refs platform/#3267: Update modules for compatibility with aws-eks 1.…

…25 (#54)
sparkfabrik · Dec 5, 2024 · a70aad8 · a70aad8
1 parent ae989ba
commit a70aad8
Show file tree

Hide file tree

Showing 9 changed files with 97 additions and 37 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.0] - 2024-12-5
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-aws-eks-bootstrap/compare/3.0.0...4.0.0)
+
+### Added
+
+- refs platform/#3267: Update modules for compatibility with aws-eks 1.25
+
+### ⚠️ Breaking changes ⚠️
+
+**ATTENTION:** read the [upgrading instructions](https://github.com/sparkfabrik/terraform-aws-eks-bootstrap/blob/4.0.0/UPGRADING.md#from-3x-to-400).
+
 ## [3.1.0] - 2024-07-09
 
 ### Added

diff --git a/README.md b/README.md
@@ -60,6 +60,7 @@ The patches will add the special toleration to the resources, allowing them to b
 | <a name="input_cluster_access_developer_groups"></a> [cluster\_access\_developer\_groups](#input\_cluster\_access\_developer\_groups) | The list of groups that will be mapped to the developer role in the application namespaces. | `list(string)` | n/a | yes |
 | <a name="input_cluster_access_map_users"></a> [cluster\_access\_map\_users](#input\_cluster\_access\_map\_users) | Cluster access | <pre>list(<br>    object({<br>      userarn  = string,<br>      username = string,<br>      groups   = list(string)<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_cluster_additional_addons"></a> [cluster\_additional\_addons](#input\_cluster\_additional\_addons) | Additional addons to install for EKS cluster. | `map(any)` | `{}` | no |
+| <a name="input_cluster_autoscaler_chart_version"></a> [cluster\_autoscaler\_chart\_version](#input\_cluster\_autoscaler\_chart\_version) | Cluster Autoscaler Helm Chart Version | `string` | `"9.35.0"` | no |
 | <a name="input_cluster_autoscaler_helm_config"></a> [cluster\_autoscaler\_helm\_config](#input\_cluster\_autoscaler\_helm\_config) | Cluster Autoscaler Helm Chart Configuration | `any` | `{}` | no |
 | <a name="input_cluster_enable_amazon_cloudwatch_observability_addon"></a> [cluster\_enable\_amazon\_cloudwatch\_observability\_addon](#input\_cluster\_enable\_amazon\_cloudwatch\_observability\_addon) | Indicates whether to enable the Amazon CloudWatch Container Insights for Kubernetes. | `bool` | `true` | no |
 | <a name="input_cluster_enabled_log_types"></a> [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Cluster Logging in the Amazon EKS User Guide. | `list(string)` | `[]` | no |
@@ -98,15 +99,18 @@ The patches will add the special toleration to the resources, allowing them to b
 | <a name="input_kube_prometheus_grafana_hostname"></a> [kube\_prometheus\_grafana\_hostname](#input\_kube\_prometheus\_grafana\_hostname) | n/a | `string` | `""` | no |
 | <a name="input_kube_prometheus_storage_zone"></a> [kube\_prometheus\_storage\_zone](#input\_kube\_prometheus\_storage\_zone) | n/a | `list(string)` | `[]` | no |
 | <a name="input_letsencrypt_email"></a> [letsencrypt\_email](#input\_letsencrypt\_email) | Email address for expiration emails from Let's Encrypt. | `string` | `"example@example.com"` | no |
+| <a name="input_metric_server_chart_version"></a> [metric\_server\_chart\_version](#input\_metric\_server\_chart\_version) | Metric Server Helm Chart Version | `string` | `"3.12.0"` | no |
 | <a name="input_metric_server_helm_config"></a> [metric\_server\_helm\_config](#input\_metric\_server\_helm\_config) | Metric Server Helm Chart Configuration | `any` | `{}` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | n/a | `list(string)` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
 | <a name="input_prometheus_stack_additional_values"></a> [prometheus\_stack\_additional\_values](#input\_prometheus\_stack\_additional\_values) | Additional values for Kube Prometheus Stack | `list(string)` | `[]` | no |
 | <a name="input_velero_bucket_expiration_days"></a> [velero\_bucket\_expiration\_days](#input\_velero\_bucket\_expiration\_days) | n/a | `number` | `90` | no |
 | <a name="input_velero_bucket_glacier_days"></a> [velero\_bucket\_glacier\_days](#input\_velero\_bucket\_glacier\_days) | n/a | `number` | `60` | no |
 | <a name="input_velero_bucket_infrequently_access_days"></a> [velero\_bucket\_infrequently\_access\_days](#input\_velero\_bucket\_infrequently\_access\_days) | n/a | `number` | `30` | no |
+| <a name="input_velero_chart_version"></a> [velero\_chart\_version](#input\_velero\_chart\_version) | Velero Helm Chart Version | `string` | `"6.0.0"` | no |
 | <a name="input_velero_helm_config"></a> [velero\_helm\_config](#input\_velero\_helm\_config) | Velero Helm Chart Configuration | `any` | `{}` | no |
 | <a name="input_velero_helm_values"></a> [velero\_helm\_values](#input\_velero\_helm\_values) | Velero helm chart values | `string` | `""` | no |
+| <a name="input_velero_schedule_cron"></a> [velero\_schedule\_cron](#input\_velero\_schedule\_cron) | Velero Schedule Cron | `string` | `"0 4 * * *"` | no |
 | <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | n/a | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC | `string` | n/a | yes |
 ## Outputs
@@ -169,7 +173,7 @@ The patches will add the special toleration to the resources, allowing them to b
 | <a name="module_fluentbit"></a> [fluentbit](#module\_fluentbit) | github.com/sparkfabrik/terraform-helm-fluentbit | 0.3.1 |
 | <a name="module_gitlab_runner"></a> [gitlab\_runner](#module\_gitlab\_runner) | github.com/sparkfabrik/terraform-aws-eks-gitlab-runner | 4e020f8 |
 | <a name="module_iam_assumable_role_with_oidc_for_eks_addons"></a> [iam\_assumable\_role\_with\_oidc\_for\_eks\_addons](#module\_iam\_assumable\_role\_with\_oidc\_for\_eks\_addons) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
-| <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | github.com/sparkfabrik/terraform-helm-ingress-nginx | 0.4.0 |
+| <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | github.com/sparkfabrik/terraform-helm-ingress-nginx | 0.7.0 |
 | <a name="module_kube_prometheus_stack"></a> [kube\_prometheus\_stack](#module\_kube\_prometheus\_stack) | github.com/sparkfabrik/terraform-sparkfabrik-prometheus-stack | 3.0.0 |
 | <a name="module_load_balancer_controller_irsa_role"></a> [load\_balancer\_controller\_irsa\_role](#module\_load\_balancer\_controller\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.17 |
 | <a name="module_node_termination_handler_irsa_role"></a> [node\_termination\_handler\_irsa\_role](#module\_node\_termination\_handler\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.17 |

diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,4 +1,14 @@
-# Upgrading from 2.X.Y to 3.0.0
+# Upgrading Paht
+
+## From 3.x to 4.0.0
+
+If you are upgrading from `3.x` to `4.0.0`, you will need to uninstall the `velero` helm release first:
+
+1. run `terraform state list | grep helm_release.velero`
+2. run `terraform destroy -target='<the resource fetched at step 1>'`
+3. update module and apply new resources
+
+## From 2.X.Y to 3.0.0
 
 Upgrading to `3.0.0` from `2.X.Y` will destroy and recreate the ingress nginx controller resource since now we're using the external module hosted on [GitHub](https://github.com/sparkfabrik/terraform-helm-ingress-nginx/).
 

diff --git a/cluster-autoscaler.tf b/cluster-autoscaler.tf
@@ -5,7 +5,7 @@ locals {
     name              = "cluster-autoscaler"
     repository        = "https://kubernetes.github.io/autoscaler"
     helm_release_name = "cluster-autoscaler"
-    chart_version     = "9.28.0"
+    chart_version     = var.cluster_autoscaler_chart_version
     namespace         = "kube-system"
   }
 

diff --git a/files/metric-server/values.yaml b/files/metric-server/values.yaml
@@ -0,0 +1,4 @@
+resources:
+  requests:
+    cpu: 200m
+    memory: 50Mi
diff --git a/files/velero/values.yaml b/files/velero/values.yaml
@@ -1,11 +1,15 @@
+# https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/values.yaml
 credentials:
   useSecret: false
 
 configuration:
-  provider: aws
   backupStorageLocation:
-    name: default
-    bucket: ${bucket}
+    - provider: aws
+      bucket: ${bucket}
+  volumeSnapshotLocation:
+    - provider: aws
+      config:
+        region: ${region}
 
 serviceAccount:
   server:
@@ -14,20 +18,19 @@ serviceAccount:
       eks.amazonaws.com/role-arn: ${role_arn}
 
 initContainers:
-- name: velero-plugin-for-aws
-  image: velero/velero-plugin-for-aws:${aws_container_version}
-  imagePullPolicy: IfNotPresent
-  volumeMounts:
-    - mountPath: /target
-      name: plugins
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:${aws_container_version}
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+      - mountPath: /target
+        name: plugins
 
 schedules:
   fullbackup:
     disabled: false
-    schedule: "0 * * * *"
+    schedule: ${schedule_cron}
     useOwnerReferencesInBackup: true
     template:
-      defaultVolumesToRestic: false
       ttl: 720h
 
-snapshotsEnabled: false
+snapshotsEnabled: false
diff --git a/metric-server.tf b/metric-server.tf
@@ -4,7 +4,7 @@ locals {
     name              = "metrics-server"
     repository        = "https://kubernetes-sigs.github.io/metrics-server"
     helm_release_name = "metrics-server"
-    chart_version     = "3.10.0"
+    chart_version     = var.metric_server_chart_version
     namespace         = "kube-system"
   }
 
@@ -31,6 +31,10 @@ resource "helm_release" "metric_server" {
   namespace  = local.metric_server_helm_config.namespace
   version    = local.metric_server_helm_config.chart_version
 
+  values = [
+    file("${path.module}/files/metric-server/values.yaml")
+  ]
+
   depends_on = [
     module.eks
   ]

diff --git a/variables.tf b/variables.tf
@@ -150,6 +150,12 @@ variable "enable_metric_server" {
   default     = true
 }
 
+variable "metric_server_chart_version" {
+  type        = string
+  description = "Metric Server Helm Chart Version"
+  default     = "3.12.0"
+}
+
 variable "metric_server_helm_config" {
   type        = any
   default     = {}
@@ -186,6 +192,12 @@ variable "enable_cluster_autoscaler" {
   description = "Enable Cluster Autoscaler"
 }
 
+variable "cluster_autoscaler_chart_version" {
+  type        = string
+  default     = "9.35.0"
+  description = "Cluster Autoscaler Helm Chart Version"
+}
+
 variable "cluster_autoscaler_helm_config" {
   type        = any
   default     = {}
@@ -297,6 +309,18 @@ variable "enable_velero" {
   description = "Enable Velero"
 }
 
+variable "velero_chart_version" {
+  type        = string
+  default     = "6.0.0"
+  description = "Velero Helm Chart Version"
+}
+
+variable "velero_schedule_cron" {
+  type        = string
+  default     = "0 4 * * *"
+  description = "Velero Schedule Cron"
+}
+
 variable "velero_helm_config" {
   type        = any
   default     = {}

diff --git a/velero.tf b/velero.tf
@@ -6,14 +6,14 @@
 
 locals {
   default_velero_helm_config = {
-    name                  = "velero"
-    repository            = "https://vmware-tanzu.github.io/helm-charts"
-    helm_release_name     = "velero"
-    chart_version         = "2.27.3"
-    namespace             = "velero"
-    create_namespace      = true
-    aws_plugin_version    = "v1.2.1"
-    csi_plugin_version    = "v0.1.2"
+    name               = "velero"
+    repository         = "https://vmware-tanzu.github.io/helm-charts"
+    helm_release_name  = "velero"
+    chart_version      = var.velero_chart_version
+    namespace          = "velero"
+    create_namespace   = true
+    aws_plugin_version = "v1.9.1"
+    schedule_cron      = var.velero_schedule_cron
   }
 
   velero_helm_config = merge(
@@ -23,6 +23,17 @@ locals {
 
   # Add a random suffix to prevent bucket name collisions.
   bucket_name = "${var.cluster_name}-velero-storage-${random_id.resources_suffix[0].hex}"
+
+  velero_default_values = templatefile(
+    "${path.module}/files/velero/values.yaml", {
+      role_arn              = module.velero_irsa_role[0].iam_role_arn
+      bucket                = local.bucket_name
+      serviceaccount_name   = local.velero_helm_config.name
+      aws_container_version = local.velero_helm_config.aws_plugin_version
+      region                = data.aws_region.current.name
+      schedule_cron         = local.velero_helm_config.schedule_cron
+    }
+  )
 }
 
 # The generated random_id is 4 characters long.
@@ -117,18 +128,6 @@ module "velero_irsa_role" {
   }
 }
 
-data "template_file" "velero_default_values" {
-  template = templatefile(
-    "${path.module}/files/velero/values.yaml", {
-      role_arn              = module.velero_irsa_role[0].iam_role_arn
-      bucket                = local.bucket_name
-      serviceaccount_name   = local.velero_helm_config.name
-      aws_container_version = local.velero_helm_config.aws_plugin_version
-      region                = data.aws_region.current.name
-    }
-  )
-}
-
 resource "helm_release" "velero" {
   count = var.enable_velero ? 1 : 0
 
@@ -138,7 +137,7 @@ resource "helm_release" "velero" {
   namespace  = local.velero_helm_config.namespace
   version    = local.velero_helm_config.chart_version
 
-  values = trimspace(var.velero_helm_values) != "" ? [data.template_file.velero_default_values.template, var.velero_helm_values] : [data.template_file.velero_default_values.template]
+  values = trimspace(var.velero_helm_values) != "" ? [local.velero_default_values, var.velero_helm_values] : [local.velero_default_values]
 
   depends_on = [
     kubernetes_namespace.velero