fix: fix bug in autoscaler

bendehaan · bendehaan · commit 8b6d9dda14d9 · 2023-03-10T12:48:50.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,9 @@
 # Terraform
 kubeconfig_wrongsecrets-exercise-cluster
 .terraform
-.terraform.lock.hcl
-.terraform*
+.terraform
 terraform.tfstate*
+.terraform.tfstate*
 aws/terraform.tfstate.*
 aws/terraform.tfstate.backup
 aws/.terraform.tfstate.lock.info
diff --git a/aws/.terraform.lock.hcl b/aws/.terraform.lock.hcl
diff --git a/aws/README.md b/aws/README.md
@@ -135,18 +135,18 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.1 |
-| <a name="provider_http"></a> [http](#provider\_http) | ~> 3.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.58.0 |
+| <a name="provider_http"></a> [http](#provider\_http) | 3.2.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cluster_autoscaler_irsa_role"></a> [cluster\_autoscaler\_irsa\_role](#module\_cluster\_autoscaler\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
-| <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
-| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.7.0 |
-| <a name="module_load_balancer_controller_irsa_role"></a> [load\_balancer\_controller\_irsa\_role](#module\_load\_balancer\_controller\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
+| <a name="module_cluster_autoscaler_irsa_role"></a> [cluster\_autoscaler\_irsa\_role](#module\_cluster\_autoscaler\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.11.2 |
+| <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.11.2 |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.10.0 |
+| <a name="module_load_balancer_controller_irsa_role"></a> [load\_balancer\_controller\_irsa\_role](#module\_load\_balancer\_controller\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.11.2 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.19.0 |
 
 ## Resources
diff --git a/aws/build-an-deploy-aws.sh b/aws/build-an-deploy-aws.sh
@@ -43,11 +43,13 @@ CLUSTERNAME="$(terraform output -raw cluster_name)"
 STATE_BUCKET="$(terraform output -raw state_bucket_name)"
 IRSA_ROLE_ARN="$(terraform output -raw irsa_role_arn)"
 EBS_ROLE_ARN="$(terraform output -raw ebs_role_arn)"
+CLUSTER_AUTOSCALER_ROLE_ARN="$(terraform output -raw cluster_autoscaler_role_arn)"
 
 echo "CLUSTERNAME=${CLUSTERNAME}"
 echo "STATE_BUCKET=${STATE_BUCKET}"
 echo "IRSA_ROLE_ARN=${IRSA_ROLE_ARN}"
 echo "EBS_ROLE_ARN=${EBS_ROLE_ARN}"
+echo "CLUSTER_AUTOSCALER_ROLE_ARN=${CLUSTER_AUTOSCALER_ROLE_ARN}"
 
 version="$(uuidgen)"
 
@@ -86,8 +88,8 @@ kubectl apply -f cluster-autoscaler-autodiscover.yaml
 
 echo "annotating service account for cluster-autoscaler"
 kubectl annotate serviceaccount cluster-autoscaler \
-  -n kube-system \
-  eks.amazonaws.com/role-arn=${CLUSTER_AUTOSCALER}
+  -n kube-system --overwrite \
+  eks.amazonaws.com/role-arn=${CLUSTER_AUTOSCALER_ROLE_ARN}
 
 kubectl patch deployment cluster-autoscaler \
   -n kube-system \
diff --git a/aws/cleanup-aws-autoscaling-and-helm.sh b/aws/cleanup-aws-autoscaling-and-helm.sh
@@ -24,7 +24,7 @@ fi
 ACCOUNT_ID=$(aws sts get-caller-identity | jq '.Account' -r)
 echo "ACCOUNT_ID=${ACCOUNT_ID}"
 
-kubectl delete -f k8s/wrongsecrets-balancer-ingress.yaml
+kubectl delete -f k8s/wrongsecrets-balancer-ingress.yml
 kubectl delete -f k8s/ctfd-ingress.yaml
 
 sleep 5 # Give the controller some time to catch the ingress change
diff --git a/aws/main.tf b/aws/main.tf
@@ -3,7 +3,7 @@ terraform {
   # Then uncomment and apply!
   backend "s3" {
     region = "eu-west-1"                            # Change if desired
-    bucket = "terraform-20230105182940038600000001" # Put your bucket name here
+    bucket = "terraform-20230310093750024400000001" # Put your bucket name here
     key    = "wrongsecrets/terraform.tfstate"       # Change if desired
   }
 }
@@ -62,7 +62,7 @@ module "vpc" {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "19.7.0"
+  version = "19.10.0"
 
   cluster_name    = var.cluster_name
   cluster_version = var.cluster_version
@@ -141,7 +141,7 @@ module "eks" {
 # Cluster Autoscaler IRSA
 module "cluster_autoscaler_irsa_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.9.0"
+  version = "~> 5.11.2"
 
 
   role_name                        = "wrongsecrets-cluster-autoscaler"
@@ -158,7 +158,7 @@ module "cluster_autoscaler_irsa_role" {
 
 module "ebs_csi_irsa_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.9.0"
+  version = "~> 5.11.2"
 
   role_name             = "wrongsecrets-ebs-csi"
   attach_ebs_csi_policy = true
@@ -173,7 +173,7 @@ module "ebs_csi_irsa_role" {
 
 module "load_balancer_controller_irsa_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.9.0"
+  version = "~> 5.11.2"
 
   role_name                              = "wrongsecrets-load-balancer-controller"
   attach_load_balancer_controller_policy = true
diff --git a/aws/outputs.tf b/aws/outputs.tf
@@ -44,6 +44,16 @@ output "ebs_role_arn" {
   value       = module.ebs_csi_irsa_role.iam_role_arn
 }
 
+output "cluster_autoscaler_role" {
+  description = "Cluster autoscaler role"
+  value       = module.cluster_autoscaler_irsa_role.iam_role_name
+}
+
+output "cluster_autoscaler_role_arn" {
+  description = "Cluster autoscaler role arn"
+  value       = module.cluster_autoscaler_irsa_role.iam_role_arn
+}
+
 output "state_bucket_name" {
   description = "Terraform s3 state bucket name"
   value       = split(":", var.state_bucket_arn)[length(split(":", var.state_bucket_arn)) - 1]
diff --git a/aws/shared-state/.terraform.lock.hcl b/aws/shared-state/.terraform.lock.hcl
diff --git a/aws/shared-state/README.md b/aws/shared-state/README.md
@@ -13,7 +13,7 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.57.0 |
 
 ## Modules
 
diff --git a/aws/terraform.tfvars b/aws/terraform.tfvars
@@ -1,3 +1,2 @@
-cluster_version = "1.23"
-region          = "eu-west-1"
+region = "eu-west-1"
 # state_bucket_arn = "..."
diff --git a/helm/wrongsecrets-ctf-party/templates/_helpers.tpl b/helm/wrongsecrets-ctf-party/templates/_helpers.tpl
@@ -40,7 +40,9 @@ helm.sh/chart: {{ include "wrongsecrets-ctf-party.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/managed-by: Helm
+meta.helm.sh/release-name: {{ .Release.Name }}
+meta.helm.sh/release-namespace: {{ .Release.Namespace }}
 {{- end -}}
 
 {{/*
