From 1f0de5f8ebb7a3fad81260838ba7939893e6288e Mon Sep 17 00:00:00 2001
From: Josh Wolf <josh@joshwolf.dev>
Date: Tue, 20 Apr 2021 22:56:40 -0600
Subject: [PATCH] update nightly cluster to use latest n-1

---
 .../jobs/rke2/dependencies/terraform/env/dev/dev.tf    |  9 +++++++++
 .../jobs/rke2/dependencies/terraform/main/main.tf      | 10 ++++++++++
 .../jobs/rke2/dependencies/terraform/main/variables.tf | 10 +++++-----
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
index 0b9624d3a7..9662d59903 100644
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
@@ -31,3 +31,12 @@ module "dev" {
   public_subnets      = data.terraform_remote_state.networking.outputs.public_subnets
   ssh_authorized_keys = [tls_private_key.ssh.public_key_openssh]
 }
+
+resource "aws_security_group_rule" "dev-ssh" {
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
+  security_group_id = module.dev.cluster_sg
+  type              = "ingress"
+  cidr_blocks       = ["0.0.0.0/0"]
+}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
index 45d8c25fd9..6f0a34008d 100644
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
@@ -43,6 +43,11 @@ module "rke2" {
   controlplane_internal = var.controlplane_internal
   rke2_version          = var.rke2_version
 
+  rke2_config = <<EOF
+disable:
+  - rke2-ingress-nginx
+EOF
+
   enable_ccm = var.enable_ccm
   download   = var.download
 
@@ -106,4 +111,9 @@ resource "aws_ec2_tag" "private_subnets_tags" {
   resource_id = var.private_subnets[count.index]
   key         = "kubernetes.io/cluster/${module.rke2.cluster_name}"
   value       = "shared"
+}
+
+output "cluster_sg" {
+  description = "Cluster SG ID, used for dev ssh access"
+  value = module.rke2.cluster_data.cluster_sg
 }
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
index 36102895d7..94cb625445 100644
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
@@ -47,8 +47,8 @@ variable "download" {
 # Server variables
 #
 variable "server_ami" {
-  # RHEL 8 RKE2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-09d02b6cbe719f221"
+  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-017e342d9500ef3b2"
 }
 variable "server_instance_type" {
   default = "m5a.large"
@@ -57,15 +57,15 @@ variable "servers" {
   default = 1
 }
 variable "rke2_version" {
-  default = "v1.18.12+rke2r2"
+  default = "v1.20.5+rke2r1"
 }
 
 #
 # Generic agent variables
 #
 variable "agent_ami" {
-  # RHEL 8 RKE2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-09d02b6cbe719f221"
+  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-017e342d9500ef3b2"
 }
 variable "agent_instance_type" {
   default = "m5a.4xlarge"
-- 
GitLab