Remove EKS service and update broker version

.docker/zscaler_cert.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
+FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw
+FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA
+enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK
+b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j
+LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw
+b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr
+fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7
+LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf
+5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz
+z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM
+dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M
+hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf
+oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
+A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM
+WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG
+9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+
+RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P
+/WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u
+kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2
+xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S
+pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd
+-----END CERTIFICATE-----

.github/workflows/apply.yml

@@ -26,23 +26,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform apply (staging)
-        uses: dflook/terraform-apply@v1
+      - name: OpenTofu apply (staging)
+        uses: dflook/tofu-apply@v1
         with:
           path: .
           label: staging
@@ -75,23 +68,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform apply (production)
-        uses: dflook/terraform-apply@v1
+      - name: OpenTofu apply (production)
+        uses: dflook/tofu-apply@v1
         with:
           path: .
           label: production

.github/workflows/commit.yml

@@ -10,7 +10,7 @@ env:
   REGION: "${{ secrets.REGION }}"
   KEY: "ssb-tfstate"
   ENCRYPT: "true"
-  
+
 jobs:
   test:
     name: test format and validity
@@ -19,13 +19,13 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: terraform fmt
-        uses: dflook/terraform-fmt-check@v1
+      - name: OpenTofu fmt
+        uses: dflook/tofu-fmt-check@v1
         with:
           path: .
 
-      - name: terraform validate
-        uses: dflook/terraform-validate@v1
+      - name: OpenTofu validate
+        uses: dflook/tofu-validate@v1
         with:
           path: .
 
@@ -40,24 +40,17 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
 
-      - name: terraform apply (development)
-        uses: dflook/terraform-apply@v1
+      - name: OpenTofu apply (development)
+        uses: dflook/tofu-apply@v1
         with:
           path: .
           label: development

.github/workflows/disable-egress.yml

@@ -9,7 +9,6 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
-          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/enable-egress.yml

@@ -9,7 +9,6 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
-          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/plan.yml

@@ -24,23 +24,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform plan (staging)
-        uses: dflook/terraform-plan@v1
+      - name: OpenTofu plan (staging)
+        uses: dflook/tofu-plan@v1
         with:
           path: .
           label: staging
@@ -53,6 +46,7 @@ jobs:
             encrypt=${{ env.ENCRYPT }},
             access_key=${{ env.AWS_ACCESS_KEY_ID }},
             secret_key=${{ env.AWS_SECRET_ACCESS_KEY }}
+
   plan-production:
     name: plan (production)
     runs-on: ubuntu-latest
@@ -63,23 +57,16 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
-      TERRAFORM_PRE_RUN: |
-          ./install-tools.sh
-          cp helm /usr/local/bin/
-          cp kubectl /usr/local/bin/
-          cp aws-iam-authenticator /usr/local/bin/
-          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-eks.sh
-          ./app-setup-solrcloud.sh
+          ./app-setup-solr.sh
           ./app-setup-smtp.sh
-      - name: terraform plan (production)
-        uses: dflook/terraform-plan@v1
+      - name: OpenTofu plan (production)
+        uses: dflook/tofu-plan@v1
         with:
           path: .
           label: production

Dockerfile

@@ -1,14 +1,24 @@
-FROM hashicorp/terraform:1.1.5 as upstream
+FROM alpine:3.20 AS tofu
 
-FROM alpine/k8s:1.20.7
+ADD install-opentofu.sh /install-opentofu.sh
+RUN chmod +x /install-opentofu.sh
+RUN apk add gpg gpg-agent
+RUN ./install-opentofu.sh --install-method standalone --install-path / --symlink-path -
 
-COPY --from=upstream /bin/terraform /bin/terraform
+## This is your stage:
 
-RUN apk update
-RUN apk upgrade
-# Install git so we can use it to grab Terraform modules
-RUN apk add --update git
+# Github actions runs on Ubuntu-latest, use the same thing here
+FROM ubuntu:24.04
+COPY --from=tofu /tofu /bin/tofu
+
+# Install the ca-certificate package and git
+RUN apt-get update && apt-get install -y ca-certificates git
+
+# Add the zscaler certificate to the trusted certs
+# GSA man-in-the-middles SSL with this root certificate
+COPY .docker/zscaler_cert.pem /usr/local/share/ca-certificates/zscaler.crt
+RUN update-ca-certificates
 
 WORKDIR /bin
-ENTRYPOINT ["/bin/terraform"]
+ENTRYPOINT ["/bin/tofu"]
 CMD ["help"]

README.md

@@ -6,7 +6,7 @@ What a service instance represents can vary by service, for example a single dat
 
 The SSB can also be used from the command-line with [`eden`](https://github.com/starkandwayne/eden), or integrated into other platforms that make use of the [OSBAPI](https://www.openservicebrokerapi.org).
 
-The SSB currently provides [SMTP](https://github.com/GSA/datagov-brokerpak-smtp), [Solr](https://github.com/GSA/datagov-brokerpak), and [(limited) Kubernetes](https://github.com/GSA/eks-brokerpak) services.
+The SSB currently provides [SMTP](https://github.com/GSA/datagov-brokerpak-smtp) and [Solr](https://github.com/GSA/datagov-brokerpak) services.
 
 Services are defined in a
 [brokerpaks](https://github.com/pivotal/cloud-service-broker/blob/master/docs/brokerpak-intro.md),
@@ -63,7 +63,6 @@ github_release and github_actions_secret in the github_provider!) -->
    into the respective `/app` directories.
 
     ```bash
-    ./app-setup-eks.sh
     ./app-setup-smtp.sh
     ./app-setup-solrcloud.sh
     ```

app-setup-smtp.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -ex
 
-CSB_VERSION="v0.10.0"
+CSB_VERSION="v2.5.3"
 SMTP_BROKERPAK_VERSION="v1.1.3"
 
 # Set up an app dir and bin dir