Upgrade aws provider and modules
#15
Conversation
| subnet_ids = concat(module.vpc.private_subnets, module.vpc.public_subnets) | ||
| vpc_id = module.vpc.vpc_id | ||
| subnet_ids = concat(module.vpc.private_subnets, module.vpc.public_subnets) | ||
| node_security_group_enable_recommended_rules = false |
There was a problem hiding this comment.
The new variable node_security_group_enable_recommended_rules is set to true by default and may conflict with any custom ingress/egress rules. Please ensure that any duplicates from the node_security_group_additional_rules are removed before upgrading, or set node_security_group_enable_recommended_rules to false. Reference
Support for setting default node security group rules for common access patterns required:
- Egress all for 0.0.0.0/0/::/0
- Ingress from cluster security group for 8443/TCP and 9443/TCP for common applications such as ALB Ingress Controller, Karpenter, OPA Gatekeeper, etc. These are commonly used as webhook ports for validating and mutating webhooks
I disabled it because I'm not sure we need those default rules and we specify a custom egress rule.
| @@ -79,6 +79,7 @@ module "rds" { | |||
| major_engine_version = "8.0" | |||
| instance_class = "db.t2.micro" | |||
| allocated_storage = 10 | |||
| storage_encrypted = false | |||
There was a problem hiding this comment.
Now it's true by default. I think we probably also should have it true by default but decided to set it to false for now because it might break something for the existing infrastructures. Let me know if we can set it to true by default.
I haven't testing it. I will do it once I have AWS account to test.
aws provider:
rds:
vpc:
eks: