sassoftware · dhoucgitter · Dec 3, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024
diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml
@@ -58,11 +58,16 @@ jobs:
       # with the plugin, not needed for regular project use.
     - name: Initializing modules
       run: |
+       terraform init
        terraform -chdir=modules/aws_autoscaling init
+       terraform -chdir=modules/aws_fsx_ontap init
        terraform -chdir=modules/aws_ebs_csi init
+       terraform -chdir=modules/aws_vm init
+       terraform -chdir=modules/aws_vpc init
+       terraform -chdir=modules/kubeconfig init
 
     - name: Initializing TFLint
-      run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl"
+      run: TFLINT_LOG=info tflint --recursive --init -c "$(pwd)/linting-configs/.tflint.hcl"
 
     - name: Run TFLint Action
       run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive
diff --git a/Dockerfile b/Dockerfile
@@ -2,20 +2,28 @@ ARG TERRAFORM_VERSION=1.9.6
 ARG AWS_CLI_VERSION=2.17.58
 FROM hashicorp/terraform:$TERRAFORM_VERSION AS terraform
 
+FROM almalinux:minimal AS amin
+WORKDIR /app
+USER root
+ARG KUBECTL_VERSION=1.30.6
+ARG KUBECTL_CHECKSUM=7a3adf80ca74b1b2afdfc7f4570f0005ca03c2812367ffb6ee2f731d66e45e61
+RUN /usr/bin/bash -eux \
+  && curl -fSLO https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
+  && chmod 755 ./kubectl \
+  && sha256sum --check --strict <(echo ${KUBECTL_CHECKSUM}  kubectl)
+
 FROM amazon/aws-cli:$AWS_CLI_VERSION
-ARG KUBECTL_VERSION=1.29.8
 
 WORKDIR /viya4-iac-aws
 
+COPY --from=amin /app/kubectl /usr/local/bin/kubectl
 COPY --from=terraform /bin/terraform /bin/terraform
 COPY . .
 
 RUN yum -y install git openssh jq which \
   && yum -y update openssl-libs glib2 vim-minimal vim-data curl \
   && yum clean all && rm -rf /var/cache/yum \
-  && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
-  && chmod 755 ./kubectl /viya4-iac-aws/docker-entrypoint.sh \
-  && mv ./kubectl /usr/local/bin/kubectl \
+  && chmod 755 /viya4-iac-aws/docker-entrypoint.sh \
   && git config --system --add safe.directory /viya4-iac-aws \
   && terraform init \
   && chmod g=u -R /etc/passwd /etc/group /viya4-iac-aws

diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ The following are also required:
 #### Terraform Requirements:
 
 - [Terraform](https://www.terraform.io/downloads.html) v1.9.6
-- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.29.8
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - v1.30.6
 - [jq](https://stedolan.github.io/jq/) v1.6
 - [AWS CLI](https://aws.amazon.com/cli) (optional; useful as an alternative to the AWS Web Console) v2.17.58
 

diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -257,7 +257,7 @@ Custom policy:
 | <div style="width:50px">Name</div> | <div style="width:150px">Description</div> | <div style="width:50px">Type</div> | <div style="width:75px">Default</div> | <div style="width:150px">Notes</div> |
 | :--- | :--- | :--- | :--- | :--- |
 | create_static_kubeconfig | Allows the user to create a provider- or service account-based kubeconfig file | bool | true | A value of `false` defaults to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` creates a static kubeconfig that uses a service account and cluster role binding to provide credentials. |
-| kubernetes_version | The EKS cluster Kubernetes version | string | "1.29" | |
+| kubernetes_version | The EKS cluster Kubernetes version | string | "1.30" | |
 | create_jump_vm | Create bastion host (jump VM) | bool | true| |
 | create_jump_public_ip | Add public IP address to jump VM | bool | true | |
 | jump_vm_admin | OS admin user for the jump VM | string | "jumpuser" | |

diff --git a/examples/sample-input-byo.tfvars b/examples/sample-input-byo.tfvars
@@ -37,7 +37,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-connect.tfvars b/examples/sample-input-connect.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-custom-data.tfvars b/examples/sample-input-custom-data.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-gpu.tfvars b/examples/sample-input-gpu.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-ha.tfvars b/examples/sample-input-ha.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-minimal.tfvars b/examples/sample-input-minimal.tfvars
@@ -27,7 +27,7 @@ tags = {} # e.g., { "key1" = "value1", "key2" = "value2" }
 # }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 1
 default_nodepool_vm_type     = "m5.large"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input-singlestore.tfvars b/examples/sample-input-singlestore.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/examples/sample-input.tfvars b/examples/sample-input.tfvars
@@ -27,7 +27,7 @@ postgres_servers = {
 }
 
 ## Cluster config
-kubernetes_version           = "1.29"
+kubernetes_version           = "1.30"
 default_nodepool_node_count  = 2
 default_nodepool_vm_type     = "m5.2xlarge"
 default_nodepool_custom_data = ""

diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml
@@ -5,3 +5,5 @@
 ignored:
   # Specify version with yum install -y <package>-<version> - https://github.com/hadolint/hadolint/wiki/DL3033
   - DL3033
+  - DL3002
+  - SC3001
diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl
@@ -13,12 +13,13 @@ config {
 
 plugin "aws" {
   enabled = true
-  version = "0.27.0"
+  version = "0.34.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
 
 plugin "terraform" {
   enabled = true
+  preset = "recommended"
 }
 
 # Disallow // comments in favor of #.
@@ -56,37 +57,10 @@ rule "terraform_module_version" {
   enabled = true
 }
 
-# Enforces naming conventions
+## Enforces naming conventions
 rule "terraform_naming_convention" {
-  enabled = true
-  custom = "^([a-zA-Z0-9])+([_-][a-zA-Z0-9]+)*$"
-
-#Require specific naming structure
-
-# variable {
-# format = "snake_case"
-# }
-
-# locals {
-# format = "snake_case"
-# }
-
-# output {
-# format = "snake_case"
-# }
-
-#Allow any format
-# resource {
-#   format = "none"
-# }
-
-# module {
-#   format = "none"
-# }
-
-# data {
-#   format = "none"
-# }
+  enabled = false
+#  custom = "^([a-zA-Z0-9])+([_-][a-zA-Z0-9]+)*$"
 
 }
 

diff --git a/locals.tf b/locals.tf
@@ -7,8 +7,7 @@ locals {
   aws_caller_identity_user_name = element(split("/", data.aws_caller_identity.terraform.arn), length(split("/", data.aws_caller_identity.terraform.arn)) - 1)
 
   # General
-  sec_group                 = (length(aws_security_group.sg_a) == 0 && length(aws_security_group.sg_b) == 0) ? null : coalescelist(aws_security_group.sg_a, aws_security_group.sg_b)
-  security_group_id         = var.security_group_id == null ? local.sec_group[0].id : data.aws_security_group.sg[0].id
+  security_group_id         = var.security_group_id == null ? aws_security_group.sg[0].id : data.aws_security_group.sg[0].id
   cluster_security_group_id = var.cluster_security_group_id == null ? aws_security_group.cluster_security_group[0].id : var.cluster_security_group_id
   workers_security_group_id = var.workers_security_group_id == null ? aws_security_group.workers_security_group[0].id : var.workers_security_group_id
   cluster_name              = "${var.prefix}-eks"
@@ -166,7 +165,16 @@ locals {
   postgres_servers = var.postgres_servers == null ? {} : { for k, v in var.postgres_servers : k => merge(var.postgres_server_defaults, v, ) }
   postgres_sgr_ports = var.postgres_servers != null ? length(local.postgres_servers) != 0 ? [for k, v in local.postgres_servers :
     v.server_port
-  ] : [] : null
+  ] : [] : []
+  postgres_cidr_port_pairs = setproduct(local.postgres_sgr_ports, local.postgres_public_access_cidrs)
+
+  ingress_pairs = length(local.postgres_cidr_port_pairs) != 0 ? { for pair in local.postgres_cidr_port_pairs :
+    "${pair[0]}-${pair[1]}" => {
+      "server_port" : pair[0],
+      "cidr" : pair[1]
+    }
+  } : {}
+
 
   postgres_outputs = length(module.postgresql) != 0 ? { for k, v in module.postgresql :
     k => {
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,3 +5,5 @@ @@
     ignored:
       # Specify version with yum install -y <package>-<version> - https://github.com/hadolint/hadolint/wiki/DL3033
       - DL3033
+      - DL3002
+      - SC3001