feat: Update addons to latest supported versions (aws-ia#1096)

.github/workflows/pre-commit.yaml

@@ -13,7 +13,7 @@ env:
   TERRAFORM_DOCS_VERSION: v0.16.0
   TFSEC_VERSION: v1.22.0
   TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
-  TFLINT_VERSION: v0.38.1
+  TFLINT_VERSION: v0.42.1
 
 concurrency:
   group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'

examples/ai-ml/ray/main.tf

@@ -210,7 +210,7 @@ module "s3_bucket" {
 data "aws_iam_policy_document" "irsa_policy" {
   statement {
     actions   = ["s3:ListBucket"]
-    resources = ["${module.s3_bucket.s3_bucket_arn}"]
+    resources = [module.s3_bucket.s3_bucket_arn]
   }
   statement {
     actions   = ["s3:*Object"]

examples/analytics/spark-k8s-operator/main.tf

@@ -364,7 +364,7 @@ module "eks_blueprints_kubernetes_addons" {
     aws_for_fluent_bit_cw_log_group = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs" # Optional
     create_namespace                = true
     values = [templatefile("${path.module}/helm-values/aws-for-fluentbit-values.yaml", {
-      region                    = "${data.aws_region.current.id}"
+      region                    = data.aws_region.current.id
       aws_for_fluent_bit_cw_log = "/${module.eks_blueprints.eks_cluster_id}/worker-fluentbit-logs"
     })]
     set = [

examples/observability/amp-amg-opensearch/data.tf

@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "opensearch_access_policy" {
     sid    = "AdminDomainLevelAccessToOpenSearch"
     effect = "Allow"
     resources = [
-      "${aws_elasticsearch_domain.opensearch.arn}",
+      aws_elasticsearch_domain.opensearch.arn,
       "${aws_elasticsearch_domain.opensearch.arn}/*",
     ]
     actions = ["es:*"]

locals.tf

@@ -124,7 +124,7 @@ locals {
   platform_teams_config_map = length(var.platform_teams) > 0 ? [
     for platform_team_name, platform_team_data in var.platform_teams : {
       rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${platform_team_name}-access"
-      username : "${platform_team_name}"
+      username : platform_team_name
       groups : [
         "system:masters"
       ]
@@ -135,7 +135,7 @@ locals {
   application_teams_config_map = length(var.application_teams) > 0 ? [
     for team_name, team_data in var.application_teams : {
       rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${team_name}-access"
-      username : "${team_name}"
+      username : team_name
       groups : [
         "${team_name}-group"
       ]

modules/aws-eks-self-managed-node-groups/outputs.tf

@@ -1,6 +1,6 @@
 output "self_managed_nodegroup_name" {
   description = "EKS Self Managed node group id"
-  value       = local.self_managed_node_group["node_group_name"].*
+  value       = local.self_managed_node_group["node_group_name"][*]
 }
 
 output "self_managed_nodegroup_iam_role_arns" {

modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf

@@ -3,7 +3,7 @@ module "launch_template_self_managed_ng" {
 
   eks_cluster_id = var.context.eks_cluster_id
   launch_template_config = {
-    "${local.lt_self_managed_group_map_key}" = {
+    (local.lt_self_managed_group_map_key) = {
       ami                    = local.custom_ami_id
       launch_template_os     = local.self_managed_node_group["launch_template_os"]
       launch_template_prefix = local.self_managed_node_group["node_group_name"]

modules/aws-eks-teams/main.tf

@@ -129,7 +129,7 @@ resource "aws_iam_role" "team_sa_irsa" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "Federated" : "${local.eks_oidc_provider_arn}"
+          "Federated" : local.eks_oidc_provider_arn
         },
         "Action" : "sts:AssumeRoleWithWebIdentity",
         "Condition" : {

modules/irsa/main.tf

@@ -43,7 +43,7 @@ resource "aws_iam_role" "irsa" {
       {
         "Effect" : "Allow",
         "Principal" : {
-          "Federated" : "${var.eks_oidc_provider_arn}"
+          "Federated" : var.eks_oidc_provider_arn
         },
         "Action" : "sts:AssumeRoleWithWebIdentity",
         "Condition" : {

modules/kubernetes-addons/agones/locals.tf

@@ -2,13 +2,13 @@ locals {
   name      = "agones"
   namespace = "agones-system"
 
+  # https://github.com/googleforgames/agones/blob/main/install/helm/agones/Chart.yaml
   default_helm_config = {
     name               = local.name
     chart              = local.name
     repository         = "https://agones.dev/chart/stable"
-    version            = "1.23.0"
+    version            = "1.27.0"
     namespace          = local.namespace
-    timeout            = "1200"
     description        = "Agones Gaming Server Helm Chart deployment configuration"
     values             = local.default_helm_values
     gameserver_minport = 7000

modules/kubernetes-addons/airflow/main.tf

@@ -1,11 +1,12 @@
 locals {
   name = "airflow"
 
+  # https://github.com/apache/airflow/blob/main/chart/Chart.yaml
   default_helm_config = {
     name             = local.name
     chart            = local.name
     repository       = "https://airflow.apache.org"
-    version          = "1.6.0"
+    version          = "1.7.0"
     namespace        = local.name
     create_namespace = true
     values           = [templatefile("${path.module}/values.yaml", {})]

modules/kubernetes-addons/argo-rollouts/locals.tf

@@ -1,15 +1,14 @@
 locals {
   name = "argo-rollouts"
 
+  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://argoproj.github.io/argo-helm"
-    version     = "2.16.0"
+    version     = "2.21.1"
     namespace   = local.name
     description = "Argo Rollouts AddOn Helm Chart"
-    values      = []
-    timeout     = "1200"
   }
 
   helm_config = merge(

modules/kubernetes-addons/argocd/locals.tf

@@ -1,16 +1,16 @@
 locals {
-  default_helm_values = [templatefile("${path.module}/values.yaml", {})]
+  default_helm_values = [file("${path.module}/values.yaml")]
 
   name      = "argo-cd"
   namespace = "argocd"
 
+  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
   default_helm_config = {
     name             = local.name
     chart            = local.name
     repository       = "https://argoproj.github.io/argo-helm"
-    version          = "4.9.14"
+    version          = "5.8.3"
     namespace        = local.namespace
-    timeout          = 1200
     create_namespace = true
     values           = local.default_helm_values
     description      = "The ArgoCD Helm Chart deployment configuration"

modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf

@@ -3,6 +3,7 @@ locals {
   namespace            = "amazon-cloudwatch"
   service_account_name = "cloudwatch-agent"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-cloudwatch-metrics/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name

modules/kubernetes-addons/aws-ebs-csi-driver/main.tf

@@ -31,11 +31,12 @@ module "helm_addon" {
   source = "../helm-addon"
   count  = var.enable_self_managed_aws_ebs_csi_driver && !var.enable_amazon_eks_aws_ebs_csi_driver ? 1 : 0
 
+  # https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/charts/aws-ebs-csi-driver/Chart.yaml
   helm_config = merge({
     name        = local.name
     description = "The Amazon Elastic Block Store Container Storage Interface (CSI) Driver provides a CSI interface used by Container Orchestrators to manage the lifecycle of Amazon EBS volumes."
     chart       = local.name
-    version     = "2.12.0"
+    version     = "2.12.1"
     repository  = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
     namespace   = local.namespace
     values = [

modules/kubernetes-addons/aws-efs-csi-driver/locals.tf

@@ -3,13 +3,13 @@ locals {
   service_account_name = "efs-csi-sa"
   namespace            = "kube-system"
 
+  # https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/charts/aws-efs-csi-driver/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
-    version     = "2.2.6"
+    version     = "2.2.9"
     namespace   = local.namespace
-    values      = []
     description = "The AWS EFS CSI driver Helm chart deployment configuration"
   }
 

modules/kubernetes-addons/aws-for-fluentbit/locals.tf

@@ -14,11 +14,12 @@ locals {
     }
   ]
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://aws.github.io/eks-charts"
-    version     = "0.1.18"
+    version     = "0.1.21"
     namespace   = local.name
     values      = local.default_helm_values
     description = "aws-for-fluentbit Helm Chart deployment configuration"

modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf

@@ -3,13 +3,13 @@ locals {
   service_account_name = "fsx-csi-sa"
   namespace            = "kube-system"
 
+  # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
-    version     = "1.4.2"
+    version     = "1.4.4"
     namespace   = local.namespace
-    values      = []
     description = "The Amazon FSx for Lustre CSI driver Helm chart deployment configuration"
   }
 

modules/kubernetes-addons/aws-load-balancer-controller/locals.tf

@@ -2,13 +2,13 @@ locals {
   name                 = "aws-load-balancer-controller"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://aws.github.io/eks-charts"
-    version     = "1.4.3"
+    version     = "1.4.5"
     namespace   = "kube-system"
-    timeout     = "1200"
     values      = local.default_helm_values
     description = "aws-load-balancer-controller Helm Chart for ingress resources"
   }

modules/kubernetes-addons/aws-node-termination-handler/locals.tf

@@ -3,16 +3,15 @@ locals {
   name                 = "aws-node-termination-handler"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml
   default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://aws.github.io/eks-charts"
-    version          = "0.18.5"
-    namespace        = local.namespace
-    timeout          = "1200"
-    create_namespace = false
-    description      = "AWS Node Termination Handler Helm Chart"
-    values           = local.default_helm_values
+    name        = local.name
+    chart       = local.name
+    repository  = "https://aws.github.io/eks-charts"
+    version     = "0.19.3"
+    namespace   = local.namespace
+    description = "AWS Node Termination Handler Helm Chart"
+    values      = local.default_helm_values
   }
 
   helm_config = merge(

modules/kubernetes-addons/aws-privateca-issuer/data.tf

@@ -1,7 +1,7 @@
 data "aws_iam_policy_document" "aws_privateca_issuer" {
   statement {
     effect    = "Allow"
-    resources = ["${var.aws_privateca_acmca_arn}"]
+    resources = [var.aws_privateca_acmca_arn]
     actions = [
       "acm-pca:DescribeCertificateAuthority",
       "acm-pca:GetCertificate",

modules/kubernetes-addons/aws-privateca-issuer/locals.tf

@@ -2,19 +2,16 @@ locals {
   name                 = "aws-privateca-issuer"
   service_account_name = "${local.name}-sa"
 
+  # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
   default_helm_config = {
     name        = local.name
     chart       = local.name
     repository  = "https://cert-manager.github.io/aws-privateca-issuer"
     version     = "1.2.2"
     namespace   = local.name
-    description = "AWS PCA Issuer helm Chart deployment configuration."
-    values      = local.default_helm_values
-    timeout     = "1200"
+    description = "AWS PCA Issuer helm Chart deployment configuration"
   }
 
-  default_helm_values = []
-
   helm_config = merge(
     local.default_helm_config,
     var.helm_config

modules/kubernetes-addons/calico/README.md

@@ -9,8 +9,6 @@ For more details checkout [calico](https://projectcalico.docs.tigera.io/getting-
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 

modules/kubernetes-addons/calico/main.tf

@@ -1,6 +1,25 @@
 module "helm_addon" {
-  source            = "../helm-addon"
-  helm_config       = local.helm_config
+  source = "../helm-addon"
+
+  # https://github.com/projectcalico/calico/blob/master/charts/tigera-operator/Chart.yaml
+  helm_config = merge(
+    {
+      name       = "calico"
+      chart      = "tigera-operator"
+      repository = "https://docs.projectcalico.org/charts"
+      version    = "v3.24.3"
+      namespace  = "tigera-operator"
+      values = [
+        <<-EOT
+          installation:
+            kubernetesProvider: "EKS"
+        EOT
+      ]
+      create_namespace = true
+      description      = "calico helm Chart deployment configuration"
+    },
+    var.helm_config
+  )
   manage_via_gitops = var.manage_via_gitops
   addon_context     = var.addon_context
 }

modules/kubernetes-addons/calico/outputs.tf

@@ -1,4 +1,4 @@
 output "argocd_gitops_config" {
   description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
+  value       = var.manage_via_gitops ? { enable = true } : null
 }

modules/kubernetes-addons/calico/versions.tf

@@ -1,14 +1,3 @@
 terraform {
   required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
 }

modules/kubernetes-addons/cert-manager-csi-driver/README.md

@@ -4,7 +4,6 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 
 ## Providers