diff --git a/.github/workflows/e2e-parallel-destroy.yml b/.github/workflows/e2e-parallel-destroy.yml index 85b70c810e..b876c30fd3 100644 --- a/.github/workflows/e2e-parallel-destroy.yml +++ b/.github/workflows/e2e-parallel-destroy.yml @@ -58,7 +58,7 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.0.0 + terraform_version: 1.3.10 - name: Terraform Destroy working-directory: ${{ matrix.example_path }} diff --git a/.github/workflows/e2e-parallel-full.yml b/.github/workflows/e2e-parallel-full.yml index 45d7f623af..bed25d836e 100644 --- a/.github/workflows/e2e-parallel-full.yml +++ b/.github/workflows/e2e-parallel-full.yml @@ -101,7 +101,8 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: - terraform_version: 1.0.0 + terraform_version: 1.3.10 + - name: Terraform Apply id: apply diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2235d24cc7..734900772e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: - id: detect-aws-credentials args: ['--allow-missing-credentials'] - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.5 + rev: v1.86.0 hooks: - id: terraform_fmt - id: terraform_docs @@ -29,6 +29,7 @@ repos: - '--args=--only=terraform_naming_convention' - '--args=--only=terraform_required_version' - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_unused_required_providers' - '--args=--only=terraform_workspace_remote' - id: terraform_validate exclude: (docs|modules) diff --git a/patterns/agones-game-controller/main.tf b/patterns/agones-game-controller/main.tf index 0853598a46..93890ed39a 100644 --- a/patterns/agones-game-controller/main.tf +++ b/patterns/agones-game-controller/main.tf @@ -2,18 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint @@ -34,7 +22,7 @@ locals { name = basename(path.cwd) region = "us-west-2" - cluster_version = "1.27" + cluster_version = "1.29" vpc_cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 3) @@ -54,7 +42,7 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name cluster_version = local.cluster_version diff --git a/patterns/agones-game-controller/versions.tf b/patterns/agones-game-controller/versions.tf index a4f611af01..57a5604dc7 100644 --- a/patterns/agones-game-controller/versions.tf +++ b/patterns/agones-game-controller/versions.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } } # ## Used for end-to-end testing on project; update to suit your needs diff --git a/patterns/appmesh-mtls/main.tf b/patterns/appmesh-mtls/main.tf index 892c7cc3c3..4f2eea71fa 100644 --- a/patterns/appmesh-mtls/main.tf +++ b/patterns/appmesh-mtls/main.tf @@ -2,18 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint @@ -66,10 +54,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id diff --git a/patterns/appmesh-mtls/versions.tf b/patterns/appmesh-mtls/versions.tf index 4f2625b6a3..969ce00135 100644 --- a/patterns/appmesh-mtls/versions.tf +++ b/patterns/appmesh-mtls/versions.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } kubectl = { source = "gavinbunney/kubectl" version = ">= 1.14" diff --git a/patterns/aws-vpc-cni-network-policy/main.tf b/patterns/aws-vpc-cni-network-policy/main.tf index 204407c62f..83b6f04cbc 100644 --- a/patterns/aws-vpc-cni-network-policy/main.tf +++ b/patterns/aws-vpc-cni-network-policy/main.tf @@ -49,10 +49,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" # Must be 1.25 or higher + cluster_version = "1.29" # Must be 1.25 or higher cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -118,7 +118,6 @@ module "addons" { coredns = {} kube-proxy = {} vpc-cni = { - preserve = true most_recent = true # Must be 1.14.0 or higher timeouts = { diff --git a/patterns/aws-vpc-cni-network-policy/versions.tf b/patterns/aws-vpc-cni-network-policy/versions.tf index 4b98ab82b1..758b500fba 100644 --- a/patterns/aws-vpc-cni-network-policy/versions.tf +++ b/patterns/aws-vpc-cni-network-policy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/blue-green-upgrade/eks-blue/providers.tf b/patterns/blue-green-upgrade/eks-blue/providers.tf index fac76269c2..1e3e8d5586 100644 --- a/patterns/blue-green-upgrade/eks-blue/providers.tf +++ b/patterns/blue-green-upgrade/eks-blue/providers.tf @@ -14,9 +14,5 @@ terraform { source = "hashicorp/helm" version = ">= 2.9.0" } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14" - } } } diff --git a/patterns/blue-green-upgrade/eks-green/providers.tf b/patterns/blue-green-upgrade/eks-green/providers.tf index fac76269c2..1e3e8d5586 100644 --- a/patterns/blue-green-upgrade/eks-green/providers.tf +++ b/patterns/blue-green-upgrade/eks-green/providers.tf @@ -14,9 +14,5 @@ terraform { source = "hashicorp/helm" version = ">= 2.9.0" } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14" - } } } diff --git a/patterns/elastic-fabric-adapter/main.tf b/patterns/elastic-fabric-adapter/main.tf index 550df48250..412301f740 100644 --- a/patterns/elastic-fabric-adapter/main.tf +++ b/patterns/elastic-fabric-adapter/main.tf @@ -34,7 +34,7 @@ locals { name = basename(path.cwd) region = "us-west-2" - cluster_version = "1.27" + cluster_version = "1.29" vpc_cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 3) @@ -51,7 +51,7 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name cluster_version = local.cluster_version @@ -127,29 +127,6 @@ module "eks" { group_name = aws_placement_group.efa.name } - pre_bootstrap_user_data = <<-EOT - EFA_BIN='/opt/amazon/efa/bin/' - - # EFA driver is installed by default on EKS GPU AMI starting on EKS 1.28 - if [ ! -s "$EFA_BIN" ]; then - - # Install EFA - # Note: It is recommended to install the EFA driver on a custom AMI and - # not rely on dynamic installation during instance provisioning in user data - curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz - tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer - ./efa_installer.sh -y --minimal - cd .. && rm -rf aws-efa-installer* - - # Not required - just displays info on the EFA interfaces - $EFA_BIN/fi_info -p efa - - # Disable ptrace - sysctl -w kernel.yama.ptrace_scope=0 - - fi - EOT - taints = { dedicated = { key = "nvidia.com/gpu" @@ -169,7 +146,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint @@ -275,7 +252,7 @@ resource "kubernetes_daemonset" "aws_efa_k8s_device_plugin" { container { name = "aws-efa-k8s-device-plugin" - image = "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efa-k8s-device-plugin:v0.3.3" + image = "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efa-k8s-device-plugin:v0.4.3" volume_mount { name = "device-plugin" diff --git a/patterns/elastic-fabric-adapter/versions.tf b/patterns/elastic-fabric-adapter/versions.tf index bea4d78d15..a71baafaf3 100644 --- a/patterns/elastic-fabric-adapter/versions.tf +++ b/patterns/elastic-fabric-adapter/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/external-secrets/main.tf b/patterns/external-secrets/main.tf index 3b64f7163d..1fea9b1149 100644 --- a/patterns/external-secrets/main.tf +++ b/patterns/external-secrets/main.tf @@ -2,18 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint @@ -70,10 +58,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -98,7 +86,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/external-secrets/versions.tf b/patterns/external-secrets/versions.tf index 6c0c8a518a..fa1efd6ca5 100644 --- a/patterns/external-secrets/versions.tf +++ b/patterns/external-secrets/versions.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } kubectl = { source = "gavinbunney/kubectl" version = ">= 1.14" diff --git a/patterns/fargate-serverless/main.tf b/patterns/fargate-serverless/main.tf index 237b140cda..f4fefdea75 100644 --- a/patterns/fargate-serverless/main.tf +++ b/patterns/fargate-serverless/main.tf @@ -50,10 +50,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -92,7 +92,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/fargate-serverless/versions.tf b/patterns/fargate-serverless/versions.tf index e3d13ea958..0b0c579fbf 100644 --- a/patterns/fargate-serverless/versions.tf +++ b/patterns/fargate-serverless/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/fully-private-cluster/main.tf b/patterns/fully-private-cluster/main.tf index bfb0800510..cda9e75203 100644 --- a/patterns/fully-private-cluster/main.tf +++ b/patterns/fully-private-cluster/main.tf @@ -23,10 +23,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" # EKS Addons cluster_addons = { diff --git a/patterns/fully-private-cluster/versions.tf b/patterns/fully-private-cluster/versions.tf index 95e312cfcd..a4eee252ab 100644 --- a/patterns/fully-private-cluster/versions.tf +++ b/patterns/fully-private-cluster/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } } diff --git a/patterns/gitops/getting-started-argocd/versions.tf b/patterns/gitops/getting-started-argocd/versions.tf index c3fb7ee058..227651ab9a 100644 --- a/patterns/gitops/getting-started-argocd/versions.tf +++ b/patterns/gitops/getting-started-argocd/versions.tf @@ -1,18 +1,18 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.67.0" + version = ">= 5.34" } helm = { source = "hashicorp/helm" - version = ">= 2.10.1" + version = ">= 2.10" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.22.0" + version = ">= 2.22" } } diff --git a/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/versions.tf b/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/versions.tf index 2de60d58ee..45bcbc37df 100644 --- a/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/versions.tf +++ b/patterns/gitops/multi-cluster-hub-spoke-argocd/hub/versions.tf @@ -1,18 +1,18 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.67.0" + version = ">= 5.34" } helm = { source = "hashicorp/helm" - version = ">= 2.10.1" + version = ">= 2.10" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.22.0" + version = ">= 2.22" } } diff --git a/patterns/ipv6-eks-cluster/main.tf b/patterns/ipv6-eks-cluster/main.tf index 4940364b51..f8f1bd801f 100644 --- a/patterns/ipv6-eks-cluster/main.tf +++ b/patterns/ipv6-eks-cluster/main.tf @@ -2,32 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - -provider "helm" { - kubernetes { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } - } -} - data "aws_availability_zones" "available" {} locals { @@ -49,10 +23,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true # IPV6 diff --git a/patterns/ipv6-eks-cluster/versions.tf b/patterns/ipv6-eks-cluster/versions.tf index 63713abb40..ada40fb84c 100644 --- a/patterns/ipv6-eks-cluster/versions.tf +++ b/patterns/ipv6-eks-cluster/versions.tf @@ -1,18 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" - } - helm = { - source = "hashicorp/helm" - version = ">= 2.9" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" + version = ">= 5.34" } } diff --git a/patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf b/patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf index 017d810e4b..629fc65f2d 100644 --- a/patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf +++ b/patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf @@ -2,14 +2,6 @@ terraform { required_version = ">= 1.0" required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.47" - } - helm = { - source = "hashicorp/helm" - version = ">= 2.9" - } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.20" diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf index 2a7ae38b38..28cf08b927 100644 --- a/patterns/istio/main.tf +++ b/patterns/istio/main.tf @@ -52,18 +52,16 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.28" + cluster_version = "1.29" cluster_endpoint_public_access = true cluster_addons = { coredns = {} kube-proxy = {} - vpc-cni = { - preserve = true - } + vpc-cni = {} } vpc_id = module.vpc.vpc_id @@ -115,7 +113,7 @@ resource "kubernetes_namespace_v1" "istio_system" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/istio/versions.tf b/patterns/istio/versions.tf index 20c550ab61..943553260e 100644 --- a/patterns/istio/versions.tf +++ b/patterns/istio/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/karpenter/main.tf b/patterns/karpenter/main.tf index 7055526364..556f51267d 100644 --- a/patterns/karpenter/main.tf +++ b/patterns/karpenter/main.tf @@ -59,10 +59,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.18" + version = "~> 19.21" cluster_name = local.name - cluster_version = "1.28" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -113,7 +113,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.11" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/karpenter/versions.tf b/patterns/karpenter/versions.tf index 2c63637eba..7d97e67e7b 100644 --- a/patterns/karpenter/versions.tf +++ b/patterns/karpenter/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/kubecost/main.tf b/patterns/kubecost/main.tf index a5ad1efbc2..40fb5aa746 100644 --- a/patterns/kubecost/main.tf +++ b/patterns/kubecost/main.tf @@ -1,17 +1,5 @@ provider "aws" { - region = var.region -} - -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } + region = local.region } provider "helm" { @@ -32,7 +20,9 @@ data "aws_availability_zones" "available" {} data "aws_caller_identity" "current" {} locals { - name = coalesce(var.name, basename(path.cwd)) + name = basename(path.cwd) + region = "us-west-2" + vpc_cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 2) @@ -70,10 +60,10 @@ module "ebs_csi_driver_irsa" { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.17" + version = "~> 20.0" cluster_name = local.name - cluster_version = var.cluster_version + cluster_version = "1.29" cluster_endpoint_public_access = true # EKS Addons @@ -92,7 +82,7 @@ module "eks" { eks_managed_node_groups = { initial = { instance_types = ["m6i.large", "m5.large", "m5n.large", "m5zn.large"] - capacity_type = var.capacity_type # defaults to SPOT + capacity_type = "SPOT" min_size = 3 max_size = 10 desired_size = 5 @@ -108,7 +98,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "1.8.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint @@ -197,7 +187,7 @@ resource "aws_cur_report_definition" "cur" { additional_schema_elements = ["RESOURCES"] s3_bucket = aws_s3_bucket.cur.id s3_prefix = "reports" - s3_region = var.region + s3_region = local.region additional_artifacts = ["ATHENA"] report_versioning = "OVERWRITE_REPORT" } @@ -370,7 +360,7 @@ module "eks_blueprints_addon" { projectID = data.aws_caller_identity.current.account_id athenaProjectID = data.aws_caller_identity.current.account_id athenaBucketName = "s3://${aws_s3_bucket.athena_results.id}" - athenaRegion = var.region + athenaRegion = local.region athenaDatabase = "athenacurcfn_kubecost" athenaTable = "kubecost" }) diff --git a/patterns/kubecost/outputs.tf b/patterns/kubecost/outputs.tf index 9892e61d62..5d45b2b5aa 100644 --- a/patterns/kubecost/outputs.tf +++ b/patterns/kubecost/outputs.tf @@ -15,5 +15,5 @@ output "s3_cur_report_prefix" { output "region" { description = "region" - value = var.region + value = local.region } diff --git a/patterns/kubecost/variables.tf b/patterns/kubecost/variables.tf index b736224672..80e799b1d7 100644 --- a/patterns/kubecost/variables.tf +++ b/patterns/kubecost/variables.tf @@ -1,27 +1,3 @@ -variable "region" { - description = "AWS region" - type = string - default = "us-east-1" -} - -variable "name" { - description = "EKS Cluster Name and the VPC name" - type = string - default = "" -} - -variable "cluster_version" { - type = string - description = "Kubernetes Version" - default = "1.28" -} - -variable "capacity_type" { - type = string - description = "Capacity SPOT or ON_DEMAND" - default = "SPOT" -} - variable "kubecost_token" { type = string description = "To find or obtain Kubecost token, go to https://www.kubecost.com/install#show-instructions" diff --git a/patterns/kubecost/versions.tf b/patterns/kubecost/versions.tf index 4b98ab82b1..37a1a474f1 100644 --- a/patterns/kubecost/versions.tf +++ b/patterns/kubecost/versions.tf @@ -1,18 +1,21 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" - version = ">= 2.9" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" + version = ">= 2.10" } } + + # ## Used for end-to-end testing on project; update to suit your needs + # backend "s3" { + # bucket = "terraform-ssp-github-actions-state" + # region = "us-west-2" + # key = "e2e/kubecost/terraform.tfstate" + # } } diff --git a/patterns/multi-tenancy-with-teams/main.tf b/patterns/multi-tenancy-with-teams/main.tf index 3631a4340f..257bfe9f57 100644 --- a/patterns/multi-tenancy-with-teams/main.tf +++ b/patterns/multi-tenancy-with-teams/main.tf @@ -50,10 +50,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 19.21" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id diff --git a/patterns/multi-tenancy-with-teams/versions.tf b/patterns/multi-tenancy-with-teams/versions.tf index 74b12895bd..945a7f69ea 100644 --- a/patterns/multi-tenancy-with-teams/versions.tf +++ b/patterns/multi-tenancy-with-teams/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/patterns/private-public-ingress/main.tf b/patterns/private-public-ingress/main.tf index fd81fc2772..fa77496057 100644 --- a/patterns/private-public-ingress/main.tf +++ b/patterns/private-public-ingress/main.tf @@ -2,18 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint @@ -28,20 +16,6 @@ provider "helm" { } } -provider "kubectl" { - apply_retry_count = 5 - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - load_config_file = false - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - data "aws_availability_zones" "available" {} locals { @@ -63,10 +37,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -124,7 +98,7 @@ resource "aws_security_group" "ingress_nginx_external" { # ingress-nginx controller, exposed by an internet facing Network Load Balancer module "ingres_nginx_external" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint @@ -199,7 +173,7 @@ resource "aws_security_group" "ingress_nginx_internal" { # ingress-nginx controller, exposed by an internal Network Load Balancer module "ingres_nginx_internal" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.6.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint @@ -245,7 +219,7 @@ module "ingres_nginx_internal" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/private-public-ingress/versions.tf b/patterns/private-public-ingress/versions.tf index a2f5c89e44..049d373697 100644 --- a/patterns/private-public-ingress/versions.tf +++ b/patterns/private-public-ingress/versions.tf @@ -1,22 +1,14 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14" - } } } diff --git a/patterns/privatelink-access/eks.tf b/patterns/privatelink-access/eks.tf index 0ac647e023..8cfc223c07 100644 --- a/patterns/privatelink-access/eks.tf +++ b/patterns/privatelink-access/eks.tf @@ -16,10 +16,10 @@ provider "kubernetes" { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 19.21" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true manage_aws_auth_configmap = true diff --git a/patterns/privatelink-access/versions.tf b/patterns/privatelink-access/versions.tf index fb2fa577b1..1928dde13c 100644 --- a/patterns/privatelink-access/versions.tf +++ b/patterns/privatelink-access/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.34" } dns = { source = "hashicorp/dns" diff --git a/patterns/sso-iam-identity-center/main.tf b/patterns/sso-iam-identity-center/main.tf index 82db7390af..187e01adbd 100644 --- a/patterns/sso-iam-identity-center/main.tf +++ b/patterns/sso-iam-identity-center/main.tf @@ -24,10 +24,10 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.13" + version = "~> 19.21" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true # EKS Addons diff --git a/patterns/sso-iam-identity-center/versions.tf b/patterns/sso-iam-identity-center/versions.tf index 5e0095cc56..dff26f6939 100644 --- a/patterns/sso-iam-identity-center/versions.tf +++ b/patterns/sso-iam-identity-center/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/patterns/sso-okta/main.tf b/patterns/sso-okta/main.tf index 16432c259d..8d4ec7e5aa 100644 --- a/patterns/sso-okta/main.tf +++ b/patterns/sso-okta/main.tf @@ -24,10 +24,10 @@ locals { #tfsec:ignore:aws-eks-enable-control-plane-logging module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.13" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true # EKS Addons diff --git a/patterns/sso-okta/versions.tf b/patterns/sso-okta/versions.tf index 924e00c1b9..c3ce889424 100644 --- a/patterns/sso-okta/versions.tf +++ b/patterns/sso-okta/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } okta = { source = "okta/okta" diff --git a/patterns/stateful/main.tf b/patterns/stateful/main.tf index 320c1cd7a7..79c16dfd31 100644 --- a/patterns/stateful/main.tf +++ b/patterns/stateful/main.tf @@ -55,10 +55,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -194,7 +194,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/stateful/outputs.tf b/patterns/stateful/outputs.tf index 2b2ba58283..45e5f23fa7 100644 --- a/patterns/stateful/outputs.tf +++ b/patterns/stateful/outputs.tf @@ -2,6 +2,7 @@ output "configure_kubectl" { description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" value = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}" } + output "velero_s3_backup_location" { description = "S3 backup location" value = local.velero_s3_backup_location diff --git a/patterns/stateful/versions.tf b/patterns/stateful/versions.tf index 10a78e6071..54f2f2076f 100644 --- a/patterns/stateful/versions.tf +++ b/patterns/stateful/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" @@ -14,10 +14,6 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.20" } - random = { - source = "hashicorp/random" - version = ">= 3.0" - } } # ## Used for end-to-end testing on project; update to suit your needs diff --git a/patterns/tls-with-aws-pca-issuer/main.tf b/patterns/tls-with-aws-pca-issuer/main.tf index 98ebde2d9a..b459c7ccd2 100644 --- a/patterns/tls-with-aws-pca-issuer/main.tf +++ b/patterns/tls-with-aws-pca-issuer/main.tf @@ -2,18 +2,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint @@ -64,10 +52,10 @@ locals { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.27" + cluster_version = "1.29" cluster_endpoint_public_access = true vpc_id = module.vpc.vpc_id @@ -92,7 +80,7 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.0" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/tls-with-aws-pca-issuer/versions.tf b/patterns/tls-with-aws-pca-issuer/versions.tf index 2e3bb98d8f..b137ca697a 100644 --- a/patterns/tls-with-aws-pca-issuer/versions.tf +++ b/patterns/tls-with-aws-pca-issuer/versions.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } kubectl = { source = "gavinbunney/kubectl" version = ">= 1.14" diff --git a/patterns/vpc-lattice/client-server-communication/client.tf b/patterns/vpc-lattice/client-server-communication/client.tf index 145db1ecf6..8d6d1827c2 100644 --- a/patterns/vpc-lattice/client-server-communication/client.tf +++ b/patterns/vpc-lattice/client-server-communication/client.tf @@ -4,7 +4,7 @@ module "client" { source = "terraform-aws-modules/ec2-instance/aws" - version = "5.5.0" + version = "~> 5.0" name = "client" @@ -90,7 +90,7 @@ module "endpoint_sg" { module "client_vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.4" + version = "~> 5.0" name = local.name cidr = local.client_vpc_cidr diff --git a/patterns/vpc-lattice/client-server-communication/eks.tf b/patterns/vpc-lattice/client-server-communication/eks.tf index 0f50052063..54ff8c5cc4 100644 --- a/patterns/vpc-lattice/client-server-communication/eks.tf +++ b/patterns/vpc-lattice/client-server-communication/eks.tf @@ -4,12 +4,11 @@ module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.21" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.28" + cluster_version = "1.29" cluster_endpoint_public_access = true - enable_irsa = true vpc_id = module.cluster_vpc.vpc_id subnet_ids = module.cluster_vpc.private_subnets @@ -33,7 +32,7 @@ module "eks" { module "cluster_vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.4" + version = "~> 5.0" name = local.name cidr = local.cluster_vpc_cidr diff --git a/patterns/vpc-lattice/client-server-communication/main.tf b/patterns/vpc-lattice/client-server-communication/main.tf index 4412f1b1dd..2f15f5a232 100644 --- a/patterns/vpc-lattice/client-server-communication/main.tf +++ b/patterns/vpc-lattice/client-server-communication/main.tf @@ -10,19 +10,6 @@ data "aws_availability_zones" "available" { } } - -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint diff --git a/patterns/vpc-lattice/client-server-communication/versions.tf b/patterns/vpc-lattice/client-server-communication/versions.tf index 9adde16313..6a0751fafe 100644 --- a/patterns/vpc-lattice/client-server-communication/versions.tf +++ b/patterns/vpc-lattice/client-server-communication/versions.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.30" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.24" - } time = { source = "hashicorp/time" version = ">= 0.10" diff --git a/patterns/wireguard-with-cilium/eks.tf b/patterns/wireguard-with-cilium/eks.tf index f5b6c33009..720cd547f7 100644 --- a/patterns/wireguard-with-cilium/eks.tf +++ b/patterns/wireguard-with-cilium/eks.tf @@ -4,10 +4,10 @@ module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" + version = "~> 20.0" cluster_name = local.name - cluster_version = "1.28" + cluster_version = "1.29" cluster_endpoint_public_access = true # EKS Addons @@ -60,7 +60,7 @@ output "configure_kubectl" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "~> 1.7" + version = "~> 1.14" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint diff --git a/patterns/wireguard-with-cilium/main.tf b/patterns/wireguard-with-cilium/main.tf index e6c70ffea4..0403023a61 100644 --- a/patterns/wireguard-with-cilium/main.tf +++ b/patterns/wireguard-with-cilium/main.tf @@ -1,19 +1,15 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 5.34" } helm = { source = "hashicorp/helm" version = ">= 2.9" } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } } # ## Used for end-to-end testing on project; update to suit your needs @@ -28,18 +24,6 @@ provider "aws" { region = local.region } -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - provider "helm" { kubernetes { host = module.eks.cluster_endpoint