Bug fixes (#41)

CMS-Enterprise · Aug 11, 2024 · 65874b4 · 65874b4
2 parents c87db00 + 33e964e
commit 65874b4
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 67 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@ k8s/.terraform
 *.tfvars
 .DS_Store
 *.tfstate
+*.tfstate.*
 
 # Editor backups
 .*.sw?

diff --git a/addons/karpenter.tf b/addons/karpenter.tf
@@ -80,7 +80,7 @@ resource "kubectl_manifest" "karpenter_nodepool" {
             {
               key      = "karpenter.k8s.aws/instance-cpu"
               operator = "In"
-              values   = ["4", "8"]
+              values   = ["4", "8", "16", "32"]
             },
             {
               key      = "topology.kubernetes.io/zone"
@@ -124,6 +124,9 @@ resource "kubectl_manifest" "karpenter_ec2nodeclass" {
       securityGroupSelectorTerms = [
         {
           id = var.eks_node_security_group_id
+        },
+        {
+          id = var.eks_cluster_security_group_id
         }
       ]
       instanceProfile = local.iam_instance_profile_name[0]

diff --git a/addons/values/argocd/sso_values.yaml.tpl b/addons/values/argocd/sso_values.yaml.tpl
diff --git a/addons/values/argocd/values.yaml.tpl b/addons/values/argocd/values.yaml.tpl
@@ -48,7 +48,7 @@ server:
         [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
     aws:
       serviceType: NodePort
-      backendProtocolVersion: HTTP2
+      backendProtocolVersion: HTTP1
     service:
       servicePortHttpName: http
       servicePortHttp: 8080

diff --git a/eks.tf b/eks.tf
@@ -53,9 +53,9 @@ module "eks" {
   node_security_group_additional_rules = merge(var.eks_security_group_additional_rules, {
     ingress_alb = {
       description              = "Allow traffic from ALB"
-      protocol                 = "TCP"
+      protocol                 = -1
       from_port                = 0
-      to_port                  = 65535
+      to_port                  = 0
       type                     = "ingress"
       source_security_group_id = aws_security_group.alb.id
     }
@@ -131,7 +131,7 @@ module "eks_addons" {
   eks_cluster_cidr              = module.eks.cluster_service_cidr
   eks_cluster_ip_family         = module.eks.cluster_ip_family
   eks_cluster_name              = module.eks.cluster_name
-  eks_cluster_security_group_id = module.eks.cluster_security_group_id
+  eks_cluster_security_group_id = module.eks.cluster_primary_security_group_id
   eks_launch_template_name      = module.main_nodes.launch_template_name
   eks_node_iam_role_arn         = module.main_nodes.iam_role_arn
   eks_node_iam_role_name        = module.main_nodes.iam_role_name

diff --git a/provider.tf b/provider.tf
@@ -8,6 +8,12 @@ provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.main.token
+    # Helm needs to use this plugin due to the short lived token of AWS EKS.
+    # Without this plugin we were experiencing issues with the token expiring.
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+      command     = "aws"
+    }
   }
 }
diff --git a/releases/3.1.4.md b/releases/3.1.4.md
@@ -0,0 +1,12 @@
+# Release Notes
+
+## [Version 3.1.4] - 2024-08-11
+
+### Improvements
+- Updated Karpenter to support a more wide array of instance sizes.
+- Updated ALB security group allow rule for eks cluster to be properly formatted.
+- Removed a file for ArgoCD SSO values that was no longer necessary.
+
+### Bug Fixes
+- Fix issues where Karpenter nodes were not successfully joining ALB target groups.
+- Fix issue where argocd GPRC backend target group was showing as not healthy.