Merge branch 'eks-cluster-update' into dop-2328

aws_specific_modules.tf

@@ -111,10 +111,9 @@ resource "aws_eks_addon" "guardduty" {
   ]
   count = var.eks_addon_version_guardduty != null ? 1 : 0
 
-
   cluster_name      = var.label
   addon_name        = "aws-guardduty-agent"
-  addon_version     = "v1.5.0-eksbuild.1"
+  addon_version     = "v1.7.1-eksbuild.1"
   resolve_conflicts = "OVERWRITE"
 
   preserve = true

azure/ipa.tf

@@ -470,33 +470,33 @@ resource "kubernetes_config_map" "azure_dns_credentials" {
 }
 
 
-resource "kubectl_manifest" "thanos-storage-secret" {
-  count      = var.thanos_enabled ? 1 : 0
-  depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
-  yaml_body  = <<YAML
-    apiVersion: "secrets.hashicorp.com/v1beta1"
-    kind: "VaultStaticSecret"
-    metadata:
-      name:  vault-thanos-storage
-      namespace: default
-    spec:
-      type: "kv-v2"
-      namespace: default
-      mount: customer-Indico-Devops
-      path: thanos-storage
-      refreshAfter: 60s
-      rolloutRestartTargets:
-        - name: prometheus-monitoring-kube-prometheus-prometheus
-          kind: StatefulSet
-      destination:
-        annotations:
-          reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-          reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
-        create: true
-        name: thanos-storage
-      vaultAuthRef: default
-  YAML
-}
+# resource "kubectl_manifest" "thanos-storage-secret" {
+#   count      = var.thanos_enabled ? 1 : 0
+#   depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
+#   yaml_body  = <<YAML
+#     apiVersion: "secrets.hashicorp.com/v1beta1"
+#     kind: "VaultStaticSecret"
+#     metadata:
+#       name:  vault-thanos-storage
+#       namespace: default
+#     spec:
+#       type: "kv-v2"
+#       namespace: default
+#       mount: customer-Indico-Devops
+#       path: thanos-storage
+#       refreshAfter: 60s
+#       rolloutRestartTargets:
+#         - name: prometheus-monitoring-kube-prometheus-prometheus
+#           kind: StatefulSet
+#       destination:
+#         annotations:
+#           reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+#           reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+#         create: true
+#         name: thanos-storage
+#       vaultAuthRef: default
+#   YAML
+# }
 
 
 resource "kubectl_manifest" "custom-cluster-issuer" {

azure/main.tf

@@ -14,7 +14,7 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.12.1"
+      version = ">= 2.33.0"
     }
     kubectl = {
       source = "gavinbunney/kubectl"

azure/monitoring.tf

@@ -10,19 +10,25 @@ ingress-nginx:
   EOT
   ) : ""
 
+  # thanos_config = var.thanos_enabled == true ? (<<EOT
+  #     thanos: # this is the one being used
+  #       blockSize: 5m
+  #       objectStorageConfig:
+  #         existingSecret:
+  #           name: thanos-storage
+  #           key: thanos_storage.yaml
+  # EOT
+  #   ) : (<<EOT
+  #     thanos: {}
+  # EOT
+  # )
   thanos_config = var.thanos_enabled == true ? (<<EOT
-      thanos: # this is the one being used
-        blockSize: 5m
-        objectStorageConfig:
-          existingSecret:
-            name: thanos-storage
-            key: thanos_storage.yaml
+      thanos: {}
   EOT
     ) : (<<EOT
       thanos: {}
   EOT
-  )
-
+  # )
   alerting_configuration_values = var.alerting_enabled == false ? (<<EOT
 noExtraConfigs: true
   EOT
@@ -70,13 +76,13 @@ EOT
       reloader.stakater.com/auto: "true"
 
     thanosServiceMonitor:
-      enabled: ${var.thanos_enabled}
+      enabled: false #${var.thanos_enabled}
 
     thanosService:
-      enabled:  ${var.thanos_enabled}
+      enabled:  false #${var.thanos_enabled}
 
     prometheusSpec:
-      disableCompaction: ${var.thanos_enabled}
+      disableCompaction: false #${var.thanos_enabled}
       externalLabels:
         clusterAccount: ${var.account}
         clusterRegion: ${var.region}
@@ -129,13 +135,13 @@ ${local.thanos_config}
       reloader.stakater.com/auto: "true"
 
     thanosServiceMonitor:
-      enabled: ${var.thanos_enabled}
+      enabled: false #${var.thanos_enabled}
 
     thanosService:
-      enabled: ${var.thanos_enabled}
+      enabled: false #${var.thanos_enabled}
     
     prometheusSpec:
-      disableCompaction: ${var.thanos_enabled}
+      disableCompaction: false #${var.thanos_enabled}
       externalLabels:
         clusterAccount: ${var.account}
         clusterRegion: ${var.region}
@@ -300,57 +306,57 @@ ${local.private_dns_config}
   ]
 }
 
-resource "kubectl_manifest" "thanos-datasource-credentials" {
-  count     = var.thanos_enabled ? 1 : 0
-  provider  = kubectl.thanos-kubectl
-  yaml_body = <<YAML
-apiVersion: v1
-stringData:
-  admin-password: ${random_password.monitoring-password.result}
-kind: Secret
-metadata:
-  name: ${replace(local.dns_name, ".", "-")}
-  namespace: default
-type: Opaque
-  YAML
-}
-
-resource "kubectl_manifest" "thanos-datasource" {
-  count      = var.thanos_enabled ? 1 : 0
-  depends_on = [kubectl_manifest.thanos-datasource-credentials]
-  provider   = kubectl.thanos-kubectl
-  yaml_body  = <<YAML
-apiVersion: grafana.integreatly.org/v1beta1
-kind: GrafanaDatasource
-metadata:
-  name: ${replace(local.dns_name, ".", "-")}
-  namespace: default
-spec:
-  valuesFrom:
-    - targetPath: "secureJsonData.basicAuthPassword"
-      valueFrom:
-        secretKeyRef:
-          name: ${replace(local.dns_name, ".", "-")}
-          key: admin-password
-  datasource:
-    basicAuth: true
-    basicAuthUser: monitoring
-    editable: false
-    access: proxy
-    editable: true
-    jsonData:
-      timeInterval: 5s
-      tlsSkipVerify: true
-    name: ${local.dns_name}
-    secureJsonData:
-      basicAuthPassword: $${admin-password}
-    type: prometheus
-    url: https://prometheus.${local.dns_name}/prometheus
-  instanceSelector:
-    matchLabels:
-      dashboards: external-grafana
-  YAML
-}
+# resource "kubectl_manifest" "thanos-datasource-credentials" {
+#   count     = var.thanos_enabled ? 1 : 0
+#   provider  = kubectl.thanos-kubectl
+#   yaml_body = <<YAML
+# apiVersion: v1
+# stringData:
+#   admin-password: ${random_password.monitoring-password.result}
+# kind: Secret
+# metadata:
+#   name: ${replace(local.dns_name, ".", "-")}
+#   namespace: default
+# type: Opaque
+#   YAML
+# }
+
+# resource "kubectl_manifest" "thanos-datasource" {
+#   count      = var.thanos_enabled ? 1 : 0
+#   depends_on = [kubectl_manifest.thanos-datasource-credentials]
+#   provider   = kubectl.thanos-kubectl
+#   yaml_body  = <<YAML
+# apiVersion: grafana.integreatly.org/v1beta1
+# kind: GrafanaDatasource
+# metadata:
+#   name: ${replace(local.dns_name, ".", "-")}
+#   namespace: default
+# spec:
+#   valuesFrom:
+#     - targetPath: "secureJsonData.basicAuthPassword"
+#       valueFrom:
+#         secretKeyRef:
+#           name: ${replace(local.dns_name, ".", "-")}
+#           key: admin-password
+#   datasource:
+#     basicAuth: true
+#     basicAuthUser: monitoring
+#     editable: false
+#     access: proxy
+#     editable: true
+#     jsonData:
+#       timeInterval: 5s
+#       tlsSkipVerify: true
+#     name: ${local.dns_name}
+#     secureJsonData:
+#       basicAuthPassword: $${admin-password}
+#     type: prometheus
+#     url: https://prometheus.${local.dns_name}/prometheus
+#   instanceSelector:
+#     matchLabels:
+#       dashboards: external-grafana
+#   YAML
+# }
 
 
 resource "helm_release" "keda-monitoring" {

azure/user_vars.auto.tfvars

@@ -8,7 +8,7 @@ vnet_cidr               = "192.168.0.0/20"
 subnet_cidrs            = ["192.168.0.0/22"]
 storage_account_name    = ""
 private_cluster_enabled = false
-k8s_version             = "1.29"
+k8s_version             = "1.31"
 
 default_node_pool = {
   name       = "defaultpool"

azure/variables.tf

@@ -206,7 +206,7 @@ variable "svp_client_secret" {
 
 variable "k8s_version" {
   type        = string
-  default     = "1.29"
+  default     = "1.31"
   description = "The version of the kubernetes cluster"
 }
 
@@ -642,7 +642,7 @@ variable "thanos_cluster_name" {
 
 variable "thanos_enabled" {
   type    = bool
-  default = false
+  default = true
 }
 
 variable "harness_delegate" {