Merge pull request #171 from sassoftware/staging

5.4.0 - December 19, 2022

Dockerfile

@@ -1,9 +1,9 @@
 ARG TERRAFORM_VERSION=1.0.0
-ARG AWS_CLI_VERSION=2.1.29
+ARG AWS_CLI_VERSION=2.7.22
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 
 FROM amazon/aws-cli:$AWS_CLI_VERSION
-ARG KUBECTL_VERSION=1.22.10
+ARG KUBECTL_VERSION=1.23.8
 
 WORKDIR /viya4-iac-aws
 

README.md

@@ -45,9 +45,9 @@ The following are also required:
 #### Terraform Requirements:
 
 - [Terraform](https://www.terraform.io/downloads.html) v1.0.0
-- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.22.10
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.23.8
 - [jq](https://stedolan.github.io/jq/) v1.6
-- [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.1.29
+- [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.7.22
 
 #### Docker Requirements:
 

container-structure-test.yaml

@@ -21,7 +21,7 @@ commandTests:
       - -c
       - |
         aws --version
-    expectedOutput: ["aws-cli/2.1.29"]
+    expectedOutput: ["aws-cli/2.7.22"]
 
 metadataTest:
   workdir: "/viya4-iac-aws"

docs/CONFIG-VARS.md

@@ -196,8 +196,8 @@ Custom policy:
 
 | <div style="width:50px">Name</div> | <div style="width:150px">Description</div> | <div style="width:50px">Type</div> | <div style="width:75px">Default</div> | <div style="width:150px">Notes</div> |
 | :--- | :--- | :--- | :--- | :--- |
-| create_static_kubeconfig | Allows the user to create a provider- or service account-based kubeconfig file | bool | false | A value of `false` defaults to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` creates a static kubeconfig that uses a service account and cluster role binding to provide credentials. |
-| kubernetes_version | The EKS cluster Kubernetes version | string | "1.22" | |
+| create_static_kubeconfig | Allows the user to create a provider- or service account-based kubeconfig file | bool | true | A value of `false` defaults to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` creates a static kubeconfig that uses a service account and cluster role binding to provide credentials. |
+| kubernetes_version | The EKS cluster Kubernetes version | string | "1.23" | |
 | create_jump_vm | Create bastion host (jump VM) | bool | true| |
 | create_jump_public_ip | Add public IP address to jump VM | bool | true | |
 | jump_vm_admin | OS admin user for the jump VM | string | "jumpuser" | |

examples/sample-input-byo.tfvars

@@ -37,7 +37,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

examples/sample-input-connect.tfvars

@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

examples/sample-input-custom-data.tfvars

@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

examples/sample-input-gpu.tfvars

@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

examples/sample-input-ha.tfvars

@@ -30,7 +30,7 @@ postgres_servers = {
 ssh_public_key                          = "~/.ssh/id_rsa.pub"
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

examples/sample-input-minimal.tfvars

@@ -27,7 +27,7 @@ tags                                    = { } # e.g., { "key1" = "value1", "key2
 # }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 1
 default_nodepool_vm_type                = "m5.large"
 default_nodepool_custom_data            = ""

examples/sample-input.tfvars

@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version                      = "1.22"
+kubernetes_version                      = "1.23"
 default_nodepool_node_count             = 2
 default_nodepool_vm_type                = "m5.2xlarge"
 default_nodepool_custom_data            = ""

main.tf

@@ -190,7 +190,7 @@ module "kubeconfig" {
   endpoint                 = module.eks.cluster_endpoint
   ca_crt                   = local.kubeconfig_ca_cert
 
-  depends_on = [ module.eks ]
+  depends_on = [module.eks.cluster_id] # The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready.
 }
 
 # Database Setup - https://registry.terraform.io/modules/terraform-aws-modules/rds/aws/3.3.0

modules/kubeconfig/main.tf

@@ -21,9 +21,10 @@ data "template_file" "kubeconfig_provider" {
 data "kubernetes_secret" "sa_secret" {
   count = var.create_static_kubeconfig ? 1 : 0
   metadata {
-    name      = kubernetes_service_account.kubernetes_sa.0.default_secret_name
+    name      = kubernetes_secret.sa_secret.0.metadata.0.name
     namespace = var.namespace
   }
+  depends_on = [kubernetes_secret.sa_secret]
 }
 
 data "template_file" "kubeconfig_sa" {
@@ -38,8 +39,25 @@ data "template_file" "kubeconfig_sa" {
     token        = lookup(data.kubernetes_secret.sa_secret.0.data,"token", "")
     namespace    = var.namespace
   }
+  depends_on = [data.kubernetes_secret.sa_secret]
 }
 
+# 1.24 change: Create service account secret
+resource "kubernetes_secret" "sa_secret" {
+  count = var.create_static_kubeconfig ? 1 : 0
+  metadata {
+    name      = local.service_account_secret_name
+    namespace = var.namespace
+    annotations = {
+      "kubernetes.io/service-account.name" = local.service_account_name
+    }
+  }
+  type = "kubernetes.io/service-account-token"
+  depends_on = [kubernetes_service_account.kubernetes_sa]
+}
+
+# Starting K8s v1.24+ hashicorp/terraform-provider-kubernetes issues warning message:
+# "Warning: 'default_secret_name' is no longer applicable for Kubernetes 'v1.24.0' and above"
 resource "kubernetes_service_account" "kubernetes_sa" {
   count = var.create_static_kubeconfig ? 1 : 0
   metadata {

modules/kubeconfig/templates/kubeconfig-provider.tmpl

@@ -16,7 +16,7 @@ users:
 - name: ${cluster_name}
   user:
     exec:
-      apiVersion: client.authentication.k8s.io/v1alpha1
+      apiVersion: client.authentication.k8s.io/v1beta1
       args:
       - --region
       - ${region}

variables.tf

@@ -95,7 +95,7 @@ variable efs_performance_mode {
 ## Kubernetes
 variable "kubernetes_version" {
   description = "The EKS cluster Kubernetes version"
-  default     = "1.22"
+  default     = "1.23"
 }
 
 variable "tags" {

versions.tf

@@ -27,7 +27,7 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.12.0"
+      version = "2.13.0"
     }
     tls = {
       source  = "hashicorp/tls"