| Name | Version |
|---|---|
| terraform | >= 1.5 |
| helm | >= 3.0 |
| Name | Version |
|---|---|
| helm | 3.1.1 |
| Name | Source | Version |
|---|---|---|
| pod_identity | terraform-aws-modules/eks-pod-identity/aws | ~> 2.0 |
| secrets_manager_role | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | ~> 6.0 |
| Name | Type |
|---|---|
| helm_release.ascp | resource |
| helm_release.release | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| affinity | Affinity for Secrets Store CSI Driver pods. Prevents the CSI driver from being scheduled on virtual-kubelet nodes by default | map(any) |
{ |
no |
| ascp_chart_name | Name of ASCP chart | string |
"secrets-store-csi-driver-provider-aws" |
no |
| ascp_chart_namespace | Namespace to install the ASCP chart into | string |
"secrets-store-csi-system" |
no |
| ascp_chart_repository | Helm repository for the ASCP chart | string |
"https://aws.github.io/secrets-store-csi-driver-provider-aws" |
no |
| ascp_chart_timeout | Timeout to wait for the ASCP chart to be deployed. | number |
300 |
no |
| ascp_chart_version | Version of ASCP chart to install. Set to empty to install the latest version | string |
"2.1.1" |
no |
| ascp_image_repository | Image repository of the ASCP | string |
"public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws" |
no |
| ascp_image_tag | Image tag of the ASCP | string |
"2.1.0" |
no |
| ascp_node_selector | Node selector for ASCP pods | map(any) |
{} |
no |
| ascp_pod_annotations | Annotations for ASCP pods | map(any) |
{} |
no |
| ascp_pod_labels | Labels for ASCP pods | map(any) |
{} |
no |
| ascp_priority_class_name | Priority class name for ASCP pods | string |
"system-node-critical" |
no |
| ascp_release_name | ASCP helm release name | string |
"csi-secrets-store-provider-aws" |
no |
| ascp_resources | ASCP container rsources | map(any) |
{ |
no |
| ascp_tolerations | Tolerations for ASCP pods | list(map(string)) |
[] |
no |
| chart_name | Helm chart name to provision | string |
"secrets-store-csi-driver" |
no |
| chart_namespace | Namespace to install the chart into | string |
"secrets-store-csi-system" |
no |
| chart_repository | Helm repository for the chart | string |
"https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" |
no |
| chart_timeout | Timeout to wait for the Chart to be deployed. | number |
300 |
no |
| chart_version | Version of Chart to install. Set to empty to install the latest version | string |
"1.5.4" |
no |
| cluster_name | Name of Kubernetes Cluster | string |
n/a | yes |
| create_namespace | Create the namespace if it does not exist | bool |
true |
no |
| enableSecretRotation | Enable rotation for secrets | bool |
false |
no |
| external_secrets_create_permission | Determines whether External Secrets has permission to create/delete secrets | bool |
false |
no |
| external_secrets_kms_key_arns | List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets | list(string) |
[] |
no |
| external_secrets_secrets_manager_arns | List of Secrets Manager ARNs that contain secrets to mount using External Secrets | list(string) |
[ |
no |
| external_secrets_ssm_parameter_arns | List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets | list(string) |
[ |
no |
| iam_role_name | Name of IAM role for controller | string |
"" |
no |
| iam_role_type | IAM Roles for Service Accounts irsa or pod_identity |
string |
"pod_identity" |
no |
| image_repository | Image repository for the Driver | string |
"registry.k8s.io/csi-secrets-store/driver" |
no |
| image_repository_crds | Image repository for the CRDs | string |
"registry.k8s.io/csi-secrets-store/driver-crds" |
no |
| image_repository_liveness | Image repository for the Liveness Probe | string |
"registry.k8s.io/sig-storage/livenessprobe" |
no |
| image_repository_registrar | Image repository for the Registrar | string |
"registry.k8s.io/sig-storage/csi-node-driver-registrar" |
no |
| image_tag | Image tag for the Driver and CRDs | string |
"v1.5.4" |
no |
| image_tag_liveness | Image tag fo the LivenessProbe | string |
"v2.15.0" |
no |
| image_tag_registrar | Image tag | string |
"v2.13.0" |
no |
| max_history | Max History for Helm | number |
20 |
no |
| namespace | Kubernetes namespace, where the service account want to create | string |
"default" |
no |
| node_selector | Node selector for Secrets Store CSI Driver pods | map(any) |
{} |
no |
| oidc_provider_arn | OIDC Provider ARN for IRSA | string |
n/a | yes |
| pod_annotations | Annotations for Secrets Store CSI Driver pods | map(any) |
{} |
no |
| pod_labels | Labels for Secrets Store CSI Driver pods | map(any) |
{} |
no |
| release_name | Helm release name | string |
"secrets-store-csi-driver" |
no |
| resources_driver | Driver Resources | map(any) |
{ |
no |
| resources_liveness | Liveness Probe Resources | map(any) |
{ |
no |
| resources_registrar | Registrar Resources | map(any) |
{ |
no |
| service_account_name | Name of service account to create. Not generated | string |
"csi-secrets-store-provider-aws" |
no |
| syncSecretEnabled | Sync with kubernetes secrets | bool |
false |
no |
| tolerations | Tolerations for Secrets Store CSI Driver pods | list(map(string)) |
[] |
no |
| Name | Description |
|---|---|
| iam_role_arn | ARN of IAM role |
| iam_role_name | Name of IAM role |
| iam_role_path | Path of IAM role |
| iam_role_unique_id | Unique ID of IAM role |