diff --git a/terraform/layer1-aws/.terraform.lock.hcl b/terraform/layer1-aws/.terraform.lock.hcl
index 5b41db55..da77e7a0 100644
--- a/terraform/layer1-aws/.terraform.lock.hcl
+++ b/terraform/layer1-aws/.terraform.lock.hcl
@@ -1,22 +1,39 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
+provider "registry.terraform.io/gavinbunney/kubectl" {
+ version = "1.13.1"
+ constraints = "1.13.1"
+ hashes = [
+ "h1:6RC15zES07oX9Ue20RrGlssfVeIqyhcHUvn2dHAMu1E=",
+ "zh:212c030cb975e46e3a85a6850c16773974f4498042a45c73b883b25f6e05962d",
+ "zh:213d1be8a231b04fdc55fd027479dbf0ae5b7ab891804b64f464db771d091ecd",
+ "zh:45f37b5c43f85d79973d0b890f774531a65def7f8436e435a4e259198f1c62de",
+ "zh:5a362871827f8582d6129b9c8b7d73c5e4e181155cef4cba1fe0408880db52db",
+ "zh:78986fdb4c41ac35815e4d41832d24b41b0aac046c046f21db92205115d16bae",
+ "zh:a6d07a9f066c386f44d61e7e2e83133663e3049f5c6b153fa5601b85cbb788b1",
+ "zh:bb307e902d2401df42205d57e36a2e094765b87b12f99a24ec2af411bef3c0fa",
+ "zh:dc3281f9fab38b8daf76d5f0073d2e323574f03d4cef338d6a363380f7f7bb59",
+ "zh:eb30e7fef17e7630858070d23a59375ba3a87fceaffde1c722338b1ad88df568",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/aws" {
- version = "3.64.2"
- constraints = ">= 2.49.0, >= 2.53.0, >= 3.15.0, >= 3.40.0, >= 3.43.0, 3.64.2"
+ version = "3.72.0"
+ constraints = ">= 2.23.0, >= 2.42.0, >= 2.49.0, >= 2.53.0, >= 3.28.0, >= 3.63.0, >= 3.72.0, 3.72.0"
hashes = [
- "h1:eXusrZ56Ye4gprLzI3dXBy50DV+sbY5gOoJ7cNuouzA=",
- "zh:0b029a2282beabfe410eb2969e18ca773d3473415e442be4dc8ce0eb6d1cd8c5",
- "zh:3209de3266a1138f1ccb09f094fdd98b6f55afc06e291db0abe092ec5dbe7640",
- "zh:40648266551631cbc15f8a76e80faf300510e3b38c2544d43fc25e37e6802727",
- "zh:483c8af92ae70146f2790a70c1a810251e7135aa912b66e769c934eddceebe32",
- "zh:4d106d8d415d8df342f3f85e58c35418e6c55e3cb7f02897f832cefac4dca68c",
- "zh:972626a6ddb31d5216606d12ab5c30fbf8d51ed2bbe0efcdd7cffa68c1141557",
- "zh:a230d55ec52b1695148d40296877ee23e0b302e817154f9b838eb117c87b13fa",
- "zh:c95fddfbd7f870db949da0601323e866e0f0fb0d4a93e96725ae5b88029e84d5",
- "zh:ea0c7f568074f835f22273c8e7e61e87f5277e32004c72122915fd3c8df49ccc",
- "zh:f96d25887e6e2d2ae47659e2c586efea2167995b59a479ae65a02b097da86474",
- "zh:fe7502d8e52d3b5ccb2b3c178e7ea894344783093aa71ffb20e978914c976182",
+ "h1:6pleQtx6+jQE/Kekcr8Ou05yYrdvVSngnwHE0PkBELg=",
+ "zh:0c4615ff3c6bc9700d8f16a5a644ddfcb666eaddbf2f77d71616008a28e4db75",
+ "zh:29eb139a8fbb98391652fa1eb4668ad5a13a31d45a6c06fe2b1d66903c4e6509",
+ "zh:3e73a9cf67d30c400456011cc8ed036bce68df8fd8131d591a929186e43ab80b",
+ "zh:46090da59293464e1865190b2e67ae63103c9d87a16a5fcb982ce748369666d6",
+ "zh:4fb25d9b139cb1856e519bff4fd49695285fa63a1d57e1c0efc1791bb36532a8",
+ "zh:5acd99d2b22cd45f18c93905a6e5122712c48f432db3c3c3518af449c10ae7e6",
+ "zh:95e53770503127e6de9f71d02e0bafdf0c7e7490f93401e05b6015bc7fa94b29",
+ "zh:b31524932e804de5ef5613d3646892eb55656f062bcbb9d7c29cf6539f82397e",
+ "zh:d977b9f8657c3026340295015930ef58caba5c2f59fd2e63e230c0b9ddba1ee7",
+ "zh:fcb0202ad1b8de19f1cd58d0b60147cae5dd4f869a861f619e8e5d27f8a936a9",
+ "zh:fe85cf3c44834230c2aaa2d0c622ddde1e33398bbe9f7213011eba68130b1588",
]
}
@@ -137,6 +154,26 @@ provider "registry.terraform.io/hashicorp/template" {
]
}
+provider "registry.terraform.io/hashicorp/tls" {
+ version = "3.2.1"
+ constraints = ">= 2.2.0"
+ hashes = [
+ "h1:p0vyCZjZqr6qf+CfUVvPSYghrn0/oMDJS4kp3pV26YY=",
+ "zh:0209adc722f1f2e319018bd2d38a3ef389fa7eaabf40ab3f82e791428712dc64",
+ "zh:2dbf76857b022ec44eaddb386d976a08b4a053bcc8e815fd601505f33b29b92e",
+ "zh:301f98065a3b45b1c6d671955d5f92d246e577be0a98e7f7e0553b11b1cd8b92",
+ "zh:4ee8effc669f9856d137249244b67fdcdc35262ebeab3dad262f42d6ddd39c5c",
+ "zh:66cdbf20523972e1e5e682b8776b78ad3ab296ad04784da8fe945d183766ac22",
+ "zh:71798604d4ff22f3c79ec9a8ab61802e969f57456e26ba30bef7d276b88815f7",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9289d10fc5241bfd7a2e5de6ca229840eaa06066a129f483133e0a4517a91600",
+ "zh:a075e6bd64a452242e712c59d890cc0d5972158c9d71edbe1ac32d10ad051670",
+ "zh:deb5665f08b271bebe7d18c76cdcdf514ab49f1a85d96e73435728493ae54579",
+ "zh:e0b0a3c3427ee315582b4d17a6b9d2c09f07f2b86fb09821a7d713b68d4e1200",
+ "zh:f7519d1c7b1f108c0728036832a58dc06531203e878104f158ebb625b3c9438c",
+ ]
+}
+
provider "registry.terraform.io/terraform-aws-modules/http" {
version = "2.4.1"
constraints = ">= 2.4.1"
diff --git a/terraform/layer1-aws/README.md b/terraform/layer1-aws/README.md
index db507b93..fc1d4510 100644
--- a/terraform/layer1-aws/README.md
+++ b/terraform/layer1-aws/README.md
@@ -112,21 +112,23 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | 1.0.10 |
-| [aws](#requirement\_aws) | 3.64.2 |
+| [aws](#requirement\_aws) | 3.72.0 |
+| [kubectl](#requirement\_kubectl) | 1.13.1 |
| [kubernetes](#requirement\_kubernetes) | 2.6.1 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 3.64.2 |
+| [aws](#provider\_aws) | 3.72.0 |
+| [kubectl](#provider\_kubectl) | 1.13.1 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 3.2.0 |
-| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 17.23.0 |
+| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 18.9.0 |
| [pritunl](#module\_pritunl) | ../modules/aws-ec2-pritunl | n/a |
| [r53\_zone](#module\_r53\_zone) | terraform-aws-modules/route53/aws//modules/zones | 2.3.0 |
| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.11.0 |
@@ -136,58 +138,51 @@
| Name | Type |
|------|------|
-| [aws_ebs_encryption_by_default.this](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/ebs_encryption_by_default) | resource |
-| [aws_eks_addon.coredns](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
-| [aws_eks_addon.kube_proxy](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
-| [aws_eks_addon.vpc_cni](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/eks_addon) | resource |
-| [aws_kms_key.eks](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/kms_key) | resource |
-| [aws_acm_certificate.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/acm_certificate) | data source |
-| [aws_availability_zones.available](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/availability_zones) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster) | data source |
-| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster_auth) | data source |
-| [aws_route53_zone.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/route53_zone) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/security_group) | data source |
+| [aws_ebs_encryption_by_default.this](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/ebs_encryption_by_default) | resource |
+| [aws_kms_key.eks](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/kms_key) | resource |
+| [kubectl_manifest.this](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
+| [aws_acm_certificate.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/acm_certificate) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_route53_zone.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/route53_zone) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/security_group) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [addon\_coredns\_version](#input\_addon\_coredns\_version) | The version of coredns add-on | `string` | `"v1.8.3-eksbuild.1"` | no |
-| [addon\_create\_coredns](#input\_addon\_create\_coredns) | Enable coredns add-on or not | `bool` | `true` | no |
-| [addon\_create\_kube\_proxy](#input\_addon\_create\_kube\_proxy) | Enable kube-proxy add-on or not | `bool` | `true` | no |
-| [addon\_create\_vpc\_cni](#input\_addon\_create\_vpc\_cni) | Enable vpc-cni add-on or not | `bool` | `true` | no |
-| [addon\_kube\_proxy\_version](#input\_addon\_kube\_proxy\_version) | The version of kube-proxy add-on | `string` | `"v1.20.4-eksbuild.2"` | no |
-| [addon\_vpc\_cni\_version](#input\_addon\_vpc\_cni\_version) | The version of vpc-cni add-on | `string` | `"v1.9.1-eksbuild.1"` | no |
-| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
-| [allowed\_ips](#input\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
-| [az\_count](#input\_az\_count) | Count of avaiablity zones, min 2 | `number` | `3` | no |
-| [cidr](#input\_cidr) | Default CIDR block for VPC | `string` | `"10.0.0.0/16"` | no |
-| [create\_acm\_certificate](#input\_create\_acm\_certificate) | Whether to create acm certificate or use existing | `bool` | `false` | no |
-| [create\_r53\_zone](#input\_create\_r53\_zone) | Create R53 zone for main public domain | `bool` | `false` | no |
-| [domain\_name](#input\_domain\_name) | Main public domain name | `any` | n/a | yes |
-| [eks\_cluster\_enabled\_log\_types](#input\_eks\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler | `list(string)` | [
"audit"
]
| no |
-| [eks\_cluster\_encryption\_config\_enable](#input\_eks\_cluster\_encryption\_config\_enable) | Enable or not encryption for k8s secrets with aws-kms | `bool` | `false` | no |
-| [eks\_cluster\_log\_retention\_in\_days](#input\_eks\_cluster\_log\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no |
-| [eks\_cluster\_version](#input\_eks\_cluster\_version) | Version of the EKS K8S cluster | `string` | `"1.21"` | no |
-| [eks\_cluster\_endpoint\_public\_access](#input\_eks\_cluster\_endpoint\_public\_access) | Enable or not public access to cluster endpoint | `bool` | `true` | no |
-| [eks\_cluster\_endpoint\_private\_access](#input\_eks\_cluster\_endpoint\_private\_access) | Enable or not private access to cluster endpoint | `bool` | `false` | no |
-| [eks\_cluster\_endpoint\_only\_pritunl](#input\_eks\_cluster\_endpoint\_only\_pritunl) | Only Pritunl VPN server will have access to eks endpoint | `bool` | `false` | no |
-| [eks\_map\_roles](#input\_eks\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | list(object({
rolearn = string
username = string
groups = list(string)
})) | `[]` | no |
-| [eks\_workers\_additional\_policies](#input\_eks\_workers\_additional\_policies) | Additional IAM policy attached to EKS worker nodes | `list(any)` | [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
]
| no |
-| [eks\_write\_kubeconfig](#input\_eks\_write\_kubeconfig) | Flag for eks module to write kubeconfig | `bool` | `false` | no |
-| [environment](#input\_environment) | Env name in case workspace wasn't used | `string` | `"demo"` | no |
-| [name](#input\_name) | Project name, required to create unique resource names | `any` | n/a | yes |
-| [node\_group\_br](#input\_node\_group\_br) | Bottlerocket node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
-| [node\_group\_ci](#input\_node\_group\_ci) | CI node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
-| [node\_group\_ondemand](#input\_node\_group\_ondemand) | Default ondemand node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "ON_DEMAND",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium"
],
"max_capacity": 5,
"min_capacity": 1
} | no |
-| [node\_group\_spot](#input\_node\_group\_spot) | Spot node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
-| [pritunl\_vpn\_server\_enable](#input\_pritunl\_vpn\_server\_enable) | Indicates whether or not the Pritunl VPN server is deployed. | `bool` | `false` | no |
-| [pritunl\_vpn\_access\_cidr\_blocks](#input\_pritunl\_vpn\_access\_cidr\_blocks) | IP address that will have access to the web console | `string` | `"127.0.0.1/32"` | no |
-| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
-| [short\_region](#input\_short\_region) | The abbreviated name of the region, required to form unique resource names | `map` | {
"ap-east-1": "ape1",
"ap-northeast-1": "apn1",
"ap-northeast-2": "apn2",
"ap-south-1": "aps1",
"ap-southeast-1": "apse1",
"ap-southeast-2": "apse2",
"ca-central-1": "cac1",
"cn-north-1": "cnn1",
"cn-northwest-1": "cnnw1",
"eu-central-1": "euc1",
"eu-north-1": "eun1",
"eu-west-1": "euw1",
"eu-west-2": "euw2",
"eu-west-3": "euw3",
"sa-east-1": "sae1",
"us-east-1": "use1",
"us-east-2": "use2",
"us-gov-east-1": "usge1",
"us-gov-west-1": "usgw1",
"us-west-1": "usw1",
"us-west-2": "usw2"
} | no |
-| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Flag to create single nat gateway for all AZs | `bool` | `true` | no |
-| [zone\_id](#input\_zone\_id) | R53 zone id for public domain | `any` | `null` | no |
+| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
+| [allowed\_ips](#input\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
+| [az\_count](#input\_az\_count) | Count of avaiablity zones, min 2 | `number` | `3` | no |
+| [cidr](#input\_cidr) | Default CIDR block for VPC | `string` | `"10.0.0.0/16"` | no |
+| [create\_acm\_certificate](#input\_create\_acm\_certificate) | Whether to create acm certificate or use existing | `bool` | `false` | no |
+| [create\_r53\_zone](#input\_create\_r53\_zone) | Create R53 zone for main public domain | `bool` | `false` | no |
+| [domain\_name](#input\_domain\_name) | Main public domain name | `any` | n/a | yes |
+| [eks\_addons](#input\_eks\_addons) | A list of installed EKS add-ons | `map` | {
"coredns": {
"addon_version": "v1.8.4-eksbuild.1",
"resolve_conflicts": "OVERWRITE"
},
"kube-proxy": {
"addon_version": "v1.21.2-eksbuild.2",
"resolve_conflicts": "OVERWRITE"
},
"vpc-cni": {
"addon_version": "v1.10.2-eksbuild.1",
"resolve_conflicts": "OVERWRITE"
}
} | no |
+| [eks\_cloudwatch\_log\_group\_retention\_in\_days](#input\_eks\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no |
+| [eks\_cluster\_enabled\_log\_types](#input\_eks\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler | `list(string)` | [
"audit"
]
| no |
+| [eks\_cluster\_encryption\_config\_enable](#input\_eks\_cluster\_encryption\_config\_enable) | Enable or not encryption for k8s secrets with aws-kms | `bool` | `false` | no |
+| [eks\_cluster\_endpoint\_only\_pritunl](#input\_eks\_cluster\_endpoint\_only\_pritunl) | Only Pritunl VPN server will have access to eks endpoint. | `bool` | `false` | no |
+| [eks\_cluster\_endpoint\_private\_access](#input\_eks\_cluster\_endpoint\_private\_access) | Enable or not private access to cluster endpoint | `bool` | `false` | no |
+| [eks\_cluster\_endpoint\_public\_access](#input\_eks\_cluster\_endpoint\_public\_access) | Enable or not public access to cluster endpoint | `bool` | `true` | no |
+| [eks\_cluster\_version](#input\_eks\_cluster\_version) | Version of the EKS K8S cluster | `string` | `"1.21"` | no |
+| [eks\_map\_roles](#input\_eks\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | list(object({
rolearn = string
username = string
groups = list(string)
})) | `[]` | no |
+| [eks\_workers\_additional\_policies](#input\_eks\_workers\_additional\_policies) | Additional IAM policy attached to EKS worker nodes | `list(any)` | [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
]
| no |
+| [eks\_write\_kubeconfig](#input\_eks\_write\_kubeconfig) | Flag for eks module to write kubeconfig | `bool` | `false` | no |
+| [environment](#input\_environment) | Env name in case workspace wasn't used | `string` | `"demo"` | no |
+| [name](#input\_name) | Project name, required to create unique resource names | `any` | n/a | yes |
+| [node\_group\_br](#input\_node\_group\_br) | Bottlerocket node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [node\_group\_ci](#input\_node\_group\_ci) | CI node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 0,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [node\_group\_ondemand](#input\_node\_group\_ondemand) | Default ondemand node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "ON_DEMAND",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium"
],
"max_capacity": 5,
"min_capacity": 1
} | no |
+| [node\_group\_spot](#input\_node\_group\_spot) | Spot node group configuration | object({
instance_types = list(string)
capacity_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
force_update_version = bool
}) | {
"capacity_type": "SPOT",
"desired_capacity": 1,
"force_update_version": true,
"instance_types": [
"t3a.medium",
"t3.medium"
],
"max_capacity": 5,
"min_capacity": 0
} | no |
+| [pritunl\_vpn\_access\_cidr\_blocks](#input\_pritunl\_vpn\_access\_cidr\_blocks) | IP address that will have access to the web console | `string` | `"127.0.0.1/32"` | no |
+| [pritunl\_vpn\_server\_enable](#input\_pritunl\_vpn\_server\_enable) | Indicates whether or not the Pritunl VPN server is deployed. | `bool` | `false` | no |
+| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
+| [short\_region](#input\_short\_region) | The abbreviated name of the region, required to form unique resource names | `map` | {
"ap-east-1": "ape1",
"ap-northeast-1": "apn1",
"ap-northeast-2": "apn2",
"ap-south-1": "aps1",
"ap-southeast-1": "apse1",
"ap-southeast-2": "apse2",
"ca-central-1": "cac1",
"cn-north-1": "cnn1",
"cn-northwest-1": "cnnw1",
"eu-central-1": "euc1",
"eu-north-1": "eun1",
"eu-west-1": "euw1",
"eu-west-2": "euw2",
"eu-west-3": "euw3",
"sa-east-1": "sae1",
"us-east-1": "use1",
"us-east-2": "use2",
"us-gov-east-1": "usge1",
"us-gov-west-1": "usgw1",
"us-west-1": "usw1",
"us-west-2": "usw2"
} | no |
+| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Flag to create single nat gateway for all AZs | `bool` | `true` | no |
+| [zone\_id](#input\_zone\_id) | R53 zone id for public domain | `any` | `null` | no |
## Outputs
@@ -199,8 +194,6 @@
| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for EKS control plane. |
| [eks\_cluster\_id](#output\_eks\_cluster\_id) | n/a |
| [eks\_cluster\_security\_group\_id](#output\_eks\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. |
-| [eks\_config\_map\_aws\_auth](#output\_eks\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. |
-| [eks\_kubectl\_config](#output\_eks\_kubectl\_config) | kubectl config as generated by the module. |
| [eks\_kubectl\_console\_config](#output\_eks\_kubectl\_console\_config) | description |
| [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | ARN of EKS oidc provider |
| [env](#output\_env) | Suffix for the hostname depending on workspace |
diff --git a/terraform/layer1-aws/aws-eks-auth.tf b/terraform/layer1-aws/aws-eks-auth.tf
new file mode 100644
index 00000000..fe06a0ed
--- /dev/null
+++ b/terraform/layer1-aws/aws-eks-auth.tf
@@ -0,0 +1,21 @@
+locals {
+ eks_map_roles = [
+ {
+ rolearn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator"
+ username = "administrator"
+ groups = ["system:masters"]
+ }
+ ]
+ eks_map_users = []
+
+ aws_auth_configmap_yaml = <<-CONTENT
+ ${chomp(module.eks.aws_auth_configmap_yaml)}
+ ${indent(4, yamlencode(local.eks_map_roles))}
+ mapUsers: |
+ ${indent(4, yamlencode(local.eks_map_users))}
+ CONTENT
+}
+
+resource "kubectl_manifest" "this" {
+ yaml_body = local.aws_auth_configmap_yaml
+}
diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf
index ae1101fb..35f0435b 100644
--- a/terraform/layer1-aws/aws-eks.tf
+++ b/terraform/layer1-aws/aws-eks.tf
@@ -1,40 +1,15 @@
-locals {
- eks_map_roles = concat(var.eks_map_roles,
- [
- {
- rolearn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator"
- username = "administrator"
- groups = [
- "system:masters"]
- }]
- )
-
- worker_tags = [
- {
- "key" = "k8s.io/cluster-autoscaler/enabled"
- "propagate_at_launch" = "false"
- "value" = "true"
- },
- {
- "key" = "k8s.io/cluster-autoscaler/${local.name}"
- "propagate_at_launch" = "false"
- "value" = "owned"
- }
- ]
-}
-
#tfsec:ignore:aws-vpc-no-public-egress-sgr tfsec:ignore:aws-eks-enable-control-plane-logging tfsec:ignore:aws-eks-encrypt-secrets tfsec:ignore:aws-eks-no-public-cluster-access tfsec:ignore:aws-eks-no-public-cluster-access-to-cidr
module "eks" {
source = "terraform-aws-modules/eks/aws"
- version = "17.23.0"
+ version = "18.9.0"
cluster_name = local.name
cluster_version = var.eks_cluster_version
- subnets = module.vpc.intra_subnets
+ subnet_ids = module.vpc.intra_subnets
enable_irsa = true
- cluster_enabled_log_types = var.eks_cluster_enabled_log_types
- cluster_log_retention_in_days = var.eks_cluster_log_retention_in_days
+ cluster_enabled_log_types = var.eks_cluster_enabled_log_types
+ cloudwatch_log_group_retention_in_days = var.eks_cloudwatch_log_group_retention_in_days
tags = {
ClusterName = local.name
@@ -43,6 +18,8 @@ module "eks" {
vpc_id = module.vpc.vpc_id
+ cluster_addons = var.eks_addons
+
cluster_encryption_config = var.eks_cluster_encryption_config_enable ? [
{
provider_key_arn = aws_kms_key.eks[0].arn
@@ -54,72 +31,111 @@ module "eks" {
cluster_endpoint_private_access = var.eks_cluster_endpoint_private_access
cluster_endpoint_public_access_cidrs = var.eks_cluster_endpoint_only_pritunl ? ["${module.pritunl[0].pritunl_endpoint}/32"] : ["0.0.0.0/0"]
- map_roles = local.eks_map_roles
- write_kubeconfig = var.eks_write_kubeconfig
- # Create security group rules to allow communication between pods on workers and pods in managed node groups.
- # Set this to true if you have AWS-Managed node groups and Self-Managed worker groups.
- # See https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1089
- worker_create_cluster_primary_security_group_rules = true
+ # Extend cluster security group rules
+ cluster_security_group_additional_rules = {
+ egress_nodes_ephemeral_ports_tcp = {
+ description = "To node 1025-65535"
+ protocol = "tcp"
+ from_port = 1025
+ to_port = 65535
+ type = "egress"
+ source_node_security_group = true
+ }
+ }
- workers_additional_policies = var.eks_workers_additional_policies
+ # Extend node-to-node security group rules
+ node_security_group_additional_rules = {
+ ingress_self_all = {
+ description = "Node to node all ports/protocols"
+ protocol = "-1"
+ from_port = 0
+ to_port = 0
+ type = "ingress"
+ self = true
+ }
+ ingress_cluster_all = {
+ description = "Cluster to nodes all ports/protocols"
+ protocol = "-1"
+ from_port = 1025
+ to_port = 65535
+ type = "ingress"
+ source_cluster_security_group = true
+ }
+ egress_all = {
+ description = "Node all egress"
+ protocol = "-1"
+ from_port = 0
+ to_port = 0
+ type = "egress"
+ cidr_blocks = ["0.0.0.0/0"]
+ ipv6_cidr_blocks = ["::/0"]
+ }
+ }
- node_groups_defaults = {
- ami_type = "AL2_x86_64"
- disk_size = 100
+ eks_managed_node_group_defaults = {
+ ami_type = "AL2_x86_64"
+ disk_size = 100
+ iam_role_additional_policies = var.eks_workers_additional_policies
}
- node_groups = {
+ eks_managed_node_groups = {
spot = {
- desired_capacity = var.node_group_spot.desired_capacity
- max_capacity = var.node_group_spot.max_capacity
- min_capacity = var.node_group_spot.min_capacity
- instance_types = var.node_group_spot.instance_types
- capacity_type = var.node_group_spot.capacity_type
- subnets = module.vpc.private_subnets
+ name = "${local.name}-spot"
+ iam_role_name = "${local.name}-spot"
+ desired_size = var.node_group_spot.desired_capacity
+ max_size = var.node_group_spot.max_capacity
+ min_size = var.node_group_spot.min_capacity
+ instance_types = var.node_group_spot.instance_types
+ capacity_type = var.node_group_spot.capacity_type
+ subnet_ids = module.vpc.private_subnets
force_update_version = var.node_group_spot.force_update_version
- k8s_labels = {
+ labels = {
Environment = local.env
nodegroup = "spot"
}
- additional_tags = {
+ tags = {
Name = "${local.name}-spot"
}
},
ondemand = {
- desired_capacity = var.node_group_ondemand.desired_capacity
- max_capacity = var.node_group_ondemand.max_capacity
- min_capacity = var.node_group_ondemand.min_capacity
- instance_types = var.node_group_ondemand.instance_types
- capacity_type = var.node_group_ondemand.capacity_type
- subnets = module.vpc.private_subnets
+ name = "${local.name}-ondemand"
+ iam_role_name = "${local.name}-ondemand"
+ desired_size = var.node_group_ondemand.desired_capacity
+ max_size = var.node_group_ondemand.max_capacity
+ min_size = var.node_group_ondemand.min_capacity
+ instance_types = var.node_group_ondemand.instance_types
+ capacity_type = var.node_group_ondemand.capacity_type
+ subnet_ids = module.vpc.private_subnets
force_update_version = var.node_group_ondemand.force_update_version
- k8s_labels = {
+ labels = {
Environment = local.env
nodegroup = "ondemand"
}
- additional_tags = {
+ tags = {
Name = "${local.name}-ondemand"
}
},
ci = {
- desired_capacity = var.node_group_ci.desired_capacity
- max_capacity = var.node_group_ci.max_capacity
- min_capacity = var.node_group_ci.min_capacity
- instance_types = var.node_group_ci.instance_types
- capacity_type = var.node_group_ci.capacity_type
- subnets = module.vpc.private_subnets
+ name = "${local.name}-ci"
+ iam_role_name = "${local.name}-ci"
+ desired_size = var.node_group_ci.desired_capacity
+ max_size = var.node_group_ci.max_capacity
+ min_size = var.node_group_ci.min_capacity
+ instance_types = var.node_group_ci.instance_types
+ capacity_type = var.node_group_ci.capacity_type
+ subnet_ids = module.vpc.private_subnets
force_update_version = var.node_group_ci.force_update_version
- k8s_labels = {
+ labels = {
Environment = local.env
nodegroup = "ci"
}
- additional_tags = {
+ tags = {
Name = "${local.name}-ci"
}
taints = [
@@ -127,33 +143,37 @@ module "eks" {
key = "nodegroup"
value = "ci"
effect = "NO_SCHEDULE"
- }]
+ }
+ ]
},
bottlerocket = {
- desired_capacity = var.node_group_br.desired_capacity
- max_capacity = var.node_group_br.max_capacity
- min_capacity = var.node_group_br.min_capacity
- instance_types = var.node_group_br.instance_types
- capacity_type = var.node_group_br.capacity_type
- subnets = module.vpc.private_subnets
+ name = "${local.name}-bottlerocket"
+ iam_role_name = "${local.name}-bottlerocket"
+ desired_size = var.node_group_br.desired_capacity
+ max_size = var.node_group_br.max_capacity
+ min_size = var.node_group_br.min_capacity
+ instance_types = var.node_group_br.instance_types
+ capacity_type = var.node_group_br.capacity_type
+ subnet_ids = module.vpc.private_subnets
ami_type = "BOTTLEROCKET_x86_64"
force_update_version = var.node_group_br.force_update_version
- k8s_labels = {
+ labels = {
Environment = local.env
nodegroup = "bottlerocket"
}
- additional_tags = {
- Name = "${local.name}-bottlerocket"
- }
taints = [
{
key = "nodegroup"
value = "bottlerocket"
effect = "NO_SCHEDULE"
- }]
+ }
+ ]
+ tags = {
+ Name = "${local.name}-bottlerocket"
+ }
}
}
@@ -174,51 +194,4 @@ module "eks" {
})
}
}
-
- depends_on = [module.vpc]
-}
-
-resource "aws_eks_addon" "vpc_cni" {
- count = var.addon_create_vpc_cni ? 1 : 0
-
- cluster_name = module.eks.cluster_id
- addon_name = "vpc-cni"
- resolve_conflicts = "OVERWRITE"
- addon_version = var.addon_vpc_cni_version
-
- tags = {
- Environment = local.env
- }
-
- depends_on = [module.eks]
-}
-
-resource "aws_eks_addon" "kube_proxy" {
- count = var.addon_create_kube_proxy ? 1 : 0
-
- cluster_name = module.eks.cluster_id
- addon_name = "kube-proxy"
- resolve_conflicts = "OVERWRITE"
- addon_version = var.addon_kube_proxy_version
-
- tags = {
- Environment = local.env
- }
-
- depends_on = [module.eks]
-}
-
-resource "aws_eks_addon" "coredns" {
- count = var.addon_create_coredns ? 1 : 0
-
- cluster_name = module.eks.cluster_id
- addon_name = "coredns"
- resolve_conflicts = "OVERWRITE"
- addon_version = var.addon_coredns_version
-
- tags = {
- Environment = local.env
- }
-
- depends_on = [module.eks]
}
diff --git a/terraform/layer1-aws/main.tf b/terraform/layer1-aws/main.tf
index c9b789cc..e3894370 100644
--- a/terraform/layer1-aws/main.tf
+++ b/terraform/layer1-aws/main.tf
@@ -4,12 +4,16 @@ terraform {
required_providers {
aws = {
source = "aws"
- version = "3.64.2"
+ version = "3.72.0"
}
kubernetes = {
source = "kubernetes"
version = "2.6.1"
}
+ kubectl = {
+ source = "gavinbunney/kubectl"
+ version = "1.13.1"
+ }
}
}
diff --git a/terraform/layer1-aws/outputs.tf b/terraform/layer1-aws/outputs.tf
index a5bddbfb..1eaa99b8 100644
--- a/terraform/layer1-aws/outputs.tf
+++ b/terraform/layer1-aws/outputs.tf
@@ -89,24 +89,12 @@ output "eks_cluster_security_group_id" {
value = module.eks.cluster_security_group_id
}
-output "eks_kubectl_config" {
- description = "kubectl config as generated by the module."
- value = module.eks.kubeconfig
- sensitive = true
-}
-
output "eks_kubectl_console_config" {
value = "aws eks update-kubeconfig --name ${module.eks.cluster_id} --region ${var.region}"
description = "description"
depends_on = []
}
-output "eks_config_map_aws_auth" {
- description = "A kubernetes configuration to authenticate to this EKS cluster."
- value = module.eks.config_map_aws_auth
- sensitive = true
-}
-
output "eks_cluster_id" {
value = module.eks.cluster_id
}
@@ -120,5 +108,3 @@ output "ssl_certificate_arn" {
description = "ARN of SSL certificate"
value = local.ssl_certificate_arn
}
-
-
diff --git a/terraform/layer1-aws/providers.tf b/terraform/layer1-aws/providers.tf
index 0fad10bb..64354d57 100644
--- a/terraform/layer1-aws/providers.tf
+++ b/terraform/layer1-aws/providers.tf
@@ -9,6 +9,12 @@ provider "kubernetes" {
token = data.aws_eks_cluster_auth.main.token
}
+provider "kubectl" {
+ host = data.aws_eks_cluster.main.endpoint
+ cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
+ token = data.aws_eks_cluster_auth.main.token
+}
+
data "aws_eks_cluster" "main" {
name = module.eks.cluster_id
}
diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf
index 7f9c97c2..4458ca71 100644
--- a/terraform/layer1-aws/variables.tf
+++ b/terraform/layer1-aws/variables.tf
@@ -96,35 +96,27 @@ variable "eks_cluster_version" {
description = "Version of the EKS K8S cluster"
}
-variable "addon_create_vpc_cni" {
- default = true
- description = "Enable vpc-cni add-on or not"
-}
-variable "addon_vpc_cni_version" {
- default = "v1.9.1-eksbuild.1"
- description = "The version of vpc-cni add-on"
-}
-variable "addon_create_kube_proxy" {
- default = true
- description = "Enable kube-proxy add-on or not"
-}
-variable "addon_kube_proxy_version" {
- default = "v1.20.4-eksbuild.2"
- description = "The version of kube-proxy add-on"
-}
-variable "addon_create_coredns" {
- default = true
- description = "Enable coredns add-on or not"
-}
-variable "addon_coredns_version" {
- default = "v1.8.3-eksbuild.1"
- description = "The version of coredns add-on"
+variable "eks_addons" {
+ default = {
+ coredns = {
+ resolve_conflicts = "OVERWRITE"
+ addon_version = "v1.8.4-eksbuild.1"
+ }
+ kube-proxy = {
+ resolve_conflicts = "OVERWRITE"
+ addon_version = "v1.21.2-eksbuild.2"
+ }
+ vpc-cni = {
+ resolve_conflicts = "OVERWRITE"
+ addon_version = "v1.10.2-eksbuild.1"
+ }
+ }
+ description = "A list of installed EKS add-ons"
}
variable "eks_workers_additional_policies" {
- type = list(any)
- default = [
- "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
+ type = list(any)
+ default = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
description = "Additional IAM policy attached to EKS worker nodes"
}
@@ -234,7 +226,7 @@ variable "eks_cluster_enabled_log_types" {
description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler"
}
-variable "eks_cluster_log_retention_in_days" {
+variable "eks_cloudwatch_log_group_retention_in_days" {
type = number
default = 90
description = "Number of days to retain log events. Default retention - 90 days."
diff --git a/terraform/layer2-k8s/.terraform.lock.hcl b/terraform/layer2-k8s/.terraform.lock.hcl
index 82681551..3ea2ba18 100644
--- a/terraform/layer2-k8s/.terraform.lock.hcl
+++ b/terraform/layer2-k8s/.terraform.lock.hcl
@@ -19,39 +19,40 @@ provider "registry.terraform.io/gavinbunney/kubectl" {
}
provider "registry.terraform.io/hashicorp/aws" {
- version = "3.64.2"
- constraints = "3.64.2"
+ version = "3.72.0"
+ constraints = "3.72.0"
hashes = [
- "h1:eXusrZ56Ye4gprLzI3dXBy50DV+sbY5gOoJ7cNuouzA=",
- "zh:0b029a2282beabfe410eb2969e18ca773d3473415e442be4dc8ce0eb6d1cd8c5",
- "zh:3209de3266a1138f1ccb09f094fdd98b6f55afc06e291db0abe092ec5dbe7640",
- "zh:40648266551631cbc15f8a76e80faf300510e3b38c2544d43fc25e37e6802727",
- "zh:483c8af92ae70146f2790a70c1a810251e7135aa912b66e769c934eddceebe32",
- "zh:4d106d8d415d8df342f3f85e58c35418e6c55e3cb7f02897f832cefac4dca68c",
- "zh:972626a6ddb31d5216606d12ab5c30fbf8d51ed2bbe0efcdd7cffa68c1141557",
- "zh:a230d55ec52b1695148d40296877ee23e0b302e817154f9b838eb117c87b13fa",
- "zh:c95fddfbd7f870db949da0601323e866e0f0fb0d4a93e96725ae5b88029e84d5",
- "zh:ea0c7f568074f835f22273c8e7e61e87f5277e32004c72122915fd3c8df49ccc",
- "zh:f96d25887e6e2d2ae47659e2c586efea2167995b59a479ae65a02b097da86474",
- "zh:fe7502d8e52d3b5ccb2b3c178e7ea894344783093aa71ffb20e978914c976182",
+ "h1:6pleQtx6+jQE/Kekcr8Ou05yYrdvVSngnwHE0PkBELg=",
+ "zh:0c4615ff3c6bc9700d8f16a5a644ddfcb666eaddbf2f77d71616008a28e4db75",
+ "zh:29eb139a8fbb98391652fa1eb4668ad5a13a31d45a6c06fe2b1d66903c4e6509",
+ "zh:3e73a9cf67d30c400456011cc8ed036bce68df8fd8131d591a929186e43ab80b",
+ "zh:46090da59293464e1865190b2e67ae63103c9d87a16a5fcb982ce748369666d6",
+ "zh:4fb25d9b139cb1856e519bff4fd49695285fa63a1d57e1c0efc1791bb36532a8",
+ "zh:5acd99d2b22cd45f18c93905a6e5122712c48f432db3c3c3518af449c10ae7e6",
+ "zh:95e53770503127e6de9f71d02e0bafdf0c7e7490f93401e05b6015bc7fa94b29",
+ "zh:b31524932e804de5ef5613d3646892eb55656f062bcbb9d7c29cf6539f82397e",
+ "zh:d977b9f8657c3026340295015930ef58caba5c2f59fd2e63e230c0b9ddba1ee7",
+ "zh:fcb0202ad1b8de19f1cd58d0b60147cae5dd4f869a861f619e8e5d27f8a936a9",
+ "zh:fe85cf3c44834230c2aaa2d0c622ddde1e33398bbe9f7213011eba68130b1588",
]
}
provider "registry.terraform.io/hashicorp/external" {
- version = "2.1.0"
+ version = "2.2.2"
hashes = [
- "h1:LTl5CGW8wiIEe16AC4MtXN/95xWWNDbap70zJsBTk0w=",
- "zh:0d83ffb72fbd08986378204a7373d8c43b127049096eaf2765bfdd6b00ad9853",
- "zh:7577d6edc67b1e8c2cf62fe6501192df1231d74125d90e51d570d586d95269c5",
- "zh:9c669ded5d5affa4b2544952c4b6588dfed55260147d24ced02dca3a2829f328",
- "zh:a404d46f2831f90633947ab5d57e19dbfe35b3704104ba6ec80bcf50b058acfd",
- "zh:ae1caea1c936d459ceadf287bb5c5bd67b5e2a7819df6f5c4114b7305df7f822",
- "zh:afb4f805477694a4b9dde86b268d2c0821711c8aab1c6088f5f992228c4c06fb",
- "zh:b993b4a1de8a462643e78f4786789e44ce5064b332fee1cb0d6250ed085561b8",
- "zh:c84b2c13fa3ea2c0aa7291243006d560ce480a5591294b9001ce3742fc9c5791",
- "zh:c8966f69b7eccccb771704fd5335923692eccc9e0e90cb95d14538fe2e92a3b8",
- "zh:d5fe68850d449b811e633a300b114d0617df6d450305e8251643b4d143dc855b",
- "zh:ddebfd1e674ba336df09b1f27bbaa0e036c25b7a7087dc8081443f6e5954028b",
+ "h1:VUkgcWvCliS0HO4kt7oEQhFD2gcx/59XpwMqxfCU1kE=",
+ "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
+ "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
+ "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
+ "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
+ "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
+ "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
+ "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
+ "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
+ "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
+ "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
]
}
@@ -132,21 +133,21 @@ provider "registry.terraform.io/hashicorp/null" {
}
provider "registry.terraform.io/hashicorp/random" {
- version = "3.1.0"
+ version = "3.1.2"
hashes = [
- "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
- "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
- "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
- "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
- "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
- "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
- "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
- "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
- "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
- "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
- "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
- "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
- "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
+ "h1:9A6Ghjgad0KjJRxa6nPo8i8uFvwj3Vv0wnEgy49u+24=",
+ "zh:0daceba867b330d3f8e2c5dc895c4291845a78f31955ce1b91ab2c4d1cd1c10b",
+ "zh:104050099efd30a630741f788f9576b19998e7a09347decbec3da0b21d64ba2d",
+ "zh:173f4ef3fdf0c7e2564a3db0fac560e9f5afdf6afd0b75d6646af6576b122b16",
+ "zh:41d50f975e535f968b3f37170fb07937c15b76d85ba947d0ce5e5ff9530eda65",
+ "zh:51a5038867e5e60757ed7f513dd6a973068241190d158a81d1b69296efb9cb8d",
+ "zh:6432a568e97a5a36cc8aebca5a7e9c879a55d3bc71d0da1ab849ad905f41c0be",
+ "zh:6bac6501394b87138a5e17c9f3a41e46ff7833ad0ba2a96197bb7787e95b641c",
+ "zh:6c0a7f5faacda644b022e7718e53f5868187435be6d000786d1ca05aa6683a25",
+ "zh:74c89de3fa6ef3027efe08f8473c2baeb41b4c6cee250ba7aeb5b64e8c79800d",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:b29eabbf0a5298f0e95a1df214c7cfe06ea9bcf362c63b3ad2f72d85da7d4685",
+ "zh:e891458c7a61e5b964e09616f1a4f87d0471feae1ec04cc51776e7dec1a3abce",
]
}
@@ -187,19 +188,20 @@ provider "registry.terraform.io/hashicorp/time" {
}
provider "registry.terraform.io/hashicorp/tls" {
- version = "3.1.0"
+ version = "3.2.1"
hashes = [
- "h1:XTU9f6sGMZHOT8r/+LWCz2BZOPH127FBTPjMMEAAu1U=",
- "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6",
- "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2",
- "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e",
- "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca",
- "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698",
- "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d",
- "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841",
- "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989",
- "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5",
- "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d",
- "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0",
+ "h1:p0vyCZjZqr6qf+CfUVvPSYghrn0/oMDJS4kp3pV26YY=",
+ "zh:0209adc722f1f2e319018bd2d38a3ef389fa7eaabf40ab3f82e791428712dc64",
+ "zh:2dbf76857b022ec44eaddb386d976a08b4a053bcc8e815fd601505f33b29b92e",
+ "zh:301f98065a3b45b1c6d671955d5f92d246e577be0a98e7f7e0553b11b1cd8b92",
+ "zh:4ee8effc669f9856d137249244b67fdcdc35262ebeab3dad262f42d6ddd39c5c",
+ "zh:66cdbf20523972e1e5e682b8776b78ad3ab296ad04784da8fe945d183766ac22",
+ "zh:71798604d4ff22f3c79ec9a8ab61802e969f57456e26ba30bef7d276b88815f7",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9289d10fc5241bfd7a2e5de6ca229840eaa06066a129f483133e0a4517a91600",
+ "zh:a075e6bd64a452242e712c59d890cc0d5972158c9d71edbe1ac32d10ad051670",
+ "zh:deb5665f08b271bebe7d18c76cdcdf514ab49f1a85d96e73435728493ae54579",
+ "zh:e0b0a3c3427ee315582b4d17a6b9d2c09f07f2b86fb09821a7d713b68d4e1200",
+ "zh:f7519d1c7b1f108c0728036832a58dc06531203e878104f158ebb625b3c9438c",
]
}
diff --git a/terraform/layer2-k8s/README.md b/terraform/layer2-k8s/README.md
index 5e0dcbcc..5efb0005 100644
--- a/terraform/layer2-k8s/README.md
+++ b/terraform/layer2-k8s/README.md
@@ -47,136 +47,136 @@
## Requirements
-| Name | Version |
-| ---------------------------------------------------------------------------- | ------- |
-| [terraform](#requirement\_terraform) | 1.0.10 |
-| [aws](#requirement\_aws) | 3.64.2 |
-| [helm](#requirement\_helm) | 2.4.1 |
-| [http](#requirement\_http) | 2.1.0 |
-| [kubectl](#requirement\_kubectl) | 1.13.1 |
-| [kubernetes](#requirement\_kubernetes) | 2.6.1 |
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | 1.0.10 |
+| [aws](#requirement\_aws) | 3.72.0 |
+| [helm](#requirement\_helm) | 2.4.1 |
+| [http](#requirement\_http) | 2.1.0 |
+| [kubectl](#requirement\_kubectl) | 1.13.1 |
+| [kubernetes](#requirement\_kubernetes) | 2.6.1 |
## Providers
-| Name | Version |
-| ---------------------------------------------------------------------- | ------- |
-| [aws](#provider\_aws) | 3.64.2 |
-| [helm](#provider\_helm) | 2.4.1 |
-| [http](#provider\_http) | 2.1.0 |
-| [kubectl](#provider\_kubectl) | 1.13.1 |
-| [kubernetes](#provider\_kubernetes) | 2.6.1 |
-| [random](#provider\_random) | 3.1.0 |
-| [terraform](#provider\_terraform) | n/a |
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 3.72.0 |
+| [helm](#provider\_helm) | 2.4.1 |
+| [http](#provider\_http) | 2.1.0 |
+| [kubectl](#provider\_kubectl) | 1.13.1 |
+| [kubernetes](#provider\_kubernetes) | 2.6.1 |
+| [random](#provider\_random) | 3.1.2 |
+| [terraform](#provider\_terraform) | n/a |
## Modules
-| Name | Source | Version |
-| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | ------- |
-| [aws\_iam\_autoscaler](#module\_aws\_iam\_autoscaler) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_aws\_loadbalancer\_controller](#module\_aws\_iam\_aws\_loadbalancer\_controller) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_cert\_manager](#module\_aws\_iam\_cert\_manager) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_elastic\_stack](#module\_aws\_iam\_elastic\_stack) | ../modules/aws-iam-user-with-policy | n/a |
-| [aws\_iam\_external\_dns](#module\_aws\_iam\_external\_dns) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_external\_secrets](#module\_aws\_iam\_external\_secrets) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_gitlab\_runner](#module\_aws\_iam\_gitlab\_runner) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_kube\_prometheus\_stack\_grafana](#module\_aws\_iam\_kube\_prometheus\_stack\_grafana) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_iam\_victoria\_metrics\_k8s\_stack\_grafana](#module\_aws\_iam\_victoria\_metrics\_k8s\_stack\_grafana) | ../modules/aws-iam-eks-trusted | n/a |
-| [aws\_load\_balancer\_controller\_namespace](#module\_aws\_load\_balancer\_controller\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [aws\_node\_termination\_handler\_namespace](#module\_aws\_node\_termination\_handler\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [certmanager\_namespace](#module\_certmanager\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [cluster\_autoscaler\_namespace](#module\_cluster\_autoscaler\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [elastic\_tls](#module\_elastic\_tls) | ../modules/self-signed-certificate | n/a |
-| [elk\_namespace](#module\_elk\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [external\_dns\_namespace](#module\_external\_dns\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [external\_secrets\_namespace](#module\_external\_secrets\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [fargate\_namespace](#module\_fargate\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [gitlab\_runner\_namespace](#module\_gitlab\_runner\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [ingress\_nginx\_namespace](#module\_ingress\_nginx\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [istio\_system\_namespace](#module\_istio\_system\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [keda\_namespace](#module\_keda\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [kiali\_namespace](#module\_kiali\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [kube\_prometheus\_stack\_namespace](#module\_kube\_prometheus\_stack\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [loki\_namespace](#module\_loki\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [reloader\_namespace](#module\_reloader\_namespace) | ../modules/kubernetes-namespace | n/a |
-| [victoria\_metrics\_k8s\_stack\_namespace](#module\_victoria\_metrics\_k8s\_stack\_namespace) | ../modules/kubernetes-namespace | n/a |
+| Name | Source | Version |
+|------|--------|---------|
+| [aws\_iam\_autoscaler](#module\_aws\_iam\_autoscaler) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_aws\_loadbalancer\_controller](#module\_aws\_iam\_aws\_loadbalancer\_controller) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_cert\_manager](#module\_aws\_iam\_cert\_manager) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_elastic\_stack](#module\_aws\_iam\_elastic\_stack) | ../modules/aws-iam-user-with-policy | n/a |
+| [aws\_iam\_external\_dns](#module\_aws\_iam\_external\_dns) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_external\_secrets](#module\_aws\_iam\_external\_secrets) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_gitlab\_runner](#module\_aws\_iam\_gitlab\_runner) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_kube\_prometheus\_stack\_grafana](#module\_aws\_iam\_kube\_prometheus\_stack\_grafana) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_iam\_victoria\_metrics\_k8s\_stack\_grafana](#module\_aws\_iam\_victoria\_metrics\_k8s\_stack\_grafana) | ../modules/aws-iam-eks-trusted | n/a |
+| [aws\_load\_balancer\_controller\_namespace](#module\_aws\_load\_balancer\_controller\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [aws\_node\_termination\_handler\_namespace](#module\_aws\_node\_termination\_handler\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [certmanager\_namespace](#module\_certmanager\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [cluster\_autoscaler\_namespace](#module\_cluster\_autoscaler\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [elastic\_tls](#module\_elastic\_tls) | ../modules/self-signed-certificate | n/a |
+| [elk\_namespace](#module\_elk\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [external\_dns\_namespace](#module\_external\_dns\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [external\_secrets\_namespace](#module\_external\_secrets\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [fargate\_namespace](#module\_fargate\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [gitlab\_runner\_namespace](#module\_gitlab\_runner\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [ingress\_nginx\_namespace](#module\_ingress\_nginx\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [istio\_system\_namespace](#module\_istio\_system\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [keda\_namespace](#module\_keda\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [kiali\_namespace](#module\_kiali\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [kube\_prometheus\_stack\_namespace](#module\_kube\_prometheus\_stack\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [loki\_namespace](#module\_loki\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [reloader\_namespace](#module\_reloader\_namespace) | ../modules/kubernetes-namespace | n/a |
+| [victoria\_metrics\_k8s\_stack\_namespace](#module\_victoria\_metrics\_k8s\_stack\_namespace) | ../modules/kubernetes-namespace | n/a |
## Resources
-| Name | Type |
-| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
-| [aws_s3_bucket.elastic_stack](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket.gitlab_runner_cache](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_public_access_block.elastic_stack_public_access_block](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_public_access_block.gitlab_runner_cache_public_access_block](https://registry.terraform.io/providers/aws/3.64.2/docs/resources/s3_bucket_public_access_block) | resource |
-| [helm_release.aws_loadbalancer_controller](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.aws_node_termination_handler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.calico_daemonset](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.cert_manager](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.certificate](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.cluster_issuer](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.elk](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.external_dns](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.external_secrets](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.gitlab_runner](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.ingress_nginx](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.istio_base](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.istiod](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.kedacore](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.kiali](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.loki_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.prometheus_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.reloader](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [helm_release.victoria_metrics_k8s_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
-| [kubectl_manifest.istio_prometheus_service_monitor_cp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
-| [kubectl_manifest.istio_prometheus_service_monitor_dp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
-| [kubectl_manifest.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
-| [kubernetes_secret.elasticsearch_certificates](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
-| [kubernetes_secret.elasticsearch_credentials](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
-| [kubernetes_secret.elasticsearch_s3_user_creds](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
-| [kubernetes_secret.kibana_enc_key](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
-| [kubernetes_storage_class.advanced](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/storage_class) | resource |
-| [random_string.elasticsearch_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [random_string.kibana_enc_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [random_string.kibana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [random_string.kube_prometheus_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [random_string.victoria_metrics_k8s_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster) | data source |
-| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/eks_cluster_auth) | data source |
-| [aws_secretsmanager_secret.infra](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/secretsmanager_secret) | data source |
-| [aws_secretsmanager_secret_version.infra](https://registry.terraform.io/providers/aws/3.64.2/docs/data-sources/secretsmanager_secret_version) | data source |
-| [http_http.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/hashicorp/http/2.1.0/docs/data-sources/http) | data source |
-| [terraform_remote_state.layer1-aws](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| Name | Type |
+|------|------|
+| [aws_s3_bucket.elastic_stack](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket.gitlab_runner_cache](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_public_access_block.elastic_stack_public_access_block](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_public_access_block.gitlab_runner_cache_public_access_block](https://registry.terraform.io/providers/aws/3.72.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [helm_release.aws_loadbalancer_controller](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.aws_node_termination_handler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.calico_daemonset](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.cert_manager](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.certificate](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.cluster_issuer](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.elk](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.external_dns](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.external_secrets](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.gitlab_runner](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.ingress_nginx](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.istio_base](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.istiod](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.kedacore](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.kiali](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.loki_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.prometheus_operator](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.reloader](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [helm_release.victoria_metrics_k8s_stack](https://registry.terraform.io/providers/helm/2.4.1/docs/resources/release) | resource |
+| [kubectl_manifest.istio_prometheus_service_monitor_cp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
+| [kubectl_manifest.istio_prometheus_service_monitor_dp](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
+| [kubectl_manifest.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/1.13.1/docs/resources/manifest) | resource |
+| [kubernetes_secret.elasticsearch_certificates](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
+| [kubernetes_secret.elasticsearch_credentials](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
+| [kubernetes_secret.elasticsearch_s3_user_creds](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
+| [kubernetes_secret.kibana_enc_key](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/secret) | resource |
+| [kubernetes_storage_class.advanced](https://registry.terraform.io/providers/kubernetes/2.6.1/docs/resources/storage_class) | resource |
+| [random_string.elasticsearch_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [random_string.kibana_enc_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [random_string.kibana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [random_string.kube_prometheus_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [random_string.victoria_metrics_k8s_stack_grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_secretsmanager_secret.infra](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/secretsmanager_secret) | data source |
+| [aws_secretsmanager_secret_version.infra](https://registry.terraform.io/providers/aws/3.72.0/docs/data-sources/secretsmanager_secret_version) | data source |
+| [http_http.kube_prometheus_stack_operator_crds](https://registry.terraform.io/providers/hashicorp/http/2.1.0/docs/data-sources/http) | data source |
+| [terraform_remote_state.layer1-aws](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
## Inputs
-| Name | Description | Type | Default | Required |
-| ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | ----------- | -------------- | :------: |
-| [additional\_allowed\_ips](#input\_additional\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
-| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
-| [cluster\_autoscaler\_version](#input\_cluster\_autoscaler\_version) | Version of cluster autoscaler | `string` | `"v1.21.0"` | no |
-| [helm\_release\_history\_size](#input\_helm\_release\_history\_size) | How much helm releases to store | `number` | `5` | no |
-| [nginx\_ingress\_ssl\_terminator](#input\_nginx\_ingress\_ssl\_terminator) | Select SSL termination type | `string` | `"lb"` | no |
-| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
-| [remote\_state\_bucket](#input\_remote\_state\_bucket) | Name of the bucket for terraform state | `string` | n/a | yes |
-| [remote\_state\_key](#input\_remote\_state\_key) | Key of the remote state for terraform\_remote\_state | `string` | `"layer1-aws"` | no |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [additional\_allowed\_ips](#input\_additional\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
+| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
+| [cluster\_autoscaler\_version](#input\_cluster\_autoscaler\_version) | Version of cluster autoscaler | `string` | `"v1.21.0"` | no |
+| [helm\_release\_history\_size](#input\_helm\_release\_history\_size) | How much helm releases to store | `number` | `5` | no |
+| [nginx\_ingress\_ssl\_terminator](#input\_nginx\_ingress\_ssl\_terminator) | Select SSL termination type | `string` | `"lb"` | no |
+| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
+| [remote\_state\_bucket](#input\_remote\_state\_bucket) | Name of the bucket for terraform state | `string` | n/a | yes |
+| [remote\_state\_key](#input\_remote\_state\_key) | Key of the remote state for terraform\_remote\_state | `string` | `"layer1-aws"` | no |
## Outputs
-| Name | Description |
-| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- |
-| [apm\_domain\_name](#output\_apm\_domain\_name) | APM domain name |
-| [elastic\_stack\_bucket\_name](#output\_elastic\_stack\_bucket\_name) | Name of the bucket for ELKS snapshots |
-| [elasticsearch\_elastic\_password](#output\_elasticsearch\_elastic\_password) | Password of the superuser 'elastic' |
-| [gitlab\_runner\_cache\_bucket\_name](#output\_gitlab\_runner\_cache\_bucket\_name) | Name of the s3 bucket for gitlab-runner cache |
-| [kibana\_domain\_name](#output\_kibana\_domain\_name) | Kibana dashboards address |
-| [kube\_prometheus\_stack\_alertmanager\_domain\_name](#output\_kube\_prometheus\_stack\_alertmanager\_domain\_name) | Alertmanager ui address |
-| [kube\_prometheus\_stack\_get\_grafana\_admin\_password](#output\_kube\_prometheus\_stack\_get\_grafana\_admin\_password) | Command which gets admin password from kubernetes secret |
-| [kube\_prometheus\_stack\_grafana\_admin\_password](#output\_kube\_prometheus\_stack\_grafana\_admin\_password) | Grafana admin password |
-| [kube\_prometheus\_stack\_grafana\_domain\_name](#output\_kube\_prometheus\_stack\_grafana\_domain\_name) | Grafana dashboards address |
-| [kube\_prometheus\_stack\_prometheus\_domain\_name](#output\_kube\_prometheus\_stack\_prometheus\_domain\_name) | Prometheus ui address |
+| Name | Description |
+|------|-------------|
+| [apm\_domain\_name](#output\_apm\_domain\_name) | APM domain name |
+| [elastic\_stack\_bucket\_name](#output\_elastic\_stack\_bucket\_name) | Name of the bucket for ELKS snapshots |
+| [elasticsearch\_elastic\_password](#output\_elasticsearch\_elastic\_password) | Password of the superuser 'elastic' |
+| [gitlab\_runner\_cache\_bucket\_name](#output\_gitlab\_runner\_cache\_bucket\_name) | Name of the s3 bucket for gitlab-runner cache |
+| [kibana\_domain\_name](#output\_kibana\_domain\_name) | Kibana dashboards address |
+| [kube\_prometheus\_stack\_alertmanager\_domain\_name](#output\_kube\_prometheus\_stack\_alertmanager\_domain\_name) | Alertmanager ui address |
+| [kube\_prometheus\_stack\_get\_grafana\_admin\_password](#output\_kube\_prometheus\_stack\_get\_grafana\_admin\_password) | Command which gets admin password from kubernetes secret |
+| [kube\_prometheus\_stack\_grafana\_admin\_password](#output\_kube\_prometheus\_stack\_grafana\_admin\_password) | Grafana admin password |
+| [kube\_prometheus\_stack\_grafana\_domain\_name](#output\_kube\_prometheus\_stack\_grafana\_domain\_name) | Grafana dashboards address |
+| [kube\_prometheus\_stack\_prometheus\_domain\_name](#output\_kube\_prometheus\_stack\_prometheus\_domain\_name) | Prometheus ui address |
| [victoria\_metrics\_k8s\_stack\_get\_grafana\_admin\_password](#output\_victoria\_metrics\_k8s\_stack\_get\_grafana\_admin\_password) | Command which gets admin password from kubernetes secret |
-| [victoria\_metrics\_k8s\_stack\_grafana\_admin\_password](#output\_victoria\_metrics\_k8s\_stack\_grafana\_admin\_password) | Grafana admin password |
-| [victoria\_metrics\_k8s\_stack\_grafana\_domain\_name](#output\_victoria\_metrics\_k8s\_stack\_grafana\_domain\_name) | Grafana dashboards address |
+| [victoria\_metrics\_k8s\_stack\_grafana\_admin\_password](#output\_victoria\_metrics\_k8s\_stack\_grafana\_admin\_password) | Grafana admin password |
+| [victoria\_metrics\_k8s\_stack\_grafana\_domain\_name](#output\_victoria\_metrics\_k8s\_stack\_grafana\_domain\_name) | Grafana dashboards address |
\ No newline at end of file
diff --git a/terraform/layer2-k8s/main.tf b/terraform/layer2-k8s/main.tf
index eeba7fd6..31fca0c0 100644
--- a/terraform/layer2-k8s/main.tf
+++ b/terraform/layer2-k8s/main.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "aws"
- version = "3.64.2"
+ version = "3.72.0"
}
kubernetes = {
source = "kubernetes"