{"id":50779406,"url":"https://github.com/rad-security/terraform-helm-rad-security-plugins","last_synced_at":"2026-06-12T02:03:19.861Z","repository":{"id":255252880,"uuid":"848021151","full_name":"rad-security/terraform-helm-rad-security-plugins","owner":"rad-security","description":"A terraform module for installing Rad Security plugins","archived":false,"fork":false,"pushed_at":"2024-09-17T14:51:34.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-09-17T18:25:08.443Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rad-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-27T01:37:26.000Z","updated_at":"2024-09-17T14:40:49.000Z","dependencies_parsed_at":"2024-09-17T18:04:35.843Z","dependency_job_id":"5d55a0d5-dae7-441e-8940-72ce17824f75","html_url":"https://github.com/rad-security/terraform-helm-rad-security-plugins","commit_stats":null,"previous_names":["rad-security/terraform-helm-rad-security-plugins"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/rad-security/terraform-helm-rad-security-plugins","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rad-security%2Fterraform-helm-rad-security-plugins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rad-security%2Fterraform-helm-rad-security-plugins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rad-security%2Fterraform-helm-rad-security-plugins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rad-security%2Fterraform-helm-rad-security-plugins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rad-security","download_url":"https://codeload.github.com/rad-security/terraform-helm-rad-security-plugins/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rad-security%2Fterraform-helm-rad-security-plugins/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34225356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-12T02:03:16.109Z","updated_at":"2026-06-12T02:03:19.846Z","avatar_url":"https://github.com/rad-security.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-helm-rad-security-plugins\nA terraform module for installing Rad Security Plugins through Terraform.\n\n## Description\n\nThis module provides a flexible way to deploy Rad Security plugins using Helm. It allows you to configure various components of the Rad Security suite, including Guard, SBOM, Sync, Watch, Node Agent, and K9.\n\n## Features\n\n- Automatic cluster API key generation\n- Optional installation of cert-manager\n- Installs Rad Security plugins using Helm\n- Configurable components of the Rad Security plugins (Guard, SBOM, Sync, Watch, Node Agent, K9)\n\n## Requirements\n\nCert Manager must be installed prior to installing the plugins. It can be installed by setting `install_cert_manager` to `true`. This will install the Cert Manager Helm Chart in the cert-manager namespace. If it is already installed or you do not want to install it using this method, you can set `install_cert_manager` to `false`.\n\n## Usage\nTo use this module, two providers are required. The `rad-security` provider and the `helm` provider.\n\nTo configure the `rad-security` provider, the cloud api keys must be provided.\n\n```hcl\nprovider \"rad-security\" {\n  access_key_id        = \"YOUR_ACCESS_KEY_ID\"\n  secret_key           = \"YOUR_SECRET_KEY\"\n}\n```\n\nThe second provider is the `helm` provider. This provider requires a kubernetes configuration. This can be provided in multiple ways. Here are two examples of configuring the helm provider.\n\n1. By using the `config_path` attribute to point to a local kubeconfig file.\n2. By providing the kubernetes host, token, and cluster_ca_certificate.\n\n### Local Kubeconfig\n```hcl\nprovider \"helm\" {\n  kubernetes {\n    config_path = \"~/.kube/config\"\n  }\n}\n```\n\n### AWS EKS\n```hcl\nprovider \"helm\" {\n  kubernetes {\n    host                   = module.eks_cluster.eks_cluster_endpoint\n    token                  = data.aws_eks_cluster_auth.kubernetes.token\n    cluster_ca_certificate = base64decode(module.eks_cluster.eks_cluster_certificate_authority_data)\n  }\n}\n```\n\n## Additional Usecases\n\nThe namespace and service account name for SBOM is exported as outputs. This allows for easy integration with IRSA or EKS Pod Identity.\n\nEKS Pod Identity:\n\n```hcl\nresource \"aws_eks_pod_identity_association\" \"rad_sbom\" {\n  cluster_name    = aws_eks_cluster.example.name\n  namespace       = module.rad_plugin.rad_plugin_namespace\n  service_account = module.rad_plugin.sbom_service_account_name\n  role_arn        = aws_iam_role.example.arn\n}\n```\n\nIRSA:\n\n```hcl\n\nmodule \"iam_assumable_role_example\" {\n  source                        = \"terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc\"\n  version                       = \"3.6.0\"\n  create_role                   = true\n  role_name                     = local.example_role_name\n  provider_url                  = replace(module.eks.cluster_oidc_issuer_url, \"https://\", \"\")\n  role_policy_arns              = [aws_iam_policy.cluster_autoscaler.arn]\n  oidc_fully_qualified_subjects = [\"system:serviceaccount:${module.rad_plugin.rad_plugin_namespace}:${module.rad_plugin.sbom_service_account_name}\"]\n}\n\n\nmodule \"rad_install\" {\n  source = \"../\"\n  # version = \"1.0.0\"\n\n  install_cert_manager = true\n\n  cluster_name = \"Example\"\n\n  helm_settings = [{\n    name = \"ksocSbom.serviceAccount.annotations.eks.amazonaws.com/role-arn\"\n    value = module.iam_assumable_role_example.iam_role_arn\n    type = \"string\"\n  }]\n\n  plugin_configuration_file = [\"${file(\"./values.yaml\")}\"]\n}\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_helm\"\u003e\u003c/a\u003e [helm](#provider\\_helm) | n/a |\n| \u003ca name=\"provider_rad-security\"\u003e\u003c/a\u003e [rad-security](#provider\\_rad-security) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [helm_release.plugins](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |\n| [rad-security_cluster_api_key.this](https://registry.terraform.io/providers/rad-security/rad-security/latest/docs/resources/cluster_api_key) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | Cluster Name to use within the Rad Platform | `string` | `\"\"` | no |\n| \u003ca name=\"input_enable_guard\"\u003e\u003c/a\u003e [enable\\_guard](#input\\_enable\\_guard) | Toggles the Guard component | `bool` | `true` | no |\n| \u003ca name=\"input_enable_k9\"\u003e\u003c/a\u003e [enable\\_k9](#input\\_enable\\_k9) | Toggles the K9 component | `bool` | `false` | no |\n| \u003ca name=\"input_enable_node_agent\"\u003e\u003c/a\u003e [enable\\_node\\_agent](#input\\_enable\\_node\\_agent) | Toggles the Node Agent component | `bool` | `false` | no |\n| \u003ca name=\"input_enable_openshift\"\u003e\u003c/a\u003e [enable\\_openshift](#input\\_enable\\_openshift) | Toggles support for OpenShift | `bool` | `false` | no |\n| \u003ca name=\"input_enable_sbom\"\u003e\u003c/a\u003e [enable\\_sbom](#input\\_enable\\_sbom) | Toggles the SBOM component | `bool` | `true` | no |\n| \u003ca name=\"input_enable_sync\"\u003e\u003c/a\u003e [enable\\_sync](#input\\_enable\\_sync) | Toggles the Sync component | `bool` | `true` | no |\n| \u003ca name=\"input_enable_watch\"\u003e\u003c/a\u003e [enable\\_watch](#input\\_enable\\_watch) | Toggles the Watch component | `bool` | `true` | no |\n| \u003ca name=\"input_helm_settings\"\u003e\u003c/a\u003e [helm\\_settings](#input\\_helm\\_settings) | List of Helm configuration values to set | \u003cpre\u003elist(object({\u003cbr\u003e    name  = string\u003cbr\u003e    value = string\u003cbr\u003e    type  = string\u003cbr\u003e    }\u003cbr\u003e  ))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_install_cert_manager\"\u003e\u003c/a\u003e [install\\_cert\\_manager](#input\\_install\\_cert\\_manager) | Set to toggle the installation of cert-manager before the installation of plugins | `bool` | `true` | no |\n| \u003ca name=\"input_plugin_configuration_file\"\u003e\u003c/a\u003e [plugin\\_configuration\\_file](#input\\_plugin\\_configuration\\_file) | Location of the values.yaml file to use with rad plugins | `list(string)` | `[]` | no |\n| \u003ca name=\"input_rad_plugin_namespace\"\u003e\u003c/a\u003e [rad\\_plugin\\_namespace](#input\\_rad\\_plugin\\_namespace) | Namespace to install the Rad Platform plugins into | `string` | `\"ksoc\"` | no |\n| \u003ca name=\"input_rad_plugin_version\"\u003e\u003c/a\u003e [rad\\_plugin\\_version](#input\\_rad\\_plugin\\_version) | Helm chart version to use | `string` | `\"\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_rad_plugin_namespace\"\u003e\u003c/a\u003e [rad\\_plugin\\_namespace](#output\\_rad\\_plugin\\_namespace) | n/a |\n| \u003ca name=\"output_sbom_service_account_name\"\u003e\u003c/a\u003e [sbom\\_service\\_account\\_name](#output\\_sbom\\_service\\_account\\_name) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frad-security%2Fterraform-helm-rad-security-plugins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frad-security%2Fterraform-helm-rad-security-plugins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frad-security%2Fterraform-helm-rad-security-plugins/lists"}