Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update terraform azurerm provider to version 4.x and migrate t… #27

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update terraform azurerm provider to version 4.x and migrate t… #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 14 additions & 10 deletions terraform/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,19 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.50"
version = "4.2.0"
}
}
}

provider "azurerm" {
features {}
features {
key_vault {
purge_soft_delete_on_destroy = true
recover_soft_deleted_key_vaults = true
}
}
resource_provider_registrations = "core"
}

terraform {
Expand Down Expand Up @@ -52,13 +58,13 @@ module "hub_network" {
{
name : "AzureFirewallSubnet"
address_prefixes : var.hub_firewall_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
},
{
name : "AzureBastionSubnet"
address_prefixes : var.hub_bastion_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
}
]
Expand All @@ -76,25 +82,25 @@ module "aks_network" {
{
name : var.default_node_pool_subnet_name
address_prefixes : var.default_node_pool_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
},
{
name : var.additional_node_pool_subnet_name
address_prefixes : var.additional_node_pool_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
},
{
name : var.pod_subnet_name
address_prefixes : var.pod_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
},
{
name : var.vm_subnet_name
address_prefixes : var.vm_subnet_address_prefix
private_endpoint_network_policies_enabled : true
private_endpoint_network_policies_enabled : "Enabled"
private_link_service_network_policies_enabled : false
}
]
Expand Down Expand Up @@ -173,8 +179,6 @@ module "aks_cluster" {
default_node_pool_vm_size = var.default_node_pool_vm_size
vnet_subnet_id = module.aks_network.subnet_ids[var.default_node_pool_subnet_name]
default_node_pool_availability_zones = var.default_node_pool_availability_zones
default_node_pool_node_labels = var.default_node_pool_node_labels
default_node_pool_node_taints = var.default_node_pool_node_taints
default_node_pool_enable_auto_scaling = var.default_node_pool_enable_auto_scaling
default_node_pool_enable_host_encryption = var.default_node_pool_enable_host_encryption
default_node_pool_enable_node_public_ip = var.default_node_pool_enable_node_public_ip
Expand Down
299 changes: 149 additions & 150 deletions terraform/modules/aks/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,150 +1,149 @@
terraform {
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This diff seems not correct. The only real difference is this patch:

Index: terraform/modules/aks/main.tf
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/terraform/modules/aks/main.tf b/terraform/modules/aks/main.tf
--- a/terraform/modules/aks/main.tf	(revision 8bb51322e82bec3f9ab6457ac80633165e1afa3b)
+++ b/terraform/modules/aks/main.tf	(revision 293a44c4ece19d8a502aa813fe311573263d7486)
@@ -29,12 +29,13 @@
   kubernetes_version               = var.kubernetes_version
   dns_prefix                       = var.dns_prefix
   private_cluster_enabled          = var.private_cluster_enabled
-  automatic_channel_upgrade        = var.automatic_channel_upgrade
+  automatic_upgrade_channel        = var.automatic_channel_upgrade
   sku_tier                         = var.sku_tier
   workload_identity_enabled        = var.workload_identity_enabled
   oidc_issuer_enabled              = var.oidc_issuer_enabled
   open_service_mesh_enabled        = var.open_service_mesh_enabled
   image_cleaner_enabled            = var.image_cleaner_enabled
+  image_cleaner_interval_hours     = 168
   azure_policy_enabled             = var.azure_policy_enabled
   http_application_routing_enabled = var.http_application_routing_enabled
 
@@ -45,10 +46,9 @@
     pod_subnet_id           = var.pod_subnet_id
     zones                   = var.default_node_pool_availability_zones
     node_labels             = var.default_node_pool_node_labels
-    node_taints             = var.default_node_pool_node_taints
-    enable_auto_scaling     = var.default_node_pool_enable_auto_scaling
-    enable_host_encryption  = var.default_node_pool_enable_host_encryption
-    enable_node_public_ip   = var.default_node_pool_enable_node_public_ip
+    auto_scaling_enabled    = var.default_node_pool_enable_auto_scaling
+    host_encryption_enabled = var.default_node_pool_enable_host_encryption
+    node_public_ip_enabled  = var.default_node_pool_enable_node_public_ip
     max_pods                = var.default_node_pool_max_pods
     max_count               = var.default_node_pool_max_count
     min_count               = var.default_node_pool_min_count
@@ -92,7 +92,6 @@
   }
 
   azure_active_directory_role_based_access_control {
-    managed                    = true
     tenant_id                  = var.tenant_id
     admin_group_object_ids     = var.admin_group_object_ids
     azure_rbac_enabled         = var.azure_rbac_enabled

required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
}

required_version = ">= 0.14.9"
}

resource "azurerm_user_assigned_identity" "aks_identity" {
resource_group_name = var.resource_group_name
location = var.location
tags = var.tags

name = "${var.name}Identity"

lifecycle {
ignore_changes = [
tags
]
}
}

resource "azurerm_kubernetes_cluster" "aks_cluster" {
name = var.name
location = var.location
resource_group_name = var.resource_group_name
kubernetes_version = var.kubernetes_version
dns_prefix = var.dns_prefix
private_cluster_enabled = var.private_cluster_enabled
automatic_channel_upgrade = var.automatic_channel_upgrade
sku_tier = var.sku_tier
workload_identity_enabled = var.workload_identity_enabled
oidc_issuer_enabled = var.oidc_issuer_enabled
open_service_mesh_enabled = var.open_service_mesh_enabled
image_cleaner_enabled = var.image_cleaner_enabled
azure_policy_enabled = var.azure_policy_enabled
http_application_routing_enabled = var.http_application_routing_enabled

default_node_pool {
name = var.default_node_pool_name
vm_size = var.default_node_pool_vm_size
vnet_subnet_id = var.vnet_subnet_id
pod_subnet_id = var.pod_subnet_id
zones = var.default_node_pool_availability_zones
node_labels = var.default_node_pool_node_labels
node_taints = var.default_node_pool_node_taints
enable_auto_scaling = var.default_node_pool_enable_auto_scaling
enable_host_encryption = var.default_node_pool_enable_host_encryption
enable_node_public_ip = var.default_node_pool_enable_node_public_ip
max_pods = var.default_node_pool_max_pods
max_count = var.default_node_pool_max_count
min_count = var.default_node_pool_min_count
node_count = var.default_node_pool_node_count
os_disk_type = var.default_node_pool_os_disk_type
tags = var.tags
}

linux_profile {
admin_username = var.admin_username
ssh_key {
key_data = var.ssh_public_key
}
}

identity {
type = "UserAssigned"
identity_ids = tolist([azurerm_user_assigned_identity.aks_identity.id])
}

network_profile {
dns_service_ip = var.network_dns_service_ip
network_plugin = var.network_plugin
outbound_type = var.outbound_type
service_cidr = var.network_service_cidr
}

oms_agent {
msi_auth_for_monitoring_enabled = true
log_analytics_workspace_id = coalesce(var.oms_agent.log_analytics_workspace_id, var.log_analytics_workspace_id)
}

dynamic "ingress_application_gateway" {
for_each = try(var.ingress_application_gateway.gateway_id, null) == null ? [] : [1]

content {
gateway_id = var.ingress_application_gateway.gateway_id
subnet_cidr = var.ingress_application_gateway.subnet_cidr
subnet_id = var.ingress_application_gateway.subnet_id
}
}

azure_active_directory_role_based_access_control {
managed = true
tenant_id = var.tenant_id
admin_group_object_ids = var.admin_group_object_ids
azure_rbac_enabled = var.azure_rbac_enabled
}

workload_autoscaler_profile {
keda_enabled = var.keda_enabled
vertical_pod_autoscaler_enabled = var.vertical_pod_autoscaler_enabled
}

lifecycle {
ignore_changes = [
kubernetes_version,
tags
]
}
}

resource "azurerm_monitor_diagnostic_setting" "settings" {
name = "DiagnosticsSettings"
target_resource_id = azurerm_kubernetes_cluster.aks_cluster.id
log_analytics_workspace_id = var.log_analytics_workspace_id

enabled_log {
category = "kube-apiserver"
}

enabled_log {
category = "kube-audit"
}

enabled_log {
category = "kube-audit-admin"
}

enabled_log {
category = "kube-controller-manager"
}

enabled_log {
category = "kube-scheduler"
}

enabled_log {
category = "cluster-autoscaler"
}

enabled_log {
category = "guard"
}

metric {
category = "AllMetrics"
}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
}

required_version = ">= 0.14.9"
}

resource "azurerm_user_assigned_identity" "aks_identity" {
resource_group_name = var.resource_group_name
location = var.location
tags = var.tags

name = "${var.name}Identity"

lifecycle {
ignore_changes = [
tags
]
}
}

resource "azurerm_kubernetes_cluster" "aks_cluster" {
name = var.name
location = var.location
resource_group_name = var.resource_group_name
kubernetes_version = var.kubernetes_version
dns_prefix = var.dns_prefix
private_cluster_enabled = var.private_cluster_enabled
automatic_upgrade_channel = var.automatic_channel_upgrade
sku_tier = var.sku_tier
workload_identity_enabled = var.workload_identity_enabled
oidc_issuer_enabled = var.oidc_issuer_enabled
open_service_mesh_enabled = var.open_service_mesh_enabled
image_cleaner_enabled = var.image_cleaner_enabled
image_cleaner_interval_hours = 168
azure_policy_enabled = var.azure_policy_enabled
http_application_routing_enabled = var.http_application_routing_enabled

default_node_pool {
name = var.default_node_pool_name
vm_size = var.default_node_pool_vm_size
vnet_subnet_id = var.vnet_subnet_id
pod_subnet_id = var.pod_subnet_id
zones = var.default_node_pool_availability_zones
node_labels = var.default_node_pool_node_labels
auto_scaling_enabled = var.default_node_pool_enable_auto_scaling
host_encryption_enabled = var.default_node_pool_enable_host_encryption
node_public_ip_enabled = var.default_node_pool_enable_node_public_ip
max_pods = var.default_node_pool_max_pods
max_count = var.default_node_pool_max_count
min_count = var.default_node_pool_min_count
node_count = var.default_node_pool_node_count
os_disk_type = var.default_node_pool_os_disk_type
tags = var.tags
}

linux_profile {
admin_username = var.admin_username
ssh_key {
key_data = var.ssh_public_key
}
}

identity {
type = "UserAssigned"
identity_ids = tolist([azurerm_user_assigned_identity.aks_identity.id])
}

network_profile {
dns_service_ip = var.network_dns_service_ip
network_plugin = var.network_plugin
outbound_type = var.outbound_type
service_cidr = var.network_service_cidr
}

oms_agent {
msi_auth_for_monitoring_enabled = true
log_analytics_workspace_id = coalesce(var.oms_agent.log_analytics_workspace_id, var.log_analytics_workspace_id)
}

dynamic "ingress_application_gateway" {
for_each = try(var.ingress_application_gateway.gateway_id, null) == null ? [] : [1]

content {
gateway_id = var.ingress_application_gateway.gateway_id
subnet_cidr = var.ingress_application_gateway.subnet_cidr
subnet_id = var.ingress_application_gateway.subnet_id
}
}

azure_active_directory_role_based_access_control {
tenant_id = var.tenant_id
admin_group_object_ids = var.admin_group_object_ids
azure_rbac_enabled = var.azure_rbac_enabled
}

workload_autoscaler_profile {
keda_enabled = var.keda_enabled
vertical_pod_autoscaler_enabled = var.vertical_pod_autoscaler_enabled
}

lifecycle {
ignore_changes = [
kubernetes_version,
tags
]
}
}

resource "azurerm_monitor_diagnostic_setting" "settings" {
name = "DiagnosticsSettings"
target_resource_id = azurerm_kubernetes_cluster.aks_cluster.id
log_analytics_workspace_id = var.log_analytics_workspace_id

enabled_log {
category = "kube-apiserver"
}

enabled_log {
category = "kube-audit"
}

enabled_log {
category = "kube-audit-admin"
}

enabled_log {
category = "kube-controller-manager"
}

enabled_log {
category = "kube-scheduler"
}

enabled_log {
category = "cluster-autoscaler"
}

enabled_log {
category = "guard"
}

metric {
category = "AllMetrics"
}
}
Loading