Helm charts updates (#206)

* Updating helm charts
* Updating modules
* Pass in vpc id and region to aws load balancer module
* Update github workflow runner version
---------
Co-authored-by: William <[email protected]>
Co-authored-by: Olamide <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/workflows/ci.yaml

@@ -5,7 +5,7 @@ on:
 jobs:
  checkfmt:
  name: Format
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
  steps:
  - name: Checkout repository
  uses: actions/checkout@v2
@@ -18,7 +18,7 @@ jobs:
 
  validate:
  name: Validate
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
  steps:
  - name: Checkout repository
  uses: actions/checkout@v2
@@ -31,7 +31,7 @@ jobs:
 
  docs:
  name: Docs
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
  steps:
  - name: Checkout repository
  uses: actions/checkout@v2
@@ -56,7 +56,7 @@ jobs:
 
  lint:
  name: Lint
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
  steps:
  - name: Checkout repository
  uses: actions/checkout@v2

aws/cluster/README.md

@@ -100,7 +100,7 @@ module "cluster" {
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Prefix to be applied to created resources | `list(string)` | `[]` | no |
-| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | <pre>map(object({<br> instance_types = list(string),<br> max_size = number<br> min_size = number<br> }))</pre> | n/a | yes |
+| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Node groups to create in this cluster | <pre>map(object({<br/> instance_types = list(string),<br/> max_size = number<br/> min_size = number<br/> }))</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all created resources | `map(string)` | `{}` | no |
 
 ## Outputs

aws/cluster/modules/eks-cluster/README.md

@@ -29,7 +29,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_enabled_cluster_log_types"></a> [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | <pre>[<br> "api",<br> "audit"<br>]</pre> | no |
+| <a name="input_enabled_cluster_log_types"></a> [enabled\_cluster\_log\_types](#input\_enabled\_cluster\_log\_types) | Which EKS control plane log types to enable | `list(string)` | <pre>[<br/> "api",<br/> "audit"<br/>]</pre> | no |
 | <a name="input_k8s_version"></a> [k8s\_version](#input\_k8s\_version) | Kubernetes version to deploy | `string` | n/a | yes |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | How many days until control plane logs are purged | `number` | `7` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS cluster | `string` | n/a | yes |

aws/cluster/modules/eks-node-group/README.md

@@ -23,7 +23,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster"></a> [cluster](#input\_cluster) | Cluster which this node group should join | `object({ name = string })` | n/a | yes |
-| <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | EC2 instance types allowed in this node group | `list(string)` | <pre>[<br> "t3.medium"<br>]</pre> | no |
+| <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | EC2 instance types allowed in this node group | `list(string)` | <pre>[<br/> "t3.medium"<br/>]</pre> | no |
 | <a name="input_max_size"></a> [max\_size](#input\_max\_size) | Maximum number of nodes in this group | `number` | n/a | yes |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | Minimum number of nodes in this group | `number` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name for this EKS node group | `string` | n/a | yes |

aws/cluster/modules/k8s-oidc-provider/README.md

@@ -25,7 +25,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cluster"></a> [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | <pre>object({<br> identity = list(object({ oidc = list(object({ issuer = string })) }))<br> })</pre> | n/a | yes |
+| <a name="input_cluster"></a> [cluster](#input\_cluster) | Cluster providing an OpenID connect issuer | <pre>object({<br/> identity = list(object({ oidc = list(object({ issuer = string })) }))<br/> })</pre> | n/a | yes |
 
 ## Outputs
 

aws/network-data/README.md

@@ -24,8 +24,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_private_tags"></a> [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | <pre>{<br> "kubernetes.io/role/internal-elb": "1"<br>}</pre> | no |
-| <a name="input_public_tags"></a> [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | <pre>{<br> "kubernetes.io/role/elb": "1"<br>}</pre> | no |
+| <a name="input_private_tags"></a> [private\_tags](#input\_private\_tags) | Tags to identify private subnets | `map(string)` | <pre>{<br/> "kubernetes.io/role/internal-elb": "1"<br/>}</pre> | no |
+| <a name="input_public_tags"></a> [public\_tags](#input\_public\_tags) | Tags to identify public subnets | `map(string)` | <pre>{<br/> "kubernetes.io/role/elb": "1"<br/>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to identify all resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_tags"></a> [vpc\_tags](#input\_vpc\_tags) | Tags to identify the VPC | `map(string)` | `{}` | no |
 

aws/platform/README.md

@@ -194,7 +194,7 @@ You can then use it to manually edit the aws-auth ConfigMap:
 | <a name="input_opsgenie_parameter"></a> [opsgenie\_parameter](#input\_opsgenie\_parameter) | SSM parameter containing the OpsGenie api key | `string` | `null` | no |
 | <a name="input_pagerduty_parameter"></a> [pagerduty\_parameter](#input\_pagerduty\_parameter) | SSM parameter containing the Pagerduty routing key | `string` | `null` | no |
 | <a name="input_prometheus_adapter_values"></a> [prometheus\_adapter\_values](#input\_prometheus\_adapter\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
-| <a name="input_prometheus_data_source"></a> [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | <pre>object({<br> # The name of the Prometheus workspace for centralized injestion<br> name = string<br><br> # The Prometheus workspace host. <br> # A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`<br> host = string<br><br> # The Prometheus workspace query path. <br> # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`<br> query_path = string<br><br> # The region for the Prometheus workspace created for centralized injestion path.<br> region = string<br><br> # The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion <br> role_arn = string<br><br> # The write path for the Prometheus workspace. <br> # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`<br> write_path = string<br><br> # The url for the Prometheus workspace. <br> # A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`<br> url = string<br> })</pre> | <pre>{<br> "host": null,<br> "name": null,<br> "query_path": null,<br> "region": null,<br> "role_arn": null,<br> "url": null,<br> "write_path": null<br>}</pre> | no |
+| <a name="input_prometheus_data_source"></a> [prometheus\_data\_source](#input\_prometheus\_data\_source) | Prometheus datasource object with necessary details required to connect to the Prometheus workspace for centralized ingestion | <pre>object({<br/> # The name of the Prometheus workspace for centralized injestion<br/> name = string<br/><br/> # The Prometheus workspace host. <br/> # A sample value for AWs managed Prometheus will be `aps-workspaces.us-east-1.amazonaws.com`<br/> host = string<br/><br/> # The Prometheus workspace query path. <br/> # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/query`<br/> query_path = string<br/><br/> # The region for the Prometheus workspace created for centralized injestion path.<br/> region = string<br/><br/> # The ARN of the AWS IAM role enabling this cluster to use the Prometheus workspace for centralized ingestion <br/> role_arn = string<br/><br/> # The write path for the Prometheus workspace. <br/> # A sample value for AWs managed Prometheus will be `workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx/api/v1/remote_write`<br/> write_path = string<br/><br/> # The url for the Prometheus workspace. <br/> # A sample value for AWs managed Prometheus will be `https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-xxxxx-xxx-xxx-xxx-xxxxxxx`<br/> url = string<br/> })</pre> | <pre>{<br/> "host": null,<br/> "name": null,<br/> "query_path": null,<br/> "region": null,<br/> "role_arn": null,<br/> "url": null,<br/> "write_path": null<br/>}</pre> | no |
 | <a name="input_prometheus_operator_values"></a> [prometheus\_operator\_values](#input\_prometheus\_operator\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
 | <a name="input_reloader_values"></a> [reloader\_values](#input\_reloader\_values) | Overrides to pass to the Helm chart | `list(string)` | `[]` | no |
 | <a name="input_reloader_version"></a> [reloader\_version](#input\_reloader\_version) | Version of external-dns to install | `string` | `null` | no |

aws/platform/main.tf

@@ -77,6 +77,7 @@ module "aws_load_balancer_controller" {
  k8s_namespace = var.k8s_namespace
  oidc_issuer = data.aws_ssm_parameter.oidc_issuer.value
  vpc_cidr_block = module.network.vpc.cidr_block
+ vpc_id = module.network.vpc.id
 
  depends_on = [module.common_platform]
 }

aws/platform/modules/load-balancer-controller/README.md

@@ -36,6 +36,7 @@ target group bound to the Istio ingress gateway service.
 | [helm_release.ingress_config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb_target_group) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
@@ -53,4 +54,5 @@ target group bound to the Istio ingress gateway service.
 | <a name="input_oidc_issuer"></a> [oidc\_issuer](#input\_oidc\_issuer) | OIDC issuer of the Kubernetes cluster | `string` | n/a | yes |
 | <a name="input_target_group_name"></a> [target\_group\_name](#input\_target\_group\_name) | Override the name of the target group for this cluster | `string` | `null` | no |
 | <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR block for the AWS VPC in which the load balancer runs | `string` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID for the Kubernetes cluster. | `string` | n/a | yes |
 <!-- END_TF_DOCS -->

aws/platform/modules/load-balancer-controller/main.tf

@@ -76,6 +76,8 @@ resource "aws_iam_role_policy_attachment" "this" {
  policy_arn = aws_iam_policy.this.arn
 }
 
+data "aws_region" "current" {}
+
 locals {
  chart_defaults = jsondecode(file("${path.module}/chart.json"))
 
@@ -90,6 +92,8 @@ locals {
  "eks.amazonaws.com/role-arn" = module.service_account_role.arn
  }
  }
+ region = data.aws_region.current.name
+ vpcId = var.vpc_id
  })
  ]
 }

aws/platform/modules/load-balancer-controller/variables.tf

@@ -66,3 +66,8 @@ variable "vpc_cidr_block" {
  type = string
  description = "CIDR block for the AWS VPC in which the load balancer runs"
 }
+
+variable "vpc_id" {
+ type = string
+ description = "The VPC ID for the Kubernetes cluster."
+}

charts.json

@@ -7,7 +7,7 @@
  "cert-manager": {
  "chart": "cert-manager",
  "repository": "https://charts.jetstack.io",
- "version": "v1.10.1"
+ "version": "v1.12.13"
  },
  "cluster-autoscaler": {
  "chart": "cluster-autoscaler",
@@ -27,17 +27,17 @@
  "istio-base": {
  "chart": "base",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
  },
  "istiod": {
  "chart": "istiod",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
  },
  "istio-ingress": {
  "chart": "gateway",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
  },
  "load-balancer-controller": {
  "chart": "aws-load-balancer-controller",

platform/modules/cert-manager/chart.json

@@ -1,5 +1,5 @@
 {
  "chart": "cert-manager",
  "repository": "https://charts.jetstack.io",
- "version": "v1.10.1"
+ "version": "v1.12.13"
 }

platform/modules/istio-base/chart.json

@@ -1,5 +1,5 @@
 {
  "chart": "base",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
 }

platform/modules/istio-ingress/chart.json

@@ -1,5 +1,5 @@
 {
  "chart": "gateway",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
 }

platform/modules/istiod/chart.json

@@ -1,5 +1,5 @@
 {
  "chart": "istiod",
  "repository": "https://istio-release.storage.googleapis.com/charts",
- "version": "1.22.3"
+ "version": "1.23.0"
 }