From c7e9a9990fa64e8d05c46781b7c8426470a044d9 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 19:42:37 -0400 Subject: [PATCH 01/13] update sg naming --- security_groups.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/security_groups.tf b/security_groups.tf index e62c641..5fc9024 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -100,14 +100,6 @@ resource "aws_security_group" "extra_cluster_sg" { cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"]) } - # kubectl logs - ingress { - from_port = 10250 - to_port = 10250 - protocol = "tcp" - cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"]) - } - egress { from_port = 0 to_port = 0 From 1396d205affc89679a9035420280152765a20d2e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 20:28:11 -0400 Subject: [PATCH 02/13] enable private access --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index cf353f9..663db4b 100644 --- a/main.tf +++ b/main.tf @@ -44,6 +44,7 @@ module "cluster" { "controllerManager", "scheduler", ] + cloudwatch_log_group_retention_in_days = "14" vpc_id = local.vpc_id subnet_ids = local.subnets From 710360033ab10ff99e4dc139401217de3270aa0c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 20:47:06 -0400 Subject: [PATCH 03/13] align with upstream --- security_groups.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/security_groups.tf b/security_groups.tf index 5fc9024..e8449a3 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -10,7 +10,11 @@ resource "aws_security_group" "additional_eks_cluster_sg" { tags = merge( local.base_tags, var.tags, +<<<<<<< HEAD { "Name" = local.additional_eks_cluster_sg_name }, +======= + tomap({ "Name" = local.additional_eks_cluster_sg_name }), +>>>>>>> ddd6d64 (align with upstream) ) vpc_id = data.aws_vpc.eks_vpc.id @@ -100,6 +104,14 @@ resource "aws_security_group" "extra_cluster_sg" { cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"]) } + # kubectl logs + ingress { + from_port = 10250 + to_port = 10250 + protocol = "tcp" + cidr_blocks = concat(var.census_private_cidr, ["10.0.0.0/8"]) + } + egress { from_port = 0 to_port = 0 From a7b7f22df434710790346bc8cbbfda5a8899c95b Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 21:43:01 -0400 Subject: [PATCH 04/13] set support to standard --- main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.tf b/main.tf index 663db4b..788ffa1 100644 --- a/main.tf +++ b/main.tf @@ -45,6 +45,9 @@ module "cluster" { "scheduler", ] cloudwatch_log_group_retention_in_days = "14" + upgrade_policy = { + support_type = "STANDARD" + } vpc_id = local.vpc_id subnet_ids = local.subnets From 2a85f553623e3ad80641c088d4b6078179dc866c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 21:44:58 -0400 Subject: [PATCH 05/13] syntax --- main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 788ffa1..3d19787 100644 --- a/main.tf +++ b/main.tf @@ -45,10 +45,9 @@ module "cluster" { "scheduler", ] cloudwatch_log_group_retention_in_days = "14" - upgrade_policy = { + upgrade_policy { support_type = "STANDARD" } - vpc_id = local.vpc_id subnet_ids = local.subnets From d8d0957fff0a84641fd4d46ab0de058f4aa209c4 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 21:47:37 -0400 Subject: [PATCH 06/13] fmt --- main.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 3d19787..663db4b 100644 --- a/main.tf +++ b/main.tf @@ -45,9 +45,7 @@ module "cluster" { "scheduler", ] cloudwatch_log_group_retention_in_days = "14" - upgrade_policy { - support_type = "STANDARD" - } + vpc_id = local.vpc_id subnet_ids = local.subnets From 136bdd787f1e0c5aaf16ff8eb246731cf02a2c8f Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 22:29:46 -0400 Subject: [PATCH 07/13] try arm --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 663db4b..32abadc 100644 --- a/main.tf +++ b/main.tf @@ -81,7 +81,7 @@ module "cluster" { } eks_managed_node_group_defaults = { - ami_type = "BOTTLEROCKET_x86_64" + ami_type = "BOTTLEROCKET_ARM_64_FIPS" } node_security_group_enable_recommended_rules = true From fb24e54ce083a0c0ce9f28211b95b94aaeaceb72 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 20 Mar 2025 22:31:17 -0400 Subject: [PATCH 08/13] not fips --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 32abadc..752d3c2 100644 --- a/main.tf +++ b/main.tf @@ -81,7 +81,7 @@ module "cluster" { } eks_managed_node_group_defaults = { - ami_type = "BOTTLEROCKET_ARM_64_FIPS" + ami_type = "BOTTLEROCKET_ARM_64" } node_security_group_enable_recommended_rules = true From 036d7ef6b5737061cc3db9b402a494d59f59f367 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 21 Mar 2025 14:29:25 -0400 Subject: [PATCH 09/13] not arm --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 752d3c2..663db4b 100644 --- a/main.tf +++ b/main.tf @@ -81,7 +81,7 @@ module "cluster" { } eks_managed_node_group_defaults = { - ami_type = "BOTTLEROCKET_ARM_64" + ami_type = "BOTTLEROCKET_x86_64" } node_security_group_enable_recommended_rules = true From 5843a531dc66ce646de367f9046c362c0c7cc001 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 21 Mar 2025 18:29:14 -0400 Subject: [PATCH 10/13] sort --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index 663db4b..cf353f9 100644 --- a/main.tf +++ b/main.tf @@ -44,7 +44,6 @@ module "cluster" { "controllerManager", "scheduler", ] - cloudwatch_log_group_retention_in_days = "14" vpc_id = local.vpc_id subnet_ids = local.subnets From 47cab960a9cb5510d6b74ba45e4beb58ace48cd3 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 16:04:51 -0400 Subject: [PATCH 11/13] try new addons --- main.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/main.tf b/main.tf index cf353f9..927b849 100644 --- a/main.tf +++ b/main.tf @@ -61,15 +61,30 @@ module "cluster" { most_recent = true service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn } + cert-manager = { + most_recent = true + } coredns = { most_recent = true } eks-pod-identity-agent = { most_recent = true } + external-dns = { + most_recent = true + } kube-proxy = { most_recent = true } + kube-state-metrics = { + most_recent = true + } + metrics-server = { + most_recent = true + } + prometheus-node-exporter = { + most_recent = true + } snapshot-controller = { most_recent = true } From f89f478fcc979af1377673eb828ee072246d985c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 16:57:17 -0400 Subject: [PATCH 12/13] tehse addons don't work --- main.tf | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/main.tf b/main.tf index 927b849..cf353f9 100644 --- a/main.tf +++ b/main.tf @@ -61,30 +61,15 @@ module "cluster" { most_recent = true service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn } - cert-manager = { - most_recent = true - } coredns = { most_recent = true } eks-pod-identity-agent = { most_recent = true } - external-dns = { - most_recent = true - } kube-proxy = { most_recent = true } - kube-state-metrics = { - most_recent = true - } - metrics-server = { - most_recent = true - } - prometheus-node-exporter = { - most_recent = true - } snapshot-controller = { most_recent = true } From 01bd7bc0f9bdcfc1623817cfe8830a535d0de581 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 17:37:51 -0400 Subject: [PATCH 13/13] remove extra tomap()s --- security_groups.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/security_groups.tf b/security_groups.tf index e8449a3..e62c641 100644 --- a/security_groups.tf +++ b/security_groups.tf @@ -10,11 +10,7 @@ resource "aws_security_group" "additional_eks_cluster_sg" { tags = merge( local.base_tags, var.tags, -<<<<<<< HEAD { "Name" = local.additional_eks_cluster_sg_name }, -======= - tomap({ "Name" = local.additional_eks_cluster_sg_name }), ->>>>>>> ddd6d64 (align with upstream) ) vpc_id = data.aws_vpc.eks_vpc.id