feat: initial version

.github/commitlint.config.mjs

@@ -0,0 +1,9 @@
+export default {
+  extends: ['@commitlint/config-conventional'],
+  /*
+   * Any rules defined here will override rules from @commitlint/config-conventional
+   */
+  rules: {
+    'body-max-line-length': [2, 'always', 200],
+  },
+};

.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: terraform
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: terraform
+    directory: "/examples"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10

.github/workflows/build.yml

@@ -0,0 +1,28 @@
+name: Build
+
+on: [ push, workflow_dispatch ]
+
+jobs:
+  examples:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        tf-version: [ 1.3.2, 1.7.5 ]
+    steps:
+      - name: Install terraform v${{ matrix.tf-version }}
+        run: |
+          curl -LO https://releases.hashicorp.com/terraform/${{ matrix.tf-version }}/terraform_${{ matrix.tf-version }}_linux_amd64.zip
+          unzip terraform_${{ matrix.tf-version }}_linux_amd64.zip
+          sudo mv terraform /usr/local/bin
+          rm *
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Validate examples terraform v${{ matrix.tf-version }}
+        run: make examples
+  build:
+    needs: [examples]
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "OK"

.github/workflows/commitlint.yaml

@@ -0,0 +1,14 @@
+name: Lint Commit Messages
+
+on: [pull_request]
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v6
+        with:
+          configFile: "./.github/commitlint.config.mjs"

.github/workflows/terrascan.yaml

@@ -0,0 +1,30 @@
+name: Terrascan
+on: [ pull_request ]
+# https://github.com/marketplace/actions/terrascan-iac-scanner
+jobs:
+  terrascan:
+    runs-on: ubuntu-latest
+    name: terrascan
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Run Terrascan
+        id: terrascan
+        uses: tenable/terrascan-action@main
+        with:
+          iac_type: 'terraform'
+          iac_version: 'v14'
+          policy_type: 'aws'
+          only_warn: true
+          sarif_upload: true
+          non_recursive: true
+          #iac_dir:
+          #policy_path:
+          #skip_rules:
+          #config_path:
+          #webhook_url:
+          #webhook_token:
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: terrascan.sarif

.gitignore

@@ -0,0 +1,33 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+examples/**/.terraform.lock.hcl
+.idea
+external-secrets/charts

CODEOWNERS

@@ -0,0 +1 @@
+* @argoyle @peter-svensson

Makefile

@@ -0,0 +1,15 @@
+#!/usr/bin/make -f
+
+SHELL = /bin/bash
+EXAMPLES = $(shell find ./examples/* -maxdepth 1 -type d -not -path '*/\.*')
+
+.PHONY: examples
+examples: $(addprefix example/,$(EXAMPLES))
+
+.PHONY: example/%
+example/%:
+	@echo "Processing example: $(notdir $*)"
+	@terraform -chdir=$* init
+	@terraform -chdir=$* validate
+	@terraform -chdir=$* plan
+

README.md

@@ -0,0 +1,6 @@
+# terraform-aws-k8s-addons-keda
+
+A terraform module which provides
+the [custom addon](https://kops.sigs.k8s.io/addons/#custom-addons)
+for [KEDA](https://keda.sh/) to be used together
+with [opzkit/k8s/aws](https://registry.terraform.io/modules/opzkit/k8s/aws/latest).

examples/basic/k8s.tf

@@ -0,0 +1,64 @@
+locals {
+  zone       = "example.com"
+  name       = "k8s.${local.zone}"
+  region     = "eu-west-1"
+  account_id = "012345678901"
+}
+
+resource "aws_iam_role" "kubernetes_admin" {
+  assume_role_policy = jsonencode({
+    Statement = [
+      {
+        Action    = "sts:AssumeRole"
+        Condition = {}
+        Effect    = "Allow"
+        Principal = {
+          AWS = "arn:aws:iam::${local.account_id}:root"
+        }
+      },
+    ]
+    Version = "2012-10-17"
+  })
+  description = "Kubernetes administrator role (for AWS IAM Authenticator for Kubernetes)."
+}
+
+module "keda" {
+  source = "../../"
+}
+
+module "state_store" {
+  source           = "opzkit/kops-state-store/aws"
+  version          = "0.5.0"
+  state_store_name = "some-kops-storage-s3-bucket"
+}
+
+module "k8s-network" {
+  source              = "opzkit/k8s-network/aws"
+  version             = "0.0.10"
+  name                = local.name
+  region              = local.region
+  public_subnet_zones = ["a", "b", "c"]
+  vpc_cidr            = "172.20.0.0/16"
+}
+
+module "sso" {
+  source  = "opzkit/k8s-addons-aws-sso/aws"
+  version = "0.0.2"
+}
+
+module "k8s" {
+  depends_on         = [module.state_store]
+  source             = "opzkit/k8s/aws"
+  version            = "0.15.0"
+  name               = local.name
+  region             = local.region
+  dns_zone           = local.zone
+  kubernetes_version = "1.28.5"
+  master_count       = 3
+  vpc_id             = module.k8s-network.vpc.id
+  public_subnet_ids  = module.k8s-network.public_subnets
+  iam_role_mappings  = module.sso.iam_role_mappings
+  bucket_state_store = module.state_store.bucket
+  admin_ssh_key      = "../dummy_ssh_private"
+  extra_addons       = module.keda.addons
+}

examples/basic/provider.tf

@@ -0,0 +1,26 @@
+provider "kops" {
+  state_store = "s3://state-store"
+}
+
+provider "aws" {
+  skip_requesting_account_id  = true
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  region                      = "eu-west-1"
+  access_key                  = "mock_access_key"
+  secret_key                  = "mock_secret_key"
+}
+
+terraform {
+  required_providers {
+    kops = {
+      source  = "terraform-kops/kops"
+      version = "~> 1.28.7"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.62.0"
+    }
+  }
+}

examples/dummy_ssh_private

@@ -0,0 +1 @@
+This should be your private ssh key.