From 1412c5929ae929b18ce612cc302958f32fdf149e Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 12 Jan 2024 15:48:52 +0000 Subject: [PATCH] Upgrade system charts Split out system and application charts Signed-off-by: Jacob Woffenden --- .../helm-charts-applications.tf | 76 +++++++++++++++ .../{helm-charts.tf => helm-charts-system.tf} | 97 ++----------------- 2 files changed, 86 insertions(+), 87 deletions(-) create mode 100644 terraform/environments/data-platform-apps-and-tools/helm-charts-applications.tf rename terraform/environments/data-platform-apps-and-tools/{helm-charts.tf => helm-charts-system.tf} (63%) diff --git a/terraform/environments/data-platform-apps-and-tools/helm-charts-applications.tf b/terraform/environments/data-platform-apps-and-tools/helm-charts-applications.tf new file mode 100644 index 00000000000..5bdb2a3f35f --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/helm-charts-applications.tf @@ -0,0 +1,76 @@ +resource "helm_release" "static_assets" { + name = "static-assets" + chart = "./src/helm/charts/static-assets" + namespace = kubernetes_namespace.static_assets.metadata[0].name + + set { + name = "ingress.host" + value = local.environment_configuration.static_assets_hostname + } + + depends_on = [helm_release.cert_manager_additional] +} + +resource "helm_release" "openmetadata_dependencies" { + name = "openmetadata-dependencies" + repository = "https://helm.open-metadata.org" + chart = "openmetadata-dependencies" + version = "1.2.1" + namespace = kubernetes_namespace.openmetadata.metadata[0].name + values = [ + templatefile( + "${path.module}/src/helm/openmetadata-dependencies/values.yml.tftpl", + { + openmetadata_airflow_password = random_password.openmetadata_airflow.result + openmetadata_airflow_eks_role_arn = module.openmetadata_airflow_iam_role.iam_role_arn + openmetadata_airflow_rds_host = module.openmetadata_airflow_rds.db_instance_address + openmetadata_airflow_rds_user = module.openmetadata_airflow_rds.db_instance_username + openmetadata_airflow_rds_db = module.openmetadata_airflow_rds.db_instance_name + openmetadata_airflow_rds_password_secret = kubernetes_secret.openmetadata_airflow_rds_credentials.metadata[0].name + openmetadata_airflow_rds_password_secret_key = "password" + openmetadata_airflow_admin_email = "${local.environment_configuration.airflow_mail_from_address}@${local.environment_configuration.ses_domain_identity}" + } + ) + ] + wait = true + timeout = 600 + + depends_on = [kubernetes_secret.openmetadata_airflow] +} + +resource "helm_release" "openmetadata" { + name = "openmetadata" + repository = "https://helm.open-metadata.org" + chart = "openmetadata" + version = "1.2.1" + namespace = kubernetes_namespace.openmetadata.metadata[0].name + values = [ + templatefile( + "${path.module}/src/helm/openmetadata/values.yml.tftpl", + { + host = "catalogue.${local.environment_configuration.route53_zone}" + eks_role_arn = module.openmetadata_iam_role.iam_role_arn + client_id = data.aws_secretsmanager_secret_version.openmetadata_entra_id_client_id.secret_string + tenant_id = data.aws_secretsmanager_secret_version.openmetadata_entra_id_tenant_id.secret_string + jwt_key_id = random_uuid.openmetadata_jwt.result + openmetadata_airflow_username = "${local.environment_configuration.airflow_mail_from_address}@${local.environment_configuration.ses_domain_identity}" + openmetadata_airflow_password_secret = kubernetes_secret.openmetadata_airflow.metadata[0].name + #checkov:skip=CKV_SECRET_6:Reference to Kubernetes secret not a sensitive value + openmetadata_airflow_password_secret_key = "openmetadata-airflow-password" + openmetadata_opensearch_host = resource.aws_opensearch_domain.openmetadata.endpoint + openmetadata_opensearch_user = "openmetadata" + openmetadata_opensearch_password_secret = kubernetes_secret.openmetadata_opensearch_credentials.metadata[0].name + openmetadata_opensearch_password_secret_key = "password" + openmetadata_rds_host = module.openmetadata_rds.db_instance_address + openmetadata_rds_user = module.openmetadata_rds.db_instance_username + openmetadata_rds_dbname = module.openmetadata_rds.db_instance_name + openmetadata_rds_password_secret = kubernetes_secret.openmetadata_rds_credentials.metadata[0].name + openmetadata_rds_password_secret_key = "password" + } + ) + ] + wait = true + timeout = 600 + + depends_on = [helm_release.openmetadata_dependencies] +} diff --git a/terraform/environments/data-platform-apps-and-tools/helm-charts.tf b/terraform/environments/data-platform-apps-and-tools/helm-charts-system.tf similarity index 63% rename from terraform/environments/data-platform-apps-and-tools/helm-charts.tf rename to terraform/environments/data-platform-apps-and-tools/helm-charts-system.tf index 7c2686f6dc5..c1cc8c89557 100644 --- a/terraform/environments/data-platform-apps-and-tools/helm-charts.tf +++ b/terraform/environments/data-platform-apps-and-tools/helm-charts-system.tf @@ -33,7 +33,7 @@ resource "helm_release" "cluster_autoscaler" { name = "cluster-autoscaler" repository = "https://kubernetes.github.io/autoscaler" chart = "cluster-autoscaler" - version = "9.29.4" + version = "9.34.1" namespace = "kube-system" values = [ @@ -53,7 +53,7 @@ resource "helm_release" "external_dns" { name = "external-dns" repository = "https://kubernetes-sigs.github.io/external-dns" chart = "external-dns" - version = "1.13.1" + version = "1.14.1" namespace = kubernetes_namespace.external_dns.metadata[0].name values = [ templatefile( @@ -71,7 +71,7 @@ resource "helm_release" "cert_manager" { name = "cert-manager" repository = "https://charts.jetstack.io" chart = "cert-manager" - version = "v1.13.2" + version = "v1.13.3" namespace = kubernetes_namespace.cert_manager.metadata[0].name values = [ templatefile( @@ -134,7 +134,7 @@ resource "helm_release" "ingress_nginx" { name = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" - version = "4.8.3" + version = "4.9.0" namespace = kubernetes_namespace.ingress_nginx.metadata[0].name values = [ templatefile( @@ -152,14 +152,14 @@ resource "helm_release" "velero" { name = "velero" repository = "https://vmware-tanzu.github.io/helm-charts" chart = "velero" - version = "5.1.3" + version = "5.2.0" namespace = kubernetes_namespace.velero_system.metadata[0].name values = [ templatefile( "${path.module}/src/helm/velero/values.yml.tftpl", { eks_role_arn = module.velero_role.iam_role_arn - velero_aws_plugin_version = "v1.8.1" + velero_aws_plugin_version = "v1.8.2" velero_bucket = module.velero_s3_bucket.bucket.id velero_prefix = module.eks.cluster_name aws_region = data.aws_region.current.name @@ -173,7 +173,7 @@ resource "helm_release" "external_secrets" { name = "external-secrets" repository = "https://charts.external-secrets.io" chart = "external-secrets" - version = "0.9.8" + version = "0.9.11" namespace = kubernetes_namespace.external_secrets.metadata[0].name values = [ templatefile( @@ -190,7 +190,7 @@ resource "helm_release" "policy_controller" { name = "policy-controller" repository = "https://sigstore.github.io/helm-charts" chart = "policy-controller" - version = "0.6.5" + version = "0.6.7" namespace = kubernetes_namespace.cosign_system.metadata[0].name values = [templatefile("${path.module}/src/helm/policy-controller/values.yml.tftpl", {})] @@ -201,7 +201,7 @@ resource "helm_release" "aws_for_fluent_bit" { name = "aws-for-fluent-bit" repository = "https://aws.github.io/eks-charts" chart = "aws-for-fluent-bit" - version = "0.1.31" + version = "0.1.32" namespace = "kube-system" values = [ templatefile( @@ -216,75 +216,11 @@ resource "helm_release" "aws_for_fluent_bit" { depends_on = [helm_release.gatekeeper] } -resource "helm_release" "openmetadata_dependencies" { - name = "openmetadata-dependencies" - repository = "https://helm.open-metadata.org" - chart = "openmetadata-dependencies" - version = "1.2.1" - namespace = kubernetes_namespace.openmetadata.metadata[0].name - values = [ - templatefile( - "${path.module}/src/helm/openmetadata-dependencies/values.yml.tftpl", - { - openmetadata_airflow_password = random_password.openmetadata_airflow.result - openmetadata_airflow_eks_role_arn = module.openmetadata_airflow_iam_role.iam_role_arn - openmetadata_airflow_rds_host = module.openmetadata_airflow_rds.db_instance_address - openmetadata_airflow_rds_user = module.openmetadata_airflow_rds.db_instance_username - openmetadata_airflow_rds_db = module.openmetadata_airflow_rds.db_instance_name - openmetadata_airflow_rds_password_secret = kubernetes_secret.openmetadata_airflow_rds_credentials.metadata[0].name - openmetadata_airflow_rds_password_secret_key = "password" - openmetadata_airflow_admin_email = "${local.environment_configuration.airflow_mail_from_address}@${local.environment_configuration.ses_domain_identity}" - } - ) - ] - wait = true - timeout = 600 - - depends_on = [kubernetes_secret.openmetadata_airflow] -} - -resource "helm_release" "openmetadata" { - name = "openmetadata" - repository = "https://helm.open-metadata.org" - chart = "openmetadata" - version = "1.2.1" - namespace = kubernetes_namespace.openmetadata.metadata[0].name - values = [ - templatefile( - "${path.module}/src/helm/openmetadata/values.yml.tftpl", - { - host = "catalogue.${local.environment_configuration.route53_zone}" - eks_role_arn = module.openmetadata_iam_role.iam_role_arn - client_id = data.aws_secretsmanager_secret_version.openmetadata_entra_id_client_id.secret_string - tenant_id = data.aws_secretsmanager_secret_version.openmetadata_entra_id_tenant_id.secret_string - jwt_key_id = random_uuid.openmetadata_jwt.result - openmetadata_airflow_username = "${local.environment_configuration.airflow_mail_from_address}@${local.environment_configuration.ses_domain_identity}" - openmetadata_airflow_password_secret = kubernetes_secret.openmetadata_airflow.metadata[0].name - #checkov:skip=CKV_SECRET_6:Reference to Kubernetes secret not a sensitive value - openmetadata_airflow_password_secret_key = "openmetadata-airflow-password" - openmetadata_opensearch_host = resource.aws_opensearch_domain.openmetadata.endpoint - openmetadata_opensearch_user = "openmetadata" - openmetadata_opensearch_password_secret = kubernetes_secret.openmetadata_opensearch_credentials.metadata[0].name - openmetadata_opensearch_password_secret_key = "password" - openmetadata_rds_host = module.openmetadata_rds.db_instance_address - openmetadata_rds_user = module.openmetadata_rds.db_instance_username - openmetadata_rds_dbname = module.openmetadata_rds.db_instance_name - openmetadata_rds_password_secret = kubernetes_secret.openmetadata_rds_credentials.metadata[0].name - openmetadata_rds_password_secret_key = "password" - } - ) - ] - wait = true - timeout = 600 - - depends_on = [helm_release.openmetadata_dependencies] -} - resource "helm_release" "amazon_managed_prometheus_proxy" { name = "prometheus-proxy" repository = "https://prometheus-community.github.io/helm-charts" chart = "prometheus" - version = "25.4.0" + version = "25.8.2" namespace = kubernetes_namespace.prometheus.metadata[0].name values = [ templatefile( @@ -303,16 +239,3 @@ resource "helm_release" "amazon_managed_prometheus_proxy" { depends_on = [helm_release.gatekeeper] } - -resource "helm_release" "static_assets" { - name = "static-assets" - chart = "./src/helm/charts/static-assets" - namespace = kubernetes_namespace.static_assets.metadata[0].name - - set { - name = "ingress.host" - value = local.environment_configuration.static_assets_hostname - } - - depends_on = [helm_release.cert_manager_additional] -}