Release/24.11.0 (#63)

* feat: add NOTE for Cognito setup

* feat: integrate tpm

* feat: move tasks from github to tpm

* feat: update todo

* feat: update todo

* feat(pm): spill over to 24.11.0

* feat(aws): bump k8s to 1.31

* feat(aws): close 017

* feat: update README.md

* feat: update todo

* feat: v24.11.0

Author: VladyslavKurmaz

.tln.conf

@@ -113,8 +113,9 @@ const getTerraformOpts = (env) => {
   const i = env.TLN_CLOUDS_INIT?' --init':'';
   const p = env.TLN_CLOUDS_PLAN?' --plan':'';
   const a = env.TLN_CLOUDS_APPLY?' --apply':'';
-  const aa = env.TLN_CLOUDS_AUTO_APPROVE?' -auto-approve':'';
-  return `${i}${p}${a}${aa}`;
+  const aa = env.TLN_CLOUDS_AUTO_APPROVE?' --auto-approve':'';
+  const u = env.TLN_CLOUDS_UPGRADE?' --upgrade':'';
+  return `${i}${p}${a}${aa}${u}`;
 }
 
 const getConnectionOptions = (v, group, env) => {
@@ -216,11 +217,11 @@ sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh$
     { id: 'up', builder: async (tln, script) => {
         const opts = getTerraformOpts(script.env);
         script.set([`
-tln construct -- --backend cloud${opts} --layers provider --state project,provider
-tln construct -- --backend cloud${opts} --layers group --state project,provider,group
-tln construct -- --backend cloud${opts} --layers network,managed --state project,provider,group,env,layer
+#tln construct -- --backend cloud${opts} --layers provider --state project,provider
+#tln construct -- --backend cloud${opts} --layers group --state project,provider,group
+#tln construct -- --backend cloud${opts} --layers network,managed --state project,provider,group,env,layer
 ${script.env.TLN_CLOUDS_CI ? '#tln sshuttle -- --bastion \$(tln get-bastion) --deamon' : ''}
-tln construct -- --backend cloud${opts} --layers app --state project,provider,group,env,layer
+#tln construct -- --backend cloud${opts} --layers app --state project,provider,group,env,layer
         `].concat(
           (script.env.TF_VAR_tenant_id) ? [
             `tln construct -- --backend cloud${opts} --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}`
@@ -234,13 +235,13 @@ tln construct -- --backend cloud${opts} --layers app --state project,provider,gr
           `${script.env.TLN_CLOUDS_CI ? '#tln sshuttle -- --bastion \$(tln get-bastion) --deamon' : ''}`,
         ].concat((
           (script.env.TF_VAR_tenant_id) ? [
-            `tln deconstruct -- --backend cloud${opts} --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}`,
+            `#tln deconstruct -- --backend cloud${opts} --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}`,
           ]:[]
         )).concat([`
-tln deconstruct -- --backend cloud${opts} --layers app --state project,provider,group,env,layer
+#tln deconstruct -- --backend cloud${opts} --layers app --state project,provider,group,env,layer
 tln deconstruct -- --backend cloud${opts} --layers network,managed --state project,provider,group,env,layer
-tln deconstruct -- --backend cloud${opts} --layers group --state project,provider,group
-tln deconstruct -- --backend cloud${opts} --layers provider --state project,provider
+#tln deconstruct -- --backend cloud${opts} --layers group --state project,provider,group
+#tln deconstruct -- --backend cloud${opts} --layers provider --state project,provider
         `]
         ));
       }

.todo

@@ -0,0 +1,52 @@
+project:
+  id: tln-clouds
+  name: Talan Clouds
+  description: Cloud Agnostic IaC based SaaS skeleton
+
+team:
+  vlad.k:
+    email: vladislav.kurmaz@gmail.com
+    name: Vladyslav Kurmaz
+    fte: 1
+
+timeline:
+  - name: v24.11.1
+    date: 2024-11-15 12:00:00 GMT+0200
+  - name: v24.11.0
+    date: 2024-11-08 12:00:00 GMT+0200
+
+tasks: |
+  [-:020:v24.11.1] Ad shared component with bastion, cognito, dbs #aws @vlad.k
+  [-:019:v24.11.1] Move Cognito user pool, app, idp to shared area #aws @vlad.k
+  [-:018:v24.11.1] Add DB instance creation template at Tenant layer #aws @vlad.k
+  [+:017:v24.11.0] Pin version for cognito_pre_auth_function -> 7.13.0 #aws @vlad.k
+  [-:016:v24.11.1] Add construct/deconstruct into CI/CD @vlad.k
+  [+:015:v24.11.0] Bump versions #aws @vlad.k
+  [-:014] Add "coming-soon" AWS Amplify at group layer #aws @vlad.k
+  [-:013] Add template for db-per-tenant #aws @vlad.k
+  [-:012] Add node autoscaler #aws @vlad.k
+  [-:011] Add pod autoscaler #aws @vlad.k
+  [-:010] Add terraform refresh command @vlad.k
+  [-:009] Use provided region to access k8s cluster #aws #bug @vlad.k
+  [-:008] Troubleshoot Nginx X-Forwarded-* headers #aws [](srs/nlb) #bug @vlad.k
+  [-:007] Add parameters for maintenance window for RDS #aws @vlad.k
+  [-:006] Multiple domains at group layer #aws @vlad.k
+  [-:005] .gitsibtrees is not modified if git subtree pull is failed #bug @vlad.k
+  [-:004] Wait for k8s to destroy before VPC can be deleted #do @vlad.k
+  [-:003] Infrastructure skeleton #gcp @vlad.k
+    [-] Resource group, networks, bastion
+    [-] K8s
+  [-:002] Infrastructure skeleton #azure @vlad.k
+    [-] Resource group, networks, bastion
+    [-] K8s
+  [-:001] Bastion enhancement #do @vlad.k
+
+srs:
+  nlb: |
+    https://github.com/kubernetes/ingress-nginx/issues/5051
+    https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/#proxy-protocol-v2
+    https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol
+    https://www.scaleway.com/en/docs/tutorials/proxy-protocol-v2-load-balancer/?ref=martysweet.co.uk#configuring-proxy-protocol-for-ingress-nginx
+    https://www.martysweet.co.uk/aws-nlb-and-ip-preservation/
+    https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html
+    https://repost.aws/questions/QUuOlh5w61Tuij63OiAuMpOw/could-not-see-aws-lb-classic-x-forwarded-for-header

README.md

@@ -1,5 +1,5 @@
 # Description
-## Cloud agnostic IaC based SaaS skeleton.
+## Cloud Agnostic IaC based SaaS Skeleton.
 ![Infrastructure Instance](ii.png)
 
 ## Features

aws/.tln.conf

@@ -8,7 +8,7 @@ module.exports = {
   },
   dotenvs: async (tln) => { if (fs.existsSync('.env')) return ['.env']; else return [] },
   inherits: async (tln) => [],
-  depends: async (tln) => ['kubectl-1.30.2', 'helm-3.15.2', 'terraform-1.9.1', 'aws-cli-2.17.9'],
+  depends: async (tln) => ['kubectl-1.31.0', 'helm-3.16.2', 'terraform-1.9.8', 'aws-cli-2.19.1'],
   steps: async (tln) => [
     { id: 'ls-ec2', builder: async (tln, script) => {
         script.set(['aws ec2 describe-instances --output yaml --query "Reservations[*].Instances[*].{Instance:InstanceId}"']);

aws/app/.terraform.lock.hcl

@@ -1,6 +1,6 @@
 module "rds_pg_security_group" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "5.1.2"
+  version = "5.2.0"
 
   name   = "${module.shared.prefix_env}-pg-database-sg"
   vpc_id = data.aws_vpc.primary.id

aws/app/postgres.tf

@@ -1,22 +1,22 @@
 terraform {
-  required_version = "= 1.9.1"
+  required_version = "= 1.9.8"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.43.0"
+      version = "5.74.0"
     }
     postgresql = {
       source  = "cyrilgdn/postgresql"
-      version = "1.22.0"
+      version = "1.24.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.27.0"
+      version = "2.33.0"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "2.13.0"
+      version = "2.16.1"
     }
   }
 }