Add changes for v4.32.0 to sandbox (#12066)

# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-11-06 08:55:24 +00:00 · 2023-05-31 14:12:11 -04:00 · 2023-05-31 14:12:11 -04:00 · 5058e79879
commit 5058e79879
parent d18db8f9ee
8 changed files with 20 additions and 4 deletions
--- a/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf
+++ b/infrastructure/sandbox/JITProvisioner/jitprovisioner.tf
@ -206,7 +206,7 @@ resource "random_uuid" "jitprovisioner" {

 # Use the local to make the trigger work.
 locals {
-  fleet_tag = "v4.31.0"
+  fleet_tag = "v4.32.0"
 }

 resource "null_resource" "standard-query-library" {
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml
@ -58,6 +58,8 @@ spec:
            value: "1"
          - name: FLEET_LICENSE_ENFORCE_HOST_LIMIT
            value: "true"
+          - name: FLEET_LICENSE
+            value: "{{ .Values.fleet.licenseKey }}"
          - name: FLEET_VULNERABILITIES_DATABASES_PATH
            value: /tmp/vuln
          {{- if ne .Values.packaging.enrollSecret "" }}
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/values.yaml
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/values.yaml
@ -54,6 +54,7 @@ fleet:
  listenPort: 8080
  # Name of the Secret resource storing TLS and S3 bucket secrets
  secretName: fleet
+  licenseKey: ""
  # Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
  autoApplySQLMigrations: true
  tls:
--- a/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf
+++ b/infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf
@ -55,6 +55,7 @@ variable "oidc_provider_arn" {}
 variable "oidc_provider" {}
 variable "kms_key_arn" {}
 variable "ecr_url" {}
+variable "license_key" {}

 resource "mysql_user" "main" {
  user               = terraform.workspace
@ -162,7 +163,7 @@ resource "helm_release" "main" {

  set {
    name  = "imageTag"
-    value = "v4.31.0"
+    value = "v4.32.0"
  }

  set {
@ -194,6 +195,11 @@ resource "helm_release" "main" {
    name  = "crons.vulnerabilities"
    value = "${random_integer.cron_offset.result}\\,${random_integer.cron_offset.result + 15}\\,${random_integer.cron_offset.result + 30}\\,${random_integer.cron_offset.result + 45} * * * *"
  }
+
+  set {
+    name  = "fleet.license_key"
+    value = var.license_key
+  }
 }

 data "aws_iam_policy_document" "main" {
--- a/infrastructure/sandbox/PreProvisioner/main.tf
+++ b/infrastructure/sandbox/PreProvisioner/main.tf
@ -295,6 +295,10 @@ resource "aws_ecs_task_definition" "main" {
            name  = "TF_VAR_ecr_url"
            value = var.ecr.repository_url
          },
+          {
+            name  = "TF_VAR_license_key"
+            value = var.license_key
+          },
        ]),
        secrets = concat([
          {
--- a/infrastructure/sandbox/PreProvisioner/variables.tf
+++ b/infrastructure/sandbox/PreProvisioner/variables.tf
@ -12,3 +12,4 @@ variable "installer_bucket" {}
 variable "oidc_provider_arn" {}
 variable "oidc_provider" {}
 variable "ecr" {}
+variable "license_key" {}
--- a/infrastructure/sandbox/SharedInfrastructure/eks.tf
+++ b/infrastructure/sandbox/SharedInfrastructure/eks.tf
@ -103,8 +103,8 @@ module "aws-eks-accelerator-for-terraform" {
      node_group_name = "managed-ondemand"
      instance_types  = ["t3.medium"]
      subnet_ids      = var.vpc.private_subnets
-      max_size        = 15
-      min_size        = 15
+      max_size        = 20
+      min_size        = 20
    }
  }

--- a/infrastructure/sandbox/main.tf
+++ b/infrastructure/sandbox/main.tf
@ -194,6 +194,7 @@ module "pre-provisioner" {
  oidc_provider_arn = module.shared-infrastructure.oidc_provider_arn
  oidc_provider     = module.shared-infrastructure.oidc_provider
  ecr               = module.shared-infrastructure.ecr
+  license_key       = var.license_key
 }

 module "jit-provisioner" {
@ -291,3 +292,4 @@ resource "aws_ecs_cluster" "main" {
 }

 variable "slack_webhook" {}
+variable "license_key" {}