Merge branch 'nightly' into 'master'

update nightly cluster to use latest n-1 See merge request platform-one/big-bang/bigbang!435

Merge branch 'nightly' into 'master'
36ac449b · joshwolf · 6060cad7 · 1f0de5f8 · 36ac449b · 36ac449b
Commit 36ac449b authored 3 years ago by joshwolf
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
@@ -31,3 +31,12 @@ module "dev" {
  public_subnets      = data.terraform_remote_state.networking.outputs.public_subnets
  ssh_authorized_keys = [tls_private_key.ssh.public_key_openssh]
 }
+
+resource "aws_security_group_rule" "dev-ssh" {
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
+  security_group_id = module.dev.cluster_sg
+  type              = "ingress"
+  cidr_blocks       = ["0.0.0.0/0"]
+}
\ No newline at end of file
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
@@ -43,6 +43,11 @@ module "rke2" {
  controlplane_internal = var.controlplane_internal
  rke2_version          = var.rke2_version

+  rke2_config = <<EOF
+disable:
+  - rke2-ingress-nginx
+EOF
+
  enable_ccm = var.enable_ccm
  download   = var.download

@@ -106,4 +111,9 @@ resource "aws_ec2_tag" "private_subnets_tags" {
  resource_id = var.private_subnets[count.index]
  key         = "kubernetes.io/cluster/${module.rke2.cluster_name}"
  value       = "shared"
+}
+
+output "cluster_sg" {
+  description = "Cluster SG ID, used for dev ssh access"
+  value = module.rke2.cluster_data.cluster_sg
 }
\ No newline at end of file
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
@@ -47,8 +47,8 @@ variable "download" {
 # Server variables
 #
 variable "server_ami" {
-  # RHEL 8 RKE2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-09d02b6cbe719f221"
+  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-017e342d9500ef3b2"
 }
 variable "server_instance_type" {
  default = "m5a.large"
@@ -57,15 +57,15 @@ variable "servers" {
  default = 1
 }
 variable "rke2_version" {
-  default = "v1.18.12+rke2r2"
+  default = "v1.20.5+rke2r1"
 }

 #
 # Generic agent variables
 #
 variable "agent_ami" {
-  # RHEL 8 RKE2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-09d02b6cbe719f221"
+  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-017e342d9500ef3b2"
 }
 variable "agent_instance_type" {
  default = "m5a.4xlarge"