Skip to content

Commit

Permalink
refactor: update versions and fix dependencies between components
Browse files Browse the repository at this point in the history
  • Loading branch information
Max Glotov committed Jul 26, 2024
1 parent 819ee2f commit 5e65d8e
Show file tree
Hide file tree
Showing 16 changed files with 143 additions and 123 deletions.
5 changes: 3 additions & 2 deletions terraform/modules/aws-acm/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@ module "acm" {

create_certificate = var.create_acm_certificate

domain_name = var.domain_name
zone_id = var.zone_id
domain_name = var.domain_name
zone_id = var.zone_id
validation_method = var.validation_method
subject_alternative_names = [
"*.${var.domain_name}"]
}
5 changes: 5 additions & 0 deletions terraform/modules/aws-acm/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ variable "zone_id" {
default = ""
description = "R53 zone id for public domain"
}

variable "validation_method" {
default = "DNS"
description = "Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform."
}
5 changes: 3 additions & 2 deletions terraform/modules/k8s-addons/eks-aws-loadbalancer-controller.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,7 @@ resource "helm_release" "aws_loadbalancer_controller" {
version = local.aws_load_balancer_controller.chart_version
namespace = module.aws_load_balancer_controller_namespace[count.index].name
max_history = var.helm_release_history_size
wait = true

values = [
local.aws_load_balancer_controller_values
Expand All @@ -428,7 +429,7 @@ resource "helm_release" "aws_loadbalancer_controller" {
value = tls_private_key.aws_loadbalancer_controller_webhook[0].private_key_pem
}

depends_on = [helm_release.karpenter]
depends_on = [kubectl_manifest.karpenter_nodepool_default]
}

resource "kubernetes_ingress_v1" "default" {
Expand Down Expand Up @@ -468,7 +469,7 @@ resource "kubernetes_ingress_v1" "default" {
}
wait_for_load_balancer = true

depends_on = [helm_release.aws_loadbalancer_controller, helm_release.ingress_nginx, module.aws_iam_aws_loadbalancer_controller, tls_locally_signed_cert.aws_loadbalancer_controller_webhook]
depends_on = [kubectl_manifest.karpenter_nodepool_default, helm_release.ingress_nginx, module.aws_iam_aws_loadbalancer_controller] #, helm_release.aws_loadbalancer_controller, module.aws_iam_aws_loadbalancer_controller, tls_locally_signed_cert.aws_loadbalancer_controller_webhook
}

resource "aws_route53_record" "default_ingress" {
Expand Down
3 changes: 2 additions & 1 deletion terraform/modules/k8s-addons/eks-ingress-nginx-controller.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,11 +208,12 @@ resource "helm_release" "ingress_nginx" {
version = local.ingress_nginx.chart_version
namespace = module.ingress_nginx_namespace[count.index].name
max_history = var.helm_release_history_size
wait = true

values = [
local.ingress_nginx_general_values,
var.nginx_ingress_ssl_terminator == "lb" ? local.ingress_nginx_and_aws_load_balancer_controller : local.ingress_pod_ssl_termination_values
]

depends_on = [kubectl_manifest.kube_prometheus_stack_operator_crds]
depends_on = [kubectl_manifest.kube_prometheus_stack_operator_crds, helm_release.aws_loadbalancer_controller]
}
27 changes: 15 additions & 12 deletions terraform/modules/k8s-addons/eks-karpenter.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ settings:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: ${module.karpenter[0].irsa_arn}
eks.amazonaws.com/role-arn: ${module.karpenter[0].iam_role_arn}
controller:
resources:
Expand All @@ -35,20 +35,23 @@ module "karpenter" {
count = local.karpenter.enabled ? 1 : 0

source = "terraform-aws-modules/eks/aws//modules/karpenter"
version = "20.8.4"
version = "20.17.2"

cluster_name = local.eks_cluster_id

policies = {
node_iam_role_additional_policies = {
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}

irsa_oidc_provider_arn = local.eks_oidc_provider_arn
irsa_namespace_service_accounts = ["karpenter:karpenter"]
enable_irsa = true
irsa_oidc_provider_arn = local.eks_oidc_provider_arn
enable_pod_identity = false

create_node_iam_role = false
node_iam_role_arn = var.node_group_default_iam_role_arn
# Since the node group role will already have an access entry
create_access_entry = false

create_iam_role = false
enable_karpenter_instance_profile_creation = true
iam_role_arn = var.node_group_default_iam_role_arn
}

module "karpenter_namespace" {
Expand All @@ -68,7 +71,7 @@ metadata:
name: private
namespace: karpenter
spec:
amiFamily: AL2 # Amazon Linux 2
amiFamily: AL2023 # Amazon Linux 2023
role: ${var.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
subnetSelectorTerms:
- tags:
Expand Down Expand Up @@ -99,7 +102,7 @@ metadata:
name: public
namespace: karpenter
spec:
amiFamily: AL2 # Amazon Linux 2
amiFamily: AL2023 # Amazon Linux 2023
role: ${var.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
subnetSelectorTerms:
- tags:
Expand Down Expand Up @@ -186,7 +189,7 @@ spec:
EOF

depends_on = [helm_release.karpenter]
depends_on = [kubectl_manifest.karpenter_ec2nodeclass_private]
}

resource "kubectl_manifest" "karpenter_nodepool_ci" {
Expand Down Expand Up @@ -257,7 +260,7 @@ spec:
EOF

depends_on = [helm_release.karpenter]
depends_on = [kubectl_manifest.karpenter_ec2nodeclass_public]
}

resource "helm_release" "karpenter" {
Expand Down
2 changes: 1 addition & 1 deletion terraform/modules/k8s-addons/eks-kube-prometheus-stack.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,7 +527,7 @@ resource "helm_release" "prometheus_operator" {
])

depends_on = [
kubectl_manifest.kube_prometheus_stack_operator_crds
helm_release.ingress_nginx
]

}
Expand Down
16 changes: 8 additions & 8 deletions terraform/modules/k8s-addons/eks-prometheus-operator-crds.tf
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
locals {
kube_prometheus_stack_operator_crds = [
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-probes.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml"
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml",
"https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${local.kube_prometheus_stack.chart_version}/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml"
]
}

Expand Down
6 changes: 3 additions & 3 deletions terraform/modules/k8s-addons/helm-releases.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ releases:
enabled: true
chart: karpenter
repository: oci://public.ecr.aws/karpenter
chart_version: v0.36.1
chart_version: 0.37.0
namespace: karpenter
- id: keda
enabled: false
Expand All @@ -81,7 +81,7 @@ releases:
enabled: true
chart: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts
chart_version: 58.5.3
chart_version: 61.3.1
namespace: monitoring
- id: loki-stack
enabled: true
Expand All @@ -99,5 +99,5 @@ releases:
enabled: false
chart: victoria-metrics-k8s-stack
repository: https://victoriametrics.github.io/helm-charts
chart_version: 0.22.11
chart_version: 0.24.1
namespace: monitoring
2 changes: 1 addition & 1 deletion terraform/modules/k8s-addons/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ provider "helm" {
}

experiments {
manifest = true
manifest = false
}
}

Expand Down
34 changes: 17 additions & 17 deletions terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

63 changes: 31 additions & 32 deletions terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

34 changes: 17 additions & 17 deletions terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 5e65d8e

Please sign in to comment.