From a14019b896885d1cd24e6851401761b4a9f97bfb Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 13:58:40 +0200 Subject: [PATCH 01/54] CM-27 - Add basic K8S-modules --- modules/kubernetes/configmap/main.tf | 23 +++ modules/kubernetes/configmap/outputs.tf | 3 + modules/kubernetes/configmap/variables.tf | 14 ++ .../deployment_with_service/main.tf | 142 ++++++++++++++++++ .../deployment_with_service/outputs.tf | 7 + .../deployment_with_service/variables.tf | 76 ++++++++++ modules/kubernetes/ingress/main.tf | 36 +++++ modules/kubernetes/ingress/outputs.tf | 0 modules/kubernetes/ingress/variables.tf | 28 ++++ modules/kubernetes/secret/main.tf | 23 +++ modules/kubernetes/secret/outputs.tf | 3 + modules/kubernetes/secret/variables.tf | 14 ++ 12 files changed, 369 insertions(+) create mode 100644 modules/kubernetes/configmap/main.tf create mode 100644 modules/kubernetes/configmap/outputs.tf create mode 100644 modules/kubernetes/configmap/variables.tf create mode 100644 modules/kubernetes/deployment_with_service/main.tf create mode 100644 modules/kubernetes/deployment_with_service/outputs.tf create mode 100644 modules/kubernetes/deployment_with_service/variables.tf create mode 100644 modules/kubernetes/ingress/main.tf create mode 100644 modules/kubernetes/ingress/outputs.tf create mode 100644 modules/kubernetes/ingress/variables.tf create mode 100644 modules/kubernetes/secret/main.tf create mode 100644 modules/kubernetes/secret/outputs.tf create mode 100644 modules/kubernetes/secret/variables.tf diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf new file mode 100644 index 00000000..714000c7 --- /dev/null +++ b/modules/kubernetes/configmap/main.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_config_map_v1" "config" { + metadata { + name = var.name + namespace = var.namespace + } + + data = var.data +} diff --git a/modules/kubernetes/configmap/outputs.tf b/modules/kubernetes/configmap/outputs.tf new file mode 100644 index 00000000..a519dd1f --- /dev/null +++ b/modules/kubernetes/configmap/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = kubernetes_config_map_v1.config.metadata.0.name +} diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf new file mode 100644 index 00000000..5187ec1d --- /dev/null +++ b/modules/kubernetes/configmap/variables.tf @@ -0,0 +1,14 @@ +variable "namespace" { + type = string + description = "The namespace to deploy the configmap to" +} + +variable "name" { + type = string + description = "The name of the configmap" +} + +variable "data" { + type = map(string) + description = "The data to store in the configmap" +} diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf new file mode 100644 index 00000000..385264ae --- /dev/null +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -0,0 +1,142 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_deployment_v1" "deployment" { + metadata { + name = var.name + namespace = var.namespace + labels = { + app = var.name + } + } + + spec { + replicas = var.replicas + + selector { + match_labels = { + app = var.name + } + } + + template { + metadata { + labels = { + "io.kompose.service" = var.name + app = var.name + } + } + + spec { + container { + image = var.docker_image + image_pull_policy = "Always" + name = var.name + + resources { + limits = { + cpu = var.cpu_limit + memory = var.memory_limit + } + requests = { + cpu = var.cpu_request + memory = var.memory_request + } + } + + dynamic "readiness_probe" { + for_each = var.readiness_probe ? [1] : [] + + content { + http_get { + path = readiness_probe.value.path + port = readiness_probe.value.port + scheme = "HTTP" + } + + initial_delay_seconds = 10 + period_seconds = 10 + failure_threshold = 3 + timeout_seconds = 5 + } + } + + dynamic "liveness_probe" { + for_each = var.liveness_probe ? [1] : [] + + content { + http_get { + path = liveness_probe.value.path + port = liveness_probe.value.port + scheme = "HTTP" + } + + initial_delay_seconds = 10 + period_seconds = 10 + failure_threshold = 3 + timeout_seconds = 5 + } + } + } + + restart_policy = "Always" + } + } + } +} + +resource "kubernetes_service_v1" "service" { + metadata { + name = var.name + namespace = var.namespace + } + + spec { + selector = { + app = kubernetes_deployment_v1.deployment.metadata[0].name + } + + port { + port = var.container_port + target_port = var.target_port + } + + type = "ClusterIP" + } +} + +resource "kubernetes_manifest" "http-scaler" { + count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + + manifest = { + kind = "HTTPScaledObject" + apiVersion = "http.keda.sh/v1alpha1" + metadata = { + name = var.name + } + spec = { + host = var.scaler.host + scaleTargetRef = { + deployment = var.name + service = var.name + port = var.container_port + } + replicas = { + min = var.scaler.replicas.min + max = var.scaler.replicas.max + } + } + } +} diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf new file mode 100644 index 00000000..968a81dd --- /dev/null +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -0,0 +1,7 @@ +output "service_name" { + value = kubernetes_deployment_v1.deployment.metadata.0.name +} + +output "deployment_name" { + value = kubernetes_deployment_v1.deployment.metadata.0.name +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf new file mode 100644 index 00000000..b06a9018 --- /dev/null +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -0,0 +1,76 @@ +variable "name" { + type = string + description = "The name of the application" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the application to" +} + +variable "replicas" { + type = number + description = "The number of replicas to deploy" +} + +variable "docker_image" { + type = string + description = "The docker image to deploy" +} + +variable "cpu_request" { + type = string + description = "The CPU request for the application" +} + +variable "cpu_limit" { + type = string + description = "The CPU limit for the application" +} + +variable "memory_request" { + type = string + description = "The memory request for the application" +} + +variable "memory_limit" { + type = string + description = "The memory limit for the application" +} + +variable "container_port" { + type = number + description = "The port the container listens on" +} + +variable "target_port" { + type = number + description = "The port the service forwards to" +} + +variable "readiness_probe" { + type = optional(object({ + path = string + port = number + })) + description = "The readiness probe for the application" + default = null +} + +variable "liveness_probe" { + type = optional(object({ + path = string + port = number + })) + description = "The liveness probe for the application" + default = null +} + +variable "scaler" { + type = optional(object({ + type = string + min_replicas = number + max_replicas = number + })) + default = null +} diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf new file mode 100644 index 00000000..8193ba67 --- /dev/null +++ b/modules/kubernetes/ingress/main.tf @@ -0,0 +1,36 @@ +resource "kubernetes_ingress_v1" "ingress" { + metadata { + name = var.name + namespace = var.namespace + annotations = var.annotations + } + + spec { + dynamic "rule" { + for_each = var.rules + + content { + host = rule.value.host + http { + path { + backend { + service { + name = rule.value.service + port { + number = rule.value.port + } + } + } + + path = rule.value.path + } + } + } + } + + tls { + secret_name = "tls-secret-${var.name}" + hosts = flatten([for rule in var.rules : rule.host]) + } + } +} diff --git a/modules/kubernetes/ingress/outputs.tf b/modules/kubernetes/ingress/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf new file mode 100644 index 00000000..da463588 --- /dev/null +++ b/modules/kubernetes/ingress/variables.tf @@ -0,0 +1,28 @@ +variable "name" { + type = string + description = "The name of the ingress" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the application to" +} + +variable "annotations" { + type = map(string) + description = "Annotations for the ingress" + default = {} +} + +variable "rules" { + type = list(object({ + host = string + paths = list(object({ + service = string + port = number + path = string + })) + })) + description = "The rules for the ingress" + default = [] +} diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf new file mode 100644 index 00000000..9665b438 --- /dev/null +++ b/modules/kubernetes/secret/main.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_secret_v1" "secret" { + metadata { + name = var.name + namespace = var.namespace + } + + data = var.data +} diff --git a/modules/kubernetes/secret/outputs.tf b/modules/kubernetes/secret/outputs.tf new file mode 100644 index 00000000..c631ea81 --- /dev/null +++ b/modules/kubernetes/secret/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = kubernetes_secret_v1.secret.metadata.0.name +} diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf new file mode 100644 index 00000000..987f9295 --- /dev/null +++ b/modules/kubernetes/secret/variables.tf @@ -0,0 +1,14 @@ +variable "namespace" { + type = string + description = "The namespace to deploy the secret to" +} + +variable "name" { + type = string + description = "The name of the secret" +} + +variable "data" { + type = map(string) + description = "The data to store in the secret" +} From 123c7f30ea811eeb340e2b4570b2511d14d1a47a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:08:27 +0200 Subject: [PATCH 02/54] CM-27 - Remove optional types --- .../kubernetes/deployment_with_service/variables.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index b06a9018..f3a6a640 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -49,28 +49,28 @@ variable "target_port" { } variable "readiness_probe" { - type = optional(object({ + type = object({ path = string port = number - })) + }) description = "The readiness probe for the application" default = null } variable "liveness_probe" { - type = optional(object({ + type = object({ path = string port = number - })) + }) description = "The liveness probe for the application" default = null } variable "scaler" { - type = optional(object({ + type = object({ type = string min_replicas = number max_replicas = number - })) + }) default = null } From 515c6a135dd34845f9f317b775a751f0f32f2710 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:18:26 +0200 Subject: [PATCH 03/54] CM-27 - Change replica type specification and add Dependabot definition --- .github/dependabot.yml | 20 +++++++++++++++++++ .../deployment_with_service/variables.tf | 6 ++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 83267903..d2a15796 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -501,3 +501,23 @@ updates: directory: "/modules/other/password_generator" schedule: interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/configmap" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/deployment_with_service" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/ingress" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/secret" + schedule: + interval: "daily" diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index f3a6a640..e185bcec 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -69,8 +69,10 @@ variable "liveness_probe" { variable "scaler" { type = object({ type = string - min_replicas = number - max_replicas = number + replicas = object({ + min = number + max = number + }) }) default = null } From 4ec666311c835b26b58b4df823e3b688e6e76d2b Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:19:30 +0200 Subject: [PATCH 04/54] CM-27 - Lint --- modules/kubernetes/deployment_with_service/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index e185bcec..af08aff3 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -68,7 +68,7 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string + type = string replicas = object({ min = number max = number From 90ffac91d6712f8ae93cdbf3c3b06f69bd7196bd Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:26:58 +0200 Subject: [PATCH 05/54] CM-27 - Add host property --- modules/kubernetes/deployment_with_service/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index af08aff3..4dbb3441 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -69,6 +69,7 @@ variable "liveness_probe" { variable "scaler" { type = object({ type = string + host = string replicas = object({ min = number max = number From a27b26abff2207a35a1c1bc5ba13ec8c3d724855 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:52:58 +0200 Subject: [PATCH 06/54] CM-27 - Add public Postgresql server --- .github/dependabot.yml | 5 + modules/azure/postgresql_public/main.tf | 115 +++++++++++++++++++ modules/azure/postgresql_public/outputs.tf | 16 +++ modules/azure/postgresql_public/variables.tf | 62 ++++++++++ 4 files changed, 198 insertions(+) create mode 100644 modules/azure/postgresql_public/main.tf create mode 100644 modules/azure/postgresql_public/outputs.tf create mode 100644 modules/azure/postgresql_public/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d2a15796..2ec46870 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -342,6 +342,11 @@ updates: schedule: interval: "daily" + - package-ecosystem: "terraform" + directory: "/modules/azure/postgresql_public" + schedule: + interval: "daily" + - package-ecosystem: "terraform" directory: "/modules/azure/private_dns_zone" schedule: diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf new file mode 100644 index 00000000..cecb4fd9 --- /dev/null +++ b/modules/azure/postgresql_public/main.tf @@ -0,0 +1,115 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "random_password" "postgresql_admin" { + length = 16 + special = false + override_special = "_%@" + keepers = var.password_keeper +} + +resource "azurerm_postgresql_flexible_server" "postgresql_server" { + name = var.name + location = var.location + resource_group_name = var.resource_group_name + + sku_name = var.postgresql_sku_name + + storage_mb = var.postgresql_db_size + backup_retention_days = 30 + + administrator_login = var.admin_username + administrator_password = random_password.postgresql_admin.result + version = var.postgresql_version + zone = "1" + + maintenance_window { + day_of_week = 1 # Monday + start_hour = 2 + start_minute = 0 + } + + lifecycle { + prevent_destroy = true + } +} + +resource "azurerm_postgresql_flexible_server_database" "postgresql_database" { + name = var.postgresql_database_name + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + charset = "UTF8" + collation = var.postgresql_database_collation + + lifecycle { + prevent_destroy = true + } +} + +resource "azurerm_postgresql_flexible_server_configuration" "configuration_query_capture_mode" { + name = "pg_qs.query_capture_mode" + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + value = "TOP" +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_postgresql_flexible_server.postgresql_server.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_postgresql_flexible_server.postgresql_server.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + // TODO: not yet implemented by Azure + // log_analytics_destination_type = "Dedicated" + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + + retention_policy { + enabled = false + } + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + + retention_policy { + enabled = false + } + } + } +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { + for_each = var.whitelist_ip_addresses + + name = "fw-${var.name}-${replace(each.value, ".", "-")}" + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + start_ip_address = each.value + end_ip_address = each.value +} diff --git a/modules/azure/postgresql_public/outputs.tf b/modules/azure/postgresql_public/outputs.tf new file mode 100644 index 00000000..d9faa80a --- /dev/null +++ b/modules/azure/postgresql_public/outputs.tf @@ -0,0 +1,16 @@ +output "admin_username" { + value = var.admin_username +} + +output "admin_password" { + value = random_password.postgresql_admin.result + sensitive = true +} + +output "database_name" { + value = azurerm_postgresql_flexible_server_database.postgresql_database.name +} + +output "fqdn" { + value = azurerm_postgresql_flexible_server.postgresql_server.fqdn +} diff --git a/modules/azure/postgresql_public/variables.tf b/modules/azure/postgresql_public/variables.tf new file mode 100644 index 00000000..dd2e13bd --- /dev/null +++ b/modules/azure/postgresql_public/variables.tf @@ -0,0 +1,62 @@ +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "name" { + type = string + description = "Specifies the name of the PostgreSQL Flexible Server." +} + +variable "postgresql_sku_name" { + type = string + description = "Specifies the SKU Name for this PostgreSQL Server" +} + +variable "postgresql_db_size" { + type = number + description = "Specifies the max storage allowed for this PostgreSQL Server" +} + +variable "postgresql_version" { + type = string + description = "Version of the PostgreSQL database." +} + +variable "postgresql_database_name" { + type = string + description = "Name of the PostgreSQL resource." +} + +variable "postgresql_database_collation" { + type = string + description = "Specifies the Collation for this PostgreSQL Flexible Server" + default = "en_US.utf8" +} + +variable "admin_username" { + type = string + description = "Specifies the Administrator username for this PostgreSQL Flexible Server." +} + +variable "log_analytics_workspace_id" { + type = string + description = "ID of a log analytics workspace (optional)." + default = null +} + +variable "password_keeper" { + type = map(string) + description = "Random map of strings, when changed the postgresql admin password will rotate." +} + +variable "whitelist_ip_addresses" { + type = set(string) + description = "List of IP addresses to whitelist." + default = [] +} From 6da88916a30627780f4c019dab58c190773f5cf4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:14:06 +0200 Subject: [PATCH 07/54] CM-27 - Add PVC module --- .github/dependabot.yml | 5 +++++ modules/kubernetes/ingress/main.tf | 15 +++++++++++++ modules/kubernetes/pvc/main.tf | 33 +++++++++++++++++++++++++++++ modules/kubernetes/pvc/outputs.tf | 0 modules/kubernetes/pvc/variables.tf | 24 +++++++++++++++++++++ 5 files changed, 77 insertions(+) create mode 100644 modules/kubernetes/pvc/main.tf create mode 100644 modules/kubernetes/pvc/outputs.tf create mode 100644 modules/kubernetes/pvc/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2ec46870..f4f9c761 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -526,3 +526,8 @@ updates: directory: "/modules/kubernetes/secret" schedule: interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/pvc" + schedule: + interval: "daily" diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 8193ba67..3ef9f28b 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -1,3 +1,18 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + resource "kubernetes_ingress_v1" "ingress" { metadata { name = var.name diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf new file mode 100644 index 00000000..2e433cfe --- /dev/null +++ b/modules/kubernetes/pvc/main.tf @@ -0,0 +1,33 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_persistent_volume_claim" "exportdata_volume" { + metadata { + name = var.name + namespace = var.namespace + } + + spec { + access_modes = [var.access_mode] + + resources { + requests = { + storage = var.size + } + } + + storage_class_name = var.storage_class + } +} diff --git a/modules/kubernetes/pvc/outputs.tf b/modules/kubernetes/pvc/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf new file mode 100644 index 00000000..44d9ff01 --- /dev/null +++ b/modules/kubernetes/pvc/variables.tf @@ -0,0 +1,24 @@ +variable "name" { + type = string + description = "The name of the pvc" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the pvc to" +} + +variable "access_mode" { + type = string + description = "The access mode of the pvc" +} + +variable "size" { + type = string + description = "The storage size of the pvc" +} + +variable "storage_class" { + type = string + description = "The storage class of the pvc" +} From a7abb317131093eaf7fc67b1b440173230ed9193 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:21:31 +0200 Subject: [PATCH 08/54] CM-27 - Do not specify zone --- modules/azure/postgresql_public/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf index cecb4fd9..f9298fed 100644 --- a/modules/azure/postgresql_public/main.tf +++ b/modules/azure/postgresql_public/main.tf @@ -35,7 +35,6 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result version = var.postgresql_version - zone = "1" maintenance_window { day_of_week = 1 # Monday From 059451bec0bc456d6c1b4ba4c3c96c08d87cbaf3 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:23:38 +0200 Subject: [PATCH 09/54] CM-27 - Revert change --- modules/azure/postgresql_public/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf index f9298fed..cecb4fd9 100644 --- a/modules/azure/postgresql_public/main.tf +++ b/modules/azure/postgresql_public/main.tf @@ -35,6 +35,7 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result version = var.postgresql_version + zone = "1" maintenance_window { day_of_week = 1 # Monday From 0a453d07f8bedfde28d7ead6c85c8a97ab0123ba Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:36:05 +0200 Subject: [PATCH 10/54] CM-27 - Rename volume entity --- modules/kubernetes/pvc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 2e433cfe..b81e48d3 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -13,7 +13,7 @@ terraform { provider "kubernetes" {} -resource "kubernetes_persistent_volume_claim" "exportdata_volume" { +resource "kubernetes_persistent_volume_claim" "volume" { metadata { name = var.name namespace = var.namespace From ba80a5609e475f9b3738afac2cf485e86d1a3cc8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:36:55 +0200 Subject: [PATCH 11/54] CM-27 - Use v1 --- modules/kubernetes/pvc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index b81e48d3..16297f51 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -13,7 +13,7 @@ terraform { provider "kubernetes" {} -resource "kubernetes_persistent_volume_claim" "volume" { +resource "kubernetes_persistent_volume_claim_v1" "volume" { metadata { name = var.name namespace = var.namespace From 2bb12b2a64d5f03b62408e124f62e570368f949c Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:40:52 +0200 Subject: [PATCH 12/54] CM-27 - Add config path option --- modules/kubernetes/configmap/main.tf | 4 +++- modules/kubernetes/configmap/variables.tf | 6 ++++++ modules/kubernetes/deployment_with_service/main.tf | 4 +++- modules/kubernetes/deployment_with_service/variables.tf | 6 ++++++ modules/kubernetes/ingress/main.tf | 4 +++- modules/kubernetes/ingress/variables.tf | 6 ++++++ modules/kubernetes/pvc/main.tf | 4 +++- modules/kubernetes/pvc/variables.tf | 6 ++++++ modules/kubernetes/secret/main.tf | 4 +++- modules/kubernetes/secret/variables.tf | 6 ++++++ 10 files changed, 45 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index 714000c7..fa826b70 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_config_map_v1" "config" { metadata { diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf index 5187ec1d..b85aabcb 100644 --- a/modules/kubernetes/configmap/variables.tf +++ b/modules/kubernetes/configmap/variables.tf @@ -12,3 +12,9 @@ variable "data" { type = map(string) description = "The data to store in the configmap" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 385264ae..fa69550e 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_deployment_v1" "deployment" { metadata { diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 4dbb3441..544a5001 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -77,3 +77,9 @@ variable "scaler" { }) default = null } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 3ef9f28b..66d08ffa 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_ingress_v1" "ingress" { metadata { diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index da463588..0fd93c22 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -26,3 +26,9 @@ variable "rules" { description = "The rules for the ingress" default = [] } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 16297f51..214957be 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_persistent_volume_claim_v1" "volume" { metadata { diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf index 44d9ff01..0b197080 100644 --- a/modules/kubernetes/pvc/variables.tf +++ b/modules/kubernetes/pvc/variables.tf @@ -22,3 +22,9 @@ variable "storage_class" { type = string description = "The storage class of the pvc" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index 9665b438..f120a415 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_secret_v1" "secret" { metadata { diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 987f9295..10aaa905 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -12,3 +12,9 @@ variable "data" { type = map(string) description = "The data to store in the secret" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} From 34217e9d2439aecf9b990019842dbc36d8abea3b Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:42:52 +0200 Subject: [PATCH 13/54] CM-27 - Ignore label changes --- modules/kubernetes/configmap/main.tf | 6 ++++++ modules/kubernetes/deployment_with_service/main.tf | 6 ++++++ modules/kubernetes/ingress/main.tf | 6 ++++++ modules/kubernetes/pvc/main.tf | 6 ++++++ modules/kubernetes/secret/main.tf | 6 ++++++ 5 files changed, 30 insertions(+) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index fa826b70..dbdb58aa 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -22,4 +22,10 @@ resource "kubernetes_config_map_v1" "config" { } data = var.data + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index fa69550e..f06007b3 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -117,6 +117,12 @@ resource "kubernetes_service_v1" "service" { type = "ClusterIP" } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } resource "kubernetes_manifest" "http-scaler" { diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 66d08ffa..aff16053 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -50,4 +50,10 @@ resource "kubernetes_ingress_v1" "ingress" { hosts = flatten([for rule in var.rules : rule.host]) } } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 214957be..6ba41699 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -32,4 +32,10 @@ resource "kubernetes_persistent_volume_claim_v1" "volume" { storage_class_name = var.storage_class } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index f120a415..b9f3f63d 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -22,4 +22,10 @@ resource "kubernetes_secret_v1" "secret" { } data = var.data + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } From 1313b8ed79c0f27484e5f555f47ca9a4c361af20 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:55:33 +0200 Subject: [PATCH 14/54] CM-27 - Add MySQL flexible public --- .github/dependabot.yml | 5 + .../azure/mysql_flexible_server/variables.tf | 2 +- .../mysql_flexible_server_public/main.tf | 118 ++++++++++++++++++ .../mysql_flexible_server_public/outputs.tf | 21 ++++ .../mysql_flexible_server_public/variables.tf | 100 +++++++++++++++ modules/kubernetes/configmap/variables.tf | 2 +- .../deployment_with_service/variables.tf | 2 +- modules/kubernetes/ingress/variables.tf | 2 +- modules/kubernetes/pvc/variables.tf | 2 +- modules/kubernetes/secret/variables.tf | 2 +- 10 files changed, 250 insertions(+), 6 deletions(-) create mode 100644 modules/azure/mysql_flexible_server_public/main.tf create mode 100644 modules/azure/mysql_flexible_server_public/outputs.tf create mode 100644 modules/azure/mysql_flexible_server_public/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f4f9c761..823c984b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -332,6 +332,11 @@ updates: schedule: interval: "daily" + - package-ecosystem: "terraform" + directory: "/modules/azure/mysql_flexible_server_public" + schedule: + interval: "daily" + - package-ecosystem: "terraform" directory: "/modules/azure/network_security_group" schedule: diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf index cbd283e0..fd444be1 100644 --- a/modules/azure/mysql_flexible_server/variables.tf +++ b/modules/azure/mysql_flexible_server/variables.tf @@ -101,4 +101,4 @@ variable "slow_query_log" { variable "private_dns_zone_id" { type = string description = "ID of the private dns zone" -} \ No newline at end of file +} diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf new file mode 100644 index 00000000..b03c4d09 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -0,0 +1,118 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "random_password" "mysql_admin_password" { + length = 16 + special = true + override_special = "_%@" + keepers = var.password_keeper +} + +resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { + name = var.server_name + location = var.location + resource_group_name = var.resource_group_name + + administrator_login = var.admin_username + administrator_password = random_password.mysql_admin_password.result + + backup_retention_days = var.backup_retention_days + delegated_subnet_id = var.subnet_id + geo_redundant_backup_enabled = var.geo_redundant_backup_enabled + private_dns_zone_id = var.private_dns_zone_id + + sku_name = var.server_sku + version = var.server_version + + storage { + auto_grow_enabled = var.storage_auto_grow_enabled + iops = var.server_storage_iops + size_gb = var.server_storage_max + } + + lifecycle { + ignore_changes = [zone] + } +} + +resource "azurerm_mysql_flexible_database" "mysql_flexible_database" { + name = var.database_name + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + charset = var.database_charset + collation = var.database_collation +} + +resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_configuration" { + name = "slow_query_log" + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + value = var.slow_query_log +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.server_name}" + target_resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + + retention_policy { + enabled = false + } + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + + retention_policy { + enabled = false + } + } + } + + // TODO: not yet implemented by Azure + // log_analytics_destination_type = "Dedicated" + lifecycle { + ignore_changes = [log_analytics_destination_type] + } +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { + for_each = var.whitelist_ip_addresses + + name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" + server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + start_ip_address = each.value + end_ip_address = each.value +} + diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf new file mode 100644 index 00000000..24a7dd49 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -0,0 +1,21 @@ +output "id" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.id +} + +output "fqdn" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.fqdn +} + +output "database_name" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.name +} + +output "admin_username" { + value = "${azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login}@${var.server_name}" + sensitive = true +} + +output "admin_password" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_password + sensitive = true +} diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf new file mode 100644 index 00000000..03a7d6f2 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -0,0 +1,100 @@ +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "server_name" { + type = string + description = "Name of the mysql server." +} + +variable "server_sku" { + type = string + description = "Specifies the sku for the mysql server" + default = "GP_Standard_D2ds_v4" +} + +variable "server_storage_max" { + type = number + description = "Max storage allowed in GB for the mysql server." + default = 20 +} + +variable "server_storage_iops" { + type = number + description = "Storage IOPS betweeb 360 and 20000." + default = 1000 +} + +variable "server_version" { + type = string + description = "Mysql server version." +} + +variable "storage_auto_grow_enabled" { + type = bool + description = "Enables auto-growing of mysql server storage." + default = true +} + +variable "backup_retention_days" { + type = number + description = "Backup retention days for the mysql server." + default = 7 +} + +variable "geo_redundant_backup_enabled" { + type = bool + description = "Enables geo-redundant mysql server backups." + default = true +} + +variable "database_name" { + type = string + description = "Name of the mysql database." +} + +variable "database_charset" { + type = string + description = "Specifies the charset for the mysql database." + default = "utf8mb3" +} + +variable "database_collation" { + type = string + description = "Specifies the collation for the mysql database." + default = "utf8mb3_unicode_ci" +} + +variable "admin_username" { + type = string + description = "The administrator login username for the mysql server." +} + +variable "password_keeper" { + type = map(string) + description = "Random map of strings, when changed the mysql admin password will rotate." +} + +variable "log_analytics_workspace_id" { + type = string + description = "ID of a log analytics workspace (optional)." + default = null +} + +variable "slow_query_log" { + type = string + description = "Slow query log. ON or OFF (default)" + default = "OFF" +} + +variable "whitelist_ip_addresses" { + type = set(string) + description = "List of IP addresses to whitelist." + default = [] +} diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf index b85aabcb..c488b69b 100644 --- a/modules/kubernetes/configmap/variables.tf +++ b/modules/kubernetes/configmap/variables.tf @@ -16,5 +16,5 @@ variable "data" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 544a5001..a566e158 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -81,5 +81,5 @@ variable "scaler" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index 0fd93c22..3d9fa6c8 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -30,5 +30,5 @@ variable "rules" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf index 0b197080..e9bb6f13 100644 --- a/modules/kubernetes/pvc/variables.tf +++ b/modules/kubernetes/pvc/variables.tf @@ -26,5 +26,5 @@ variable "storage_class" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 10aaa905..9a8b6cce 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -16,5 +16,5 @@ variable "data" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } From bc3a0c0b9d556217452c5ae4f84b2e53f490c617 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 08:57:22 +0200 Subject: [PATCH 15/54] CM-27 - Remove wrong references --- modules/azure/mysql_flexible_server_public/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index b03c4d09..e269e555 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -31,9 +31,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { administrator_password = random_password.mysql_admin_password.result backup_retention_days = var.backup_retention_days - delegated_subnet_id = var.subnet_id geo_redundant_backup_enabled = var.geo_redundant_backup_enabled - private_dns_zone_id = var.private_dns_zone_id sku_name = var.server_sku version = var.server_version From f6e8f343a595f1097ca7b5680c0943a895a90f0a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:07:48 +0200 Subject: [PATCH 16/54] CM-27 - Increase default retention --- modules/azure/mysql_flexible_server/variables.tf | 2 +- modules/azure/mysql_flexible_server_public/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf index fd444be1..cd510d4f 100644 --- a/modules/azure/mysql_flexible_server/variables.tf +++ b/modules/azure/mysql_flexible_server/variables.tf @@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" { variable "backup_retention_days" { type = number description = "Backup retention days for the mysql server." - default = 7 + default = 30 } variable "geo_redundant_backup_enabled" { diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf index 03a7d6f2..ebac05c8 100644 --- a/modules/azure/mysql_flexible_server_public/variables.tf +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" { variable "backup_retention_days" { type = number description = "Backup retention days for the mysql server." - default = 7 + default = 30 } variable "geo_redundant_backup_enabled" { From 8e98ae9158f556616cf01452cce6964da15e8a18 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:22:46 +0200 Subject: [PATCH 17/54] CM-27 - Add prevent destroy --- modules/azure/mysql_flexible_server_public/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index e269e555..ed7a3c41 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -44,6 +44,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { lifecycle { ignore_changes = [zone] + prevent_destroy = true } } From f5e2dacc7baef83ff0770a39ef033231e7827c28 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:28:44 +0200 Subject: [PATCH 18/54] CM-27 - Update linting and add container port --- .github/workflows/validate.yaml | 5 +++-- modules/azure/mysql_flexible_server_public/main.tf | 2 +- modules/kubernetes/deployment_with_service/main.tf | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 75261abb..805109b9 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -1,8 +1,9 @@ name: Validate on: - push: + pull_request: branches: - - '**' + - main + - develop jobs: validate-terraform: diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index ed7a3c41..e82c851b 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -43,7 +43,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { } lifecycle { - ignore_changes = [zone] + ignore_changes = [zone] prevent_destroy = true } } diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index f06007b3..b8be9c32 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -58,6 +58,10 @@ resource "kubernetes_deployment_v1" "deployment" { } } + port { + container_port = var.container_port + } + dynamic "readiness_probe" { for_each = var.readiness_probe ? [1] : [] From 0c456ab59293ec7d96805899c3619639db8e159a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:35:16 +0200 Subject: [PATCH 19/54] CM-27 - Update firewall rule --- modules/azure/mysql_flexible_server_public/main.tf | 12 ++++++------ .../azure/mysql_flexible_server_public/variables.tf | 6 ------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index e82c851b..d2fae6c9 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -38,7 +38,6 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { storage { auto_grow_enabled = var.storage_auto_grow_enabled - iops = var.server_storage_iops size_gb = var.server_storage_max } @@ -106,12 +105,13 @@ resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { } } -resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { +resource "azurerm_mysql_flexible_server_firewall_rule" "rule" { for_each = var.whitelist_ip_addresses - name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" - server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id - start_ip_address = each.value - end_ip_address = each.value + name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + start_ip_address = each.value + end_ip_address = each.value } diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf index ebac05c8..65ad027c 100644 --- a/modules/azure/mysql_flexible_server_public/variables.tf +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -25,12 +25,6 @@ variable "server_storage_max" { default = 20 } -variable "server_storage_iops" { - type = number - description = "Storage IOPS betweeb 360 and 20000." - default = 1000 -} - variable "server_version" { type = string description = "Mysql server version." From 9471ad728a630a9aeee5a0e20152e563c3463ba7 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:45:27 +0200 Subject: [PATCH 20/54] CM-27 - Mark as sensitive --- modules/kubernetes/secret/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 9a8b6cce..6cd331af 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -11,6 +11,7 @@ variable "name" { variable "data" { type = map(string) description = "The data to store in the secret" + sensitive = true } variable "config_path" { From 0c825c9a4c7adaaab05c1f9cc1ee065dfce5d2fe Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:04:24 +0200 Subject: [PATCH 21/54] CM-27 - Add test for volume --- .../deployment_with_service/main.tf | 26 +++++++++++++++++-- .../deployment_with_service/variables.tf | 10 +++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index b8be9c32..5eafdd90 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -62,6 +62,16 @@ resource "kubernetes_deployment_v1" "deployment" { container_port = var.container_port } + dynamic "volume_mount" { + for_each = var.volume_mounts + + content { + mount_path = volume_mount.value.mount_path + name = volume_mount.value.claim + sub_path = volume_mount.value.sub_path + } + } + dynamic "readiness_probe" { for_each = var.readiness_probe ? [1] : [] @@ -97,6 +107,18 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "volume" { + for_each = var.volume_mounts + + content { + name = volume.value.claim + + persistent_volume_claim { + claim_name = volume.value.claim + } + } + } + restart_policy = "Always" } } @@ -115,8 +137,8 @@ resource "kubernetes_service_v1" "service" { } port { - port = var.container_port - target_port = var.target_port + port = var.target_port + target_port = var.container_port } type = "ClusterIP" diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index a566e158..4d3ee97d 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -75,6 +75,7 @@ variable "scaler" { max = number }) }) + description = "The scaler for the application" default = null } @@ -83,3 +84,12 @@ variable "config_path" { description = "The path to the config file" default = "~/.kube/config" } + +variable "volume_mounts" { + type = list(object({ + claim = string + mount_path = string + sub_path = string + })) + description = "The volume mounts for the application" +} From 213698f9764d649b9309375584fe477e692e6a43 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:16:44 +0200 Subject: [PATCH 22/54] CM-27 - Update replica checks --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5eafdd90..a2566dd8 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -73,7 +73,7 @@ resource "kubernetes_deployment_v1" "deployment" { } dynamic "readiness_probe" { - for_each = var.readiness_probe ? [1] : [] + for_each = var.readiness_probe != null ? [1] : [] content { http_get { @@ -90,7 +90,7 @@ resource "kubernetes_deployment_v1" "deployment" { } dynamic "liveness_probe" { - for_each = var.liveness_probe ? [1] : [] + for_each = var.liveness_probe != null ? [1] : [] content { http_get { From d244d985a82919e61c935f619a6c258a3bddabe1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:20:27 +0200 Subject: [PATCH 23/54] CM-27 - Update probes --- modules/kubernetes/deployment_with_service/main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index a2566dd8..a9980a2b 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -77,8 +77,8 @@ resource "kubernetes_deployment_v1" "deployment" { content { http_get { - path = readiness_probe.value.path - port = readiness_probe.value.port + path = var.readiness_probe.path + port = var.readiness_probe.port scheme = "HTTP" } @@ -94,8 +94,8 @@ resource "kubernetes_deployment_v1" "deployment" { content { http_get { - path = liveness_probe.value.path - port = liveness_probe.value.port + path = var.liveness_probe.path + port = var.liveness_probe.port scheme = "HTTP" } @@ -159,6 +159,7 @@ resource "kubernetes_manifest" "http-scaler" { apiVersion = "http.keda.sh/v1alpha1" metadata = { name = var.name + namespace= var.namespace } spec = { host = var.scaler.host From a3aa2fc167b5432ca80e3059f288e3cf4a9d02e9 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:34:05 +0200 Subject: [PATCH 24/54] CM-27 - Update probes --- modules/kubernetes/deployment_with_service/main.tf | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index a9980a2b..5a8a0637 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -82,8 +82,8 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 10 + initial_delay_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } @@ -99,14 +99,20 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 10 + initial_delay_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } } } + dns_config { + option { + name = "single-request-reopen" + } + } + dynamic "volume" { for_each = var.volume_mounts From 4d2ff593e73a9d16fab51f7aa3379fbf77b2594d Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:39:47 +0200 Subject: [PATCH 25/54] CM-27 - Add env references --- .../deployment_with_service/main.tf | 20 +++++++++++++++++++ .../deployment_with_service/variables.tf | 12 +++++++++++ 2 files changed, 32 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5a8a0637..3fa6b4ad 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -58,6 +58,26 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "env_from" { + for_each = var.env_secret_refs + + content { + secret_ref { + name = env_from.value + } + } + } + + dynamic "env_from" { + for_each = var.env_configmap_refs + + content { + config_map_ref { + name = env_from.value + } + } + } + port { container_port = var.container_port } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 4d3ee97d..189c3245 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -79,6 +79,18 @@ variable "scaler" { default = null } +variable "env_secret_refs" { + type = list(string) + description = "The list of secret references to use as environment variables" + default = [] +} + +variable "env_configmap_refs" { + type = list(string) + description = "The list of configmap references to use as environment variables" + default = [] +} + variable "config_path" { type = string description = "The path to the config file" From 4a0569b69beefd5fd78a67d10fac3d79e204b7ce Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:44:29 +0200 Subject: [PATCH 26/54] CM-27 - Update label --- modules/kubernetes/deployment_with_service/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 3fa6b4ad..9c5cae19 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -37,7 +37,6 @@ resource "kubernetes_deployment_v1" "deployment" { metadata { labels = { "io.kompose.service" = var.name - app = var.name } } @@ -159,7 +158,7 @@ resource "kubernetes_service_v1" "service" { spec { selector = { - app = kubernetes_deployment_v1.deployment.metadata[0].name + "io.kompose.service" = kubernetes_deployment_v1.deployment.metadata[0].name } port { From d173d6e77dd2b14a7246b2de1cbb51fac3b0dc9f Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:50:34 +0200 Subject: [PATCH 27/54] CM-27 - Update output --- modules/azure/mysql_flexible_server_public/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf index 24a7dd49..3d054343 100644 --- a/modules/azure/mysql_flexible_server_public/outputs.tf +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -7,7 +7,7 @@ output "fqdn" { } output "database_name" { - value = azurerm_mysql_flexible_server.mysql_flexible_server.name + value = azurerm_mysql_flexible_database.mysql_flexible_database.name } output "admin_username" { From de7a0049bbe111624be79f1d26c47b6528c8f9b8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:52:23 +0200 Subject: [PATCH 28/54] CM-27 - Update administrator login --- modules/azure/mysql_flexible_server_public/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf index 3d054343..0cfdcc19 100644 --- a/modules/azure/mysql_flexible_server_public/outputs.tf +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -11,7 +11,7 @@ output "database_name" { } output "admin_username" { - value = "${azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login}@${var.server_name}" + value = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login sensitive = true } From 71d5c5c752a05d4eadf9042630196e83d2a3c169 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:59:10 +0200 Subject: [PATCH 29/54] CM-27 - Update label --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 9c5cae19..7be409ff 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -29,7 +29,7 @@ resource "kubernetes_deployment_v1" "deployment" { selector { match_labels = { - app = var.name + "io.kompose.service" = var.name } } From 4b0694aab66dbdb978969ab78f126e92738276c8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:35:30 +0200 Subject: [PATCH 30/54] CM-27 - Add service port as output --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++++ .../kubernetes/deployment_with_service/variables.tf | 11 ++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 7be409ff..3a4ba9c3 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -183,8 +183,8 @@ resource "kubernetes_manifest" "http-scaler" { kind = "HTTPScaledObject" apiVersion = "http.keda.sh/v1alpha1" metadata = { - name = var.name - namespace= var.namespace + name = var.name + namespace = var.namespace } spec = { host = var.scaler.host diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 968a81dd..873ddacd 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -5,3 +5,7 @@ output "service_name" { output "deployment_name" { value = kubernetes_deployment_v1.deployment.metadata.0.name } + +output "service_port" { + value = kubernetes_service_v1.service.spec.0.ports.0.port +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 189c3245..e683c15a 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,17 +76,17 @@ variable "scaler" { }) }) description = "The scaler for the application" - default = null + default = null } variable "env_secret_refs" { - type = list(string) + type = list(string) description = "The list of secret references to use as environment variables" default = [] } variable "env_configmap_refs" { - type = list(string) + type = list(string) description = "The list of configmap references to use as environment variables" default = [] } @@ -99,9 +99,10 @@ variable "config_path" { variable "volume_mounts" { type = list(object({ - claim = string + claim = string mount_path = string - sub_path = string + sub_path = string })) description = "The volume mounts for the application" + default = [] } From b0c2d2075beaa703fd0ceae5986c596ef82896cf Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:36:37 +0200 Subject: [PATCH 31/54] CM-27 - Add service port as output --- modules/kubernetes/deployment_with_service/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 873ddacd..b749ccb5 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -7,5 +7,5 @@ output "deployment_name" { } output "service_port" { - value = kubernetes_service_v1.service.spec.0.ports.0.port + value = kubernetes_service_v1.service.spec.0.port.0.port } From d59c88e49d737ffc84af916d83188966f4c856b1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:44:24 +0200 Subject: [PATCH 32/54] CM-27 - Update paths --- modules/kubernetes/ingress/main.tf | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index aff16053..02774ae4 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -29,17 +29,21 @@ resource "kubernetes_ingress_v1" "ingress" { content { host = rule.value.host http { - path { - backend { - service { - name = rule.value.service - port { - number = rule.value.port + dynamic "path" { + for_each = rule.value.paths + + content { + backend { + service { + name = path.value.service + port { + number = path.value.port + } } } - } - path = rule.value.path + path = path.value.path + } } } } From 08225abb48718bf713a0cd9c69f425882533c0c3 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:15:00 +0200 Subject: [PATCH 33/54] CM-27 - Add scaler proxy --- .../deployment_with_service/main.tf | 25 +++++++++++++++++++ .../deployment_with_service/outputs.tf | 9 ++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 3a4ba9c3..58c1d72c 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -200,3 +200,28 @@ resource "kubernetes_manifest" "http-scaler" { } } } + +# +resource "kubernetes_service_v1" "http-scaler-service-proxy" { + count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + + metadata { + name = "${var.name}-keda-bridge" + namespace = var.namespace + } + + spec { + external_name = "keda-add-ons-http-interceptor-proxy.keda.svc.cluster.local" + port { + port = 8080 + } + + type = "ExternalName" + } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } +} diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index b749ccb5..2b0b63fe 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -1,11 +1,12 @@ -output "service_name" { - value = kubernetes_deployment_v1.deployment.metadata.0.name -} output "deployment_name" { value = kubernetes_deployment_v1.deployment.metadata.0.name } output "service_port" { - value = kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port +} + +output "service_name" { + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From fbcc430da09c4bcff4b2fb566cae8bda70545156 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:18:49 +0200 Subject: [PATCH 34/54] CM-27 - Add scaler proxy --- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 2b0b63fe..d636c27e 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From b3ab518d79d3b02c11548e7e537c04ca10072929 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:30:34 +0200 Subject: [PATCH 35/54] CM-27 - Tweak --- modules/kubernetes/deployment_with_service/main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 58c1d72c..9f0a4b6d 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -101,9 +101,9 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 5 - period_seconds = 25 - failure_threshold = 3 + initial_delay_seconds = 10 + period_seconds = 5 + failure_threshold = 10 timeout_seconds = 5 } } @@ -119,7 +119,7 @@ resource "kubernetes_deployment_v1" "deployment" { } initial_delay_seconds = 5 - period_seconds = 25 + period_seconds = 5 failure_threshold = 3 timeout_seconds = 5 } @@ -191,7 +191,7 @@ resource "kubernetes_manifest" "http-scaler" { scaleTargetRef = { deployment = var.name service = var.name - port = var.container_port + port = var.target_port } replicas = { min = var.scaler.replicas.min From 20c0c9a22bcfc5e0f4ed3c8c42bac34e19dea3be Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:33:05 +0200 Subject: [PATCH 36/54] CM-27 - Tweak --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 9f0a4b6d..2286968f 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -103,7 +103,7 @@ resource "kubernetes_deployment_v1" "deployment" { initial_delay_seconds = 10 period_seconds = 5 - failure_threshold = 10 + failure_threshold = 50 timeout_seconds = 5 } } From 9bff980fa752b17b75462d1af08f31e342910735 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:38:05 +0200 Subject: [PATCH 37/54] CM-27 - Update value --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 2286968f..0447cf5c 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -119,7 +119,7 @@ resource "kubernetes_deployment_v1" "deployment" { } initial_delay_seconds = 5 - period_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } From 8fd8e6e4b73a8937d114a9ba53698a324dc140e4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:10:18 +0200 Subject: [PATCH 38/54] CM-27 - Add resource scaler --- .../deployment_with_service/main.tf | 46 +++++++++++++++++++ .../deployment_with_service/variables.tf | 4 ++ 2 files changed, 50 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 0447cf5c..b79c80ff 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -225,3 +225,49 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { ] } } + +resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { + count = var.scaler != null && var.scaler.type == "resource" ? 1 : 0 + + metadata { + name = var.name + namespace = var.namespace + } + + spec { + scale_target_ref { + api_version = "apps/v1" + kind = "Deployment" + name = var.name + } + + min_replicas = var.scaler.replicas.min + max_replicas = var.scaler.replicas.max + + metric { + type = "Resource" + + resource { + name = "cpu" + + target { + type = "Utilization" + average_utilization = lookup(var.scaler.metrics, "cpu", 70) + } + } + } + + metric { + type = "Resource" + + resource { + name = "memory" + + target { + type = "Utilization" + average_utilization = lookup(var.scaler.metrics, "memory", 80) + } + } + } + } +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index e683c15a..498d2840 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -74,6 +74,10 @@ variable "scaler" { min = number max = number }) + metrics = object({ + cpu = number, + memory = number + }) }) description = "The scaler for the application" default = null From 771bc6a8ea819edb2aebcd1f0ffd5578786d1fa1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:17:28 +0200 Subject: [PATCH 39/54] CM-27 - Add probe properties --- .../kubernetes/deployment_with_service/main.tf | 16 ++++++++-------- .../deployment_with_service/variables.tf | 18 +++++++++++++----- modules/kubernetes/ingress/main.tf | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index b79c80ff..482b2da0 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -101,10 +101,10 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 5 - failure_threshold = 50 - timeout_seconds = 5 + initial_delay_seconds = lookup(var.readiness_probe, "initial_delay_seconds", 10) + period_seconds = lookup(var.readiness_probe, "period_seconds", 5) + failure_threshold = lookup(var.readiness_probe, "failure_threshold", 50) + timeout_seconds = lookup(var.readiness_probe, "timeout_seconds", 5) } } @@ -118,10 +118,10 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 5 - period_seconds = 25 - failure_threshold = 3 - timeout_seconds = 5 + initial_delay_seconds = lookup(var.liveness_probe, "initial_delay_seconds", 5) + period_seconds = lookup(var.liveness_probe, "period_seconds", 25) + failure_threshold = lookup(var.liveness_probe, "failure_threshold", 3) + timeout_seconds = lookup(var.liveness_probe, "timeout_seconds", 5) } } } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 498d2840..beda8230 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -50,8 +50,12 @@ variable "target_port" { variable "readiness_probe" { type = object({ - path = string - port = number + path = string + port = number + initial_delay_seconds = number + period_seconds = number + failure_threshold = number + timeout_seconds = number }) description = "The readiness probe for the application" default = null @@ -59,8 +63,12 @@ variable "readiness_probe" { variable "liveness_probe" { type = object({ - path = string - port = number + path = string + port = number + initial_delay_seconds = number + period_seconds = number + failure_threshold = number + timeout_seconds = number }) description = "The liveness probe for the application" default = null @@ -75,7 +83,7 @@ variable "scaler" { max = number }) metrics = object({ - cpu = number, + cpu = number, memory = number }) }) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 02774ae4..b31895d4 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -37,7 +37,7 @@ resource "kubernetes_ingress_v1" "ingress" { service { name = path.value.service port { - number = path.value.port + number = path.value.port } } } From ec60a508aecad24a6724605601b3eca014abb545 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:20:38 +0200 Subject: [PATCH 40/54] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index beda8230..97fe5cd8 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -82,10 +82,10 @@ variable "scaler" { min = number max = number }) - metrics = object({ + metrics = optional(object({ cpu = number, memory = number - }) + })) }) description = "The scaler for the application" default = null From a57be4bdf0edeba6b55cf3e40a184216d6382ab5 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:21:20 +0200 Subject: [PATCH 41/54] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 97fe5cd8..af67d4c3 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -65,10 +65,10 @@ variable "liveness_probe" { type = object({ path = string port = number - initial_delay_seconds = number - period_seconds = number - failure_threshold = number - timeout_seconds = number + initial_delay_seconds = optional(number) + period_seconds = optional(number) + failure_threshold = optional(number) + timeout_seconds = optional(number) }) description = "The liveness probe for the application" default = null From 873e88a97c54a080d009a560b79d9e169a219900 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:22:12 +0200 Subject: [PATCH 42/54] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index af67d4c3..864cfc52 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -52,10 +52,10 @@ variable "readiness_probe" { type = object({ path = string port = number - initial_delay_seconds = number - period_seconds = number - failure_threshold = number - timeout_seconds = number + initial_delay_seconds = optional(number) + period_seconds = optional(number) + failure_threshold = optional(number) + timeout_seconds = optional(number) }) description = "The readiness probe for the application" default = null From 33c9dff4d3e6e7621a195066abd6fa73eac8e844 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:27:32 +0200 Subject: [PATCH 43/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 482b2da0..8524af93 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" From c8556d08cce692e8c43054d1bf97673625d15650 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:28:22 +0200 Subject: [PATCH 44/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 8524af93..0d2294bf 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = var.scaler != null && var.scaler.type == "resource" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "resource" ? 1 : 0 metadata { name = var.name From daf737a9ff2bc74309bbc691713af91dd9327060 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:29:57 +0200 Subject: [PATCH 45/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 0d2294bf..5f6b64ef 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "resource" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "resource" ? 1 : 0 metadata { name = var.name From 1b9ea2f62a832fb27d2ac8d2c0de0c66ada64ac4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:30:59 +0200 Subject: [PATCH 46/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 864cfc52..d43b316a 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,8 +76,8 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string - host = string + type = optional(string) + host = optional(string) replicas = object({ min = number max = number From 9c59d5247acdd30f1bce879725132b871f4b8c8e Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:33:24 +0200 Subject: [PATCH 47/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5f6b64ef..2caa332f 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "resource" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "resource" ? 1 : 0 metadata { name = var.name diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index d43b316a..864cfc52 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,8 +76,8 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = optional(string) - host = optional(string) + type = string + host = string replicas = object({ min = number max = number From 97bffaeec2ee67c6eb783548c49a62fe02e24204 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:34:19 +0200 Subject: [PATCH 48/54] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index d636c27e..c99e4bee 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From 579cae1c0dee2e5c1809ecd9bd6d72e9fd0f68c0 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:37:17 +0200 Subject: [PATCH 49/54] CM-27 - Add env variable --- modules/kubernetes/deployment_with_service/main.tf | 9 +++++++++ modules/kubernetes/deployment_with_service/variables.tf | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 2caa332f..d4cec1c5 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -67,6 +67,15 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "env" { + for_each = var.env + + content { + name = env.key + value = env.value + } + } + dynamic "env_from" { for_each = var.env_configmap_refs diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 864cfc52..7491d5fb 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -103,6 +103,12 @@ variable "env_configmap_refs" { default = [] } +variable "env" { + type = map(string) + description = "The environment variables for the application" + default = {} +} + variable "config_path" { type = string description = "The path to the config file" From 746b6c0da0c58e4d2a790a1bed20e7989fc4b83c Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:57:03 +0200 Subject: [PATCH 50/54] CM-27 - Add env variable --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index d4cec1c5..95d1d6b0 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -186,7 +186,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 + count = var.scaler.type == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -212,7 +212,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 + count = var.scaler.type == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -236,7 +236,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "resource" ? 1 : 0 + count = var.scaler.type == "resource" ? 1 : 0 metadata { name = var.name diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index c99e4bee..d636c27e 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 7491d5fb..bbaa0677 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,12 +76,12 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string - host = string - replicas = object({ + type = optional(string) + host = optional(string) + replicas = optional(object({ min = number max = number - }) + })) metrics = optional(object({ cpu = number, memory = number From 8f31cb465a7f089f0ad1caa06ebbc0062305f387 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 11:06:13 +0200 Subject: [PATCH 51/54] CM-27 - Allow conditional enabling of Ingress --- modules/kubernetes/ingress/main.tf | 2 ++ modules/kubernetes/ingress/variables.tf | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index b31895d4..cdd88523 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -16,6 +16,8 @@ provider "kubernetes" { } resource "kubernetes_ingress_v1" "ingress" { + count = var.enabled ? 1 : 0 + metadata { name = var.name namespace = var.namespace diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index 3d9fa6c8..312f89f9 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -32,3 +32,9 @@ variable "config_path" { description = "The path to the config file" default = "~/.kube/config" } + +variable "enabled" { + type = bool + description = "Whether to enable the ingress" + default = true +} From 57dfa212eee77401ab428a1803fc2f5e16f98149 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:02:04 +0200 Subject: [PATCH 52/54] Update modules/kubernetes/secret/main.tf Co-authored-by: tom-reinders --- modules/kubernetes/secret/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index b9f3f63d..332399d1 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } From c57eeb35a080b13b6e5256c10553feb826bd52a2 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:02:10 +0200 Subject: [PATCH 53/54] Update modules/kubernetes/configmap/main.tf Co-authored-by: tom-reinders --- modules/kubernetes/configmap/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index dbdb58aa..414908dd 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } From 4fac76e2bbd24c1586edc65efef959ff6ab61759 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:03:27 +0200 Subject: [PATCH 54/54] Apply suggestions from code review Co-authored-by: tom-reinders --- modules/kubernetes/deployment_with_service/main.tf | 2 +- modules/kubernetes/ingress/main.tf | 2 +- modules/kubernetes/pvc/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 95d1d6b0..b7707194 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index cdd88523..ad3fa2f8 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 6ba41699..ecf30d1a 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } }