Merge branch 'random-bug-fixes' into 'master'

random bug fixes pre 1.13.0

See merge request platform-one/big-bang/bigbang!526

.gitlab-ci.yml

@@ -247,13 +247,6 @@ aws/rke2/bigbang up:
     - cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
     # Deploy a default storage class for aws
     - kubectl apply -f ${CI_PROJECT_DIR}/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
-    - echo "Patching default rke2 PSPs to be less restrictive so OPA Gatekeeper can successfully deploy"
-    - |
-      kubectl --kubeconfig rke2.yaml patch psp global-unrestricted-psp  -p '{"metadata": { "annotations": { "seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*" } } }'
-    - |
-      kubectl --kubeconfig rke2.yaml patch psp system-unrestricted-psp  -p '{ "metadata": { "annotations": { "seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*" } } }'
-    - |
-      kubectl --kubeconfig rke2.yaml patch psp global-restricted-psp  -p '{ "metadata": { "annotations": { "seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*" } } }'
 
   script:
     - *deploy_bigbang

.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf

@@ -31,7 +31,7 @@ EOF
 }
 
 module "rke2" {
-  source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git?ref=v1.1.7"
+  source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git?ref=v1.1.8"
 
   cluster_name          = local.name
   vpc_id                = var.vpc_id
@@ -48,6 +48,12 @@ disable:
   - rke2-ingress-nginx
 EOF
 
+  block_device_mappings = {
+    size = 100
+    encrypted = true
+    type = "gp3"
+  }
+
   enable_ccm = var.enable_ccm
   download   = var.download
 
@@ -57,7 +63,7 @@ EOF
 }
 
 module "generic_agents" {
-  source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git//modules/agent-nodepool?ref=v1.1.7"
+  source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git//modules/agent-nodepool?ref=v1.1.8"
 
   name                = "generic-agent"
   vpc_id              = var.vpc_id
@@ -76,6 +82,12 @@ module "generic_agents" {
   # TODO: These need to be set in pre-baked ami's
   pre_userdata = local.os_prep
 
+  block_device_mappings = {
+    size = 150
+    encrypted = true
+    type = "gp3"
+  }
+
   # Required data for identifying cluster to join
   cluster_data = module.rke2.cluster_data
 

.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf

@@ -47,11 +47,11 @@ variable "download" {
 # Server variables
 #
 variable "server_ami" {
-  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-017e342d9500ef3b2"
+  # RHEL 8.3 RKE2 v1.20.7+rke2r2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-04fc9486a0c1633cb"
 }
 variable "server_instance_type" {
-  default = "m5a.large"
+  default = "m5a.2xlarge"
 }
 variable "servers" {
   default = 1
@@ -64,17 +64,17 @@ variable "rke2_version" {
 # Generic agent variables
 #
 variable "agent_ami" {
-  # RHEL 8.3 RKE2 v1.20.5+rke2r1 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
-  default = "ami-017e342d9500ef3b2"
+  # RHEL 8.3 RKE2 v1.20.7+rke2r2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
+  default = "ami-04fc9486a0c1633cb"
 }
 variable "agent_instance_type" {
   default = "m5a.4xlarge"
 }
 variable "agent_asg" {
-  default = { min : 2, max : 10, desired : 2 }
+  default = { min : 3, max : 10, desired : 3 }
 }
 variable "agent_spot" {
-  default = false
+  default = true
 }
 
 variable "ci_pipeline_url" {

tests/ci/k3d/values.yaml

@@ -363,7 +363,8 @@ addons:
     enabled: false
     values:
       persistence:
-        storageSize: 3Gi
+        # Do NOT set this below 4Gi, nexus will fail to boot
+        storageSize: 10Gi
       nexus:
       # https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
         env: