[DPE-1423] Update ocean-kubernetes-controller version to 0.1.59

deployments/stacks/dpe-k8s-deployments/main.tf

@@ -2,8 +2,7 @@ locals {
   git_revision = var.git_revision
 }
 module "sage-aws-eks-autoscaler" {
-  source                 = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws"
-  version                = "0.9.0"
+  source                 = "../../../modules/sage-aws-k8s-node-autoscaler"
   cluster_name           = var.cluster_name
   private_vpc_subnet_ids = var.private_subnet_ids_eks_worker_nodes
   vpc_id                 = var.vpc_id

modules/sage-aws-k8s-node-autoscaler/main.tf

@@ -82,7 +82,7 @@ resource "helm_release" "ocean-kubernetes-controller" {
   repository       = "https://charts.spot.io"
   chart            = "ocean-kubernetes-controller"
   namespace        = "spot-system"
-  version          = "0.1.52"
+  version          = "0.1.66"
   create_namespace = true
 
   values = [templatefile("${path.module}/templates/values.yaml", {})]
@@ -106,7 +106,7 @@ resource "helm_release" "ocean-kubernetes-controller" {
 
 module "ocean-aws-k8s" {
   source  = "spotinst/ocean-aws-k8s/spotinst"
-  version = "1.4.0"
+  version = "1.11.0"
 
   # Configuration
   cluster_name                     = var.cluster_name
@@ -147,4 +147,25 @@ module "ocean-aws-k8s" {
     root_device_types       = null
     virtualization_types    = null
   }
+
+  user_data = base64encode(<<-EOF
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="//"
+
+--//
+Content-Type: application/node.eks.aws
+
+---
+apiVersion: node.eks.aws/v1alpha1
+kind: NodeConfig
+spec:
+  cluster:
+    apiServerEndpoint: ${data.aws_eks_cluster.cluster.endpoint}
+    certificateAuthority: ${data.aws_eks_cluster.cluster.certificate_authority[0].data}
+    cidr: ${data.aws_eks_cluster.cluster.kubernetes_network_config[0].service_ipv4_cidr}
+    name: ${var.cluster_name}
+--//--
+EOF
+  )
 }
+

modules/sage-aws-k8s-node-autoscaler/templates/values.yaml

@@ -8,8 +8,8 @@ spotinst:
   # -- Spot Token. (Required)
   # Ref: https://docs.spot.io/administration/api/create-api-token
   token: ""
-  # -- Spot Account. (Required)
-  # Ref: https://docs.spot.io/administration/organizations?id=account
+  # -- Spot Account ID. (Required)
+  # Example: `act-123abcd`
   account: ""
   # -- Unique identifier used by the Ocean Controller to connect (Required)
   # between the Ocean backend and the Kubernetes cluster.
@@ -25,15 +25,25 @@ spotinst:
   enableCsrApproval: true
   # -- Disable automatic RightSizing. (Optional)
   disableAutomaticRightSizing: false
+  # -- Disable TLS certificate validation. (Optional)
+  insecureSkipTLSVerify: false
+  # -- Sets the controller to read-only mode, removing write permissions and disabling autoscaling. (Optional)
+  readonly: false
 
 # -- Configure the amount of replicas for the controller (Optional)
 replicas: 2
 
 image:
   repository: us-docker.pkg.dev/spotit-today/container-labs/spotinst-kubernetes-controller
   pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- Overrides the image tag whose default is the chart appVersion.
   tag: ""
+  # -- Set to `true` to use an FIPS-140 compliant image. This flag adds `-fips` suffix to the image tag,
+  # therefore it should not be used together with the `--image.tag` flag.
+  # Ref: https://go.dev/doc/security/fips140
+  fips: false
+
+initContainers: []
 
 imagePullSecrets: []
 
@@ -79,9 +89,9 @@ commonLabels: {}
 # Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
 podSecurityContext:
   runAsNonRoot: true
-  runAsUser: 10001
-  runAsGroup: 10001
-  fsGroup: 10001
+  runAsUser: 1000690000
+  runAsGroup: 1000690000
+  fsGroup: 1000690000
 
 # -- Priority class name for the controller pod.
 priorityClassName: system-node-critical
@@ -100,6 +110,8 @@ securityContext:
     drop:
     - ALL
 
+command: []
+
 args: []
 #  - --test
 
@@ -190,8 +202,7 @@ metrics-server:
     pullPolicy: IfNotPresent
 
   # -- Arguments to pass to metrics-server on start up. (Optional)
-  args:
-  - --logtostderr
+  # args:
   # enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
   #  - --kubelet-insecure-tls
 
@@ -200,10 +211,12 @@ logShipping:
   # -- Specifies whether to send the controller logs to Spot for analysis. (Optional)
   enabled: false
 
-  # -- Specifies the log shipping container image. (Optional)
   image:
+    # -- Image repository. (Optional)
     repository: ghcr.io/fluent/fluent-bit
-    tag: "3.0.7"
+    # -- Overrides the image tag. (Optional)
+    tag: "3.1.9"
+    # -- Image pull policy. (Optional)
     pullPolicy: IfNotPresent
 
   # -- Log shipping destination configuration.
@@ -212,6 +225,26 @@ logShipping:
     port: 443
     tls: true
 
+  extraVolumeMounts: []
+
+  extraEnv: []
+
+  # -- Log shipping container command. (Optional)
+  command:
+    - /fluent-bit/bin/fluent-bit
+    - -c
+    - /tmp/fluent-bit.conf
+    - -q
+
+  # -- Log Shipping container security context
+  securityContext:
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    capabilities:
+      drop:
+      - ALL
+
 # Auto Update process configuration.
 autoUpdate:
   # -- Configures the image for the auto-updater job. (Optional)
@@ -230,9 +263,9 @@ autoUpdate:
   # Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
   podSecurityContext:
     runAsNonRoot: true
-    runAsUser: 10001
-    runAsGroup: 10001
-    fsGroup: 10001
+    runAsUser: 1000690000
+    runAsGroup: 1000690000
+    fsGroup: 1000690000
 
   # -- Security Context for the auto-updater container. (Optional)
   securityContext:

modules/sage-aws-k8s-node-autoscaler/versions.tf

@@ -9,8 +9,8 @@ terraform {
       version = "~> 2.0"
     }
     spotinst = {
-      source  = "spotinst/spotinst"
-      version = "1.172.0" # Specify the version you wish to use
+      source  = "opentofu/spotinst"
+      version = "1.225.0" # Specify the version you wish to use
     }
     helm = {
       source  = "hashicorp/helm"