Chore/1333 replace terraform cloud #1887

joshgamache · 2024-01-26T20:08:43Z

Addresses #1333 - Project link
Adds Terraform scripts and Helm charts to run them. Resource states migrated from Terraform Cloud to a Google Cloud Storage bucket.

Changes 🚧

Added Terraform module, imported from cas-shelf
Added Helm templates to handle:
- Terraform module loading to configMaps
- OpenShift service account for use by Terraform
- Terraform apply job

To test 🔬

The Helm charts are built into the automation around deploys via ShipIt. Once a deploy has been run, you can check the job Terraform-apply in OpenShift to see if the run was successful.

Notes📝

🔒 Terraform Cloud state has been locked to enable migration of state to state buckets
The script has been run and resources have been transitioned from Terraform Cloud to GCP buckets holding state for each namespace (cif-dev, cif-test, cif-prod).
Resources have been migrated rather than recreated, only the state "owning" the resource changes.
The resources kubernetes_secret.secret_sa have had Terraform changes, but only the addition of a default value (consistent with our use of them) due to a new provider version.
The script used for migration (/chart/cas-cif/terraform/tf-migration.sh) is kept here for history. It will be removed by Add directions and script for migration off of Terraform Cloud cas-pipeline#83

chart/cas-cif/templates/jobs/terraform-service-account.yaml

pbastia

Nice work! A few comments about bash formatting, looks good otherwise.
I'd suggest also:

moving tf-migration.sh and migration.example.tfvars out of the helm chart, I don't think there is a to have these in there?
move all the terraform yaml templates to chart/cas-cif/templates/terraform instead of the jobs folder

chart/cas-cif/templates/jobs/terraform-apply.yaml

joshgamache · 2024-01-30T18:47:53Z

moving tf-migration.sh and migration.example.tfvars out of the helm chart, I don't think there is a to have these in there?

move all the terraform yaml templates to chart/cas-cif/templates/terraform instead of the jobs folder

I cleaned up the directories with the suggestions you made. Especially with the service account related file split, it keeps them consistently together.

I removed the migration script entirely, as it is unneeded now that the migrations have been run.

pbastia

Slick!

mikevespi

Awesome stuff! Leaving it Approved but not merged as per discussion today about merging with eyes on. Aside from that let's make sure we get a tech-debt card to create custom GCP role instead of their generic admin, they over permit.

Great stuff!

chart/cas-cif/.helmignore

…state backup

joshgamache self-assigned this Jan 26, 2024

joshgamache requested review from Sepehr-Sobhani, dleard, mikevespi and JoshLarouche and removed request for dleard January 26, 2024 22:29

joshgamache added the DevOps For DevOps related issues label Jan 26, 2024

joshgamache marked this pull request as ready for review January 26, 2024 22:52

pbastia reviewed Jan 30, 2024

View reviewed changes

chart/cas-cif/templates/jobs/terraform-service-account.yaml Outdated Show resolved Hide resolved

pbastia requested changes Jan 30, 2024

View reviewed changes

chart/cas-cif/templates/jobs/terraform-apply.yaml Outdated Show resolved Hide resolved

chart/cas-cif/templates/jobs/terraform-apply.yaml Outdated Show resolved Hide resolved

joshgamache requested a review from pbastia January 30, 2024 18:48

pbastia approved these changes Jan 30, 2024

View reviewed changes

joshgamache linked an issue Feb 5, 2024 that may be closed by this pull request

Tech Debt: Remove dependency on Terraform Cloud and cas-shelf #1333

Closed

3 tasks

mikevespi approved these changes Feb 7, 2024

View reviewed changes

mikevespi reviewed Feb 7, 2024

View reviewed changes

chart/cas-cif/.helmignore Show resolved Hide resolved

joshgamache mentioned this pull request Feb 8, 2024

Pull release with Terraform Cloud removed #1888

Closed

2 tasks

joshgamache and others added 13 commits February 14, 2024 13:29

chore: add tf providers, vars and initial storage buckets from cas-shelf

2c76ef4

chore: add script to run move from TF Cloud state backup to local TF …

eb54b2a

…state backup

chore: add service account to tf script and move script

bf40f90

chore: moving over cas-shelf resources to cas-cif

da1bd0b

chore: additions to migration script and cleanup variable usage

e60217a

chore: add job and configmap for terraform

22bbe26

chore: replace custom IAM with manually created ID

4140d78

chore: moved terraform into helm chart

a3774ca

fix: include role path with id as per requirements

67a42a8

chore: add service account template as required by terraform

9e5df71

chore: add terraform cache to git ignored folders

db837d0

chore: remove custom IAM role from migration

73e51c7

refactor: pull migration script into terraform-in-chart

e27f6ae

joshgamache added 18 commits February 14, 2024 13:30

chore: add remote gcs backend stub to terraform script

d04de88

fix: uncomment provider config

46b38f7

fix: remove unneeded spec from job

f68153d

refactor: pull terraform scripts as base64 to avoid formatting errors

020d035

fix: add apps env var for Terraform

3ca95a4

chore: update Helm ignored files to include Terraform cache, etc

1d5efb0

fix: use correct provider versions

862f80a

fix: move variable closer to Terraform command

6c17d6f

chore: add example for local.tfvars

0fe881c

style: use terraform fmt to match standard style

30a1846

docs: add usage comments to migration script

c95fa16

fix: trailing whitespace

79ab2f1

refactor: split service account resource into multiple templates

586567c

style: rename volume and mount to match actual usage

bf87474

refactor: improve command syntax for clarity and future debuging

15f3ead

refactor: remove executed migration scripts

a6b3e38

refactor: unify terraform related templates for simplicity

3a8e9a1

chore: add terraform cache & working to gitignore

76ea17b

joshgamache force-pushed the chore/1333-replace-terraform-cloud branch from 81e5697 to 76ea17b Compare February 14, 2024 20:37

joshgamache merged commit dd52a13 into develop Feb 14, 2024
17 checks passed

joshgamache deleted the chore/1333-replace-terraform-cloud branch February 14, 2024 21:00

bc-cas-shipit bot requested a deployment to dev February 14, 2024 21:50 Pending

bc-cas-shipit bot requested a deployment to dev February 15, 2024 01:05 Pending

joshgamache mentioned this pull request Feb 15, 2024

fix: remove hanging quote #1890

Merged

bc-cas-shipit bot requested a deployment to dev February 15, 2024 16:55 Pending

bc-cas-shipit bot requested a deployment to dev February 15, 2024 18:10 Pending

bc-cas-shipit bot requested a deployment to dev February 21, 2024 22:35 Pending

bc-cas-shipit bot requested a deployment to test February 27, 2024 19:35 Pending

bc-cas-shipit bot requested a deployment to prod February 28, 2024 23:23 Pending

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chore/1333 replace terraform cloud #1887

Chore/1333 replace terraform cloud #1887

joshgamache commented Jan 26, 2024 •

edited

Loading

pbastia left a comment

joshgamache commented Jan 30, 2024 •

edited

Loading

pbastia left a comment

mikevespi left a comment

Chore/1333 replace terraform cloud #1887

Chore/1333 replace terraform cloud #1887

Conversation

joshgamache commented Jan 26, 2024 • edited Loading

Changes 🚧

To test 🔬

Notes📝

pbastia left a comment

Choose a reason for hiding this comment

joshgamache commented Jan 30, 2024 • edited Loading

pbastia left a comment

Choose a reason for hiding this comment

mikevespi left a comment

Choose a reason for hiding this comment

joshgamache commented Jan 26, 2024 •

edited

Loading

joshgamache commented Jan 30, 2024 •

edited

Loading