From 6bb00f117602b3975ac9183d8064f0bb8fa5ada3 Mon Sep 17 00:00:00 2001 From: Kashif Saadat Date: Fri, 23 Feb 2024 14:49:13 +0000 Subject: [PATCH] Wayfinder v2.6.4 (#57) * Wayfinder v2.6 (#56) * Wayfinder v2.6.0 and EKS v1.28 * External module updates * Add support for EKS access entries * Update examples with access entries usage * Bump Wayfinder release to v2.6.1 * Update Wayfinder to v2.6.2 * Wayfinder v2.6.3 * Wayfinder v2.6.4 --- .terraform.lock.hcl | 252 ++++++++++---------- README.md | 14 +- autoscaler.tf | 6 +- cert-manager.tf | 2 +- eks.tf | 26 +- examples/complete/README.md | 2 +- examples/complete/main.tf | 9 +- examples/complete/terraform.tfvars.sample | 25 +- examples/complete/variables.tf | 21 +- examples/complete/vpc.tf | 2 +- examples/quickstart/.terraform.lock.hcl | 192 +++++++-------- examples/quickstart/README.md | 1 + examples/quickstart/main.tf | 1 + examples/quickstart/terraform.tfvars.sample | 24 ++ examples/quickstart/variables.tf | 16 ++ examples/quickstart/vpc.tf | 2 +- external-dns.tf | 2 +- modules/cloudaccess/wf_cloud_info.tf | 6 +- modules/cloudaccess/wf_cluster_manager.tf | 6 +- modules/cloudaccess/wf_dns_zone_manager.tf | 6 +- modules/cloudaccess/wf_network_manager.tf | 6 +- modules/cloudaccess/wf_peering_acceptor.tf | 6 +- variables.tf | 38 +-- versions.tf | 2 +- wayfinder.tf | 2 +- 25 files changed, 371 insertions(+), 298 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 54040ed..7aa0eb7 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -21,188 +21,184 @@ provider "registry.terraform.io/gavinbunney/kubectl" { } provider "registry.terraform.io/hashicorp/aws" { - version = "5.22.0" - constraints = ">= 3.72.0, >= 4.0.0, >= 4.47.0, >= 4.57.0, >= 4.62.0" + version = "5.35.0" + constraints = ">= 4.0.0, >= 4.33.0, >= 4.62.0, >= 5.34.0" hashes = [ - "h1:XuU3tsGzElMt4Ti8SsM05pFllNMwSC4ScUxcfsOS140=", - "zh:09b8475cd519c945423b1e1183b71a4209dd2927e0d289a88c5abeecb53c1753", - "zh:2448e0c3ce9b991a5dd70f6a42d842366a6a2460cf63b31fb9bc5d2cc92ced19", - "zh:3b9fc2bf6714a9a9ab25eae3e56cead3d3917bc1b6d8b9fb3111c4198a790c72", - "zh:4fbd28ad5380529a36c54d7a96c9768df1288c625d28b8fa3a50d4fc2176ef0f", - "zh:54d550f190702a7edc2d459952d025e259a8c0b0ff7df3f15bbcc148539214bf", - "zh:638f406d084ac96f3a0b0a5ce8aa71a5a2a781a56ba96e3a235d3982b89eef0d", - "zh:69d4c175b13b6916b5c9398172cc384e7af46cb737b45870ab9907f12e82a28a", - "zh:81edec181a67255d25caf5e7ffe6d5e8f9373849b9e8f5e0705f277640abb18e", + "h1:MKNFmhsOIirK7Qzr6TWkVaBcVGN81lCU0BPiaPOeQ8s=", + "zh:3a2a6f40db82d30ea8c5e3e251ca5e16b08e520570336e7e342be823df67e945", + "zh:420a23b69b412438a15b8b2e2c9aac2cf2e4976f990f117e4bf8f630692d3949", + "zh:4d8b887f6a71b38cff77ad14af9279528433e279eed702d96b81ea48e16e779c", + "zh:4edd41f8e1c7d29931608a7b01a7ae3d89d6f95ef5502cf8200f228a27917c40", + "zh:6337544e2ded5cf37b55a70aa6ce81c07fd444a2644ff3c5aad1d34680051bdc", + "zh:668faa3faaf2e0758bf319ea40d2304340f4a2dc2cd24460ddfa6ab66f71b802", + "zh:79ddc6d7c90e59fdf4a51e6ea822ba9495b1873d6a9d70daf2eeaf6fc4eb6ff3", + "zh:885822027faf1aa57787f980ead7c26e7d0e55b4040d926b65709b764f804513", + "zh:8c50a8f397b871388ff2e048f5eb280af107faa2e8926694f1ffd9f32a7a7cdf", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a66efb2b3cf7be8116728ae5782d7550f23f3719da2ed3c10228d29c44b7dc84", - "zh:ae754478d0bfa42195d16cf46091fab7c1c075ebc965d919338e36aed45add78", - "zh:e0603ad0061c43aa1cb52740b1e700b8afb55667d7ee01c1cc1ceb6f983d4c9d", - "zh:e4cb701d0185884eed0492a66eff17251f5b4971d30e81acd5e0a55627059fc8", - "zh:f7db2fcf69679925dde1ae326526242fd61ba1f83f614b1f6d9d68c925417e51", - "zh:fef331b9b62bc26d900ae937cc662281ff30794edf48aebfe8997d0e16835f6d", + "zh:a2f5d2553df5573a060641f18ee7585587047c25ba73fd80617f59b5893d22b4", + "zh:c43833ae2a152213ee92eb5be7653f9493779eddbe0ce403ea49b5f1d87fd766", + "zh:dab01527a3a55b4f0f958af6f46313d775e27f9ad9d10bedbbfea4a35a06dc5f", + "zh:ed49c65620ec42718d681a7fc00c166c295ff2795db6cede2c690b83f9fb3e65", + "zh:f0a358c0ae1087c466d0fbcc3b4da886f33f881a145c3836ec43149878b86a1a", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.2" + version = "2.3.3" constraints = ">= 2.0.0" hashes = [ - "h1:Ar/DAbZQ9Nsj0BrqX6camrEE6U+Yq4E87DCNVqxqx8k=", - "h1:Vl0aixAYTV/bjathX7VArC5TVNkxBCsi3Vq7R4z1uvc=", - "h1:ocyv0lvfyvzW4krenxV5CL4Jq5DiA3EUfoy8DR6zFMw=", - "zh:2487e498736ed90f53de8f66fe2b8c05665b9f8ff1506f751c5ee227c7f457d1", - "zh:3d8627d142942336cf65eea6eb6403692f47e9072ff3fa11c3f774a3b93130b3", - "zh:434b643054aeafb5df28d5529b72acc20c6f5ded24decad73b98657af2b53f4f", - "zh:436aa6c2b07d82aa6a9dd746a3e3a627f72787c27c80552ceda6dc52d01f4b6f", - "zh:458274c5aabe65ef4dbd61d43ce759287788e35a2da004e796373f88edcaa422", - "zh:54bc70fa6fb7da33292ae4d9ceef5398d637c7373e729ed4fce59bd7b8d67372", + "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=", + "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7", + "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91", + "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2", + "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1", + "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:893ba267e18749c1a956b69be569f0d7bc043a49c3a0eb4d0d09a8e8b2ca3136", - "zh:95493b7517bce116f75cdd4c63b7c82a9d0d48ec2ef2f5eb836d262ef96d0aa7", - "zh:9ae21ab393be52e3e84e5cce0ef20e690d21f6c10ade7d9d9d22b39851bfeddc", - "zh:cc3b01ac2472e6d59358d54d5e4945032efbc8008739a6d4946ca1b621a16040", - "zh:f23bfe9758f06a1ec10ea3a81c9deedf3a7b42963568997d84a5153f35c5839a", + "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d", + "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5", + "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496", + "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14", + "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d", + "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f", ] } provider "registry.terraform.io/hashicorp/helm" { - version = "2.11.0" + version = "2.12.1" constraints = ">= 2.9.0" hashes = [ - "h1:AOp9vXIM4uT1c/PVwsWTPiLVGlO2SSYrfiirV5rjCMQ=", - "zh:013857c88f3e19a4b162344e21dc51891c4ac8b600da8391f7fb2b6d234961e1", - "zh:044fffa233a93cdcf8384afbe9e1ab6c9d0b5b176cbae56ff465eb9611302975", - "zh:208b7cdd4fa3a1b25ae817dc00a9198ef98be0ddc3a577b5b72bc0f006afb997", - "zh:3e8b33f56cfe387277572a92037a1ca1cbe4e3aa6b5c19a8c2431193b07f7865", - "zh:7dd663d5619bd71676899b05b19d36f585189fdabc6b0b03c23579524a8fd9bf", - "zh:ae5329cb3e5bf0b86b02e823aac3ef3bd0d4b1618ff013cd0076dca0be8322e4", - "zh:ba6201695b55d51bedacdb017cb8d03d7a8ada51d0168ac44fef3fa791a85ab4", - "zh:c61285c8b1ba10f50cf94c9dcf98f2f3b720f14906a18be71b9b422279b5d806", - "zh:d522d388246f38b9f329c511ec579b516d212670b954f9dab64efb27e51862af", + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f92546e26b670da61437ae2cbd038427c9374ce5f7a78df52193397da90bd997", - "zh:f9ad1407e5c0d5e3474094491025bf100828e8c1a01acdf9591d7dd1eb59f961", ] } provider "registry.terraform.io/hashicorp/http" { - version = "3.4.0" + version = "3.4.1" + constraints = ">= 3.4.0" hashes = [ - "h1:m0d6+9xK/9TJSE9Z6nM4IwHXZgod4/jkdsf7CZSpUvo=", - "zh:56712497a87bc4e91bbaf1a5a2be4b3f9cfa2384baeb20fc9fad0aff8f063914", - "zh:6661355e1090ebacab16a40ede35b029caffc279d67da73a000b6eecf0b58eba", - "zh:67b92d343e808b92d7e6c3bbcb9b9d5475fecfed0836963f7feb9d9908bd4c4f", + "h1:RLJ1zsc2ScUFapTANM91XHyAY7715gP3yPlBOcaBKuk=", + "zh:2a79832069a34e88ec997fb8d2c2bdad6f40bfe93a4ae5e6e7f0caf4eea2a9e5", + "zh:37d3611857ab207e1565e441a2df9020b1326b7df31e5656165cb6817306494b", + "zh:48cc974b12544be18c18bfcb5ea21a4818d03b897e96fb9b4d0d9303883cb3fa", + "zh:4b8da2ffe868082830173fdcc8632e2705918e0396c72158d7822650bb1d3bf6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:86ebb9be9b685c96dbb5c024b55d87526d57a4b127796d6046344f8294d3f28e", - "zh:902be7cfca4308cba3e1e7ba6fc292629dfd150eb9a9f054a854fa1532b0ceba", - "zh:9ba26e0215cd53b21fe26a0a98c007de1348b7d13a75ae3cfaf7729e0f2c50bb", - "zh:a195c941e1f1526147134c257ff549bea4c89c953685acd3d48d9de7a38f39dc", - "zh:a7967b3d2a8c3e7e1dc9ae381ca753268f9fce756466fe2fc9e414ca2d85a92e", - "zh:bde56542e9a093434d96bea21c341285737c6d38fea2f05e12ba7b333f3e9c05", - "zh:c0306f76903024c497fd01f9fd9bace5854c263e87a97bc2e89dcc96d35ca3cc", - "zh:f9335a6c336171e85f8e3e99c3d31758811a19aeb21fa8c9013d427e155ae2a9", + "zh:8148614299a21be04dd11268047e110df3ce9ef585d6240bed2f196839946efa", + "zh:a6d583cb70b1355fbc7b1c2cffaa53e4703b04ced9d0ecf78708129ce7072128", + "zh:a95f770e8913dd48fde8836cf993fafdbf7da5308a6fbd3d455cb10737742990", + "zh:b36784e6602e6ae7ba67560ebcfd055b4448cb0edf9bf35744c2f32ddbd8fa2d", + "zh:c23b37fd9e481269fc55735b24c7e8877057c08b42671c796816409d54486a1c", + "zh:df07252b27120020d91d7ad11f7ea92832d8df2e81b55a658ac1eb93dc6b8d18", + "zh:e44dc5a1fd5995bfd21d385949d539c619e8b37b69875bd92ad4aa18e2435722", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.23.0" - constraints = ">= 2.10.0" + version = "2.25.2" + constraints = ">= 2.20.0, >= 2.23.0" hashes = [ - "h1:arTzD0XG/DswGCAx9JEttkSKe9RyyFW9W7UWcXF13dU=", - "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", - "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", - "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", - "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", - "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", - "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", - "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", - "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", - "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", - "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", - "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "h1:T1WAQt40cAk721H0AM/eZ5YuodJaIfS8r3Tu7rKCJJE=", + "zh:044788ac936e0e8ece8f78a2e4e366ecd435ea8235388eaf2cbc8e7975d9d970", + "zh:24f5ff01df91f51f00ee7ff39430adeb63bb2ca4ea0042e68f06d6b65808c02f", + "zh:49984aa0aa1faa8c4f01e8faa039322f1e6fdaeab0b7e32f5c6e96edfde36a38", + "zh:4eeceaff56bac9fc782e7e33f157fa2c7e9a47b2c3c3d12da2642c312ace73f6", + "zh:4f49b6419345960d5af475e0200c243af4c9c140b0ee64799fe1fc9b023c49ea", + "zh:7958414d516867a2263a978792a24843f80023fb233cf051ff4095adc9803d85", + "zh:c633a755fc95e9ff0cd73656f052947afd85883a0987dde5198113aa48474156", + "zh:cbfe958d119795004ce1e8001449d01c056fa2a062b51d07843d98be216337d7", + "zh:cfb85392e18768578d4c943438897083895719be678227fd90efbe3500702a56", + "zh:d705a661ed5da425dd236a48645bec39fe78a67d2e70e8460b720417cbf260ac", + "zh:ddd7a01263da3793df4f3b5af65f166307eed5acf525e51e058cda59009cc856", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" + version = "2.4.1" + constraints = ">= 2.4.0" hashes = [ - "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", + "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", + "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", + "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", + "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", + "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", + "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", + "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", + "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", + "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", + "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", + "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.5.1" + version = "3.6.0" constraints = ">= 3.5.0" hashes = [ - "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=", - "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", - "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", - "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", - "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", - "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", + "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", + "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", + "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", + "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", + "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", - "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", - "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", - "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", - "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", - "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", + "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", + "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", + "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", + "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", + "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", ] } provider "registry.terraform.io/hashicorp/time" { - version = "0.9.1" + version = "0.10.0" constraints = ">= 0.9.0" hashes = [ - "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=", - "h1:UHcDnIYFZ00uoou0TwPGMwOrE8gTkoRephIvdwDAK70=", - "h1:VxyoYYOCaJGDmLz4TruZQTSfQhvwEcMxvcKclWdnpbs=", - "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", - "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", - "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "h1:NAl8eupFAZXCAbE5uiHZTz+Yqler55B3fMG+jNPrjjM=", + "zh:0ab31efe760cc86c9eef9e8eb070ae9e15c52c617243bbd9041632d44ea70781", + "zh:0ee4e906e28f23c598632eeac297ab098d6d6a90629d15516814ab90ad42aec8", + "zh:3bbb3e9da728b82428c6f18533b5b7c014e8ff1b8d9b2587107c966b985e5bcc", + "zh:6771c72db4e4486f2c2603c81dfddd9e28b6554d1ded2996b4cb37f887b467de", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", - "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", - "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", - "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", - "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", - "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", - "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", - "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + "zh:833c636d86c2c8f23296a7da5d492bdfd7260e22899fc8af8cc3937eb41a7391", + "zh:c545f1497ae0978ffc979645e594b57ff06c30b4144486f4f362d686366e2e42", + "zh:def83c6a85db611b8f1d996d32869f59397c23b8b78e39a978c8a2296b0588b2", + "zh:df9579b72cc8e5fac6efee20c7d0a8b72d3d859b50828b1c473d620ab939e2c7", + "zh:e281a8ecbb33c185e2d0976dc526c93b7359e3ffdc8130df7422863f4952c00e", + "zh:ecb1af3ae67ac7933b5630606672c94ec1f54b119bf77d3091f16d55ab634461", + "zh:f8109f13e07a741e1e8a52134f84583f97a819e33600be44623a21f6424d6593", ] } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" + version = "4.0.5" constraints = ">= 3.0.0" hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/README.md b/README.md index d703e44..9f9cac5 100644 --- a/README.md +++ b/README.md @@ -63,19 +63,19 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [aws\_ebs\_csi\_driver\_addon\_version](#input\_aws\_ebs\_csi\_driver\_addon\_version) | The version to use for the AWS EBS CSI driver. | `string` | `"v1.21.0-eksbuild.1"` | no | -| [aws\_vpc\_cni\_addon\_version](#input\_aws\_vpc\_cni\_addon\_version) | AWS VPC CNI Addon version to use. | `string` | `"v1.14.1-eksbuild.1"` | no | +| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster. This is required if you use a different IAM Role for Terraform Plan actions. | 
map(object({
    kubernetes_groups = optional(list(string))
    principal_arn     = string
    policy_associations = optional(map(object({
      policy_arn = string
      access_scope = object({
        namespaces = optional(list(string))
        type       = string
      })
    })))
  }))
| `{}` | no | +| [aws\_ebs\_csi\_driver\_addon\_version](#input\_aws\_ebs\_csi\_driver\_addon\_version) | The version to use for the AWS EBS CSI driver. | `string` | `"v1.22.1-eksbuild.1"` | no | +| [aws\_vpc\_cni\_addon\_version](#input\_aws\_vpc\_cni\_addon\_version) | AWS VPC CNI Addon version to use. | `string` | `"v1.15.5-eksbuild.1"` | no | | [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS API server endpoint. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | | [cluster\_security\_group\_additional\_rules](#input\_cluster\_security\_group\_additional\_rules) | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source. | `any` | `{}` | no | -| [cluster\_version](#input\_cluster\_version) | The Kubernetes version to use for the EKS cluster. | `string` | `"1.27"` | no | +| [cluster\_version](#input\_cluster\_version) | The Kubernetes version to use for the EKS cluster. | `string` | `"1.28"` | no | | [clusterissuer\_email](#input\_clusterissuer\_email) | The email address to use for the cert-manager cluster issuer. | `string` | n/a | yes | -| [coredns\_addon\_version](#input\_coredns\_addon\_version) | CoreDNS Addon version to use. | `string` | `"v1.10.1-eksbuild.6"` | no | +| [coredns\_addon\_version](#input\_coredns\_addon\_version) | CoreDNS Addon version to use. | `string` | `"v1.10.1-eksbuild.7"` | no | | [create\_localadmin\_user](#input\_create\_localadmin\_user) | Whether to create a localadmin user for access to the Wayfinder Portal and API. | `bool` | `true` | no | | [disable\_internet\_access](#input\_disable\_internet\_access) | Whether to disable internet access for EKS and the Wayfinder ingress controller. | `bool` | `false` | no | | [disable\_local\_login](#input\_disable\_local\_login) | Whether to disable local login for Wayfinder. Note: An IDP must be configured within Wayfinder, otherwise you will not be able to log in. | `bool` | `false` | no | | [dns\_zone\_arn](#input\_dns\_zone\_arn) | The AWS Route53 DNS Zone ARN to use (e.g. arn:aws:route53:::hostedzone/ABCDEFG1234567). | `string` | n/a | yes | | [ebs\_csi\_kms\_cmk\_ids](#input\_ebs\_csi\_kms\_cmk\_ids) | List of KMS CMKs to allow EBS CSI to manage encrypted volumes. This is required if EBS encryption is set at the account level with a default KMS CMK. | `list(string)` | `[]` | no | -| [eks\_aws\_auth\_roles](#input\_eks\_aws\_auth\_roles) | List of IAM Role maps to add to the aws-auth configmap. This is required if you use a different IAM Role for Terraform Plan actions. | 
list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | | [eks\_ng\_capacity\_type](#input\_eks\_ng\_capacity\_type) | The capacity type to use for the EKS managed node group. | `string` | `"ON_DEMAND"` | no | | [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | The desired size to use for the EKS managed node group. | `number` | `1` | no | | [eks\_ng\_instance\_types](#input\_eks\_ng\_instance\_types) | The instance types to use for the EKS managed node group. | `list(string)` | 
[
  "t3.xlarge"
]
| no | @@ -87,7 +87,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | [enable\_wf\_dnszonemanager](#input\_enable\_wf\_dnszonemanager) | Whether to configure admin CloudAccessConfig for DNS zone management in the account Wayfinder is installed in once installed (requires enable\_k8s\_resources and enable\_wf\_cloudaccess) | `bool` | `false` | no | | [environment](#input\_environment) | The environment name we are provisioning. | `string` | `"production"` | no | | [kms\_key\_administrators](#input\_kms\_key\_administrators) | A list of IAM ARNs for EKS key administrators. If no value is provided, the current caller identity is used to ensure at least one key admin is available. | `list(string)` | `[]` | no | -| [kube\_proxy\_addon\_version](#input\_kube\_proxy\_addon\_version) | Kube Proxy Addon version to use. | `string` | `"v1.27.8-eksbuild.4"` | no | +| [kube\_proxy\_addon\_version](#input\_kube\_proxy\_addon\_version) | Kube Proxy Addon version to use. | `string` | `"v1.28.4-eksbuild.4"` | no | | [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source. | `any` | `{}` | no | | [subnet\_ids\_by\_az](#input\_subnet\_ids\_by\_az) | A map of subnet IDs by availability zone. | `map(list(string))` | `{}` | no | | [tags](#input\_tags) | A map of tags to add to all resources created. | `map(string)` | `{}` | no | @@ -98,7 +98,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | [wayfinder\_instance\_id](#input\_wayfinder\_instance\_id) | The instance ID to use for Wayfinder. | `string` | n/a | yes | | [wayfinder\_licence\_key](#input\_wayfinder\_licence\_key) | The licence key to use for Wayfinder. | `string` | n/a | yes | | [wayfinder\_release\_channel](#input\_wayfinder\_release\_channel) | The release channel to use for Wayfinder. | `string` | `"wayfinder-releases"` | no | -| [wayfinder\_version](#input\_wayfinder\_version) | The version to use for Wayfinder. | `string` | `"v2.5.1"` | no | +| [wayfinder\_version](#input\_wayfinder\_version) | The version to use for Wayfinder. | `string` | `"v2.6.4"` | no | ## Outputs diff --git a/autoscaler.tf b/autoscaler.tf index d5ae610..6659d18 100644 --- a/autoscaler.tf +++ b/autoscaler.tf @@ -1,6 +1,6 @@ module "autoscaler_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.17.0" + version = "5.34.0" attach_cluster_autoscaler_policy = true cluster_autoscaler_cluster_ids = [module.eks.cluster_name] @@ -28,7 +28,7 @@ resource "helm_release" "metrics_server" { name = "metrics-server" repository = "https://kubernetes-sigs.github.io/metrics-server" chart = "metrics-server" - version = "3.8.2" + version = "3.12.0" max_history = 5 } @@ -45,7 +45,7 @@ resource "helm_release" "cluster_autoscaler" { name = "autoscaler" repository = "https://kubernetes.github.io/autoscaler" chart = "cluster-autoscaler" - version = "9.19.4" + version = "9.35.0" max_history = 5 set { diff --git a/cert-manager.tf b/cert-manager.tf index 340e374..bdd3d9a 100644 --- a/cert-manager.tf +++ b/cert-manager.tf @@ -1,6 +1,6 @@ module "certmanager_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.17.0" + version = "5.34.0" attach_cert_manager_policy = true cert_manager_hosted_zone_arns = [var.dns_zone_arn] diff --git a/eks.tf b/eks.tf index 08e2c1d..d45b728 100644 --- a/eks.tf +++ b/eks.tf @@ -1,18 +1,21 @@ module "eks" { source = "terraform-aws-modules/eks/aws" - version = "19.13.0" + version = "20.2.1" cluster_name = local.name cluster_version = var.cluster_version - tags = local.tags - cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] - cluster_endpoint_private_access = true - cluster_endpoint_public_access = !var.disable_internet_access - cluster_endpoint_public_access_cidrs = var.cluster_endpoint_public_access_cidrs - kms_key_administrators = var.kms_key_administrators - subnet_ids = distinct(flatten(values(var.subnet_ids_by_az))) - vpc_id = var.vpc_id + authentication_mode = "API_AND_CONFIG_MAP" + access_entries = var.access_entries + cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + cluster_endpoint_private_access = true + cluster_endpoint_public_access = !var.disable_internet_access + cluster_endpoint_public_access_cidrs = var.cluster_endpoint_public_access_cidrs + enable_cluster_creator_admin_permissions = var.access_entries != {} ? false : true + kms_key_administrators = var.kms_key_administrators + subnet_ids = distinct(flatten(values(var.subnet_ids_by_az))) + tags = local.tags + vpc_id = var.vpc_id cluster_addons = { coredns = { @@ -118,14 +121,11 @@ module "eks" { ipv6_cidr_blocks = ["::/0"] } }, var.node_security_group_additional_rules) - - manage_aws_auth_configmap = true - aws_auth_roles = var.eks_aws_auth_roles } module "irsa-ebs-csi-driver" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.17.0" + version = "5.34.0" role_name = "${local.name}-ebs-csi-driver-irsa" attach_ebs_csi_policy = true diff --git a/examples/complete/README.md b/examples/complete/README.md index 61682f4..1af4df5 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -34,6 +34,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster. | 
map(object({
    kubernetes_groups = optional(list(string))
    principal_arn     = string
    policy_associations = optional(map(object({
      policy_arn = string
      access_scope = object({
        namespaces = optional(list(string))
        type       = string
      })
    })))
  }))
| `{}` | no | | [availability\_zones](#input\_availability\_zones) | List of availability zones to deploy into. | `list(string)` | 
[
  "eu-west-2a",
  "eu-west-2b",
  "eu-west-2c"
]
| no | | [aws\_secretsmanager\_name](#input\_aws\_secretsmanager\_name) | The name of the AWS Secrets Manager secret to fetch, which contains IDP configuration. | `string` | `"wayfinder-secrets"` | no | | [clusterissuer\_email](#input\_clusterissuer\_email) | The email address to use for the cert-manager cluster issuer. | `string` | n/a | yes | @@ -44,7 +45,6 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | [environment](#input\_environment) | The environment name we are provisioning. | `string` | `"production"` | no | | [idp\_provider](#input\_idp\_provider) | The Identity Provider type to configure for Wayfinder (supported: generic, aad). | `string` | `"generic"` | no | | [tags](#input\_tags) | Tags to apply to all resources. | `map(any)` | `{}` | no | -| [terraform\_plan\_role\_arn](#input\_terraform\_plan\_role\_arn) | The ARN of the IAM role used for Terraform plan operations. | `string` | n/a | yes | | [vpc\_cidr](#input\_vpc\_cidr) | CIDR block for the Wayfinder VPC. | `string` | `"10.0.0.0/21"` | no | | [vpc\_private\_subnets](#input\_vpc\_private\_subnets) | List of private subnets in the Wayfinder VPC. | `list(string)` | 
[
  "10.0.0.0/24",
  "10.0.1.0/24",
  "10.0.2.0/24"
]
| no | | [vpc\_public\_subnets](#input\_vpc\_public\_subnets) | List of public subnets in the Wayfinder VPC. | `list(string)` | 
[
  "10.0.3.0/24",
  "10.0.4.0/24",
  "10.0.5.0/24"
]
| no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index bde21ef..6e8c59a 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,6 +1,7 @@ module "wayfinder" { source = "../../" + access_entries = var.access_entries clusterissuer_email = var.clusterissuer_email create_localadmin_user = var.create_localadmin_user disable_internet_access = var.disable_internet_access @@ -24,14 +25,6 @@ module "wayfinder" { azureTenantId = var.idp_provider == "aad" ? jsondecode(data.aws_secretsmanager_secret_version.wayfinder.secret_string)["idpAzureTenantId"] : "" } - eks_aws_auth_roles = [ - { - rolearn = var.terraform_plan_role_arn - username = "terraform-identity-plan" - groups = ["system:masters"] - } - ] - # cluster_security_group_additional_rules = { # allow_access_from_vpn = { # description = "Allow access to the Wayfinder API from within My Organisation's internal network" diff --git a/examples/complete/terraform.tfvars.sample b/examples/complete/terraform.tfvars.sample index 45064d6..2f239ed 100644 --- a/examples/complete/terraform.tfvars.sample +++ b/examples/complete/terraform.tfvars.sample @@ -1,9 +1,32 @@ +access_entries = { + tf_plan = { + principal_arn = "arn:aws:iam::123456789012:role/tf-plan" + policy_associations = { + cluster_admin = { + policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + access_scope = { + type = "cluster" + } + } + } + } + tf_apply = { + principal_arn = "arn:aws:iam::123456789012:role/tf-apply" + policy_associations = { + cluster_admin = { + policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + access_scope = { + type = "cluster" + } + } + } + } +} clusterissuer_email = "example@appvia.io" disable_local_login = true dns_zone_name = "wf.example.com" idp_provider = "generic" wayfinder_instance_id = "your-wayfinder-instance-id" -terraform_plan_role_arn = "arn:aws:iam::123456789012:role/terraform-plan-role" tags = { Repository = "Your Repository URL" Provisioner = "Terraform" diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index b7a5b80..c05b9e5 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -1,3 +1,19 @@ +variable "access_entries" { + description = "Map of access entries to add to the cluster." + type = map(object({ + kubernetes_groups = optional(list(string)) + principal_arn = string + policy_associations = optional(map(object({ + policy_arn = string + access_scope = object({ + namespaces = optional(list(string)) + type = string + }) + }))) + })) + default = {} +} + variable "aws_secretsmanager_name" { description = "The name of the AWS Secrets Manager secret to fetch, which contains IDP configuration." type = string @@ -66,11 +82,6 @@ variable "tags" { default = {} } -variable "terraform_plan_role_arn" { - description = "The ARN of the IAM role used for Terraform plan operations." - type = string -} - variable "vpc_cidr" { description = "CIDR block for the Wayfinder VPC." type = string diff --git a/examples/complete/vpc.tf b/examples/complete/vpc.tf index f611707..f47225a 100755 --- a/examples/complete/vpc.tf +++ b/examples/complete/vpc.tf @@ -1,6 +1,6 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "5.0.0" + version = "5.5.1" azs = var.availability_zones cidr = var.vpc_cidr diff --git a/examples/quickstart/.terraform.lock.hcl b/examples/quickstart/.terraform.lock.hcl index f1d6be3..d97a63b 100644 --- a/examples/quickstart/.terraform.lock.hcl +++ b/examples/quickstart/.terraform.lock.hcl @@ -19,45 +19,45 @@ provider "registry.terraform.io/gavinbunney/kubectl" { } provider "registry.terraform.io/hashicorp/aws" { - version = "5.22.0" - constraints = ">= 3.72.0, >= 4.0.0, >= 4.47.0, >= 4.57.0, >= 4.62.0, >= 5.0.0, ~> 5.0" + version = "5.35.0" + constraints = ">= 4.0.0, >= 4.33.0, >= 4.62.0, ~> 5.0, >= 5.20.0, >= 5.34.0" hashes = [ - "h1:XuU3tsGzElMt4Ti8SsM05pFllNMwSC4ScUxcfsOS140=", - "zh:09b8475cd519c945423b1e1183b71a4209dd2927e0d289a88c5abeecb53c1753", - "zh:2448e0c3ce9b991a5dd70f6a42d842366a6a2460cf63b31fb9bc5d2cc92ced19", - "zh:3b9fc2bf6714a9a9ab25eae3e56cead3d3917bc1b6d8b9fb3111c4198a790c72", - "zh:4fbd28ad5380529a36c54d7a96c9768df1288c625d28b8fa3a50d4fc2176ef0f", - "zh:54d550f190702a7edc2d459952d025e259a8c0b0ff7df3f15bbcc148539214bf", - "zh:638f406d084ac96f3a0b0a5ce8aa71a5a2a781a56ba96e3a235d3982b89eef0d", - "zh:69d4c175b13b6916b5c9398172cc384e7af46cb737b45870ab9907f12e82a28a", - "zh:81edec181a67255d25caf5e7ffe6d5e8f9373849b9e8f5e0705f277640abb18e", + "h1:MKNFmhsOIirK7Qzr6TWkVaBcVGN81lCU0BPiaPOeQ8s=", + "zh:3a2a6f40db82d30ea8c5e3e251ca5e16b08e520570336e7e342be823df67e945", + "zh:420a23b69b412438a15b8b2e2c9aac2cf2e4976f990f117e4bf8f630692d3949", + "zh:4d8b887f6a71b38cff77ad14af9279528433e279eed702d96b81ea48e16e779c", + "zh:4edd41f8e1c7d29931608a7b01a7ae3d89d6f95ef5502cf8200f228a27917c40", + "zh:6337544e2ded5cf37b55a70aa6ce81c07fd444a2644ff3c5aad1d34680051bdc", + "zh:668faa3faaf2e0758bf319ea40d2304340f4a2dc2cd24460ddfa6ab66f71b802", + "zh:79ddc6d7c90e59fdf4a51e6ea822ba9495b1873d6a9d70daf2eeaf6fc4eb6ff3", + "zh:885822027faf1aa57787f980ead7c26e7d0e55b4040d926b65709b764f804513", + "zh:8c50a8f397b871388ff2e048f5eb280af107faa2e8926694f1ffd9f32a7a7cdf", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a66efb2b3cf7be8116728ae5782d7550f23f3719da2ed3c10228d29c44b7dc84", - "zh:ae754478d0bfa42195d16cf46091fab7c1c075ebc965d919338e36aed45add78", - "zh:e0603ad0061c43aa1cb52740b1e700b8afb55667d7ee01c1cc1ceb6f983d4c9d", - "zh:e4cb701d0185884eed0492a66eff17251f5b4971d30e81acd5e0a55627059fc8", - "zh:f7db2fcf69679925dde1ae326526242fd61ba1f83f614b1f6d9d68c925417e51", - "zh:fef331b9b62bc26d900ae937cc662281ff30794edf48aebfe8997d0e16835f6d", + "zh:a2f5d2553df5573a060641f18ee7585587047c25ba73fd80617f59b5893d22b4", + "zh:c43833ae2a152213ee92eb5be7653f9493779eddbe0ce403ea49b5f1d87fd766", + "zh:dab01527a3a55b4f0f958af6f46313d775e27f9ad9d10bedbbfea4a35a06dc5f", + "zh:ed49c65620ec42718d681a7fc00c166c295ff2795db6cede2c690b83f9fb3e65", + "zh:f0a358c0ae1087c466d0fbcc3b4da886f33f881a145c3836ec43149878b86a1a", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.2" + version = "2.3.3" constraints = ">= 2.0.0" hashes = [ - "h1:ocyv0lvfyvzW4krenxV5CL4Jq5DiA3EUfoy8DR6zFMw=", - "zh:2487e498736ed90f53de8f66fe2b8c05665b9f8ff1506f751c5ee227c7f457d1", - "zh:3d8627d142942336cf65eea6eb6403692f47e9072ff3fa11c3f774a3b93130b3", - "zh:434b643054aeafb5df28d5529b72acc20c6f5ded24decad73b98657af2b53f4f", - "zh:436aa6c2b07d82aa6a9dd746a3e3a627f72787c27c80552ceda6dc52d01f4b6f", - "zh:458274c5aabe65ef4dbd61d43ce759287788e35a2da004e796373f88edcaa422", - "zh:54bc70fa6fb7da33292ae4d9ceef5398d637c7373e729ed4fce59bd7b8d67372", + "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=", + "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7", + "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91", + "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2", + "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1", + "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:893ba267e18749c1a956b69be569f0d7bc043a49c3a0eb4d0d09a8e8b2ca3136", - "zh:95493b7517bce116f75cdd4c63b7c82a9d0d48ec2ef2f5eb836d262ef96d0aa7", - "zh:9ae21ab393be52e3e84e5cce0ef20e690d21f6c10ade7d9d9d22b39851bfeddc", - "zh:cc3b01ac2472e6d59358d54d5e4945032efbc8008739a6d4946ca1b621a16040", - "zh:f23bfe9758f06a1ec10ea3a81c9deedf3a7b42963568997d84a5153f35c5839a", + "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d", + "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5", + "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496", + "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14", + "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d", + "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f", ] } @@ -82,21 +82,22 @@ provider "registry.terraform.io/hashicorp/helm" { } provider "registry.terraform.io/hashicorp/http" { - version = "3.4.0" + version = "3.4.1" + constraints = ">= 3.4.0" hashes = [ - "h1:m0d6+9xK/9TJSE9Z6nM4IwHXZgod4/jkdsf7CZSpUvo=", - "zh:56712497a87bc4e91bbaf1a5a2be4b3f9cfa2384baeb20fc9fad0aff8f063914", - "zh:6661355e1090ebacab16a40ede35b029caffc279d67da73a000b6eecf0b58eba", - "zh:67b92d343e808b92d7e6c3bbcb9b9d5475fecfed0836963f7feb9d9908bd4c4f", + "h1:RLJ1zsc2ScUFapTANM91XHyAY7715gP3yPlBOcaBKuk=", + "zh:2a79832069a34e88ec997fb8d2c2bdad6f40bfe93a4ae5e6e7f0caf4eea2a9e5", + "zh:37d3611857ab207e1565e441a2df9020b1326b7df31e5656165cb6817306494b", + "zh:48cc974b12544be18c18bfcb5ea21a4818d03b897e96fb9b4d0d9303883cb3fa", + "zh:4b8da2ffe868082830173fdcc8632e2705918e0396c72158d7822650bb1d3bf6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:86ebb9be9b685c96dbb5c024b55d87526d57a4b127796d6046344f8294d3f28e", - "zh:902be7cfca4308cba3e1e7ba6fc292629dfd150eb9a9f054a854fa1532b0ceba", - "zh:9ba26e0215cd53b21fe26a0a98c007de1348b7d13a75ae3cfaf7729e0f2c50bb", - "zh:a195c941e1f1526147134c257ff549bea4c89c953685acd3d48d9de7a38f39dc", - "zh:a7967b3d2a8c3e7e1dc9ae381ca753268f9fce756466fe2fc9e414ca2d85a92e", - "zh:bde56542e9a093434d96bea21c341285737c6d38fea2f05e12ba7b333f3e9c05", - "zh:c0306f76903024c497fd01f9fd9bace5854c263e87a97bc2e89dcc96d35ca3cc", - "zh:f9335a6c336171e85f8e3e99c3d31758811a19aeb21fa8c9013d427e155ae2a9", + "zh:8148614299a21be04dd11268047e110df3ce9ef585d6240bed2f196839946efa", + "zh:a6d583cb70b1355fbc7b1c2cffaa53e4703b04ced9d0ecf78708129ce7072128", + "zh:a95f770e8913dd48fde8836cf993fafdbf7da5308a6fbd3d455cb10737742990", + "zh:b36784e6602e6ae7ba67560ebcfd055b4448cb0edf9bf35744c2f32ddbd8fa2d", + "zh:c23b37fd9e481269fc55735b24c7e8877057c08b42671c796816409d54486a1c", + "zh:df07252b27120020d91d7ad11f7ea92832d8df2e81b55a658ac1eb93dc6b8d18", + "zh:e44dc5a1fd5995bfd21d385949d539c619e8b37b69875bd92ad4aa18e2435722", ] } @@ -121,80 +122,81 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" + version = "2.4.1" + constraints = ">= 2.4.0" hashes = [ - "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", + "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", + "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", + "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", + "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", + "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", + "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", + "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", + "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", + "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", + "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", + "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.5.1" + version = "3.6.0" constraints = ">= 3.5.0, ~> 3.5" hashes = [ - "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=", - "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", - "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", - "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", - "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", - "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", + "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", + "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", + "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", + "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", + "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", - "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", - "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", - "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", - "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", - "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", + "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", + "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", + "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", + "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", + "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", ] } provider "registry.terraform.io/hashicorp/time" { - version = "0.9.1" + version = "0.10.0" constraints = ">= 0.9.0" hashes = [ - "h1:VxyoYYOCaJGDmLz4TruZQTSfQhvwEcMxvcKclWdnpbs=", - "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", - "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", - "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "h1:NAl8eupFAZXCAbE5uiHZTz+Yqler55B3fMG+jNPrjjM=", + "zh:0ab31efe760cc86c9eef9e8eb070ae9e15c52c617243bbd9041632d44ea70781", + "zh:0ee4e906e28f23c598632eeac297ab098d6d6a90629d15516814ab90ad42aec8", + "zh:3bbb3e9da728b82428c6f18533b5b7c014e8ff1b8d9b2587107c966b985e5bcc", + "zh:6771c72db4e4486f2c2603c81dfddd9e28b6554d1ded2996b4cb37f887b467de", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", - "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", - "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", - "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", - "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", - "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", - "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", - "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + "zh:833c636d86c2c8f23296a7da5d492bdfd7260e22899fc8af8cc3937eb41a7391", + "zh:c545f1497ae0978ffc979645e594b57ff06c30b4144486f4f362d686366e2e42", + "zh:def83c6a85db611b8f1d996d32869f59397c23b8b78e39a978c8a2296b0588b2", + "zh:df9579b72cc8e5fac6efee20c7d0a8b72d3d859b50828b1c473d620ab939e2c7", + "zh:e281a8ecbb33c185e2d0976dc526c93b7359e3ffdc8130df7422863f4952c00e", + "zh:ecb1af3ae67ac7933b5630606672c94ec1f54b119bf77d3091f16d55ab634461", + "zh:f8109f13e07a741e1e8a52134f84583f97a819e33600be44623a21f6424d6593", ] } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" + version = "4.0.5" constraints = ">= 3.0.0" hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/examples/quickstart/README.md b/examples/quickstart/README.md index 642066d..6873cbe 100644 --- a/examples/quickstart/README.md +++ b/examples/quickstart/README.md @@ -26,6 +26,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster. | 
map(object({
    kubernetes_groups = optional(list(string))
    principal_arn     = string
    policy_associations = optional(map(object({
      policy_arn = string
      access_scope = object({
        namespaces = optional(list(string))
        type       = string
      })
    })))
  }))
| `{}` | no | | [availability\_zones](#input\_availability\_zones) | List of availability zones to deploy into. | `list(string)` | 
[
  "eu-west-2a",
  "eu-west-2b",
  "eu-west-2c"
]
| no | | [clusterissuer\_email](#input\_clusterissuer\_email) | The email address to use for the cert-manager cluster issuer. | `string` | n/a | yes | | [disable\_internet\_access](#input\_disable\_internet\_access) | Whether to disable internet access for EKS and the Wayfinder ingress controller. | `bool` | `false` | no | diff --git a/examples/quickstart/main.tf b/examples/quickstart/main.tf index 0303f8c..f0c475d 100644 --- a/examples/quickstart/main.tf +++ b/examples/quickstart/main.tf @@ -1,6 +1,7 @@ module "wayfinder" { source = "../../" + access_entries = var.access_entries clusterissuer_email = var.clusterissuer_email create_localadmin_user = true disable_internet_access = var.disable_internet_access diff --git a/examples/quickstart/terraform.tfvars.sample b/examples/quickstart/terraform.tfvars.sample index b1aceee..208bb62 100644 --- a/examples/quickstart/terraform.tfvars.sample +++ b/examples/quickstart/terraform.tfvars.sample @@ -1,3 +1,27 @@ +access_entries = { + tf_plan = { + principal_arn = "arn:aws:iam::123456789012:role/tf-plan" + policy_associations = { + cluster_admin = { + policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + access_scope = { + type = "cluster" + } + } + } + } + tf_apply = { + principal_arn = "arn:aws:iam::123456789012:role/tf-apply" + policy_associations = { + cluster_admin = { + policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + access_scope = { + type = "cluster" + } + } + } + } +} clusterissuer_email = "example@appvia.io" dns_zone_name = "wf.example.com" wayfinder_instance_id = "your-wayfinder-instance-id" diff --git a/examples/quickstart/variables.tf b/examples/quickstart/variables.tf index 4b36efc..cc462a0 100644 --- a/examples/quickstart/variables.tf +++ b/examples/quickstart/variables.tf @@ -1,3 +1,19 @@ +variable "access_entries" { + description = "Map of access entries to add to the cluster." + type = map(object({ + kubernetes_groups = optional(list(string)) + principal_arn = string + policy_associations = optional(map(object({ + policy_arn = string + access_scope = object({ + namespaces = optional(list(string)) + type = string + }) + }))) + })) + default = {} +} + variable "availability_zones" { description = "List of availability zones to deploy into." type = list(string) diff --git a/examples/quickstart/vpc.tf b/examples/quickstart/vpc.tf index f611707..f47225a 100755 --- a/examples/quickstart/vpc.tf +++ b/examples/quickstart/vpc.tf @@ -1,6 +1,6 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "5.0.0" + version = "5.5.1" azs = var.availability_zones cidr = var.vpc_cidr diff --git a/external-dns.tf b/external-dns.tf index 21c1be7..78176b0 100644 --- a/external-dns.tf +++ b/external-dns.tf @@ -1,6 +1,6 @@ module "externaldns_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.17.0" + version = "5.34.0" attach_external_dns_policy = true role_name = "${local.name}-external-dns" diff --git a/modules/cloudaccess/wf_cloud_info.tf b/modules/cloudaccess/wf_cloud_info.tf index 13f8807..dfe2aa1 100644 --- a/modules/cloudaccess/wf_cloud_info.tf +++ b/modules/cloudaccess/wf_cloud_info.tf @@ -2,7 +2,7 @@ module "iam_role_cloud_info" { count = var.enable_cloud_info && var.from_aws ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-CloudInfo${local.resource_suffix}" @@ -17,7 +17,7 @@ module "iam_role_cloud_info_azure_oidc" { count = var.enable_cloud_info && var.from_azure ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-CloudInfo-azure${local.resource_suffix}" @@ -51,7 +51,7 @@ module "iam_policy_cloud_info" { count = var.enable_cloud_info ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.17.0" + version = "5.34.0" name = "wf-CloudInfo${local.resource_suffix}" description = "Retrieve pricing and instance type metadata" diff --git a/modules/cloudaccess/wf_cluster_manager.tf b/modules/cloudaccess/wf_cluster_manager.tf index 9b415c2..041a5eb 100644 --- a/modules/cloudaccess/wf_cluster_manager.tf +++ b/modules/cloudaccess/wf_cluster_manager.tf @@ -2,7 +2,7 @@ module "iam_role_cluster_manager" { count = var.enable_cluster_manager && var.from_aws ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-ClusterManager${local.resource_suffix}" @@ -17,7 +17,7 @@ module "iam_role_cluster_manager_azure_oidc" { count = var.enable_cluster_manager && var.from_azure ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-ClusterManager-azure${local.resource_suffix}" @@ -51,7 +51,7 @@ module "iam_policy_cluster_manager" { count = var.enable_cluster_manager ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.17.0" + version = "5.34.0" name = "wf-ClusterManager${local.resource_suffix}" description = "Create and manage EKS Kubernetes clusters" diff --git a/modules/cloudaccess/wf_dns_zone_manager.tf b/modules/cloudaccess/wf_dns_zone_manager.tf index 86950ed..e1a3e4f 100644 --- a/modules/cloudaccess/wf_dns_zone_manager.tf +++ b/modules/cloudaccess/wf_dns_zone_manager.tf @@ -2,7 +2,7 @@ module "iam_role_dns_zone_manager" { count = var.enable_dns_zone_manager && var.from_aws ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-DNSZoneManager${local.resource_suffix}" @@ -17,7 +17,7 @@ module "iam_role_dns_zone_manager_azure_oidc" { count = var.enable_dns_zone_manager && var.from_azure ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-DNSZoneManager-azure${local.resource_suffix}" @@ -51,7 +51,7 @@ module "iam_policy_dns_zone_manager" { count = var.enable_dns_zone_manager ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.17.0" + version = "5.34.0" name = "wf-DNSZoneManager${local.resource_suffix}" description = "Create and manage Route 53 DNS Zones for automated DNS management" diff --git a/modules/cloudaccess/wf_network_manager.tf b/modules/cloudaccess/wf_network_manager.tf index 851da3e..a3a3a51 100644 --- a/modules/cloudaccess/wf_network_manager.tf +++ b/modules/cloudaccess/wf_network_manager.tf @@ -2,7 +2,7 @@ module "iam_role_network_manager" { count = var.enable_network_manager && var.from_aws ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-NetworkManager${local.resource_suffix}" @@ -17,7 +17,7 @@ module "iam_role_network_manager_azure_oidc" { count = var.enable_network_manager && var.from_azure ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-NetworkManager-azure${local.resource_suffix}" @@ -51,7 +51,7 @@ module "iam_policy_network_manager" { count = var.enable_network_manager ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.17.0" + version = "5.34.0" name = "wf-NetworkManager${local.resource_suffix}" description = "Create and manage VPCs for EKS clusters" diff --git a/modules/cloudaccess/wf_peering_acceptor.tf b/modules/cloudaccess/wf_peering_acceptor.tf index 0973ae1..6c33e50 100644 --- a/modules/cloudaccess/wf_peering_acceptor.tf +++ b/modules/cloudaccess/wf_peering_acceptor.tf @@ -2,7 +2,7 @@ module "iam_role_peering_acceptor" { count = var.enable_peering_acceptor && var.from_aws ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-PeeringAcceptor${local.resource_suffix}" @@ -16,7 +16,7 @@ module "iam_role_peering_acceptor_azure_oidc" { count = var.enable_peering_acceptor && var.from_azure ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.17.0" + version = "5.34.0" create_role = true role_name = "wf-PeeringAcceptor-azure${local.resource_suffix}" @@ -48,7 +48,7 @@ module "iam_policy_peering_acceptor" { count = var.enable_peering_acceptor ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.17.0" + version = "5.34.0" name = "wf-PeeringAcceptor${local.resource_suffix}" description = "Accept peering connections in aws" diff --git a/variables.tf b/variables.tf index c725d61..cd92cd8 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,19 @@ +variable "access_entries" { + description = "Map of access entries to add to the cluster. This is required if you use a different IAM Role for Terraform Plan actions." + type = map(object({ + kubernetes_groups = optional(list(string)) + principal_arn = string + policy_associations = optional(map(object({ + policy_arn = string + access_scope = object({ + namespaces = optional(list(string)) + type = string + }) + }))) + })) + default = {} +} + variable "clusterissuer_email" { description = "The email address to use for the cert-manager cluster issuer." type = string @@ -18,7 +34,7 @@ variable "cluster_security_group_additional_rules" { variable "cluster_version" { description = "The Kubernetes version to use for the EKS cluster." type = string - default = "1.27" + default = "1.28" } variable "create_localadmin_user" { @@ -50,16 +66,6 @@ variable "ebs_csi_kms_cmk_ids" { default = [] } -variable "eks_aws_auth_roles" { - description = "List of IAM Role maps to add to the aws-auth configmap. This is required if you use a different IAM Role for Terraform Plan actions." - default = [] - type = list(object({ - rolearn = string - username = string - groups = list(string) - })) -} - variable "eks_ng_capacity_type" { description = "The capacity type to use for the EKS managed node group." type = string @@ -215,29 +221,29 @@ variable "wayfinder_release_channel" { variable "wayfinder_version" { description = "The version to use for Wayfinder." type = string - default = "v2.5.1" + default = "v2.6.4" } variable "aws_ebs_csi_driver_addon_version" { description = "The version to use for the AWS EBS CSI driver." type = string - default = "v1.21.0-eksbuild.1" + default = "v1.22.1-eksbuild.1" } variable "coredns_addon_version" { description = "CoreDNS Addon version to use." type = string - default = "v1.10.1-eksbuild.6" + default = "v1.10.1-eksbuild.7" } variable "kube_proxy_addon_version" { description = "Kube Proxy Addon version to use." type = string - default = "v1.27.8-eksbuild.4" + default = "v1.28.4-eksbuild.4" } variable "aws_vpc_cni_addon_version" { description = "AWS VPC CNI Addon version to use." type = string - default = "v1.14.1-eksbuild.1" + default = "v1.15.5-eksbuild.1" } diff --git a/versions.tf b/versions.tf index 9721dc5..e4a833a 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.62" + version = ">= 5.34" } helm = { source = "hashicorp/helm" diff --git a/wayfinder.tf b/wayfinder.tf index e54972b..ef6b2af 100644 --- a/wayfinder.tf +++ b/wayfinder.tf @@ -108,7 +108,7 @@ resource "aws_iam_policy" "wayfinder_irsa_policy" { module "wayfinder_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.17.0" + version = "5.34.0" role_name = "${local.name}-irsa" tags = local.tags