chore: Update EKS version to 1.30 where applicable (#1952)

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/streetsidesoftware/cspell-cli
-    rev: v8.8.0
+    rev: v8.8.2
     hooks:
       - id: cspell
         args: [--exclude, 'ADOPTERS.md', --exclude, '.pre-commit-config.yaml', --exclude, '.gitignore', --exclude, '*.drawio', --exclude, 'mkdocs.yml', --exclude, '.helmignore', --exclude, '.github/workflows/*', --exclude, 'patterns/istio-multi-cluster/*', --exclude, 'patterns/blue-green-upgrade/*']
@@ -19,7 +19,7 @@ repos:
       - id: detect-aws-credentials
         args: [--allow-missing-credentials]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.89.1
+    rev: v1.90.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

docs/cSpell_dict.txt

@@ -34,6 +34,7 @@ cainjector
 chdir
 cidrsubnet
 ciliumnetworkpolicy
+cloudinit
 clusterip
 clusterissuer
 clusterrole
@@ -111,6 +112,7 @@ mtls
 nccl
 netcat
 nics
+nodeadm
 nodegroup
 nodeport
 nvme

patterns/agones-game-controller/main.tf

@@ -22,8 +22,6 @@ locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.29"
-
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
@@ -42,10 +40,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = local.cluster_version
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/aws-vpc-cni-network-policy/main.tf

@@ -49,10 +49,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29" # Must be 1.25 or higher
+  cluster_version                = "1.30" # Must be 1.25 or higher
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/external-secrets/main.tf

@@ -58,10 +58,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/fargate-serverless/main.tf

@@ -50,10 +50,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/fully-private-cluster/main.tf

@@ -23,10 +23,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name    = local.name
-  cluster_version = "1.29"
+  cluster_version = "1.30"
 
   # EKS Addons
   cluster_addons = {

patterns/ipv6-eks-cluster/main.tf

@@ -23,10 +23,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # IPV6

patterns/istio/main.tf

@@ -52,10 +52,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/karpenter-mng/eks.tf

@@ -4,10 +4,10 @@
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.10"
+  version = "~> 20.11"
 
   cluster_name    = local.name
-  cluster_version = "1.29"
+  cluster_version = "1.30"
 
   # Give the Terraform identity admin access to the cluster
   # which will allow it to deploy resources into the cluster
@@ -82,7 +82,7 @@ output "configure_kubectl" {
 
 module "karpenter" {
   source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "~> 20.9"
+  version = "~> 20.11"
 
   cluster_name = module.eks.cluster_name
 
@@ -105,7 +105,7 @@ resource "helm_release" "karpenter" {
   repository_username = data.aws_ecrpublic_authorization_token.token.user_name
   repository_password = data.aws_ecrpublic_authorization_token.token.password
   chart               = "karpenter"
-  version             = "0.36.1"
+  version             = "0.36.2"
   wait                = false
 
   values = [

patterns/karpenter/main.tf

@@ -59,10 +59,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id

patterns/kubecost/main.tf

@@ -38,10 +38,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/ml-capacity-block/eks.tf

@@ -16,10 +16,10 @@ variable "capacity_reservation_id" {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.9"
+  version = "~> 20.11"
 
   cluster_name    = local.name
-  cluster_version = "1.29"
+  cluster_version = "1.30"
 
   # Give the Terraform identity admin access to the cluster
   # which will allow it to deploy resources into the cluster

patterns/nvidia-gpu-efa/eks.tf

@@ -4,10 +4,10 @@
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.9"
+  version = "~> 20.11"
 
   cluster_name    = local.name
-  cluster_version = "1.29"
+  cluster_version = "1.30"
 
   # Give the Terraform identity admin access to the cluster
   # which will allow it to deploy resources into the cluster

patterns/private-public-ingress/main.tf

@@ -37,10 +37,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster

patterns/privatelink-access/eks.tf

@@ -16,10 +16,10 @@ provider "kubernetes" {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name    = local.name
-  cluster_version = "1.29"
+  cluster_version = "1.30"
 
   cluster_endpoint_public_access           = false
   enable_cluster_creator_admin_permissions = true

patterns/sso-iam-identity-center/main.tf

@@ -35,10 +35,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # EKS Addons

patterns/sso-okta/main.tf

@@ -23,10 +23,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # EKS Addons

patterns/stateful/main.tf

@@ -55,10 +55,10 @@ locals {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.8"
+  version = "~> 20.11"
 
   cluster_name                   = local.name
-  cluster_version                = "1.29"
+  cluster_version                = "1.30"
   cluster_endpoint_public_access = true
 
   # Give the Terraform identity admin access to the cluster
@@ -112,42 +112,47 @@ module "eks" {
       # is dedicated to just containerd. You can read more about the practice and why
       # here https://aws.github.io/aws-eks-best-practices/scalability/docs/data-plane/#use-multiple-ebs-volumes-for-containers
       # and https://github.com/containerd/containerd/blob/main/docs/ops.md#base-configuration
-      pre_bootstrap_user_data = <<-EOT
-        # Wait for second volume to attach before trying to mount paths
-        TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
-        EC2_INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id)
-        DATA_STATE="unknown"
-        until [ "$${DATA_STATE}" == "attached" ]; do
-          DATA_STATE=$(aws ec2 describe-volumes \
-            --region ${local.region} \
-            --filters \
-                Name=attachment.instance-id,Values=$${EC2_INSTANCE_ID} \
-                Name=attachment.device,Values=${local.second_volume_name} \
-            --query Volumes[].Attachments[].State \
-            --output text)
-          sleep 5
-        done
-
-        # Get the volume ID
-        VOLUME_ID=$(aws ec2 describe-volumes \
-          --region ${local.region} \
-          --filters \
-              Name=attachment.instance-id,Values=$${EC2_INSTANCE_ID} \
-              Name=attachment.device,Values=${local.second_volume_name} \
-          --query Volumes[].Attachments[].VolumeId \
-          --output text | sed 's/-//')
-
-        # Mount the containerd directories to the 2nd volume
-        SECOND_VOL=$(lsblk -o NAME,SERIAL -d |awk -v id="$${VOLUME_ID}" '$2 ~ id {print $1}')
-        systemctl stop containerd
-        mkfs -t ext4 /dev/$${SECOND_VOL}
-        rm -rf /var/lib/containerd/*
-        rm -rf /run/containerd/*
-
-        mount /dev/$${SECOND_VOL} /var/lib/containerd/
-        mount /dev/$${SECOND_VOL} /run/containerd/
-        systemctl start containerd
-      EOT
+      cloudinit_pre_nodeadm = [
+        {
+          content_type = "text/x-shellscript"
+          content      = <<-EOT
+            # Wait for second volume to attach before trying to mount paths
+            TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+            EC2_INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id)
+            DATA_STATE="unknown"
+            until [ "$${DATA_STATE}" == "attached" ]; do
+              DATA_STATE=$(aws ec2 describe-volumes \
+                --region ${local.region} \
+                --filters \
+                    Name=attachment.instance-id,Values=$${EC2_INSTANCE_ID} \
+                    Name=attachment.device,Values=${local.second_volume_name} \
+                --query Volumes[].Attachments[].State \
+                --output text)
+              sleep 5
+            done
+
+            # Get the volume ID
+            VOLUME_ID=$(aws ec2 describe-volumes \
+              --region ${local.region} \
+              --filters \
+                  Name=attachment.instance-id,Values=$${EC2_INSTANCE_ID} \
+                  Name=attachment.device,Values=${local.second_volume_name} \
+              --query Volumes[].Attachments[].VolumeId \
+              --output text | sed 's/-//')
+
+            # Mount the containerd directories to the 2nd volume
+            SECOND_VOL=$(lsblk -o NAME,SERIAL -d |awk -v id="$${VOLUME_ID}" '$2 ~ id {print $1}')
+            systemctl stop containerd
+            mkfs -t ext4 /dev/$${SECOND_VOL}
+            rm -rf /var/lib/containerd/*
+            rm -rf /run/containerd/*
+
+            mount /dev/$${SECOND_VOL} /var/lib/containerd/
+            mount /dev/$${SECOND_VOL} /run/containerd/
+            systemctl start containerd
+          EOT
+        }
+      ]
     }
 
     instance-store = {
@@ -172,20 +177,20 @@ module "eks" {
         }
       }
 
-      # NVMe instance store volumes are automatically enumerated and assigned a device
-      pre_bootstrap_user_data = <<-EOT
-        cat <<-EOF > /etc/profile.d/bootstrap.sh
-        #!/bin/sh
-
-        # Configure NVMe volumes in RAID0 configuration
-        # https://github.com/awslabs/amazon-eks-ami/blob/056e31f8c7477e893424abce468cb32bbcd1f079/files/bootstrap.sh#L35C121-L35C126
-        # Mount will be: /mnt/k8s-disks
-        export LOCAL_DISKS='raid0'
-        EOF
-
-        # Source extra environment variables in bootstrap script
-        sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh
-      EOT
+      cloudinit_pre_nodeadm = [
+        {
+          content_type = "application/node.eks.aws"
+          content      = <<-EOT
+            ---
+            apiVersion: node.eks.aws/v1alpha1
+            kind: NodeConfig
+            spec:
+              instance:
+                localStorage:
+                  strategy: RAID0
+          EOT
+        }
+      ]
     }
   }