diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index f39fe6d..9c3e324 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -13,7 +13,7 @@ env: TERRAFORM_DOCS_VERSION: v0.16.0 TFSEC_VERSION: v1.22.0 TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache - TFLINT_VERSION: v0.38.1 + TFLINT_VERSION: v0.50.3 concurrency: group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' @@ -27,11 +27,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.4.1 + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 preCommitMinVersions: name: Min TF pre-commit @@ -45,9 +45,9 @@ jobs: run: rm -rf $(which terraform) - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@v3 id: changes with: # We only need to check Terraform files for the current directory @@ -70,14 +70,14 @@ jobs: restore-keys: ${{ runner.os }}-terraform- - name: Terraform min/max versions - uses: clowdhaus/terraform-min-max@v1.0.7 + uses: clowdhaus/terraform-min-max@v1.3.0 if: steps.changes.outputs.src== 'true' id: minMax with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' && steps.changes.outputs.src== 'true' }} with: @@ -85,7 +85,7 @@ jobs: args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' && steps.changes.outputs.src== 'true' }} with: @@ -101,9 +101,9 @@ jobs: run: rm -rf $(which terraform) - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@v3 id: changes with: filters: | @@ -128,11 +128,11 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.0.7 + uses: clowdhaus/terraform-min-max@v1.3.0 if: steps.changes.outputs.src== 'true' - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.6.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 if: steps.changes.outputs.src== 'true' with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 80287de..02138a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,29 +1,37 @@ repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: trailing-whitespace + args: ["--markdown-linebreak-ext=md"] + - id: end-of-file-fixer + - id: trailing-whitespace + - id: check-merge-conflict + - id: detect-private-key + - id: detect-aws-credentials + args: ["--allow-missing-credentials"] - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.76.0 + rev: v1.89.1 hooks: - id: terraform_fmt - id: terraform_docs args: - - '--args=--lockfile=false' + - "--args=--lockfile=false" - id: terraform_tflint args: - - '--args=--only=terraform_deprecated_interpolation' - - '--args=--only=terraform_deprecated_index' - - '--args=--only=terraform_unused_declarations' - - '--args=--only=terraform_comment_syntax' - - '--args=--only=terraform_documented_outputs' - - '--args=--only=terraform_documented_variables' - - '--args=--only=terraform_typed_variables' - - '--args=--only=terraform_module_pinned_source' - - '--args=--only=terraform_naming_convention' - - '--args=--only=terraform_required_version' - - '--args=--only=terraform_required_providers' - - '--args=--only=terraform_standard_module_structure' - - '--args=--only=terraform_workspace_remote' + - "--args=--only=terraform_deprecated_interpolation" + - "--args=--only=terraform_deprecated_index" + - "--args=--only=terraform_unused_declarations" + - "--args=--only=terraform_comment_syntax" + - "--args=--only=terraform_documented_outputs" + - "--args=--only=terraform_documented_variables" + - "--args=--only=terraform_typed_variables" + - "--args=--only=terraform_module_pinned_source" + - "--args=--only=terraform_naming_convention" + - "--args=--only=terraform_required_version" + - "--args=--only=terraform_required_providers" + - "--args=--only=terraform_standard_module_structure" + - "--args=--only=terraform_workspace_remote" + - "--args=--only=terraform_empty_list_equality" + - "--args=--only=terraform_unused_required_providers" - id: terraform_validate - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 - hooks: - - id: check-merge-conflict - - id: end-of-file-fixer diff --git a/README.md b/README.md index 7630ada..89ffa93 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Terraform module which provisions [AWS controllers for Kubernetes](https://aws-c ```hcl module "eks_ack_addons" { source = "aws-ia/eks-ack-addons/aws" - + # Cluster Info cluster_name = "" cluster_endpoint = "" @@ -26,7 +26,7 @@ module "eks_ack_addons" { enable_emrcontainers = true enable_sfn = true enable_eventbridge = true - + tags = { Environment = "dev" } @@ -44,16 +44,16 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 4.0 | -| [time](#requirement\_time) | >= 0.8 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.0 | +| [time](#requirement\_time) | >= 0.9 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.0 | -| [time](#provider\_time) | >= 0.8 | +| [aws](#provider\_aws) | >= 5.0 | +| [time](#provider\_time) | >= 0.9 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 3559807..0d6c028 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -62,17 +62,26 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.13" + version = "~> 20.11" - cluster_name = local.name - cluster_version = "1.27" - cluster_endpoint_public_access = true + cluster_name = local.name + cluster_version = "1.30" + + # Give the Terraform identity admin access to the cluster + # which will allow it to deploy resources into the cluster + enable_cluster_creator_admin_permissions = true + cluster_endpoint_public_access = true + + cluster_addons = { + coredns = {} + eks-pod-identity-agent = {} + kube-proxy = {} + vpc-cni = {} + } vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - manage_aws_auth_configmap = true - eks_managed_node_groups = { initial = { instance_types = ["m5.xlarge"] @@ -91,24 +100,13 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0.0" + version = "~> 1.16" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint cluster_version = module.eks.cluster_version oidc_provider_arn = module.eks.oidc_provider_arn - eks_addons = { - coredns = { - timeouts = { - create = "25m" - delete = "10m" - } - } - vpc-cni = {} - kube-proxy = {} - } - # Add-ons enable_aws_load_balancer_controller = true enable_metrics_server = true @@ -232,7 +230,7 @@ resource "kubernetes_service_account_v1" "ack_demo" { module "irsa" { source = "aws-ia/eks-blueprints-addon/aws" - version = "~> 1.1.0" + version = "~> 1.1.1" # Disable helm release create_release = false diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index e996162..386e630 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,6 +1,6 @@ output "configure_kubectl" { description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" - value = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}" + value = "aws eks update-kubeconfig --region ${local.region} --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name}" } output "api_gatewayv2_vpc_link_id" { diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 1d4701c..1986a73 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0.0" + required_version = ">= 1.3.2" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.1" + version = ">= 5.38" } helm = { source = "hashicorp/helm" diff --git a/main.tf b/main.tf index ad67971..3b49444 100644 --- a/main.tf +++ b/main.tf @@ -53,7 +53,7 @@ module "apigatewayv2" { # public.ecr.aws/aws-controllers-k8s/apigatewayv2-chart:1.0.3 name = try(var.apigatewayv2.name, local.apigatewayv2_name) description = try(var.apigatewayv2.description, "Helm Chart for apigatewayv2 controller for ACK") - namespace = try(var.apigatewayv2.namespace, local.apigatewayv2_name) + namespace = try(var.apigatewayv2.namespace, "ack-system") create_namespace = try(var.apigatewayv2.create_namespace, true) chart = "apigatewayv2-chart" chart_version = try(var.apigatewayv2.chart_version, "1.0.2") @@ -152,7 +152,7 @@ module "dynamodb" { # public.ecr.aws/aws-controllers-k8s/dynamodb-chart:1.1.1 name = try(var.dynamodb.name, local.dynamodb_name) description = try(var.dynamodb.description, "Helm Chart for dynamodb controller for ACK") - namespace = try(var.dynamodb.namespace, local.dynamodb_name) + namespace = try(var.dynamodb.namespace, "ack-system") create_namespace = try(var.dynamodb.create_namespace, true) chart = "dynamodb-chart" chart_version = try(var.dynamodb.chart_version, "1.1.1") @@ -250,7 +250,7 @@ module "s3" { # public.ecr.aws/aws-controllers-k8s/s3-chart:1.0.4 name = try(var.s3.name, local.s3_name) description = try(var.s3.description, "Helm Chart for s3 controller for ACK") - namespace = try(var.s3.namespace, local.s3_name) + namespace = try(var.s3.namespace, "ack-system") create_namespace = try(var.s3.create_namespace, true) chart = "s3-chart" chart_version = try(var.s3.chart_version, "1.0.4") @@ -348,7 +348,7 @@ module "elasticache" { # public.ecr.aws/aws-controllers-k8s/elasticache-chart:0.0.27 name = try(var.elasticache.name, local.elasticache_name) description = try(var.elasticache.description, "Helm Chart for elasticache controller for ACK") - namespace = try(var.elasticache.namespace, local.elasticache_name) + namespace = try(var.elasticache.namespace, "ack-system") create_namespace = try(var.elasticache.create_namespace, true) chart = "elasticache-chart" chart_version = try(var.elasticache.chart_version, "0.0.27") @@ -446,7 +446,7 @@ module "rds" { # public.ecr.aws/aws-controllers-k8s/rds-chart:1.1.4 name = try(var.rds.name, local.rds_name) description = try(var.rds.description, "Helm Chart for rds controller for ACK") - namespace = try(var.rds.namespace, local.rds_name) + namespace = try(var.rds.namespace, "ack-system") create_namespace = try(var.rds.create_namespace, true) chart = "rds-chart" chart_version = try(var.rds.chart_version, "1.1.4") @@ -544,7 +544,7 @@ module "prometheusservice" { # public.ecr.aws/aws-controllers-k8s/prometheusservice_name-chart:1.2.3 name = try(var.prometheusservice.name, local.prometheusservice_name) description = try(var.prometheusservice.description, "Helm Chart for prometheusservice controller for ACK") - namespace = try(var.prometheusservice.namespace, local.prometheusservice_name) + namespace = try(var.prometheusservice.namespace, "ack-system") create_namespace = try(var.prometheusservice.create_namespace, true) chart = "prometheusservice-chart" chart_version = try(var.prometheusservice.chart_version, "1.2.3") @@ -642,7 +642,7 @@ module "emrcontainers" { # public.ecr.aws/aws-controllers-k8s/emrcontainers_name-chart:1.0.1 name = try(var.emrcontainers.name, local.emrcontainers_name) description = try(var.emrcontainers.description, "Helm Chart for emrcontainers controller for ACK") - namespace = try(var.emrcontainers.namespace, local.emrcontainers_name) + namespace = try(var.emrcontainers.namespace, "ack-system") create_namespace = try(var.emrcontainers.create_namespace, true) chart = "emrcontainers-chart" chart_version = try(var.emrcontainers.chart_version, "1.0.1") @@ -825,7 +825,7 @@ module "sfn" { # public.ecr.aws/aws-controllers-k8s/sfn_name-chart:1.0.2 name = try(var.sfn.name, local.sfn_name) description = try(var.sfn.description, "Helm Chart for sfn controller for ACK") - namespace = try(var.sfn.namespace, local.sfn_name) + namespace = try(var.sfn.namespace, "ack-system") create_namespace = try(var.sfn.create_namespace, true) chart = "sfn-chart" chart_version = try(var.sfn.chart_version, "1.0.2") @@ -950,7 +950,7 @@ module "eventbridge" { # public.ecr.aws/aws-controllers-k8s/eventbridge_name-chart:1.0.1 name = try(var.eventbridge.name, local.eventbridge_name) description = try(var.eventbridge.description, "Helm Chart for eventbridge controller for ACK") - namespace = try(var.eventbridge.namespace, local.eventbridge_name) + namespace = try(var.eventbridge.namespace, "ack-system") create_namespace = try(var.eventbridge.create_namespace, true) chart = "eventbridge-chart" chart_version = try(var.eventbridge.chart_version, "1.0.1") diff --git a/outputs.tf b/outputs.tf index 1c270f9..b8b8a95 100644 --- a/outputs.tf +++ b/outputs.tf @@ -13,55 +13,55 @@ output "gitops_metadata" { value = merge( { for k, v in { iam_role_arn = module.apigatewayv2.iam_role_arn - namespace = try(var.apigatewayv2.namespace, local.apigatewayv2_name) + namespace = try(var.apigatewayv2.namespace, "ack-system") service_account = local.apigatewayv2_name } : "ack_apigatewayv2_${k}" => v if var.enable_apigatewayv2 }, { for k, v in { iam_role_arn = module.dynamodb.iam_role_arn - namespace = try(var.dynamodb.namespace, local.dynamodb_name) + namespace = try(var.dynamodb.namespace, "ack-system") service_account = local.dynamodb_name } : "ack_dynamodb_${k}" => v if var.enable_dynamodb }, { for k, v in { iam_role_arn = module.s3.iam_role_arn - namespace = try(var.s3.namespace, local.s3_name) + namespace = try(var.s3.namespace, "ack-system") service_account = local.s3_name } : "ack_s3_${k}" => v if var.enable_s3 }, { for k, v in { iam_role_arn = module.rds.iam_role_arn - namespace = try(var.rds.namespace, local.rds_name) + namespace = try(var.rds.namespace, "ack-system") service_account = local.rds_name } : "ack_rds_${k}" => v if var.enable_rds }, { for k, v in { iam_role_arn = module.prometheusservice.iam_role_arn - namespace = try(var.prometheusservice.namespace, local.prometheusservice_name) + namespace = try(var.prometheusservice.namespace, "ack-system") service_account = local.prometheusservice_name } : "ack_prometheusservice_${k}" => v if var.enable_prometheusservice }, { for k, v in { iam_role_arn = module.emrcontainers.iam_role_arn - namespace = try(var.emrcontainers.namespace, local.emrcontainers_name) + namespace = try(var.emrcontainers.namespace, "ack-system") service_account = local.emrcontainers_name } : "ack_emrcontainers_${k}" => v if var.enable_emrcontainers }, { for k, v in { iam_role_arn = module.sfn.iam_role_arn - namespace = try(var.sfn.namespace, local.sfn_name) + namespace = try(var.sfn.namespace, "ack-system") service_account = local.sfn_name } : "ack_sfn_${k}" => v if var.enable_sfn }, { for k, v in { iam_role_arn = module.eventbridge.iam_role_arn - namespace = try(var.eventbridge.namespace, local.eventbridge_name) + namespace = try(var.eventbridge.namespace, "ack-system") service_account = local.eventbridge_name } : "ack_eventbridge_${k}" => v if var.enable_eventbridge }, { for k, v in { iam_role_arn = module.elasticache.iam_role_arn - namespace = try(var.elasticache.namespace, local.elasticache_name) + namespace = try(var.elasticache.namespace, "ack-system") service_account = local.elasticache_name } : "ack_elasticache_${k}" => v if var.enable_elasticache } diff --git a/versions.tf b/versions.tf index 9db11d4..497d5ab 100644 --- a/versions.tf +++ b/versions.tf @@ -1,14 +1,14 @@ terraform { - required_version = ">= 1.0.0" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.0" + version = ">= 5.0" } time = { source = "hashicorp/time" - version = ">= 0.8" + version = ">= 0.9" } } }