From 97d39cc3b7db9297657f1f6c42f1dc419c83cb73 Mon Sep 17 00:00:00 2001
From: Uchinda Padmaperuma <89894943+uchinda-sph@users.noreply.github.com>
Date: Tue, 1 Oct 2024 17:49:55 +0800
Subject: [PATCH] fix: brupop chart names
---
README.md | 1 +
modules/essentials/README.md | 38 ++++++++++++++++++++++-----------
modules/essentials/variables.tf | 4 ++--
modules/karpenter/README.md | 1 +
4 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 98f0bf8e..b2ea979b 100644
--- a/README.md
+++ b/README.md
@@ -298,6 +298,7 @@ module "karpenter" {
| [karpenter\_default\_subnet\_selector\_tags](#input\_karpenter\_default\_subnet\_selector\_tags) | Subnet selector tags for Karpenter default node class | `map(string)` | {
"kubernetes.io/role/internal-elb": "1"
} | no |
| [karpenter\_nodeclasses](#input\_karpenter\_nodeclasses) | List of nodetemplate maps | list(object({
nodeclass_name = string
karpenter_subnet_selector_maps = list(map(any))
karpenter_security_group_selector_maps = list(map(any))
karpenter_ami_selector_maps = list(map(any))
karpenter_node_role = string
karpenter_node_tags_map = map(string)
karpenter_ami_family = string
karpenter_node_user_data = string
karpenter_node_metadata_options = map(any)
karpenter_block_device_mapping = list(object({
deviceName = string
ebs = object({
encrypted = bool
volumeSize = string
volumeType = string
kmsKeyID = optional(string)
deleteOnTermination = bool
})
}))
})) | `[]` | no |
| [karpenter\_nodepools](#input\_karpenter\_nodepools) | List of Provisioner maps | list(object({
nodepool_name = string
nodeclass_name = string
karpenter_nodepool_node_labels = map(string)
karpenter_nodepool_annotations = map(string)
karpenter_nodepool_node_taints = list(map(string))
karpenter_nodepool_startup_taints = list(map(string))
karpenter_requirements = list(object({
key = string
operator = string
values = list(string)
})
)
karpenter_nodepool_disruption = object({
consolidation_policy = string
consolidate_after = optional(string)
expire_after = string
})
karpenter_nodepool_disruption_budgets = list(map(any))
karpenter_nodepool_weight = number
})) | [
{
"karpenter_nodepool_annotations": {},
"karpenter_nodepool_disruption": {
"consolidation_policy": "WhenUnderutilized",
"expire_after": "168h"
},
"karpenter_nodepool_disruption_budgets": [
{
"nodes": "10%"
}
],
"karpenter_nodepool_node_labels": {},
"karpenter_nodepool_node_taints": [],
"karpenter_nodepool_startup_taints": [],
"karpenter_nodepool_weight": 10,
"karpenter_requirements": [
{
"key": "karpenter.k8s.aws/instance-category",
"operator": "In",
"values": [
"t",
"m"
]
},
{
"key": "karpenter.k8s.aws/instance-cpu",
"operator": "In",
"values": [
"2",
"4"
]
},
{
"key": "karpenter.k8s.aws/instance-memory",
"operator": "Gt",
"values": [
"2048"
]
},
{
"key": "karpenter.k8s.aws/instance-generation",
"operator": "Gt",
"values": [
"2"
]
},
{
"key": "karpenter.sh/capacity-type",
"operator": "In",
"values": [
"on-demand"
]
},
{
"key": "kubernetes.io/arch",
"operator": "In",
"values": [
"amd64"
]
},
{
"key": "kubernetes.io/os",
"operator": "In",
"values": [
"linux"
]
}
],
"nodeclass_name": "default",
"nodepool_name": "default"
}
]
| no |
+| [karpenter\_pod\_resources](#input\_karpenter\_pod\_resources) | Karpenter Pod Resource | object({
requests = object({
cpu = string
memory = string
})
limits = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "1",
"memory": "2Gi"
},
"requests": {
"cpu": "1",
"memory": "2Gi"
}
} | no |
| [manage\_aws\_auth\_configmap](#input\_manage\_aws\_auth\_configmap) | Determines whether to manage the contents of the aws-auth configmap | `bool` | `true` | no |
| [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | `any` | `{}` | no |
| [node\_security\_group\_enable\_recommended\_rules](#input\_node\_security\_group\_enable\_recommended\_rules) | Determines whether to enable recommended security group rules for the node security group created. This includes node-to-node TCP ingress on ephemeral ports and allows all egress traffic | `bool` | `true` | no |
diff --git a/modules/essentials/README.md b/modules/essentials/README.md
index 18bf818e..176d0984 100644
--- a/modules/essentials/README.md
+++ b/modules/essentials/README.md
@@ -100,6 +100,7 @@ module "eks_essentials" {
| [aws_iam_policy.fluent_bit_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role_policy_attachment.worker_ecr_pullthrough](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [helm_release.brupop](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.brupop_crd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.node_termination_handler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -124,14 +125,19 @@ module "eks_essentials" {
| [adot\_addon\_version](#input\_adot\_addon\_version) | value of the adot addon version | `string` | `null` | no |
| [affinity](#input\_affinity) | Pod affinity | `map(string)` | `{}` | no |
| [autoscaling\_mode](#input\_autoscaling\_mode) | Autoscaling mode: cluster\_autoscaler or karpenter | `string` | `"cluster_autoscaler"` | no |
-| [brupop\_chart\_name](#input\_brupop\_chart\_name) | Chart name for brupop | `string` | `"bottlerocket-brupop"` | no |
-| [brupop\_chart\_repository](#input\_brupop\_chart\_repository) | Chart repository for brupop | `string` | `"oci://public.ecr.aws/sphmedia/helm/"` | no |
-| [brupop\_chart\_version](#input\_brupop\_chart\_version) | Chart version for brupop | `string` | `"1.0.3"` | no |
+| [brupop\_chart\_name](#input\_brupop\_chart\_name) | Chart name for brupop | `string` | `"bottlerocket-update-operator"` | no |
+| [brupop\_chart\_repository](#input\_brupop\_chart\_repository) | Chart repository for brupop | `string` | `"https://bottlerocket-os.github.io/bottlerocket-update-operator"` | no |
+| [brupop\_chart\_version](#input\_brupop\_chart\_version) | Chart version for brupop | `string` | `"1.4.0"` | no |
+| [brupop\_crd\_apiserver\_service\_port](#input\_brupop\_crd\_apiserver\_service\_port) | API server service port for brupop CRD | `number` | `443` | no |
+| [brupop\_crd\_chart\_name](#input\_brupop\_crd\_chart\_name) | Chart name for brupop CRD | `string` | `"bottlerocket-shadow"` | no |
+| [brupop\_crd\_chart\_repository](#input\_brupop\_crd\_chart\_repository) | Chart repository for brupop | `string` | `"https://bottlerocket-os.github.io/bottlerocket-update-operator"` | no |
+| [brupop\_crd\_chart\_version](#input\_brupop\_crd\_chart\_version) | Chart version for brupop CRD | `string` | `"1.0.0"` | no |
+| [brupop\_crd\_release\_name](#input\_brupop\_crd\_release\_name) | Release name for brupop CRD | `string` | `"brupop-crd"` | no |
| [brupop\_enabled](#input\_brupop\_enabled) | Enable Bottle Rocket Update Operator | `bool` | `true` | no |
| [brupop\_image](#input\_brupop\_image) | Docker image for brupop | `string` | `"public.ecr.aws/bottlerocket/bottlerocket-update-operator"` | no |
| [brupop\_namespace](#input\_brupop\_namespace) | Namespace for all resources under bottlerocket update operator | `string` | `"brupop-bottlerocket-aws"` | no |
-| [brupop\_release\_name](#input\_brupop\_release\_name) | Release name for brupop | `string` | `"bottlerocket-brupop"` | no |
-| [brupop\_tag](#input\_brupop\_tag) | Docker image tag for brupop. This should correspond to the Kubernetes version | `string` | `"v0.2.2"` | no |
+| [brupop\_release\_name](#input\_brupop\_release\_name) | Release name for brupop | `string` | `"brupop-operator"` | no |
+| [brupop\_tag](#input\_brupop\_tag) | Docker image tag for brupop. This should correspond to the Kubernetes version | `string` | `"v1.4.0"` | no |
| [ca\_injector\_affinity](#input\_ca\_injector\_affinity) | Affinity for ca\_injector | `map(string)` | `{}` | no |
| [ca\_injector\_container\_security\_context](#input\_ca\_injector\_container\_security\_context) | CA Injector Container Security Context | `map(any)` | `{}` | no |
| [ca\_injector\_deployment\_annotations](#input\_ca\_injector\_deployment\_annotations) | Extra annotations for ca\_injector deployment | `map(string)` | `{}` | no |
@@ -153,14 +159,14 @@ module "eks_essentials" {
| [cert\_manager\_chart\_name](#input\_cert\_manager\_chart\_name) | Helm chart name to provision | `string` | `"cert-manager"` | no |
| [cert\_manager\_chart\_repository](#input\_cert\_manager\_chart\_repository) | Helm repository for the chart | `string` | `"https://charts.jetstack.io"` | no |
| [cert\_manager\_chart\_timeout](#input\_cert\_manager\_chart\_timeout) | Timeout to wait for the Chart to be deployed. | `number` | `300` | no |
-| [cert\_manager\_chart\_version](#input\_cert\_manager\_chart\_version) | Version of Chart to install. Set to empty to install the latest version | `string` | `"1.12.2"` | no |
+| [cert\_manager\_chart\_version](#input\_cert\_manager\_chart\_version) | Version of Chart to install. Set to empty to install the latest version | `string` | `"1.15.3"` | no |
| [cert\_manager\_max\_history](#input\_cert\_manager\_max\_history) | Max History for Helm | `number` | `20` | no |
| [cert\_manager\_release\_name](#input\_cert\_manager\_release\_name) | Helm release name | `string` | `"cert-manager"` | no |
| [certmanager\_namespace](#input\_certmanager\_namespace) | Namespace to install the chart into | `string` | `"cert-manager"` | no |
| [cluster\_autoscaler\_affinity](#input\_cluster\_autoscaler\_affinity) | Affinity for Cluster Autoscaler | `any` | {
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "node.kubernetes.io/lifecycle",
"operator": "NotIn",
"values": [
"spot"
]
}
]
}
]
}
},
"podAntiAffinity": {
"preferredDuringSchedulingIgnoredDuringExecution": [
{
"podAffinityTerm": {
"labelSelector": {
"matchExpressions": [
{
"key": "app.kubernetes.io/instance",
"operator": "In",
"values": [
"cluster-autoscaler"
]
}
]
},
"topologyKey": "kubernetes.io/hostname"
},
"weight": 100
}
]
}
} | no |
| [cluster\_autoscaler\_chart\_name](#input\_cluster\_autoscaler\_chart\_name) | Chart name for Cluster Autoscaler | `string` | `"cluster-autoscaler"` | no |
| [cluster\_autoscaler\_chart\_repository](#input\_cluster\_autoscaler\_chart\_repository) | Chart repository for Cluster Autoscaler | `string` | `"https://kubernetes.github.io/autoscaler"` | no |
-| [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Chart version for Cluster Autoscaler | `string` | `"9.26.0"` | no |
+| [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Chart version for Cluster Autoscaler | `string` | `"9.40.0"` | no |
| [cluster\_autoscaler\_expander](#input\_cluster\_autoscaler\_expander) | Expander to use for Cluster Autoscaler. See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders | `string` | `"least-waste"` | no |
| [cluster\_autoscaler\_iam\_role](#input\_cluster\_autoscaler\_iam\_role) | Override name of the IAM role for autoscaler | `string` | `""` | no |
| [cluster\_autoscaler\_image](#input\_cluster\_autoscaler\_image) | Docker image for Cluster Autoscaler | `string` | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | no |
@@ -173,16 +179,20 @@ module "eks_essentials" {
| [cluster\_autoscaler\_release\_name](#input\_cluster\_autoscaler\_release\_name) | Release name for Cluster Autoscaler | `string` | `"cluster-autoscaler"` | no |
| [cluster\_autoscaler\_replica](#input\_cluster\_autoscaler\_replica) | Number of replicas for Cluster Autoscaler | `number` | `2` | no |
| [cluster\_autoscaler\_resources](#input\_cluster\_autoscaler\_resources) | Resources for Cluster Autoscaler | `any` | {
"limits": {
"memory": "700Mi"
},
"requests": {
"cpu": "100m",
"memory": "700Mi"
}
} | no |
+| [cluster\_autoscaler\_secret\_key\_ref\_name\_override](#input\_cluster\_autoscaler\_secret\_key\_ref\_name\_override) | Override the name of the secret key ref for Cluster Autoscaler | `string` | `""` | no |
| [cluster\_autoscaler\_service\_account\_name](#input\_cluster\_autoscaler\_service\_account\_name) | K8S sevice account name for Cluster Autoscaler | `string` | `"cluster-autoscaler"` | no |
| [cluster\_autoscaler\_service\_annotations](#input\_cluster\_autoscaler\_service\_annotations) | Service annotations for Cluster Autoscaler | `map(string)` | {
"prometheus.io/scrape": "true"
} | no |
-| [cluster\_autoscaler\_tag](#input\_cluster\_autoscaler\_tag) | Docker image tag for Cluster Autoscaler. This should correspond to the Kubernetes version | `string` | `"v1.27.0"` | no |
+| [cluster\_autoscaler\_tag](#input\_cluster\_autoscaler\_tag) | Docker image tag for Cluster Autoscaler. This should correspond to the Kubernetes version | `string` | `"v1.31.0"` | no |
| [cluster\_autoscaler\_tolerations](#input\_cluster\_autoscaler\_tolerations) | Tolerations for Cluster Autoscaler | `any` | `[]` | no |
| [cluster\_autoscaler\_topology\_spread\_constraints](#input\_cluster\_autoscaler\_topology\_spread\_constraints) | Topology spread constraints for Cluster Autoscaler | `any` | [
{
"labelSelector": {
"matchLabels": {
"app.kubernetes.io/instance": "cluster-autoscaler"
}
},
"maxSkew": 1,
"topologyKey": "topology.kubernetes.io/zone",
"whenUnsatisfiable": "DoNotSchedule"
}
]
| no |
+| [cluster\_autoscaler\_vpa](#input\_cluster\_autoscaler\_vpa) | VPA for Cluster AutoScaler | `any` | {
"containerPolicy": {},
"enabled": false,
"updateMode": "Auto"
} | no |
| [cluster\_name](#input\_cluster\_name) | EKS Cluster name | `string` | n/a | yes |
| [cluster\_resource\_namespace](#input\_cluster\_resource\_namespace) | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources. By default, the same namespace as cert-manager is deployed within is used. This namespace will not be automatically created by the Helm chart. | `string` | `""` | no |
| [configure\_ecr\_pull\_through](#input\_configure\_ecr\_pull\_through) | Configure ECR Pull Through Cache. | `bool` | `true` | no |
| [container\_security\_context](#input\_container\_security\_context) | Configure container security context | `map(string)` | `{}` | no |
| [coredns\_pdb\_max\_unavailable](#input\_coredns\_pdb\_max\_unavailable) | PDB max unavailable CoreDNS pods. | `number` | `1` | no |
+| [crds\_enabled](#input\_crds\_enabled) | Install CRDs with chart | `bool` | `true` | no |
+| [crds\_keep](#input\_crds\_keep) | Keep cert-manager custom resources | `bool` | `true` | no |
| [create\_node\_termination\_handler\_sqs](#input\_create\_node\_termination\_handler\_sqs) | Whether to create node\_termination\_handler\_sqs. | `bool` | `false` | no |
| [create\_pdb\_for\_coredns](#input\_create\_pdb\_for\_coredns) | Create PDB for CoreDNS | `bool` | `false` | no |
| [csi\_allow\_volume\_expansion](#input\_csi\_allow\_volume\_expansion) | Allow volume expansion in the StorageClass for CSI. Can be true or false | `bool` | `true` | no |
@@ -202,9 +212,9 @@ module "eks_essentials" {
| [feature\_gates](#input\_feature\_gates) | Feature gates to enable on the pod | `list(any)` | `[]` | no |
| [fluent\_bit\_enabled](#input\_fluent\_bit\_enabled) | Enable fluent-bit helm charts installation. | `bool` | `true` | no |
| [fluent\_bit\_helm\_config](#input\_fluent\_bit\_helm\_config) | Helm provider config for AWS for Fluent Bit. | `any` | `{}` | no |
-| [fluent\_bit\_helm\_config\_defaults](#input\_fluent\_bit\_helm\_config\_defaults) | Helm provider default config for Fluent Bit. | `any` | {
"chart": "fluent-bit",
"description": "Fluent Bit helm Chart deployment configuration",
"name": "fluent-bit",
"namespace": "logging",
"repository": "https://fluent.github.io/helm-charts",
"version": "0.30.2"
} | no |
+| [fluent\_bit\_helm\_config\_defaults](#input\_fluent\_bit\_helm\_config\_defaults) | Helm provider default config for Fluent Bit. | `any` | {
"chart": "fluent-bit",
"description": "Fluent Bit helm Chart deployment configuration",
"name": "fluent-bit",
"namespace": "logging",
"repository": "https://fluent.github.io/helm-charts",
"version": "0.47.9"
} | no |
| [fluent\_bit\_image\_repository](#input\_fluent\_bit\_image\_repository) | Fluent Bit Image repo | `string` | `"public.ecr.aws/aws-observability/aws-for-fluent-bit"` | no |
-| [fluent\_bit\_image\_tag](#input\_fluent\_bit\_image\_tag) | Fluent Bit Image tag | `string` | `"2.31.8"` | no |
+| [fluent\_bit\_image\_tag](#input\_fluent\_bit\_image\_tag) | Fluent Bit Image tag | `string` | `"2.32.0"` | no |
| [fluent\_bit\_log\_group\_retention](#input\_fluent\_bit\_log\_group\_retention) | Number of days to retain the cloudwatch logs | `number` | `30` | no |
| [fluent\_bit\_overwrite\_helm\_values](#input\_fluent\_bit\_overwrite\_helm\_values) | helm values for overwrite configuration | `string` | `""` | no |
| [fluent\_bit\_role\_policy\_arns](#input\_fluent\_bit\_role\_policy\_arns) | ARNs of any policies to attach to the IAM role | `map(string)` | `{}` | no |
@@ -213,7 +223,6 @@ module "eks_essentials" {
| [image\_repository](#input\_image\_repository) | Image repository | `string` | `"quay.io/jetstack/cert-manager-controller"` | no |
| [image\_tag](#input\_image\_tag) | Override the image tag to deploy by setting this variable. If no value is set, the chart's appVersion will be used. | `string` | `null` | no |
| [ingress\_shim](#input\_ingress\_shim) | Configure Ingess Shim. See https://cert-manager.io/docs/usage/ingress/ | `map(any)` | `{}` | no |
-| [install\_crds](#input\_install\_crds) | Install CRDs with chart | `bool` | `true` | no |
| [kube\_state\_metrics\_enabled](#input\_kube\_state\_metrics\_enabled) | Enable kube-state-metrics helm charts installation. | `bool` | `true` | no |
| [kube\_state\_metrics\_helm\_config](#input\_kube\_state\_metrics\_helm\_config) | Helm provider config for kube-state-metrics. | `any` | `{}` | no |
| [kube\_state\_metrics\_helm\_config\_defaults](#input\_kube\_state\_metrics\_helm\_config\_defaults) | Helm provider default config for kube-state-metrics. | `any` | {
"chart": "kube-state-metrics",
"description": "kube-state-metrics helm Chart deployment configuration",
"name": "kube-state-metrics",
"namespace": "kube-system",
"repository": "https://prometheus-community.github.io/helm-charts",
"version": "5.8.1"
} | no |
@@ -227,6 +236,7 @@ module "eks_essentials" {
| [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable metrics-server helm charts installation. | `bool` | `true` | no |
| [metrics\_server\_helm\_config](#input\_metrics\_server\_helm\_config) | Helm provider config for Metrics Server. | `any` | `{}` | no |
| [metrics\_server\_helm\_config\_defaults](#input\_metrics\_server\_helm\_config\_defaults) | Helm provider default config for Metrics Server. | `any` | {
"chart": "metrics-server",
"description": "Metric server helm Chart deployment configuration",
"name": "metrics-server",
"repository": "https://kubernetes-sigs.github.io/metrics-server/",
"version": "3.10.0"
} | no |
+| [mutating\_webhook\_configuration](#input\_mutating\_webhook\_configuration) | Mutating webhook configuration | `any` | {
"namespcaceSelector": {}
} | no |
| [mutating\_webhook\_configuration\_annotations](#input\_mutating\_webhook\_configuration\_annotations) | Optional additional annotations to add to the webhook MutatingWebhookConfiguration | `map(string)` | `{}` | no |
| [namespaces](#input\_namespaces) | List of namespaces to create | list(object({
name = string
description = optional(string)
})) | [
{
"description": "For core Kubernetes services",
"name": "core"
}
]
| no |
| [node\_exporter\_enabled](#input\_node\_exporter\_enabled) | Enable prometheus-node-exporters helm charts installation. | `bool` | `true` | no |
@@ -235,7 +245,7 @@ module "eks_essentials" {
| [node\_selector](#input\_node\_selector) | Node selector for cert-manager-controller pods | `map(string)` | `{}` | no |
| [node\_termination\_handler\_chart\_name](#input\_node\_termination\_handler\_chart\_name) | Chart name for Node Termination Handler. Repo: https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler | `string` | `"aws-node-termination-handler"` | no |
| [node\_termination\_handler\_chart\_repository\_url](#input\_node\_termination\_handler\_chart\_repository\_url) | Chart Repository URL for Node Termination Handler | `string` | `"https://aws.github.io/eks-charts"` | no |
-| [node\_termination\_handler\_chart\_version](#input\_node\_termination\_handler\_chart\_version) | Chart version for Node Termination Handler | `string` | `"0.17.0"` | no |
+| [node\_termination\_handler\_chart\_version](#input\_node\_termination\_handler\_chart\_version) | Chart version for Node Termination Handler | `string` | `"0.21.0"` | no |
| [node\_termination\_handler\_cordon\_only](#input\_node\_termination\_handler\_cordon\_only) | Cordon but do not drain nodes upon spot interruption termination notice | `bool` | `false` | no |
| [node\_termination\_handler\_dry\_run](#input\_node\_termination\_handler\_dry\_run) | Only log calls to kubernetes control plane | `bool` | `false` | no |
| [node\_termination\_handler\_enable](#input\_node\_termination\_handler\_enable) | Enable node\_termination\_handler creation. Only needed for self managed node groups. | `bool` | `false` | no |
@@ -254,7 +264,7 @@ module "eks_essentials" {
| [node\_termination\_handler\_spot\_interruption\_draining\_enabled](#input\_node\_termination\_handler\_spot\_interruption\_draining\_enabled) | Drain nodes when the spot interruption termination notice is received | `bool` | `true` | no |
| [node\_termination\_handler\_sqs\_arn](#input\_node\_termination\_handler\_sqs\_arn) | ARN of the SQS used in Node Termination Handler | `string` | `null` | no |
| [node\_termination\_handler\_sqs\_name](#input\_node\_termination\_handler\_sqs\_name) | Override the name for the SQS used in Node Termination Handler | `string` | `""` | no |
-| [node\_termination\_handler\_tag](#input\_node\_termination\_handler\_tag) | Docker image tag for Node Termination Handler. This should correspond to the Kubernetes version | `string` | `"v1.16.0"` | no |
+| [node\_termination\_handler\_tag](#input\_node\_termination\_handler\_tag) | Docker image tag for Node Termination Handler. This should correspond to the Kubernetes version | `string` | `"v1.22.1"` | no |
| [node\_termination\_handler\_taint\_node](#input\_node\_termination\_handler\_taint\_node) | Taint node upon spot interruption termination notice | `bool` | `true` | no |
| [node\_termination\_namespace](#input\_node\_termination\_namespace) | Namespace to deploy Node Termination Handler | `string` | `"kube-system"` | no |
| [node\_termination\_service\_account](#input\_node\_termination\_service\_account) | Service account for Node Termination Handler pods | `string` | `"node-termination-handler"` | no |
@@ -268,6 +278,7 @@ module "eks_essentials" {
| [rbac\_create](#input\_rbac\_create) | Create RBAC resources | `bool` | `true` | no |
| [replica\_count](#input\_replica\_count) | Number of controller replicas | `number` | `1` | no |
| [resolve\_conflicts\_on\_create](#input\_resolve\_conflicts\_on\_create) | value for resolve\_conflicts\_on\_create for aws\_eks\_addon resource | `string` | `"OVERWRITE"` | no |
+| [resolve\_conflicts\_on\_update](#input\_resolve\_conflicts\_on\_update) | value for resolve\_conflicts\_on\_update for aws\_eks\_addon resource | `string` | `"PRESERVE"` | no |
| [resources](#input\_resources) | Resources for pods | `any` | {
"limits": {
"cpu": "100m",
"memory": "300Mi"
},
"requests": {
"cpu": "100m",
"memory": "300Mi"
}
} | no |
| [security\_context](#input\_security\_context) | Configure pod security context | `map(string)` | `{}` | no |
| [service\_account\_annotations](#input\_service\_account\_annotations) | Service acocunt annotations | `map(string)` | `{}` | no |
@@ -289,6 +300,7 @@ module "eks_essentials" {
| [strategy](#input\_strategy) | Update strategy of deployment | `any` | {
"rollingUpdate": {
"maxSurge": 1,
"maxUnavailable": "50%"
},
"type": "RollingUpdate"
} | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [tolerations](#input\_tolerations) | Pod tolerations | `list(any)` | `[]` | no |
+| [validating\_webhook\_configuration](#input\_validating\_webhook\_configuration) | Validating webhook configuration | `any` | {
"namespcaceSelector": {
"matchExpressions": [
{
"key": "cert-manager.io/disable-validation",
"operator": "NotIn",
"values": [
"true"
]
}
]
}
} | no |
| [validating\_webhook\_configuration\_annotations](#input\_validating\_webhook\_configuration\_annotations) | Optional additional annotations to add to the webhook ValidatingWebhookConfiguration | `map(string)` | `{}` | no |
| [volume\_mounts](#input\_volume\_mounts) | Extra volume mounts for the container | `any` | `[]` | no |
| [volumes](#input\_volumes) | Extra volumes for the pod | `any` | `[]` | no |
diff --git a/modules/essentials/variables.tf b/modules/essentials/variables.tf
index 96b65824..71911555 100644
--- a/modules/essentials/variables.tf
+++ b/modules/essentials/variables.tf
@@ -583,7 +583,7 @@ variable "brupop_crd_release_name" {
variable "brupop_crd_chart_name" {
description = "Chart name for brupop CRD"
type = string
- default = "brupop/bottlerocket-shadow"
+ default = "bottlerocket-shadow"
}
variable "brupop_crd_chart_repository" {
@@ -613,7 +613,7 @@ variable "brupop_release_name" {
variable "brupop_chart_name" {
description = "Chart name for brupop"
type = string
- default = "brupop/bottlerocket-update-operator"
+ default = "bottlerocket-update-operator"
}
variable "brupop_chart_repository" {
diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 4ddce788..e691c1c1 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -64,6 +64,7 @@
| [karpenter\_namespace](#input\_karpenter\_namespace) | Namespace to deploy karpenter | `string` | `"kube-system"` | no |
| [karpenter\_nodeclasses](#input\_karpenter\_nodeclasses) | List of nodetemplate maps | list(object({
nodeclass_name = string
karpenter_subnet_selector_maps = list(map(any))
karpenter_security_group_selector_maps = list(map(any))
karpenter_ami_selector_maps = list(map(any))
karpenter_node_role = string
karpenter_node_tags_map = map(string)
karpenter_ami_family = string
karpenter_node_user_data = string
karpenter_node_metadata_options = map(any)
karpenter_block_device_mapping = list(object({
deviceName = string
ebs = object({
encrypted = bool
volumeSize = string
volumeType = string
kmsKeyID = optional(string)
deleteOnTermination = bool
})
}))
})) | [
{
"karpenter_ami_family": "Bottlerocket",
"karpenter_ami_selector_maps": [],
"karpenter_block_device_mapping": [],
"karpenter_node_metadata_options": {
"httpEndpoint": "enabled",
"httpProtocolIPv6": "disabled",
"httpPutResponseHopLimit": 1,
"httpTokens": "required"
},
"karpenter_node_role": "module.eks.worker_iam_role_name",
"karpenter_node_tags_map": {},
"karpenter_node_user_data": "",
"karpenter_security_group_selector_maps": [],
"karpenter_subnet_selector_maps": [],
"nodeclass_name": "default"
}
]
| no |
| [karpenter\_nodepools](#input\_karpenter\_nodepools) | List of Provisioner maps | list(object({
nodepool_name = string
nodeclass_name = string
karpenter_nodepool_node_labels = map(string)
karpenter_nodepool_annotations = map(string)
karpenter_nodepool_node_taints = list(map(string))
karpenter_nodepool_startup_taints = list(map(string))
karpenter_requirements = list(object({
key = string
operator = string
values = list(string)
})
)
karpenter_nodepool_disruption = object({
consolidation_policy = string
consolidate_after = optional(string)
expire_after = string
})
karpenter_nodepool_disruption_budgets = list(map(any))
karpenter_nodepool_weight = number
})) | [
{
"karpenter_nodepool_annotations": {},
"karpenter_nodepool_disruption": {
"consolidation_policy": "WhenUnderutilized",
"expire_after": "168h"
},
"karpenter_nodepool_disruption_budgets": [
{
"nodes": "10%"
}
],
"karpenter_nodepool_node_labels": {},
"karpenter_nodepool_node_taints": [],
"karpenter_nodepool_startup_taints": [],
"karpenter_nodepool_weight": 10,
"karpenter_requirements": [
{
"key": "karpenter.k8s.aws/instance-category",
"operator": "In",
"values": [
"m"
]
},
{
"key": "karpenter.k8s.aws/instance-cpu",
"operator": "In",
"values": [
"4,8,16"
]
},
{
"key": "karpenter.k8s.aws/instance-generation",
"operator": "Gt",
"values": [
"5"
]
},
{
"key": "karpenter.sh/capacity-type",
"operator": "In",
"values": [
"on-demand"
]
},
{
"key": "kubernetes.io/arch",
"operator": "In",
"values": [
"amd64"
]
},
{
"key": "kubernetes.io/os",
"operator": "In",
"values": [
"linux"
]
}
],
"nodeclass_name": "default",
"nodepool_name": "default"
}
]
| no |
+| [karpenter\_pod\_resources](#input\_karpenter\_pod\_resources) | Karpenter Pod Resource | object({
requests = object({
cpu = string
memory = string
})
limits = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "1",
"memory": "2Gi"
},
"requests": {
"cpu": "1",
"memory": "2Gi"
}
} | no |
| [karpenter\_release\_name](#input\_karpenter\_release\_name) | Release name for Karpenter | `string` | `"karpenter"` | no |
| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | ARN of the OIDC Provider for IRSA | `string` | n/a | yes |
| [subnet\_ids](#input\_subnet\_ids) | For Fargate subnet selection | `list(string)` | `[]` | no |