From 540a6bb0b1de044b99fce2a1e224d1b7a4dbd707 Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 09:46:45 -0600 Subject: [PATCH 1/7] Actually use `kms_key_aliases` variable. --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 9109fad..3d4dfab 100644 --- a/main.tf +++ b/main.tf @@ -93,6 +93,7 @@ module "eks" { # tfsec:ignore:aws-ec2-no-public-egress-sgr tfsec:ignore:aws-eks- create_kms_key = var.kms_manage ? false : true enable_kms_key_rotation = var.kms_key_enable_rotation kms_key_administrators = var.kms_key_administrators + kms_key_aliases = var.kms_key_aliases kms_key_deletion_window_in_days = var.kms_key_deletion_window_in_days kms_key_enable_default_policy = var.kms_key_enable_default_policy kms_key_owners = var.kms_key_owners From 84ff05467d0f7ce9c59376f3be4ed598a0f9cddc Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 09:48:41 -0600 Subject: [PATCH 2/7] Upgrade `terraform-aws-iam` module version to at least 5.39.0. --- cert-manager.tf | 2 +- crossplane.tf | 2 +- ebs-csi.tf | 2 +- efs-csi.tf | 2 +- lb-controller.tf | 2 +- s3-csi.tf | 2 +- vpc-cni.tf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cert-manager.tf b/cert-manager.tf index 56755bd..b6ff6c2 100644 --- a/cert-manager.tf +++ b/cert-manager.tf @@ -92,7 +92,7 @@ locals { module "cert_manager_irsa" { count = var.cert_manager ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-cert-manager-role" diff --git a/crossplane.tf b/crossplane.tf index d4e3189..9d65f88 100644 --- a/crossplane.tf +++ b/crossplane.tf @@ -2,7 +2,7 @@ module "crossplane_irsa" { count = var.crossplane && var.crossplane_irsa ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-crossplane-role" diff --git a/ebs-csi.tf b/ebs-csi.tf index 6ad188f..70ac07d 100644 --- a/ebs-csi.tf +++ b/ebs-csi.tf @@ -4,7 +4,7 @@ module "eks_ebs_csi_driver_irsa" { count = var.ebs_csi_driver ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-ebs-csi-role" attach_ebs_csi_policy = true diff --git a/efs-csi.tf b/efs-csi.tf index 23a9c42..2871d54 100644 --- a/efs-csi.tf +++ b/efs-csi.tf @@ -25,7 +25,7 @@ resource "aws_efs_mount_target" "eks_efs_private" { module "eks_efs_csi_driver_irsa" { count = var.efs_csi_driver ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-efs-csi-driver-role" diff --git a/lb-controller.tf b/lb-controller.tf index d60e8c6..a502fb6 100644 --- a/lb-controller.tf +++ b/lb-controller.tf @@ -4,7 +4,7 @@ module "eks_lb_irsa" { count = var.lb_controller ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-lb-role" attach_load_balancer_controller_policy = true diff --git a/s3-csi.tf b/s3-csi.tf index 177d591..01a20a6 100644 --- a/s3-csi.tf +++ b/s3-csi.tf @@ -6,7 +6,7 @@ module "eks_s3_csi_driver_irsa" { count = var.s3_csi_driver ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-s3-csi-driver-role" diff --git a/vpc-cni.tf b/vpc-cni.tf index 3fc27e0..5122ad3 100644 --- a/vpc-cni.tf +++ b/vpc-cni.tf @@ -2,7 +2,7 @@ module "eks_vpc_cni_irsa" { count = var.vpc_cni ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.37.1" + version = "~> 5.39.0" role_name = "${var.cluster_name}-vpc-cni-role" From 07fad36f62efb186884fc802294ca8dc2a121068 Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 09:57:22 -0600 Subject: [PATCH 3/7] Upgrade Crossplane version to 1.15.2. --- variables.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/variables.tf b/variables.tf index df4dd3f..fd696e4 100644 --- a/variables.tf +++ b/variables.tf @@ -199,18 +199,18 @@ variable "crossplane_values" { default = {} } +variable "crossplane_version" { + default = "1.15.2" + description = "Version of Crossplane Helm chart to install." + type = string +} + variable "crossplane_wait" { description = "Wait for the Crossplane Helm chart installation to complete." type = bool default = true } -variable "crossplane_version" { - default = "1.15.1" - description = "Version of Crossplane Helm chart to install." - type = string -} - # The ECR repository is not the same for every region, in particular # those for govcloud: # https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html From d5982b2d539ed0e1e3612c68d12038e54a12920d Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 09:57:44 -0600 Subject: [PATCH 4/7] Upgrade Karpenter version to 0.36.0. --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index fd696e4..41f2560 100644 --- a/variables.tf +++ b/variables.tf @@ -420,7 +420,7 @@ variable "karpenter_values" { variable "karpenter_version" { description = "Version of Karpenter Helm chart to install on the EKS cluster." type = string - default = "0.35.2" + default = "0.36.0" } variable "karpenter_wait" { From f157d5c25cf4c4254d48aec67db9c4ba7d160b01 Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 09:58:21 -0600 Subject: [PATCH 5/7] Upgrade EFS CSI driver chart version to 2.5.7. --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 41f2560..e16a15f 100644 --- a/variables.tf +++ b/variables.tf @@ -305,7 +305,7 @@ variable "efs_csi_driver_values" { } variable "efs_csi_driver_version" { - default = "2.5.6" + default = "2.5.7" description = "Version of the EFS CSI storage driver to install." type = string } From 552ae930c3c69cc76e4b4f943304aeeca5a49731 Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Fri, 12 Apr 2024 10:23:59 -0600 Subject: [PATCH 6/7] Upgrade AWS EKS module to at least 20.8.5. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 3d4dfab..5187572 100644 --- a/main.tf +++ b/main.tf @@ -18,7 +18,7 @@ locals { # EKS Cluster module "eks" { # tfsec:ignore:aws-ec2-no-public-egress-sgr tfsec:ignore:aws-eks-no-public-cluster-access tfsec:ignore:aws-eks-no-public-cluster-access-to-cidr source = "terraform-aws-modules/eks/aws" - version = "~> 20.8.4" + version = "~> 20.8.5" cluster_name = var.cluster_name cluster_version = var.kubernetes_version From f4182deb45d9ca6fd91c0845ef2d2d8578a62e10 Mon Sep 17 00:00:00 2001 From: Justin Bronn Date: Tue, 16 Apr 2024 14:06:44 -0600 Subject: [PATCH 7/7] Upgrae Karpenter module to at least 20.8.5 too. --- karpenter.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/karpenter.tf b/karpenter.tf index fedb3a8..8be4a85 100644 --- a/karpenter.tf +++ b/karpenter.tf @@ -1,7 +1,7 @@ module "karpenter" { count = var.karpenter ? 1 : 0 source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "~> 20.8.4" + version = "~> 20.8.5" cluster_name = var.cluster_name enable_irsa = true