fix: Replace un-maintained kubectl provider with an updated fork (#1901)

aws-ia · Mar 12, 2024 · 9dc6add · 9dc6add
1 parent af2e57d
commit 9dc6add
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 99 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/streetsidesoftware/cspell-cli
-    rev: v8.3.0
+    rev: v8.6.0
     hooks:
       - id: cspell
         args: [--exclude, 'ADOPTERS.md', --exclude, '.pre-commit-config.yaml', --exclude, '.gitignore', --exclude, '*.drawio', --exclude, 'mkdocs.yml', --exclude, '.helmignore', --exclude, '.github/workflows/*', --exclude, 'patterns/istio-multi-cluster/*', --exclude, 'patterns/blue-green-upgrade/*']
@@ -19,7 +19,7 @@ repos:
       - id: detect-aws-credentials
         args: [--allow-missing-credentials]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.86.0
+    rev: v1.88.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/docs/cSpell_dict.txt b/docs/cSpell_dict.txt
@@ -4,6 +4,7 @@ addrs
 adot
 agones
 akuity
+alekc
 algbw
 ALLOWVOLUMEEXPANSION
 amazonlinux
@@ -73,7 +74,6 @@ flblogs
 fluentbit
 gameserver
 gameservers
-gavinbunney
 gitops
 helloworld
 heptio

diff --git a/patterns/appmesh-mtls/versions.tf b/patterns/appmesh-mtls/versions.tf
@@ -11,8 +11,8 @@ terraform {
       version = ">= 2.9"
     }
     kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
+      source  = "alekc/kubectl"
+      version = ">= 2.0"
     }
   }
 

diff --git a/patterns/external-secrets/main.tf b/patterns/external-secrets/main.tf
@@ -147,22 +147,23 @@ resource "aws_kms_key" "secrets" {
 }
 
 resource "kubectl_manifest" "cluster_secretstore" {
-  yaml_body  = <<YAML
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: ${local.cluster_secretstore_name}
-spec:
-  provider:
-    aws:
-      service: SecretsManager
-      region: ${local.region}
-      auth:
-        jwt:
-          serviceAccountRef:
-            name: ${local.cluster_secretstore_sa}
-            namespace: ${local.namespace}
-YAML
+  yaml_body = <<YAML
+    apiVersion: external-secrets.io/v1beta1
+    kind: ClusterSecretStore
+    metadata:
+      name: ${local.cluster_secretstore_name}
+    spec:
+      provider:
+        aws:
+          service: SecretsManager
+          region: ${local.region}
+          auth:
+            jwt:
+              serviceAccountRef:
+                name: ${local.cluster_secretstore_sa}
+                namespace: ${local.namespace}
+  YAML
+
   depends_on = [module.eks_blueprints_addons]
 }
 
@@ -180,21 +181,22 @@ resource "aws_secretsmanager_secret_version" "secret" {
 }
 
 resource "kubectl_manifest" "secret" {
-  yaml_body  = <<YAML
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: ${local.name}-sm
-  namespace: ${local.namespace}
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: ${local.cluster_secretstore_name}
-    kind: ClusterSecretStore
-  dataFrom:
-  - extract:
-      key: ${aws_secretsmanager_secret.secret.name}
-YAML
+  yaml_body = <<-YAML
+    apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+      name: ${local.name}-sm
+      namespace: ${local.namespace}
+    spec:
+      refreshInterval: 1h
+      secretStoreRef:
+        name: ${local.cluster_secretstore_name}
+        kind: ClusterSecretStore
+      dataFrom:
+      - extract:
+          key: ${aws_secretsmanager_secret.secret.name}
+  YAML
+
   depends_on = [kubectl_manifest.cluster_secretstore]
 }
 
@@ -203,22 +205,23 @@ YAML
 #---------------------------------------------------------------
 
 resource "kubectl_manifest" "secretstore" {
-  yaml_body  = <<YAML
-apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
-  name: ${local.secretstore_name}
-  namespace: ${local.namespace}
-spec:
-  provider:
-    aws:
-      service: ParameterStore
-      region: ${local.region}
-      auth:
-        jwt:
-          serviceAccountRef:
-            name: ${local.secretstore_sa}
-YAML
+  yaml_body = <<-YAML
+    apiVersion: external-secrets.io/v1beta1
+    kind: SecretStore
+    metadata:
+      name: ${local.secretstore_name}
+      namespace: ${local.namespace}
+    spec:
+      provider:
+        aws:
+          service: ParameterStore
+          region: ${local.region}
+          auth:
+            jwt:
+              serviceAccountRef:
+                name: ${local.secretstore_sa}
+  YAML
+
   depends_on = [module.eks_blueprints_addons]
 }
 
@@ -326,27 +329,27 @@ module "secretstore_role" {
 
 resource "aws_iam_policy" "secretstore" {
   name_prefix = local.secretstore_sa
-  policy      = <<POLICY
-{
-	"Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ssm:GetParameter*"
-      ],
-      "Resource": "arn:aws:ssm:${local.region}:${data.aws_caller_identity.current.account_id}:parameter/${local.name}/*"
-    },
+  policy      = <<-POLICY
     {
-      "Effect": "Allow",
-      "Action": [
-        "kms:Decrypt"
-      ],
-      "Resource": "${aws_kms_key.secrets.arn}"
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ssm:GetParameter*"
+          ],
+          "Resource": "arn:aws:ssm:${local.region}:${data.aws_caller_identity.current.account_id}:parameter/${local.name}/*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "kms:Decrypt"
+          ],
+          "Resource": "${aws_kms_key.secrets.arn}"
+        }
+      ]
     }
-  ]
-}
-POLICY
+  POLICY
 }
 
 module "ebs_csi_driver_irsa" {

diff --git a/patterns/external-secrets/versions.tf b/patterns/external-secrets/versions.tf
@@ -11,8 +11,8 @@ terraform {
       version = ">= 2.9"
     }
     kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
+      source  = "alekc/kubectl"
+      version = ">= 2.0"
     }
   }
 

diff --git a/patterns/multi-tenancy-with-teams/main.tf b/patterns/multi-tenancy-with-teams/main.tf
@@ -8,22 +8,6 @@ provider "kubernetes" {
   token                  = data.aws_eks_cluster_auth.this.token
 }
 
-provider "helm" {
-  kubernetes {
-    host                   = module.eks.cluster_endpoint
-    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
-  }
-}
-
-provider "kubectl" {
-  apply_retry_count      = 10
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
-}
-
 data "aws_eks_cluster_auth" "this" {
   name = module.eks.cluster_name
 }

diff --git a/patterns/multi-tenancy-with-teams/versions.tf b/patterns/multi-tenancy-with-teams/versions.tf
@@ -6,18 +6,10 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 5.34"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.9"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.20"
     }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

diff --git a/patterns/tls-with-aws-pca-issuer/versions.tf b/patterns/tls-with-aws-pca-issuer/versions.tf
@@ -11,8 +11,8 @@ terraform {
       version = ">= 2.9"
     }
     kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
+      source  = "alekc/kubectl"
+      version = ">= 2.0"
     }
   }