From 08bbcaf09b254619a727721d0c4cb93afc0f4aec Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 19 Aug 2024 12:40:28 +0000 Subject: [PATCH 1/4] go go go Signed-off-by: Jacob Woffenden --- .../cloudwatch-log-groups.tf | 4 +-- .../eks-cluster.tf | 4 +-- .../eks-pod-identities.tf | 2 +- .../helm-charts-actions-runners.tf | 8 +++--- .../helm-charts-mlops.tf | 2 +- .../helm-charts-system.tf | 12 ++++----- .../iam-policies.tf | 14 +++++----- .../analytical-platform-compute/iam-roles.tf | 26 +++++++++---------- .../lakeformation-data-lake-settings.tf | 6 ++++- .../route53-zones.tf | 2 +- .../vpc-endpoints.tf | 2 +- .../analytical-platform-compute/vpc.tf | 2 +- 12 files changed, 44 insertions(+), 40 deletions(-) diff --git a/terraform/environments/analytical-platform-compute/cloudwatch-log-groups.tf b/terraform/environments/analytical-platform-compute/cloudwatch-log-groups.tf index 364cba99672..5da5d3bee32 100644 --- a/terraform/environments/analytical-platform-compute/cloudwatch-log-groups.tf +++ b/terraform/environments/analytical-platform-compute/cloudwatch-log-groups.tf @@ -3,7 +3,7 @@ module "eks_log_group" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/cloudwatch/aws//modules/log-group" - version = "5.4.0" + version = "5.5.0" name = local.eks_cloudwatch_log_group_name kms_key_id = module.eks_cluster_logs_kms.key_arn @@ -17,7 +17,7 @@ module "managed_prometheus_log_group" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/cloudwatch/aws//modules/log-group" - version = "5.3.1" + version = "5.5.0" name = local.amp_cloudwatch_log_group_name kms_key_id = module.managed_prometheus_logs_kms.key_arn diff --git a/terraform/environments/analytical-platform-compute/eks-cluster.tf b/terraform/environments/analytical-platform-compute/eks-cluster.tf index 55d2b41dbdd..b29a454069f 100644 --- a/terraform/environments/analytical-platform-compute/eks-cluster.tf +++ b/terraform/environments/analytical-platform-compute/eks-cluster.tf @@ -6,7 +6,7 @@ module "eks" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/eks/aws" - version = "20.20.0" + version = "20.23.0" cluster_name = local.eks_cluster_name cluster_version = local.environment_configuration.eks_cluster_version @@ -172,7 +172,7 @@ module "karpenter" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "20.20.0" + version = "20.23.0" cluster_name = module.eks.cluster_name diff --git a/terraform/environments/analytical-platform-compute/eks-pod-identities.tf b/terraform/environments/analytical-platform-compute/eks-pod-identities.tf index 20163447967..aa1c1dc54a5 100644 --- a/terraform/environments/analytical-platform-compute/eks-pod-identities.tf +++ b/terraform/environments/analytical-platform-compute/eks-pod-identities.tf @@ -7,7 +7,7 @@ module "aws_cloudwatch_metrics_pod_identity" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/eks-pod-identity/aws" - version = "1.3.0" + version = "1.4.0" name = "aws-cloudwatch-metrics" diff --git a/terraform/environments/analytical-platform-compute/helm-charts-actions-runners.tf b/terraform/environments/analytical-platform-compute/helm-charts-actions-runners.tf index 84ac91391db..9de02f29616 100644 --- a/terraform/environments/analytical-platform-compute/helm-charts-actions-runners.tf +++ b/terraform/environments/analytical-platform-compute/helm-charts-actions-runners.tf @@ -12,7 +12,7 @@ resource "helm_release" "actions_runner_mojas_create_a_derived_table" { /* https://github.com/ministryofjustice/analytical-platform-actions-runner */ name = "actions-runner-mojas-create-a-derived-table" repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts" - version = "2.318.0" + version = "2.319.1" chart = "actions-runner" namespace = kubernetes_namespace.actions_runners[0].metadata[0].name values = [ @@ -35,7 +35,7 @@ resource "helm_release" "actions_runner_mojas_create_a_derived_table_dpr" { /* https://github.com/ministryofjustice/analytical-platform-actions-runner */ name = "actions-runner-mojas-create-a-derived-table-dpr" repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts" - version = "2.318.0" + version = "2.319.1" chart = "actions-runner" namespace = kubernetes_namespace.actions_runners[0].metadata[0].name values = [ @@ -66,7 +66,7 @@ resource "helm_release" "actions_runner_mojas_airflow" { /* https://github.com/ministryofjustice/analytical-platform-actions-runner */ name = "actions-runner-mojas-airflow" repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts" - version = "2.318.0" + version = "2.319.1" chart = "actions-runner" namespace = kubernetes_namespace.actions_runners[0].metadata[0].name values = [ @@ -97,7 +97,7 @@ resource "helm_release" "actions_runner_mojas_airflow_create_a_pipeline" { /* https://github.com/ministryofjustice/analytical-platform-actions-runner */ name = "actions-runner-mojas-airflow-create-a-pipeline" repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts" - version = "2.318.0" + version = "2.319.1" chart = "actions-runner" namespace = kubernetes_namespace.actions_runners[0].metadata[0].name values = [ diff --git a/terraform/environments/analytical-platform-compute/helm-charts-mlops.tf b/terraform/environments/analytical-platform-compute/helm-charts-mlops.tf index a8912e8104d..b252916883f 100644 --- a/terraform/environments/analytical-platform-compute/helm-charts-mlops.tf +++ b/terraform/environments/analytical-platform-compute/helm-charts-mlops.tf @@ -2,7 +2,7 @@ resource "helm_release" "mlflow" { /* https://github.com/ministryofjustice/analytical-platform-mlflow */ name = "mlflow" repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts" - version = "2.15.1-rc1" + version = "2.15.1-rc2" chart = "mlflow" namespace = kubernetes_namespace.mlflow.metadata[0].name values = [ diff --git a/terraform/environments/analytical-platform-compute/helm-charts-system.tf b/terraform/environments/analytical-platform-compute/helm-charts-system.tf index 837598619d9..59b652c1e2f 100644 --- a/terraform/environments/analytical-platform-compute/helm-charts-system.tf +++ b/terraform/environments/analytical-platform-compute/helm-charts-system.tf @@ -68,7 +68,7 @@ resource "helm_release" "amazon_prometheus_proxy" { name = "amazon-prometheus-proxy" repository = "https://prometheus-community.github.io/helm-charts" chart = "kube-prometheus-stack" - version = "61.3.2" + version = "61.9.0" namespace = kubernetes_namespace.aws_observability.metadata[0].name values = [ templatefile( @@ -116,7 +116,7 @@ resource "helm_release" "karpenter" { name = "karpenter" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter" - version = "0.37.0" + version = "1.0.0" namespace = kubernetes_namespace.karpenter.metadata[0].name values = [ @@ -183,7 +183,7 @@ resource "helm_release" "cert_manager" { name = "cert-manager" repository = "https://charts.jetstack.io" chart = "cert-manager" - version = "v1.15.1" + version = "v1.15.3" namespace = kubernetes_namespace.cert_manager.metadata[0].name values = [ templatefile( @@ -236,7 +236,7 @@ resource "helm_release" "ingress_nginx" { name = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" - version = "4.11.1" + version = "4.11.2" namespace = kubernetes_namespace.ingress_nginx.metadata[0].name values = [ templatefile( @@ -257,7 +257,7 @@ resource "helm_release" "external_secrets" { name = "external-secrets" repository = "https://charts.external-secrets.io" chart = "external-secrets" - version = "0.9.20" + version = "0.10.0" namespace = kubernetes_namespace.external_secrets.metadata[0].name values = [ templatefile( @@ -284,7 +284,7 @@ resource "helm_release" "keda" { name = "keda" repository = "https://kedacore.github.io/charts" chart = "keda" - version = "2.14.2" + version = "2.15.1" namespace = kubernetes_namespace.keda.metadata[0].name values = [ templatefile( diff --git a/terraform/environments/analytical-platform-compute/iam-policies.tf b/terraform/environments/analytical-platform-compute/iam-policies.tf index 0715e51da82..21004eddf9b 100644 --- a/terraform/environments/analytical-platform-compute/iam-policies.tf +++ b/terraform/environments/analytical-platform-compute/iam-policies.tf @@ -18,7 +18,7 @@ module "eks_cluster_logs_kms_access_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "eks-cluster-logs-kms-access" @@ -45,7 +45,7 @@ module "karpenter_sqs_kms_access_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "karpenter-sqs-kms-access" @@ -71,7 +71,7 @@ module "amazon_prometheus_proxy_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "amazon-prometheus-proxy" @@ -98,7 +98,7 @@ module "managed_prometheus_kms_access_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "managed-prometheus-kms-access" @@ -147,7 +147,7 @@ module "mlflow_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "mlflow" @@ -168,7 +168,7 @@ module "gha_mojas_airflow_iam_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "github-actions-mojas-airflow" @@ -274,7 +274,7 @@ module "analytical_platform_lake_formation_share_policy" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "5.41.0" + version = "5.44.0" name_prefix = "analytical-platform-lake-formation-sharing-policy" diff --git a/terraform/environments/analytical-platform-compute/iam-roles.tf b/terraform/environments/analytical-platform-compute/iam-roles.tf index 2dea42ab783..11ea0c06b97 100644 --- a/terraform/environments/analytical-platform-compute/iam-roles.tf +++ b/terraform/environments/analytical-platform-compute/iam-roles.tf @@ -3,7 +3,7 @@ module "vpc_cni_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "vpc-cni" attach_vpc_cni_policy = true @@ -24,7 +24,7 @@ module "ebs_csi_driver_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "ebs-csi-driver" attach_ebs_csi_policy = true @@ -44,7 +44,7 @@ module "efs_csi_driver_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "efs-csi-driver" attach_efs_csi_policy = true @@ -64,7 +64,7 @@ module "aws_for_fluent_bit_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "aws-for-fluent-bit" @@ -88,7 +88,7 @@ module "amazon_prometheus_proxy_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "amazon-prometheus-proxy" @@ -111,7 +111,7 @@ module "cluster_autoscaler_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "cluster-autoscaler" @@ -133,7 +133,7 @@ module "external_dns_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "external-dns" attach_external_dns_policy = true @@ -154,7 +154,7 @@ module "cert_manager_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "cert-manager" attach_cert_manager_policy = true @@ -175,7 +175,7 @@ module "external_secrets_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "external-secrets" attach_external_secrets_policy = true @@ -196,7 +196,7 @@ module "mlflow_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" role_name_prefix = "mlflow" @@ -219,7 +219,7 @@ module "gha_mojas_airflow_iam_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-github-oidc-role" - version = "5.41.0" + version = "5.44.0" name = "github-actions-mojas-airflow" @@ -237,7 +237,7 @@ module "lake_formation_share_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "5.41.0" + version = "5.44.0" create_role = true role_requires_mfa = false @@ -265,7 +265,7 @@ module "analytical_platform_ui_service_role" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.41.0" + version = "5.44.0" create_role = true diff --git a/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf b/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf index 50810540ca6..2302db582e3 100644 --- a/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf +++ b/terraform/environments/analytical-platform-compute/lakeformation-data-lake-settings.tf @@ -1,3 +1,7 @@ resource "aws_lakeformation_data_lake_settings" "main" { - admins = [data.aws_iam_session_context.current.issuer_arn, module.lake_formation_share_role.iam_role_arn, module.analytical_platform_ui_service_role.iam_role_arn] + admins = [ + data.aws_iam_session_context.current.issuer_arn, + module.lake_formation_share_role.iam_role_arn, + module.analytical_platform_ui_service_role.iam_role_arn + ] } diff --git a/terraform/environments/analytical-platform-compute/route53-zones.tf b/terraform/environments/analytical-platform-compute/route53-zones.tf index 668595ee065..6be83bcb4bf 100644 --- a/terraform/environments/analytical-platform-compute/route53-zones.tf +++ b/terraform/environments/analytical-platform-compute/route53-zones.tf @@ -3,7 +3,7 @@ module "route53_zones" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/route53/aws//modules/zones" - version = "3.1.0" + version = "4.0.0" zones = { # tflint-ignore: terraform_deprecated_interpolation diff --git a/terraform/environments/analytical-platform-compute/vpc-endpoints.tf b/terraform/environments/analytical-platform-compute/vpc-endpoints.tf index 02f86b0d759..75b40822f0b 100644 --- a/terraform/environments/analytical-platform-compute/vpc-endpoints.tf +++ b/terraform/environments/analytical-platform-compute/vpc-endpoints.tf @@ -3,7 +3,7 @@ module "vpc_endpoints" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - version = "5.9.0" + version = "5.13.0" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/terraform/environments/analytical-platform-compute/vpc.tf b/terraform/environments/analytical-platform-compute/vpc.tf index cc0167e99d6..e82606e1482 100644 --- a/terraform/environments/analytical-platform-compute/vpc.tf +++ b/terraform/environments/analytical-platform-compute/vpc.tf @@ -6,7 +6,7 @@ module "vpc" { #checkov:skip=CKV_TF_2:Module registry does not support tags for versions source = "terraform-aws-modules/vpc/aws" - version = "5.9.0" + version = "5.13.0" name = local.our_vpc_name azs = slice(data.aws_availability_zones.available.names, 0, 3) From c844f2480cd312ebd4d995d56ebf302cf2036fa2 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 19 Aug 2024 12:45:07 +0000 Subject: [PATCH 2/4] Bump prom operator CRD Signed-off-by: Jacob Woffenden --- .../analytical-platform-compute/environment-configuration.tf | 2 +- .../analytical-platform-compute/helm-charts-system.tf | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/terraform/environments/analytical-platform-compute/environment-configuration.tf b/terraform/environments/analytical-platform-compute/environment-configuration.tf index 3b07c4b2bf3..5ab8815df17 100644 --- a/terraform/environments/analytical-platform-compute/environment-configuration.tf +++ b/terraform/environments/analytical-platform-compute/environment-configuration.tf @@ -17,7 +17,7 @@ locals { eks_cloudwatch_log_group_retention_in_days = 400 /* Kube Prometheus Stack */ - prometheus_operator_crd_version = "v0.75.1" + prometheus_operator_crd_version = "v0.76.0" /* Environment Configuration */ environment_configuration = local.environment_configurations[local.environment] diff --git a/terraform/environments/analytical-platform-compute/helm-charts-system.tf b/terraform/environments/analytical-platform-compute/helm-charts-system.tf index 59b652c1e2f..339801b39d0 100644 --- a/terraform/environments/analytical-platform-compute/helm-charts-system.tf +++ b/terraform/environments/analytical-platform-compute/helm-charts-system.tf @@ -64,7 +64,10 @@ resource "helm_release" "aws_for_fluent_bit" { resource "helm_release" "amazon_prometheus_proxy" { /* https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack */ - /* If you are upgrading this chart, check whether the CRD version needs updating */ + /* + If you are upgrading this chart, check whether the CRD version needs updating + https://github.com/prometheus-operator/prometheus-operator/releases + */ name = "amazon-prometheus-proxy" repository = "https://prometheus-community.github.io/helm-charts" chart = "kube-prometheus-stack" From 91e15fcbdaf33aecdc1c76dc0c6316fdf16f8cd4 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 19 Aug 2024 15:04:58 +0100 Subject: [PATCH 3/4] Bump Bottlerocket Bump Addons Remove p3.8xlarge Signed-off-by: Jacob Woffenden --- .../environment-configuration.tf | 36 +++++++++---------- .../charts/karpenter-configuration/Chart.yaml | 2 +- .../templates/node-pool-gpu-on-demand.yaml | 2 +- .../templates/node-pool-gpu-spot.yaml | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/terraform/environments/analytical-platform-compute/environment-configuration.tf b/terraform/environments/analytical-platform-compute/environment-configuration.tf index 5ab8815df17..815f88439be 100644 --- a/terraform/environments/analytical-platform-compute/environment-configuration.tf +++ b/terraform/environments/analytical-platform-compute/environment-configuration.tf @@ -47,15 +47,15 @@ locals { /* EKS */ eks_sso_access_role = "modernisation-platform-sandbox" eks_cluster_version = "1.30" - eks_node_version = "1.20.4-b6163b2a" + eks_node_version = "1.21.0-4d43022e" eks_cluster_addon_versions = { - coredns = "v1.11.1-eksbuild.9" - kube_proxy = "v1.30.0-eksbuild.3" - aws_ebs_csi_driver = "v1.32.0-eksbuild.1" - aws_efs_csi_driver = "v2.0.5-eksbuild.1" + coredns = "v1.11.1-eksbuild.11" + kube_proxy = "v1.30.3-eksbuild.2" + aws_ebs_csi_driver = "v1.33.0-eksbuild.1" + aws_efs_csi_driver = "v2.0.6-eksbuild.2" aws_guardduty_agent = "v1.6.1-eksbuild.1" eks_pod_identity_agent = "v1.3.0-eksbuild.1" - vpc_cni = "v1.18.2-eksbuild.1" + vpc_cni = "v1.18.3-eksbuild.2" } /* Data Engineering Airflow */ @@ -98,15 +98,15 @@ locals { /* EKS */ eks_sso_access_role = "modernisation-platform-developer" eks_cluster_version = "1.30" - eks_node_version = "1.20.4-b6163b2a" + eks_node_version = "1.21.0-4d43022e" eks_cluster_addon_versions = { - coredns = "v1.11.1-eksbuild.9" - kube_proxy = "v1.30.0-eksbuild.3" - aws_ebs_csi_driver = "v1.32.0-eksbuild.1" - aws_efs_csi_driver = "v2.0.5-eksbuild.1" + coredns = "v1.11.1-eksbuild.11" + kube_proxy = "v1.30.3-eksbuild.2" + aws_ebs_csi_driver = "v1.33.0-eksbuild.1" + aws_efs_csi_driver = "v2.0.6-eksbuild.2" aws_guardduty_agent = "v1.6.1-eksbuild.1" eks_pod_identity_agent = "v1.3.0-eksbuild.1" - vpc_cni = "v1.18.2-eksbuild.1" + vpc_cni = "v1.18.3-eksbuild.2" } /* Observability Platform */ @@ -148,15 +148,15 @@ locals { /* EKS */ eks_sso_access_role = "modernisation-platform-developer" eks_cluster_version = "1.30" - eks_node_version = "1.20.4-b6163b2a" + eks_node_version = "1.21.0-4d43022e" eks_cluster_addon_versions = { - coredns = "v1.11.1-eksbuild.9" - kube_proxy = "v1.30.0-eksbuild.3" - aws_ebs_csi_driver = "v1.32.0-eksbuild.1" - aws_efs_csi_driver = "v2.0.5-eksbuild.1" + coredns = "v1.11.1-eksbuild.11" + kube_proxy = "v1.30.3-eksbuild.2" + aws_ebs_csi_driver = "v1.33.0-eksbuild.1" + aws_efs_csi_driver = "v2.0.6-eksbuild.2" aws_guardduty_agent = "v1.6.1-eksbuild.1" eks_pod_identity_agent = "v1.3.0-eksbuild.1" - vpc_cni = "v1.18.2-eksbuild.1" + vpc_cni = "v1.18.3-eksbuild.2" } /* Data Engineering Airflow */ diff --git a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/Chart.yaml b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/Chart.yaml index 4e7094a093d..6be9a5352b1 100644 --- a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/Chart.yaml +++ b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/Chart.yaml @@ -3,4 +3,4 @@ apiVersion: v2 name: karpenter-configuration description: A Helm chart to deploy Karpenter's configuration type: application -version: 1.4.0 +version: 1.5.0 diff --git a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-on-demand.yaml b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-on-demand.yaml index c3ba54eabd4..500af0e97e1 100644 --- a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-on-demand.yaml +++ b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-on-demand.yaml @@ -32,4 +32,4 @@ spec: values: ["on-demand"] - key: node.kubernetes.io/instance-type operator: In - values: ["p3.2xlarge","p3.8xlarge"] + values: ["p3.2xlarge"] diff --git a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-spot.yaml b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-spot.yaml index 5db7c301959..fc7932997cc 100644 --- a/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-spot.yaml +++ b/terraform/environments/analytical-platform-compute/src/helm/charts/karpenter-configuration/templates/node-pool-gpu-spot.yaml @@ -32,4 +32,4 @@ spec: values: ["spot"] - key: node.kubernetes.io/instance-type operator: In - values: ["p3.2xlarge","p3.8xlarge"] + values: ["p3.2xlarge"] From c795159ae797ffa24e046875136aa4d02de242bc Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 19 Aug 2024 14:48:21 +0000 Subject: [PATCH 4/4] back out karpenter update Signed-off-by: Jacob Woffenden --- .../analytical-platform-compute/helm-charts-system.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/analytical-platform-compute/helm-charts-system.tf b/terraform/environments/analytical-platform-compute/helm-charts-system.tf index 339801b39d0..fa86e7e6eda 100644 --- a/terraform/environments/analytical-platform-compute/helm-charts-system.tf +++ b/terraform/environments/analytical-platform-compute/helm-charts-system.tf @@ -119,7 +119,7 @@ resource "helm_release" "karpenter" { name = "karpenter" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter" - version = "1.0.0" + version = "0.37.0" namespace = kubernetes_namespace.karpenter.metadata[0].name values = [