chore: Update modules, providers, EKS version and change ack namespace (

#60)
aws-ia · Aug 5, 2024 · 4359c36 · 4359c36
1 parent 37d66f0
commit 4359c36
Show file tree

Hide file tree

Showing 9 changed files with 88 additions and 82 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -13,7 +13,7 @@ env:
   TERRAFORM_DOCS_VERSION: v0.16.0
   TFSEC_VERSION: v1.22.0
   TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
-  TFLINT_VERSION: v0.38.1
+  TFLINT_VERSION: v0.50.3
 
 concurrency:
   group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
@@ -27,11 +27,11 @@ jobs:
       directories: ${{ steps.dirs.outputs.directories }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.4.1
+        uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -45,9 +45,9 @@ jobs:
         run: rm -rf $(which terraform)
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - uses: dorny/paths-filter@v2
+      - uses: dorny/paths-filter@v3
         id: changes
         with:
           # We only need to check Terraform files for the current directory
@@ -70,22 +70,22 @@ jobs:
           restore-keys: ${{ runner.os }}-terraform-
 
       - name: Terraform min/max versions
-        uses: clowdhaus/terraform-min-max@v1.0.7
+        uses: clowdhaus/terraform-min-max@v1.3.0
         if: steps.changes.outputs.src== 'true'
         id: minMax
         with:
           directory: ${{ matrix.directory }}
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' && steps.changes.outputs.src== 'true' }}
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' && steps.changes.outputs.src== 'true' }}
         with:
@@ -101,9 +101,9 @@ jobs:
         run: rm -rf $(which terraform)
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - uses: dorny/paths-filter@v2
+      - uses: dorny/paths-filter@v3
         id: changes
         with:
           filters: |
@@ -128,11 +128,11 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.0.7
+        uses: clowdhaus/terraform-min-max@v1.3.0
         if: steps.changes.outputs.src== 'true'
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         if: steps.changes.outputs.src== 'true'
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,29 +1,37 @@
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+        args: ["--markdown-linebreak-ext=md"]
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: detect-aws-credentials
+        args: ["--allow-missing-credentials"]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.89.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
         args:
-          - '--args=--lockfile=false'
+          - "--args=--lockfile=false"
       - id: terraform_tflint
         args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
-          - '--args=--only=terraform_comment_syntax'
-          - '--args=--only=terraform_documented_outputs'
-          - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
-          - '--args=--only=terraform_module_pinned_source'
-          - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
-          - '--args=--only=terraform_required_providers'
-          - '--args=--only=terraform_standard_module_structure'
-          - '--args=--only=terraform_workspace_remote'
+          - "--args=--only=terraform_deprecated_interpolation"
+          - "--args=--only=terraform_deprecated_index"
+          - "--args=--only=terraform_unused_declarations"
+          - "--args=--only=terraform_comment_syntax"
+          - "--args=--only=terraform_documented_outputs"
+          - "--args=--only=terraform_documented_variables"
+          - "--args=--only=terraform_typed_variables"
+          - "--args=--only=terraform_module_pinned_source"
+          - "--args=--only=terraform_naming_convention"
+          - "--args=--only=terraform_required_version"
+          - "--args=--only=terraform_required_providers"
+          - "--args=--only=terraform_standard_module_structure"
+          - "--args=--only=terraform_workspace_remote"
+          - "--args=--only=terraform_empty_list_equality"
+          - "--args=--only=terraform_unused_required_providers"
       - id: terraform_validate
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
-    hooks:
-      - id: check-merge-conflict
-      - id: end-of-file-fixer
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ Terraform module which provisions [AWS controllers for Kubernetes](https://aws-c
 ```hcl
 module "eks_ack_addons" {
   source = "aws-ia/eks-ack-addons/aws"
-  
+
   # Cluster Info
   cluster_name      = "<cluster name>"
   cluster_endpoint  = "<cluster endpoint>"
@@ -26,7 +26,7 @@ module "eks_ack_addons" {
   enable_emrcontainers     = true
   enable_sfn               = true
   enable_eventbridge       = true
-  
+
   tags = {
     Environment = "dev"
   }
@@ -44,16 +44,16 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.8 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
-| <a name="provider_time"></a> [time](#provider\_time) | >= 0.8 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >= 0.9 |
 
 ## Modules
 

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -62,17 +62,26 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.13"
+  version = "~> 20.11"
 
-  cluster_name                   = local.name
-  cluster_version                = "1.27"
-  cluster_endpoint_public_access = true
+  cluster_name    = local.name
+  cluster_version = "1.30"
+
+  # Give the Terraform identity admin access to the cluster
+  # which will allow it to deploy resources into the cluster
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access           = true
+
+  cluster_addons = {
+    coredns                = {}
+    eks-pod-identity-agent = {}
+    kube-proxy             = {}
+    vpc-cni                = {}
+  }
 
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  manage_aws_auth_configmap = true
-
   eks_managed_node_groups = {
     initial = {
       instance_types = ["m5.xlarge"]
@@ -91,24 +100,13 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "~> 1.0.0"
+  version = "~> 1.16"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
   cluster_version   = module.eks.cluster_version
   oidc_provider_arn = module.eks.oidc_provider_arn
 
-  eks_addons = {
-    coredns = {
-      timeouts = {
-        create = "25m"
-        delete = "10m"
-      }
-    }
-    vpc-cni    = {}
-    kube-proxy = {}
-  }
-
   # Add-ons
   enable_aws_load_balancer_controller = true
   enable_metrics_server               = true
@@ -232,7 +230,7 @@ resource "kubernetes_service_account_v1" "ack_demo" {
 
 module "irsa" {
   source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "~> 1.1.0"
+  version = "~> 1.1.1"
 
   # Disable helm release
   create_release = false

diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -1,6 +1,6 @@
 output "configure_kubectl" {
   description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
+  value       = "aws eks update-kubeconfig --region ${local.region} --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name}"
 }
 
 output "api_gatewayv2_vpc_link_id" {

diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.3.2"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.1"
+      version = ">= 5.38"
     }
     helm = {
       source  = "hashicorp/helm"

diff --git a/main.tf b/main.tf
@@ -53,7 +53,7 @@ module "apigatewayv2" {
   # public.ecr.aws/aws-controllers-k8s/apigatewayv2-chart:1.0.3
   name             = try(var.apigatewayv2.name, local.apigatewayv2_name)
   description      = try(var.apigatewayv2.description, "Helm Chart for apigatewayv2 controller for ACK")
-  namespace        = try(var.apigatewayv2.namespace, local.apigatewayv2_name)
+  namespace        = try(var.apigatewayv2.namespace, "ack-system")
   create_namespace = try(var.apigatewayv2.create_namespace, true)
   chart            = "apigatewayv2-chart"
   chart_version    = try(var.apigatewayv2.chart_version, "1.0.2")
@@ -152,7 +152,7 @@ module "dynamodb" {
   # public.ecr.aws/aws-controllers-k8s/dynamodb-chart:1.1.1
   name             = try(var.dynamodb.name, local.dynamodb_name)
   description      = try(var.dynamodb.description, "Helm Chart for dynamodb controller for ACK")
-  namespace        = try(var.dynamodb.namespace, local.dynamodb_name)
+  namespace        = try(var.dynamodb.namespace, "ack-system")
   create_namespace = try(var.dynamodb.create_namespace, true)
   chart            = "dynamodb-chart"
   chart_version    = try(var.dynamodb.chart_version, "1.1.1")
@@ -250,7 +250,7 @@ module "s3" {
   # public.ecr.aws/aws-controllers-k8s/s3-chart:1.0.4
   name             = try(var.s3.name, local.s3_name)
   description      = try(var.s3.description, "Helm Chart for s3 controller for ACK")
-  namespace        = try(var.s3.namespace, local.s3_name)
+  namespace        = try(var.s3.namespace, "ack-system")
   create_namespace = try(var.s3.create_namespace, true)
   chart            = "s3-chart"
   chart_version    = try(var.s3.chart_version, "1.0.4")
@@ -348,7 +348,7 @@ module "elasticache" {
   # public.ecr.aws/aws-controllers-k8s/elasticache-chart:0.0.27
   name             = try(var.elasticache.name, local.elasticache_name)
   description      = try(var.elasticache.description, "Helm Chart for elasticache controller for ACK")
-  namespace        = try(var.elasticache.namespace, local.elasticache_name)
+  namespace        = try(var.elasticache.namespace, "ack-system")
   create_namespace = try(var.elasticache.create_namespace, true)
   chart            = "elasticache-chart"
   chart_version    = try(var.elasticache.chart_version, "0.0.27")
@@ -446,7 +446,7 @@ module "rds" {
   # public.ecr.aws/aws-controllers-k8s/rds-chart:1.1.4
   name             = try(var.rds.name, local.rds_name)
   description      = try(var.rds.description, "Helm Chart for rds controller for ACK")
-  namespace        = try(var.rds.namespace, local.rds_name)
+  namespace        = try(var.rds.namespace, "ack-system")
   create_namespace = try(var.rds.create_namespace, true)
   chart            = "rds-chart"
   chart_version    = try(var.rds.chart_version, "1.1.4")
@@ -544,7 +544,7 @@ module "prometheusservice" {
   # public.ecr.aws/aws-controllers-k8s/prometheusservice_name-chart:1.2.3
   name             = try(var.prometheusservice.name, local.prometheusservice_name)
   description      = try(var.prometheusservice.description, "Helm Chart for prometheusservice controller for ACK")
-  namespace        = try(var.prometheusservice.namespace, local.prometheusservice_name)
+  namespace        = try(var.prometheusservice.namespace, "ack-system")
   create_namespace = try(var.prometheusservice.create_namespace, true)
   chart            = "prometheusservice-chart"
   chart_version    = try(var.prometheusservice.chart_version, "1.2.3")
@@ -642,7 +642,7 @@ module "emrcontainers" {
   # public.ecr.aws/aws-controllers-k8s/emrcontainers_name-chart:1.0.1
   name             = try(var.emrcontainers.name, local.emrcontainers_name)
   description      = try(var.emrcontainers.description, "Helm Chart for emrcontainers controller for ACK")
-  namespace        = try(var.emrcontainers.namespace, local.emrcontainers_name)
+  namespace        = try(var.emrcontainers.namespace, "ack-system")
   create_namespace = try(var.emrcontainers.create_namespace, true)
   chart            = "emrcontainers-chart"
   chart_version    = try(var.emrcontainers.chart_version, "1.0.1")
@@ -825,7 +825,7 @@ module "sfn" {
   # public.ecr.aws/aws-controllers-k8s/sfn_name-chart:1.0.2
   name             = try(var.sfn.name, local.sfn_name)
   description      = try(var.sfn.description, "Helm Chart for sfn controller for ACK")
-  namespace        = try(var.sfn.namespace, local.sfn_name)
+  namespace        = try(var.sfn.namespace, "ack-system")
   create_namespace = try(var.sfn.create_namespace, true)
   chart            = "sfn-chart"
   chart_version    = try(var.sfn.chart_version, "1.0.2")
@@ -950,7 +950,7 @@ module "eventbridge" {
   # public.ecr.aws/aws-controllers-k8s/eventbridge_name-chart:1.0.1
   name             = try(var.eventbridge.name, local.eventbridge_name)
   description      = try(var.eventbridge.description, "Helm Chart for eventbridge controller for ACK")
-  namespace        = try(var.eventbridge.namespace, local.eventbridge_name)
+  namespace        = try(var.eventbridge.namespace, "ack-system")
   create_namespace = try(var.eventbridge.create_namespace, true)
   chart            = "eventbridge-chart"
   chart_version    = try(var.eventbridge.chart_version, "1.0.1")