From 19b79e243e18ae21022bce23258908bd8a1960b4 Mon Sep 17 00:00:00 2001 From: Rodrigo Bersa Date: Tue, 6 Aug 2024 23:58:44 -0400 Subject: [PATCH 1/5] Fixing ECR on BlueGreen. Removing invalid parameter from BR --- patterns/aws-vpc-cni-network-policy/main.tf | 8 +++++++- patterns/blue-green-upgrade/modules/eks_cluster/main.tf | 2 +- patterns/bottlerocket/addons.tf | 1 - patterns/karpenter-mng/main.tf | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/patterns/aws-vpc-cni-network-policy/main.tf b/patterns/aws-vpc-cni-network-policy/main.tf index 1189367128..9c72dbae06 100644 --- a/patterns/aws-vpc-cni-network-policy/main.tf +++ b/patterns/aws-vpc-cni-network-policy/main.tf @@ -28,7 +28,13 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/blue-green-upgrade/modules/eks_cluster/main.tf b/patterns/blue-green-upgrade/modules/eks_cluster/main.tf index 693ee92c5f..9cb29037cd 100644 --- a/patterns/blue-green-upgrade/modules/eks_cluster/main.tf +++ b/patterns/blue-green-upgrade/modules/eks_cluster/main.tf @@ -1,7 +1,7 @@ # Required for public ECR where Karpenter artifacts are hosted provider "aws" { region = "us-east-1" - alias = "virginia" + alias = "ecr" } locals { diff --git a/patterns/bottlerocket/addons.tf b/patterns/bottlerocket/addons.tf index f7af372b38..1024e89478 100644 --- a/patterns/bottlerocket/addons.tf +++ b/patterns/bottlerocket/addons.tf @@ -42,7 +42,6 @@ module "eks_blueprints_addons" { karpenter = { repository_username = data.aws_ecrpublic_authorization_token.token.user_name repository_password = data.aws_ecrpublic_authorization_token.token.password - version = "v0.36" } enable_bottlerocket_update_operator = true diff --git a/patterns/karpenter-mng/main.tf b/patterns/karpenter-mng/main.tf index 793addb446..3b26da9972 100644 --- a/patterns/karpenter-mng/main.tf +++ b/patterns/karpenter-mng/main.tf @@ -54,7 +54,7 @@ data "aws_ecrpublic_authorization_token" "token" { } data "aws_availability_zones" "available" { - #Do not include local zones + # Do not include local zones filter { name = "opt-in-status" values = ["opt-in-not-required"] From 9abb86686aa3f130aa79d3515d85dcc6ff955f1c Mon Sep 17 00:00:00 2001 From: Rodrigo Bersa Date: Wed, 7 Aug 2024 00:01:44 -0400 Subject: [PATCH 2/5] Adding AZ Filter for LZs --- patterns/blue-green-upgrade/environment/main.tf | 8 +++++++- patterns/bottlerocket/main.tf | 8 +++++++- patterns/ecr-pull-through-cache/main.tf | 9 ++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/patterns/blue-green-upgrade/environment/main.tf b/patterns/blue-green-upgrade/environment/main.tf index 42bc7e968a..28f375463f 100644 --- a/patterns/blue-green-upgrade/environment/main.tf +++ b/patterns/blue-green-upgrade/environment/main.tf @@ -20,7 +20,13 @@ locals { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} module "vpc" { source = "terraform-aws-modules/vpc/aws" diff --git a/patterns/bottlerocket/main.tf b/patterns/bottlerocket/main.tf index f1ba263e21..1a5ded5035 100644 --- a/patterns/bottlerocket/main.tf +++ b/patterns/bottlerocket/main.tf @@ -1,7 +1,13 @@ ################################################################################ # Providers ################################################################################ -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} data "aws_caller_identity" "current" {} diff --git a/patterns/ecr-pull-through-cache/main.tf b/patterns/ecr-pull-through-cache/main.tf index e4c3482c85..123f2d018a 100644 --- a/patterns/ecr-pull-through-cache/main.tf +++ b/patterns/ecr-pull-through-cache/main.tf @@ -48,7 +48,14 @@ provider "helm" { ################################################################################ data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} + +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) From b7590118d39a2de0592f8d10160db9089138bea0 Mon Sep 17 00:00:00 2001 From: Rodrigo Bersa Date: Sun, 11 Aug 2024 22:49:46 -0300 Subject: [PATCH 3/5] Fix external-secrets,fargate,fully-private,gitos --- patterns/agones-game-controller/main.tf | 8 +++++++- patterns/external-secrets/main.tf | 9 ++++++++- patterns/fargate-serverless/main.tf | 8 +++++++- patterns/fully-private-cluster/main.tf | 8 +++++++- patterns/gitops/getting-started-argocd/main.tf | 10 +++++++++- .../gitops/multi-cluster-hub-spoke-argocd/hub/main.tf | 10 +++++++++- .../multi-cluster-hub-spoke-argocd/spokes/main.tf | 9 ++++++++- 7 files changed, 55 insertions(+), 7 deletions(-) diff --git a/patterns/agones-game-controller/main.tf b/patterns/agones-game-controller/main.tf index d3ba20c79b..7727c41e07 100644 --- a/patterns/agones-game-controller/main.tf +++ b/patterns/agones-game-controller/main.tf @@ -16,7 +16,13 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/external-secrets/main.tf b/patterns/external-secrets/main.tf index a008b91ed2..12d93c5b21 100644 --- a/patterns/external-secrets/main.tf +++ b/patterns/external-secrets/main.tf @@ -30,7 +30,14 @@ provider "kubectl" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + data "aws_caller_identity" "current" {} locals { diff --git a/patterns/fargate-serverless/main.tf b/patterns/fargate-serverless/main.tf index a1f7f3fc09..e8bdcc6769 100644 --- a/patterns/fargate-serverless/main.tf +++ b/patterns/fargate-serverless/main.tf @@ -28,7 +28,13 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/fully-private-cluster/main.tf b/patterns/fully-private-cluster/main.tf index 83c354f326..787cfdd34f 100644 --- a/patterns/fully-private-cluster/main.tf +++ b/patterns/fully-private-cluster/main.tf @@ -2,7 +2,13 @@ provider "aws" { region = local.region } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/gitops/getting-started-argocd/main.tf b/patterns/gitops/getting-started-argocd/main.tf index d58aec88b9..fe3ca9f5d6 100644 --- a/patterns/gitops/getting-started-argocd/main.tf +++ b/patterns/gitops/getting-started-argocd/main.tf @@ -1,8 +1,16 @@ provider "aws" { region = local.region } + data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} + +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} provider "helm" { kubernetes { diff --git a/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/main.tf b/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/main.tf index dd61b41882..2d5bc26883 100644 --- a/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/main.tf +++ b/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/main.tf @@ -1,8 +1,16 @@ provider "aws" { region = local.region } + data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} + +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} provider "helm" { kubernetes { diff --git a/patterns/gitops/multi-cluster-hub-spoke-argocd/spokes/main.tf b/patterns/gitops/multi-cluster-hub-spoke-argocd/spokes/main.tf index a1ba7a6e03..283c84a394 100644 --- a/patterns/gitops/multi-cluster-hub-spoke-argocd/spokes/main.tf +++ b/patterns/gitops/multi-cluster-hub-spoke-argocd/spokes/main.tf @@ -1,9 +1,16 @@ provider "aws" { region = local.region } + data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} data "terraform_remote_state" "cluster_hub" { backend = "local" From d506d767f15afe620938de1dbe56d7447a53ff03 Mon Sep 17 00:00:00 2001 From: Rodrigo Bersa Date: Sun, 11 Aug 2024 22:52:16 -0300 Subject: [PATCH 4/5] Fix ipv6,istio,karpenter,kubecost,ml,teams,nvidia --- patterns/ipv6-eks-cluster/main.tf | 8 +++++++- patterns/istio/main.tf | 8 +++++++- patterns/karpenter/main.tf | 8 +++++++- patterns/kubecost/main.tf | 9 ++++++++- patterns/ml-capacity-block/main.tf | 8 +++++++- patterns/multi-tenancy-with-teams/main.tf | 9 ++++++++- patterns/nvidia-gpu-efa/main.tf | 8 +++++++- 7 files changed, 51 insertions(+), 7 deletions(-) diff --git a/patterns/ipv6-eks-cluster/main.tf b/patterns/ipv6-eks-cluster/main.tf index b7077b0bed..dce84f929a 100644 --- a/patterns/ipv6-eks-cluster/main.tf +++ b/patterns/ipv6-eks-cluster/main.tf @@ -2,7 +2,13 @@ provider "aws" { region = local.region } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf index db4313e8a4..a1912f8ba0 100644 --- a/patterns/istio/main.tf +++ b/patterns/istio/main.tf @@ -28,7 +28,13 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/karpenter/main.tf b/patterns/karpenter/main.tf index e064902196..795b5d11af 100644 --- a/patterns/karpenter/main.tf +++ b/patterns/karpenter/main.tf @@ -39,7 +39,13 @@ data "aws_ecrpublic_authorization_token" "token" { provider = aws.ecr } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = "ex-${basename(path.cwd)}" diff --git a/patterns/kubecost/main.tf b/patterns/kubecost/main.tf index e35262aba5..c956dd4983 100644 --- a/patterns/kubecost/main.tf +++ b/patterns/kubecost/main.tf @@ -16,9 +16,16 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} data "aws_caller_identity" "current" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + locals { name = basename(path.cwd) region = "us-west-2" diff --git a/patterns/ml-capacity-block/main.tf b/patterns/ml-capacity-block/main.tf index 5bf30b0c3d..5f4e3e16ba 100644 --- a/patterns/ml-capacity-block/main.tf +++ b/patterns/ml-capacity-block/main.tf @@ -42,7 +42,13 @@ provider "helm" { # Common data/locals ################################################################################ -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/multi-tenancy-with-teams/main.tf b/patterns/multi-tenancy-with-teams/main.tf index eebe315bac..6d6e647488 100644 --- a/patterns/multi-tenancy-with-teams/main.tf +++ b/patterns/multi-tenancy-with-teams/main.tf @@ -13,7 +13,14 @@ data "aws_eks_cluster_auth" "this" { } data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} + +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/nvidia-gpu-efa/main.tf b/patterns/nvidia-gpu-efa/main.tf index 03b3fced85..5c797a6d0b 100644 --- a/patterns/nvidia-gpu-efa/main.tf +++ b/patterns/nvidia-gpu-efa/main.tf @@ -42,7 +42,13 @@ provider "helm" { # Common data/locals ################################################################################ -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) From 09362cafe1fa378d0cf41d3db038668a33024e47 Mon Sep 17 00:00:00 2001 From: Rodrigo Bersa Date: Sun, 11 Aug 2024 22:54:40 -0300 Subject: [PATCH 5/5] Fix ingress,privatelink,sso,stateful,odcr,tls,wireguard --- patterns/private-public-ingress/main.tf | 8 +++++++- patterns/privatelink-access/main.tf | 8 +++++++- patterns/sso-iam-identity-center/main.tf | 8 +++++++- patterns/sso-okta/main.tf | 8 +++++++- patterns/stateful/main.tf | 9 ++++++++- patterns/targeted-odcr/main.tf | 8 +++++++- patterns/tls-with-aws-pca-issuer/main.tf | 8 +++++++- patterns/wireguard-with-cilium/main.tf | 8 +++++++- 8 files changed, 57 insertions(+), 8 deletions(-) diff --git a/patterns/private-public-ingress/main.tf b/patterns/private-public-ingress/main.tf index 5737a15486..a78574578c 100644 --- a/patterns/private-public-ingress/main.tf +++ b/patterns/private-public-ingress/main.tf @@ -16,7 +16,13 @@ provider "helm" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/privatelink-access/main.tf b/patterns/privatelink-access/main.tf index 62af1323cf..8ff58bac16 100644 --- a/patterns/privatelink-access/main.tf +++ b/patterns/privatelink-access/main.tf @@ -2,7 +2,13 @@ provider "aws" { region = local.region } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/sso-iam-identity-center/main.tf b/patterns/sso-iam-identity-center/main.tf index c14b4eec7c..016c916ec3 100644 --- a/patterns/sso-iam-identity-center/main.tf +++ b/patterns/sso-iam-identity-center/main.tf @@ -14,7 +14,13 @@ provider "kubernetes" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = "sso-${basename(path.cwd)}" diff --git a/patterns/sso-okta/main.tf b/patterns/sso-okta/main.tf index 73f59d8e68..07ca439766 100644 --- a/patterns/sso-okta/main.tf +++ b/patterns/sso-okta/main.tf @@ -2,7 +2,13 @@ provider "aws" { region = local.region } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/stateful/main.tf b/patterns/stateful/main.tf index 00e21cb79b..79acb1967e 100644 --- a/patterns/stateful/main.tf +++ b/patterns/stateful/main.tf @@ -29,7 +29,14 @@ provider "helm" { } data "aws_caller_identity" "current" {} -data "aws_availability_zones" "available" {} + +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/targeted-odcr/main.tf b/patterns/targeted-odcr/main.tf index 00c80fcd59..9eec67edcd 100644 --- a/patterns/targeted-odcr/main.tf +++ b/patterns/targeted-odcr/main.tf @@ -42,7 +42,13 @@ provider "helm" { # Common data/locals ################################################################################ -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/tls-with-aws-pca-issuer/main.tf b/patterns/tls-with-aws-pca-issuer/main.tf index 84917eaad1..4c56439358 100644 --- a/patterns/tls-with-aws-pca-issuer/main.tf +++ b/patterns/tls-with-aws-pca-issuer/main.tf @@ -30,7 +30,13 @@ provider "kubectl" { } } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd) diff --git a/patterns/wireguard-with-cilium/main.tf b/patterns/wireguard-with-cilium/main.tf index 0403023a61..98d00267ac 100644 --- a/patterns/wireguard-with-cilium/main.tf +++ b/patterns/wireguard-with-cilium/main.tf @@ -42,7 +42,13 @@ provider "helm" { # Common data/locals ################################################################################ -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + # Do not include local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} locals { name = basename(path.cwd)