Release/v0.37.0

README.md

@@ -48,7 +48,7 @@ No requirements.
 | <a name="module_captain_repository_files"></a> [captain\_repository\_files](#module\_captain\_repository\_files) | ./modules/github-captain-repository-files/0.1.0 | n/a |
 | <a name="module_common_s3"></a> [common\_s3](#module\_common\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
 | <a name="module_dnssec_key"></a> [dnssec\_key](#module\_dnssec\_key) | git::https://github.com/GlueOps/terraform-module-cloud-aws-dnssec-kms-key.git | v0.1.0 |
-| <a name="module_glueops_platform_helm_values"></a> [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.35.1 |
+| <a name="module_glueops_platform_helm_values"></a> [glueops\_platform\_helm\_values](#module\_glueops\_platform\_helm\_values) | git::https://github.com/GlueOps/platform-helm-chart-platform.git | v0.37.0 |
 | <a name="module_loki_s3"></a> [loki\_s3](#module\_loki\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
 | <a name="module_opsgenie_teams"></a> [opsgenie\_teams](#module\_opsgenie\_teams) | ./modules/opsgenie/0.1.0 | n/a |
 | <a name="module_tenant_readmes"></a> [tenant\_readmes](#module\_tenant\_readmes) | ./modules/tenant-readme/0.1.0 | n/a |

captain-repo.tf

@@ -40,7 +40,7 @@ EOT
 
     "terraform/vault/configuration/main.tf" = <<EOT
 module "configure_vault_cluster" {
-    source = "git::https://github.com/GlueOps/terraform-module-kubernetes-hashicorp-vault-configuration.git?ref=v0.6.0"
+    source = "git::https://github.com/GlueOps/terraform-module-kubernetes-hashicorp-vault-configuration.git?ref=v0.7.0"
     oidc_client_secret = "${random_password.dex_vault_client_secret[each.key].result}"
     captain_domain = "${each.value.environment_name}.${aws_route53_zone.main.name}"
     org_team_policy_mappings = [

generate-helm-values.tf

@@ -40,7 +40,7 @@ locals {
 
 module "glueops_platform_helm_values" {
   for_each                                   = local.environment_map
-  source                                     = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.35.1"
+  source                                     = "git::https://github.com/GlueOps/platform-helm-chart-platform.git?ref=v0.37.0"
   captain_repo_b64encoded_private_deploy_key = base64encode(module.captain_repository[each.value.environment_name].private_deploy_key)
   captain_repo_ssh_clone_url                 = module.captain_repository[each.value.environment_name].ssh_clone_url
   this_is_development                        = var.this_is_development

generate-tenant-readmes.tf

@@ -1,5 +1,5 @@
 locals {
-  argocd_app_version = "v2.8.6"
+  argocd_app_version = "v2.8.7"
 
 }
 

iam-policy-loki-xptr-s3.tf

@@ -10,15 +10,23 @@ resource "aws_iam_policy" "loki_logs_exporter_s3" {
       "Effect": "Allow",
       "Action": [
         "s3:PutObject",
-        "s3:ListObject",
-        "s3:HeadObject",
-        "s3:ListBucket",
-        "s3:GetObject"
+        "s3:GetObject",
+        "s3:List*"
       ],
       "Resource": [
         "${module.common_s3.primary_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/loki_exported_logs/*",
         "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/loki_exported_logs/*"
       ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "${module.common_s3.primary_s3_bucket_arn}",
+        "${module.common_s3.replica_s3_bucket_arn}"
+      ]
     }
   ]
 }

iam-policy-vault-backup-s3.tf

@@ -9,12 +9,23 @@ resource "aws_iam_policy" "vault_s3_backup" {
     {
       "Effect": "Allow",
       "Action": [
-        "s3:PutObject"
+        "s3:PutObject",
+        "s3:GetObject"
       ],
       "Resource": [
         "${module.common_s3.primary_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*",
         "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*"
       ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "${module.common_s3.primary_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-init/*",
+        "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-init/*"
+      ]
     }
   ]
 }

iam-policy-vault-init-s3.tf

@@ -18,6 +18,17 @@ resource "aws_iam_policy" "vault_init_s3" {
         "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-init/*"
       ]
     },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject*",
+        "s3:List*"
+      ],
+      "Resource": [
+        "${module.common_s3.primary_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*",
+        "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*"
+      ]
+    },
     {
       "Effect": "Allow",
       "Action": [

modules/multy-s3-bucket/0.1.0/s3-backup-bucket.tf

@@ -36,7 +36,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "replica" {
     filter {}
 
     noncurrent_version_expiration {
-      noncurrent_days = var.this_is_development ? 1 : 90
+      noncurrent_days = var.this_is_development ? 14 : 180
     }
     status = "Enabled"
   }

modules/multy-s3-bucket/0.1.0/s3-primary-bucket.tf

@@ -39,7 +39,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "primary" {
     filter {}
 
     noncurrent_version_expiration {
-      noncurrent_days = var.this_is_development ? 1 : 90
+      noncurrent_days = var.this_is_development ? 14 : 180
     }
     status = "Enabled"
   }
@@ -54,4 +54,4 @@ resource "aws_s3_bucket_public_access_block" "primary" {
   block_public_policy     = true
   ignore_public_acls      = true
   restrict_public_buckets = true
-}
+}

modules/tenant-readme/0.1.0/readme.tf

@@ -39,11 +39,11 @@ data "local_file" "readme" {
 }
 
 locals {
-  codespace_version         = "v0.31.4"
+  codespace_version         = "v0.33.1"
   argocd_crd_version        = var.argocd_app_version
   argocd_helm_chart_version = "5.50.1"
-  glueops_platform_version  = "v0.35.1" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf
-  tools_version             = "v0.5.1"
+  glueops_platform_version  = "v0.37.0" # this also needs to be updated in the module.glueops_platform_helm_values // generate-helm-values.tf
+  tools_version             = "v0.6.0"
 }
 
 

modules/tenant-readme/0.1.0/tenant-readme.md.tpl

@@ -11,7 +11,7 @@ This README will outline the steps required to:
 4. Tear down the cluster when it is no longer needed.
 
 <br /><br />
-## Prerequisites
+## Prerequisites (not k3d)
 
 1. User account in the desired cloud with necessary permissions to create Service Users capable of deploying a Kubernetes cluster.
 2. [Create a new Codespace.](https://github.com/codespaces/new?hide_repo_select=true&ref=%F0%9F%9A%80%F0%9F%92%8E%F0%9F%99%8C%F0%9F%9A%80&repo=527049979&skip_quickstart=true&machine=basicLinux32gb&devcontainer_path=.devcontainer%2Fplaceholder_codespace_version%2Fdevcontainer.json)
@@ -26,6 +26,7 @@ gh repo clone placeholder_github_owner/placeholder_repo_name
 ## Select Cloud
 - [GCP](#GCP)
 - [AWS](#AWS)
+- [k3d](https://github.com/GlueOps/k3d)
 
 ## GCP
 
@@ -125,10 +126,21 @@ In addition to creating the `deployment-configurations` repository, you must ins
 
 <br /><br />
 
+## Delete Tenant Data From S3
+
+Use the following command to destroy any backups/ephemeral data when you created your cluster.
+* [Launch a CloudShell](https://us-east-1.console.aws.amazon.com/cloudshell/home?region=us-west-2) within the Primary/Root AWS Account.
+    * Execute the following command in the cloudshell.  When prompted, enter the name of your captain domain (e.g. test-001-np.earth.onglueops.rocks ).
+
+```sh
+bash <(curl -s https://raw.githubusercontent.com/GlueOps/development-only-utilities/placeholder_tools_version/tools/aws/tenant-s3-nuke.sh)
+```
+
 ## Teardown Kubernetes
 
 - [AWS](#AWS-Teardown)
 - [GCP](#GCP-Teardown)
+- [k3d](#k3d-teardown)
 
 ### AWS Teardown
 
@@ -150,3 +162,11 @@ Use the following command to destroy the cluster when it is no longer needed.
 source <(curl -s https://raw.githubusercontent.com/GlueOps/development-only-utilities/placeholder_tools_version/tools/gcp/gcp-project-teardown) && \
     gcp-project-teardown -p placeholder_tenant_key-placeholder_cluster_environment
 ```
+
+### k3d Teardown
+
+Login to the AWS Lightsail account and delete the nodes with your captain domain. You can tear down your cluster locally with:
+
+```bash
+k3d cluster delete captain
+```