A template to get you started with OpenTofu (and AWS / EKS).
See also: tofu-actions, manifest-template
./.github/workflows: Set of basic workflows from tofu-actions../.github/tofu-actions-config.js: Configuration for tofu-actions.
./.github/renovate.json5,./.github/renovate/*: Renovate configurations../common: Contains common resources like IAM Roles for a basic EKS setup.main.tf: Metadata (backend, providers, and variables)oidc_actions.tf: OIDC provider and roles for GitHub Actions in this repository.
./dev: Contains basic setup for a dual-stack VPC and an EKS cluster.vpc*.tf: A dual-stack (IPv4 and IPv6) VPC setup.eks*.tf: A basic EKS cluster setup.
Create a repository from this template, and rewrite wherever needed.
./.github/workflows: After applyingoidc_actions.tf, replace<aws-account-id>with your AWS account ID.
This repository uses Renovate to keep dependencies up to date.
While you can definitely use Mend Renovate, eks-addon datasource requires AWS API access.
There are renovate regex tags like renovate:eksAddonsFilter={"region":"ap-northeast-1","addonName":"kube-proxy"}
in ./dev/eks.tf to mark eks-addon version definitions, and renovate will use regex manager to update them.
For more, see Renovate EKS Addon documentation.
EKS Addon datasource requires self-hosting Renovate using GitHub App, since you cannot configure allowedEnv
in Mend Renovate to pass in AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
There are several ways to self-host and run Renovate processes:
- (probably the easiest) GitHub Actions using renovatebot/github-action.
- You might want to check out motoki317/manifest for workflow examples.
- K8s CronJob: See manifest-template/dev/renovate.