SPHTech-Platform · thepoppingone · Jul 26, 2023 · Jul 24, 2023 · Jul 24, 2023 · Jul 24, 2023
diff --git a/README.md b/README.md
@@ -198,22 +198,22 @@ module "karpenter" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.11.2 |
-| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.10.0 |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.15.0 |
 | <a name="module_fargate_profiles"></a> [fargate\_profiles](#module\_fargate\_profiles) | ./modules/fargate_profile | n/a |
 | <a name="module_kms_ebs"></a> [kms\_ebs](#module\_kms\_ebs) | SPHTech-Platform/kms/aws | ~> 0.1.0 |
 | <a name="module_kms_secret"></a> [kms\_secret](#module\_kms\_secret) | SPHTech-Platform/kms/aws | ~> 0.1.0 |
@@ -279,7 +279,6 @@ module "karpenter" {
 | <a name="input_default_group_volume_size"></a> [default\_group\_volume\_size](#input\_default\_group\_volume\_size) | Size of the persistentence volume for the default group | `number` | `50` | no |
 | <a name="input_eks_managed_node_group_defaults"></a> [eks\_managed\_node\_group\_defaults](#input\_eks\_managed\_node\_group\_defaults) | Map of EKS managed node group default configurations | `any` | <pre>{<br> "create_iam_role": false,<br> "disk_size": 50,<br> "ebs_optimized": true,<br> "enable_monitoring": true,<br> "metadata_options": {<br> "http_endpoint": "enabled",<br> "http_put_response_hop_limit": 1,<br> "http_tokens": "required",<br> "instance_metadata_tags": "disabled"<br> },<br> "protect_from_scale_in": false,<br> "update_launch_template_default_version": true<br>}</pre> | no |
 | <a name="input_eks_managed_node_groups"></a> [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | Map of EKS managed node group definitions to create | `any` | `{}` | no |
-| <a name="input_enable_adot_operator_addon"></a> [enable\_adot\_operator\_addon](#input\_enable\_adot\_operator\_addon) | If true, will install the Opentelemetry operator addon | `bool` | `false` | no |
 | <a name="input_enable_cluster_windows_support"></a> [enable\_cluster\_windows\_support](#input\_enable\_cluster\_windows\_support) | Determines whether to create the amazon-vpc-cni configmap and windows worker roles into aws-auth. | `bool` | `false` | no |
 | <a name="input_fargate_cluster"></a> [fargate\_cluster](#input\_fargate\_cluster) | Whether to create eks cluster with fargate mode. If true, default node group also will be fargate, otherwise managed | `bool` | `false` | no |
 | <a name="input_fargate_profile_defaults"></a> [fargate\_profile\_defaults](#input\_fargate\_profile\_defaults) | Map of Fargate Profile default configurations | `any` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -8,20 +8,14 @@ locals {
  )
  ) : var.aws_auth_fargate_profile_pod_execution_role_arns
 
- adot_addon = var.enable_adot_operator_addon ? {
- adot = {
- most_recent = true
- preserve = true
- }
- } : {}
 }
 #tfsec:ignore:aws-eks-no-public-cluster-access-to-cidr
 #tfsec:ignore:aws-eks-no-public-cluster-access
 #tfsec:ignore:aws-ec2-no-public-egress-sgr
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
  source = "terraform-aws-modules/eks/aws"
- version = "~> 19.10.0"
+ version = "~> 19.15.0"
 
  cluster_name = var.cluster_name
  cluster_version = var.cluster_version
@@ -41,15 +35,15 @@ module "eks" {
  cluster_security_group_name = coalesce(var.cluster_security_group_name, var.cluster_name)
  cluster_security_group_description = "EKS Cluster ${var.cluster_name} Master"
  cluster_security_group_additional_rules = merge(
- var.create_cluster_security_group ?
+ var.create_cluster_security_group && var.create_node_security_group ?
  {
  egress_nodes_ephemeral_ports_tcp = {
  description = "To node 1025-65535"
  protocol = "tcp"
  from_port = 1025
  to_port = 65535
  type = "egress"
- source_node_security_group = true
+ source_node_security_group = var.create_node_security_group
  }
  } : {}
  , var.cluster_security_group_additional_rules)
@@ -134,7 +128,6 @@ module "eks" {
  reserve = true
  }
  },
- local.adot_addon,
  var.cluster_addons,
  )
 

diff --git a/modules/eks_managed_nodes/README.md b/modules/eks_managed_nodes/README.md
@@ -4,19 +4,19 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | terraform-aws-modules/eks/aws//modules/eks-managed-node-group | ~> 19.10.0 |
+| <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | terraform-aws-modules/eks/aws//modules/eks-managed-node-group | ~> 19.15.0 |
 
 ## Resources
 

diff --git a/modules/eks_managed_nodes/main.tf b/modules/eks_managed_nodes/main.tf
@@ -53,7 +53,7 @@ locals {
 ################################################################################
 module "eks_managed_node_group" {
  source = "terraform-aws-modules/eks/aws//modules/eks-managed-node-group"
- version = "~> 19.10.0"
+ version = "~> 19.15.0"
 
  for_each = local.eks_managed_node_groups
 

diff --git a/modules/eks_managed_nodes/versions.tf b/modules/eks_managed_nodes/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  }
 }
diff --git a/modules/essentials/README.md b/modules/essentials/README.md
@@ -63,15 +63,15 @@ module "eks_essentials" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.7 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.7 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
 
@@ -95,6 +95,7 @@ module "eks_essentials" {
 | [aws_cloudwatch_event_target.node_termination_handler_spot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.aws_for_fluent_bit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_ecr_pull_through_cache_rule.cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_pull_through_cache_rule) | resource |
+| [aws_eks_addon.adot_operator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_policy.ecr_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.fluent_bit_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role_policy_attachment.worker_ecr_pullthrough](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
@@ -194,6 +195,7 @@ module "eks_essentials" {
 | <a name="input_ecr_pull_through_cache_rules"></a> [ecr\_pull\_through\_cache\_rules](#input\_ecr\_pull\_through\_cache\_rules) | ECR Pull Through Cache Rules | <pre>map(object({<br> registry = string<br> prefix = string<br> }))</pre> | <pre>{<br> "aws_public": {<br> "prefix": "public.ecr.aws",<br> "registry": "public.ecr.aws"<br> },<br> "kubernetes": {<br> "prefix": "registry.k8s.io",<br> "registry": "registry.k8s.io"<br> },<br> "quay": {<br> "prefix": "quay.io",<br> "registry": "quay.io"<br> }<br>}</pre> | no |
 | <a name="input_extra_args"></a> [extra\_args](#input\_extra\_args) | Extra arguments | `list(any)` | `[]` | no |
 | <a name="input_extra_env"></a> [extra\_env](#input\_extra\_env) | Extra environment variables | `list(any)` | `[]` | no |
+| <a name="input_fargate_mix_node_groups"></a> [fargate\_mix\_node\_groups](#input\_fargate\_mix\_node\_groups) | Deploying mix workloads as in EKS Manage Node Groups and Fragate Node Groups, set this to TRUE | `bool` | `false` | no |
 | <a name="input_feature_gates"></a> [feature\_gates](#input\_feature\_gates) | Feature gates to enable on the pod | `list(any)` | `[]` | no |
 | <a name="input_fluent_bit_enabled"></a> [fluent\_bit\_enabled](#input\_fluent\_bit\_enabled) | Enable fluent-bit helm charts installation. | `bool` | `true` | no |
 | <a name="input_fluent_bit_extra_helm_values"></a> [fluent\_bit\_extra\_helm\_values](#input\_fluent\_bit\_extra\_helm\_values) | Helm values for extra configuration | `string` | `""` | no |
@@ -221,7 +223,7 @@ module "eks_essentials" {
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. | `number` | `2` | no |
 | <a name="input_metrics_server_enabled"></a> [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable metrics-server helm charts installation. | `bool` | `true` | no |
 | <a name="input_metrics_server_helm_config"></a> [metrics\_server\_helm\_config](#input\_metrics\_server\_helm\_config) | Helm provider config for Metrics Server. | `any` | `{}` | no |
-| <a name="input_metrics_server_helm_config_defaults"></a> [metrics\_server\_helm\_config\_defaults](#input\_metrics\_server\_helm\_config\_defaults) | Helm provider default config for Metrics Server. | `any` | <pre>{<br> "chart": "metrics-server",<br> "description": "Metric server helm Chart deployment configuration",<br> "name": "metrics-server",<br> "namespace": "kube-system",<br> "repository": "https://kubernetes-sigs.github.io/metrics-server/",<br> "version": "3.10.0"<br>}</pre> | no |
+| <a name="input_metrics_server_helm_config_defaults"></a> [metrics\_server\_helm\_config\_defaults](#input\_metrics\_server\_helm\_config\_defaults) | Helm provider default config for Metrics Server. | `any` | <pre>{<br> "chart": "metrics-server",<br> "description": "Metric server helm Chart deployment configuration",<br> "name": "metrics-server",<br> "repository": "https://kubernetes-sigs.github.io/metrics-server/",<br> "version": "3.10.0"<br>}</pre> | no |
 | <a name="input_mutating_webhook_configuration_annotations"></a> [mutating\_webhook\_configuration\_annotations](#input\_mutating\_webhook\_configuration\_annotations) | Optional additional annotations to add to the webhook MutatingWebhookConfiguration | `map(string)` | `{}` | no |
 | <a name="input_namespaces"></a> [namespaces](#input\_namespaces) | List of namespaces to create | <pre>list(object({<br> name = string<br> description = optional(string)<br> }))</pre> | <pre>[<br> {<br> "description": "For core Kubernetes services",<br> "name": "core"<br> }<br>]</pre> | no |
 | <a name="input_node_exporter_enabled"></a> [node\_exporter\_enabled](#input\_node\_exporter\_enabled) | Enable prometheus-node-exporters helm charts installation. | `bool` | `true` | no |

diff --git a/modules/essentials/adot.tf b/modules/essentials/adot.tf
@@ -0,0 +1,8 @@
+resource "aws_eks_addon" "adot_operator" {
+ cluster_name = var.cluster_name
+ addon_name = "adot"
+
+ depends_on = [
+ helm_release.cert_manager,
+ ]
+}
diff --git a/modules/essentials/versions.tf b/modules/essentials/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  helm = {
  source = "hashicorp/helm"

diff --git a/modules/fargate_profile/README.md b/modules/fargate_profile/README.md
@@ -59,21 +59,21 @@ module "fargate_profile" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | terraform-aws-modules/eks/aws//modules/fargate-profile | ~> 19.10.0 |
+| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | terraform-aws-modules/eks/aws//modules/fargate-profile | ~> 19.15.0 |
 
 ## Resources
 

diff --git a/modules/fargate_profile/main.tf b/modules/fargate_profile/main.tf
@@ -1,6 +1,6 @@
 module "fargate_profile" {
  source = "terraform-aws-modules/eks/aws//modules/fargate-profile"
- version = "~> 19.10.0"
+ version = "~> 19.15.0"
 
  for_each = var.fargate_profiles
 

diff --git a/modules/fargate_profile/versions.tf b/modules/fargate_profile/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  kubernetes = {
  source = "hashicorp/kubernetes"

diff --git a/modules/karpenter/karpenter.tf b/modules/karpenter/karpenter.tf
@@ -1,6 +1,6 @@
 module "karpenter" {
  source = "terraform-aws-modules/eks/aws//modules/karpenter"
- version = "~> 19.10.0"
+ version = "~> 19.15.0"
 
  count = var.autoscaling_mode == "karpenter" ? 1 : 0
 

diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf
@@ -12,7 +12,7 @@ terraform {
  }
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  }
 }
diff --git a/modules/self_managed_nodes/README.md b/modules/self_managed_nodes/README.md
@@ -39,21 +39,21 @@ the type of images:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
 | <a name="provider_time"></a> [time](#provider\_time) | >= 0.7 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_self_managed_group"></a> [self\_managed\_group](#module\_self\_managed\_group) | terraform-aws-modules/eks/aws//modules/self-managed-node-group | ~> 19.10.0 |
+| <a name="module_self_managed_group"></a> [self\_managed\_group](#module\_self\_managed\_group) | terraform-aws-modules/eks/aws//modules/self-managed-node-group | ~> 19.15.0 |
 
 ## Resources
 

diff --git a/modules/self_managed_nodes/main.tf b/modules/self_managed_nodes/main.tf
@@ -57,7 +57,7 @@ locals {
 
 module "self_managed_group" {
  source = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"
- version = "~> 19.10.0"
+ version = "~> 19.15.0"
 
  for_each = local.self_managed_node_groups
 

diff --git a/modules/self_managed_nodes/versions.tf b/modules/self_managed_nodes/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  time = {
  source = "hashicorp/time"

diff --git a/variables.tf b/variables.tf
@@ -118,12 +118,6 @@ variable "cluster_addons_timeouts" {
  default = {}
 }
 
-variable "enable_adot_operator_addon" {
- description = "If true, will install the Opentelemetry operator addon"
- type = bool
- default = false
-}
-
 #######################
 # Cluster Networking
 #######################

diff --git a/versions.tf b/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 4.47"
  }
  # tflint-ignore: terraform_unused_required_providers
  kubernetes = {