diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e68a01b5..562b9dd8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,12 +5,13 @@ repos: - id: trailing-whitespace args: ['--markdown-linebreak-ext=md'] - id: end-of-file-fixer + - id: trailing-whitespace - id: check-merge-conflict - id: detect-private-key - id: detect-aws-credentials args: ['--allow-missing-credentials'] - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.88.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 2115acd5..6e7fd348 100644 --- a/README.md +++ b/README.md @@ -5,15 +5,6 @@ Terraform module to deploy Kubernetes addons on Amazon EKS clusters. ## Usage ```hcl -module "eks" { - source = "terraform-aws-modules/eks/aws" - - cluster_name = "my-cluster" - cluster_version = "1.27" - - ... truncated for brevity -} - module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" version = "~> 1.0" #ensure to update this to the latest/desired version @@ -51,6 +42,15 @@ module "eks_blueprints_addons" { Environment = "dev" } } + +module "eks" { + source = "terraform-aws-modules/eks/aws" + + cluster_name = "my-cluster" + cluster_version = "1.29" + + ... truncated for brevity +} ``` diff --git a/docs/addons/aws-load-balancer-controller.md b/docs/addons/aws-load-balancer-controller.md index 2eb5d60d..04dc9201 100644 --- a/docs/addons/aws-load-balancer-controller.md +++ b/docs/addons/aws-load-balancer-controller.md @@ -81,7 +81,7 @@ kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \ ``` ```sh -kubectl get ingress +kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE example-ingress alb * k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com 80 4m9s ``` diff --git a/docs/addons/bottlerocket.md b/docs/addons/bottlerocket.md index e6c10acf..c130742c 100644 --- a/docs/addons/bottlerocket.md +++ b/docs/addons/bottlerocket.md @@ -67,7 +67,7 @@ spec: "shutdown-grace-period" = "30s" "shutdown-grace-period-for-critical-pods" = "30s" [settings.kubernetes.eviction-hard] - "memory.available" = "20%" + "memory.available" = "20%" [settings.kubernetes.node-labels] "bottlerocket.aws/updater-interface-version" = "2.0.0" ``` @@ -158,7 +158,7 @@ replicaset.apps/brupop-controller-deployment-58d46595cc 1 1 1 $ kubectl describe apiservices.apiregistration.k8s.io v2.brupop.bottlerocket.aws Name: v2.brupop.bottlerocket.aws -Namespace: +Namespace: Labels: kube-aggregator.kubernetes.io/automanaged=true Annotations: API Version: apiregistration.k8s.io/v1 @@ -188,7 +188,7 @@ Events: $ kubectl label node ip-10-0-34-87.us-west-2.compute.internal bottlerocket.aws/updater-interface-version=2.0.0 node/ip-10-0-34-87.us-west-2.compute.internal labeled -$ kubectl get nodes -L bottlerocket.aws/updater-interface-version +$ kubectl get nodes -L bottlerocket.aws/updater-interface-version NAME STATUS ROLES AGE VERSION UPDATER-INTERFACE-VERSION ip-10-0-34-87.us-west-2.compute.internal Ready 34h v1.28.1-eks-d91a302 2.0.0 ``` @@ -197,6 +197,6 @@ ip-10-0-34-87.us-west-2.compute.internal Ready ```bash kubectl get nodes -NAME STATUS ROLES AGE VERSION +NAME STATUS ROLES AGE VERSION ip-10-0-34-87.us-west-2.compute.internal Ready 34h v1.28.4-eks-d91a302 ``` diff --git a/docs/amazon-eks-addons.md b/docs/amazon-eks-addons.md index 1748dfe3..e0ae00c1 100644 --- a/docs/amazon-eks-addons.md +++ b/docs/amazon-eks-addons.md @@ -350,7 +350,7 @@ module "eks_blueprints_addons" { topologyKey = "kubernetes.io/hostname" } ] - } + } } @@ -363,6 +363,6 @@ module "eks_blueprints_addons" { cpu = "100m" memory = "150Mi" } - }) + }) } ``` diff --git a/main.tf b/main.tf index 8a511958..8fcefb9a 100644 --- a/main.tf +++ b/main.tf @@ -84,7 +84,7 @@ module "argo_rollouts" { namespace = try(var.argo_rollouts.namespace, "argo-rollouts") create_namespace = try(var.argo_rollouts.create_namespace, true) chart = try(var.argo_rollouts.chart, "argo-rollouts") - chart_version = try(var.argo_rollouts.chart_version, "2.31.3") + chart_version = try(var.argo_rollouts.chart_version, "2.34.3") repository = try(var.argo_rollouts.repository, "https://argoproj.github.io/argo-helm") values = try(var.argo_rollouts.values, []) @@ -140,7 +140,7 @@ module "argo_workflows" { namespace = try(var.argo_workflows.namespace, "argo-workflows") create_namespace = try(var.argo_workflows.create_namespace, true) chart = try(var.argo_workflows.chart, "argo-workflows") - chart_version = try(var.argo_workflows.chart_version, "0.36.1") + chart_version = try(var.argo_workflows.chart_version, "0.40.14") repository = try(var.argo_workflows.repository, "https://argoproj.github.io/argo-helm") values = try(var.argo_workflows.values, []) @@ -191,13 +191,12 @@ module "argocd" { create_release = var.create_kubernetes_resources # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml - # (there is no official helm chart for argocd) name = try(var.argocd.name, "argo-cd") description = try(var.argocd.description, "A Helm chart to install the ArgoCD") namespace = try(var.argocd.namespace, "argocd") create_namespace = try(var.argocd.create_namespace, true) chart = try(var.argocd.chart, "argo-cd") - chart_version = try(var.argocd.chart_version, "5.42.1") + chart_version = try(var.argocd.chart_version, "5.55.0") # TODO - v6.x repository = try(var.argocd.repository, "https://argoproj.github.io/argo-helm") values = try(var.argocd.values, []) @@ -245,13 +244,12 @@ module "argo_events" { create = var.enable_argo_events # https://github.com/argoproj/argo-helm/tree/main/charts/argo-events - # (there is no official helm chart for argo-events) name = try(var.argo_events.name, "argo-events") description = try(var.argo_events.description, "A Helm chart to install the Argo Events") namespace = try(var.argo_events.namespace, "argo-events") create_namespace = try(var.argo_events.create_namespace, true) chart = try(var.argo_events.chart, "argo-events") - chart_version = try(var.argo_events.chart_version, "2.4.0") + chart_version = try(var.argo_events.chart_version, "2.4.3") repository = try(var.argo_events.repository, "https://argoproj.github.io/argo-helm") values = try(var.argo_events.values, []) @@ -312,7 +310,7 @@ module "aws_cloudwatch_metrics" { namespace = local.aws_cloudwatch_metrics_namespace create_namespace = try(var.aws_cloudwatch_metrics.create_namespace, true) chart = try(var.aws_cloudwatch_metrics.chart, "aws-cloudwatch-metrics") - chart_version = try(var.aws_cloudwatch_metrics.chart_version, "0.0.9") + chart_version = try(var.aws_cloudwatch_metrics.chart_version, "0.0.10") repository = try(var.aws_cloudwatch_metrics.repository, "https://aws.github.io/eks-charts") values = try(var.aws_cloudwatch_metrics.values, []) @@ -481,7 +479,7 @@ module "aws_efs_csi_driver" { namespace = local.aws_efs_csi_driver_namespace create_namespace = try(var.aws_efs_csi_driver.create_namespace, false) chart = try(var.aws_efs_csi_driver.chart, "aws-efs-csi-driver") - chart_version = try(var.aws_efs_csi_driver.chart_version, "2.4.8") + chart_version = try(var.aws_efs_csi_driver.chart_version, "2.5.6") repository = try(var.aws_efs_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-efs-csi-driver/") values = try(var.aws_efs_csi_driver.values, []) @@ -658,7 +656,7 @@ module "aws_for_fluentbit" { namespace = local.aws_for_fluentbit_namespace create_namespace = try(var.aws_for_fluentbit.create_namespace, false) chart = try(var.aws_for_fluentbit.chart, "aws-for-fluent-bit") - chart_version = try(var.aws_for_fluentbit.chart_version, "0.1.30") + chart_version = try(var.aws_for_fluentbit.chart_version, "0.1.32") repository = try(var.aws_for_fluentbit.repository, "https://aws.github.io/eks-charts") values = try(var.aws_for_fluentbit.values, []) @@ -1054,7 +1052,7 @@ module "aws_fsx_csi_driver" { namespace = local.aws_fsx_csi_driver_namespace create_namespace = try(var.aws_fsx_csi_driver.create_namespace, false) chart = try(var.aws_fsx_csi_driver.chart, "aws-fsx-csi-driver") - chart_version = try(var.aws_fsx_csi_driver.chart_version, "1.7.0") + chart_version = try(var.aws_fsx_csi_driver.chart_version, "1.9.0") repository = try(var.aws_fsx_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/") values = try(var.aws_fsx_csi_driver.values, []) @@ -1418,7 +1416,7 @@ module "aws_load_balancer_controller" { # namespace creation is false here as kube-system already exists by default create_namespace = try(var.aws_load_balancer_controller.create_namespace, false) chart = try(var.aws_load_balancer_controller.chart, "aws-load-balancer-controller") - chart_version = try(var.aws_load_balancer_controller.chart_version, "1.6.0") + chart_version = try(var.aws_load_balancer_controller.chart_version, "1.7.1") repository = try(var.aws_load_balancer_controller.repository, "https://aws.github.io/eks-charts") values = try(var.aws_load_balancer_controller.values, []) @@ -1673,7 +1671,7 @@ module "aws_node_termination_handler" { value = local.region }, { name = "queueURL" - value = module.aws_node_termination_handler_sqs.queue_url + value = try(module.aws_node_termination_handler_sqs.queue_url, "") }, { name = "enableSqsTerminationDraining" @@ -1755,7 +1753,7 @@ module "aws_privateca_issuer" { namespace = local.aws_privateca_issuer_namespace create_namespace = try(var.aws_privateca_issuer.create_namespace, false) chart = try(var.aws_privateca_issuer.chart, "aws-privateca-issuer") - chart_version = try(var.aws_privateca_issuer.chart_version, "v1.2.5") + chart_version = try(var.aws_privateca_issuer.chart_version, "v1.2.7") repository = try(var.aws_privateca_issuer.repository, "https://cert-manager.github.io/aws-privateca-issuer") values = try(var.aws_privateca_issuer.values, []) @@ -1873,7 +1871,7 @@ module "cert_manager" { namespace = local.cert_manager_namespace create_namespace = try(var.cert_manager.create_namespace, true) chart = try(var.cert_manager.chart, "cert-manager") - chart_version = try(var.cert_manager.chart_version, "v1.12.3") + chart_version = try(var.cert_manager.chart_version, "v1.14.3") repository = try(var.cert_manager.repository, "https://charts.jetstack.io") values = try(var.cert_manager.values, []) @@ -1964,9 +1962,10 @@ locals { "1.23" = "v1.23.1" "1.24" = "v1.24.3" "1.25" = "v1.25.3" - "1.26" = "v1.26.4" - "1.27" = "v1.27.3" - "1.28" = "v1.28.0" + "1.26" = "v1.26.6" + "1.27" = "v1.27.5" + "1.28" = "v1.28.2" + "1.29" = "v1.20.0" } } @@ -2025,7 +2024,7 @@ module "cluster_autoscaler" { namespace = local.cluster_autoscaler_namespace create_namespace = try(var.cluster_autoscaler.create_namespace, false) chart = try(var.cluster_autoscaler.chart, "cluster-autoscaler") - chart_version = try(var.cluster_autoscaler.chart_version, "9.29.1") + chart_version = try(var.cluster_autoscaler.chart_version, "9.35.0") repository = try(var.cluster_autoscaler.repository, "https://kubernetes.github.io/autoscaler") values = try(var.cluster_autoscaler.values, []) @@ -2251,7 +2250,7 @@ module "external_dns" { namespace = local.external_dns_namespace create_namespace = try(var.external_dns.create_namespace, true) chart = try(var.external_dns.chart, "external-dns") - chart_version = try(var.external_dns.chart_version, "1.13.0") + chart_version = try(var.external_dns.chart_version, "1.14.3") repository = try(var.external_dns.repository, "https://kubernetes-sigs.github.io/external-dns/") values = try(var.external_dns.values, ["provider: aws"]) @@ -2403,7 +2402,7 @@ module "external_secrets" { namespace = local.external_secrets_namespace create_namespace = try(var.external_secrets.create_namespace, true) chart = try(var.external_secrets.chart, "external-secrets") - chart_version = try(var.external_secrets.chart_version, "0.9.1") + chart_version = try(var.external_secrets.chart_version, "0.9.13") repository = try(var.external_secrets.repository, "https://charts.external-secrets.io") values = try(var.external_secrets.values, []) @@ -2636,7 +2635,7 @@ module "gatekeeper" { namespace = try(var.gatekeeper.namespace, "gatekeeper-system") create_namespace = try(var.gatekeeper.create_namespace, true) chart = try(var.gatekeeper.chart, "gatekeeper") - chart_version = try(var.gatekeeper.chart_version, "3.12.0") + chart_version = try(var.gatekeeper.chart_version, "3.15.0") repository = try(var.gatekeeper.repository, "https://open-policy-agent.github.io/gatekeeper/charts") values = try(var.gatekeeper.values, []) @@ -2692,7 +2691,7 @@ module "ingress_nginx" { namespace = try(var.ingress_nginx.namespace, "ingress-nginx") create_namespace = try(var.ingress_nginx.create_namespace, true) chart = try(var.ingress_nginx.chart, "ingress-nginx") - chart_version = try(var.ingress_nginx.chart_version, "4.7.1") + chart_version = try(var.ingress_nginx.chart_version, "4.10.0") repository = try(var.ingress_nginx.repository, "https://kubernetes.github.io/ingress-nginx") values = try(var.ingress_nginx.values, []) @@ -3016,7 +3015,7 @@ module "karpenter" { namespace = local.karpenter_namespace create_namespace = try(var.karpenter.create_namespace, true) chart = try(var.karpenter.chart, "karpenter") - chart_version = try(var.karpenter.chart_version, "v0.32.1") + chart_version = try(var.karpenter.chart_version, "0.35.0") repository = try(var.karpenter.repository, "oci://public.ecr.aws/karpenter") values = try(var.karpenter.values, []) @@ -3111,7 +3110,7 @@ module "kube_prometheus_stack" { namespace = try(var.kube_prometheus_stack.namespace, "kube-prometheus-stack") create_namespace = try(var.kube_prometheus_stack.create_namespace, true) chart = try(var.kube_prometheus_stack.chart, "kube-prometheus-stack") - chart_version = try(var.kube_prometheus_stack.chart_version, "48.2.3") + chart_version = try(var.kube_prometheus_stack.chart_version, "48.2.3") # TODO 56.x repository = try(var.kube_prometheus_stack.repository, "https://prometheus-community.github.io/helm-charts") values = try(var.kube_prometheus_stack.values, []) @@ -3167,7 +3166,7 @@ module "metrics_server" { namespace = try(var.metrics_server.namespace, "kube-system") create_namespace = try(var.metrics_server.create_namespace, false) chart = try(var.metrics_server.chart, "metrics-server") - chart_version = try(var.metrics_server.chart_version, "3.11.0") + chart_version = try(var.metrics_server.chart_version, "3.12.0") repository = try(var.metrics_server.repository, "https://kubernetes-sigs.github.io/metrics-server/") values = try(var.metrics_server.values, []) @@ -3223,7 +3222,7 @@ module "secrets_store_csi_driver" { namespace = try(var.secrets_store_csi_driver.namespace, "kube-system") create_namespace = try(var.secrets_store_csi_driver.create_namespace, false) chart = try(var.secrets_store_csi_driver.chart, "secrets-store-csi-driver") - chart_version = try(var.secrets_store_csi_driver.chart_version, "1.3.4") + chart_version = try(var.secrets_store_csi_driver.chart_version, "1.4.1") repository = try(var.secrets_store_csi_driver.repository, "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts") values = try(var.secrets_store_csi_driver.values, []) @@ -3279,7 +3278,7 @@ module "secrets_store_csi_driver_provider_aws" { namespace = try(var.secrets_store_csi_driver_provider_aws.namespace, "kube-system") create_namespace = try(var.secrets_store_csi_driver_provider_aws.create_namespace, false) chart = try(var.secrets_store_csi_driver_provider_aws.chart, "secrets-store-csi-driver-provider-aws") - chart_version = try(var.secrets_store_csi_driver_provider_aws.chart_version, "0.3.4") + chart_version = try(var.secrets_store_csi_driver_provider_aws.chart_version, "0.3.6") repository = try(var.secrets_store_csi_driver_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws") values = try(var.secrets_store_csi_driver_provider_aws.values, []) @@ -3392,7 +3391,7 @@ module "velero" { namespace = local.velero_namespace create_namespace = try(var.velero.create_namespace, true) chart = try(var.velero.chart, "velero") - chart_version = try(var.velero.chart_version, "3.2.0") # TODO - 4.0.0 is out + chart_version = try(var.velero.chart_version, "3.2.0") # TODO - 6.0 repository = try(var.velero.repository, "https://vmware-tanzu.github.io/helm-charts/") values = try(var.velero.values, []) @@ -3515,7 +3514,7 @@ module "vpa" { namespace = try(var.vpa.namespace, "vpa") create_namespace = try(var.vpa.create_namespace, true) chart = try(var.vpa.chart, "vpa") - chart_version = try(var.vpa.chart_version, "1.7.5") # TODO - 2.0.0 is out + chart_version = try(var.vpa.chart_version, "1.7.5") # TODO - 4.0 repository = try(var.vpa.repository, "https://charts.fairwinds.com/stable") values = try(var.vpa.values, []) @@ -3607,7 +3606,7 @@ module "aws_gateway_api_controller" { namespace = local.aws_gateway_api_controller_namespace create_namespace = try(var.aws_gateway_api_controller.create_namespace, true) chart = try(var.aws_gateway_api_controller.chart, "aws-gateway-controller-chart") - chart_version = try(var.aws_gateway_api_controller.chart_version, "v0.0.16") + chart_version = try(var.aws_gateway_api_controller.chart_version, "v0.0.18") # TODO - 1.0 repository = try(var.aws_gateway_api_controller.repository, "oci://public.ecr.aws/aws-application-networking-k8s") values = try(var.aws_gateway_api_controller.values, []) @@ -3684,6 +3683,7 @@ module "aws_gateway_api_controller" { ################################################################################ # Bottlerocket Update Operator ################################################################################ + locals { wait_for_cert_manager = try(var.cert_manager.wait, false) ? [module.cert_manager] : [] } diff --git a/tests/complete/README.md b/tests/complete/README.md index affeefd3..e690f282 100644 --- a/tests/complete/README.md +++ b/tests/complete/README.md @@ -10,20 +10,30 @@ Configuration in this directory creates: To run this example you need to execute: ```bash -$ terraform init -$ terraform plan -$ terraform apply +terraform init +terraform plan +terraform apply ``` Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources. +```bash +# Necessary to avoid removing Terraform's permissions too soon before its finished +# cleaning up the resources it deployed inside the cluster +terraform state rm 'module.eks.aws_eks_access_entry.this["cluster_creator"]' || true +terraform state rm 'module.eks.aws_eks_access_policy_association.this["cluster_creator_admin"]' || true + +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy +``` + ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.47 | +| [terraform](#requirement\_terraform) | >= 1.3 | +| [aws](#requirement\_aws) | >= 5.38 | | [helm](#requirement\_helm) | >= 2.8 | | [kubernetes](#requirement\_kubernetes) | >= 2.20 | @@ -31,8 +41,8 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.47 | -| [aws.virginia](#provider\_aws.virginia) | >= 4.47 | +| [aws](#provider\_aws) | >= 5.38 | +| [aws.virginia](#provider\_aws.virginia) | >= 5.38 | ## Modules @@ -40,7 +50,7 @@ Note that this example may create resources which will incur monetary charges on |------|--------|---------| | [adot\_irsa](#module\_adot\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.20 | | [ebs\_csi\_driver\_irsa](#module\_ebs\_csi\_driver\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.20 | -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.17 | +| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 20.4 | | [eks\_blueprints\_addons](#module\_eks\_blueprints\_addons) | ../../ | n/a | | [velero\_backup\_s3\_bucket](#module\_velero\_backup\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | @@ -49,8 +59,6 @@ Note that this example may create resources which will incur monetary charges on | Name | Type | |------|------| -| [aws_security_group.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_vpc_endpoint.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | | [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source | diff --git a/tests/complete/main.tf b/tests/complete/main.tf index d21096bc..ebd40e92 100644 --- a/tests/complete/main.tf +++ b/tests/complete/main.tf @@ -53,46 +53,6 @@ locals { } } -################################################################################ -# Cluster -################################################################################ - -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.17" - - cluster_name = local.name - cluster_version = "1.28" - cluster_endpoint_public_access = true - - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets - - manage_aws_auth_configmap = true - - eks_managed_node_groups = { - initial = { - instance_types = ["m5.xlarge"] - - min_size = 2 - max_size = 10 - desired_size = 3 - } - } - - self_managed_node_groups = { - default = { - instance_type = "m5.large" - - min_size = 2 - max_size = 10 - desired_size = 3 - } - } - - tags = local.tags -} - ################################################################################ # Blueprints Addons ################################################################################ @@ -126,11 +86,8 @@ module "eks_blueprints_addons" { most_recent = true service_account_role_arn = module.adot_irsa.iam_role_arn } - aws-guardduty-agent = {} } - - enable_aws_efs_csi_driver = true enable_aws_fsx_csi_driver = true enable_argocd = true @@ -142,10 +99,15 @@ module "eks_blueprints_addons" { enable_secrets_store_csi_driver = true enable_secrets_store_csi_driver_provider_aws = true enable_kube_prometheus_stack = true - enable_external_dns = true - enable_external_secrets = true - enable_gatekeeper = true - enable_ingress_nginx = true + + enable_external_dns = true + external_dns_route53_zone_arns = [ + "arn:aws:route53:::hostedzone/*", + ] + + enable_external_secrets = true + enable_gatekeeper = true + enable_ingress_nginx = true # Wait for all Cert-manager related resources to be ready enable_cert_manager = true @@ -210,6 +172,14 @@ module "eks_blueprints_addons" { ## An S3 Bucket ARN is required. This can be declared with or without a Prefix. velero = { s3_backup_location = "${module.velero_backup_s3_bucket.s3_bucket_arn}/backups" + values = [ + # https://github.com/vmware-tanzu/helm-charts/issues/550#issuecomment-1959933230 + <<-EOT + kubectl: + image: + tag: 1.29.2-debian-11-r5 + EOT + ] } enable_aws_gateway_api_controller = true @@ -247,7 +217,7 @@ module "eks_blueprints_addons" { namespace = "gpu-operator" create_namespace = true chart = "gpu-operator" - chart_version = "v23.9.0" + chart_version = "v23.9.1" repository = "https://nvidia.github.io/gpu-operator" values = [ <<-EOT @@ -261,6 +231,49 @@ module "eks_blueprints_addons" { tags = local.tags } +################################################################################ +# Cluster +################################################################################ + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 20.4" + + cluster_name = local.name + cluster_version = "1.29" + cluster_endpoint_public_access = true + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + + eks_managed_node_groups = { + initial = { + instance_types = ["m5.xlarge"] + + min_size = 2 + max_size = 10 + desired_size = 5 + } + } + + # For demonstrating node-termination-handler + self_managed_node_groups = { + default = { + instance_type = "m5.large" + + min_size = 1 + max_size = 10 + desired_size = 1 + } + } + + tags = local.tags +} + ################################################################################ # Supporting Resources ################################################################################ @@ -367,37 +380,3 @@ module "adot_irsa" { tags = local.tags } - -resource "aws_security_group" "guardduty" { - name = "guardduty_vpce_allow_tls" - description = "Allow TLS inbound traffic" - vpc_id = module.vpc.vpc_id - - ingress { - description = "TLS from VPC" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = local.tags -} - -resource "aws_vpc_endpoint" "guardduty" { - vpc_id = module.vpc.vpc_id - service_name = "com.amazonaws.${local.region}.guardduty-data" - subnet_ids = module.vpc.private_subnets - vpc_endpoint_type = "Interface" - security_group_ids = [aws_security_group.guardduty.id] - private_dns_enabled = true - - tags = local.tags -} diff --git a/tests/complete/versions.tf b/tests/complete/versions.tf index 824e91ec..16a3b7ce 100644 --- a/tests/complete/versions.tf +++ b/tests/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.38" } helm = { source = "hashicorp/helm"