+    labels:
+      - 'ci'
+      - 'bug'
+      - 'documentation'
+  default: patch
 change-template: '- $TITLE, by @$AUTHOR (#$NUMBER)'
 template: |
   # What's changed

.github/workflows/pre-commit.yml

@@ -1,5 +1,8 @@
 name: pre-commit
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -8,36 +11,42 @@ on:
       - master
 
 env:
+  PYTHON_VERSION: "3.10"
   TERRAFORM_DOCS_VERSION: "v0.16.0"
-  TFLINT_VERSION: "v0.36.2"
+  TFLINT_VERSION: "v0.40.1"
 
 jobs:
   pre-commit:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-python@v2
-
-    - name: Install additional pre-commit hooks
-      shell: bash
-      run: |
-        echo "########### Install Checkov ####################"
-        pip install checkov
-
-        echo "########### Install Terraform-docs #############"
-        wget https://github.com/terraform-docs/terraform-docs/releases/download/${{ env.TERRAFORM_DOCS_VERSION }}/terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
-        tar xvzf terraform-docs-${{ env.TERRAFORM_DOCS_VERSION }}-linux-amd64.tar.gz
-        mkdir -p ~/terraform-docs/bin/
-        install terraform-docs ~/terraform-docs/bin/
-        echo '~/terraform-docs/bin/' >> $GITHUB_PATH
-
-        echo "########### Install Terraform-linters ##########"
-        wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip
-        unzip tflint_linux_amd64.zip
-        mkdir -p ~/tflint/bin/
-        echo '~/tflint/bin/' >> $GITHUB_PATH
-        install tflint ~/tflint/bin/
-        ~/tflint/bin/tflint --init
-
-    - name: Run pre-commit
-      uses: pre-commit/[email protected]
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: pip
+
+      - name: Install Python dependencies
+        run: pip install -r requirements.txt
+
+      - name: Install terraform-docs
+        uses: jaxxstorm/[email protected]
+        with:
+          repo: terraform-docs/terraform-docs
+          tag: ${{ env.TERRAFORM_DOCS_VERSION }}
+          cache: enable
+
+      - name: TFLint cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ runner.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+      - name: Install TFLint
+        uses: terraform-linters/setup-tflint@v2
+        with:
+          tflint_version: ${{ env.TFLINT_VERSION }}
+
+      - name: Run pre-commit
+        uses: pre-commit/[email protected]

.github/workflows/release-drafter.yml

@@ -15,7 +15,7 @@ on:
 
 jobs:
   update_release_draft:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: release-drafter/release-drafter@v5
         with:

.github/workflows/validate.yaml

@@ -1,5 +1,8 @@
 name: Terraform validate
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -10,11 +13,11 @@ on:
 jobs:
   versionExtract:
     name: Extract min/max Terraform versions
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Extract Terraform min/max versions
         id: minMax
@@ -26,7 +29,7 @@ jobs:
       maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
   terraform-validate:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: versionExtract
     strategy:
       matrix:
@@ -35,17 +38,15 @@ jobs:
           - ${{ needs.versionExtract.outputs.maxVersion }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ matrix.tf_ver }}
 
-    - name: Validate module
-      run: |
-        terraform init
-        terraform validate
-    - name: Validate example
-      run: |
-        cd examples/basic
-        terraform init
-        terraform validate
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.2.0
+    rev: v4.3.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -10,20 +10,15 @@ repos:
       - id: end-of-file-fixer
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.75.0
     hooks:
     - id: terraform_fmt
     - id: terraform_tflint
     - id: terraform_validate
     - id: terraform_checkov
     - id: terraform_docs
       args:
-        - '--args=--hide providers --sort-by required'
-
-  - repo: https://github.com/pecigonzalo/pre-commit-terraform-vars
-    rev: v1.0.0
-    hooks:
-    - id: terraform-vars
+        - '--args=--config=.terraform-docs.yml'
 
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.3.0

.terraform-docs.yml

@@ -0,0 +1,15 @@
+formatter: markdown table
+
+output:
+  mode: inject
+  template: |-
+    <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+    {{ .Content }}
+    <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+sections:
+  hide:
+    - providers
+
+sort:
+  by: required

.tflint.hcl

@@ -0,0 +1,11 @@
+plugin "terraform" {
+  enabled = true
+  version = "0.1.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  preset  = "recommended"
+}
+plugin "aws" {
+  enabled = true
+  version = "0.17.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

README.md

@@ -1,6 +1,6 @@
 # AWS EKS Cert Manager Terraform module
 
-[![Labyrinth Labs logo](ll-logo.png)](https://www.lablabs.io)
+[<img src="https://lablabs.io/static/ll-logo.png" width=350px>](https://lablabs.io/)
 
 We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at <https://lablabs.io/>
 
@@ -123,23 +123,23 @@ No modules.
 | <a name="input_argo_enabled"></a> [argo\_enabled](#input\_argo\_enabled) | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | `bool` | `false` | no |
 | <a name="input_argo_helm_enabled"></a> [argo\_helm\_enabled](#input\_argo\_helm\_enabled) | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | `bool` | `false` | no |
 | <a name="input_argo_helm_values"></a> [argo\_helm\_values](#input\_argo\_helm\_values) | Value overrides to use when deploying argo application object with helm | `string` | `""` | no |
-| <a name="input_argo_info"></a> [argo\_info](#input\_argo\_info) | ArgoCD info manifest parameter | `list` | <pre>[<br>  {<br>    "name": "terraform",<br>    "value": "true"<br>  }<br>]</pre> | no |
+| <a name="input_argo_info"></a> [argo\_info](#input\_argo\_info) | ArgoCD info manifest parameter | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | <pre>[<br>  {<br>    "name": "terraform",<br>    "value": "true"<br>  }<br>]</pre> | no |
 | <a name="input_argo_kubernetes_manifest_computed_fields"></a> [argo\_kubernetes\_manifest\_computed\_fields](#input\_argo\_kubernetes\_manifest\_computed\_fields) | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. | `list(string)` | <pre>[<br>  "metadata.labels",<br>  "metadata.annotations"<br>]</pre> | no |
 | <a name="input_argo_kubernetes_manifest_field_manager_force_conflicts"></a> [argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts](#input\_argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts) | Forcibly override any field manager conflicts when applying the kubernetes manifest resource | `bool` | `false` | no |
 | <a name="input_argo_kubernetes_manifest_field_manager_name"></a> [argo\_kubernetes\_manifest\_field\_manager\_name](#input\_argo\_kubernetes\_manifest\_field\_manager\_name) | The name of the field manager to use when applying the kubernetes manifest resource. Defaults to Terraform | `string` | `"Terraform"` | no |
 | <a name="input_argo_kubernetes_manifest_wait_fields"></a> [argo\_kubernetes\_manifest\_wait\_fields](#input\_argo\_kubernetes\_manifest\_wait\_fields) | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. | `map(string)` | `{}` | no |
-| <a name="input_argo_metadata"></a> [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters | `map` | <pre>{<br>  "finalizers": [<br>    "resources-finalizer.argocd.argoproj.io"<br>  ]<br>}</pre> | no |
+| <a name="input_argo_metadata"></a> [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters | `any` | <pre>{<br>  "finalizers": [<br>    "resources-finalizer.argocd.argoproj.io"<br>  ]<br>}</pre> | no |
 | <a name="input_argo_namespace"></a> [argo\_namespace](#input\_argo\_namespace) | Namespace to deploy ArgoCD application CRD to | `string` | `"argo"` | no |
 | <a name="input_argo_project"></a> [argo\_project](#input\_argo\_project) | ArgoCD Application project | `string` | `"default"` | no |
-| <a name="input_argo_spec"></a> [argo\_spec](#input\_argo\_spec) | ArgoCD Application spec configuration. Override or create additional spec parameters | `map` | `{}` | no |
-| <a name="input_argo_sync_policy"></a> [argo\_sync\_policy](#input\_argo\_sync\_policy) | ArgoCD syncPolicy manifest parameter | `map` | `{}` | no |
+| <a name="input_argo_spec"></a> [argo\_spec](#input\_argo\_spec) | ArgoCD Application spec configuration. Override or create additional spec parameters | `any` | `{}` | no |
+| <a name="input_argo_sync_policy"></a> [argo\_sync\_policy](#input\_argo\_sync\_policy) | ArgoCD syncPolicy manifest parameter | `any` | `{}` | no |
 | <a name="input_cluster_issuer_enabled"></a> [cluster\_issuer\_enabled](#input\_cluster\_issuer\_enabled) | Variable indicating whether default ClusterIssuer CRD is enabled | `bool` | `false` | no |
 | <a name="input_cluster_issuer_settings"></a> [cluster\_issuer\_settings](#input\_cluster\_issuer\_settings) | Additional settings which will be passed to the Helm chart cluster\_issuer values, see https://github.com/lablabs/terraform-aws-eks-cert-manager/blob/main/helm/defaultClusterIssuer/values.yaml | `map(any)` | `{}` | no |
 | <a name="input_cluster_issuers_values"></a> [cluster\_issuers\_values](#input\_cluster\_issuers\_values) | Additional values for cert manager cluster issuers helm chart. Values will be merged, in order, as Helm does with multiple -f options | `string` | `""` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Variable indicating whether deployment is enabled | `bool` | `true` | no |
 | <a name="input_helm_atomic"></a> [helm\_atomic](#input\_helm\_atomic) | If set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used | `bool` | `false` | no |
 | <a name="input_helm_chart_name"></a> [helm\_chart\_name](#input\_helm\_chart\_name) | Helm chart name to be installed | `string` | `"cert-manager"` | no |
-| <a name="input_helm_chart_version"></a> [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart | `string` | `"1.9.1"` | no |
+| <a name="input_helm_chart_version"></a> [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart | `string` | `"1.12.1"` | no |
 | <a name="input_helm_cleanup_on_fail"></a> [helm\_cleanup\_on\_fail](#input\_helm\_cleanup\_on\_fail) | Allow deletion of new resources created in this helm upgrade when upgrade fails | `bool` | `false` | no |
 | <a name="input_helm_create_namespace"></a> [helm\_create\_namespace](#input\_helm\_create\_namespace) | Whether to create k8s namespace with name defined by `namespace` | `bool` | `true` | no |
 | <a name="input_helm_dependency_update"></a> [helm\_dependency\_update](#input\_helm\_dependency\_update) | Runs helm dependency update before installing the chart | `bool` | `false` | no |

examples/basic/README.md

@@ -5,7 +5,12 @@ The code in this example shows how to use the module with basic configuration an
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.19.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.6.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.11.0 |
 
 ## Modules
 
@@ -18,8 +23,9 @@ No requirements.
 | <a name="module_cert_manager_helm"></a> [cert\_manager\_helm](#module\_cert\_manager\_helm) | ../../ | n/a |
 | <a name="module_cert_manager_without_irsa_policy"></a> [cert\_manager\_without\_irsa\_policy](#module\_cert\_manager\_without\_irsa\_policy) | ../../ | n/a |
 | <a name="module_cert_manager_without_irsa_role"></a> [cert\_manager\_without\_irsa\_role](#module\_cert\_manager\_without\_irsa\_role) | ../../ | n/a |
-| <a name="module_eks_cluster"></a> [eks\_cluster](#module\_eks\_cluster) | cloudposse/eks-cluster/aws | 0.44.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.11.0 |
+| <a name="module_eks_cluster"></a> [eks\_cluster](#module\_eks\_cluster) | cloudposse/eks-cluster/aws | 2.3.0 |
+| <a name="module_eks_node_group"></a> [eks\_node\_group](#module\_eks\_node\_group) | cloudposse/eks-node-group/aws | 2.4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.0 |
 
 ## Resources
 

examples/basic/base.tf

@@ -1,8 +1,8 @@
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "3.11.0"
+  version = "4.0.0"
 
-  name               = "vpc"
+  name               = "cluster-autoscaler-vpc"
   cidr               = "10.0.0.0/16"
   azs                = ["eu-central-1a", "eu-central-1b"]
   public_subnets     = ["10.0.101.0/24", "10.0.102.0/24"]
@@ -11,10 +11,23 @@ module "vpc" {
 
 module "eks_cluster" {
   source  = "cloudposse/eks-cluster/aws"
-  version = "0.44.0"
+  version = "2.3.0"
 
   region     = "eu-central-1"
   subnet_ids = module.vpc.public_subnets
   vpc_id     = module.vpc.vpc_id
-  name       = "k8s"
+  name       = "basic-example"
+}
+
+module "eks_node_group" {
+  source  = "cloudposse/eks-node-group/aws"
+  version = "2.4.0"
+
+  cluster_name   = module.eks_cluster.eks_cluster_id
+  instance_types = ["t3.medium"]
+  subnet_ids     = module.vpc.public_subnets
+  min_size       = 1
+  desired_size   = 1
+  max_size       = 2
+  depends_on     = [module.eks_cluster.kubernetes_config_map_id]
 }

examples/basic/main.tf

@@ -34,7 +34,15 @@ locals {
           "email" : "[email protected]"
           "server" : "https://acme-v02.api.letsencrypt.org/directory"
         }
-
+      }
+    }
+    "http" : {
+      "default-http" : {
+        "ingressClassName" : "nginx"
+        "acme" : {
+          "email" : "[email protected]"
+          "server" : "https://acme-v02.api.letsencrypt.org/directory"
+        }
       }
     }
   })

examples/basic/providers.tf

@@ -14,12 +14,12 @@ provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.this.endpoint
     token                  = data.aws_eks_cluster_auth.this.token
-    cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data)
   }
 }
 
 provider "kubernetes" {
   host                   = data.aws_eks_cluster.this.endpoint
   token                  = data.aws_eks_cluster_auth.this.token
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data)
 }

examples/basic/versions.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.19.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.11.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.6.0"
+    }
+  }
+}

ll-logo.png

@@ -0,0 +1 @@
+checkov==2.2.158