feat: Add VPA deployment + CRDs to cluster-apps (#65)

Author: joli-sys

README.md

@@ -44,6 +44,10 @@ module "cluster_apps" {
     enabled = false
   }
 
+  vpa = {
+    enabled = false
+  }
+
   metrics_server = {
     enabled = true
     node_selector = {
@@ -69,7 +73,7 @@ module "cluster_apps" {
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.30 |
 
 ## Providers
@@ -92,6 +96,7 @@ module "cluster_apps" {
 | <a name="module_keda"></a> [keda](#module\_keda) | ./modules/keda | n/a |
 | <a name="module_kyverno"></a> [kyverno](#module\_kyverno) | ./modules/kyverno | n/a |
 | <a name="module_metrics_server"></a> [metrics\_server](#module\_metrics\_server) | ./modules/metrics-server | n/a |
+| <a name="module_vpa"></a> [vpa](#module\_vpa) | ./modules/vpa | n/a |
 
 ## Resources
 
@@ -115,6 +120,7 @@ module "cluster_apps" {
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | value of the namespace to deploy cluster apps | <pre>object({<br/>    name   = string<br/>    create = bool<br/>  })</pre> | <pre>{<br/>  "create": true,<br/>  "name": "cluster-apps"<br/>}</pre> | no |
 | <a name="input_node_selector"></a> [node\_selector](#input\_node\_selector) | node selector to deploy cluster apps | `map(string)` | <pre>{<br/>  "node.kubernetes.io/pool": "critical"<br/>}</pre> | no |
 | <a name="input_tolerations"></a> [tolerations](#input\_tolerations) | tolerations to deploy cluster apps | <pre>list(object({<br/>    key      = string<br/>    operator = string<br/>    value    = optional(string, null)<br/>    effect   = optional(string, null)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "effect": "NoSchedule",<br/>    "key": "CriticalAddonsOnly",<br/>    "operator": "Exists"<br/>  }<br/>]</pre> | no |
+| <a name="input_vpa"></a> [vpa](#input\_vpa) | vpa configuration | <pre>object({<br/>    enabled      = optional(bool, false)<br/>    release_name = optional(string, "vpa")<br/>    crds = optional(object({<br/>      enabled = optional(bool, true)<br/>    }), {})<br/>    recommender = optional(object({<br/>      enabled                 = optional(bool, true)<br/>      replica_count           = optional(number, 1)<br/>      service_account_enabled = optional(bool, true)<br/>      resources = optional(object({<br/>        limits = optional(object({<br/>          cpu    = optional(string, "200m")<br/>          memory = optional(string, "200Mi")<br/>        }), {})<br/>        requests = optional(object({<br/>          cpu    = optional(string, "50m")<br/>          memory = optional(string, "50Mi")<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    updater = optional(object({<br/>      enabled                 = optional(bool, true)<br/>      replica_count           = optional(number, 1)<br/>      service_account_enabled = optional(bool, true)<br/>      resources = optional(object({<br/>        limits = optional(object({<br/>          cpu    = optional(string, "200m")<br/>          memory = optional(string, "200Mi")<br/>        }), {})<br/>        requests = optional(object({<br/>          cpu    = optional(string, "50m")<br/>          memory = optional(string, "50Mi")<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    admissionController = optional(object({<br/>      enabled                 = optional(bool, true)<br/>      replica_count           = optional(number, 1)<br/>      service_account_enabled = optional(bool, true)<br/>      resources = optional(object({<br/>        limits = optional(object({<br/>          cpu    = optional(string, "200m")<br/>          memory = optional(string, "200Mi")<br/>        }), {})<br/>        requests = optional(object({<br/>          cpu    = optional(string, "50m")<br/>          memory = optional(string, "50Mi")<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 

main.tf

@@ -251,3 +251,60 @@ module "cert_manager" {
   node_selector = var.cert_manager.node_selector != null ? var.cert_manager.node_selector : var.node_selector
   tolerations   = var.cert_manager.tolerations != null ? var.cert_manager.tolerations : var.tolerations
 }
+
+module "vpa" {
+  count = var.vpa.enabled ? 1 : 0
+
+  source = "./modules/vpa"
+
+  namespace    = local.namespace
+  release_name = var.vpa.release_name
+  crds = {
+    enabled = var.vpa.crds.enabled
+  }
+  recommender = {
+    enabled                 = var.vpa.recommender.enabled
+    replica_count           = var.vpa.recommender.replica_count
+    service_account_enabled = var.vpa.recommender.service_account_enabled
+    resources = {
+      limits = {
+        cpu    = var.vpa.recommender.resources.limits.cpu
+        memory = var.vpa.recommender.resources.limits.memory
+      }
+      requests = {
+        cpu    = var.vpa.recommender.resources.requests.cpu
+        memory = var.vpa.recommender.resources.requests.memory
+      }
+    }
+  }
+  updater = {
+    enabled                 = var.vpa.updater.enabled
+    replica_count           = var.vpa.updater.replica_count
+    service_account_enabled = var.vpa.updater.service_account_enabled
+    resources = {
+      limits = {
+        cpu    = var.vpa.updater.resources.limits.cpu
+        memory = var.vpa.updater.resources.limits.memory
+      }
+      requests = {
+        cpu    = var.vpa.updater.resources.requests.cpu
+        memory = var.vpa.updater.resources.requests.memory
+      }
+    }
+  }
+  admissionController = {
+    enabled                 = var.vpa.admissionController.enabled
+    replica_count           = var.vpa.admissionController.replica_count
+    service_account_enabled = var.vpa.admissionController.service_account_enabled
+    resources = {
+      limits = {
+        cpu    = var.vpa.admissionController.resources.limits.cpu
+        memory = var.vpa.admissionController.resources.limits.memory
+      }
+      requests = {
+        cpu    = var.vpa.admissionController.resources.requests.cpu
+        memory = var.vpa.admissionController.resources.requests.memory
+      }
+    }
+  }
+}

modules/cert-manager/README.md

@@ -5,14 +5,14 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | ~> 3.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | ~> 3.4 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
 

modules/external-secrets/README.md

@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 
 ## Modules
 

modules/fluent-bit/README.md

@@ -69,13 +69,13 @@ EOF
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5, < 2.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.17.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.17.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0.0 |
 
 ## Modules
 

modules/karpenter/README.md

@@ -5,22 +5,22 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.30 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.27 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | ~> 2.30 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_irsa"></a> [irsa](#module\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | 5.55.0 |
+| <a name="module_irsa"></a> [irsa](#module\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | 5.58.0 |
 
 ## Resources
 

modules/keda/README.md

@@ -4,14 +4,14 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.30 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 
 ## Modules
 

modules/kyverno/README.md

@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 
 ## Modules
 

modules/metrics-server/README.md

@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.14 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
 
 ## Modules
 

modules/vpa/README.md

@@ -0,0 +1,40 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9, < 2.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 3.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.vpa](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_admissionController"></a> [admissionController](#input\_admissionController) | The VPA admission controller configuration | <pre>object({<br/>    enabled                 = optional(bool)<br/>    replica_count           = optional(number)<br/>    service_account_enabled = optional(bool)<br/>    resources = optional(object({<br/>      limits = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>      requests = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>    }))<br/>  })</pre> | <pre>{<br/>  "enabled": true,<br/>  "replica_count": 1,<br/>  "resources": {<br/>    "limits": {<br/>      "cpu": "200m",<br/>      "memory": "200Mi"<br/>    },<br/>    "requests": {<br/>      "cpu": "50m",<br/>      "memory": "50Mi"<br/>    }<br/>  },<br/>  "service_account_enabled": true<br/>}</pre> | no |
+| <a name="input_crds"></a> [crds](#input\_crds) | The CRDs to install | <pre>object({<br/>    enabled = optional(bool)<br/>  })</pre> | <pre>{<br/>  "enabled": true<br/>}</pre> | no |
+| <a name="input_helm_chart_version"></a> [helm\_chart\_version](#input\_helm\_chart\_version) | The version of the VPA Helm chart to install | `string` | `"10.2.1"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the VPA in | `string` | `"cluster-apps"` | no |
+| <a name="input_recommender"></a> [recommender](#input\_recommender) | The VPA recommender configuration | <pre>object({<br/>    enabled                 = optional(bool)<br/>    replica_count           = optional(number)<br/>    service_account_enabled = optional(bool)<br/>    resources = optional(object({<br/>      limits = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>      requests = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>    }))<br/>  })</pre> | <pre>{<br/>  "enabled": true,<br/>  "replica_count": 1,<br/>  "resources": {<br/>    "limits": {<br/>      "cpu": "200m",<br/>      "memory": "200Mi"<br/>    },<br/>    "requests": {<br/>      "cpu": "50m",<br/>      "memory": "50Mi"<br/>    }<br/>  },<br/>  "service_account_enabled": true<br/>}</pre> | no |
+| <a name="input_release_name"></a> [release\_name](#input\_release\_name) | The name of the Helm release | `string` | `"vpa"` | no |
+| <a name="input_updater"></a> [updater](#input\_updater) | The VPA updater configuration | <pre>object({<br/>    enabled                 = optional(bool)<br/>    replica_count           = optional(number)<br/>    service_account_enabled = optional(bool)<br/>    resources = optional(object({<br/>      limits = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>      requests = optional(object({<br/>        cpu    = optional(string)<br/>        memory = optional(string)<br/>      }))<br/>    }))<br/>  })</pre> | <pre>{<br/>  "enabled": true,<br/>  "replica_count": 1,<br/>  "resources": {<br/>    "limits": {<br/>      "cpu": "200m",<br/>      "memory": "200Mi"<br/>    },<br/>    "requests": {<br/>      "cpu": "50m",<br/>      "memory": "50Mi"<br/>    }<br/>  },<br/>  "service_account_enabled": true<br/>}</pre> | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->