diff --git a/examples/de-aws-eks/modules/document-engine-storage/utility.tf b/examples/de-aws-eks/modules/document-engine-storage/utility.tf index 2bca7f0..e4c3275 100644 --- a/examples/de-aws-eks/modules/document-engine-storage/utility.tf +++ b/examples/de-aws-eks/modules/document-engine-storage/utility.tf @@ -10,7 +10,7 @@ data "aws_caller_identity" "current" {} data "aws_default_tags" "current" {} locals { - aws_region_name = data.aws_region.current.name + aws_region_name = data.aws_region.current.id aws_account_id = data.aws_caller_identity.current.account_id default_tags = data.aws_default_tags.current.tags diff --git a/examples/de-aws-eks/modules/document-engine-storage/variables.tf b/examples/de-aws-eks/modules/document-engine-storage/variables.tf index d9a5e48..06e7e10 100644 --- a/examples/de-aws-eks/modules/document-engine-storage/variables.tf +++ b/examples/de-aws-eks/modules/document-engine-storage/variables.tf @@ -20,7 +20,7 @@ locals { cluster_oidc_provider_arn = var.cluster_info["cluster_oidc_provider_arn"] cluster_endpoint = var.cluster_info["cluster_endpoint"] cluster_certificate_authority_data = var.cluster_info["cluster_certificate_authority_data"] - containers_log_group_prefix_ec2 = var.cluster_info["containers_log_group_prefix_ec2"] + containers_log_group_prefix = var.cluster_info["containers_log_group_prefix"] } variable "database_properties" { diff --git a/examples/de-aws-eks/modules/eks-cluster/compute.tf b/examples/de-aws-eks/modules/eks-cluster/compute.tf index 48a3a27..faaefc7 100644 --- a/examples/de-aws-eks/modules/eks-cluster/compute.tf +++ b/examples/de-aws-eks/modules/eks-cluster/compute.tf @@ -114,7 +114,7 @@ data "aws_iam_policy_document" "additional_node_policy" { "logs:putRetentionPolicy" ] resources = [ - "arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix_ec2}/*", + "arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix}/*", ] } } diff --git a/examples/de-aws-eks/modules/eks-cluster/keys.tf b/examples/de-aws-eks/modules/eks-cluster/keys.tf index 2f07a6e..c8e69d1 100644 --- a/examples/de-aws-eks/modules/eks-cluster/keys.tf +++ b/examples/de-aws-eks/modules/eks-cluster/keys.tf @@ -52,7 +52,7 @@ data "aws_iam_policy_document" "kms_logging_policy" { condition { test = "ArnLike" variable = "kms:EncryptionContext:aws:logs:arn" - values = ["arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:*"] + values = ["arn:aws:logs:${local.aws_region_name}:${local.aws_account_id}:log-group:${local.containers_log_group_prefix}/*"] } } } diff --git a/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf b/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf index 5c46e49..ed55546 100644 --- a/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf +++ b/examples/de-aws-eks/modules/eks-cluster/load-balancer-controller.tf @@ -10,9 +10,10 @@ locals { } module "load_balancer_controller_irsa_role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + version = "~> 6.0" - role_name = "${var.cluster_name}-AmazonEKS-LoadBalancerController-Role" + name = "${var.cluster_name}-ALB-Role" attach_load_balancer_controller_policy = true oidc_providers = { @@ -39,7 +40,7 @@ resource "helm_release" "aws-load-balancer-controller" { values = [ templatefile("${path.module}/load-balancer-controller.values.yaml.tftpl", { service_account_name = local.load_balancer_controller_service_account_name - service_account_role_arn = module.load_balancer_controller_irsa_role.iam_role_arn + service_account_role_arn = module.load_balancer_controller_irsa_role.arn aws_region = local.aws_region_name cluster_name = var.cluster_name vpc_id = module.cluster_vpc.vpc_id diff --git a/examples/de-aws-eks/modules/eks-cluster/logging.tf b/examples/de-aws-eks/modules/eks-cluster/logging.tf index a2135c0..8e03155 100644 --- a/examples/de-aws-eks/modules/eks-cluster/logging.tf +++ b/examples/de-aws-eks/modules/eks-cluster/logging.tf @@ -14,7 +14,7 @@ resource "helm_release" "aws-for-fluent-bit" { templatefile("${path.module}/logging-ec2_fluentbit.values.yaml.tftpl", { aws_region = local.aws_region_name - log_group_prefix = local.containers_log_group_prefix_ec2 + log_group_prefix = local.containers_log_group_prefix log_stream_prefix = "k-" log_retention_days = var.container_log_retention_days checksum_values = filemd5("${path.module}/logging-ec2_fluentbit.values.yaml.tftpl") diff --git a/examples/de-aws-eks/modules/eks-cluster/main.tf b/examples/de-aws-eks/modules/eks-cluster/main.tf index cb6d98b..942b607 100644 --- a/examples/de-aws-eks/modules/eks-cluster/main.tf +++ b/examples/de-aws-eks/modules/eks-cluster/main.tf @@ -6,29 +6,30 @@ # locals { # - # Cluster log group name is hardcoded: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L115 + # Cluster log group name is hardcoded: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L236 # So we follow the pattern # - containers_log_group_prefix_ec2 = "/aws/eks/${var.cluster_name}/ec2" + containers_log_group_prefix = "/aws/eks/${var.cluster_name}" } module "cluster_eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 20" + version = "~> 21.0" + + name = var.cluster_name + kubernetes_version = var.cluster_version + endpoint_public_access = var.cluster_endpoint_public_access - cluster_name = var.cluster_name - cluster_version = var.cluster_version - cluster_endpoint_public_access = var.cluster_endpoint_public_access enable_cluster_creator_admin_permissions = true create_kms_key = true - cluster_addons = { + addons = { kube-proxy = { most_recent = true } coredns = { most_recent = true } vpc-cni = { most_recent = true before_compute = true - service_account_role_arn = module.vpc_cni_irsa.iam_role_arn + service_account_role_arn = module.vpc_cni_irsa.arn } } @@ -39,18 +40,17 @@ module "cluster_eks" { cloudwatch_log_group_kms_key_id = aws_kms_key.cluster_eks_logs.arn cloudwatch_log_group_retention_in_days = var.cluster_log_retention_days - eks_managed_node_group_defaults = local.eks_managed_node_group_defaults - eks_managed_node_groups = local.eks_managed_node_groups + eks_managed_node_groups = local.eks_managed_node_groups tags = { - "karpenter.sh/discovery" = var.cluster_name } } module "vpc_cni_irsa" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + version = "~> 6.0" - role_name = "${var.cluster_name}-AmazonEKS-VPC-CNI-Role" + name = "${var.cluster_name}-CNI-Role" attach_vpc_cni_policy = true vpc_cni_enable_ipv4 = true vpc_cni_enable_ipv6 = false diff --git a/examples/de-aws-eks/modules/eks-cluster/outputs.tf b/examples/de-aws-eks/modules/eks-cluster/outputs.tf index 1b80f95..7d4f6de 100644 --- a/examples/de-aws-eks/modules/eks-cluster/outputs.tf +++ b/examples/de-aws-eks/modules/eks-cluster/outputs.tf @@ -38,7 +38,7 @@ output "cluster_info" { cluster_endpoint = module.cluster_eks.cluster_endpoint cluster_version = module.cluster_eks.cluster_version cluster_certificate_authority_data = module.cluster_eks.cluster_certificate_authority_data - containers_log_group_prefix_ec2 = local.containers_log_group_prefix_ec2 + containers_log_group_prefix = local.containers_log_group_prefix } } diff --git a/examples/de-aws-eks/modules/eks-cluster/utility.tf b/examples/de-aws-eks/modules/eks-cluster/utility.tf index 2bca7f0..e4c3275 100644 --- a/examples/de-aws-eks/modules/eks-cluster/utility.tf +++ b/examples/de-aws-eks/modules/eks-cluster/utility.tf @@ -10,7 +10,7 @@ data "aws_caller_identity" "current" {} data "aws_default_tags" "current" {} locals { - aws_region_name = data.aws_region.current.name + aws_region_name = data.aws_region.current.id aws_account_id = data.aws_caller_identity.current.account_id default_tags = data.aws_default_tags.current.tags diff --git a/examples/de-aws-eks/storage.tf b/examples/de-aws-eks/storage.tf index b7945e3..558cd03 100644 --- a/examples/de-aws-eks/storage.tf +++ b/examples/de-aws-eks/storage.tf @@ -13,7 +13,7 @@ module "document_engine_storage" { username = "nutrient" db_name = local.document_engine_db_name ec2_instance_type = "db.t3.micro" - postgres_engine_version = "15.4" + postgres_engine_version = "15.14" postgres_parameter_family = "postgres15" publicly_accessible = false preferred_maintenance_window = "sun:05:00-sun:06:00" diff --git a/examples/de-aws-eks/terraform.tfvars b/examples/de-aws-eks/terraform.tfvars index 74dc690..db758a7 100644 --- a/examples/de-aws-eks/terraform.tfvars +++ b/examples/de-aws-eks/terraform.tfvars @@ -5,7 +5,7 @@ document_engine = { logging_level = "debug" namespace_name = "nutrient-document-engine" helm_release_name = "document-engine" - helm_chart_version = "" # get the latest + helm_chart_version = "5.4.0" } # AWS @@ -30,6 +30,6 @@ cluster_nodes_count = 1 # Versions -cluster_version = "1.30" +cluster_version = "1.33" aws_for_fluent_bit_helm_chart_version = "0.1.34" aws_load_balancer_controller_helm_chart_version = "1.9.0" diff --git a/examples/de-aws-eks/utility.tf b/examples/de-aws-eks/utility.tf index cbee124..e352dd3 100644 --- a/examples/de-aws-eks/utility.tf +++ b/examples/de-aws-eks/utility.tf @@ -50,7 +50,7 @@ data "aws_ecrpublic_authorization_token" "token" { locals { azs = slice(data.aws_availability_zones.available.names, 0, 3) - aws_region_name = data.aws_region.current.name + aws_region_name = data.aws_region.current.id aws_account_id = data.aws_caller_identity.current.account_id } @@ -68,15 +68,15 @@ provider "kubernetes" { } provider "helm" { - kubernetes { + kubernetes = { host = module.kubernetes_cluster.cluster_endpoint cluster_ca_certificate = base64decode(module.kubernetes_cluster.cluster_certificate_authority_data) token = data.aws_eks_cluster_auth.default.token } - registry { + registries = [{ url = "oci://public.ecr.aws/" password = data.aws_ecrpublic_authorization_token.token.password username = "AWS" - } + }] }