update tf-run.* for new cert method

examples/full-cluster-tf-upgrade/1.28/common-services/main.tf

@@ -365,7 +365,8 @@ resource "helm_release" "istio-profile" {
   namespace  = kubernetes_namespace.istio-system.metadata[0].name
   repository = "${path.module}/charts/"
 
-  depends_on = [helm_release.istio-operator, null_resource.certificate-issuers]
+  #  depends_on = [helm_release.istio-operator, null_resource.certificate-issuers]
+  depends_on = [helm_release.istio-operator]
 
   set {
     name = "hub"

examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data

@@ -1,8 +1,9 @@
-VERSION 1.4.2
+VERSION 2.0.0
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 
+TAG links
 LINKTOP init
 LINKTOP includes.d/variables.account_tags.tf
 LINKTOP includes.d/variables.account_tags.auto.tfvars
@@ -26,34 +27,41 @@ LINK versions.tf
 LINK version.tf
 LINK variables.vpc.tf
 LINK variables.vpc.auto.tfvars
+
+TAG init
 COMMAND tf-init 
 
+TAG start
 module.images
 
-TAG start-certificate
-module.cert
+TAG state-link
 COMMAND tf-directory-setup.py -l s3
 
-COMMENT Adding key to git-secret, hiding, and adding to git.  Manually commit afterwards.
-COMMAND git-secret add certs/*.key
-COMMAND git-secret hide -m
-COMMAND git add certs/*.key.secret
-COMMENT execute:  git commit -m add-pki-key -a
-
-COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing
-COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate".
-COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type.
-COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate.
-COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root.
-STOP Wait for certificate to be signed, then continue with %%NEXT%%.
+## certificates replaced with new subordindate_ca module usign acmpca
+## TAG start-certificate
+## module.cert
+## 
+## COMMENT Adding key to git-secret, hiding, and adding to git.  Manually commit afterwards.
+## COMMAND git-secret add certs/*.key
+## COMMAND git-secret hide -m
+## COMMAND git add certs/*.key.secret
+## COMMENT execute:  git commit -m add-pki-key -a
+## 
+## COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing
+## COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate".
+## COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type.
+## COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate.
+## COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root.
+## STOP Wait for certificate to be signed, then continue with %%NEXT%%.
+## 
+## TAG have-certificate
+## module.cert
+## module.cert
 
-TAG have-certificate
-module.cert
-module.cert
-ALL
+TAG continue
 ALL
 
-COMMENT Manually append the Trust Chain to the generated certificate bundle
+## COMMENT Manually append the Trust Chain to the generated certificate bundle
 COMMENT cd cluster-autoscaler and tf-run.sh apply
 COMMENT come back to this directory
 COMMENT cd cloudwatch-agent and tf-run.sh apply 

examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.destroy.data

@@ -1,8 +1,9 @@
-VERSION 1.0.1
+VERSION 2.0.0
 BACKUP-STATE
 COMMAND tf-init
 COMMAND tf-state list
 
-module.cert
-COMMENT git-secret remove -c */*.key 
+## module.cert
+## COMMENT git-secret remove -c */*.key 
+
 ALL