update for helm 3.x provider, changes to irsa

terraform-modules · Oct 3, 2025 · c7e87e6 · c7e87e6
1 parent 9ff1fb9
commit c7e87e6
Show file tree

Hide file tree

Showing 5 changed files with 181 additions and 126 deletions.
diff --git a/examples/extras/datadog-agent/irsa.agent.tf b/examples/extras/datadog-agent/irsa.agent.tf
@@ -1,10 +1,10 @@
 module "role_agent" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
 
-  role_description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.agent_name}"
-  role_name        = format("%v%v-irsa__%v", local._prefixes["eks-role"], var.cluster_name, var.agent_name)
+  description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.agent_name}"
+  name        = format("%v%v_%v", local._prefixes["eks-role"], var.cluster_name, var.agent_name)
 
-  role_policy_arns = {
+  policies = {
     policy = aws_iam_policy.policy_agent.arn
   }
 
@@ -41,7 +41,7 @@ data "aws_iam_policy_document" "policy_agent" {
 }
 
 resource "aws_iam_policy" "policy_agent" {
-  name        = format("%v%v-irsa__%v", local._prefixes["eks-policy"], var.cluster_name, var.agent_name)
+  name        = format("%v%v_%v", local._prefixes["eks-policy"], var.cluster_name, var.agent_name)
   description = "EKS IAM Policy for ${var.cluster_name} for service account ${var.namespace}:${var.agent_name}"
   path        = "/"
   policy      = data.aws_iam_policy_document.policy_agent.json
@@ -51,7 +51,7 @@ resource "aws_iam_policy" "policy_agent" {
     local.common_tags,
     var.application_tags,
     {
-      "Name"          = format("%v%v-irsa__%v", local._prefixes["eks-policy"], var.cluster_name, var.agent_name)
+      "Name"          = format("%v%v_%v", local._prefixes["eks-policy"], var.cluster_name, var.agent_name)
       "eks:namespace" = var.namespace
       "eks:user"      = var.agent_name
     }

diff --git a/examples/extras/datadog-agent/irsa.cluster-agent.tf b/examples/extras/datadog-agent/irsa.cluster-agent.tf
@@ -1,10 +1,10 @@
 module "role_cluster-agent" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts"
 
-  role_description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.cluster-agent_name}"
-  role_name        = format("%v%v-irsa__%v", local._prefixes["eks-role"], var.cluster_name, var.cluster-agent_name)
+  description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.cluster-agent_name}"
+  name        = format("%v%v_%v", local._prefixes["eks-role"], var.cluster_name, "cluster-agent")
 
-  role_policy_arns = {
+  policies = {
     policy = aws_iam_policy.policy_cluster-agent.arn
   }
 
@@ -41,7 +41,7 @@ data "aws_iam_policy_document" "policy_cluster-agent" {
 }
 
 resource "aws_iam_policy" "policy_cluster-agent" {
-  name        = format("%v%v-irsa__%v", local._prefixes["eks-policy"], var.cluster_name, var.cluster-agent_name)
+  name        = format("%v%v_%v", local._prefixes["eks-policy"], var.cluster_name, "cluster-agent")
   description = "EKS IAM Policy for ${var.cluster_name} for service account ${var.namespace}:${var.cluster-agent_name}"
   path        = "/"
   policy      = data.aws_iam_policy_document.policy_cluster-agent.json
@@ -51,7 +51,7 @@ resource "aws_iam_policy" "policy_cluster-agent" {
     local.common_tags,
     var.application_tags,
     {
-      "Name"          = format("%v%v-irsa__%v", local._prefixes["eks-policy"], var.cluster_name, var.cluster-agent_name)
+      "Name"          = format("%v%v_%v", local._prefixes["eks-policy"], var.cluster_name, var.cluster-agent_name)
       "eks:namespace" = var.namespace
       "eks:user"      = var.cluster-agent_name
     }

diff --git a/examples/extras/datadog-agent/main.tf b/examples/extras/datadog-agent/main.tf
@@ -42,110 +42,118 @@ resource "helm_release" "datadog" {
     })
   ]
 
-  set_sensitive {
-    name  = "datadog.apiKey"
-    value = local.datadog_api_key
-  }
-
-  set_sensitive {
-    name  = "datadog.appKey"
-    value = local.datadog_app_key
-  }
-
-  set {
-    name  = "datadog.site"
-    value = local.datadog_site
-  }
-
-  set {
-    name  = "datadog.clusterName"
-    value = var.cluster_name
-  }
-
-  ##   set {
-  ##     name  = "datadog.dd_url"
-  ##     value = var.datadog_site_url
-  ##   }
-
-  ##   set {
-  ##     name  = "clusterAgent.endpoint"
-  ##     value = var.datadog_api_url
-  ##   }
-
-  #  set {
-  #    name  = "datadog.logs.enabled"
-  #    value = false
-  #  }
-
-  ##   set {
-  ##     name  = "datadog.proxy.http"
-  ##     value = var.datadog_proxy.http
-  ##   }
-  ## 
-  ##   set {
-  ##     name  = "datadog.proxy.https"
-  ##     value = var.datadog_proxy.https
-  ##   }
-
-  set {
-    name  = "registry"
-    value = dirname(split(":", local.images_output["datadog/cluster-agent"].dest_full_path)[0])
-  }
-  #   set {
-  #     name  = "clusterAgent.image.repository"
-  #     value = split(":", local.images_output["datadog/cluster-agent"].dest_full_path)[0]
-  #   }
-  set {
-    name  = "clusterAgent.image.tag"
-    value = local.images_output["datadog/cluster-agent"].tag
-  }
-  #   set {
-  #     name  = "agents.image.repository"
-  #     value = split(":", local.images_output["datadog/agent"].dest_full_path)[0]
-  #   }
-  set {
-    name  = "agents.image.tag"
-    value = local.images_output["datadog/agent"].tag
-  }
-  #   set {
-  #     name  = "fips.image.repository"
-  #     value = split(":", local.images_output["datadog/fips-proxy"].dest_full_path)[0]
-  #   }
-  set {
-    name  = "fips.image.tag"
-    value = local.images_output["datadog/fips-proxy"].tag
-  }
-
-  # cluster agent rbac
-  set {
-    name  = "clusterAgent.rbac.serviceAccount.name"
-    value = var.cluster-agent_name
-  }
-  set {
-    name  = "clusterAgent.rbac.serviceAccount.create"
-    value = "true"
-  }
-
-  set {
-    name  = "clusterAgent.rbac.serviceAccountAnnotations.eks\\.amazonaws\\.com/role-arn"
-    value = module.role_cluster-agent.iam_role_arn
-  }
-
-  # agent rbac
-  set {
-    name  = "agents.rbac.serviceAccount.name"
-    value = var.agent_name
-  }
-  set {
-    name  = "agents.rbac.serviceAccount.create"
-    value = "true"
-  }
-
-  set {
-    name  = "agents.rbac.serviceAccountAnnotations.eks\\.amazonaws\\.com/role-arn"
-    value = module.role_agent.iam_role_arn
-  }
+  set_sensitive = [
+    {
+      name  = "datadog.apiKey"
+      value = local.datadog_api_key
+    },
+    {
+      name  = "datadog.appKey"
+      value = local.datadog_app_key
+    }
+  ]
 
+  set = [
+    {
+      name  = "datadog.site"
+      value = local.datadog_site
+    },
+
+    {
+      name  = "datadog.clusterName"
+      value = var.cluster_name
+    },
+
+    ##   {
+    ##     name  = "datadog.dd_url"
+    ##     value = var.datadog_site_url
+    ##   },
+
+    ##   {
+    ##     name  = "clusterAgent.endpoint"
+    ##     value = var.datadog_api_url
+    ##   },
+
+    #  {
+    #    name  = "datadog.logs.enabled"
+    #    value = false
+    #  },
+
+    ##   {
+    ##     name  = "datadog.proxy.http"
+    ##     value = var.datadog_proxy.http
+    ##   },
+    ## 
+    ##   {
+    ##     name  = "datadog.proxy.https"
+    ##     value = var.datadog_proxy.https
+    ##   },
+
+    {
+      name  = "registry"
+      value = dirname(split(":", local.images_output["datadog/cluster-agent"].dest_full_path)[0])
+    },
+    #   {
+    #     name  = "clusterAgent.image.repository"
+    #     value = split(":", local.images_output["datadog/cluster-agent"].dest_full_path)[0]
+    #   }
+    {
+      name  = "clusterAgent.image.tag"
+      value = local.images_output["datadog/cluster-agent"].tag
+    },
+    #   {
+    #     name  = "agents.image.repository"
+    #     value = split(":", local.images_output["datadog/agent"].dest_full_path)[0]
+    #   },
+    {
+      name  = "agents.image.tag"
+      value = local.images_output["datadog/agent"].tag
+    },
+    #   {
+    #     name  = "fips.image.repository"
+    #     value = split(":", local.images_output["datadog/fips-proxy"].dest_full_path)[0]
+    #   },
+    {
+      name  = "fips.image.tag"
+      value = local.images_output["datadog/fips-proxy"].tag
+    },
+
+    # cluster agent rbac
+    {
+      name  = "clusterAgent.rbac.serviceAccount.name"
+      value = var.cluster-agent_name
+    },
+    {
+      name  = "clusterAgent.rbac.serviceAccount.create"
+      value = "true"
+    },
+
+    {
+      name  = "clusterAgent.rbac.serviceAccountAnnotations.eks\\.amazonaws\\.com/role-arn"
+      value = module.role_cluster-agent.arn
+    },
+
+    # agent rbac
+    {
+      name  = "agents.rbac.serviceAccount.name"
+      value = var.agent_name
+    },
+    {
+      name  = "agents.rbac.serviceAccount.create"
+      value = "true"
+    },
+
+    # apm injection
+    #  {
+    #    name  = "datadog.apm.instrumentation.injector.imageTag"
+    #    value = local.images_output["datadog/apm-inject"].tag
+    #  },
+
+    {
+      name  = "agents.rbac.serviceAccountAnnotations.eks\\.amazonaws\\.com/role-arn"
+      value = module.role_agent.arn
+    },
+  ]
   timeout = 600
 }
 
diff --git a/examples/extras/datadog-agent/variables.datadog.auto.tfvars b/examples/extras/datadog-agent/variables.datadog.auto.tfvars
@@ -1,6 +1,6 @@
 namespace        = "monitoring"
 create_namespace = true
-name             = "datadog-agent"
+#name             = "datadog-agent"
 datadog_proxy = {
   http  = "http://proxy.tco.census.gov:3128"
   https = "http://proxy.tco.census.gov:3128"