Bump EKS and RDS (#176)

terraform/eks.tf

@@ -4,18 +4,19 @@ module "eks-production" {
   source          = "terraform-aws-modules/eks/aws"
   version         = "18.4.0"
   cluster_name    = local.k8s_cluster_name
-  cluster_version = "1.22"
+  cluster_version = "1.23"
   subnet_ids      = module.vpc.private_subnets
   vpc_id          = module.vpc.vpc_id
   eks_managed_node_groups = {
     spot = {
-      max_size = local.k8s_cluster_size
-      min_size = local.k8s_cluster_size
+      desired_size = local.k8s_cluster_size
+      max_size     = local.k8s_cluster_size
+      min_size     = local.k8s_cluster_size
 
       create_launch_template = false
       launch_template_name   = ""
       disk_size              = 50
-      instance_types         = ["r5d.large"]
+      instance_types         = ["r5d.xlarge"]
       capacity_type          = "SPOT"
     }
   }

terraform/main.tf

@@ -27,7 +27,7 @@ locals {
     "penn-courses",
     "platform",
     "platform-dev",
-    "penn-mobile"
+    "penn-mobile",
   ])
   iam_service_accounts = setunion(local.products,
     toset([

terraform/modules/base_cluster/traefik.tf

@@ -2,7 +2,7 @@ resource "helm_release" "traefik" {
   name       = "traefik"
   repository = "https://traefik.github.io/charts"
   chart      = "traefik"
-  version    = "20.8.0"
+  version    = "21.0.0"
   namespace  = "kube-system"
 
   values = var.traefik_values

terraform/rds.tf

@@ -30,9 +30,10 @@ resource "aws_db_subnet_group" "rds" {
 
 resource "aws_db_instance" "production" {
   identifier                          = "production"
-  instance_class                      = "db.t3.2xlarge"
+  instance_class                      = "db.t3.xlarge"
   engine                              = "postgres"
-  engine_version                      = "11.16"
+  engine_version                      = "15.4"
+  parameter_group_name                = aws_db_parameter_group.timeouts.name
   availability_zone                   = "us-east-1a"
   allocated_storage                   = 20
   max_allocated_storage               = 200
@@ -42,12 +43,41 @@ resource "aws_db_instance" "production" {
   db_subnet_group_name                = aws_db_subnet_group.rds.name
   vpc_security_group_ids              = [aws_security_group.rds.id]
   publicly_accessible                 = true
+
   tags = {
     Name       = "Production",
     created-by = "terraform"
   }
 }
 
+resource "aws_db_parameter_group" "timeouts" {
+  name        = "rds-pg"
+  family      = "postgres15"
+  description = "Custom Timeout RDS parameter group for Postgres 15"
+
+  parameter {
+    name  = "idle_in_transaction_session_timeout"
+    value = "30000"
+  }
+
+  parameter {
+    name  = "deadlock_timeout"
+    value = "20000"
+  }
+
+  parameter {
+    name  = "statement_timeout"
+    value = "30000000"
+  }
+
+  // Datadog does not use SSL as of now, so we need to disable it.
+  // This is a temporary measure and we should try to figure out Datadog with SSL in the future.
+  parameter {
+    name  = "rds.force_ssl"
+    value = "0"
+  }
+}
+
 resource "random_password" "postgres-password" {
   for_each = setunion(local.database_users, local.readonly_users)
   length   = 64

terraform/vpc.tf

@@ -9,11 +9,12 @@ module "vpc" {
   cidr = "10.0.0.0/16"
   azs  = data.aws_availability_zones.available.names
   # Generate 6 non-overlapping subnets for our VPC. This results in 2^(32-20)=2^12=4096 IPs per subnet.
-  private_subnets      = ["10.0.0.0/20", "10.0.16.0/20", "10.0.32.0/20"]
-  public_subnets       = ["10.0.48.0/20", "10.0.64.0/20", "10.0.80.0/20"]
-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
+  private_subnets         = ["10.0.0.0/20", "10.0.16.0/20", "10.0.32.0/20"]
+  public_subnets          = ["10.0.48.0/20", "10.0.64.0/20", "10.0.80.0/20"]
+  enable_nat_gateway      = true
+  single_nat_gateway      = true
+  enable_dns_hostnames    = true
+  map_public_ip_on_launch = true
 
   tags = {
     created-by                                        = "terraform"