chore(deps): update terraform kubernetes to v3

terraform/cluster/aws-eks/additions/main.tf

@@ -8,7 +8,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.38.0"
+      version = "3.0.0"
     }
     aws = {
       source  = "hashicorp/aws"
@@ -35,7 +35,7 @@ data "aws_eks_cluster" "current" {
 
 # The system-dns namespace hosts DNS-related components
 # It provides isolation and security context for DNS services
-resource "kubernetes_namespace" "system_dns" {
+resource "kubernetes_namespace_v1" "system_dns" {
   metadata {
     name = "system-dns"
     labels = {
@@ -58,14 +58,28 @@ resource "kubernetes_namespace" "system_dns" {
 
 # The external-dns configmap provides configuration for the external-dns service
 # It contains AWS-specific settings and credentials
-resource "kubernetes_config_map" "external_dns" {
+resource "kubernetes_config_map_v1" "external_dns" {
   metadata {
     name      = "external-dns"
-    namespace = kubernetes_namespace.system_dns.metadata[0].name
+    namespace = kubernetes_namespace_v1.system_dns.metadata[0].name
   }
 
   data = {
     aws_region   = var.route53_region != null ? var.route53_region : data.aws_region.current.region
     txt_owner_id = local.cluster_name
   }
 }
+
+# =============================================================================
+# State migration blocks
+# =============================================================================
+
+moved {
+  from = kubernetes_namespace.system_dns
+  to   = kubernetes_namespace_v1.system_dns
+}
+
+moved {
+  from = kubernetes_config_map.external_dns
+  to   = kubernetes_config_map_v1.external_dns
+}

terraform/cluster/aws-eks/additions/test.tftest.hcl

@@ -30,22 +30,22 @@ run "minimal_configuration" {
   }
 
   assert {
-    condition     = kubernetes_namespace.system_dns.metadata[0].name == "system-dns"
+    condition     = kubernetes_namespace_v1.system_dns.metadata[0].name == "system-dns"
     error_message = "Namespace should be created with default name 'system-dns'"
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.metadata[0].name == "external-dns"
+    condition     = kubernetes_config_map_v1.external_dns.metadata[0].name == "external-dns"
     error_message = "ConfigMap should be created with name 'external-dns'"
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.data.aws_region == "us-west-2"
+    condition     = kubernetes_config_map_v1.external_dns.data.aws_region == "us-west-2"
     error_message = "ConfigMap should have correct AWS region"
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.data.txt_owner_id == "cluster-test"
+    condition     = kubernetes_config_map_v1.external_dns.data.txt_owner_id == "cluster-test"
     error_message = "ConfigMap should have correct txt owner ID"
   }
 }
@@ -61,17 +61,17 @@ run "full_configuration" {
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.metadata[0].name == "external-dns"
+    condition     = kubernetes_config_map_v1.external_dns.metadata[0].name == "external-dns"
     error_message = "ConfigMap should be created with name 'external-dns'"
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.data.aws_region == "us-east-1"
+    condition     = kubernetes_config_map_v1.external_dns.data.aws_region == "us-east-1"
     error_message = "ConfigMap should use provided AWS region"
   }
 
   assert {
-    condition     = kubernetes_config_map.external_dns.data.txt_owner_id == "custom-cluster"
+    condition     = kubernetes_config_map_v1.external_dns.data.txt_owner_id == "custom-cluster"
     error_message = "ConfigMap should have correct txt owner ID"
   }
 }

terraform/gitops/flux/main.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.38.0"
+      version = "3.0.0"
     }
     helm = {
       source  = "hashicorp/helm"
@@ -20,7 +20,7 @@ terraform {
 # Set up Flux
 #-----------------------------------------------------------------------------------------------------------------------
 
-resource "kubernetes_namespace" "flux_system" {
+resource "kubernetes_namespace_v1" "flux_system" {
   metadata {
     name = var.flux_namespace
     labels = {
@@ -41,7 +41,7 @@ resource "helm_release" "flux_system" {
   chart            = "flux2"
   name             = "flux2"
   version          = var.flux_helm_version
-  namespace        = kubernetes_namespace.flux_system.metadata[0].name
+  namespace        = kubernetes_namespace_v1.flux_system.metadata[0].name
   create_namespace = false
   wait             = true
   values = [yamlencode({
@@ -91,10 +91,10 @@ locals {
   known_hosts_content = "${var.ssh_known_hosts}\n${local.known_hosts.github}"
 }
 
-resource "kubernetes_secret" "git_auth" {
+resource "kubernetes_secret_v1" "git_auth" {
   metadata {
     name      = var.git_auth_secret
-    namespace = kubernetes_namespace.flux_system.metadata[0].name
+    namespace = kubernetes_namespace_v1.flux_system.metadata[0].name
   }
 
   data = var.ssh_public_key != "" ? {
@@ -112,13 +112,32 @@ resource "kubernetes_secret" "git_auth" {
 # Set up webhook token
 #-----------------------------------------------------------------------------------------------------------------------
 
-resource "kubernetes_secret" "webhook_token" {
+resource "kubernetes_secret_v1" "webhook_token" {
   metadata {
     name      = "webhook-token"
-    namespace = kubernetes_namespace.flux_system.metadata[0].name
+    namespace = kubernetes_namespace_v1.flux_system.metadata[0].name
   }
 
   data = {
     token = var.webhook_token
   }
 }
+
+#-----------------------------------------------------------------------------------------------------------------------
+# State migration blocks
+#-----------------------------------------------------------------------------------------------------------------------
+
+moved {
+  from = kubernetes_namespace.flux_system
+  to   = kubernetes_namespace_v1.flux_system
+}
+
+moved {
+  from = kubernetes_secret.git_auth
+  to   = kubernetes_secret_v1.git_auth
+}
+
+moved {
+  from = kubernetes_secret.webhook_token
+  to   = kubernetes_secret_v1.webhook_token
+}

terraform/gitops/flux/test.tftest.hcl

@@ -11,22 +11,22 @@ run "minimal_configuration" {
   }
 
   assert {
-    condition     = kubernetes_namespace.flux_system.metadata[0].name == "system-gitops"
+    condition     = kubernetes_namespace_v1.flux_system.metadata[0].name == "system-gitops"
     error_message = "Flux namespace should default to 'system-gitops'"
   }
 
   assert {
-    condition     = kubernetes_secret.git_auth.metadata[0].name == "flux-system"
+    condition     = kubernetes_secret_v1.git_auth.metadata[0].name == "flux-system"
     error_message = "Git auth secret name should default to 'flux-system'"
   }
 
   assert {
-    condition     = kubernetes_secret.git_auth.metadata[0].namespace == "system-gitops"
+    condition     = kubernetes_secret_v1.git_auth.metadata[0].namespace == "system-gitops"
     error_message = "Git auth secret should be in the Flux namespace"
   }
 
   assert {
-    condition     = kubernetes_secret.webhook_token.metadata[0].namespace == "system-gitops"
+    condition     = kubernetes_secret_v1.webhook_token.metadata[0].namespace == "system-gitops"
     error_message = "Webhook token secret should be in the Flux namespace"
   }
 }
@@ -50,7 +50,7 @@ run "full_configuration" {
   }
 
   assert {
-    condition     = kubernetes_namespace.flux_system.metadata[0].name == "custom-gitops"
+    condition     = kubernetes_namespace_v1.flux_system.metadata[0].name == "custom-gitops"
     error_message = "Flux namespace should match input"
   }
 
@@ -60,17 +60,17 @@ run "full_configuration" {
   }
 
   assert {
-    condition     = kubernetes_secret.git_auth.metadata[0].name == "custom-auth"
+    condition     = kubernetes_secret_v1.git_auth.metadata[0].name == "custom-auth"
     error_message = "Git auth secret name should match input"
   }
 
   assert {
-    condition     = kubernetes_secret.git_auth.metadata[0].namespace == "custom-gitops"
+    condition     = kubernetes_secret_v1.git_auth.metadata[0].namespace == "custom-gitops"
     error_message = "Git auth secret should be in the custom namespace"
   }
 
   assert {
-    condition     = kubernetes_secret.webhook_token.metadata[0].namespace == "custom-gitops"
+    condition     = kubernetes_secret_v1.webhook_token.metadata[0].namespace == "custom-gitops"
     error_message = "Webhook token secret should be in the custom namespace"
   }
 }
@@ -88,12 +88,12 @@ run "no_secrets" {
   }
 
   assert {
-    condition     = kubernetes_secret.git_auth.data != null
+    condition     = kubernetes_secret_v1.git_auth.data != null
     error_message = "Git auth secret data should be present (even if empty)"
   }
 
   assert {
-    condition     = kubernetes_secret.webhook_token.data != null
+    condition     = kubernetes_secret_v1.webhook_token.data != null
     error_message = "Webhook token secret data should be present (even if empty)"
   }
 }