From eeb7c8d58a39ac2ac2a7cfcc3e67f03f3543b48d Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Mon, 10 Oct 2022 14:37:16 +0200 Subject: [PATCH] feat: prepare release * Upgrade to Kubernetes 1.23 * Upgrade to latest terraform modules * Upgrade to latest EKS addons closes #138, closes #135, closes #125, closes #75 Signed-off-by: Kevin Lefevre --- .pre-commit-config.yaml | 4 +-- .tool-versions | 6 ++--- .../dependency-blocks/encryption-config.hcl | 2 +- .../demo/eks-addons-critical/terragrunt.hcl | 11 +++----- .../clusters/demo/eks-addons/terragrunt.hcl | 26 +++++++++---------- .../clusters/demo/eks/terragrunt.hcl | 10 +++---- terragrunt/live/production/terragrunt.hcl | 1 - tools/max-pods-calculator.sh | 11 ++++---- 8 files changed, 33 insertions(+), 38 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c13679d8..71f1e3f1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,12 +1,12 @@ repos: - repo: https://github.com/gitguardian/gg-shield - rev: v1.12.0 + rev: v1.13.3 hooks: - id: ggshield language_version: python3 stages: [commit] - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.74.1 + rev: v1.76.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/.tool-versions b/.tool-versions index 47ab1f0e..aab20fbc 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,6 +1,6 @@ -terragrunt 0.38.6 -terraform 1.2.5 +terragrunt 0.39.1 +terraform 1.3.2 terraform-docs 0.16.0 tflint 0.34.1 tfsec 0.63.1 -kubectl 1.22.12 +kubectl 1.23.12 diff --git a/terragrunt/dependency-blocks/encryption-config.hcl b/terragrunt/dependency-blocks/encryption-config.hcl index f6318e38..1a77701e 100644 --- a/terragrunt/dependency-blocks/encryption-config.hcl +++ b/terragrunt/dependency-blocks/encryption-config.hcl @@ -4,6 +4,6 @@ dependency "encryption_config" { config_path = "${get_original_terragrunt_dir()}/../encryption-config" mock_outputs = { - arn = "arn:::aws" + arn = "arn:aws:iam::111122223333:root" } } diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl index 5bef6e3f..f94fda1a 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl @@ -17,7 +17,7 @@ include "eks" { } terraform { - source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v9.4.0" + source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v10.1.1" } generate "provider-local" { @@ -95,13 +95,8 @@ inputs = { } npd = { - # Waiing for ARM image https://github.com/kubernetes/node-problem-detector/issues/586 - enabled = true - wait = false - extra_values = <<-EXTRA_VALUES - nodeSelector: - kubernetes.io/arch: amd64 - EXTRA_VALUES + enabled = true + wait = false } tigera-operator = { diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl index b8691604..d9db83c2 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl @@ -21,7 +21,7 @@ include "eks" { } terraform { - source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v9.4.0" + source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v10.1.1" } generate "provider-local" { @@ -75,7 +75,7 @@ inputs = { cluster-autoscaler = { enabled = true - version = "v1.22.2" + version = "v1.23.1" extra_values = <<-EXTRA_VALUES extraArgs: scale-down-utilization-threshold: 0.7 @@ -91,19 +91,20 @@ inputs = { repository = "teks" branch = "flux" repository_visibility = "public" - version = "v0.31.3" + version = "v0.35.0" auto_image_update = true } kube-prometheus-stack = { - enabled = true - allowed_cidrs = dependency.vpc.outputs.intra_subnets_cidr_blocks - thanos_sidecar_enabled = true - thanos_bucket_force_destroy = true - extra_values = <<-EXTRA_VALUES + enabled = true + allowed_cidrs = dependency.vpc.outputs.intra_subnets_cidr_blocks + thanos_sidecar_enabled = true + thanos_bucket_force_destroy = true + grafana_create_iam_resources_irsa = true + extra_values = <<-EXTRA_VALUES grafana: image: - tag: 9.0.3 + tag: 9.1.7 deploymentStrategy: type: Recreate ingress: @@ -161,7 +162,7 @@ inputs = { limits: cpu: 2 memory: 4Gi - config: + loki: limits_config: ingestion_rate_mb: 320 ingestion_burst_size_mb: 512 @@ -178,8 +179,7 @@ inputs = { nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "telemetry/loki-ca" hosts: - - host: logz.${include.root.locals.merged.default_domain_name} - paths: ["/"] + - logz.${include.root.locals.merged.default_domain_name} tls: - secretName: logz.${include.root.locals.merged.default_domain_name} hosts: @@ -196,7 +196,7 @@ inputs = { }, ] expiration = { - days = 30 + days = 365 } }, ] diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl index b85e71b5..dcd9d635 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl @@ -70,7 +70,7 @@ inputs = { manage_aws_auth_configmap = true cluster_name = include.root.locals.full_name - cluster_version = "1.22" + cluster_version = "1.23" cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] cluster_endpoint_private_access = true cluster_endpoint_public_access = true @@ -82,15 +82,15 @@ inputs = { ] cluster_addons = { coredns = { - addon_version = "v1.8.7-eksbuild.1" + addon_version = "v1.8.7-eksbuild.3" resolve_conflicts = "OVERWRITE" } kube-proxy = { - addon_version = "v1.22.6-eksbuild.1" + addon_version = "v1.23.7-eksbuild.1" resolve_conflicts = "OVERWRITE" } vpc-cni = { - addon_version = "v1.11.2-eksbuild.1" + addon_version = "v1.11.4-eksbuild.1" resolve_conflicts = "OVERWRITE" } } @@ -182,7 +182,7 @@ inputs = { max_size = 100 capacity_type = "ON_DEMAND" platform = "bottlerocket" - ami_release_version = "1.8.0-a6233c22" + ami_release_version = "1.9.2-b8074d44" iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"] ebs_optimized = true update_config = { diff --git a/terragrunt/live/production/terragrunt.hcl b/terragrunt/live/production/terragrunt.hcl index 809270b9..42ac79ec 100644 --- a/terragrunt/live/production/terragrunt.hcl +++ b/terragrunt/live/production/terragrunt.hcl @@ -50,7 +50,6 @@ generate "provider-aws" { tags = var.provider_default_tags } } - data "aws_default_tags" "current" {} EOF } diff --git a/tools/max-pods-calculator.sh b/tools/max-pods-calculator.sh index ce2497de..9542f0a5 100755 --- a/tools/max-pods-calculator.sh +++ b/tools/max-pods-calculator.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -o pipefail set -o nounset @@ -76,14 +76,15 @@ CNI_MAX_ENI="${CNI_MAX_ENI:-}" INSTANCE_TYPE="${INSTANCE_TYPE:-}" INSTANCE_TYPE_FROM_IMDS="${INSTANCE_TYPE_FROM_IMDS:-false}" SHOW_MAX_ALLOWED="${SHOW_MAX_ALLOWED:-false}" +IMDS_ENDPOINT="${IMDS_ENDPOINT:-169.254.169.254:80}" PREFIX_DELEGATION_SUPPORTED=false IPS_PER_PREFIX=16 if [ "$INSTANCE_TYPE_FROM_IMDS" = true ]; then - TOKEN=$(curl -m 10 -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" -s "http://169.254.169.254/latest/api/token") - export AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r) - INSTANCE_TYPE=$(curl -m 10 -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-type) + TOKEN=$(curl -m 10 -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" -s "http://${IMDS_ENDPOINT}/latest/api/token") + export AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://${IMDS_ENDPOINT}/latest/dynamic/instance-identity/document | jq .region -r) + INSTANCE_TYPE=$(curl -m 10 -H "X-aws-ec2-metadata-token: $TOKEN" -s http://${IMDS_ENDPOINT}/latest/meta-data/instance-type) elif [ -z "$INSTANCE_TYPE" ]; # There's no reasonable default for an instanceType so force one to be provided to the script. then echo "You must specify an instance type to calculate max pods value." @@ -119,7 +120,7 @@ if [[ "$CNI_MAJOR_VERSION" -gt 1 ]] || ([[ "$CNI_MAJOR_VERSION" = 1 ]] && [[ "$C PREFIX_DELEGATION_SUPPORTED=true fi -DESCRIBE_INSTANCES_RESULT=$(aws ec2 describe-instance-types --instance-type $INSTANCE_TYPE --query 'InstanceTypes[0].{Hypervisor: Hypervisor, EniCount: NetworkInfo.MaximumNetworkInterfaces, PodsPerEniCount: NetworkInfo.Ipv4AddressesPerInterface, CpuCount: VCpuInfo.DefaultVCpus'} --output json) +DESCRIBE_INSTANCES_RESULT=$(aws ec2 describe-instance-types --instance-type "${INSTANCE_TYPE}" --query 'InstanceTypes[0].{Hypervisor: Hypervisor, EniCount: NetworkInfo.MaximumNetworkInterfaces, PodsPerEniCount: NetworkInfo.Ipv4AddressesPerInterface, CpuCount: VCpuInfo.DefaultVCpus}' --output json) HYPERVISOR_TYPE=$(echo $DESCRIBE_INSTANCES_RESULT | jq -r '.Hypervisor' ) IS_NITRO=false