Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merging the pull request from upstream #1

Merged
merged 25 commits into from
Jul 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
17bcf72
chore: Update PR template to reflect blueprints v5 changes (#1641)
askulkarni2 Jun 7, 2023
a7ec605
fix: Correct `teams` patterns use of multi-team namespace creation (#…
sylwit Jun 8, 2023
8a11a5a
chore: Apply security best practices to GitHub actions (#1660)
step-security-bot Jun 22, 2023
12d9d29
chore(deps): Bump ossf/scorecard-action from 2.0.6 to 2.1.3 (#1662)
dependabot[bot] Jun 22, 2023
d6ae771
chore(deps): Bump actions/setup-python from 3 to 4 (#1661)
dependabot[bot] Jun 22, 2023
4ac05ae
chore(deps): Bump aws-actions/configure-aws-credentials from 1.pre.no…
dependabot[bot] Jun 22, 2023
af16730
chore(deps): Bump actions/dependency-review-action from 2.5.1 to 3.0.…
dependabot[bot] Jun 22, 2023
cf810e9
chore(deps): Bump clowdhaus/terraform-composite-actions from 1.8.0 to…
dependabot[bot] Jun 22, 2023
66fdd04
chore(deps): Bump amannn/action-semantic-pull-request from 5.0.2 to 5…
dependabot[bot] Jun 23, 2023
e7e4f6f
chore(deps): Bump clowdhaus/terraform-min-max from 1.2.0 to 1.2.6 (#1…
dependabot[bot] Jun 23, 2023
d62559b
chore(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1668)
dependabot[bot] Jun 26, 2023
a3138bd
chore(deps): Bump github/codeql-action from 2.20.1 to 2.20.2 (#1674)
dependabot[bot] Jul 3, 2023
7c96656
fix: Remove broken link in fargate-serverless README (#1679)
askulkarni2 Jul 6, 2023
164bb84
chore(deps): Bump github/codeql-action from 2.20.2 to 2.20.3 (#1680)
dependabot[bot] Jul 7, 2023
4d3ab8a
chore(deps): Bump github/codeql-action from 2.20.3 to 2.20.4 (#1690)
dependabot[bot] Jul 17, 2023
b9e8476
fix: Remove cluster security group from EniConfig for Custom Networki…
code-eg Jul 20, 2023
9673254
chore(deps): Bump github/codeql-action from 2.20.4 to 2.21.0 (#1693)
dependabot[bot] Jul 20, 2023
45430f6
chore(deps): Bump clowdhaus/terraform-min-max from 1.2.6 to 1.2.7 (#1…
dependabot[bot] Jul 24, 2023
26c8624
fix: Modify Fargate serverless example to wait for Fargate profiles t…
yukkes Jul 24, 2023
3cc4678
feat: Adding Istio example for EKS blueprint (#1695)
praseedasathaye Jul 24, 2023
c01ea01
fix: Update doc publish workflow permissions (#1698)
bryantbiggs Jul 24, 2023
e84505e
feat: Add example for Private EKS cluster endpoint access thru AWS Pr…
vchintal Jul 25, 2023
087463a
chore(deps): Bump github/codeql-action from 2.21.0 to 2.21.1 (#1703)
dependabot[bot] Jul 27, 2023
8824d86
fix: Correct doc name for privatelink example (#1704)
bryantbiggs Jul 27, 2023
310aa57
chore: Clean up of the README (#1705)
vchintal Jul 27, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 6 additions & 16 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,33 +1,23 @@
## :bangbang: PLEASE READ THIS FIRST :bangbang:

The direction for EKS Blueprints will soon shift from providing an all-encompassing, monolithic "framework" and instead focus more on how users can organize a set of modular components to create the desired solution on Amazon EKS. We have updated the [examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples) to show how we use the https://github.com/terraform-aws-modules/terraform-aws-eks for EKS cluster and node group creation. We will not be accepting any PRs that apply to EKS cluster or node group creation process. Any such PR may be closed by the maintainers.

We are hitting also the pause button on new add-on creations at this time until a future roadmap for add-ons is finalized. Please do not submit new add-on PRs. Any such PR may be closed by the maintainers.

Please track progress, learn what's new and how the migration path would look like to upgrade your current Terraform deployments. We welcome the EKS Blueprints community to continue the discussion in issue https://github.com/aws-ia/terraform-aws-eks-blueprints/issues/1421

### What does this PR do?
# Description

<!--
🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the [CONTRIBUTING](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/CONTRIBUTING.md#contributing-via-pull-requests) guide for submitting pull-requests.

<!-- A brief description of the change being made with this pull request. -->
A brief description of the change being made with this pull request.
-->

### Motivation
### Motivation and Context

<!-- What inspired you to submit this pull request? -->
- Resolves #<issue-number>

### More
### How was this change tested?

- [ ] Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
- [ ] Yes, I have updated the [docs](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/docs) for this feature
- [ ] Yes, I ran `pre-commit run -a` with this PR

### For Moderators

- [ ] E2E Test successfully complete before merge?

### Additional Notes

<!-- Anything else we should know when reviewing? -->
6 changes: 6 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
27 changes: 27 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Dependency Review'
uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6
10 changes: 9 additions & 1 deletion .github/workflows/e2e-parallel-destroy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ on:

concurrency: e2e-parallel-destroy

permissions:
contents: read

jobs:
deploy:
name: Run e2e test
Expand All @@ -34,6 +37,11 @@ jobs:
- example_path: examples/vpc-cni-custom-networking

steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

Expand All @@ -42,7 +50,7 @@ jobs:
run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf

- name: Auth AWS
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2.2.0
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-west-2
Expand Down
24 changes: 21 additions & 3 deletions .github/workflows/e2e-parallel-full.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ env:
IAMLIVE_VERSION: v0.48.0
BUCKET_NAME: terraform-eks-blueprints-iam-policies-examples

permissions:
contents: read

jobs:
prereq-cleanup:
name: Prerequisite Cleanup
Expand All @@ -23,11 +26,16 @@ jobs:
id-token: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

- name: Auth AWS
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@v2.2.0
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-west-2
Expand Down Expand Up @@ -62,6 +70,11 @@ jobs:
- example_path: examples/stateful
- example_path: examples/vpc-cni-custom-networking
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

Expand All @@ -70,7 +83,7 @@ jobs:
run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf

- name: Auth AWS
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2.2.0
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-west-2
Expand Down Expand Up @@ -147,11 +160,16 @@ jobs:
runs-on: ubuntu-latest
steps:
# Be careful not to change this to explicit checkout from PR ref/code, as below we run a python code that may change from the PR code.
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2.2.0
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
aws-region: us-west-2
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/markdown-link-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,18 @@ on:
paths:
- "**/*.md"

permissions:
contents: read

jobs:
markdown-link-check:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
Expand Down
15 changes: 14 additions & 1 deletion .github/workflows/plan-examples.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true

permissions:
contents: read

jobs:
getExampleDirectories:
name: Get example directories
Expand All @@ -23,6 +26,11 @@ jobs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
# Be careful not to change this to explicit checkout from PR ref/code, as below we run a python code that may change from the PR code.
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

Expand All @@ -49,6 +57,11 @@ jobs:
directory: ${{ fromJson(needs.getExampleDirectories.outputs.directories) }}

steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Remove default Terraform
run: rm -rf $(which terraform)

Expand All @@ -75,7 +88,7 @@ jobs:
- '*.tf'

- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v2.2.0
if: steps.changes.outputs.src== 'true'
with:
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
Expand Down
13 changes: 12 additions & 1 deletion .github/workflows/pr-title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,23 @@ on:
- edited
- synchronize

permissions:
contents: read

jobs:
main:
permissions:
pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs
statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5.0.2
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- uses: amannn/action-semantic-pull-request@v5.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
21 changes: 18 additions & 3 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,17 @@ jobs:
outputs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@v3

- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/directories@v1.8.0
uses: clowdhaus/terraform-composite-actions/directories@v1.8.3

preCommitMinVersions:
name: Min TF pre-commit
Expand All @@ -41,6 +46,11 @@ jobs:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Remove default Terraform
run: rm -rf $(which terraform)

Expand Down Expand Up @@ -70,7 +80,7 @@ jobs:
restore-keys: ${{ runner.os }}-terraform-

- name: Terraform min/max versions
uses: clowdhaus/terraform-min-max@v1.2.0
uses: clowdhaus/terraform-min-max@v1.2.7
if: steps.changes.outputs.src== 'true'
id: minMax
with:
Expand Down Expand Up @@ -99,6 +109,11 @@ jobs:
runs-on: ubuntu-latest
needs: collectInputs
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Remove default Terraform
run: rm -rf $(which terraform)

Expand Down Expand Up @@ -130,7 +145,7 @@ jobs:

- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.2.0
uses: clowdhaus/terraform-min-max@v1.2.7
if: steps.changes.outputs.src== 'true'

- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
Expand Down
22 changes: 12 additions & 10 deletions .github/workflows/publish-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,38 +3,40 @@ on:
push:
branches:
- main
paths:
- 'docs/**'
- mkdocs.yml
- README.md
- '.github/workflows/publish-docs.yml'
release:
types:
- published

env:
PYTHON_VERSION: 3.x

permissions:
contents: read

jobs:
build:
name: Deploy docs
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout main
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v3
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install mike==1.1.2 \
mkdocs-material==9.1.4 \
mkdocs-material==9.1.19 \
mkdocs-include-markdown-plugin==4.0.4 \
mkdocs-awesome-pages-plugin==2.9.1

Expand Down
Loading