update docs

Signed-off-by: Kevin Lefevre <[email protected]>

.github/workflows/terraform.yml

@@ -42,20 +42,11 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v2
 
-    - uses: hashicorp/setup-terraform@v1
-      with:
-        terraform_version: ${{ secrets.TERRAFORM_VERSION }}
-
     - name: 'asdf:install'
       uses: asdf-vm/actions/[email protected]
 
     - uses: actions/setup-python@v2
 
-    - name: Install terraform tooling
-      run: |
-        curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz && tar xzf terraform-docs.tgz terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
-        curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip tflint && rm tflint.zip && sudo mv tflint /usr/bin/
-
     - name: Init tooling
       run: |
         tflint --init

README.md

@@ -21,6 +21,7 @@
   * [Bottlerocket support](#bottlerocket-support)
   * [AWS Session Manager by default](#aws-session-manager-by-default)
   * [From and to Zero scaling with EKS Managed Node Groups](#from-and-to-zero-scaling-with-eks-managed-node-groups)
+  * [Automatic dependencies upgrade](#automatic-dependencies-upgrade)
   * [Enforced security](#enforced-security)
   * [Out of the box logging](#out-of-the-box-logging)
   * [Out of the box monitoring](#out-of-the-box-monitoring)
@@ -39,6 +40,9 @@ you need to run a production EKS cluster on AWS. It ships with sensible
 defaults, and add a lot of common addons with their configurations that work out
 of the box.
 
+This is our opinionated view of what a well structred infrastructure as code
+repository should look like.
+
 :warning: the v5 and further version of this project have been completely revamp
 and now offer a skeleton to use as a base for your infrastructure projects
 around EKS. All the modules have been moved outside this repository and get
@@ -108,6 +112,12 @@ aws ssm start-session --target INSTANCE_ID
 tEKS support scaling to and from 0, even with using [well know Kubernetes labels](https://kubernetes.io/docs/reference/labels-annotations-taints/), there are a number of [ongoing issues](https://github.com/aws/containers-roadmap/issues/724) for support of [EKS Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) with [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler). Thanks to [automatic ASG tagging](https://github.com/particuleio/teks/blob/main/terragrunt/snippets/eks-asg-tags/eks-asg-tags.tf), tEKS adds the necessary tags on autoscaling group to balance similar node groups and allow you to scale to and from 0 and even to use well know labels such as `node.kubernetes.io/instance-type` or `topology.kubernetes.io/zone
 `. The logic can be extended to support other well known labels.
 
+### Automatic dependencies upgrade
+
+We are using renovate to automatically open PR with the latest dependencies
+update (Terraform modules upgrade) so you never miss an upgrade and are alwasy
+up to date with the latest features.
+
 ### Enforced security
 
 * No IAM credentials on instances, everything is enforced with [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/).

docs/user-guides/eks-addons.md

@@ -10,57 +10,15 @@
 * operators
 
 For commonly used addons one Kubernetes and most specifically with EKS.
-The deployments are curated to be tightly integrated with AWS and EKS.
 
-The following addons are available and work out of the box.
-
-## Helm charts
-
-All charts have been tested with Helm v3 and the `terraform-provider-helm` v1.0 which supports Helm v3. They can be easily customize with custom values.
-
-* [cluster-autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler): scale worker nodes based on workload.
-* [external-dns](https://github.com/kubernetes-incubator/external-dns): sync ingress and service records in route53.
-* [cert-manager](https://github.com/jetstack/cert-manager): automatically generate TLS certificates, supports ACME v2.
-* [nginx-ingress](https://github.com/kubernetes/ingress-nginx): processes *Ingress* object and acts as a HTTP/HTTPS proxy (compatible with cert-manager).
-* [metrics-server](https://github.com/kubernetes-incubator/metrics-server): enable metrics API and horizontal pod scaling (HPA).
-* [prometheus-operator](https://github.com/coreos/prometheus-operator): Monitoring / Alerting / Dashboards.
-* [fluentd-cloudwatch](https://github.com/helm/charts/tree/master/incubator/fluentd-cloudwatch): forwards logs to AWS Cloudwatch.
-* [node-problem-detector](https://github.com/kubernetes/node-problem-detector): Forwards node problems to Kubernetes events
-* [flux](https://github.com/weaveworks/flux): Continuous Delivery with Gitops workflow.
-* [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets): Technology agnostic, store secrets on git.
-* [kong](https://konghq.com/kong): API Gateway ingress controller.
-* [keycloak](https://www.keycloak.org/) : Identity and access management
-
-## Kubernetes Manifests
-
-Kubernetes manifests are deployed with [`terraform-provider-kubectl`](https://github.com/gavinbunney/terraform-provider-kubectl)
-
-* [cni-metrics-helper](https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html): Provides cloudwatch metrics for VPC CNI plugins.
-
-## Operator
-
-Some project are transitioning to [Operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/). Istio is going to drop Helm support and is not compatible with Helm v3 so it has been removed and replaced with the [Istio operator](https://istio.io/blog/2019/introducing-istio-operator/)
-
-* [istio-operator](https://istio.io): Service mesh for Kubernetes.
-
-## IAM permissions
-
-Some addons require specific IAM permission. This can be done by either:
-
-* IRSA: [IAM role for service account](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/) which is the default and recommended way
-
-Addons that need IAM access have two variables:
-
-* `create_resources_irsa`: default to true and uses IAM role for service account
-
-There is no specific config, everything is taken care of by the module.
+The configuration is curated to be tightly integrated with AWS and EKS.
 
 ## Customization
 
 All the configuration is done in `eks-addons/terragrunt.hcl`.
 
 ```json
-{!terragrunt/live/demo/eu-west-3/clusters/full/eks-addons/terragrunt.hcl!}
+{!terragrunt/live/production/eu-west-1/clusters/demo/eks-addons!}
 ```
 
 ### Default charts values

docs/user-guides/eks.md

@@ -5,13 +5,14 @@
 EKS module is also [upstream](https://github.com/terraform-aws-modules/terraform-aws-eks) and allow to deploy an EKS cluster which supports:
 
 * managed node pools
-* launch configuration node pools
-* launch template node pools
+* self managed node groups using launch template
 
-tEKS uses launch template by default and use one node pool per availability zone.
+tEKS uses EKS managed node groups by default and use one node pool per availability zone.
 
 You can use any inputs from the upstream module to configure the cluster in `eks/terragrunt.hcl`.
 
+See all available feature [here](https://github.com/terraform-aws-modules/terraform-aws-eks#available-features)
+
 ```json
-{!terragrunt/live/demo/eu-west-3/clusters/full/eks/terragrunt.hcl!}
+{!terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl!}
 ```

docs/user-guides/vpc.md

@@ -6,5 +6,5 @@ To customize it. Modify the `vpc/terragrunt.hcl` file. You can use any inputs
 available in the upstream module.
 
 ```json
-{!terragrunt/live/demo/eu-west-3/clusters/full/vpc/terragrunt.hcl!}
+{!terragrunt/live/production/eu-west-1/clusters/demo/vpc!}
 ```