Merge pull request #339 from cookpad/pg/1.24

Upgrade k8s to 1.24

.github/actions/terratest/Dockerfile

@@ -2,8 +2,8 @@ FROM golang:1.19-alpine3.16
 
 WORKDIR /
 
-ARG TERRAFORM_VERSION=1.2.7
-ARG KUBECTL_VERSION=1.23.7
+ARG TERRAFORM_VERSION=1.2.9
+ARG KUBECTL_VERSION=1.24.12
 
 RUN apk add --no-cache \
       bash \

UPGRADING.md

@@ -6,6 +6,10 @@
 * After upgrading the terraform module, remember to follow the [roll nodes](docs/roll_nodes.md) procedure to roll out upgraded nodes to your cluster.
 * If providing custom `configuration_values` for any EKS addons, check for compatibility with the upgraded EKS addon version, using `aws eks describe-addon-configuration`. You can find the EKS addon versions in [addons.tf](modules/cluster/addons.tf)
 
+## 1.23 -> 1.24
+ * Dockershim support is removed. Make sure none of your workload requires Docker functions specifically. Read more [here](https://docs.aws.amazon.com/eks/latest/userguide/dockershim-deprecation.html).
+ * IPv6 is enabled for pods by default. Check your multi-container pods, make sure they can bid to all loopback interfaces IP address (IPv6 is the default for communication).
+
 ## 1.22 -> 1.23
  * [324](https://github.com/cookpad/terraform-aws-eks/pull/324) EBS CSI driver is now non-optional. Check your cluster module's `aws_ebs_csi_driver` variable. Refer to [this AWS FAQ](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi-migration-faq.html).
 

hack/generate_addons.sh

@@ -11,4 +11,4 @@ helm_template() {
   helm template --no-hooks --namespace=kube-system --version $3 -f $ADDONS_DIR/helm/$2.yaml $2 $1/$2${4:-} | grep -v Helm > $ADDONS_DIR/$2.yaml
 }
 
-helm_template autoscaler cluster-autoscaler 9.19.3
+helm_template autoscaler cluster-autoscaler 9.27.0

modules/asg_node_group/main.tf

@@ -1,5 +1,5 @@
 locals {
-  k8s_version = "1.23"
+  k8s_version = "1.24"
   preset_instance_families = {
     x86_64__memory_optimized  = ["r5", "r5d", "r5n", "r5dn", "r5a", "r5ad"]
     x86_64__general_purpose   = ["m5", "m5d", "m5n", "m5dn", "m5a", "m5ad"]

modules/cluster/addons.tf

@@ -42,23 +42,23 @@ eks describe-addon-configuration --addon-name <addon-name> --addon-version <addo
 resource "aws_eks_addon" "vpc-cni" {
   cluster_name         = local.config.name
   addon_name           = "vpc-cni"
-  addon_version        = "v1.11.2-eksbuild.1"
+  addon_version        = "v1.12.6-eksbuild.2"
   resolve_conflicts    = "OVERWRITE"
   configuration_values = var.critical_addons_vpc-cni_configuration_values
 }
 
 resource "aws_eks_addon" "kube-proxy" {
   cluster_name         = local.config.name
   addon_name           = "kube-proxy"
-  addon_version        = "v1.23.7-eksbuild.1"
+  addon_version        = "v1.24.10-eksbuild.2"
   resolve_conflicts    = "OVERWRITE"
   configuration_values = var.critical_addons_kube-proxy_configuration_values
 }
 
 resource "aws_eks_addon" "coredns" {
   cluster_name         = local.config.name
   addon_name           = "coredns"
-  addon_version        = "v1.8.7-eksbuild.2"
+  addon_version        = "v1.9.3-eksbuild.3"
   resolve_conflicts    = "OVERWRITE"
   configuration_values = var.critical_addons_coredns_configuration_values
   depends_on = [
@@ -70,7 +70,7 @@ resource "aws_eks_addon" "ebs-csi" {
   count                    = 1
   cluster_name             = local.config.name
   addon_name               = "aws-ebs-csi-driver"
-  addon_version            = "v1.10.0-eksbuild.1"
+  addon_version            = "v1.18.0-eksbuild.1"
   service_account_role_arn = local.aws_ebs_csi_driver_iam_role_arn
   resolve_conflicts        = "OVERWRITE"
   configuration_values     = var.critical_addons_ebs-csi_configuration_values

modules/cluster/addons/cluster-autoscaler.yaml

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
 spec:
   # Prevents running in privileged mode
   privileged: false
@@ -50,7 +50,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
 spec:
@@ -68,7 +68,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
   annotations: 
@@ -83,7 +83,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
 rules:
   - apiGroups:
@@ -232,7 +232,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -250,7 +250,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
 rules:
@@ -278,7 +278,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
 roleRef:
@@ -297,7 +297,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
 spec:
@@ -320,7 +320,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: "cluster-autoscaler"
     app.kubernetes.io/name: "aws-cluster-autoscaler"
-    helm.sh/chart: "cluster-autoscaler-9.19.3"
+    helm.sh/chart: "cluster-autoscaler-9.27.0"
   name: cluster-autoscaler
   namespace: kube-system
 spec:
@@ -339,7 +339,7 @@ spec:
       dnsPolicy: "ClusterFirst"
       containers:
         - name: aws-cluster-autoscaler
-          image: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1"
+          image: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.24.0"
           imagePullPolicy: "IfNotPresent"
           command:
             - ./cluster-autoscaler

modules/cluster/addons/helm/cluster-autoscaler.yaml

@@ -22,7 +22,7 @@ extraArgs:
   balance-similar-node-groups: true
 image:
   repository: registry.k8s.io/autoscaling/cluster-autoscaler
-  tag: v1.23.1
+  tag: v1.24.0
 fullnameOverride: cluster-autoscaler
 nameOverride: aws-cluster-autoscaler
 resources:

modules/cluster/cluster_autoscaler_iam.tf

@@ -38,6 +38,9 @@ data "aws_iam_policy_document" "cluster_autoscaler_policy" {
       "autoscaling:DescribeTags",
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeLaunchTemplateVersions",
+      "eks:DescribeNodegroup",
     ]
     resources = ["*"] #tfsec:ignore:AWS099
   }

modules/cluster/main.tf

@@ -6,7 +6,7 @@ data "aws_iam_role" "service_role" {
   name = var.iam_config.service_role
 }
 locals {
-  k8s_version = "1.23"
+  k8s_version = "1.24"
 }
 
 resource "aws_eks_cluster" "control_plane" {