From c9c63522fc2577d41aa07028a920499f594c998e Mon Sep 17 00:00:00 2001
From: Venkat <venkata@venkatamutyala.com>
Date: Thu, 9 May 2024 09:45:09 -0700
Subject: [PATCH 1/6] fix(coredns): remove service account role arn as it's
 only needed for csi addon

---
 addon_coredns.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/addon_coredns.tf b/addon_coredns.tf
index c389d6d..2a13a58 100644
--- a/addon_coredns.tf
+++ b/addon_coredns.tf
@@ -7,7 +7,7 @@ resource "aws_eks_addon" "coredns" {
   resolve_conflicts_on_create = "OVERWRITE"
   resolve_conflicts_on_update = "OVERWRITE"
 
-  service_account_role_arn = aws_iam_role.eks_addon_ebs_csi_role.arn
+  service_account_role_arn = null
   depends_on               = [module.node_pool]
   count                    = length(var.node_pools) > 0 ? 1 : 0
 

From 6b44a5cae21a014605c0f6a3ccd8dd04004256b1 Mon Sep 17 00:00:00 2001
From: Venkat <venkata@venkatamutyala.com>
Date: Thu, 9 May 2024 10:00:50 -0700
Subject: [PATCH 2/6] feat: consolidate all addons into one file and add kube
 proxy

---
 README.md                 |  1 +
 addon_coredns.tf          | 15 ---------------
 addon_csi.tf => addons.tf | 29 +++++++++++++++++++++++++++++
 docs/.header.md           |  1 +
 tests/main.tf             |  1 +
 variables.tf              | 12 +++++++++---
 6 files changed, 41 insertions(+), 18 deletions(-)
 delete mode 100644 addon_coredns.tf
 rename addon_csi.tf => addons.tf (64%)

diff --git a/README.md b/README.md
index 6c7fac6..a96de7a 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ module "captain" {
   eks_version        = "1.28"
   csi_driver_version = "v1.30.0-eksbuild.1"
   coredns_version    = "v1.10.1-eksbuild.7"
+  kube_proxy_version = "v1.28.6-eksbuild.2"
   vpc_cidr_block     = "10.65.0.0/26"
   region             = "us-west-2"
   availability_zones = ["us-west-2a", "us-west-2b"]
diff --git a/addon_coredns.tf b/addon_coredns.tf
deleted file mode 100644
index 2a13a58..0000000
--- a/addon_coredns.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-resource "aws_eks_addon" "coredns" {
-  cluster_name                = module.kubernetes.eks_cluster_id
-  addon_name                  = "coredns"
-  addon_version               = var.coredns_version
-  resolve_conflicts_on_create = "OVERWRITE"
-  resolve_conflicts_on_update = "OVERWRITE"
-
-  service_account_role_arn = null
-  depends_on               = [module.node_pool]
-  count                    = length(var.node_pools) > 0 ? 1 : 0
-
-  configuration_values = local.coredns_addon_node_tolerations
-}
diff --git a/addon_csi.tf b/addons.tf
similarity index 64%
rename from addon_csi.tf
rename to addons.tf
index cab9bdc..cbb7ca4 100644
--- a/addon_csi.tf
+++ b/addons.tf
@@ -53,3 +53,32 @@ resource "aws_eks_addon" "ebs_csi" {
   configuration_values     = local.csi_addon_node_tolerations
 
 }
+
+resource "aws_eks_addon" "coredns" {
+  cluster_name                = module.kubernetes.eks_cluster_id
+  addon_name                  = "coredns"
+  addon_version               = var.coredns_version
+  resolve_conflicts_on_create = "OVERWRITE"
+  resolve_conflicts_on_update = "OVERWRITE"
+
+  service_account_role_arn = null
+  depends_on               = [module.node_pool]
+  count                    = length(var.node_pools) > 0 ? 1 : 0
+
+  configuration_values = local.coredns_addon_node_tolerations
+}
+
+
+resource "aws_eks_addon" "kube_proxy" {
+  cluster_name                = module.kubernetes.eks_cluster_id
+  addon_name                  = "kube-proxy"
+  addon_version               = var.kube_proxy_version
+  resolve_conflicts_on_create = "OVERWRITE"
+  resolve_conflicts_on_update = "OVERWRITE"
+
+  service_account_role_arn = null
+  depends_on               = [module.node_pool]
+  count                    = length(var.node_pools) > 0 ? 1 : 0
+
+  configuration_values = local.coredns_addon_node_tolerations
+}
diff --git a/docs/.header.md b/docs/.header.md
index e631071..a80eef6 100644
--- a/docs/.header.md
+++ b/docs/.header.md
@@ -19,6 +19,7 @@ module "captain" {
   eks_version        = "1.28"
   csi_driver_version = "v1.30.0-eksbuild.1"
   coredns_version    = "v1.10.1-eksbuild.7"
+  kube_proxy_version = "v1.28.6-eksbuild.2"
   vpc_cidr_block     = "10.65.0.0/26"
   region             = "us-west-2"
   availability_zones = ["us-west-2a", "us-west-2b"]
diff --git a/tests/main.tf b/tests/main.tf
index 6a76e54..ace8cdf 100644
--- a/tests/main.tf
+++ b/tests/main.tf
@@ -4,6 +4,7 @@ module "captain" {
   eks_version        = "1.28"
   csi_driver_version = "v1.30.0-eksbuild.1"
   coredns_version    = "v1.10.1-eksbuild.7"
+  kube_proxy_version = "v1.28.6-eksbuild.2"
   vpc_cidr_block     = "10.65.0.0/26"
   region             = "us-west-2"
   availability_zones = ["us-west-2a", "us-west-2b"]
diff --git a/variables.tf b/variables.tf
index 31441a1..455ddf3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -5,16 +5,22 @@ variable "region" {
 
 variable "csi_driver_version" {
   type        = string
-  default     = "v1.26.1-eksbuild.1"
+  default     = "v1.29.1-eksbuild.1"
   description = "You should grab the appropriate version number from: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/CHANGELOG.md"
 }
 
 variable "coredns_version" {
   type        = string
-  default     = "v1.10.1-eksbuild.6"
+  default     = "v1.10.1-eksbuild.7"
   description = "You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html"
 }
 
+variable "kube_proxy_version" {
+  type        = string
+  default     = "v1.27.10-eksbuild.2"
+  description = "You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html"
+}
+
 
 locals {
 
@@ -59,7 +65,7 @@ variable "availability_zones" {
 variable "eks_version" {
   type        = string
   description = "The version of EKS to deploy"
-  default     = "1.28"
+  default     = "1.27"
 }
 
 variable "node_pools" {

From a88bc75ac71350e0b44b8d3ecf09aae80244eca9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 9 May 2024 17:01:15 +0000
Subject: [PATCH 3/6] docs: automated update of terraform docs

---
 README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index a96de7a..3db0917 100644
--- a/README.md
+++ b/README.md
@@ -155,6 +155,7 @@ No requirements.
 |------|------|
 | [aws_eks_addon.coredns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_eks_addon.ebs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
+| [aws_eks_addon.kube_proxy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_role.eks_addon_ebs_csi_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.ebs_csi](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_security_group.captain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
@@ -169,10 +170,11 @@ No requirements.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The availability zones to deploy into | `list(string)` | <pre>[<br>  "us-west-2a",<br>  "us-west-2b",<br>  "us-west-2c"<br>]</pre> | no |
-| <a name="input_coredns_version"></a> [coredns\_version](#input\_coredns\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html | `string` | `"v1.10.1-eksbuild.6"` | no |
-| <a name="input_csi_driver_version"></a> [csi\_driver\_version](#input\_csi\_driver\_version) | You should grab the appropriate version number from: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/CHANGELOG.md | `string` | `"v1.26.1-eksbuild.1"` | no |
-| <a name="input_eks_version"></a> [eks\_version](#input\_eks\_version) | The version of EKS to deploy | `string` | `"1.28"` | no |
+| <a name="input_coredns_version"></a> [coredns\_version](#input\_coredns\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html | `string` | `"v1.10.1-eksbuild.7"` | no |
+| <a name="input_csi_driver_version"></a> [csi\_driver\_version](#input\_csi\_driver\_version) | You should grab the appropriate version number from: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/CHANGELOG.md | `string` | `"v1.29.1-eksbuild.1"` | no |
+| <a name="input_eks_version"></a> [eks\_version](#input\_eks\_version) | The version of EKS to deploy | `string` | `"1.27"` | no |
 | <a name="input_iam_role_to_assume"></a> [iam\_role\_to\_assume](#input\_iam\_role\_to\_assume) | The full ARN of the IAM role to assume | `string` | n/a | yes |
+| <a name="input_kube_proxy_version"></a> [kube\_proxy\_version](#input\_kube\_proxy\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html | `string` | `"v1.27.10-eksbuild.2"` | no |
 | <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools) | node pool configurations:<br>  - name (string): Name of the node pool. MUST BE UNIQUE! Recommended to use YYYYMMDD in the name<br>  - node\_count (number): number of nodes to create in the node pool.<br>  - instance\_type (string): Instance type to use for the nodes. ref: https://instances.vantage.sh/<br>  - ami\_image\_id (string): AMI image ID to use for EKS worker nodes. This varies per region!! ref: https://github.com/awslabs/amazon-eks-ami/releases to find the AMI ID go to the console: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#Images:visibility=public-images;search=amazon-eks-node-1.28-v20230703<br>  - spot (bool): Enable spot instances for the nodes. DO NOT ENABLE IN PROD!<br>  - disk\_size\_gb (number): Disk size in GB for the nodes.<br>  - max\_pods (number): max pods that can be scheduled per node.<br>  - ssh\_key\_pair\_names (list(string)): List of SSH key pair names to associate with the nodes. ref: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#KeyPairs:<br>  - kubernetes\_labels (map(string)): Map of labels to apply to the nodes. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/<br>  - kubernetes\_taints (list(object)): List of taints to apply to the nodes. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | <pre>list(object({<br>    name               = string<br>    node_count         = number<br>    instance_type      = string<br>    ami_image_id       = string<br>    spot               = bool<br>    disk_size_gb       = number<br>    max_pods           = number<br>    ssh_key_pair_names = list(string)<br>    kubernetes_labels  = map(string)<br>    kubernetes_taints = list(object({<br>      key    = string<br>      value  = string<br>      effect = string<br>    }))<br><br>  }))</pre> | <pre>[<br>  {<br>    "ami_image_id": "ami-077ca19cf151a75e0",<br>    "disk_size_gb": 20,<br>    "instance_type": "t3a.large",<br>    "kubernetes_labels": {},<br>    "kubernetes_taints": [],<br>    "max_pods": 110,<br>    "name": "default-pool",<br>    "node_count": 1,<br>    "spot": false,<br>    "ssh_key_pair_names": []<br>  }<br>]</pre> | no |
 | <a name="input_peering_configs"></a> [peering\_configs](#input\_peering\_configs) | A list of maps containing VPC peering configuration details | <pre>list(object({<br>    vpc_peering_connection_id = string<br>    destination_cidr_block    = string<br>  }))</pre> | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | The AWS region to deploy into | `string` | n/a | yes |

From 2085fecb48b544f2ec926b95fba58daea6810c40 Mon Sep 17 00:00:00 2001
From: Venkat <venkata@venkatamutyala.com>
Date: Thu, 9 May 2024 10:43:53 -0700
Subject: [PATCH 4/6] fix: kube-proxy. no configuration values/tains are needed

---
 addons.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/addons.tf b/addons.tf
index cbb7ca4..6fe82ea 100644
--- a/addons.tf
+++ b/addons.tf
@@ -79,6 +79,4 @@ resource "aws_eks_addon" "kube_proxy" {
   service_account_role_arn = null
   depends_on               = [module.node_pool]
   count                    = length(var.node_pools) > 0 ? 1 : 0
-
-  configuration_values = local.coredns_addon_node_tolerations
 }

From d2153ccf3827fb123d90262eef89eef25ca6ce93 Mon Sep 17 00:00:00 2001
From: Venkat <venkata@venkatamutyala.com>
Date: Thu, 9 May 2024 12:34:38 -0700
Subject: [PATCH 5/6] Update addons.tf

---
 addons.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/addons.tf b/addons.tf
index 6fe82ea..40280ec 100644
--- a/addons.tf
+++ b/addons.tf
@@ -61,7 +61,6 @@ resource "aws_eks_addon" "coredns" {
   resolve_conflicts_on_create = "OVERWRITE"
   resolve_conflicts_on_update = "OVERWRITE"
 
-  service_account_role_arn = null
   depends_on               = [module.node_pool]
   count                    = length(var.node_pools) > 0 ? 1 : 0
 
@@ -76,7 +75,6 @@ resource "aws_eks_addon" "kube_proxy" {
   resolve_conflicts_on_create = "OVERWRITE"
   resolve_conflicts_on_update = "OVERWRITE"
 
-  service_account_role_arn = null
   depends_on               = [module.node_pool]
   count                    = length(var.node_pools) > 0 ? 1 : 0
 }

From 9b719ef7febe93e9d3ac3a74337c7206c80c8113 Mon Sep 17 00:00:00 2001
From: Venkat <venkata@venkatamutyala.com>
Date: Thu, 9 May 2024 12:41:56 -0700
Subject: [PATCH 6/6] Update addons.tf

---
 addons.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/addons.tf b/addons.tf
index 40280ec..588fe31 100644
--- a/addons.tf
+++ b/addons.tf
@@ -61,9 +61,9 @@ resource "aws_eks_addon" "coredns" {
   resolve_conflicts_on_create = "OVERWRITE"
   resolve_conflicts_on_update = "OVERWRITE"
 
+  service_account_role_arn = aws_iam_role.eks_addon_ebs_csi_role.arn
   depends_on               = [module.node_pool]
   count                    = length(var.node_pools) > 0 ? 1 : 0
-
   configuration_values = local.coredns_addon_node_tolerations
 }