Adding a lot of stuff.

modules/eks-external-secrets/data.tf

@@ -0,0 +1,3 @@
+data "aws_eks_cluster_auth" "self" {
+  name = var.cluster_id
+}

modules/eks-external-secrets/main.tf

@@ -0,0 +1,53 @@
+resource "helm_release" "external_secrets" {
+  name             = "external-secrets"
+  repository       = "https://charts.external-secrets.io"
+  chart            = "external-secrets"
+  version          = "0.5.2"
+  namespace        = var.namespace
+  create_namespace = var.create_namespace
+
+  set {
+    name  = "installCRDs"
+    value = true
+  }
+
+  set {
+    name  = "webhook.create"
+    value = true
+  }
+
+  set {
+    name  = "certController.create"
+    value = true
+  }
+
+  set {
+    name  = "webhook.serviceMonitor.enabled"
+    value = var.service_monitor
+  }
+
+  set {
+    name  = "webhook.serviceMonitor.additionalLabels.release"
+    value = "prometheus-community"
+  }
+
+  set {
+    name  = "serviceMonitor.enabled"
+    value = var.service_monitor
+  }
+
+  set {
+    name  = "serviceMonitor.additionalLabels.release"
+    value = "prometheus-community"
+  }
+
+  set {
+    name  = "certController.serviceMonitor.enabled"
+    value = var.service_monitor
+  }
+
+  set {
+    name  = "certController.serviceMonitor.additionalLabels.release"
+    value = "prometheus-community"
+  }
+}

modules/eks-external-secrets/provider.tf

@@ -0,0 +1,16 @@
+provider "helm" {
+  kubernetes {
+    host                   = var.cluster_endpoint
+    cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
+    token                  = data.aws_eks_cluster_auth.self.token
+  }
+}
+
+provider "kubernetes" {
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
+  token                  = data.aws_eks_cluster_auth.self.token
+  experiments {
+    manifest_resource = true
+  }
+}

modules/eks-external-secrets/variables.tf

@@ -0,0 +1,32 @@
+variable "cluster_id" {
+  type        = string
+  description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
+}
+
+variable "cluster_endpoint" {
+  type        = string
+  description = "Endpoint for your Kubernetes API server"
+}
+
+variable "cluster_certificate_authority_data" {
+  type        = string
+  description = "Base64 encoded certificate data required to communicate with the cluster"
+}
+
+variable "namespace" {
+  default     = "external-secrets"
+  type        = string
+  description = "The name of the namespace where the operator will be deployed"
+}
+
+variable "create_namespace" {
+  default     = true
+  type        = bool
+  description = "If true, the namespace is create if it does not exists"
+}
+
+variable "service_monitor" {
+  type        = bool
+  default     = false
+  description = "If true, the ServiceMonitor is created for the monitoring based on Prometheus operator"
+}

modules/eks-external-secrets/versions.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.4.1"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.4.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.10.0"
+    }
+  }
+}