* 2.3.0 -- 2024-09-20

  - add charts.yml, images.yml, charts-images.tf for getting current versions of stuff
  - add 1.30 tree

CHANGELOG.md

@@ -49,3 +49,8 @@
 
 * 2.2.1 -- 2024-09-20
   - update addon version for 1.28, 1.29, and add for 1.30
+
+* 2.3.0 -- 2024-09-20
+  - add charts.yml, images.yml, charts-images.tf for getting current versions of stuff
+  - add 1.30 tree
+

examples/extras/datadog-agent/variables.images.auto.tfvars

@@ -5,7 +5,8 @@ charts = {
     repository    = "https://helm.datadoghq.com"
     #    version       = "3.57.3"
     # version    = "3.58.1"
-    version    = "3.65.1"
+    # version    = "3.65.1"
+    version    = "3.67.1"
     use_remote = true
   }
 }
@@ -19,7 +20,8 @@ images = {
     source_tag      = null
     #    tag             = "7.51.0"
     # tag     = "7.51.1"
-    tag     = "7.53.0"
+    # tag     = "7.53.0"
+    tag     = "7.57.1"
     enabled = true
   }
   "cluster-agent" = {
@@ -31,7 +33,8 @@ images = {
     source_tag      = null
     #    tag             = "7.51.0"
     # tag     = "7.51.1"
-    tag     = "7.53.0"
+    # tag     = "7.53.0"
+    tag     = "7.57.1"
     enabled = true
   }
   "fips-proxy" = {
@@ -42,7 +45,8 @@ images = {
     source_image    = "datadog/fips-proxy"
     source_tag      = null
     # tag             = "1.1.1"
-    tag     = "1.1.2"
+    # tag     = "1.1.2"
+    tag     = "1.1.5"
     enabled = true
   }
 }

examples/full-cluster-tf-upgrade/1.29/charts-images.tf

@@ -0,0 +1,4 @@
+locals {
+  chart_settings  = yamldecode(file("${path.root}/charts.yml"))
+  images_settings = yamldecode(file("${path.root}/images.yml"))
+}

examples/full-cluster-tf-upgrade/1.29/charts.yml

@@ -0,0 +1,16 @@
+charts:
+  cluster-autoscaler:
+    name: "cluster-autoscaler"
+    repository: "https://kubernetes.github.io/autoscaler"
+    version: "9.35.0"
+    use_remote: true
+  cert-manager:
+    name: "cert-manager"
+    repository: "https://charts.jetstack.io"
+    version: "v1.14.4"
+    use_remote: true
+  metrics-server:
+    name: "metrics-server"
+    repository: "https://charts.bitnami.com/bitnami"
+    version: "6.13.1"
+    use_remote: true

examples/full-cluster-tf-upgrade/1.29/images.yml

@@ -0,0 +1,108 @@
+cluster-autoscaler:
+  name: "cluster-autoscaler"
+  image: "registry.k8s.io/autoscaling/cluster-autoscaler"
+  dest_path: null
+  source_registry: "registry.k8s.io"
+  source_image: "autoscaling/cluster-autoscaler"
+  source_tag: null
+  enabled: true
+  tag: "v1.29.0"
+cert-manager-controller:
+  name: "cert-manager-controller"
+  image: "quay.io/jetstack/cert-manager-controller"
+  dest_path: null
+  source_registry: "quay.io"
+  source_image: "jetstack/cert-manager-controller"
+  source_tag: null
+  enabled: true
+  tag: "v1.14.4"
+cert-manager-cainjector:
+  name: "cert-manager-cainjector"
+  image: "quay.io/jetstack/cert-manager-cainjector"
+  dest_path: null
+  source_registry: "quay.io"
+  source_image: "jetstack/cert-manager-cainjector"
+  source_tag: null
+  enabled: true
+  tag: "v1.14.4"
+cert-manager-webhook:
+  name: "cert-manager-webhook"
+  image: "quay.io/jetstack/cert-manager-webhook"
+  dest_path: null
+  source_registry: "quay.io"
+  source_image: "jetstack/cert-manager-webhook"
+  source_tag: null
+  enabled: true
+  tag: "v1.14.4"
+cert-manager-ctl:
+  name: "cert-manager-ctl"
+  image: "quay.io/jetstack/cert-manager-ctl"
+  dest_path: null
+  source_registry: "quay.io"
+  source_image: "jetstack/cert-manager-ctl"
+  source_tag: null
+  enabled: true
+  tag: "v1.14.4"
+metrics-server:
+  name: "metrics-server"
+  image: "docker.io/bitnami/metrics-server"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "bitnami/metrics-server"
+  source_tag: null
+  enabled: true
+  tag: "0.7.0"
+istio-operator:
+  name: "istio/operator"
+  image: "docker.io/istio/operator"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "istio/operator"
+  source_tag: null
+  enabled: true
+  tag: "1.20.3"
+istio-pilot:
+  name: "istio/pilot"
+  image: "docker.io/istio/pilot"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "istio/pilot"
+  source_tag: null
+  enabled: true
+  tag: "1.20.3"
+istio-proxyv2:
+  name: "istio/proxyv2"
+  image: "docker.io/istio/proxyv2"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "istio/proxyv2"
+  source_tag: null
+  enabled: true
+  tag: "1.20.3"
+prometheus:
+  name: "prometheus"
+  image: "docker.io/bitnami/prometheus"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "bitnami/prometheus"
+  source_tag: null
+  enabled: true
+  tag: "2.50.1"
+alertmanager:
+  name: "alertmanager"
+  image: "docker.io/bitnami/alertmanager"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "bitnami/alertmanager"
+  source_tag: null
+  enabled: true
+  tag: "0.27.0"
+prometheus-operator:
+  name: "prometheus-operator"
+  image: "docker.io/bitnami/prometheus-operator"
+  dest_path: null
+  source_registry: "docker.io"
+  source_image: "bitnami/prometheus-operator"
+  source_tag: null
+  enabled: true
+  tag: "0.72.0"

examples/full-cluster-tf-upgrade/1.30/.gitignore

@@ -0,0 +1,5 @@
+kube.config
+ecr-login.txt
+setup/ec2-ssh-eks-*
+!setup/ec2-ssh-eks-*.pub
+logs

examples/full-cluster-tf-upgrade/1.30/.tf-control

@@ -0,0 +1,20 @@
+# .tf-control
+# allows for setting a specific command to be used for tf-* commands under this git repo
+# see tf-control.sh help for more info
+
+TFCONTROL_VERSION="1.0.5"
+
+TFCOMMAND="terraform_latest"
+# TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc
+# TFARGS=""
+# TFNOLOG=""
+# TFNOCOLOR=""
+
+# use the following to force a specific version.  An upgrade of an existing 0.12.31 to 1.x
+# needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed).  Other
+# steps in between.  See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details
+#
+#TFCOMMAND="terraform_0.12.31"
+#TFCOMMAND="terraform_0.13.7"
+#TFCOMMAND="terraform_0.14.11"
+#TFCOMMAND="terraform_0.15.5"

examples/full-cluster-tf-upgrade/1.30/.tf-control.tfrc

@@ -0,0 +1,24 @@
+TFCONTROL_VERSION="1.0.5"
+
+# https://www.terraform.io/docs/cli/config/config-file.html
+plugin_cache_dir   = "/data/terraform/terraform.d/plugin-cache"
+#disable_checkpoint = true
+
+provider_installation {
+#  filesystem_mirror {
+#    path    = "/apps/terraform/terraform.d/providers"
+#    include = [ "*/*/*" ]
+#  }
+  filesystem_mirror {
+    path    = "/data/terraform/terraform.d/providers"
+    include = [ "*/*/*" ]
+  }
+#  filesystem_mirror {
+#    path    = "/apps/terraform/terraform.d/providers"
+#    include = [ "external.terraform.census.gov/*/*" ]
+#  }
+  direct {
+    include = [ "*/*/*" ]
+  }
+}
+

examples/full-cluster-tf-upgrade/1.30/ATTIC/dns-zone.tf.cat.obsolete

@@ -0,0 +1,128 @@
+locals {
+  cluster_domain_name        = format("%v.%v", var.cluster_name, var.vpc_domain_name)
+  cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
+# true for gov, fale for cat
+##  aws_dns_infrastructure     = false
+}
+
+resource "aws_route53_zone" "cluster_domain" {
+  name          = local.cluster_domain_name
+  comment       = local.cluster_domain_description
+  force_destroy = false
+
+  vpc {
+    vpc_id     = data.aws_vpc.eks_vpc.id
+    vpc_region = local.region
+  }
+
+  ##   dynamic "vpc" {
+  ##     for_each = true ? var.region_map : {}
+  ##     iterator = r
+  ##     content {
+  ##       vpc_id     = var.main_dns_vpcs[r.value]
+  ##       vpc_region = r.value
+  ##     }
+  ##   }
+
+  lifecycle {
+    ignore_changes = [vpc]
+  }
+
+  tags = merge(
+    local.base_tags,
+    local.common_tags,
+    var.tags,
+    var.application_tags,
+    tomap({ "Name" = local.cluster_domain_name }),
+  )
+
+  #  depends_on = [ aws_route53_vpc_association_authorization.west_cluster_domain, aws_route53_vpc_association_authorization.east_cluster_domain ]
+}
+
+output "cluster_domain_name" {
+  description = "DNS Zone Name"
+  value       = local.cluster_domain_name
+}
+
+output "cluster_domain_id" {
+  description = "DNS Zone ID"
+  value       = aws_route53_zone.cluster_domain.zone_id
+}
+
+output "cluster_domain_ns" {
+  description = "DNS Zone Nameservers"
+  value       = aws_route53_zone.cluster_domain.name_servers
+}
+
+# now we need to add the NS records for the new zone to the parent zone
+data "aws_route53_zone" "parent" {
+  name         = var.vpc_domain_name
+  private_zone = true
+}
+
+resource "aws_route53_record" "cluster_domain" {
+  allow_overwrite = true
+  name            = local.cluster_domain_name
+  type            = "NS"
+  ttl             = 900
+  zone_id         = data.aws_route53_zone.parent.zone_id
+
+  records = aws_route53_zone.cluster_domain.name_servers
+}
+
+## #---
+## # associate to main do2-govcloud vpc1-services east and west for inbound resolution
+## # NOT in cat
+## #---
+## provider "aws" {
+##   alias   = "east_main_dns"
+##   region  = local.aws_dns_infrastructure ? var.region_map["east"] : ""
+##   profile = var.main_dns_profile
+## }
+## 
+## provider "aws" {
+##   alias   = "west_main_dns"
+##   region  = local.aws_dns_infrastructure ? var.region_map["west"] : ""
+##   profile = var.main_dns_profile
+## }
+## 
+## # resource "aws_route53_vpc_association_authorization" "cluster_domain" {
+## #   for_each = var.region_map
+## # 
+## #   zone_id    = aws_route53_zone.cluster_domain.zone_id
+## #   vpc_region = each.value
+## #   vpc_id     = var.main_dns_vpcs[each.value]
+## # }
+## 
+## resource "aws_route53_vpc_association_authorization" "west_cluster_domain" {
+##   for_each   = local.aws_dns_infrastructure ? tomap({ "zone" = aws_route53_zone.cluster_domain }) : {}
+##   zone_id    = each.value.zone_id
+##   vpc_region = "us-gov-west-1"
+##   vpc_id     = var.main_dns_vpcs["us-gov-west-1"]
+## }
+## 
+## resource "aws_route53_vpc_association_authorization" "east_cluster_domain" {
+##   for_each   = local.aws_dns_infrastructure ? tomap({ "zone" = aws_route53_zone.cluster_domain }) : {}
+##   zone_id    = each.value.zone_id
+##   vpc_region = "us-gov-east-1"
+##   vpc_id     = var.main_dns_vpcs["us-gov-east-1"]
+## }
+## 
+## resource "aws_route53_zone_association" "west_cluster_domain" {
+##   provider = aws.west_main_dns
+##   for_each = local.aws_dns_infrastructure ? aws_route53_vpc_association_authorization.west_cluster_domain : {}
+## 
+##   zone_id    = each.value.zone_id
+##   vpc_id     = each.value.vpc_id
+##   vpc_region = each.value.vpc_region
+## }
+## 
+## resource "aws_route53_zone_association" "east_cluster_domain" {
+##   provider = aws.east_main_dns
+##   for_each = local.aws_dns_infrastructure ? aws_route53_vpc_association_authorization.east_cluster_domain : {}
+## 
+##   zone_id    = each.value.zone_id
+##   vpc_id     = each.value.vpc_id
+##   vpc_region = each.value.vpc_region
+## }
+##