update module source

README.md

@@ -32,9 +32,9 @@ sys     0m2.015s
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.14 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.11 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.23 |
 
 ## Providers
 

eks_console_access.tf

@@ -12,26 +12,41 @@
 # ```
 
 locals {
+  helm_chart_urls = {
+    full       = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-full-access.yaml"
+    restricted = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-restricted-access.yaml"
+  }
+
   cluster_roles = [
     {
       name    = "eks-console-full-access"
-      url     = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-full-access.yaml"
+      url     = local.helm_chart_urls.full
       enabled = true
     },
     {
       name    = "eks-console-restricted-access"
-      url     = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-restricted-access.yaml"
+      url     = local.helm_chart_urls.restricted
       enabled = true
-    },
+    }
   ]
   cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr if cr.enabled }
 }
 
 resource "helm_release" "console_access" {
-  for_each   = local.cluster_roles_map
-  chart      = each.key
+  for_each = local.cluster_roles_map
+
   name       = each.key
+  chart      = each.key
   namespace  = "default"
   version    = var.release_version
   repository = "./"
+
+  timeout = 300
+  wait    = true
+
+  lifecycle {
+    ignore_changes = [
+      version,
+    ]
+  }
 }

main.tf

@@ -5,7 +5,6 @@ locals {
     "boc:created_by"        = "terraform"
     CostAllocation          = var.tag_costallocation
   }
-
   tags = merge(local.base_tags, var.tags)
 }
 
@@ -24,8 +23,12 @@ resource "kubernetes_storage_class" "gp3_encrypted" {
   }
   storage_provisioner    = "ebs.csi.aws.com"
   reclaim_policy         = "Delete"
-  volume_binding_mode    = "Immediate"
+  volume_binding_mode    = "WaitForFirstConsumer" # Changed from Immediate for better scheduling
   allow_volume_expansion = "true"
+
+  # lifecycle {
+  #    prevent_destroy = true  # Protect storage class from accidental deletion
+  # }
 }
 
 resource "kubernetes_storage_class" "ebs_encrypted" {
@@ -48,7 +51,6 @@ resource "kubernetes_storage_class" "ebs_encrypted" {
 }
 
 module "efs" {
-  # tflint-ignore: terraform_module_version
   # tflint-ignore: terraform_module_pinned_source
   source = "git@github.e.it.census.gov:terraform-modules/aws-efs.git?ref=master"
 
@@ -57,9 +59,16 @@ module "efs" {
   subnet_ids      = var.subnets
   security_groups = [var.security_group_all_worker_mgmt_id]
 
+  lifecycle_policy = {
+    transition_to_ia = "AFTER_30_DAYS"
+  }
+
   tags = merge(
     local.tags,
-    tomap({ "efs.csi.aws.com/cluster" = "true" }),
+    {
+      "efs.csi.aws.com/cluster" = "true"
+      "kubernetes.io/cluster"   = var.cluster_name
+    }
   )
 }
 

requirements.tf

@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.14.0"
+      version = "~> 5.14"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.11.0"
+      version = "~> 2.11"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.23.0"
+      version = "~> 2.23"
     }
   }
 }