chore(ci): switch eks CI to FIPS ami, update to 1.31 k8s testing#1474
Merged
chore(ci): switch eks CI to FIPS ami, update to 1.31 k8s testing#1474
Conversation
noahpb
reviewed
Apr 18, 2025
Contributor
Author
|
@noahpb updates pushed on feedback - holding off on CI still until some of the parallel PRs make it in to reduce churn. |
noahpb
approved these changes
Apr 22, 2025
Contributor
noahpb
left a comment
noahpb
left a comment
There was a problem hiding this comment.
This is great to see! Lots of improvements here. LGTM!
This was referenced Apr 24, 2025
Closed
noahpb
pushed a commit
that referenced
this pull request
Apr 29, 2025
🤖 I have created a release *beep* *boop* --- ## [0.41.0](v0.40.1...v0.41.0) (2025-04-28) ### Features * add conditional netpol for coredns ([#1501](#1501)) ([fc7ace3](fc7ace3)) * client credential registration default ([#1482](#1482)) ([894c5d9](894c5d9)) * keycloak fips mode ([#1469](#1469)) ([74e632e](74e632e)) * operator ambient mode ([#1496](#1496)) ([71f03fd](71f03fd)) * opt Grafana into ambient ([#1466](#1466)) ([dac2d3e](dac2d3e)) * opt logging into ambient ([#1472](#1472)) ([117d586](117d586)) * opt metrics-server into ambient ([#1458](#1458)) ([01c2ec6](01c2ec6)) * opt velero into ambient ([#1490](#1490)) ([a0591c7](a0591c7)) ### Bug Fixes * **ci:** permissions on release workflow ([#1507](#1507)) ([cb12f13](cb12f13)) * **ci:** renovate readiness version loop fix ([#1488](#1488)) ([a40c15b](a40c15b)) * update loki images to fips images ([#1502](#1502)) ([eb20b4e](eb20b4e)) ### Miscellaneous * **ci:** automated renovate readiness action checks ([#1465](#1465)) ([ed0ca6b](ed0ca6b)) * **ci:** switch eks CI to FIPS ami, update to 1.31 k8s testing ([#1474](#1474)) ([7307d03](7307d03)) * **deps:** update grafana ([#1489](#1489)) ([0c063f1](0c063f1)) * **deps:** update istio to v1.25.2 ([#1461](#1461)) ([1067560](1067560)) * **deps:** update istio to v1.3.0 ([#1491](#1491)) ([9066584](9066584)) * **deps:** update keycloak to v0.13.0 ([#1506](#1506)) ([04d42ef](04d42ef)) * **deps:** update keycloak to v26.2.0 ([#1452](#1452)) ([927a57b](927a57b)) * **deps:** update keycloak to v26.2.1 ([#1486](#1486)) ([d68cad8](d68cad8)) * **deps:** update loki ([#1483](#1483)) ([3a697df](3a697df)) * **deps:** update neuvector ([#1417](#1417)) ([4c0d95d](4c0d95d)) * **deps:** update pepr ([#1454](#1454)) ([a98640f](a98640f)) * **deps:** update support dependencies to v4.7.0 ([#1477](#1477)) ([dcee0a3](dcee0a3)) * **deps:** update support-deps ([#1473](#1473)) ([3d9d501](3d9d501)) * **deps:** update support-deps ([#1480](#1480)) ([c41f359](c41f359)) * **deps:** update support-deps ([#1481](#1481)) ([cc2af2b](cc2af2b)) * **deps:** update support-deps ([#1487](#1487)) ([cdcba75](cdcba75)) * **deps:** update support-deps ([#1493](#1493)) ([88cbf29](88cbf29)) * **deps:** update support-deps ([#1497](#1497)) ([f308176](f308176)) * **deps:** update velero ([#1453](#1453)) ([7330ea9](7330ea9)) * **deps:** update velero ([#1492](#1492)) ([ff504c0](ff504c0)) * **deps:** update velero to v1.32.4 ([#1484](#1484)) ([06709e8](06709e8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
…enseunicorns#1474) ## Description This PR focuses on IAC changes for nightly/weekly CI: - Switches to FIPS AMI for EKS: This improves our test coverage on FIPS hosts - Switches to Tofu deployment of EKS instead of eksctl: This is the bulk of the changes and is partially to support the AMI switch but also to improve speed of testing. Note that this is intentional optimized for CI speed (reusing vpc, subnets, reducing logging, etc). This reduces the overall EKS test time by ~15 minutes. - Updates to 1.31.x k8s for all 3 distros (k3d is already 1.31) - Adds `--skip-sbom` arg to the package creation for IAC testing (more speed gains) - Disables the HPA on zarf registry for all IAC clusters: we have seen some flakiness with this recently where registry pods cycling during image pushes causes a disconnect/CI failure - Removes the local uds-config files which get replace by CI and adds configs as gitignored. During a local/dev deployment these files get updated with specific secrets and can easily be accidentally committed. The stubbed out files don't provide significant value in my opinion, but we could move them or document this differently if people see value in keeping them. ## Related Issue N/A - testing gap identified by recent issues. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate CI should fully validate changes. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
mjnagel
pushed a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
🤖 I have created a release *beep* *boop* --- ## [0.41.0](defenseunicorns/uds-core@v0.40.1...v0.41.0) (2025-04-28) ### Features * add conditional netpol for coredns ([defenseunicorns#1501](defenseunicorns#1501)) ([fc7ace3](defenseunicorns@fc7ace3)) * client credential registration default ([defenseunicorns#1482](defenseunicorns#1482)) ([894c5d9](defenseunicorns@894c5d9)) * keycloak fips mode ([defenseunicorns#1469](defenseunicorns#1469)) ([74e632e](defenseunicorns@74e632e)) * operator ambient mode ([defenseunicorns#1496](defenseunicorns#1496)) ([71f03fd](defenseunicorns@71f03fd)) * opt Grafana into ambient ([defenseunicorns#1466](defenseunicorns#1466)) ([dac2d3e](defenseunicorns@dac2d3e)) * opt logging into ambient ([defenseunicorns#1472](defenseunicorns#1472)) ([117d586](defenseunicorns@117d586)) * opt metrics-server into ambient ([defenseunicorns#1458](defenseunicorns#1458)) ([01c2ec6](defenseunicorns@01c2ec6)) * opt velero into ambient ([defenseunicorns#1490](defenseunicorns#1490)) ([a0591c7](defenseunicorns@a0591c7)) ### Bug Fixes * **ci:** permissions on release workflow ([defenseunicorns#1507](defenseunicorns#1507)) ([cb12f13](defenseunicorns@cb12f13)) * **ci:** renovate readiness version loop fix ([defenseunicorns#1488](defenseunicorns#1488)) ([a40c15b](defenseunicorns@a40c15b)) * update loki images to fips images ([defenseunicorns#1502](defenseunicorns#1502)) ([eb20b4e](defenseunicorns@eb20b4e)) ### Miscellaneous * **ci:** automated renovate readiness action checks ([defenseunicorns#1465](defenseunicorns#1465)) ([ed0ca6b](defenseunicorns@ed0ca6b)) * **ci:** switch eks CI to FIPS ami, update to 1.31 k8s testing ([defenseunicorns#1474](defenseunicorns#1474)) ([7307d03](defenseunicorns@7307d03)) * **deps:** update grafana ([defenseunicorns#1489](defenseunicorns#1489)) ([0c063f1](defenseunicorns@0c063f1)) * **deps:** update istio to v1.25.2 ([defenseunicorns#1461](defenseunicorns#1461)) ([1067560](defenseunicorns@1067560)) * **deps:** update istio to v1.3.0 ([defenseunicorns#1491](defenseunicorns#1491)) ([9066584](defenseunicorns@9066584)) * **deps:** update keycloak to v0.13.0 ([defenseunicorns#1506](defenseunicorns#1506)) ([04d42ef](defenseunicorns@04d42ef)) * **deps:** update keycloak to v26.2.0 ([defenseunicorns#1452](defenseunicorns#1452)) ([927a57b](defenseunicorns@927a57b)) * **deps:** update keycloak to v26.2.1 ([defenseunicorns#1486](defenseunicorns#1486)) ([d68cad8](defenseunicorns@d68cad8)) * **deps:** update loki ([defenseunicorns#1483](defenseunicorns#1483)) ([3a697df](defenseunicorns@3a697df)) * **deps:** update neuvector ([defenseunicorns#1417](defenseunicorns#1417)) ([4c0d95d](defenseunicorns@4c0d95d)) * **deps:** update pepr ([defenseunicorns#1454](defenseunicorns#1454)) ([a98640f](defenseunicorns@a98640f)) * **deps:** update support dependencies to v4.7.0 ([defenseunicorns#1477](defenseunicorns#1477)) ([dcee0a3](defenseunicorns@dcee0a3)) * **deps:** update support-deps ([defenseunicorns#1473](defenseunicorns#1473)) ([3d9d501](defenseunicorns@3d9d501)) * **deps:** update support-deps ([defenseunicorns#1480](defenseunicorns#1480)) ([c41f359](defenseunicorns@c41f359)) * **deps:** update support-deps ([defenseunicorns#1481](defenseunicorns#1481)) ([cc2af2b](defenseunicorns@cc2af2b)) * **deps:** update support-deps ([defenseunicorns#1487](defenseunicorns#1487)) ([cdcba75](defenseunicorns@cdcba75)) * **deps:** update support-deps ([defenseunicorns#1493](defenseunicorns#1493)) ([88cbf29](defenseunicorns@88cbf29)) * **deps:** update support-deps ([defenseunicorns#1497](defenseunicorns#1497)) ([f308176](defenseunicorns@f308176)) * **deps:** update velero ([defenseunicorns#1453](defenseunicorns#1453)) ([7330ea9](defenseunicorns@7330ea9)) * **deps:** update velero ([defenseunicorns#1492](defenseunicorns#1492)) ([ff504c0](defenseunicorns@ff504c0)) * **deps:** update velero to v1.32.4 ([defenseunicorns#1484](defenseunicorns#1484)) ([06709e8](defenseunicorns@06709e8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR focuses on IAC changes for nightly/weekly CI:
--skip-sbomarg to the package creation for IAC testing (more speed gains)Related Issue
N/A - testing gap identified by recent issues.
Type of change
Steps to Validate
CI should fully validate changes.
Checklist before merging