diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 2b0235d4..ddff1e59 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,7 +5,7 @@ on:
jobs:
checkfmt:
name: Format
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
@@ -18,7 +18,7 @@ jobs:
validate:
name: Validate
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
@@ -31,7 +31,7 @@ jobs:
docs:
name: Docs
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
@@ -56,7 +56,7 @@ jobs:
lint:
name: Lint
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
diff --git a/aws/cluster/README.md b/aws/cluster/README.md
index 75b47e93..5988f064 100644
--- a/aws/cluster/README.md
+++ b/aws/cluster/README.md
@@ -100,7 +100,7 @@ module "cluster" {
| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
| [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |
| [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
-| [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | map(object({
instance_types = list(string),
max_size = number
min_size = number
})) | n/a | yes |
+| [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | map(object({
instance_types = list(string),
max_size = number
min_size = number
})) | n/a | yes |
| [tags](#input\_tags) | Tags to be applied to all created resources | `map(string)` | `{}` | no |
## Outputs
diff --git a/aws/cluster/modules/eks-cluster/README.md b/aws/cluster/modules/eks-cluster/README.md
index fead8565..7416effb 100644
--- a/aws/cluster/modules/eks-cluster/README.md
+++ b/aws/cluster/modules/eks-cluster/README.md
@@ -29,7 +29,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | [
"api",
"audit"
]
| no |
+| [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | [
"api",
"audit"
]
| no |
| [k8s\_version](#input\_k8s\_version) | Kubernetes version to deploy | `string` | n/a | yes |
| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
| [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |
diff --git a/aws/cluster/modules/eks-node-group/README.md b/aws/cluster/modules/eks-node-group/README.md
index 33f76c54..ca1eb46c 100644
--- a/aws/cluster/modules/eks-node-group/README.md
+++ b/aws/cluster/modules/eks-node-group/README.md
@@ -23,7 +23,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cluster](#input\_cluster) | Cluster which this node group should join | `object({ name = string })` | n/a | yes |
-| [instance\_types](#input\_instance\_types) | EC2 instance types allowed in this node group | `list(string)` | [
"t3.medium"
]
| no |
+| [instance\_types](#input\_instance\_types) | EC2 instance types allowed in this node group | `list(string)` | [
"t3.medium"
]
| no |
| [max\_size](#input\_max\_size) | Maximum number of nodes in this group | `number` | n/a | yes |
| [min\_size](#input\_min\_size) | Minimum number of nodes in this group | `number` | n/a | yes |
| [name](#input\_name) | Name for this EKS node group | `string` | n/a | yes |
diff --git a/aws/cluster/modules/k8s-oidc-provider/README.md b/aws/cluster/modules/k8s-oidc-provider/README.md
index 0feb398d..9bce6ee9 100644
--- a/aws/cluster/modules/k8s-oidc-provider/README.md
+++ b/aws/cluster/modules/k8s-oidc-provider/README.md
@@ -25,7 +25,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | object({
identity = list(object({ oidc = list(object({ issuer = string })) }))
}) | n/a | yes |
+| [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | object({
identity = list(object({ oidc = list(object({ issuer = string })) }))
}) | n/a | yes |
## Outputs
diff --git a/aws/network-data/README.md b/aws/network-data/README.md
index 50c118fb..9a3ea5ae 100644
--- a/aws/network-data/README.md
+++ b/aws/network-data/README.md
@@ -24,8 +24,8 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | {
"kubernetes.io/role/internal-elb": "1"
} | no |
-| [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | {
"kubernetes.io/role/elb": "1"
} | no |
+| [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | {
"kubernetes.io/role/internal-elb": "1"
} | no |
+| [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | {
"kubernetes.io/role/elb": "1"
} | no |
| [tags](#input\_tags) | Tags to identify all resources | `map(string)` | `{}` | no |
| [vpc\_tags](#input\_vpc\_tags) | Tags to identify the VPC | `map(string)` | `{}` | no |
diff --git a/aws/platform/README.md b/aws/platform/README.md
index ba9438fb..a2320cac 100644
--- a/aws/platform/README.md
+++ b/aws/platform/README.md
@@ -194,7 +194,7 @@ You can then use it to manually edit the aws-auth ConfigMap:
| [opsgenie\_parameter](#input\_opsgenie\_parameter) | SSM parameter containing the OpsGenie api key | `string` | `null` | no |
| [pagerduty\_parameter](#input\_pagerduty\_parameter) | SSM parameter containing the Pagerduty routing key | `string` | `null` | no |
| [prometheus\_adapter\_values](#input\_prometheus\_adapter\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
-| [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | object({
# The name of the Prometheus workspace for centralized injestion
name = string
# The Prometheus workspace host.
# A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`
host = string
# The Prometheus workspace query path.
# A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`
query_path = string
# The region for the Prometheus workspace created for centralized injestion path.
region = string
# The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion
role_arn = string
# The write path for the Prometheus workspace.
# A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`
write_path = string
# The url for the Prometheus workspace.
# A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`
url = string
}) | {
"host": null,
"name": null,
"query_path": null,
"region": null,
"role_arn": null,
"url": null,
"write_path": null
} | no |
+| [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | object({
# The name of the Prometheus workspace for centralized injestion
name = string
# The Prometheus workspace host.
# A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`
host = string
# The Prometheus workspace query path.
# A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`
query_path = string
# The region for the Prometheus workspace created for centralized injestion path.
region = string
# The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion
role_arn = string
# The write path for the Prometheus workspace.
# A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`
write_path = string
# The url for the Prometheus workspace.
# A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`
url = string
}) | {
"host": null,
"name": null,
"query_path": null,
"region": null,
"role_arn": null,
"url": null,
"write_path": null
} | no |
| [prometheus\_operator\_values](#input\_prometheus\_operator\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
| [reloader\_values](#input\_reloader\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
| [reloader\_version](#input\_reloader\_version) | Version of external-dns to install | `string` | `null` | no |
diff --git a/aws/platform/main.tf b/aws/platform/main.tf
index a19423f3..20e7caf4 100644
--- a/aws/platform/main.tf
+++ b/aws/platform/main.tf
@@ -77,6 +77,7 @@ module "aws_load_balancer_controller" {
k8s_namespace = var.k8s_namespace
oidc_issuer = data.aws_ssm_parameter.oidc_issuer.value
vpc_cidr_block = module.network.vpc.cidr_block
+ vpc_id = module.network.vpc.id
depends_on = [module.common_platform]
}
diff --git a/aws/platform/modules/load-balancer-controller/README.md b/aws/platform/modules/load-balancer-controller/README.md
index b3b3ab84..26cb3030 100644
--- a/aws/platform/modules/load-balancer-controller/README.md
+++ b/aws/platform/modules/load-balancer-controller/README.md
@@ -36,6 +36,7 @@ target group bound to the Istio ingress gateway service.
| [helm_release.ingress_config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb_target_group) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
@@ -53,4 +54,5 @@ target group bound to the Istio ingress gateway service.
| [oidc\_issuer](#input\_oidc\_issuer) | OIDC issuer of the Kubernetes cluster | `string` | n/a | yes |
| [target\_group\_name](#input\_target\_group\_name) | Override the name of the target group for this cluster | `string` | `null` | no |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR block for the AWS VPC in which the load balancer runs | `string` | n/a | yes |
+| [vpc\_id](#input\_vpc\_id) | The VPC ID for the Kubernetes cluster. | `string` | n/a | yes |
\ No newline at end of file
diff --git a/aws/platform/modules/load-balancer-controller/main.tf b/aws/platform/modules/load-balancer-controller/main.tf
index 77b69937..a337b4d5 100644
--- a/aws/platform/modules/load-balancer-controller/main.tf
+++ b/aws/platform/modules/load-balancer-controller/main.tf
@@ -76,6 +76,8 @@ resource "aws_iam_role_policy_attachment" "this" {
policy_arn = aws_iam_policy.this.arn
}
+data "aws_region" "current" {}
+
locals {
chart_defaults = jsondecode(file("${path.module}/chart.json"))
@@ -90,6 +92,8 @@ locals {
"eks.amazonaws.com/role-arn" = module.service_account_role.arn
}
}
+ region = data.aws_region.current.name
+ vpcId = var.vpc_id
})
]
}
diff --git a/aws/platform/modules/load-balancer-controller/variables.tf b/aws/platform/modules/load-balancer-controller/variables.tf
index 2a6e9402..ecb824f2 100644
--- a/aws/platform/modules/load-balancer-controller/variables.tf
+++ b/aws/platform/modules/load-balancer-controller/variables.tf
@@ -66,3 +66,8 @@ variable "vpc_cidr_block" {
type = string
description = "CIDR block for the AWS VPC in which the load balancer runs"
}
+
+variable "vpc_id" {
+ type = string
+ description = "The VPC ID for the Kubernetes cluster."
+}
diff --git a/charts.json b/charts.json
index 842228d5..2d616ec5 100644
--- a/charts.json
+++ b/charts.json
@@ -7,7 +7,7 @@
"cert-manager": {
"chart": "cert-manager",
"repository": "https://charts.jetstack.io",
- "version": "v1.10.1"
+ "version": "v1.12.13"
},
"cluster-autoscaler": {
"chart": "cluster-autoscaler",
@@ -27,17 +27,17 @@
"istio-base": {
"chart": "base",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
},
"istiod": {
"chart": "istiod",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
},
"istio-ingress": {
"chart": "gateway",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
},
"load-balancer-controller": {
"chart": "aws-load-balancer-controller",
diff --git a/platform/modules/cert-manager/chart.json b/platform/modules/cert-manager/chart.json
index add823fe..cc0e1dd9 100644
--- a/platform/modules/cert-manager/chart.json
+++ b/platform/modules/cert-manager/chart.json
@@ -1,5 +1,5 @@
{
"chart": "cert-manager",
"repository": "https://charts.jetstack.io",
- "version": "v1.10.1"
+ "version": "v1.12.13"
}
diff --git a/platform/modules/istio-base/chart.json b/platform/modules/istio-base/chart.json
index 698313ac..76f20208 100644
--- a/platform/modules/istio-base/chart.json
+++ b/platform/modules/istio-base/chart.json
@@ -1,5 +1,5 @@
{
"chart": "base",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
}
diff --git a/platform/modules/istio-ingress/chart.json b/platform/modules/istio-ingress/chart.json
index 36027bcd..1aaa6856 100644
--- a/platform/modules/istio-ingress/chart.json
+++ b/platform/modules/istio-ingress/chart.json
@@ -1,5 +1,5 @@
{
"chart": "gateway",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
}
diff --git a/platform/modules/istiod/chart.json b/platform/modules/istiod/chart.json
index 694ca5ff..160ce918 100644
--- a/platform/modules/istiod/chart.json
+++ b/platform/modules/istiod/chart.json
@@ -1,5 +1,5 @@
{
"chart": "istiod",
"repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
}