diff --git a/kubernetes/aws/eks/README.md b/kubernetes/aws/eks/README.md
index d3190966a..40b526baf 100644
--- a/kubernetes/aws/eks/README.md
+++ b/kubernetes/aws/eks/README.md
@@ -92,6 +92,19 @@
| [cluster\_log\_retention\_in\_days](#input\_cluster\_log\_retention\_in\_days) | Logs retention in days | `number` | n/a | yes |
| [cluster\_version](#input\_cluster\_version) | Kubernetes version to use for the EKS cluster | `string` | n/a | yes |
| [ebs\_kms\_key\_id](#input\_ebs\_kms\_key\_id) | KMS key id to encrypt/decrypt EBS | `string` | n/a | yes |
+| [efs\_csi\_external\_provisioner\_image](#input\_efs\_csi\_external\_provisioner\_image) | EFS CSI external provisioner image name | `string` | n/a | yes |
+| [efs\_csi\_external\_provisioner\_tag](#input\_efs\_csi\_external\_provisioner\_tag) | EFS CSI external provisioner image tag | `string` | n/a | yes |
+| [efs\_csi\_image](#input\_efs\_csi\_image) | EFS CSI image name | `string` | n/a | yes |
+| [efs\_csi\_image\_pull\_secrets](#input\_efs\_csi\_image\_pull\_secrets) | Image pull secret used to pull EFS CSI images | `string` | `null` | no |
+| [efs\_csi\_liveness\_probe\_image](#input\_efs\_csi\_liveness\_probe\_image) | EFS CSI liveness probe image name | `string` | n/a | yes |
+| [efs\_csi\_liveness\_probe\_tag](#input\_efs\_csi\_liveness\_probe\_tag) | EFS CSI liveness probe image tag | `string` | n/a | yes |
+| [efs\_csi\_name](#input\_efs\_csi\_name) | EFS CSI name | `string` | `null` | no |
+| [efs\_csi\_namespace](#input\_efs\_csi\_namespace) | EFS CSI namespace | `string` | `null` | no |
+| [efs\_csi\_node\_driver\_registrar\_image](#input\_efs\_csi\_node\_driver\_registrar\_image) | EFS CSI node driver registrar image name | `string` | n/a | yes |
+| [efs\_csi\_node\_driver\_registrar\_tag](#input\_efs\_csi\_node\_driver\_registrar\_tag) | EFS CSI node driver registrar image tag | `string` | n/a | yes |
+| [efs\_csi\_repository](#input\_efs\_csi\_repository) | EFS CSI helm repository | `string` | n/a | yes |
+| [efs\_csi\_tag](#input\_efs\_csi\_tag) | EFS CSI image tag | `string` | n/a | yes |
+| [efs\_csi\_version](#input\_efs\_csi\_version) | EFS CSI helm version | `string` | n/a | yes |
| [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | List of EKS managed node groups | `any` | `null` | no |
| [fargate\_profiles](#input\_fargate\_profiles) | List of fargate profiles | `any` | `null` | no |
| [instance\_refresh\_image](#input\_instance\_refresh\_image) | Instance refresh image name | `string` | n/a | yes |
diff --git a/kubernetes/aws/eks/efs-csi.tf b/kubernetes/aws/eks/efs-csi.tf
index 8e0d16ebb..4e60634fb 100644
--- a/kubernetes/aws/eks/efs-csi.tf
+++ b/kubernetes/aws/eks/efs-csi.tf
@@ -199,9 +199,12 @@ resource "helm_release" "efs_csi" {
name = "sidecars.csiProvisioner.image.tag"
value = var.efs_csi_external_provisioner_tag
}
- set {
- name = "imagePullSecrets"
- value = var.efs_csi_image_pull_secrets
+ dynamic "set" {
+ for_each = toset(compact([var.efs_csi_image_pull_secrets]))
+ content {
+ name = "imagePullSecrets"
+ value = each.key
+ }
}
set {
name = "node.serviceAccount.create"
diff --git a/monitoring/onpremise/grafana/README.md b/monitoring/onpremise/grafana/README.md
index ec48d430d..079fa935f 100644
--- a/monitoring/onpremise/grafana/README.md
+++ b/monitoring/onpremise/grafana/README.md
@@ -41,10 +41,10 @@ No modules.
| [docker\_image](#input\_docker\_image) | Docker image for Grafana | object({
image = string
tag = string
image_pull_secrets = string
}) | n/a | yes |
| [namespace](#input\_namespace) | Namespace of ArmoniK monitoring | `string` | n/a | yes |
| [node\_selector](#input\_node\_selector) | Node selector for Grafana | `any` | `{}` | no |
-| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | n/a | yes |
+| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | `null` | no |
| [port](#input\_port) | Port for Grafana service | `string` | n/a | yes |
| [prometheus\_url](#input\_prometheus\_url) | Prometheus URL | `string` | n/a | yes |
-| [security\_context](#input\_security\_context) | security context for MongoDB pods | object({
run_as_user = number
fs_group = number
}) | n/a | yes |
+| [security\_context](#input\_security\_context) | security context for Grafana pods | object({
run_as_user = number
fs_group = number
}) | {
"fs_group": 999,
"run_as_user": 999
} | no |
| [service\_type](#input\_service\_type) | Service type which can be: ClusterIP, NodePort or LoadBalancer | `string` | n/a | yes |
## Outputs
diff --git a/monitoring/onpremise/prometheus/README.md b/monitoring/onpremise/prometheus/README.md
index 2a03a7c64..637715d98 100644
--- a/monitoring/onpremise/prometheus/README.md
+++ b/monitoring/onpremise/prometheus/README.md
@@ -43,8 +43,8 @@ No modules.
| [metrics\_exporter\_url](#input\_metrics\_exporter\_url) | URL of metrics exporter | `string` | n/a | yes |
| [namespace](#input\_namespace) | Namespace of ArmoniK monitoring | `string` | n/a | yes |
| [node\_selector](#input\_node\_selector) | Node selector for Prometheus | `any` | `{}` | no |
-| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | n/a | yes |
-| [security\_context](#input\_security\_context) | security context for MongoDB pods | object({
run_as_user = number
fs_group = number
}) | n/a | yes |
+| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | `null` | no |
+| [security\_context](#input\_security\_context) | security context for Prometheus pods | object({
run_as_user = number
fs_group = number
}) | {
"fs_group": 65534,
"run_as_user": 65534
} | no |
| [service\_type](#input\_service\_type) | Service type which can be: ClusterIP, NodePort or LoadBalancer | `string` | n/a | yes |
## Outputs
diff --git a/storage/aws/efs/README.md b/storage/aws/efs/README.md
index f05156000..510a99a6b 100644
--- a/storage/aws/efs/README.md
+++ b/storage/aws/efs/README.md
@@ -39,7 +39,7 @@ No modules.
| [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput\_mode set to provisioned | `number` | `null` | no |
| [tags](#input\_tags) | Tags for resource | `any` | `{}` | no |
| [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Defaults to bursting. Valid values: bursting, elastic, and provisioned. When using provisioned, also set provisioned\_throughput\_in\_mibps | `string` | `"bursting"` | no |
-| [transition\_to\_ia](#input\_transition\_to\_ia) | Describes the period of time that a file is not accessed, after which it transitions to IA storage | `string` | `"AFTER_7_DAYS"` | no |
+| [transition\_to\_ia](#input\_transition\_to\_ia) | Describes the period of time that a file is not accessed, after which it transitions to IA storage | `string` | `null` | no |
| [vpc\_cidr\_block\_private](#input\_vpc\_cidr\_block\_private) | AWS VPC private cidr block | `set(string)` | n/a | yes |
| [vpc\_cidr\_blocks](#input\_vpc\_cidr\_blocks) | AWS VPC cidr block | `set(string)` | n/a | yes |
| [vpc\_id](#input\_vpc\_id) | AWS VPC id | `string` | n/a | yes |
diff --git a/storage/aws/efs/main.tf b/storage/aws/efs/main.tf
index fed9a5799..b60b14f74 100644
--- a/storage/aws/efs/main.tf
+++ b/storage/aws/efs/main.tf
@@ -19,9 +19,14 @@ resource "aws_efs_file_system" "efs" {
performance_mode = var.performance_mode
throughput_mode = var.throughput_mode
provisioned_throughput_in_mibps = var.provisioned_throughput_in_mibps
- lifecycle_policy {
- transition_to_ia = var.transition_to_ia
+
+ dynamic "lifecycle_policy" {
+ for_each = toset(compact([var.transition_to_ia]))
+ content {
+ transition_to_ia = each.key
+ }
}
+
tags = local.tags
}
diff --git a/storage/aws/efs/outputs.tf b/storage/aws/efs/outputs.tf
index 8cd856326..f843bff56 100644
--- a/storage/aws/efs/outputs.tf
+++ b/storage/aws/efs/outputs.tf
@@ -1,9 +1,11 @@
output "id" {
description = "EFS id"
value = aws_efs_file_system.efs.id
+ depends_on = [aws_efs_mount_target.efs, aws_efs_access_point.efs]
}
output "kms_key_id" {
description = "KMS used to encrypt EFS"
value = aws_efs_file_system.efs.kms_key_id
+ depends_on = [aws_efs_mount_target.efs, aws_efs_access_point.efs]
}
diff --git a/storage/aws/efs/variables.tf b/storage/aws/efs/variables.tf
index a7098b020..6b632b2d1 100644
--- a/storage/aws/efs/variables.tf
+++ b/storage/aws/efs/variables.tf
@@ -68,15 +68,15 @@ variable "provisioned_throughput_in_mibps" {
variable "transition_to_ia" {
description = "Describes the period of time that a file is not accessed, after which it transitions to IA storage"
type = string
- default = "AFTER_7_DAYS"
+ default = null
validation {
- condition = contains([
+ condition = var.transition_to_ia != null ? contains([
"AFTER_7_DAYS",
"AFTER_14_DAYS",
"AFTER_30_DAYS",
"AFTER_60_DAYS",
"AFTER_90_DAYS"
- ], var.transition_to_ia)
+ ], var.transition_to_ia) : true
error_message = "Possible values for the parameter transition_to_ia are \"AFTER_7_DAYS\" | \"AFTER_14_DAYS\" | \"AFTER_30_DAYS\", \"AFTER_60_DAYS\" | \"AFTER_90_DAYS\"."
}
}
diff --git a/storage/onpremise/mongodb/README.md b/storage/onpremise/mongodb/README.md
index 4d6ebe401..00e047dbc 100644
--- a/storage/onpremise/mongodb/README.md
+++ b/storage/onpremise/mongodb/README.md
@@ -56,9 +56,10 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [mongodb](#input\_mongodb) | Parameters of MongoDB | object({
image = string
tag = string
node_selector = any
image_pull_secrets = string
replicas_number = number
security_context = object({
run_as_user = number
fs_group = number
})
}) | n/a | yes |
+| [mongodb](#input\_mongodb) | Parameters of MongoDB | object({
image = string
tag = string
node_selector = any
image_pull_secrets = string
replicas_number = number
}) | n/a | yes |
| [namespace](#input\_namespace) | Namespace of ArmoniK resources | `string` | n/a | yes |
-| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | n/a | yes |
+| [persistent\_volume](#input\_persistent\_volume) | Persistent volume info | object({
storage_provisioner = string
volume_binding_mode = string
parameters = map(string)
# Resources for PVC
resources = object({
limits = object({
storage = string
})
requests = object({
storage = string
})
})
}) | `null` | no |
+| [security\_context](#input\_security\_context) | security context for MongoDB pods | object({
run_as_user = number
fs_group = number
}) | {
"fs_group": 999,
"run_as_user": 999
} | no |
| [validity\_period\_hours](#input\_validity\_period\_hours) | Validity period of the certificate in hours | `string` | `"8760"` | no |
## Outputs
diff --git a/storage/onpremise/mongodb/main.tf b/storage/onpremise/mongodb/main.tf
index 842f775be..108fa465c 100644
--- a/storage/onpremise/mongodb/main.tf
+++ b/storage/onpremise/mongodb/main.tf
@@ -51,10 +51,10 @@ resource "kubernetes_deployment" "mongodb" {
}
}
security_context {
- run_as_user = var.mongodb.security_context.run_as_user
+ run_as_user = var.security_context.run_as_user
run_as_non_root = true
- run_as_group = var.mongodb.security_context.fs_group
- fs_group = var.mongodb.security_context.fs_group
+ run_as_group = var.security_context.fs_group
+ fs_group = var.security_context.fs_group
}
container {
name = "mongodb"