From a6b5658cb2fb35b5d2e10f98526c9f0461628939 Mon Sep 17 00:00:00 2001 From: Olamide <65307752+OlamideOl1@users.noreply.github.com> Date: Mon, 23 Sep 2024 12:40:18 +0100 Subject: [PATCH] Helm charts updates (#206) * Updating helm charts * Updating modules * Pass in vpc id and region to aws load balancer module * Update github workflow runner version --------- Co-authored-by: William Co-authored-by: Olamide Co-authored-by: github-actions[bot] --- .github/workflows/ci.yaml | 8 ++++---- aws/cluster/modules/k8s-oidc-provider/README.md | 2 +- aws/network-data/README.md | 4 ++-- aws/platform/README.md | 2 +- aws/platform/main.tf | 1 + aws/platform/modules/load-balancer-controller/README.md | 2 ++ aws/platform/modules/load-balancer-controller/main.tf | 4 ++++ .../modules/load-balancer-controller/variables.tf | 5 +++++ charts.json | 8 ++++---- platform/modules/cert-manager/chart.json | 2 +- platform/modules/istio-base/chart.json | 2 +- platform/modules/istio-ingress/chart.json | 2 +- platform/modules/istiod/chart.json | 2 +- 13 files changed, 28 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4baf6d5e..3e9125b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,7 +5,7 @@ on: jobs: checkfmt: name: Format - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@v4 @@ -18,7 +18,7 @@ jobs: validate: name: Validate - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@v4 @@ -31,7 +31,7 @@ jobs: docs: name: Docs - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@v4 @@ -56,7 +56,7 @@ jobs: lint: name: Lint - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/aws/cluster/modules/k8s-oidc-provider/README.md b/aws/cluster/modules/k8s-oidc-provider/README.md index b29ae148..010f71b2 100644 --- a/aws/cluster/modules/k8s-oidc-provider/README.md +++ b/aws/cluster/modules/k8s-oidc-provider/README.md @@ -25,7 +25,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | 
object({
    identity = list(object({ oidc = list(object({ issuer = string })) }))
  })
| n/a | yes | +| [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | 
object({
    identity = list(object({ oidc = list(object({ issuer = string })) }))
  })
| n/a | yes | ## Outputs diff --git a/aws/network-data/README.md b/aws/network-data/README.md index d5aa2afa..0451ce94 100644 --- a/aws/network-data/README.md +++ b/aws/network-data/README.md @@ -24,8 +24,8 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | 
{
  "kubernetes.io/role/internal-elb": "1"
}
| no | -| [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | 
{
  "kubernetes.io/role/elb": "1"
}
| no | +| [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | 
{
  "kubernetes.io/role/internal-elb": "1"
}
| no | +| [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | 
{
  "kubernetes.io/role/elb": "1"
}
| no | | [tags](#input\_tags) | Tags to identify all resources | `map(string)` | `{}` | no | | [vpc\_tags](#input\_vpc\_tags) | Tags to identify the VPC | `map(string)` | `{}` | no | diff --git a/aws/platform/README.md b/aws/platform/README.md index 633a1d25..427f3bae 100644 --- a/aws/platform/README.md +++ b/aws/platform/README.md @@ -197,7 +197,7 @@ You can then use it to manually edit the aws-auth ConfigMap: | [opsgenie\_parameter](#input\_opsgenie\_parameter) | SSM parameter containing the OpsGenie api key | `string` | `null` | no | | [pagerduty\_parameter](#input\_pagerduty\_parameter) | SSM parameter containing the Pagerduty routing key | `string` | `null` | no | | [prometheus\_adapter\_values](#input\_prometheus\_adapter\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no | -| [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | 
object({
    # The name of the Prometheus workspace for centralized injestion
    name = string

    # The Prometheus workspace host. 
    # A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`
    host = string

    # The Prometheus workspace query path. 
    # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`
    query_path = string

    # The region for the Prometheus workspace created for centralized injestion path.
    region = string

    # The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion 
    role_arn = string

    # The write path for the Prometheus workspace. 
    # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`
    write_path = string

    # The url for the Prometheus workspace. 
    # A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`
    url = string
  })
| 
{
  "host": null,
  "name": null,
  "query_path": null,
  "region": null,
  "role_arn": null,
  "url": null,
  "write_path": null
}
| no | +| [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | 
object({
    # The name of the Prometheus workspace for centralized injestion
    name = string

    # The Prometheus workspace host. 
    # A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`
    host = string

    # The Prometheus workspace query path. 
    # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`
    query_path = string

    # The region for the Prometheus workspace created for centralized injestion path.
    region = string

    # The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion 
    role_arn = string

    # The write path for the Prometheus workspace. 
    # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`
    write_path = string

    # The url for the Prometheus workspace. 
    # A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`
    url = string
  })
| 
{
  "host": null,
  "name": null,
  "query_path": null,
  "region": null,
  "role_arn": null,
  "url": null,
  "write_path": null
}
| no | | [prometheus\_operator\_values](#input\_prometheus\_operator\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no | | [reloader\_values](#input\_reloader\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no | | [reloader\_version](#input\_reloader\_version) | Version of external-dns to install | `string` | `null` | no | diff --git a/aws/platform/main.tf b/aws/platform/main.tf index ea4ccce0..74b8c619 100644 --- a/aws/platform/main.tf +++ b/aws/platform/main.tf @@ -77,6 +77,7 @@ module "aws_load_balancer_controller" { k8s_namespace = var.k8s_namespace oidc_issuer = data.aws_ssm_parameter.oidc_issuer.value vpc_cidr_block = module.network.vpc.cidr_block + vpc_id = module.network.vpc.id depends_on = [module.common_platform] } diff --git a/aws/platform/modules/load-balancer-controller/README.md b/aws/platform/modules/load-balancer-controller/README.md index 858f7c88..8d7df858 100644 --- a/aws/platform/modules/load-balancer-controller/README.md +++ b/aws/platform/modules/load-balancer-controller/README.md @@ -36,6 +36,7 @@ target group bound to the Istio ingress gateway service. | [helm_release.ingress_config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb_target_group) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs @@ -53,4 +54,5 @@ target group bound to the Istio ingress gateway service. | [oidc\_issuer](#input\_oidc\_issuer) | OIDC issuer of the Kubernetes cluster | `string` | n/a | yes | | [target\_group\_name](#input\_target\_group\_name) | Override the name of the target group for this cluster | `string` | `null` | no | | [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR block for the AWS VPC in which the load balancer runs | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The VPC ID for the Kubernetes cluster. | `string` | n/a | yes | \ No newline at end of file diff --git a/aws/platform/modules/load-balancer-controller/main.tf b/aws/platform/modules/load-balancer-controller/main.tf index 77b69937..a337b4d5 100644 --- a/aws/platform/modules/load-balancer-controller/main.tf +++ b/aws/platform/modules/load-balancer-controller/main.tf @@ -76,6 +76,8 @@ resource "aws_iam_role_policy_attachment" "this" { policy_arn = aws_iam_policy.this.arn } +data "aws_region" "current" {} + locals { chart_defaults = jsondecode(file("${path.module}/chart.json")) @@ -90,6 +92,8 @@ locals { "eks.amazonaws.com/role-arn" = module.service_account_role.arn } } + region = data.aws_region.current.name + vpcId = var.vpc_id }) ] } diff --git a/aws/platform/modules/load-balancer-controller/variables.tf b/aws/platform/modules/load-balancer-controller/variables.tf index 2a6e9402..ecb824f2 100644 --- a/aws/platform/modules/load-balancer-controller/variables.tf +++ b/aws/platform/modules/load-balancer-controller/variables.tf @@ -66,3 +66,8 @@ variable "vpc_cidr_block" { type = string description = "CIDR block for the AWS VPC in which the load balancer runs" } + +variable "vpc_id" { + type = string + description = "The VPC ID for the Kubernetes cluster." +} diff --git a/charts.json b/charts.json index 77fbb8d6..a5baca25 100644 --- a/charts.json +++ b/charts.json @@ -7,7 +7,7 @@ "cert-manager": { "chart": "cert-manager", "repository": "https://charts.jetstack.io", - "version": "v1.10.1" + "version": "v1.12.13" }, "cluster-autoscaler": { "chart": "cluster-autoscaler", @@ -27,17 +27,17 @@ "istio-base": { "chart": "base", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" }, "istiod": { "chart": "istiod", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" }, "istio-ingress": { "chart": "gateway", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" }, "load-balancer-controller": { "chart": "aws-load-balancer-controller", diff --git a/platform/modules/cert-manager/chart.json b/platform/modules/cert-manager/chart.json index add823fe..cc0e1dd9 100644 --- a/platform/modules/cert-manager/chart.json +++ b/platform/modules/cert-manager/chart.json @@ -1,5 +1,5 @@ { "chart": "cert-manager", "repository": "https://charts.jetstack.io", - "version": "v1.10.1" + "version": "v1.12.13" } diff --git a/platform/modules/istio-base/chart.json b/platform/modules/istio-base/chart.json index 991d6904..76f20208 100644 --- a/platform/modules/istio-base/chart.json +++ b/platform/modules/istio-base/chart.json @@ -1,5 +1,5 @@ { "chart": "base", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" } diff --git a/platform/modules/istio-ingress/chart.json b/platform/modules/istio-ingress/chart.json index 89e6b809..1aaa6856 100644 --- a/platform/modules/istio-ingress/chart.json +++ b/platform/modules/istio-ingress/chart.json @@ -1,5 +1,5 @@ { "chart": "gateway", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" } diff --git a/platform/modules/istiod/chart.json b/platform/modules/istiod/chart.json index 863c150c..160ce918 100644 --- a/platform/modules/istiod/chart.json +++ b/platform/modules/istiod/chart.json @@ -1,5 +1,5 @@ { "chart": "istiod", "repository": "https://istio-release.storage.googleapis.com/charts", - "version": "1.16.1" + "version": "1.23.0" }