diff --git a/gitops/components/karpenter/resources.yaml b/gitops/components/karpenter/resources.yaml index d975c46..f733446 100644 --- a/gitops/components/karpenter/resources.yaml +++ b/gitops/components/karpenter/resources.yaml @@ -18,14 +18,14 @@ spec: sources: - chart: karpenter-crd repoURL: public.ecr.aws/karpenter - targetRevision: 0.37.5 + targetRevision: 1.0.6 helm: valuesObject: webhook: serviceNamespace: karpenter - chart: karpenter repoURL: public.ecr.aws/karpenter - targetRevision: 0.37.5 + targetRevision: 1.0.6 helm: releaseName: karpenter skipCrds: true @@ -34,8 +34,8 @@ spec: controller: image: repository: ghcr.io/pelotech/karpenter - tag: v0.37.5-modified - digest: sha256:287efa1feef3fd60dc3d55846beb61bb8b7c65e79a92d1338d36844158c3eb97 + tag: v1.0.6-modified + digest: sha256:3a2c499f0afb5874ca7a196097781863630dab2e1703b6f71ca8693b13c207ac env: - name: IGNORED_RESOURCE_REQUESTS value: "devices.kubevirt.io/kvm,devices.kubevirt.io/tun,devices.kubevirt.io/vhost-net,scheduling.node.kubevirt.io/tsc-frequency-2999986000,scheduling.node.kubevirt.io/tsc-frequency-2999987000,scheduling.node.kubevirt.io/tsc-frequency-3000000000" diff --git a/terraform/foundation-stack/main.tf b/terraform/foundation-stack/main.tf index 34ec6bc..e64253f 100644 --- a/terraform/foundation-stack/main.tf +++ b/terraform/foundation-stack/main.tf @@ -55,7 +55,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "5.8.1" + version = "5.13.0" name = var.stack_name enable_dns_hostnames = "true" enable_dns_support = "true" @@ -83,7 +83,7 @@ module "vpc" { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "20.8.5" + version = "20.24.3" cluster_name = var.stack_name cluster_version = "1.29" create = var.stack_create @@ -137,10 +137,11 @@ module "eks" { module "karpenter" { count = var.stack_create ? 1 : 0 source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "20.8.5" + version = "20.24.3" cluster_name = module.eks.cluster_name enable_irsa = true - enable_pod_identity = false # TODO: PR because it doesn't work in govcloud + enable_pod_identity = false # TODO: PR because it doesn't work in govcloud (-> it works now since 8/24) + enable_v1_permissions = true queue_name = var.stack_name irsa_oidc_provider_arn = module.eks.oidc_provider_arn irsa_namespace_service_accounts = ["karpenter:karpenter"] @@ -156,7 +157,7 @@ module "karpenter" { # IAM roles and policies for the cluster module "load_balancer_controller_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.39.1" + version = "5.46.0" create_role = var.stack_create @@ -175,7 +176,7 @@ module "load_balancer_controller_irsa_role" { module "ebs_csi_driver_irsa_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.39.1" + version = "5.46.0" create_role = var.stack_create @@ -194,7 +195,7 @@ module "ebs_csi_driver_irsa_role" { module "s3_csi" { source = "terraform-aws-modules/s3-bucket/aws" - version = "4.1.2" + version = "4.2.0" bucket = "${var.stack_tags.Owner}-${var.stack_name}-csi-bucket" create_bucket = var.s3_csi_driver_create_bucket @@ -217,7 +218,7 @@ module "s3_csi" { module "s3_driver_irsa_role" { count = var.stack_create ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.39.1" + version = "5.46.0" create_role = var.stack_create role_name = "${var.stack_name}-s3-csi-driver-role" @@ -237,7 +238,7 @@ module "s3_driver_irsa_role" { module "external_dns_irsa_role" { count = var.stack_create ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.39.1" + version = "5.46.0" create_role = var.stack_create @@ -258,7 +259,7 @@ module "external_dns_irsa_role" { module "cert_manager_irsa_role" { count = var.stack_create ? 1 : 0 source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "5.39.1" + version = "5.46.0" create_role = var.stack_create