Update to eks 1.31

.circleci/config.yml

@@ -3,13 +3,13 @@ version: 2.1
 parameters:
   helm_version:
     type: string
-    default: "v3.11.2"
+    default: "v3.15.4"
   terraform_version:
     type: string
     default: "1.9.3"
   hcledit_version:
     type: string
-    default: "0.2.9"
+    default: "0.2.15"
   GHA_Actor:
     type: string
     default: ""
@@ -21,9 +21,9 @@ parameters:
     default: ""
 
 orbs:
-  terraform: circleci/terraform@3.2.0
-  aws-cli: circleci/aws-cli@3.1
-  envsubst: sawadashota/envsubst@1.1.0
+  terraform: circleci/terraform@3.4.0
+  aws-cli: circleci/aws-cli@3.2.0
+  envsubst: sawadashota/envsubst@1.4.3
 
 commands:
   install_tf:
@@ -40,7 +40,7 @@ commands:
     parameters:
       hcledit_version:
         type: string
-        default: "0.2.9"
+        default: "0.2.15"
     steps:
       - run:
           name: Install HCL edit
@@ -195,6 +195,7 @@ commands:
           name: Deploy single-node
           working_directory: tests/deploy
           command: bash ci-deploy.sh deploy_single_node
+          no_output_timeout: "20m"
 
   tf_destroy_single_node:
     description: "Terraform destroy single-node"
@@ -203,6 +204,7 @@ commands:
           name: Destroy single-node
           working_directory: tests/deploy
           command: bash ci-deploy.sh destroy_single_node
+          no_output_timeout: "20m"
 
   tf_deploy:
     description: "Terraform deploy"
@@ -250,7 +252,7 @@ commands:
 jobs:
   tf-plan-test:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string
@@ -262,7 +264,7 @@ jobs:
 
   test-deploy:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string
@@ -287,7 +289,7 @@ jobs:
 
   test-upgrade:
     docker:
-      - image: cimg/aws:2023.04.1
+      - image: cimg/aws:2024.03.1
     parameters:
       terraform_version:
         type: string

.github/workflows/terraform-checks.yml

@@ -84,7 +84,7 @@ jobs:
           retry_wait_seconds: 20
           retry_on: error
           command: >-
-            curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz | tar -C /tmp -xzf - && chmod +x /tmp/terraform-docs && sudo mv /tmp/terraform-docs /usr/local/bin
+            curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.19.0/terraform-docs-v0.19.0-linux-amd64.tar.gz | tar -C /tmp -xzf - && chmod +x /tmp/terraform-docs && sudo mv /tmp/terraform-docs /usr/local/bin
       - name: Terraform docs
         uses: pre-commit/action@v3.0.1
         with:

.pre-commit-config.yaml

@@ -1,8 +1,8 @@
 ## NOTE: Changes(rename/add/delete) to pre-commit ids need to be replicated in .github/workflows/terraform-checks.yml(GHA).
-default_stages: [commit]
+default_stages: [pre-commit]
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
@@ -14,13 +14,13 @@ repos:
       - id: circleci-validate
         args: [--org-slug, github/cerebrotech]
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.29.1
+    rev: 0.29.4
     hooks:
       - id: check-github-workflows
       - id: check-dependabot
       - id: check-github-actions
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.92.1
+    rev: v1.96.2
     hooks:
       - id: terraform_validate
         # See #4 on https://github.com/antonbabenko/pre-commit-terraform#terraform_validate

examples/deploy/terraform/cluster/README.md

@@ -1,6 +1,6 @@
 # eks
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -38,12 +38,12 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(map(string))<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
-| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    enabled                         = optional(bool, false)<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
-| <a name="input_flyte"></a> [flyte](#input\_flyte) | Config to provision the flyte infrastructure. | <pre>object({<br>    enabled                   = optional(bool, false)<br>    force_destroy_on_deletion = optional(bool, true)<br>    platform_namespace        = optional(string, "domino-platform")<br>    compute_namespace         = optional(string, "domino-compute")<br><br>  })</pre> | `{}` | no |
-| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br>    enabled             = optional(bool, false)<br>    hosted_zone_name    = optional(string, null)<br>    namespace           = optional(string, null)<br>    serviceaccount_name = optional(string, null)<br>    rm_role_policy = optional(object({<br>      remove           = optional(bool, false)<br>      detach_from_role = optional(bool, false)<br>      policy_name      = optional(string, "")<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br>    name                = string<br>    namespace           = string<br>    serviceaccount_name = string<br>    policy              = string #json<br>  }))</pre> | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br>    {<br>      key\_id  = KMS key id.<br>      key\_arn = KMS key arn.<br>      enabled = KMS key is enabled.<br>    } | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | `null` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
+| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_flyte"></a> [flyte](#input\_flyte) | Config to provision the flyte infrastructure. | <pre>object({<br/>    enabled                   = optional(bool, false)<br/>    force_destroy_on_deletion = optional(bool, true)<br/>    platform_namespace        = optional(string, "domino-platform")<br/>    compute_namespace         = optional(string, "domino-compute")<br/><br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    hosted_zone_name    = optional(string, null)<br/>    namespace           = optional(string, null)<br/>    serviceaccount_name = optional(string, null)<br/>    rm_role_policy = optional(object({<br/>      remove           = optional(bool, false)<br/>      detach_from_role = optional(bool, false)<br/>      policy_name      = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br/>    name                = string<br/>    namespace           = string<br/>    serviceaccount_name = string<br/>    policy              = string #json<br/>  }))</pre> | `[]` | no |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br/>    {<br/>      key\_id  = KMS key id.<br/>      key\_arn = KMS key arn.<br/>      enabled = KMS key is enabled.<br/>    } | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | `null` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
@@ -52,7 +52,7 @@
 |------|-------------|
 | <a name="output_eks"></a> [eks](#output\_eks) | EKS details. |
 | <a name="output_external_deployments_operator"></a> [external\_deployments\_operator](#output\_external\_deployments\_operator) | External deployments operator details. |
-| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br>  {<br>    irsa\_role = irsa role arn.<br>    zone\_id   = hosted zone id for external\_dns Iam policy<br>    zone\_name = hosted zone name for external\_dns Iam policy<br>  } |
+| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br/>  {<br/>    irsa\_role = irsa role arn.<br/>    zone\_id   = hosted zone id for external\_dns Iam policy<br/>    zone\_name = hosted zone name for external\_dns Iam policy<br/>  } |
 | <a name="output_flyte"></a> [flyte](#output\_flyte) | Flyte details. |
 | <a name="output_infra"></a> [infra](#output\_infra) | Infra details. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->