From ba5fa4c475cf31f7027bbefed2b13d0f4e5570f1 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Wed, 3 Jan 2024 14:07:16 -0500 Subject: [PATCH 1/5] chore: (IAC-1292) remove terraform_documented_outputs explicit definition (#255) --- linting-configs/.tflint.hcl | 5 ----- 1 file changed, 5 deletions(-) diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl index 67f80317..49055e94 100644 --- a/linting-configs/.tflint.hcl +++ b/linting-configs/.tflint.hcl @@ -37,11 +37,6 @@ rule "terraform_deprecated_interpolation" { enabled = true } -# Disallow output declarations without description. -rule "terraform_documented_outputs" { - enabled = true -} - # Disallow variable declarations without description. rule "terraform_documented_variables" { enabled = true From 2957126fd2d08a5f4d51867118f5054e64d83fe9 Mon Sep 17 00:00:00 2001 From: David Houck Date: Tue, 9 Jan 2024 11:39:01 -0500 Subject: [PATCH 2/5] feat: (IAC-1265) AWS - Support K8s 1.28 in Viya 2024.02 (#258) --- Dockerfile | 2 +- README.md | 2 +- docs/CONFIG-VARS.md | 2 +- examples/sample-input-byo.tfvars | 2 +- examples/sample-input-connect.tfvars | 2 +- examples/sample-input-custom-data.tfvars | 2 +- examples/sample-input-gpu.tfvars | 2 +- examples/sample-input-ha.tfvars | 2 +- examples/sample-input-minimal.tfvars | 2 +- examples/sample-input-singlestore.tfvars | 2 +- examples/sample-input.tfvars | 2 +- main.tf | 6 +++--- variables.tf | 2 +- 13 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 53437511..bd9baac9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG AWS_CLI_VERSION=2.13.33 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform FROM amazon/aws-cli:$AWS_CLI_VERSION -ARG KUBECTL_VERSION=1.26.10 +ARG KUBECTL_VERSION=1.27.9 WORKDIR /viya4-iac-aws diff --git a/README.md b/README.md index 982c78b3..acbc4225 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ The following are also required: #### Terraform Requirements: - [Terraform](https://www.terraform.io/downloads.html) v1.6.3 -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.26.10 +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.27.9 - [jq](https://stedolan.github.io/jq/) v1.6 - [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.13.33 diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 0b2a3041..7aba3a34 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -257,7 +257,7 @@ Custom policy: |
Name
|
Description
|
Type
|
Default
|
Notes
| | :--- | :--- | :--- | :--- | :--- | | create_static_kubeconfig | Allows the user to create a provider- or service account-based kubeconfig file | bool | true | A value of `false` defaults to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` creates a static kubeconfig that uses a service account and cluster role binding to provide credentials. | -| kubernetes_version | The EKS cluster Kubernetes version | string | "1.26" | | +| kubernetes_version | The EKS cluster Kubernetes version | string | "1.27" | | | create_jump_vm | Create bastion host (jump VM) | bool | true| | | create_jump_public_ip | Add public IP address to jump VM | bool | true | | | jump_vm_admin | OS admin user for the jump VM | string | "jumpuser" | | diff --git a/examples/sample-input-byo.tfvars b/examples/sample-input-byo.tfvars index 668ff693..85e8d0d5 100644 --- a/examples/sample-input-byo.tfvars +++ b/examples/sample-input-byo.tfvars @@ -37,7 +37,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input-connect.tfvars b/examples/sample-input-connect.tfvars index b78178e9..5a51ffdf 100644 --- a/examples/sample-input-connect.tfvars +++ b/examples/sample-input-connect.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input-custom-data.tfvars b/examples/sample-input-custom-data.tfvars index 2122ef8b..d1b39e7f 100644 --- a/examples/sample-input-custom-data.tfvars +++ b/examples/sample-input-custom-data.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input-gpu.tfvars b/examples/sample-input-gpu.tfvars index 239f9109..cf61525e 100644 --- a/examples/sample-input-gpu.tfvars +++ b/examples/sample-input-gpu.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input-ha.tfvars b/examples/sample-input-ha.tfvars index 10d2de4d..7a85c2f5 100644 --- a/examples/sample-input-ha.tfvars +++ b/examples/sample-input-ha.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input-minimal.tfvars b/examples/sample-input-minimal.tfvars index cba81fa2..1475d98a 100644 --- a/examples/sample-input-minimal.tfvars +++ b/examples/sample-input-minimal.tfvars @@ -27,7 +27,7 @@ tags = {} # e.g., { "key1" = "value1", "key2" = "value2" } # } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 1 default_nodepool_vm_type = "m5.large" default_nodepool_custom_data = "" diff --git a/examples/sample-input-singlestore.tfvars b/examples/sample-input-singlestore.tfvars index e98e4c8c..e7743bf5 100644 --- a/examples/sample-input-singlestore.tfvars +++ b/examples/sample-input-singlestore.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/examples/sample-input.tfvars b/examples/sample-input.tfvars index 5d8676cb..46fe9b63 100644 --- a/examples/sample-input.tfvars +++ b/examples/sample-input.tfvars @@ -27,7 +27,7 @@ postgres_servers = { } ## Cluster config -kubernetes_version = "1.26" +kubernetes_version = "1.27" default_nodepool_node_count = 2 default_nodepool_vm_type = "m5.2xlarge" default_nodepool_custom_data = "" diff --git a/main.tf b/main.tf index 745961fa..fc76b748 100755 --- a/main.tf +++ b/main.tf @@ -40,7 +40,7 @@ resource "kubernetes_config_map" "sas_iac_buildinfo" { } data = { - git-hash = data.external.git_hash.result["git-hash"] + git-hash = data.external.git_hash.result["git-hash"] timestamp = chomp(timestamp()) iac-tooling = var.iac_tooling terraform = < Date: Fri, 12 Jan 2024 11:53:40 -0500 Subject: [PATCH 3/5] feat: (IAC-1259) AWS - Security scan 2024.01 (#261) --- README.md | 2 +- main.tf | 4 ++-- modules/aws_autoscaling/main.tf | 11 +---------- modules/aws_ebs_csi/main.tf | 11 +---------- modules/kubeconfig/main.tf | 13 ------------- versions.tf | 18 +++++++++--------- 6 files changed, 14 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index acbc4225..52d7d305 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ The following are also required: #### Terraform Requirements: -- [Terraform](https://www.terraform.io/downloads.html) v1.6.3 +- [Terraform](https://www.terraform.io/downloads.html) v1.6.6 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.27.9 - [jq](https://stedolan.github.io/jq/) v1.6 - [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.13.33 diff --git a/main.tf b/main.tf index fc76b748..e85c0a16 100755 --- a/main.tf +++ b/main.tf @@ -91,7 +91,7 @@ module "vpc" { # EKS Setup - https://github.com/terraform-aws-modules/terraform-aws-eks module "eks" { source = "terraform-aws-modules/eks/aws" - version = "19.19.1" + version = "~> 19.0" cluster_name = local.cluster_name cluster_version = var.kubernetes_version cluster_enabled_log_types = [] # disable cluster control plan logging @@ -228,7 +228,7 @@ module "kubeconfig" { # Database Setup - https://registry.terraform.io/modules/terraform-aws-modules/rds/aws/6.2.0 module "postgresql" { source = "terraform-aws-modules/rds/aws" - version = "6.2.0" + version = "~> 6.0" for_each = local.postgres_servers != null ? length(local.postgres_servers) != 0 ? local.postgres_servers : {} : {} diff --git a/modules/aws_autoscaling/main.tf b/modules/aws_autoscaling/main.tf index f5d9cd45..cba193e8 100644 --- a/modules/aws_autoscaling/main.tf +++ b/modules/aws_autoscaling/main.tf @@ -1,15 +1,6 @@ # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -terraform { - required_version = ">= 1.4.5" - required_providers { - aws = { - source = "hashicorp/aws" - version = "5.25.0" - } - } -} # Permissions based off the IAM Policy recommended by kubernetes/autoscaler # https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md @@ -69,7 +60,7 @@ resource "aws_iam_policy" "worker_autoscaling" { module "iam_assumable_role_with_oidc" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.30.2" + version = "~> 5.0" create_role = true role_name = "${var.prefix}-cluster-autoscaler" diff --git a/modules/aws_ebs_csi/main.tf b/modules/aws_ebs_csi/main.tf index 37cf1666..2e60ecec 100644 --- a/modules/aws_ebs_csi/main.tf +++ b/modules/aws_ebs_csi/main.tf @@ -1,15 +1,6 @@ # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -terraform { - required_version = ">= 1.4.5" - required_providers { - aws = { - source = "hashicorp/aws" - version = "5.25.0" - } - } -} resource "aws_iam_policy" "ebs_csi" { name_prefix = "${var.prefix}-ebs-csi-policy" @@ -167,7 +158,7 @@ EOT module "iam_assumable_role_with_oidc" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.30.2" + version = "~> 5.0" create_role = true role_name = "${var.prefix}-ebs-csi-role" diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf index bc736524..f7c7e0ba 100644 --- a/modules/kubeconfig/main.tf +++ b/modules/kubeconfig/main.tf @@ -1,19 +1,6 @@ # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -terraform { - required_version = ">= 1.4.5" - required_providers { - kubernetes = { - source = "hashicorp/kubernetes" - version = "2.23.0" - } - local = { - source = "hashicorp/local" - version = "2.4.0" - } - } -} locals { service_account_name = "${var.prefix}-cluster-admin-sa" diff --git a/versions.tf b/versions.tf index b593c28f..f2049920 100644 --- a/versions.tf +++ b/versions.tf @@ -2,39 +2,39 @@ # SPDX-License-Identifier: Apache-2.0 terraform { - required_version = ">= 1.4.5" + required_version = ">= 1.6.6" required_providers { aws = { source = "hashicorp/aws" - version = "5.25.0" + version = "~> 5.0" } random = { source = "hashicorp/random" - version = "3.5.1" + version = "~> 3.0" } local = { source = "hashicorp/local" - version = "2.4.0" + version = "~> 2.0" } null = { source = "hashicorp/null" - version = "3.2.1" + version = "~> 3.0" } external = { source = "hashicorp/external" - version = "2.3.1" + version = "~> 2.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.23.0" + version = "~> 2.0" } tls = { source = "hashicorp/tls" - version = "4.0.4" + version = "~> 4.0" } cloudinit = { source = "hashicorp/cloudinit" - version = "2.3.2" + version = "~> 2.0" } } } From 1b70d6a9fdfd69b7e61fcad0b31b2df612579b8b Mon Sep 17 00:00:00 2001 From: David Houck Date: Wed, 17 Jan 2024 16:31:42 -0500 Subject: [PATCH 4/5] feat: (IAC-1259) AWS - Security scan 2024.01 (#262) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bd9baac9..f5c7676b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG TERRAFORM_VERSION=1.6.3 +ARG TERRAFORM_VERSION=1.6.6 ARG AWS_CLI_VERSION=2.13.33 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform From 211f8b2e72edecbf7d7da2133cdca3d1bf23972d Mon Sep 17 00:00:00 2001 From: David Houck Date: Fri, 19 Jan 2024 09:35:20 -0500 Subject: [PATCH 5/5] chore: (IAC-1259) Bump container test expected versions for terraform (#267) --- container-structure-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-structure-test.yaml b/container-structure-test.yaml index 063aaaa0..70510b81 100644 --- a/container-structure-test.yaml +++ b/container-structure-test.yaml @@ -17,7 +17,7 @@ commandTests: - name: "terraform version" command: "terraform" args: ["--version"] - expectedOutput: ["Terraform v1.6.3"] + expectedOutput: ["Terraform v1.6.6"] - name: "aws-cli version" command: "sh" args: