diff --git a/.github/workflows/cache-warmup.yaml b/.github/workflows/cache-warmup.yaml
index 81b12a8..6215b8e 100644
--- a/.github/workflows/cache-warmup.yaml
+++ b/.github/workflows/cache-warmup.yaml
@@ -43,3 +43,15 @@ jobs:
if: ${{ steps.asdf-cache.outputs.cache-hit != 'true' }}
with:
asdf_version: ${{ env.ASDF_VERSION }}
+
+ - name: Cache pre-commit
+ uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+ with:
+ path: ~/.cache/pre-commit
+ key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-warmup
+ restore-keys: ${{ runner.os }}-pre-commit-
+
+ - name: Run pre-commit
+ run: pre-commit install --install-hooks
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index 5b943af..8035265 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -55,6 +55,13 @@ jobs:
shell: bash
run: asdf reshim
+ - name: Cache pre-commit
+ uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+ with:
+ path: ~/.cache/pre-commit
+ key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+ restore-keys: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-
+
- name: Run pre-commit
run: pre-commit run --show-diff-on-failure --color=always --all-files
env:
diff --git a/.github/workflows/template-sync.yaml b/.github/workflows/template-sync.yaml
index 83736f7..4aa77b3 100644
--- a/.github/workflows/template-sync.yaml
+++ b/.github/workflows/template-sync.yaml
@@ -36,7 +36,7 @@ jobs:
persist-credentials: false
- name: Sync universal-addon template
- uses: AndreasAugustin/actions-template-sync@bcb94410a4f1dffdfe5eaabc8234c3b8e76ebc5b # v2.5.1
+ uses: AndreasAugustin/actions-template-sync@8ec19a5f2721ffb81ff809aa340ddf75e6a85ea6 # v2.5.2
with:
source_gh_token: ${{ steps.template-sync-app-token.outputs.token }}
source_repo_path: lablabs/terraform-aws-eks-universal-addon
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index 6062040..bb76f41 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -23,7 +23,7 @@ jobs:
- name: Extract Terraform min/max versions
id: terraform-min-max
- uses: clowdhaus/terraform-min-max@503e88c41953f537fc2b283a310c85e0a2cd585c # v1.4.0
+ uses: clowdhaus/terraform-min-max@04440fe3b2a1e64eb5ad115f8f7c57c4d6a54333 # v1.4.1
with:
directory: .
outputs:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c65c956..84badc1 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -13,7 +13,7 @@ repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
# renovate: datasource=github-releases depName=antonbabenko/pre-commit-terraform
- rev: 2f8bda194a420ad77a050a9de627d77a74841fdc # v1.99.4 # pragma: allowlist secret
+ rev: c0f51014b8ec51c4455a7dac40697be15e285668 # v1.99.5 # pragma: allowlist secret
hooks:
- id: terraform_validate
- id: terraform_fmt
@@ -40,7 +40,7 @@ repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
# renovate: datasource=github-releases depName=antonbabenko/pre-commit-terraform
- rev: 2f8bda194a420ad77a050a9de627d77a74841fdc # v1.99.4 # pragma: allowlist secret
+ rev: c0f51014b8ec51c4455a7dac40697be15e285668 # v1.99.5 # pragma: allowlist secret
hooks:
- id: terraform_docs # should be run after luactl sync
args:
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index d45d422..1868ba4 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -4,6 +4,7 @@ header-from: main.tf
footer-from: docs/.footer.md
content: |-
+ {{ include "docs/.intro.md" }}
{{ .Header }}
{{ include "docs/.addon.md" }}
{{ .Requirements }}
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 835b76c..15b1c75 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -3,7 +3,7 @@
provider "registry.terraform.io/cloudposse/utils" {
version = "1.30.0"
- constraints = "~> 1.0"
+ constraints = ">= 1.0.0, ~> 1.0"
hashes = [
"h1:KmKu9rXFQIAvaXbwKYLR4QSUm5UBoh0wpftRKkG34Co=",
"h1:be9bmaq5PJ1US+WtgVjhdUPU0eiWhQNYAIb81EI+/Dw=",
@@ -27,7 +27,7 @@ provider "registry.terraform.io/cloudposse/utils" {
provider "registry.terraform.io/hashicorp/aws" {
version = "5.100.0"
- constraints = "~> 5.0"
+ constraints = ">= 5.0.0, ~> 5.0"
hashes = [
"h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=",
"h1:edXOJWE4ORX8Fm+dpVpICzMZJat4AX0VRCAy/xkcOc0=",
@@ -52,7 +52,7 @@ provider "registry.terraform.io/hashicorp/aws" {
provider "registry.terraform.io/hashicorp/helm" {
version = "2.17.0"
- constraints = "~> 2.6"
+ constraints = ">= 2.6.0, ~> 2.6"
hashes = [
"h1:0LSHBFqJvHTzQesUwagpDLsrzVliY+t2c26nDJizHFM=",
"h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=",
@@ -74,7 +74,7 @@ provider "registry.terraform.io/hashicorp/helm" {
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.37.1"
- constraints = "~> 2.20"
+ constraints = ">= 2.20.0, ~> 2.20"
hashes = [
"h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=",
"h1:qo9Ue/rIEnvxOpiK9qizwRFV7rvb5gCziKVytIcZHyk=",
diff --git a/.tool-versions b/.tool-versions
index d8745b0..dfe1393 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,6 +1,6 @@
terraform 1.5.7
terraform-docs 0.20.0
tflint 0.50.3
-checkov 3.2.447
-awscli 2.27.49
+checkov 3.2.457
+awscli 2.27.62
pre-commit 4.2.0
diff --git a/README.md b/README.md
index e5c5f6e..12ecb17 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,12 @@
+[
](https://lablabs.io/)
+
+**About us:**
+[Labyrinth Labs](https://lablabs.io/) is a one-stop-shop for **DevOps, Cloud & Kubernetes**! We specialize in creating **powerful**, **scalable** and **cloud-native platforms** tailored to elevate your business.
+
+[As a team of experienced DevOps engineers](https://lablabs.io/about/), we know how to help our customers start their journey in the cloud, address the issues they have in their current setups and provide a **strategic solution to transform their infrastructure**.
+
+----
# AWS EKS ArgoCD Terraform module
A Terraform module to deploy the https://argo-cd.readthedocs.io/en/stable on Amazon EKS cluster.
@@ -8,29 +16,27 @@ A Terraform module to deploy the https://argo-cd.readthedocs.io/en/stable on Ama
---
-## Related Projects
-
-Check out other [Terraform Kubernetes addons](https://github.com/orgs/lablabs/repositories?q=terraform-aws-eks&type=public&language=&sort=).
-
-[
](https://lablabs.io/)
+## Supported Terraform provider versions
-We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at .
+While we are not setting upper bound on the Terraform providers used by the addon we are testing its functionality only against versions specified in the [`.terraform.lock.hcl`](.terraform.lock.hcl) file.
## Deployment methods
### Helm
+
Deploy Helm chart via Helm resource (default method, set `enabled = true`)
### Argo Kubernetes
+
Deploy Helm chart as ArgoCD Application via Kubernetes manifest resource (set `enabled = true` and `argo_enabled = true`)
-> **Warning**
->
+> [!WARNING]
> When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.
>
> To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the `argo_helm_enabled` variable to `true`.
### Argo Helm
+
Deploy Helm chart as ArgoCD Application via Helm resource (set `enabled = true`, `argo_enabled = true` and `argo_helm_enabled = true`)
## Examples
@@ -40,18 +46,18 @@ See [basic example](examples/basic) for further information.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | ~> 1.5 |
-| [aws](#requirement\_aws) | ~> 5 |
-| [helm](#requirement\_helm) | ~> 2.6 |
-| [kubernetes](#requirement\_kubernetes) | ~> 2.20 |
-| [utils](#requirement\_utils) | ~> 1 |
+| [terraform](#requirement\_terraform) | >= 1.5 |
+| [aws](#requirement\_aws) | >= 5 |
+| [helm](#requirement\_helm) | >= 2.6 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.20 |
+| [utils](#requirement\_utils) | >= 1 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [addon](#module\_addon) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.23 |
-| [addon-irsa](#module\_addon-irsa) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa | v0.0.23 |
+| [addon](#module\_addon) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon | v0.0.24 |
+| [addon-irsa](#module\_addon-irsa) | git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa | v0.0.24 |
## Resources
| Name | Type |
@@ -81,7 +87,7 @@ See [basic example](examples/basic) for further information.
| [argo\_helm\_enabled](#input\_argo\_helm\_enabled) | If set to `true`, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See README for more info. Defaults to `false`. | `bool` |
| [argo\_helm\_values](#input\_argo\_helm\_values) | Value overrides to use when deploying ArgoCD Application object with Helm. Defaults to `""`. | `string` |
| [argo\_helm\_wait\_backoff\_limit](#input\_argo\_helm\_wait\_backoff\_limit) | Backoff limit for ArgoCD Application Helm release wait job. Defaults to `6`. | `number` |
-| [argo\_helm\_wait\_kubectl\_version](#input\_argo\_helm\_wait\_kubectl\_version) | Version of kubectl to use for ArgoCD Application wait job. Defaults to `1.33.2`. | `string` |
+| [argo\_helm\_wait\_kubectl\_version](#input\_argo\_helm\_wait\_kubectl\_version) | Version of kubectl to use for ArgoCD Application wait job. Defaults to `1.33.3`. | `string` |
| [argo\_helm\_wait\_node\_selector](#input\_argo\_helm\_wait\_node\_selector) | Node selector for ArgoCD Application Helm release wait job. Defaults to `{}`. | `map(string)` |
| [argo\_helm\_wait\_timeout](#input\_argo\_helm\_wait\_timeout) | Timeout for ArgoCD Application Helm release wait job. Defaults to `10m`. | `string` |
| [argo\_helm\_wait\_tolerations](#input\_argo\_helm\_wait\_tolerations) | Tolerations for ArgoCD Application Helm release wait job. Defaults to `[]`. | `list(any)` |
@@ -218,20 +224,22 @@ details.
See [LICENSE](LICENSE) for full details.
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
+```plan
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+```
diff --git a/addon-irsa.tf b/addon-irsa.tf
index cadaec7..1dea7d9 100644
--- a/addon-irsa.tf
+++ b/addon-irsa.tf
@@ -2,7 +2,7 @@
module "addon-irsa" {
for_each = local.addon_irsa
- source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa?ref=v0.0.23"
+ source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon-irsa?ref=v0.0.24"
enabled = var.enabled
diff --git a/addon.tf b/addon.tf
index 01c99d2..a490ea6 100644
--- a/addon.tf
+++ b/addon.tf
@@ -11,7 +11,7 @@ locals {
}
module "addon" {
- source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon?ref=v0.0.23"
+ source = "git::https://github.com/lablabs/terraform-aws-eks-universal-addon.git//modules/addon?ref=v0.0.24"
enabled = var.enabled
diff --git a/docs/.addon.md b/docs/.addon.md
index 156c110..478e636 100644
--- a/docs/.addon.md
+++ b/docs/.addon.md
@@ -1,29 +1,27 @@
---
-## Related Projects
+## Supported Terraform provider versions
-Check out other [Terraform Kubernetes addons](https://github.com/orgs/lablabs/repositories?q=terraform-aws-eks&type=public&language=&sort=).
-
-[](https://lablabs.io/)
-
-We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at .
+While we are not setting upper bound on the Terraform providers used by the addon we are testing its functionality only against versions specified in the [`.terraform.lock.hcl`](.terraform.lock.hcl) file.
## Deployment methods
### Helm
+
Deploy Helm chart via Helm resource (default method, set `enabled = true`)
### Argo Kubernetes
+
Deploy Helm chart as ArgoCD Application via Kubernetes manifest resource (set `enabled = true` and `argo_enabled = true`)
-> **Warning**
->
+> [!WARNING]
> When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.
>
> To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the `argo_helm_enabled` variable to `true`.
### Argo Helm
+
Deploy Helm chart as ArgoCD Application via Helm resource (set `enabled = true`, `argo_enabled = true` and `argo_helm_enabled = true`)
## Examples
diff --git a/docs/.footer.md b/docs/.footer.md
index 971db04..cafb431 100644
--- a/docs/.footer.md
+++ b/docs/.footer.md
@@ -19,19 +19,21 @@ details.
See [LICENSE](LICENSE) for full details.
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
+```plan
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+```
diff --git a/docs/.intro.md b/docs/.intro.md
new file mode 100644
index 0000000..8107b9f
--- /dev/null
+++ b/docs/.intro.md
@@ -0,0 +1,8 @@
+[](https://lablabs.io/)
+
+**About us:**
+[Labyrinth Labs](https://lablabs.io/) is a one-stop-shop for **DevOps, Cloud & Kubernetes**! We specialize in creating **powerful**, **scalable** and **cloud-native platforms** tailored to elevate your business.
+
+[As a team of experienced DevOps engineers](https://lablabs.io/about/), we know how to help our customers start their journey in the cloud, address the issues they have in their current setups and provide a **strategic solution to transform their infrastructure**.
+
+----
diff --git a/examples/basic/.terraform.lock.hcl b/examples/basic/.terraform.lock.hcl
index 9a4f256..b265a45 100644
--- a/examples/basic/.terraform.lock.hcl
+++ b/examples/basic/.terraform.lock.hcl
@@ -3,7 +3,7 @@
provider "registry.terraform.io/cloudposse/utils" {
version = "1.30.0"
- constraints = "~> 1.0"
+ constraints = ">= 1.0.0"
hashes = [
"h1:KmKu9rXFQIAvaXbwKYLR4QSUm5UBoh0wpftRKkG34Co=",
"h1:be9bmaq5PJ1US+WtgVjhdUPU0eiWhQNYAIb81EI+/Dw=",
@@ -27,7 +27,7 @@ provider "registry.terraform.io/cloudposse/utils" {
provider "registry.terraform.io/hashicorp/aws" {
version = "5.100.0"
- constraints = ">= 3.0.0, ~> 5.0, >= 5.8.0, >= 5.74.0, >= 5.79.0"
+ constraints = ">= 3.0.0, >= 5.0.0, >= 5.8.0, >= 5.74.0, >= 5.79.0"
hashes = [
"h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=",
"h1:edXOJWE4ORX8Fm+dpVpICzMZJat4AX0VRCAy/xkcOc0=",
@@ -52,7 +52,7 @@ provider "registry.terraform.io/hashicorp/aws" {
provider "registry.terraform.io/hashicorp/helm" {
version = "2.17.0"
- constraints = "~> 2.6"
+ constraints = ">= 2.6.0"
hashes = [
"h1:0LSHBFqJvHTzQesUwagpDLsrzVliY+t2c26nDJizHFM=",
"h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=",
@@ -74,7 +74,7 @@ provider "registry.terraform.io/hashicorp/helm" {
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.37.1"
- constraints = "~> 2.20"
+ constraints = ">= 2.20.0"
hashes = [
"h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=",
"h1:qo9Ue/rIEnvxOpiK9qizwRFV7rvb5gCziKVytIcZHyk=",
diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf
index ea124b0..f77a76d 100644
--- a/examples/basic/versions.tf
+++ b/examples/basic/versions.tf
@@ -1,18 +1,18 @@
terraform {
- required_version = "~> 1.5"
+ required_version = ">= 1.5"
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 5"
+ version = ">= 5"
}
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = ">= 2.20"
}
helm = {
source = "hashicorp/helm"
- version = "~> 2.6"
+ version = ">= 2.6"
}
}
}
diff --git a/variables-addon.tf b/variables-addon.tf
index 59d03c2..b14592b 100644
--- a/variables-addon.tf
+++ b/variables-addon.tf
@@ -105,7 +105,7 @@ variable "argo_helm_wait_backoff_limit" {
variable "argo_helm_wait_kubectl_version" {
type = string
default = null
- description = "Version of kubectl to use for ArgoCD Application wait job. Defaults to `1.33.2`."
+ description = "Version of kubectl to use for ArgoCD Application wait job. Defaults to `1.33.3`."
}
variable "argo_source_type" {
diff --git a/versions.tf b/versions.tf
index 9aa47c3..abfd60c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,23 +1,23 @@
# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" module. Any changes to this file might be overwritten upon the next release of that module.
terraform {
- required_version = "~> 1.5"
+ required_version = ">= 1.5"
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 5"
+ version = ">= 5"
}
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = ">= 2.20"
}
helm = {
source = "hashicorp/helm"
- version = "~> 2.6"
+ version = ">= 2.6"
}
utils = {
source = "cloudposse/utils"
- version = "~> 1"
+ version = ">= 1"
}
}
}