Update EKS basic components
What && why
Update EKS cluster and basic Kubernetes components for better behavior on initial deployment and on terraform destroy
.
- Update minimum Terraform version to 1.1.0 and use
one()
where applicable to manage resources that can be disabled withcount = 0
and for bug fixes regarding destroy behavior - Update
terraform-aws-eks-cluster
to v2.5.0 for better destroy behavior - Update all components' (plus
account-map/modules/
)remote-state
to v1.2.0 for better destroy behavior - Update all components'
helm-release
to v0.7.0 and move namespace creation via Kubernetes provider into it to avoid race conditions regarding creating IAM roles, Namespaces, and deployments, and to delete namespaces when destroyed - Update
alb-controller
to deploy a default IngressClass for central, obvious configuration of shared default ingress for services that do not have special needs. - Add
alb-controller-ingress-class
for the rare case when we want to deploy a non-default IngressClass outside of the component that will be using it - Update
echo-server
to use the default IngressClass and not specify any configuration that affects other Ingresses, and remove dependence onalb-controller-ingress-group
(which should be deprecated in favor ofalb-controller-ingress-class
and perhaps a specialized futurealb-controller-ingress
) - Update
cert-manager
to removedefault.auto.tfvars
(which had a lot of settings) and add dependencies so that initial deployment succeeds in oneterraform apply
and destroy works in oneterraform destroy
- Update
external-dns
to removedefault.auto.tfvars
(which had a lot of settings) - Update
karpenter
to v0.18.0, fix/update IAM policy (README still needs work, but leaving that for another day) - Update
karpenter-provisioner
to require Terraform 1.3 and make elements of the Provisioner configuration optional. Support block device mappings (previously broken). Avoid perpetual Terraform plan diff/drift caused by setting fields tonull
. - Update
reloader
- Update
mixins/provider-helm
to better supportterraform destroy
and to default the Kubernetes client authentication API version toclient.authentication.k8s.io/v1beta1