Release 4.3.0 (#107) (#109)

* updated vpc cni and ebs csi addons

* updated multi addons components

Author: ns-squareops

README.md

@@ -21,7 +21,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.2.0 |
+| <a name="module_eks-addons"></a> [eks-addons](#module\_eks-addons) | squareops/eks-addons/aws | 4.3.0 |
 
 ## Resources
 

examples/complete/README.md

@@ -19,8 +19,6 @@ affinity:
           - "true"
 
 settings:
-  clusterName: ${eks_cluster_id}
-  clusterEndpoint: ${eks_cluster_endpoint}
   eksControlPlane: false
   featureGates:
     spotToSpotConsolidation: true

examples/complete/config/karpenter.yaml

@@ -22,7 +22,7 @@ locals {
 }
 module "eks-addons" {
   source               = "squareops/eks-addons/aws"
-  version              = "4.2.0"
+  version              = "4.3.0"
   name                 = local.name
   tags                 = local.additional_tags
   vpc_id               = local.vpc_id
@@ -38,11 +38,11 @@ module "eks-addons" {
 
   #VPC-CNI-DRIVER
   amazon_eks_vpc_cni_enabled = false # enable VPC-CNI
-  vpc_cni_version            = "v1.19.2-eksbuild.1"
+  vpc_cni_version            = "v1.19.3-eksbuild.1"
 
   #EBS-CSI-DRIVER
   enable_amazon_eks_aws_ebs_csi_driver = false # enable EBS CSI Driver
-  ebs_csi_driver_version               = "v1.36.0-eksbuild.1"
+  ebs_csi_driver_version               = "v1.41.0-eksbuild.1"
   amazon_eks_aws_ebs_csi_driver_config = {
     values = [file("${path.module}/config/ebs-csi.yaml")]
   }
@@ -53,26 +53,26 @@ module "eks-addons" {
 
   ## EfS-STORAGE-CLASS
   efs_storage_class_enabled = false # to enable EBS storage class
-  efs_version               = "2.3.2"
+  efs_version               = "3.1.8"
 
   ## SERVICE-MONITORING-CRDs
   service_monitor_crd_enabled = false # enable service monitor along with K8S-dashboard (required CRD) or when require service monitor in reloader and cert-manager
 
   ## METRIC-SERVER
   metrics_server_enabled     = false # to enable metrics server
-  metrics_server_version     = "3.12.1"
+  metrics_server_version     = "3.12.2"
   metrics_server_helm_config = [file("${path.module}/config/metrics-server.yaml")]
 
   # VerticalPodAutoscaler
   vpa_enabled = false
-  vpa_version = "9.9.0"
+  vpa_version = "10.0.0"
   vpa_config = {
     values = [file("${path.module}/config/vpa-crd.yaml")]
   }
 
   ## CLUSTER-AUTOSCALER
   cluster_autoscaler_enabled     = false # to enable cluster autoscaller
-  cluster_autoscaler_version     = "9.46.3"
+  cluster_autoscaler_version     = "9.46.6"
   cluster_autoscaler_helm_config = [file("${path.module}/config/cluster-autoscaler.yaml")]
 
   ## NODE-TERMINATION-HANDLER
@@ -86,14 +86,14 @@ module "eks-addons" {
 
   ## KEDA
   keda_enabled = false # to enable Keda in the EKS cluster
-  keda_version = "2.14.2"
+  keda_version = "2.17.0"
   keda_helm_config = {
     values = [file("${path.module}/config/keda.yaml")]
   }
 
   ## KARPENTER
   karpenter_enabled = false # to enable Karpenter (installs required CRDs )
-  karpenter_version = "1.3.1"
+  karpenter_version = "1.3.3"
   karpenter_helm_config = {
     enable_service_monitor = false # to enable monitoring for kafalserpenter
     values                 = [file("${path.module}/config/karpenter.yaml")]
@@ -112,7 +112,7 @@ module "eks-addons" {
 
   ## EXTERNAL-SECRETS
   external_secrets_enabled = false # to enable external secrets
-  external_secrets_version = "0.9.19"
+  external_secrets_version = "0.15.1"
   external_secrets_helm_config = {
     values = [file("${path.module}/config/external-secret.yaml")]
   }

examples/complete/main.tf

@@ -32,7 +32,7 @@ module "aws-efs-csi-driver" {
   source            = "./modules/aws-efs-csi-driver"
   count             = var.efs_storage_class_enabled ? 1 : 0
   helm_config       = var.aws_efs_csi_driver_helm_config
-  irsa_policies    = var.kms_policy_arn != "" ? [var.kms_policy_arn] : []
+  irsa_policies     = var.kms_policy_arn != "" ? [var.kms_policy_arn] : []
   manage_via_gitops = var.argocd_manage_add_ons
   addon_context     = local.addon_context
   chart_version     = var.efs_version
@@ -295,7 +295,7 @@ module "reloader" {
 module "single-az-sc" {
   for_each                             = { for sc in var.single_az_sc_config : sc.name => sc }
   source                               = "./modules/aws-ebs-storage-class"
-  kms_key_id                          = var.kms_key_arn != "" ? var.kms_key_arn : null
+  kms_key_id                           = var.kms_key_arn != "" ? var.kms_key_arn : null
   availability_zone                    = each.value.zone
   single_az_ebs_gp3_storage_class      = var.single_az_ebs_gp3_storage_class_enabled
   single_az_ebs_gp3_storage_class_name = each.value.name

main.tf

@@ -36,7 +36,7 @@ module "helm_addon" {
     name        = local.name
     description = "The Amazon Elastic Block Store Container Storage Interface (CSI) Driver provides a CSI interface used by Container Orchestrators to manage the lifecycle of Amazon EBS volumes."
     chart       = local.name
-    version     = "2.27.0"
+    version     = "2.41.0"
     repository  = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
     namespace   = local.namespace
     values = yamlencode(merge(

modules/aws-ebs-csi-driver/main.tf

@@ -31,8 +31,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | aws efs addons helm version | `string` | `"2.3.2"` | no |
+| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br/>    aws_caller_identity_account_id = string<br/>    aws_caller_identity_arn        = string<br/>    aws_eks_cluster_endpoint       = string<br/>    aws_partition_id               = string<br/>    aws_region_name                = string<br/>    eks_cluster_id                 = string<br/>    eks_oidc_issuer_url            = string<br/>    eks_oidc_provider_arn          = string<br/>    tags                           = map(string)<br/>    irsa_iam_role_path             = string<br/>    irsa_iam_permissions_boundary  = string<br/>  })</pre> | n/a | yes |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | aws efs addons helm version | `string` | `"3.1.8"` | no |
 | <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the aws\_efs\_csi\_driver. | `any` | `{}` | no |
 | <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
 | <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |

modules/aws-efs-csi-driver/README.md

@@ -37,5 +37,5 @@ variable "addon_context" {
 variable "chart_version" {
   description = "aws efs addons helm version"
   type        = string
-  default     = "2.3.2"
+  default     = "3.1.8"
 }

modules/aws-efs-csi-driver/variables.tf

@@ -4,15 +4,24 @@
 
 image:
   keda:
-    repository: ghcr.io/kedacore/keda
+    # -- Image registry of KEDA operator
+    registry: ghcr.io
+    # -- Image name of KEDA operator
+    repository: kedacore/keda
     # Allows people to override tag if they don't want to use the app version
     tag:
   metricsApiServer:
-    repository: ghcr.io/kedacore/keda-metrics-apiserver
+    # -- Image registry of KEDA Metrics API Server
+    registry: ghcr.io
+    # -- Image name of KEDA Metrics API Server
+    repository: kedacore/keda-metrics-apiserver
     # Allows people to override tag if they don't want to use the app version
     tag:
   webhooks:
-    repository: ghcr.io/kedacore/keda-admission-webhooks
+    # -- Image registry of KEDA admission-webhooks
+    registry: ghcr.io
+    # -- Image name of KEDA admission-webhooks
+    repository: kedacore/keda-admission-webhooks
     # Allows people to override tag if they don't want to use the app version
     tag:
   pullPolicy: Always
@@ -121,22 +130,18 @@ rbac:
   create: true
 
 serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: keda-operator
-  # Specifies whether a service account should automount API-Credentials
-  automountServiceAccountToken: true
-  # Annotations to add to the service account
-  annotations: {}
+  operator:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: keda-operator
+    # Specifies whether a service account should automount API-Credentials
+    automountServiceAccountToken: true
+    # Annotations to add to the service account
+    annotations: {}
 
 podIdentity:
-  activeDirectory:
-    # Set to the value of the Azure Active Directory Pod Identity
-    # See https://keda.sh/docs/concepts/authentication/#azure-pod-identity
-    # This will be set as a label on the KEDA Pod(s)
-    identity: ""
   azureWorkload:
     # Set to true to enable Azure Workload Identity usage.
     # See https://keda.sh/docs/concepts/authentication/#azure-workload-identity
@@ -166,7 +171,6 @@ podIdentity:
       # Set to the value of the service account token expiration duration.
       # This will be set as an annotation on the KEDA service account.
       tokenExpiration: 86400
-
 # Set this if you are using an external scaler and want to communicate
 # over TLS (recommended). This variable holds the name of the secret that
 # will be mounted to the /grpccerts path on the Pod
@@ -255,8 +259,6 @@ podSecurityContext:
 
 service:
   type: ClusterIP
-  portHttp: 80
-  portHttpTarget: 8080
   portHttps: 443
   portHttpsTarget: 6443
 
@@ -292,7 +294,6 @@ resources:
 nodeSelector: {}
 
 tolerations: []
-
 # -- Pod Topology Constraints https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 topologySpreadConstraints: {}
   # operator: []
@@ -349,7 +350,7 @@ volumes:
 prometheus:
   metricServer:
     enabled: false
-    port: 9022
+    port: 8080
     portName: metrics
     path: /metrics
     serviceMonitor:
@@ -359,17 +360,23 @@ prometheus:
       targetLabels: []
       podTargetLabels: []
       port: metrics
-      targetPort:
-      interval:
-      scrapeTimeout:
+      # -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
+      targetPort: ""
+      # -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
+      interval: ""
+      # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
+      scrapeTimeout: ""
       relabellings: []
       additionalLabels: {}
     podMonitor:
       # Enables PodMonitor creation for the Prometheus Operator
       enabled: false
-      interval:
-      scrapeTimeout:
-      namespace:
+      # -- Scraping interval for metric server using podMonitor crd (prometheus operator)
+      interval: ""
+      # -- Scraping timeout for metric server using podMonitor crd (prometheus operator)
+      scrapeTimeout: ""
+      # -- Scraping namespace for metric server using podMonitor crd (prometheus operator)
+      namespace: ""
       additionalLabels: {}
       relabelings: []
   operator:
@@ -382,17 +389,24 @@ prometheus:
       targetLabels: []
       podTargetLabels: []
       port: metrics
-      targetPort:
-      interval:
-      scrapeTimeout:
+      # -- Name or number of the target port of the Pod behind the Service,
+      # the port must be specified with container port property. Mutually exclusive with port
+      targetPort: ""
+      # -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
+      interval: ""
+      # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
+      scrapeTimeout: ""
       relabellings: []
       additionalLabels: {}
     podMonitor:
       # Enables PodMonitor creation for the Prometheus Operator
       enabled: false
-      interval:
-      scrapeTimeout:
-      namespace:
+      # -- Scraping interval for KEDA Operator using podMonitor crd (prometheus operator)
+      interval: ""
+      # -- Scraping timeout for KEDA Operator using podMonitor crd (prometheus operator)
+      scrapeTimeout: ""
+      # -- Scraping namespace for KEDA Operator using podMonitor crd (prometheus operator)
+      namespace: ""
       additionalLabels: {}
       relabelings: []
     prometheusRules:
@@ -419,9 +433,12 @@ prometheus:
       targetLabels: []
       podTargetLabels: []
       port: metrics
-      targetPort:
-      interval:
-      scrapeTimeout:
+      # -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
+      targetPort: ""
+      # -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
+      interval: ""
+      # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
+      scrapeTimeout: ""
       relabellings: []
       additionalLabels: {}
     prometheusRules:

modules/keda/config/values.yaml

@@ -738,19 +738,19 @@ variable "vpc_cni_version" {
 
 variable "ebs_csi_driver_version" {
   description = "Version of the ebs csi driver addon"
-  default     = "v1.36.0-eksbuild.1"
+  default     = "v1.41.0-eksbuild.1"
   type        = string
 }
 
 variable "metrics_server_version" {
   description = "Version of the metrics server addon"
-  default     = "3.12.1"
+  default     = "3.12.2"
   type        = string
 }
 
 variable "cluster_autoscaler_version" {
   description = "Version of the cluster autoscaler addon"
-  default     = "9.46.3"
+  default     = "9.46.6"
   type        = string
 }
 
@@ -762,19 +762,19 @@ variable "aws_node_termination_handler_version" {
 
 variable "keda_version" {
   description = "Version of the keda addon"
-  default     = "2.14.2"
+  default     = "2.17.0"
   type        = string
 }
 
 variable "karpenter_version" {
   description = "Version of the karpenter addon"
-  default     = "1.3.1"
+  default     = "1.3.3"
   type        = string
 }
 
 variable "external_secrets_version" {
   description = "Version of the external secrets addon"
-  default     = "0.9.19"
+  default     = "0.15.1"
   type        = string
 }
 
@@ -846,7 +846,7 @@ variable "falco_version" {
 
 variable "efs_version" {
   description = "Version of the efs addon"
-  default     = "2.3.2"
+  default     = "3.1.8"
   type        = string
 }
 
@@ -858,6 +858,6 @@ variable "vpa_enabled" {
 
 variable "vpa_version" {
   description = "Version of VPA CRD"
-  default     = "9.9.0"
+  default     = "10.0.0"
   type        = string
 }