Merge pull request #22 from radiant-maxar/release-0.6.8

Release 0.6.8
radiant-maxar · Feb 27, 2024 · 348e01f · 348e01f
2 parents 9c76b3e + 6fd103b
commit 348e01f
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 31 deletions.
diff --git a/karpenter.tf b/karpenter.tf
@@ -1,16 +1,16 @@
 module "karpenter" {
-  # XXX: Switch source back to module once there is an official v20 release, refs
-  #      terraform-aws-modules/terraform-aws-eks#2858
-  count  = var.karpenter ? 1 : 0
-  source = "github.com/radiant-maxar/terraform-aws-eks//modules/karpenter?ref=v20.0.0-alpha"
-  # source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  # version = "20.x.x"
-  cluster_name                    = var.cluster_name
-  iam_role_additional_policies    = var.iam_role_additional_policies
-  iam_role_attach_cni_policy      = var.iam_role_attach_cni_policy
-  irsa_namespace_service_accounts = ["${var.karpenter_namespace}:karpenter"]
-  irsa_oidc_provider_arn          = module.eks.oidc_provider_arn
-  tags                            = var.tags
+  count   = var.karpenter ? 1 : 0
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "20.4.0"
+
+  cluster_name                      = var.cluster_name
+  create_access_entry               = false # re-evaluate when upgrading from v19.21.0
+  enable_irsa                       = true
+  irsa_namespace_service_accounts   = ["${var.karpenter_namespace}:karpenter"]
+  irsa_oidc_provider_arn            = module.eks.oidc_provider_arn
+  node_iam_role_additional_policies = var.iam_role_additional_policies
+  node_iam_role_attach_cni_policy   = var.iam_role_attach_cni_policy
+  tags                              = var.tags
 }
 
 resource "helm_release" "karpenter_crd" {
@@ -41,7 +41,7 @@ resource "helm_release" "karpenter" {
     yamlencode({
       serviceAccount = {
         annotations = {
-          "eks.amazonaws.com/role-arn" = module.karpenter[0].pod_identity_role_arn
+          "eks.amazonaws.com/role-arn" = module.karpenter[0].iam_role_arn
         }
       }
       settings = {

diff --git a/main.tf b/main.tf
@@ -104,7 +104,7 @@ module "eks" { # tfsec:ignore:aws-ec2-no-public-egress-sgr tfsec:ignore:aws-eks-
   cluster_security_group_additional_rules = var.cluster_security_group_additional_rules
 
   # aws-auth configmap
-  aws_auth_node_iam_role_arns_non_windows = var.karpenter ? [module.karpenter[0].role_arn] : []
+  aws_auth_node_iam_role_arns_non_windows = var.karpenter ? [module.karpenter[0].node_iam_role_arn] : []
   aws_auth_roles                          = local.aws_auth_roles
   manage_aws_auth_configmap               = true
 

diff --git a/outputs.tf b/outputs.tf
@@ -63,24 +63,24 @@ output "eks_managed_node_groups" {
   value       = module.eks.eks_managed_node_groups
 }
 
-output "karpenter_pod_identity_role_arn" {
-  description = "The Amazon Resource Name (ARN) specifying the Pod Identity IAM role"
-  value       = var.karpenter ? module.karpenter[0].pod_identity_role_arn : null
+output "karpenter_iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the controller IAM role"
+  value       = var.karpenter ? module.karpenter[0].iam_role_arn : null
 }
 
-output "karpenter_pod_identity_role_name" {
-  description = "The name of the Pod Identity IAM role"
-  value       = var.karpenter ? module.karpenter[0].pod_identity_role_name : null
+output "karpenter_iam_role_name" {
+  description = "The name of the controller IAM role"
+  value       = var.karpenter ? module.karpenter[0].iam_role_name : null
 }
 
-output "karpenter_role_arn" {
-  description = "The Amazon Resource Name (ARN) specifying the Karpenter IAM role"
-  value       = var.karpenter ? module.karpenter[0].role_arn : null
+output "karpenter_node_iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the node IAM role"
+  value       = var.karpenter ? module.karpenter[0].node_iam_role_arn : null
 }
 
-output "karpenter_role_name" {
-  description = "The name of the Karpenter IAM role"
-  value       = var.karpenter ? module.karpenter[0].role_name : null
+output "karpenter_node_iam_role_name" {
+  description = "The name of the node IAM role"
+  value       = var.karpenter ? module.karpenter[0].node_iam_role_name : null
 }
 
 output "kms_key_arn" {

diff --git a/variables.tf b/variables.tf
@@ -41,7 +41,7 @@ variable "cert_manager_values" {
 }
 
 variable "cert_manager_version" {
-  default     = "1.14.0"
+  default     = "1.14.3"
   description = "Version of cert-manager to install."
   type        = string
 }
@@ -176,7 +176,7 @@ variable "crossplane_wait" {
 }
 
 variable "crossplane_version" {
-  default     = "1.14.5"
+  default     = "1.15.0"
   description = "Version of Crossplane Helm chart to install."
   type        = string
 }
@@ -263,7 +263,7 @@ variable "efs_csi_driver_values" {
 }
 
 variable "efs_csi_driver_version" {
-  default     = "2.5.4"
+  default     = "2.5.5"
   description = "Version of the EFS CSI storage driver to install."
   type        = string
 }
@@ -360,7 +360,7 @@ variable "karpenter_values" {
 variable "karpenter_version" {
   description = "Version of Karpenter Helm chart to install on the EKS cluster."
   type        = string
-  default     = "0.33.2"
+  default     = "0.34.1"
 }
 
 variable "karpenter_wait" {
@@ -424,7 +424,7 @@ variable "lb_controller_values" {
 }
 
 variable "lb_controller_version" {
-  default     = "1.7.0"
+  default     = "1.7.1"
   description = "Version of the AWS Load Balancer Controller chart to install."
   type        = string
 }