controlplaneio
diff --git a/‎.github/workflows/build.yaml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/build.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/release.yaml‎
Lines changed: 14 additions & 14 deletions b/‎.github/workflows/release.yaml‎
Lines changed: 14 additions & 14 deletions
diff --git a/‎cmd/netassert/cli/ping.go‎
Lines changed: 11 additions & 10 deletions b/‎cmd/netassert/cli/ping.go‎
Lines changed: 11 additions & 10 deletions
diff --git a/‎cmd/netassert/cli/run.go‎
Lines changed: 1 addition & 1 deletion b/‎cmd/netassert/cli/run.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎e2e/clusters/aws-eks-terraform-module/eks.tf‎
Lines changed: 27 additions & 20 deletions b/‎e2e/clusters/aws-eks-terraform-module/eks.tf‎
Lines changed: 27 additions & 20 deletions
diff --git a/‎e2e/clusters/aws-eks-terraform-module/variables.tf‎
Lines changed: 5 additions & 2 deletions b/‎e2e/clusters/aws-eks-terraform-module/variables.tf‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎e2e/clusters/aws-eks-terraform-module/vpc.tf‎
Lines changed: 2 additions & 0 deletions b/‎e2e/clusters/aws-eks-terraform-module/vpc.tf‎
Lines changed: 2 additions & 0 deletions
@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Run golangci-lint
-        uses: reviewdog/action-golangci-lint@v2
+        uses: reviewdog/action-golangci-lint@f9bba13753278f6a73b27a56a3ffb1bfda90ed71 # v2
         with:
           go_version: "1.25.4"
           fail_level: "none"
@@ -26,10 +26,10 @@ jobs:
     needs: lint
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3
         with:
           go-version: '1.25.4'
 
 
@@ -24,17 +24,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3
         with:
           go-version: '1.25.4'
 
-      - uses: anchore/sbom-action/download-syft@v0.20.6
+      - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4
         with:
           distribution: goreleaser
           args: release --clean
@@ -46,7 +46,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
 
       # - name: Extract metadata (tags, labels) for Docker
       #   id: meta
@@ -55,13 +55,13 @@ jobs:
       #     images: ${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@v3
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
 
       - name: Log in to the GitHub Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
@@ -71,14 +71,14 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push
         id: buildpush
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           platforms: linux/amd64,linux/arm64
           sbom: true
@@ -106,13 +106,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
 
       - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
 
       - name: Setup yq
-        uses: mikefarah/yq@v4
+        uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4
 
       - name: Log in to GitHub Container Registry
         run: |
@@ -130,4 +130,4 @@ jobs:
       - name: Push Helm chart to GHCR
         run: |
           CLEAN_VERSION=$(echo "$RELEASE_VERSION" | sed 's/^v//')
-          helm push "./netassert-${CLEAN_VERSION}.tgz" oci://ghcr.io/${{ github.repository_owner }}/charts
+          helm push "./netassert-${CLEAN_VERSION}.tgz" oci://ghcr.io/${{ github.repository_owner }}/charts
@@ -6,8 +6,10 @@ import (
 	"os"
 	"time"
 
+	"github.com/hashicorp/go-hclog"
 	"github.com/spf13/cobra"
 
+	"github.com/controlplaneio/netassert/v2/internal/kubeops"
 	"github.com/controlplaneio/netassert/v2/internal/logger"
 )
 
@@ -31,21 +33,20 @@ var pingCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		ctx, cancel := context.WithTimeout(context.Background(), pingCmdCfg.PingTimeout)
 		defer cancel()
-		ping(ctx)
+		lg := logger.NewHCLogger("info", fmt.Sprintf("%s-%s", appName, version), os.Stdout)
+		k8sSvc, err := createService(pingCmdCfg.KubeConfig, lg)
+
+		if err != nil {
+			lg.Error("Ping failed, unable to build K8s Client", "error", err)
+			os.Exit(1)
+		}
+		ping(ctx, lg, k8sSvc)
 	},
 	Version: rootCmd.Version,
 }
 
 // checkEphemeralContainerSupport checks to see if ephemeral containers are supported by the K8s server
-func ping(ctx context.Context) {
-	lg := logger.NewHCLogger("info", fmt.Sprintf("%s-%s", appName, version), os.Stdout)
-
-	k8sSvc, err := createService(pingCmdCfg.KubeConfig, lg)
-
-	if err != nil {
-		lg.Error("Ping failed, unable to build K8s Client", "error", err)
-		os.Exit(1)
-	}
+func ping(ctx context.Context, lg hclog.Logger, k8sSvc *kubeops.Service) {
 
 	if err := k8sSvc.PingHealthEndpoint(ctx, apiServerHealthEndpoint); err != nil {
 		lg.Error("Ping failed", "error", err)
 
@@ -82,7 +82,7 @@ func runTests(lg hclog.Logger) error {
 
 	// ping the kubernetes cluster and check to see if
 	// it is alive and that it has support for ephemeral container(s)
-	ping(ctx)
+	ping(ctx, lg, k8sSvc)
 
 	// initialise our test runner
 	testRunner := engine.New(k8sSvc, lg)
 
@@ -8,45 +8,43 @@ data "aws_availability_zones" "available" {}
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.0"
-
+  version = "~> 20.0"
+  #version = "~> 19"
+  
 
   cluster_name    = var.cluster_name
   cluster_version = var.cluster_version
 
   vpc_id                         = module.vpc.vpc_id
   subnet_ids                     = module.vpc.private_subnets
   cluster_endpoint_public_access = true
-
-  eks_managed_node_group_defaults = {
-    ami_type = "AL2_x86_64"
+  enable_cluster_creator_admin_permissions = true
+
+  cluster_addons = {
+    vpc-cni = {
+      before_compute = true
+      most_recent    = true
+      configuration_values = jsonencode({
+        #resolve_conflicts_on_update = "OVERWRITE"
+        enableNetworkPolicy = var.enable_vpc_network_policies ? "true" : "false"
+      })
+    }
   }
 
   eks_managed_node_groups = {
-
-    one = {
+    example = {
       name = "${var.node_group_name}1"
 
+      # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
+      ami_type       = "AL2023_x86_64_STANDARD"
       instance_types = ["t3.medium"]
 
       min_size     = 0
       max_size     = 3
       desired_size = var.desired_size
     }
-
-    two = {
-      name = "${var.node_group_name}2"
-
-      instance_types = ["m5.large"]
-
-      min_size     = 0
-      max_size     = 3
-      desired_size = var.desired_size
-    }
-
   }
 
-
   # Extend node-to-node security group rules
   node_security_group_additional_rules = {
     ingress_self_all = {
@@ -57,10 +55,19 @@ module "eks" {
       type        = "ingress"
       self        = true
     }
+    
+    egress_all = {
+      description      = "Node all egress"
+      protocol         = "-1"
+      from_port        = 0
+      to_port          = 0
+      type             = "egress"
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+    }
   }
 }
 
-
 resource "null_resource" "generate_kubeconfig" {
   depends_on = [module.eks]
 
 
@@ -19,16 +19,19 @@ variable "kubeconfig_file" {
   default     = ".kubeconfig"
 }
 
-
 variable "desired_size" {
   type        = number
   description = "desired size of the worker node pool"
   default     = 0
 }
 
-
 variable "node_group_name" {
   type        = string
   description = "prefix of the node group"
   default     = "group"
 }
+
+variable "enable_vpc_network_policies" {
+  type        = bool
+  description = "enable or disable vpc network policies"
+}
@@ -3,6 +3,7 @@ module "vpc" {
 
   // set VPC name same as the EKS cluster name
   name = var.cluster_name
+  version = "~> 5.0"
 
   cidr = "10.0.0.0/16"
   azs  = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -13,6 +14,7 @@ module "vpc" {
   enable_nat_gateway   = true
   single_nat_gateway   = true
   enable_dns_hostnames = true
+  enable_dns_support   = true
 
   public_subnet_tags = {
     "kubernetes.io/cluster/${var.cluster_name}" = "shared"