feat: prepare release

* Upgrade to Kubernetes 1.23 * Upgrade to latest terraform modules * Upgrade to latest EKS addons closes #138, closes #135, closes #125, closes #75 Signed-off-by: Kevin Lefevre <kevin@particule.io>
particuleio · Oct 10, 2022 · eeb7c8d · eeb7c8d
1 parent 390256a
commit eeb7c8d
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 38 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,12 +1,12 @@
 repos:
   - repo: https://github.com/gitguardian/gg-shield
-    rev: v1.12.0
+    rev: v1.13.3
     hooks:
       - id: ggshield
         language_version: python3
         stages: [commit]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.74.1
+    rev: v1.76.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/.tool-versions b/.tool-versions
@@ -1,6 +1,6 @@
-terragrunt 0.38.6
-terraform 1.2.5
+terragrunt 0.39.1
+terraform 1.3.2
 terraform-docs 0.16.0
 tflint 0.34.1
 tfsec 0.63.1
-kubectl 1.22.12
+kubectl 1.23.12
diff --git a/terragrunt/dependency-blocks/encryption-config.hcl b/terragrunt/dependency-blocks/encryption-config.hcl
@@ -4,6 +4,6 @@ dependency "encryption_config" {
   config_path = "${get_original_terragrunt_dir()}/../encryption-config"
 
   mock_outputs = {
-    arn = "arn:::aws"
+    arn = "arn:aws:iam::111122223333:root"
   }
 }
diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl
@@ -17,7 +17,7 @@ include "eks" {
 }
 
 terraform {
-  source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v9.4.0"
+  source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v10.1.1"
 }
 
 generate "provider-local" {
@@ -95,13 +95,8 @@ inputs = {
   }
 
   npd = {
-    # Waiing for ARM image https://github.com/kubernetes/node-problem-detector/issues/586
-    enabled      = true
-    wait         = false
-    extra_values = <<-EXTRA_VALUES
-      nodeSelector:
-        kubernetes.io/arch: amd64
-      EXTRA_VALUES
+    enabled = true
+    wait    = false
   }
 
   tigera-operator = {

diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl
@@ -21,7 +21,7 @@ include "eks" {
 }
 
 terraform {
-  source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v9.4.0"
+  source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v10.1.1"
 }
 
 generate "provider-local" {
@@ -75,7 +75,7 @@ inputs = {
 
   cluster-autoscaler = {
     enabled      = true
-    version      = "v1.22.2"
+    version      = "v1.23.1"
     extra_values = <<-EXTRA_VALUES
     extraArgs:
       scale-down-utilization-threshold: 0.7
@@ -91,19 +91,20 @@ inputs = {
     repository            = "teks"
     branch                = "flux"
     repository_visibility = "public"
-    version               = "v0.31.3"
+    version               = "v0.35.0"
     auto_image_update     = true
   }
 
   kube-prometheus-stack = {
-    enabled                     = true
-    allowed_cidrs               = dependency.vpc.outputs.intra_subnets_cidr_blocks
-    thanos_sidecar_enabled      = true
-    thanos_bucket_force_destroy = true
-    extra_values                = <<-EXTRA_VALUES
+    enabled                           = true
+    allowed_cidrs                     = dependency.vpc.outputs.intra_subnets_cidr_blocks
+    thanos_sidecar_enabled            = true
+    thanos_bucket_force_destroy       = true
+    grafana_create_iam_resources_irsa = true
+    extra_values                      = <<-EXTRA_VALUES
       grafana:
         image:
-          tag: 9.0.3
+          tag: 9.1.7
         deploymentStrategy:
           type: Recreate
         ingress:
@@ -161,7 +162,7 @@ inputs = {
         limits:
           cpu: 2
           memory: 4Gi
-      config:
+      loki:
         limits_config:
           ingestion_rate_mb: 320
           ingestion_burst_size_mb: 512
@@ -178,8 +179,7 @@ inputs = {
           nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
           nginx.ingress.kubernetes.io/auth-tls-secret: "telemetry/loki-ca"
         hosts:
-          - host: logz.${include.root.locals.merged.default_domain_name}
-            paths: ["/"]
+          - logz.${include.root.locals.merged.default_domain_name}
         tls:
           - secretName: logz.${include.root.locals.merged.default_domain_name}
             hosts:
@@ -196,7 +196,7 @@ inputs = {
           },
         ]
         expiration = {
-          days = 30
+          days = 365
         }
       },
     ]

diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl
@@ -70,7 +70,7 @@ inputs = {
   manage_aws_auth_configmap = true
 
   cluster_name                    = include.root.locals.full_name
-  cluster_version                 = "1.22"
+  cluster_version                 = "1.23"
   cluster_enabled_log_types       = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   cluster_endpoint_private_access = true
   cluster_endpoint_public_access  = true
@@ -82,15 +82,15 @@ inputs = {
   ]
   cluster_addons = {
     coredns = {
-      addon_version     = "v1.8.7-eksbuild.1"
+      addon_version     = "v1.8.7-eksbuild.3"
       resolve_conflicts = "OVERWRITE"
     }
     kube-proxy = {
-      addon_version     = "v1.22.6-eksbuild.1"
+      addon_version     = "v1.23.7-eksbuild.1"
       resolve_conflicts = "OVERWRITE"
     }
     vpc-cni = {
-      addon_version     = "v1.11.2-eksbuild.1"
+      addon_version     = "v1.11.4-eksbuild.1"
       resolve_conflicts = "OVERWRITE"
     }
   }
@@ -182,7 +182,7 @@ inputs = {
     max_size                     = 100
     capacity_type                = "ON_DEMAND"
     platform                     = "bottlerocket"
-    ami_release_version          = "1.8.0-a6233c22"
+    ami_release_version          = "1.9.2-b8074d44"
     iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
     ebs_optimized                = true
     update_config = {

diff --git a/terragrunt/live/production/terragrunt.hcl b/terragrunt/live/production/terragrunt.hcl
@@ -50,7 +50,6 @@ generate "provider-aws" {
         tags = var.provider_default_tags
       }
     }
-    data "aws_default_tags" "current" {}
   EOF
 }
 

diff --git a/tools/max-pods-calculator.sh b/tools/max-pods-calculator.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -o pipefail
 set -o nounset
@@ -76,14 +76,15 @@ CNI_MAX_ENI="${CNI_MAX_ENI:-}"
 INSTANCE_TYPE="${INSTANCE_TYPE:-}"
 INSTANCE_TYPE_FROM_IMDS="${INSTANCE_TYPE_FROM_IMDS:-false}"
 SHOW_MAX_ALLOWED="${SHOW_MAX_ALLOWED:-false}"
+IMDS_ENDPOINT="${IMDS_ENDPOINT:-169.254.169.254:80}"
 
 PREFIX_DELEGATION_SUPPORTED=false
 IPS_PER_PREFIX=16
 
 if [ "$INSTANCE_TYPE_FROM_IMDS" = true ]; then
-    TOKEN=$(curl -m 10 -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" -s "http://169.254.169.254/latest/api/token")
-    export AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r)
-    INSTANCE_TYPE=$(curl -m 10 -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-type)
+    TOKEN=$(curl -m 10 -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" -s "http://${IMDS_ENDPOINT}/latest/api/token")
+    export AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://${IMDS_ENDPOINT}/latest/dynamic/instance-identity/document | jq .region -r)
+    INSTANCE_TYPE=$(curl -m 10 -H "X-aws-ec2-metadata-token: $TOKEN" -s http://${IMDS_ENDPOINT}/latest/meta-data/instance-type)
 elif [ -z "$INSTANCE_TYPE" ];
     # There's no reasonable default for an instanceType so force one to be provided to the script.
     then echo "You must specify an instance type to calculate max pods value."
@@ -119,7 +120,7 @@ if [[ "$CNI_MAJOR_VERSION" -gt 1 ]] || ([[ "$CNI_MAJOR_VERSION" = 1 ]] && [[ "$C
     PREFIX_DELEGATION_SUPPORTED=true
 fi
 
-DESCRIBE_INSTANCES_RESULT=$(aws ec2 describe-instance-types --instance-type $INSTANCE_TYPE --query 'InstanceTypes[0].{Hypervisor: Hypervisor, EniCount: NetworkInfo.MaximumNetworkInterfaces, PodsPerEniCount: NetworkInfo.Ipv4AddressesPerInterface, CpuCount: VCpuInfo.DefaultVCpus'} --output json)
+DESCRIBE_INSTANCES_RESULT=$(aws ec2 describe-instance-types --instance-type "${INSTANCE_TYPE}" --query 'InstanceTypes[0].{Hypervisor: Hypervisor, EniCount: NetworkInfo.MaximumNetworkInterfaces, PodsPerEniCount: NetworkInfo.Ipv4AddressesPerInterface, CpuCount: VCpuInfo.DefaultVCpus}' --output json)
 
 HYPERVISOR_TYPE=$(echo $DESCRIBE_INSTANCES_RESULT | jq -r '.Hypervisor' )
 IS_NITRO=false