Skip to content

Commit a096156

Browse files
Feature/bump-helm-versions-and-fix-deprication-warning (#88)
* replace kubernetes_service_account_v1 * Updated controllers --------- Co-authored-by: Maksym Butusov <maksym.butusov@automat-it.com>
1 parent 9b3393b commit a096156

3 files changed

Lines changed: 14 additions & 14 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ After all steps will be done you are free to update karpenter version using this
123123
| aws_region | The AWS region where resources will be provisioned. | `string` | n/a | yes |
124124
| cluster_endpoint | The endpoint of the Amazon EKS cluster. | `string` | n/a | yes |
125125
| cluster_name | The name of the Amazon EKS cluster. | `string` | n/a | yes |
126-
| services | List of services and their parameters (version, configs, namespaces, etc.). | ```object({ argocd = optional(object({ enabled = bool chart_name = optional(string, "argocd") helm_version = optional(string, "9.0.5") namespace = optional(string, "argocd") service_account_name = optional(string, "argocd-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) create_namespace = optional(bool, true) additional_helm_values = optional(string, "") load_balancer_name = optional(string) load_balancer_group_name = optional(string, "internal") load_balancer_scheme = optional(string, "internal") notification_slack_token_secret = optional(string) argocd_url = optional(string) iam_role_arn = optional(string) iam_role_name = optional(string) custom_ingress = optional(string) custom_notifications = optional(string) }), { enabled = false }), aws-alb-ingress-controller = optional(object({ enabled = bool chart_name = optional(string, "aws-alb-ingress-controller") helm_version = optional(string, "1.14.1") namespace = optional(string, "general") service_account_name = optional(string, "aws-alb-ingress-controller-sa") default_ssl_policy = optional(string, "ELBSecurityPolicy-TLS13-1-2-2021-06") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), cluster-autoscaler = optional(object({ enabled = bool chart_name = optional(string, "cluster-autoscaler") helm_version = optional(string, "9.52.1") namespace = optional(string, "general") service_account_name = optional(string, "autoscaler-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), external-dns = optional(object({ enabled = bool chart_name = optional(string, "external-dns") helm_version = optional(string, "1.19.0") namespace = optional(string, "general") service_account_name = optional(string, "external-dns-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), external-secrets = optional(object({ chart_name = optional(string, "external-secrets") enabled = bool helm_version = optional(string, "0.20.4") namespace = optional(string, "general") service_account_name = optional(string, "external-secrets-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), karpenter = optional(object({ chart_name = optional(string, "karpenter") chart_crd_name = optional(string, "karpenter-crd") enabled = bool helm_version = optional(string, "1.8.2") manage_crd = optional(bool, false) # Whether to directly manage CRD by Terraform. If false, CRD will be installed by the karpenter helm by dependency. If true, CRD will be installed with additional helm via terraform. Reference: https://github.com/aws/karpenter-provider-aws/tree/main/charts/karpenter-crd namespace = optional(string, "general") service_account_name = optional(string, "karpenter") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") crd_additional_helm_values = optional(string, "") deploy_default_nodeclass = optional(bool, true) default_nodeclass_max_pods = optional(string) default_nodeclass_pods_per_core = optional(string) default_nodeclass_ami_family = optional(string, "AL2023") default_nodeclass_ami_alias = optional(string, "al2023@latest") default_nodeclass_name = optional(string, "default") http_put_response_hop_limit = optional(string, "2") default_nodeclass_volume_size = optional(string, "20Gi") default_nodeclass_volume_type = optional(string, "gp3") deploy_default_nodepool = optional(bool, true) default_nodepool_instance_category = optional(list(string), ["t", "c", "m"]) default_nodepool_instance_cpu = optional(list(string), ["2", "4"]) default_nodepool_instance_generation = optional(list(string), []) default_nodepool_instance_cpu_manufacturer = optional(list(string), []) default_nodepool_cpu_limit = optional(string, "100") additional_nodepools_yaml = optional(map(any), {}) consolidation_policy = optional(string) enable_budgets = optional(bool, false) budgets = optional(any, [ { nodes = "10%" }, { nodes = "3" }, { nodes = "0", schedule = "0 9 * * sat-sun", duration = "24h" }, { nodes = "0", schedule = "0 17 * * mon-fri", duration = "16h", reasons = ["Drifted"] } ]) default_nodepool_capacity_type = optional(list(string), ["on-demand"]) default_nodepool_yaml = optional(string) default_nodeclass_yaml = optional(string) create_iam_role = optional(bool, true) iam_role_name = optional(string) iam_role_arn = optional(string) irsa_iam_role_additional_policies = optional(map(string), {}) create_node_iam_role = optional(bool, true) create_access_entry_for_node_iam_role = optional(bool, true) node_iam_role_name = optional(string) node_iam_role_additional_policies = optional(map(string), {}) node_iam_role_additional_tags = optional(map(string), {}) node_security_group_id = optional(string) }), { enabled = false }), keda = optional(object({ chart_name = optional(string, "keda") enabled = bool helm_version = optional(string, "2.18.1") namespace = optional(string, "general") service_account_name = optional(string, "keda-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), metrics-server = optional(object({ chart_name = optional(string, "metrics-server") enabled = bool helm_version = optional(string, "3.13.0") namespace = optional(string, "general") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") }), { enabled = false }), local-dns = optional(object({ enabled = bool chart_name = optional(string, "node-local-dns") helm_version = optional(string, "0.1.0") namespace = optional(string, "kube-system") service_account_name = optional(string, "node-local-dns-sa") image_repository = optional(string, "registry.k8s.io/dns/k8s-dns-node-cache") image_tag = optional(string, "1.23.0") local_ip = optional(string, "169.254.20.10") cluster_domain = optional(string, "cluster.local") cache_ttl = optional(number, 3600) cluster_local_cache_ttl = optional(number, 65) upstream_cluster_ip = optional(string) upstream_service_name = optional(string, "kube-dns") upstream_namespace = optional(string, "kube-system") upstream_ips = optional(list(string), []) coredns_config_enabled = optional(bool, false) coredns_config_name = optional(string, "coredns") coredns_config_namespace = optional(string, "kube-system") coredns_config_mount_path = optional(string, "/etc/coredns") extra_zones = optional(list(object({ name = string cacheTTL = number })), []) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), })``` | n/a | yes |
126+
| services | List of services and their parameters (version, configs, namespaces, etc.). | ```object({ argocd = optional(object({ enabled = bool chart_name = optional(string, "argocd") helm_version = optional(string, "9.4.2") namespace = optional(string, "argocd") service_account_name = optional(string, "argocd-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) create_namespace = optional(bool, true) additional_helm_values = optional(string, "") load_balancer_name = optional(string) load_balancer_group_name = optional(string, "internal") load_balancer_scheme = optional(string, "internal") notification_slack_token_secret = optional(string) argocd_url = optional(string) iam_role_arn = optional(string) iam_role_name = optional(string) custom_ingress = optional(string) custom_notifications = optional(string) }), { enabled = false }), aws-alb-ingress-controller = optional(object({ enabled = bool chart_name = optional(string, "aws-alb-ingress-controller") helm_version = optional(string, "1.17.1") namespace = optional(string, "general") service_account_name = optional(string, "aws-alb-ingress-controller-sa") default_ssl_policy = optional(string, "ELBSecurityPolicy-TLS13-1-2-2021-06") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), cluster-autoscaler = optional(object({ enabled = bool chart_name = optional(string, "cluster-autoscaler") helm_version = optional(string, "9.55.0") namespace = optional(string, "general") service_account_name = optional(string, "autoscaler-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), external-dns = optional(object({ enabled = bool chart_name = optional(string, "external-dns") helm_version = optional(string, "1.20.0") namespace = optional(string, "general") service_account_name = optional(string, "external-dns-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), external-secrets = optional(object({ chart_name = optional(string, "external-secrets") enabled = bool helm_version = optional(string, "2.0.0") namespace = optional(string, "general") service_account_name = optional(string, "external-secrets-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), karpenter = optional(object({ chart_name = optional(string, "karpenter") chart_crd_name = optional(string, "karpenter-crd") enabled = bool helm_version = optional(string, "1.9.0") manage_crd = optional(bool, false) # Whether to directly manage CRD by Terraform. If false, CRD will be installed by the karpenter helm by dependency. If true, CRD will be installed with additional helm via terraform. Reference: https://github.com/aws/karpenter-provider-aws/tree/main/charts/karpenter-crd namespace = optional(string, "general") service_account_name = optional(string, "karpenter") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") crd_additional_helm_values = optional(string, "") deploy_default_nodeclass = optional(bool, true) default_nodeclass_max_pods = optional(string) default_nodeclass_pods_per_core = optional(string) default_nodeclass_ami_family = optional(string, "AL2023") default_nodeclass_ami_alias = optional(string, "al2023@latest") default_nodeclass_name = optional(string, "default") http_put_response_hop_limit = optional(string, "2") default_nodeclass_volume_size = optional(string, "20Gi") default_nodeclass_volume_type = optional(string, "gp3") deploy_default_nodepool = optional(bool, true) default_nodepool_instance_category = optional(list(string), ["t", "c", "m"]) default_nodepool_instance_cpu = optional(list(string), ["2", "4"]) default_nodepool_instance_generation = optional(list(string), []) default_nodepool_instance_cpu_manufacturer = optional(list(string), []) default_nodepool_cpu_limit = optional(string, "100") additional_nodepools_yaml = optional(map(any), {}) consolidation_policy = optional(string) enable_budgets = optional(bool, false) budgets = optional(any, [ { nodes = "10%" }, { nodes = "3" }, { nodes = "0", schedule = "0 9 * * sat-sun", duration = "24h" }, { nodes = "0", schedule = "0 17 * * mon-fri", duration = "16h", reasons = ["Drifted"] } ]) default_nodepool_capacity_type = optional(list(string), ["on-demand"]) default_nodepool_yaml = optional(string) default_nodeclass_yaml = optional(string) create_iam_role = optional(bool, true) iam_role_name = optional(string) iam_role_arn = optional(string) irsa_iam_role_additional_policies = optional(map(string), {}) create_node_iam_role = optional(bool, true) create_access_entry_for_node_iam_role = optional(bool, true) node_iam_role_name = optional(string) node_iam_role_additional_policies = optional(map(string), {}) node_iam_role_additional_tags = optional(map(string), {}) node_security_group_id = optional(string) }), { enabled = false }), keda = optional(object({ chart_name = optional(string, "keda") enabled = bool helm_version = optional(string, "2.19.0") namespace = optional(string, "general") service_account_name = optional(string, "keda-sa") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), metrics-server = optional(object({ chart_name = optional(string, "metrics-server") enabled = bool helm_version = optional(string, "3.13.0") namespace = optional(string, "general") node_selector = optional(map(string), { pool = "system" }) additional_tolerations = optional(list(object({ key = string operator = optional(string, "Equal") value = string effect = optional(string, "NoSchedule") tolerationSeconds = optional(number, null) }))) additional_helm_values = optional(string, "") }), { enabled = false }), local-dns = optional(object({ enabled = bool chart_name = optional(string, "node-local-dns") helm_version = optional(string, "0.1.0") namespace = optional(string, "kube-system") service_account_name = optional(string, "node-local-dns-sa") image_repository = optional(string, "registry.k8s.io/dns/k8s-dns-node-cache") image_tag = optional(string, "1.23.0") local_ip = optional(string, "169.254.20.10") cluster_domain = optional(string, "cluster.local") cache_ttl = optional(number, 3600) cluster_local_cache_ttl = optional(number, 65) upstream_cluster_ip = optional(string) upstream_service_name = optional(string, "kube-dns") upstream_namespace = optional(string, "kube-system") upstream_ips = optional(list(string), []) coredns_config_enabled = optional(bool, false) coredns_config_name = optional(string, "coredns") coredns_config_namespace = optional(string, "kube-system") coredns_config_mount_path = optional(string, "/etc/coredns") extra_zones = optional(list(object({ name = string cacheTTL = number })), []) additional_helm_values = optional(string, "") iam_role_arn = optional(string) iam_role_name = optional(string) iam_policy_json = optional(string) }), { enabled = false }), })``` | n/a | yes |
127127
| vpc_id | The ID of the Virtual Private Cloud (VPC) where resources will be deployed. | `string` | n/a | yes |
128128
| create_namespace_general | Determines whether to create a general-purpose Kubernetes namespace. Set to 'true' to create the namespace, or 'false' to skip its creation. | `bool` | `true` | no |
129129
| create_namespace_security | Determines whether to create the security-related Kubernetes namespace. Set to 'true' to create the namespace, or 'false' to skip its creation. | `bool` | `true` | no |

modules/helm-chart/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ resource "aws_eks_pod_identity_association" "pod_identity" {
8888
role_arn = aws_iam_role.pod_identity[0].arn
8989
}
9090

91-
resource "kubernetes_service_account" "pod_identity" {
91+
resource "kubernetes_service_account_v1" "pod_identity" {
9292
count = var.enable_pod_identity ? 1 : 0
9393
metadata {
9494
name = var.service_account_name

0 commit comments

Comments
 (0)