fix bugs

Signed-off-by: Carlos Santana <csantana23@gmail.com>

Author: csantanapr

argocd/iac/terraform/examples/eks/external-secrets/README.md

@@ -2,13 +2,8 @@
 
 This example shows how to deploy Amazon EKS with addons configured via ArgoCD
 
-The example demonstrate how to use private git repository for workload apps.
-
-The example stores your ssh key in AWS Secret Manager, and External Secret Operator to create the secret
-for ArgoCD to access the git repositories.
-
-## Prerequisites
-- Create a Github ssh key file, example assumes the file path `~/.ssh/id_rsa`, update `main.tf` if using a different location
+The example demonstrate how to use [External Secret Operator(ESO)](https://external-secrets.io) with
+AWS Secret Manager and AWS Systems Manager Parameter Store
 
 Deploy EKS Cluster
 ```shell
@@ -21,16 +16,16 @@ Access Terraform output to configure `kubectl` and `argocd`
 terraform output
 ```
 
-There is a file `github.yaml` located in the addons git repository `clusters/ex-external-secrets/secret/` this file creates the resources `ClusterSecretStore` and `ExternalSecret`. Update git url in this file when you change the git repository for the workloads specified in `bootstrap/workloads.yaml`. Also update the region in this file if you are using a different region for AWS Secret Manager.
-
-To verify that the ArgoCD secret with ssh key is created run the following command
+Verify that the secrets `external-secrets-ps` and `external-secrets-sm`  are present
 ```shell
-kubectl get secret private-repo-creds -n argocd
+kubectl get secrets -n external-secrets
 ```
+
 Expected output, should have 3 data items in secret
 ```
-NAME                 TYPE     DATA   AGE
-private-repo-creds   Opaque   3      6m45s
+NAME                       TYPE     DATA   AGE
+external-secrets-ps        Opaque   2      1m
+external-secrets-sm        Opaque   2      1m
 ```
 
 Destroy EKS Cluster

argocd/iac/terraform/examples/eks/external-secrets/bootstrap/addons.yaml

@@ -3,6 +3,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
   name: bootstrap-addons
+  namespace: argocd
 spec:
   syncPolicy:
     preserveResourcesOnDeletion: true

argocd/iac/terraform/examples/eks/external-secrets/bootstrap/workloads.yaml

@@ -3,6 +3,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
   name: external-secrets-example
+  namespace: argocd
 spec:
   syncPolicy:
     preserveResourcesOnDeletion: true
@@ -30,12 +31,12 @@ spec:
               clusterSecretStore:
                 secret: '{{metadata.annotations.workload_sm_secret}}'
               secretStore:
-                secret: '{{metadata.annotations.workload_pm_secret}}'
+                secret: '{{metadata.annotations.workload_ps_secret}}'
       destination:
         namespace: '{{metadata.annotations.external_secrets_namespace}}'
         name: '{{name}}'
       syncPolicy:
-        automated:
+        automated: {}
         retry:
           backoff:
             duration: 1m

argocd/iac/terraform/examples/eks/external-secrets/main.tf

@@ -65,7 +65,7 @@ locals {
 
 
   aws_addons = {
-    enable_cert_manager = true
+    #enable_cert_manager = true
     #enable_aws_efs_csi_driver                    = true
     #enable_aws_fsx_csi_driver                    = true
     #enable_aws_cloudwatch_metrics                = true
@@ -92,7 +92,7 @@ locals {
     #enable_ingress_nginx                         = true
     #enable_kyverno                               = true
     #enable_kube_prometheus_stack                 = true
-    enable_metrics_server = true
+    #enable_metrics_server = true
     #enable_prometheus_adapter                    = true
     #enable_secrets_store_csi_driver              = true
     #enable_vpa                                   = true
@@ -114,19 +114,19 @@ locals {
       gitops_bridge_repo_revision = local.gitops_addons_revision
     },
     {
-      workload_repo_url      = local.gitops_addons_url
-      workload_repo_path     = local.gitops_addons_path
-      workload_repo_revision = local.gitops_addons_revision
+      workload_repo_url      = local.gitops_workload_url
+      workload_repo_path     = local.gitops_workload_path
+      workload_repo_revision = local.gitops_workload_revision
     },
     {
-      workload_sm_secret = aws_ssm_parameter.secret_parameter.name
-      workload_pm_secret = aws_secretsmanager_secret.secret.name
+      workload_sm_secret = aws_secretsmanager_secret.secret.name
+      workload_ps_secret = aws_ssm_parameter.secret_parameter.name
     }
   )
 
   argocd_bootstrap_app_of_apps = {
-    addons = file("${path.module}/bootstrap/addons.yaml")
-    addons = file("${path.module}/bootstrap/workloads.yaml")
+    addons    = file("${path.module}/bootstrap/addons.yaml")
+    workloads = file("${path.module}/bootstrap/workloads.yaml")
   }
 
   vpc_cidr = "10.0.0.0/16"