From 7dd2728960bd4901fb8615a7ac4aaeb506e77c30 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 17 Apr 2023 11:32:21 +0200 Subject: [PATCH 01/72] TD-239 Add dummy code scanning --- .github/workflows/dummy-code-scanning.yaml | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/dummy-code-scanning.yaml diff --git a/.github/workflows/dummy-code-scanning.yaml b/.github/workflows/dummy-code-scanning.yaml new file mode 100644 index 00000000..9ba78d83 --- /dev/null +++ b/.github/workflows/dummy-code-scanning.yaml @@ -0,0 +1,32 @@ +name: "Dummy Code Scanning" + +on: + push: + branches: [ develop ] + +jobs: + code-scanning-dummy: + name: Perform code scanning (Dummy) - Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: javascript + packs: codeql/javascript-queries + + # Autobuild the language if possible + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 From 37b46fd7fff6630aa5eff9be2ace4a1a33dcd2d1 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Tue, 18 Apr 2023 09:53:09 +0200 Subject: [PATCH 02/72] Enabled injection of a custom backend policy to the API definition --- modules/azure/api_management_api/main.tf | 7 +++++++ modules/azure/api_management_api/variables.tf | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/modules/azure/api_management_api/main.tf b/modules/azure/api_management_api/main.tf index 0c2ce24a..70ffb08c 100644 --- a/modules/azure/api_management_api/main.tf +++ b/modules/azure/api_management_api/main.tf @@ -185,6 +185,13 @@ resource "azurerm_api_management_api_policy" "api_policy" { %{endif} + + + %{if var.custom_backend_policy != null} + ${var.custom_backend_policy} + %{endif} + + %{if var.custom_outbound_policy != null} diff --git a/modules/azure/api_management_api/variables.tf b/modules/azure/api_management_api/variables.tf index 903ae4ff..ced165fe 100644 --- a/modules/azure/api_management_api/variables.tf +++ b/modules/azure/api_management_api/variables.tf @@ -210,3 +210,9 @@ variable "custom_outbound_policy" { description = "Additional outbound xml policies" default = null } + +variable "custom_backend_policy" { + type = string + description = "Additional backend xml policies" + default = null +} From fd0039e39c6700b2156b747bfb43b8fcffa7686f Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 18 Apr 2023 17:52:00 +0200 Subject: [PATCH 03/72] Feature/14689 update out scaling rules (#309) * Saxling rule * Add posibility to configure Service Plan scaling out * Format the files * TD-239 Add scaling rules var * TD-239 Clean up naming * TD-239 Update scaling_rules var to a cleaner version of it self --------- Co-authored-by: Tom Reinders --- modules/azure/service_plan/main.tf | 74 +++++++++++++------------ modules/azure/service_plan/variables.tf | 17 ++++++ 2 files changed, 56 insertions(+), 35 deletions(-) diff --git a/modules/azure/service_plan/main.tf b/modules/azure/service_plan/main.tf index e0effdc0..cb6d3c39 100644 --- a/modules/azure/service_plan/main.tf +++ b/modules/azure/service_plan/main.tf @@ -15,6 +15,26 @@ provider "azurerm" { features {} } +locals { + scale_in_threshold_rules = [ + for rule in var.scaling_rules : { + threshold = rule.scale_in_threshold + metric_name = rule.metric_name + direction = "Decrease" + operator = "LessThan" + } + ] + + scale_out_threshold_rules = [ + for rule in var.scaling_rules : { + threshold = rule.scale_out_threshold + metric_name = rule.metric_name + direction = "GreaterThan" + operator = "Increase" + } + ] +} + resource "azurerm_service_plan" "sp" { name = var.name location = var.location @@ -39,43 +59,27 @@ resource "azurerm_monitor_autoscale_setting" "autoscale_setting" { maximum = var.maximum_scaling_capacity } - rule { - metric_trigger { - metric_name = "CpuPercentage" - metric_resource_id = azurerm_service_plan.sp.id - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "GreaterThan" - threshold = 80 - } + dynamic "rule" { + for_each = concat(local.scale_in_threshold_rules, local.scale_out_threshold_rules) - scale_action { - direction = "Increase" - type = "ChangeCount" - value = "1" - cooldown = "PT1M" - } - } - - rule { - metric_trigger { - metric_name = "CpuPercentage" - metric_resource_id = azurerm_service_plan.sp.id - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "LessThan" - threshold = 20 - } + content { + metric_trigger { + metric_name = rule.value.metric_name + metric_resource_id = azurerm_service_plan.sp.id + time_grain = "PT1M" + statistic = "Average" + time_window = "PT5M" + time_aggregation = "Average" + operator = rule.value.operator + threshold = rule.value.threshold + } - scale_action { - direction = "Decrease" - type = "ChangeCount" - value = "1" - cooldown = "PT1M" + scale_action { + direction = rule.value.direction + type = "ChangeCount" + value = "1" + cooldown = "PT1M" + } } } } diff --git a/modules/azure/service_plan/variables.tf b/modules/azure/service_plan/variables.tf index 5cbd32e3..1c5f1ccd 100644 --- a/modules/azure/service_plan/variables.tf +++ b/modules/azure/service_plan/variables.tf @@ -48,3 +48,20 @@ variable "maximum_scaling_capacity" { description = "The maximum number of instances for this resource." default = 3 } + +variable "scaling_rules" { + type = set(object({ + metric_name = string + scale_out_threshold = number + scale_in_threshold = number + })) + description = "Scaling rules for autoscaling." + + default = [ + { + metric_name = "CpuPercentage" + scale_out_threshold = 80 + scale_in_threshold = 20 + } + ] +} From d0eb91391494f52db9bd17494613a722636d20a0 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 18 Apr 2023 17:52:12 +0200 Subject: [PATCH 04/72] Feature/14684 storageaccount configure lifecyclemanagent rules (#310) * add management policy * Add possibility to auto delete files after X amount of days via azurerm_storage_management_policy * TD-239 Fix broken default, clean up resource naming and change auto_delete_rules var to type set of object --------- Co-authored-by: Tom Reinders --- modules/azure/storage_account_public/main.tf | 28 +++++++++++++++++++ .../azure/storage_account_public/variables.tf | 14 ++++++++++ 2 files changed, 42 insertions(+) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index 54bd9eb8..75677263 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -50,3 +50,31 @@ data "http" "amazonaws" { count = var.nfsv3_enabled == true ? 1 : 0 url = "https://checkip.amazonaws.com/" } + +resource "azurerm_storage_management_policy" "storage_management_policy" { + count = var.auto_delete_rules != null ? 1 : 0 + + storage_account_id = azurerm_storage_account.storage_account.id + + dynamic "rule" { + for_each = var.auto_delete_rules + + content { + name = rule.value.name + enabled = true + + filters { + prefix_match = rule.value.prefixes + blob_types = ["blockBlob"] + } + + actions { + base_blob { + delete_after_days_since_modification_greater_than = rule.value.days_after_modification + delete_after_days_since_last_access_time_greater_than = rule.value.days_after_access + delete_after_days_since_creation_greater_than = rule.value.days_after_creation + } + } + } + } +} diff --git a/modules/azure/storage_account_public/variables.tf b/modules/azure/storage_account_public/variables.tf index 44cca536..fed8d59b 100644 --- a/modules/azure/storage_account_public/variables.tf +++ b/modules/azure/storage_account_public/variables.tf @@ -66,3 +66,17 @@ variable "authentication_directory_type" { description = "Active Directory Authentification Service Used. Possible Values AADDS and AD" default = null } + +variable "auto_delete_rules" { + type = set(object({ + name = string, + prefixes = list(string), // Blob prefixes for fillering + days_after_creation = optional(number), + days_after_access = optional(number), + days_after_modification = optional(number) + })) + + description = "Describes the rules for auto deleting files after actions like creation, access of modification of a blob" + default = null +} + From 4fdb76989e5e0599f6c1d0626a6612673f71a93e Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Wed, 19 Apr 2023 11:00:28 +0200 Subject: [PATCH 05/72] fix direction (#312) --- modules/azure/service_plan/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/service_plan/main.tf b/modules/azure/service_plan/main.tf index cb6d3c39..4b8e58a8 100644 --- a/modules/azure/service_plan/main.tf +++ b/modules/azure/service_plan/main.tf @@ -29,8 +29,8 @@ locals { for rule in var.scaling_rules : { threshold = rule.scale_out_threshold metric_name = rule.metric_name - direction = "GreaterThan" - operator = "Increase" + direction = "Increase" + operator = "GreaterThan" } ] } From a14019b896885d1cd24e6851401761b4a9f97bfb Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 13:58:40 +0200 Subject: [PATCH 06/72] CM-27 - Add basic K8S-modules --- modules/kubernetes/configmap/main.tf | 23 +++ modules/kubernetes/configmap/outputs.tf | 3 + modules/kubernetes/configmap/variables.tf | 14 ++ .../deployment_with_service/main.tf | 142 ++++++++++++++++++ .../deployment_with_service/outputs.tf | 7 + .../deployment_with_service/variables.tf | 76 ++++++++++ modules/kubernetes/ingress/main.tf | 36 +++++ modules/kubernetes/ingress/outputs.tf | 0 modules/kubernetes/ingress/variables.tf | 28 ++++ modules/kubernetes/secret/main.tf | 23 +++ modules/kubernetes/secret/outputs.tf | 3 + modules/kubernetes/secret/variables.tf | 14 ++ 12 files changed, 369 insertions(+) create mode 100644 modules/kubernetes/configmap/main.tf create mode 100644 modules/kubernetes/configmap/outputs.tf create mode 100644 modules/kubernetes/configmap/variables.tf create mode 100644 modules/kubernetes/deployment_with_service/main.tf create mode 100644 modules/kubernetes/deployment_with_service/outputs.tf create mode 100644 modules/kubernetes/deployment_with_service/variables.tf create mode 100644 modules/kubernetes/ingress/main.tf create mode 100644 modules/kubernetes/ingress/outputs.tf create mode 100644 modules/kubernetes/ingress/variables.tf create mode 100644 modules/kubernetes/secret/main.tf create mode 100644 modules/kubernetes/secret/outputs.tf create mode 100644 modules/kubernetes/secret/variables.tf diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf new file mode 100644 index 00000000..714000c7 --- /dev/null +++ b/modules/kubernetes/configmap/main.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_config_map_v1" "config" { + metadata { + name = var.name + namespace = var.namespace + } + + data = var.data +} diff --git a/modules/kubernetes/configmap/outputs.tf b/modules/kubernetes/configmap/outputs.tf new file mode 100644 index 00000000..a519dd1f --- /dev/null +++ b/modules/kubernetes/configmap/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = kubernetes_config_map_v1.config.metadata.0.name +} diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf new file mode 100644 index 00000000..5187ec1d --- /dev/null +++ b/modules/kubernetes/configmap/variables.tf @@ -0,0 +1,14 @@ +variable "namespace" { + type = string + description = "The namespace to deploy the configmap to" +} + +variable "name" { + type = string + description = "The name of the configmap" +} + +variable "data" { + type = map(string) + description = "The data to store in the configmap" +} diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf new file mode 100644 index 00000000..385264ae --- /dev/null +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -0,0 +1,142 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_deployment_v1" "deployment" { + metadata { + name = var.name + namespace = var.namespace + labels = { + app = var.name + } + } + + spec { + replicas = var.replicas + + selector { + match_labels = { + app = var.name + } + } + + template { + metadata { + labels = { + "io.kompose.service" = var.name + app = var.name + } + } + + spec { + container { + image = var.docker_image + image_pull_policy = "Always" + name = var.name + + resources { + limits = { + cpu = var.cpu_limit + memory = var.memory_limit + } + requests = { + cpu = var.cpu_request + memory = var.memory_request + } + } + + dynamic "readiness_probe" { + for_each = var.readiness_probe ? [1] : [] + + content { + http_get { + path = readiness_probe.value.path + port = readiness_probe.value.port + scheme = "HTTP" + } + + initial_delay_seconds = 10 + period_seconds = 10 + failure_threshold = 3 + timeout_seconds = 5 + } + } + + dynamic "liveness_probe" { + for_each = var.liveness_probe ? [1] : [] + + content { + http_get { + path = liveness_probe.value.path + port = liveness_probe.value.port + scheme = "HTTP" + } + + initial_delay_seconds = 10 + period_seconds = 10 + failure_threshold = 3 + timeout_seconds = 5 + } + } + } + + restart_policy = "Always" + } + } + } +} + +resource "kubernetes_service_v1" "service" { + metadata { + name = var.name + namespace = var.namespace + } + + spec { + selector = { + app = kubernetes_deployment_v1.deployment.metadata[0].name + } + + port { + port = var.container_port + target_port = var.target_port + } + + type = "ClusterIP" + } +} + +resource "kubernetes_manifest" "http-scaler" { + count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + + manifest = { + kind = "HTTPScaledObject" + apiVersion = "http.keda.sh/v1alpha1" + metadata = { + name = var.name + } + spec = { + host = var.scaler.host + scaleTargetRef = { + deployment = var.name + service = var.name + port = var.container_port + } + replicas = { + min = var.scaler.replicas.min + max = var.scaler.replicas.max + } + } + } +} diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf new file mode 100644 index 00000000..968a81dd --- /dev/null +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -0,0 +1,7 @@ +output "service_name" { + value = kubernetes_deployment_v1.deployment.metadata.0.name +} + +output "deployment_name" { + value = kubernetes_deployment_v1.deployment.metadata.0.name +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf new file mode 100644 index 00000000..b06a9018 --- /dev/null +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -0,0 +1,76 @@ +variable "name" { + type = string + description = "The name of the application" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the application to" +} + +variable "replicas" { + type = number + description = "The number of replicas to deploy" +} + +variable "docker_image" { + type = string + description = "The docker image to deploy" +} + +variable "cpu_request" { + type = string + description = "The CPU request for the application" +} + +variable "cpu_limit" { + type = string + description = "The CPU limit for the application" +} + +variable "memory_request" { + type = string + description = "The memory request for the application" +} + +variable "memory_limit" { + type = string + description = "The memory limit for the application" +} + +variable "container_port" { + type = number + description = "The port the container listens on" +} + +variable "target_port" { + type = number + description = "The port the service forwards to" +} + +variable "readiness_probe" { + type = optional(object({ + path = string + port = number + })) + description = "The readiness probe for the application" + default = null +} + +variable "liveness_probe" { + type = optional(object({ + path = string + port = number + })) + description = "The liveness probe for the application" + default = null +} + +variable "scaler" { + type = optional(object({ + type = string + min_replicas = number + max_replicas = number + })) + default = null +} diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf new file mode 100644 index 00000000..8193ba67 --- /dev/null +++ b/modules/kubernetes/ingress/main.tf @@ -0,0 +1,36 @@ +resource "kubernetes_ingress_v1" "ingress" { + metadata { + name = var.name + namespace = var.namespace + annotations = var.annotations + } + + spec { + dynamic "rule" { + for_each = var.rules + + content { + host = rule.value.host + http { + path { + backend { + service { + name = rule.value.service + port { + number = rule.value.port + } + } + } + + path = rule.value.path + } + } + } + } + + tls { + secret_name = "tls-secret-${var.name}" + hosts = flatten([for rule in var.rules : rule.host]) + } + } +} diff --git a/modules/kubernetes/ingress/outputs.tf b/modules/kubernetes/ingress/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf new file mode 100644 index 00000000..da463588 --- /dev/null +++ b/modules/kubernetes/ingress/variables.tf @@ -0,0 +1,28 @@ +variable "name" { + type = string + description = "The name of the ingress" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the application to" +} + +variable "annotations" { + type = map(string) + description = "Annotations for the ingress" + default = {} +} + +variable "rules" { + type = list(object({ + host = string + paths = list(object({ + service = string + port = number + path = string + })) + })) + description = "The rules for the ingress" + default = [] +} diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf new file mode 100644 index 00000000..9665b438 --- /dev/null +++ b/modules/kubernetes/secret/main.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_secret_v1" "secret" { + metadata { + name = var.name + namespace = var.namespace + } + + data = var.data +} diff --git a/modules/kubernetes/secret/outputs.tf b/modules/kubernetes/secret/outputs.tf new file mode 100644 index 00000000..c631ea81 --- /dev/null +++ b/modules/kubernetes/secret/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = kubernetes_secret_v1.secret.metadata.0.name +} diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf new file mode 100644 index 00000000..987f9295 --- /dev/null +++ b/modules/kubernetes/secret/variables.tf @@ -0,0 +1,14 @@ +variable "namespace" { + type = string + description = "The namespace to deploy the secret to" +} + +variable "name" { + type = string + description = "The name of the secret" +} + +variable "data" { + type = map(string) + description = "The data to store in the secret" +} From 123c7f30ea811eeb340e2b4570b2511d14d1a47a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:08:27 +0200 Subject: [PATCH 07/72] CM-27 - Remove optional types --- .../kubernetes/deployment_with_service/variables.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index b06a9018..f3a6a640 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -49,28 +49,28 @@ variable "target_port" { } variable "readiness_probe" { - type = optional(object({ + type = object({ path = string port = number - })) + }) description = "The readiness probe for the application" default = null } variable "liveness_probe" { - type = optional(object({ + type = object({ path = string port = number - })) + }) description = "The liveness probe for the application" default = null } variable "scaler" { - type = optional(object({ + type = object({ type = string min_replicas = number max_replicas = number - })) + }) default = null } From 515c6a135dd34845f9f317b775a751f0f32f2710 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:18:26 +0200 Subject: [PATCH 08/72] CM-27 - Change replica type specification and add Dependabot definition --- .github/dependabot.yml | 20 +++++++++++++++++++ .../deployment_with_service/variables.tf | 6 ++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 83267903..d2a15796 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -501,3 +501,23 @@ updates: directory: "/modules/other/password_generator" schedule: interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/configmap" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/deployment_with_service" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/ingress" + schedule: + interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/secret" + schedule: + interval: "daily" diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index f3a6a640..e185bcec 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -69,8 +69,10 @@ variable "liveness_probe" { variable "scaler" { type = object({ type = string - min_replicas = number - max_replicas = number + replicas = object({ + min = number + max = number + }) }) default = null } From 4ec666311c835b26b58b4df823e3b688e6e76d2b Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:19:30 +0200 Subject: [PATCH 09/72] CM-27 - Lint --- modules/kubernetes/deployment_with_service/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index e185bcec..af08aff3 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -68,7 +68,7 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string + type = string replicas = object({ min = number max = number From 90ffac91d6712f8ae93cdbf3c3b06f69bd7196bd Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:26:58 +0200 Subject: [PATCH 10/72] CM-27 - Add host property --- modules/kubernetes/deployment_with_service/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index af08aff3..4dbb3441 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -69,6 +69,7 @@ variable "liveness_probe" { variable "scaler" { type = object({ type = string + host = string replicas = object({ min = number max = number From a27b26abff2207a35a1c1bc5ba13ec8c3d724855 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 15:52:58 +0200 Subject: [PATCH 11/72] CM-27 - Add public Postgresql server --- .github/dependabot.yml | 5 + modules/azure/postgresql_public/main.tf | 115 +++++++++++++++++++ modules/azure/postgresql_public/outputs.tf | 16 +++ modules/azure/postgresql_public/variables.tf | 62 ++++++++++ 4 files changed, 198 insertions(+) create mode 100644 modules/azure/postgresql_public/main.tf create mode 100644 modules/azure/postgresql_public/outputs.tf create mode 100644 modules/azure/postgresql_public/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d2a15796..2ec46870 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -342,6 +342,11 @@ updates: schedule: interval: "daily" + - package-ecosystem: "terraform" + directory: "/modules/azure/postgresql_public" + schedule: + interval: "daily" + - package-ecosystem: "terraform" directory: "/modules/azure/private_dns_zone" schedule: diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf new file mode 100644 index 00000000..cecb4fd9 --- /dev/null +++ b/modules/azure/postgresql_public/main.tf @@ -0,0 +1,115 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "random_password" "postgresql_admin" { + length = 16 + special = false + override_special = "_%@" + keepers = var.password_keeper +} + +resource "azurerm_postgresql_flexible_server" "postgresql_server" { + name = var.name + location = var.location + resource_group_name = var.resource_group_name + + sku_name = var.postgresql_sku_name + + storage_mb = var.postgresql_db_size + backup_retention_days = 30 + + administrator_login = var.admin_username + administrator_password = random_password.postgresql_admin.result + version = var.postgresql_version + zone = "1" + + maintenance_window { + day_of_week = 1 # Monday + start_hour = 2 + start_minute = 0 + } + + lifecycle { + prevent_destroy = true + } +} + +resource "azurerm_postgresql_flexible_server_database" "postgresql_database" { + name = var.postgresql_database_name + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + charset = "UTF8" + collation = var.postgresql_database_collation + + lifecycle { + prevent_destroy = true + } +} + +resource "azurerm_postgresql_flexible_server_configuration" "configuration_query_capture_mode" { + name = "pg_qs.query_capture_mode" + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + value = "TOP" +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_postgresql_flexible_server.postgresql_server.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_postgresql_flexible_server.postgresql_server.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + // TODO: not yet implemented by Azure + // log_analytics_destination_type = "Dedicated" + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + + retention_policy { + enabled = false + } + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + + retention_policy { + enabled = false + } + } + } +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { + for_each = var.whitelist_ip_addresses + + name = "fw-${var.name}-${replace(each.value, ".", "-")}" + server_id = azurerm_postgresql_flexible_server.postgresql_server.id + start_ip_address = each.value + end_ip_address = each.value +} diff --git a/modules/azure/postgresql_public/outputs.tf b/modules/azure/postgresql_public/outputs.tf new file mode 100644 index 00000000..d9faa80a --- /dev/null +++ b/modules/azure/postgresql_public/outputs.tf @@ -0,0 +1,16 @@ +output "admin_username" { + value = var.admin_username +} + +output "admin_password" { + value = random_password.postgresql_admin.result + sensitive = true +} + +output "database_name" { + value = azurerm_postgresql_flexible_server_database.postgresql_database.name +} + +output "fqdn" { + value = azurerm_postgresql_flexible_server.postgresql_server.fqdn +} diff --git a/modules/azure/postgresql_public/variables.tf b/modules/azure/postgresql_public/variables.tf new file mode 100644 index 00000000..dd2e13bd --- /dev/null +++ b/modules/azure/postgresql_public/variables.tf @@ -0,0 +1,62 @@ +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "name" { + type = string + description = "Specifies the name of the PostgreSQL Flexible Server." +} + +variable "postgresql_sku_name" { + type = string + description = "Specifies the SKU Name for this PostgreSQL Server" +} + +variable "postgresql_db_size" { + type = number + description = "Specifies the max storage allowed for this PostgreSQL Server" +} + +variable "postgresql_version" { + type = string + description = "Version of the PostgreSQL database." +} + +variable "postgresql_database_name" { + type = string + description = "Name of the PostgreSQL resource." +} + +variable "postgresql_database_collation" { + type = string + description = "Specifies the Collation for this PostgreSQL Flexible Server" + default = "en_US.utf8" +} + +variable "admin_username" { + type = string + description = "Specifies the Administrator username for this PostgreSQL Flexible Server." +} + +variable "log_analytics_workspace_id" { + type = string + description = "ID of a log analytics workspace (optional)." + default = null +} + +variable "password_keeper" { + type = map(string) + description = "Random map of strings, when changed the postgresql admin password will rotate." +} + +variable "whitelist_ip_addresses" { + type = set(string) + description = "List of IP addresses to whitelist." + default = [] +} From 6da88916a30627780f4c019dab58c190773f5cf4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:14:06 +0200 Subject: [PATCH 12/72] CM-27 - Add PVC module --- .github/dependabot.yml | 5 +++++ modules/kubernetes/ingress/main.tf | 15 +++++++++++++ modules/kubernetes/pvc/main.tf | 33 +++++++++++++++++++++++++++++ modules/kubernetes/pvc/outputs.tf | 0 modules/kubernetes/pvc/variables.tf | 24 +++++++++++++++++++++ 5 files changed, 77 insertions(+) create mode 100644 modules/kubernetes/pvc/main.tf create mode 100644 modules/kubernetes/pvc/outputs.tf create mode 100644 modules/kubernetes/pvc/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2ec46870..f4f9c761 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -526,3 +526,8 @@ updates: directory: "/modules/kubernetes/secret" schedule: interval: "daily" + + - package-ecosystem: "terraform" + directory: "/modules/kubernetes/pvc" + schedule: + interval: "daily" diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 8193ba67..3ef9f28b 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -1,3 +1,18 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + resource "kubernetes_ingress_v1" "ingress" { metadata { name = var.name diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf new file mode 100644 index 00000000..2e433cfe --- /dev/null +++ b/modules/kubernetes/pvc/main.tf @@ -0,0 +1,33 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.19.0" + } + } + + backend "azurerm" {} +} + +provider "kubernetes" {} + +resource "kubernetes_persistent_volume_claim" "exportdata_volume" { + metadata { + name = var.name + namespace = var.namespace + } + + spec { + access_modes = [var.access_mode] + + resources { + requests = { + storage = var.size + } + } + + storage_class_name = var.storage_class + } +} diff --git a/modules/kubernetes/pvc/outputs.tf b/modules/kubernetes/pvc/outputs.tf new file mode 100644 index 00000000..e69de29b diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf new file mode 100644 index 00000000..44d9ff01 --- /dev/null +++ b/modules/kubernetes/pvc/variables.tf @@ -0,0 +1,24 @@ +variable "name" { + type = string + description = "The name of the pvc" +} + +variable "namespace" { + type = string + description = "The namespace to deploy the pvc to" +} + +variable "access_mode" { + type = string + description = "The access mode of the pvc" +} + +variable "size" { + type = string + description = "The storage size of the pvc" +} + +variable "storage_class" { + type = string + description = "The storage class of the pvc" +} From a7abb317131093eaf7fc67b1b440173230ed9193 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:21:31 +0200 Subject: [PATCH 13/72] CM-27 - Do not specify zone --- modules/azure/postgresql_public/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf index cecb4fd9..f9298fed 100644 --- a/modules/azure/postgresql_public/main.tf +++ b/modules/azure/postgresql_public/main.tf @@ -35,7 +35,6 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result version = var.postgresql_version - zone = "1" maintenance_window { day_of_week = 1 # Monday From 059451bec0bc456d6c1b4ba4c3c96c08d87cbaf3 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:23:38 +0200 Subject: [PATCH 14/72] CM-27 - Revert change --- modules/azure/postgresql_public/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf index f9298fed..cecb4fd9 100644 --- a/modules/azure/postgresql_public/main.tf +++ b/modules/azure/postgresql_public/main.tf @@ -35,6 +35,7 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result version = var.postgresql_version + zone = "1" maintenance_window { day_of_week = 1 # Monday From 0a453d07f8bedfde28d7ead6c85c8a97ab0123ba Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:36:05 +0200 Subject: [PATCH 15/72] CM-27 - Rename volume entity --- modules/kubernetes/pvc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 2e433cfe..b81e48d3 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -13,7 +13,7 @@ terraform { provider "kubernetes" {} -resource "kubernetes_persistent_volume_claim" "exportdata_volume" { +resource "kubernetes_persistent_volume_claim" "volume" { metadata { name = var.name namespace = var.namespace From ba80a5609e475f9b3738afac2cf485e86d1a3cc8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:36:55 +0200 Subject: [PATCH 16/72] CM-27 - Use v1 --- modules/kubernetes/pvc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index b81e48d3..16297f51 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -13,7 +13,7 @@ terraform { provider "kubernetes" {} -resource "kubernetes_persistent_volume_claim" "volume" { +resource "kubernetes_persistent_volume_claim_v1" "volume" { metadata { name = var.name namespace = var.namespace From 2bb12b2a64d5f03b62408e124f62e570368f949c Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:40:52 +0200 Subject: [PATCH 17/72] CM-27 - Add config path option --- modules/kubernetes/configmap/main.tf | 4 +++- modules/kubernetes/configmap/variables.tf | 6 ++++++ modules/kubernetes/deployment_with_service/main.tf | 4 +++- modules/kubernetes/deployment_with_service/variables.tf | 6 ++++++ modules/kubernetes/ingress/main.tf | 4 +++- modules/kubernetes/ingress/variables.tf | 6 ++++++ modules/kubernetes/pvc/main.tf | 4 +++- modules/kubernetes/pvc/variables.tf | 6 ++++++ modules/kubernetes/secret/main.tf | 4 +++- modules/kubernetes/secret/variables.tf | 6 ++++++ 10 files changed, 45 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index 714000c7..fa826b70 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_config_map_v1" "config" { metadata { diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf index 5187ec1d..b85aabcb 100644 --- a/modules/kubernetes/configmap/variables.tf +++ b/modules/kubernetes/configmap/variables.tf @@ -12,3 +12,9 @@ variable "data" { type = map(string) description = "The data to store in the configmap" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 385264ae..fa69550e 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_deployment_v1" "deployment" { metadata { diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 4dbb3441..544a5001 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -77,3 +77,9 @@ variable "scaler" { }) default = null } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 3ef9f28b..66d08ffa 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_ingress_v1" "ingress" { metadata { diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index da463588..0fd93c22 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -26,3 +26,9 @@ variable "rules" { description = "The rules for the ingress" default = [] } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 16297f51..214957be 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_persistent_volume_claim_v1" "volume" { metadata { diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf index 44d9ff01..0b197080 100644 --- a/modules/kubernetes/pvc/variables.tf +++ b/modules/kubernetes/pvc/variables.tf @@ -22,3 +22,9 @@ variable "storage_class" { type = string description = "The storage class of the pvc" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index 9665b438..f120a415 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -11,7 +11,9 @@ terraform { backend "azurerm" {} } -provider "kubernetes" {} +provider "kubernetes" { + config_path = var.config_path +} resource "kubernetes_secret_v1" "secret" { metadata { diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 987f9295..10aaa905 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -12,3 +12,9 @@ variable "data" { type = map(string) description = "The data to store in the secret" } + +variable "config_path" { + type = string + description = "The path to the config file" + default = "~/.kube/config" +} From 34217e9d2439aecf9b990019842dbc36d8abea3b Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:42:52 +0200 Subject: [PATCH 18/72] CM-27 - Ignore label changes --- modules/kubernetes/configmap/main.tf | 6 ++++++ modules/kubernetes/deployment_with_service/main.tf | 6 ++++++ modules/kubernetes/ingress/main.tf | 6 ++++++ modules/kubernetes/pvc/main.tf | 6 ++++++ modules/kubernetes/secret/main.tf | 6 ++++++ 5 files changed, 30 insertions(+) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index fa826b70..dbdb58aa 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -22,4 +22,10 @@ resource "kubernetes_config_map_v1" "config" { } data = var.data + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index fa69550e..f06007b3 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -117,6 +117,12 @@ resource "kubernetes_service_v1" "service" { type = "ClusterIP" } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } resource "kubernetes_manifest" "http-scaler" { diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 66d08ffa..aff16053 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -50,4 +50,10 @@ resource "kubernetes_ingress_v1" "ingress" { hosts = flatten([for rule in var.rules : rule.host]) } } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 214957be..6ba41699 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -32,4 +32,10 @@ resource "kubernetes_persistent_volume_claim_v1" "volume" { storage_class_name = var.storage_class } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index f120a415..b9f3f63d 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -22,4 +22,10 @@ resource "kubernetes_secret_v1" "secret" { } data = var.data + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } } From 1313b8ed79c0f27484e5f555f47ca9a4c361af20 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Wed, 19 Apr 2023 16:55:33 +0200 Subject: [PATCH 19/72] CM-27 - Add MySQL flexible public --- .github/dependabot.yml | 5 + .../azure/mysql_flexible_server/variables.tf | 2 +- .../mysql_flexible_server_public/main.tf | 118 ++++++++++++++++++ .../mysql_flexible_server_public/outputs.tf | 21 ++++ .../mysql_flexible_server_public/variables.tf | 100 +++++++++++++++ modules/kubernetes/configmap/variables.tf | 2 +- .../deployment_with_service/variables.tf | 2 +- modules/kubernetes/ingress/variables.tf | 2 +- modules/kubernetes/pvc/variables.tf | 2 +- modules/kubernetes/secret/variables.tf | 2 +- 10 files changed, 250 insertions(+), 6 deletions(-) create mode 100644 modules/azure/mysql_flexible_server_public/main.tf create mode 100644 modules/azure/mysql_flexible_server_public/outputs.tf create mode 100644 modules/azure/mysql_flexible_server_public/variables.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f4f9c761..823c984b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -332,6 +332,11 @@ updates: schedule: interval: "daily" + - package-ecosystem: "terraform" + directory: "/modules/azure/mysql_flexible_server_public" + schedule: + interval: "daily" + - package-ecosystem: "terraform" directory: "/modules/azure/network_security_group" schedule: diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf index cbd283e0..fd444be1 100644 --- a/modules/azure/mysql_flexible_server/variables.tf +++ b/modules/azure/mysql_flexible_server/variables.tf @@ -101,4 +101,4 @@ variable "slow_query_log" { variable "private_dns_zone_id" { type = string description = "ID of the private dns zone" -} \ No newline at end of file +} diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf new file mode 100644 index 00000000..b03c4d09 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -0,0 +1,118 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "random_password" "mysql_admin_password" { + length = 16 + special = true + override_special = "_%@" + keepers = var.password_keeper +} + +resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { + name = var.server_name + location = var.location + resource_group_name = var.resource_group_name + + administrator_login = var.admin_username + administrator_password = random_password.mysql_admin_password.result + + backup_retention_days = var.backup_retention_days + delegated_subnet_id = var.subnet_id + geo_redundant_backup_enabled = var.geo_redundant_backup_enabled + private_dns_zone_id = var.private_dns_zone_id + + sku_name = var.server_sku + version = var.server_version + + storage { + auto_grow_enabled = var.storage_auto_grow_enabled + iops = var.server_storage_iops + size_gb = var.server_storage_max + } + + lifecycle { + ignore_changes = [zone] + } +} + +resource "azurerm_mysql_flexible_database" "mysql_flexible_database" { + name = var.database_name + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + charset = var.database_charset + collation = var.database_collation +} + +resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_configuration" { + name = "slow_query_log" + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + value = var.slow_query_log +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.server_name}" + target_resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + + retention_policy { + enabled = false + } + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + + retention_policy { + enabled = false + } + } + } + + // TODO: not yet implemented by Azure + // log_analytics_destination_type = "Dedicated" + lifecycle { + ignore_changes = [log_analytics_destination_type] + } +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { + for_each = var.whitelist_ip_addresses + + name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" + server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + start_ip_address = each.value + end_ip_address = each.value +} + diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf new file mode 100644 index 00000000..24a7dd49 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -0,0 +1,21 @@ +output "id" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.id +} + +output "fqdn" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.fqdn +} + +output "database_name" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.name +} + +output "admin_username" { + value = "${azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login}@${var.server_name}" + sensitive = true +} + +output "admin_password" { + value = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_password + sensitive = true +} diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf new file mode 100644 index 00000000..03a7d6f2 --- /dev/null +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -0,0 +1,100 @@ +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "server_name" { + type = string + description = "Name of the mysql server." +} + +variable "server_sku" { + type = string + description = "Specifies the sku for the mysql server" + default = "GP_Standard_D2ds_v4" +} + +variable "server_storage_max" { + type = number + description = "Max storage allowed in GB for the mysql server." + default = 20 +} + +variable "server_storage_iops" { + type = number + description = "Storage IOPS betweeb 360 and 20000." + default = 1000 +} + +variable "server_version" { + type = string + description = "Mysql server version." +} + +variable "storage_auto_grow_enabled" { + type = bool + description = "Enables auto-growing of mysql server storage." + default = true +} + +variable "backup_retention_days" { + type = number + description = "Backup retention days for the mysql server." + default = 7 +} + +variable "geo_redundant_backup_enabled" { + type = bool + description = "Enables geo-redundant mysql server backups." + default = true +} + +variable "database_name" { + type = string + description = "Name of the mysql database." +} + +variable "database_charset" { + type = string + description = "Specifies the charset for the mysql database." + default = "utf8mb3" +} + +variable "database_collation" { + type = string + description = "Specifies the collation for the mysql database." + default = "utf8mb3_unicode_ci" +} + +variable "admin_username" { + type = string + description = "The administrator login username for the mysql server." +} + +variable "password_keeper" { + type = map(string) + description = "Random map of strings, when changed the mysql admin password will rotate." +} + +variable "log_analytics_workspace_id" { + type = string + description = "ID of a log analytics workspace (optional)." + default = null +} + +variable "slow_query_log" { + type = string + description = "Slow query log. ON or OFF (default)" + default = "OFF" +} + +variable "whitelist_ip_addresses" { + type = set(string) + description = "List of IP addresses to whitelist." + default = [] +} diff --git a/modules/kubernetes/configmap/variables.tf b/modules/kubernetes/configmap/variables.tf index b85aabcb..c488b69b 100644 --- a/modules/kubernetes/configmap/variables.tf +++ b/modules/kubernetes/configmap/variables.tf @@ -16,5 +16,5 @@ variable "data" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 544a5001..a566e158 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -81,5 +81,5 @@ variable "scaler" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index 0fd93c22..3d9fa6c8 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -30,5 +30,5 @@ variable "rules" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/pvc/variables.tf b/modules/kubernetes/pvc/variables.tf index 0b197080..e9bb6f13 100644 --- a/modules/kubernetes/pvc/variables.tf +++ b/modules/kubernetes/pvc/variables.tf @@ -26,5 +26,5 @@ variable "storage_class" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 10aaa905..9a8b6cce 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -16,5 +16,5 @@ variable "data" { variable "config_path" { type = string description = "The path to the config file" - default = "~/.kube/config" + default = "~/.kube/config" } From bc3a0c0b9d556217452c5ae4f84b2e53f490c617 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 08:57:22 +0200 Subject: [PATCH 20/72] CM-27 - Remove wrong references --- modules/azure/mysql_flexible_server_public/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index b03c4d09..e269e555 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -31,9 +31,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { administrator_password = random_password.mysql_admin_password.result backup_retention_days = var.backup_retention_days - delegated_subnet_id = var.subnet_id geo_redundant_backup_enabled = var.geo_redundant_backup_enabled - private_dns_zone_id = var.private_dns_zone_id sku_name = var.server_sku version = var.server_version From f6e8f343a595f1097ca7b5680c0943a895a90f0a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:07:48 +0200 Subject: [PATCH 21/72] CM-27 - Increase default retention --- modules/azure/mysql_flexible_server/variables.tf | 2 +- modules/azure/mysql_flexible_server_public/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf index fd444be1..cd510d4f 100644 --- a/modules/azure/mysql_flexible_server/variables.tf +++ b/modules/azure/mysql_flexible_server/variables.tf @@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" { variable "backup_retention_days" { type = number description = "Backup retention days for the mysql server." - default = 7 + default = 30 } variable "geo_redundant_backup_enabled" { diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf index 03a7d6f2..ebac05c8 100644 --- a/modules/azure/mysql_flexible_server_public/variables.tf +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" { variable "backup_retention_days" { type = number description = "Backup retention days for the mysql server." - default = 7 + default = 30 } variable "geo_redundant_backup_enabled" { From 8e98ae9158f556616cf01452cce6964da15e8a18 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:22:46 +0200 Subject: [PATCH 22/72] CM-27 - Add prevent destroy --- modules/azure/mysql_flexible_server_public/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index e269e555..ed7a3c41 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -44,6 +44,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { lifecycle { ignore_changes = [zone] + prevent_destroy = true } } From f5e2dacc7baef83ff0770a39ef033231e7827c28 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:28:44 +0200 Subject: [PATCH 23/72] CM-27 - Update linting and add container port --- .github/workflows/validate.yaml | 5 +++-- modules/azure/mysql_flexible_server_public/main.tf | 2 +- modules/kubernetes/deployment_with_service/main.tf | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 75261abb..805109b9 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -1,8 +1,9 @@ name: Validate on: - push: + pull_request: branches: - - '**' + - main + - develop jobs: validate-terraform: diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index ed7a3c41..e82c851b 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -43,7 +43,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { } lifecycle { - ignore_changes = [zone] + ignore_changes = [zone] prevent_destroy = true } } diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index f06007b3..b8be9c32 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -58,6 +58,10 @@ resource "kubernetes_deployment_v1" "deployment" { } } + port { + container_port = var.container_port + } + dynamic "readiness_probe" { for_each = var.readiness_probe ? [1] : [] From 0c456ab59293ec7d96805899c3619639db8e159a Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:35:16 +0200 Subject: [PATCH 24/72] CM-27 - Update firewall rule --- modules/azure/mysql_flexible_server_public/main.tf | 12 ++++++------ .../azure/mysql_flexible_server_public/variables.tf | 6 ------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index e82c851b..d2fae6c9 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -38,7 +38,6 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { storage { auto_grow_enabled = var.storage_auto_grow_enabled - iops = var.server_storage_iops size_gb = var.server_storage_max } @@ -106,12 +105,13 @@ resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { } } -resource "azurerm_postgresql_flexible_server_firewall_rule" "rule" { +resource "azurerm_mysql_flexible_server_firewall_rule" "rule" { for_each = var.whitelist_ip_addresses - name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" - server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id - start_ip_address = each.value - end_ip_address = each.value + name = "fw-${var.server_name}-${replace(each.value, ".", "-")}" + resource_group_name = var.resource_group_name + server_name = azurerm_mysql_flexible_server.mysql_flexible_server.name + start_ip_address = each.value + end_ip_address = each.value } diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf index ebac05c8..65ad027c 100644 --- a/modules/azure/mysql_flexible_server_public/variables.tf +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -25,12 +25,6 @@ variable "server_storage_max" { default = 20 } -variable "server_storage_iops" { - type = number - description = "Storage IOPS betweeb 360 and 20000." - default = 1000 -} - variable "server_version" { type = string description = "Mysql server version." From 9471ad728a630a9aeee5a0e20152e563c3463ba7 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 09:45:27 +0200 Subject: [PATCH 25/72] CM-27 - Mark as sensitive --- modules/kubernetes/secret/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/kubernetes/secret/variables.tf b/modules/kubernetes/secret/variables.tf index 9a8b6cce..6cd331af 100644 --- a/modules/kubernetes/secret/variables.tf +++ b/modules/kubernetes/secret/variables.tf @@ -11,6 +11,7 @@ variable "name" { variable "data" { type = map(string) description = "The data to store in the secret" + sensitive = true } variable "config_path" { From 0c825c9a4c7adaaab05c1f9cc1ee065dfce5d2fe Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:04:24 +0200 Subject: [PATCH 26/72] CM-27 - Add test for volume --- .../deployment_with_service/main.tf | 26 +++++++++++++++++-- .../deployment_with_service/variables.tf | 10 +++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index b8be9c32..5eafdd90 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -62,6 +62,16 @@ resource "kubernetes_deployment_v1" "deployment" { container_port = var.container_port } + dynamic "volume_mount" { + for_each = var.volume_mounts + + content { + mount_path = volume_mount.value.mount_path + name = volume_mount.value.claim + sub_path = volume_mount.value.sub_path + } + } + dynamic "readiness_probe" { for_each = var.readiness_probe ? [1] : [] @@ -97,6 +107,18 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "volume" { + for_each = var.volume_mounts + + content { + name = volume.value.claim + + persistent_volume_claim { + claim_name = volume.value.claim + } + } + } + restart_policy = "Always" } } @@ -115,8 +137,8 @@ resource "kubernetes_service_v1" "service" { } port { - port = var.container_port - target_port = var.target_port + port = var.target_port + target_port = var.container_port } type = "ClusterIP" diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index a566e158..4d3ee97d 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -75,6 +75,7 @@ variable "scaler" { max = number }) }) + description = "The scaler for the application" default = null } @@ -83,3 +84,12 @@ variable "config_path" { description = "The path to the config file" default = "~/.kube/config" } + +variable "volume_mounts" { + type = list(object({ + claim = string + mount_path = string + sub_path = string + })) + description = "The volume mounts for the application" +} From 213698f9764d649b9309375584fe477e692e6a43 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:16:44 +0200 Subject: [PATCH 27/72] CM-27 - Update replica checks --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5eafdd90..a2566dd8 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -73,7 +73,7 @@ resource "kubernetes_deployment_v1" "deployment" { } dynamic "readiness_probe" { - for_each = var.readiness_probe ? [1] : [] + for_each = var.readiness_probe != null ? [1] : [] content { http_get { @@ -90,7 +90,7 @@ resource "kubernetes_deployment_v1" "deployment" { } dynamic "liveness_probe" { - for_each = var.liveness_probe ? [1] : [] + for_each = var.liveness_probe != null ? [1] : [] content { http_get { From d244d985a82919e61c935f619a6c258a3bddabe1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:20:27 +0200 Subject: [PATCH 28/72] CM-27 - Update probes --- modules/kubernetes/deployment_with_service/main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index a2566dd8..a9980a2b 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -77,8 +77,8 @@ resource "kubernetes_deployment_v1" "deployment" { content { http_get { - path = readiness_probe.value.path - port = readiness_probe.value.port + path = var.readiness_probe.path + port = var.readiness_probe.port scheme = "HTTP" } @@ -94,8 +94,8 @@ resource "kubernetes_deployment_v1" "deployment" { content { http_get { - path = liveness_probe.value.path - port = liveness_probe.value.port + path = var.liveness_probe.path + port = var.liveness_probe.port scheme = "HTTP" } @@ -159,6 +159,7 @@ resource "kubernetes_manifest" "http-scaler" { apiVersion = "http.keda.sh/v1alpha1" metadata = { name = var.name + namespace= var.namespace } spec = { host = var.scaler.host From a3aa2fc167b5432ca80e3059f288e3cf4a9d02e9 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:34:05 +0200 Subject: [PATCH 29/72] CM-27 - Update probes --- modules/kubernetes/deployment_with_service/main.tf | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index a9980a2b..5a8a0637 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -82,8 +82,8 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 10 + initial_delay_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } @@ -99,14 +99,20 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 10 + initial_delay_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } } } + dns_config { + option { + name = "single-request-reopen" + } + } + dynamic "volume" { for_each = var.volume_mounts From 4d2ff593e73a9d16fab51f7aa3379fbf77b2594d Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:39:47 +0200 Subject: [PATCH 30/72] CM-27 - Add env references --- .../deployment_with_service/main.tf | 20 +++++++++++++++++++ .../deployment_with_service/variables.tf | 12 +++++++++++ 2 files changed, 32 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5a8a0637..3fa6b4ad 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -58,6 +58,26 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "env_from" { + for_each = var.env_secret_refs + + content { + secret_ref { + name = env_from.value + } + } + } + + dynamic "env_from" { + for_each = var.env_configmap_refs + + content { + config_map_ref { + name = env_from.value + } + } + } + port { container_port = var.container_port } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 4d3ee97d..189c3245 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -79,6 +79,18 @@ variable "scaler" { default = null } +variable "env_secret_refs" { + type = list(string) + description = "The list of secret references to use as environment variables" + default = [] +} + +variable "env_configmap_refs" { + type = list(string) + description = "The list of configmap references to use as environment variables" + default = [] +} + variable "config_path" { type = string description = "The path to the config file" From 4a0569b69beefd5fd78a67d10fac3d79e204b7ce Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:44:29 +0200 Subject: [PATCH 31/72] CM-27 - Update label --- modules/kubernetes/deployment_with_service/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 3fa6b4ad..9c5cae19 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -37,7 +37,6 @@ resource "kubernetes_deployment_v1" "deployment" { metadata { labels = { "io.kompose.service" = var.name - app = var.name } } @@ -159,7 +158,7 @@ resource "kubernetes_service_v1" "service" { spec { selector = { - app = kubernetes_deployment_v1.deployment.metadata[0].name + "io.kompose.service" = kubernetes_deployment_v1.deployment.metadata[0].name } port { From d173d6e77dd2b14a7246b2de1cbb51fac3b0dc9f Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:50:34 +0200 Subject: [PATCH 32/72] CM-27 - Update output --- modules/azure/mysql_flexible_server_public/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf index 24a7dd49..3d054343 100644 --- a/modules/azure/mysql_flexible_server_public/outputs.tf +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -7,7 +7,7 @@ output "fqdn" { } output "database_name" { - value = azurerm_mysql_flexible_server.mysql_flexible_server.name + value = azurerm_mysql_flexible_database.mysql_flexible_database.name } output "admin_username" { From de7a0049bbe111624be79f1d26c47b6528c8f9b8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:52:23 +0200 Subject: [PATCH 33/72] CM-27 - Update administrator login --- modules/azure/mysql_flexible_server_public/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf index 3d054343..0cfdcc19 100644 --- a/modules/azure/mysql_flexible_server_public/outputs.tf +++ b/modules/azure/mysql_flexible_server_public/outputs.tf @@ -11,7 +11,7 @@ output "database_name" { } output "admin_username" { - value = "${azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login}@${var.server_name}" + value = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login sensitive = true } From 71d5c5c752a05d4eadf9042630196e83d2a3c169 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 11:59:10 +0200 Subject: [PATCH 34/72] CM-27 - Update label --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 9c5cae19..7be409ff 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -29,7 +29,7 @@ resource "kubernetes_deployment_v1" "deployment" { selector { match_labels = { - app = var.name + "io.kompose.service" = var.name } } From 4b0694aab66dbdb978969ab78f126e92738276c8 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:35:30 +0200 Subject: [PATCH 35/72] CM-27 - Add service port as output --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++++ .../kubernetes/deployment_with_service/variables.tf | 11 ++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 7be409ff..3a4ba9c3 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -183,8 +183,8 @@ resource "kubernetes_manifest" "http-scaler" { kind = "HTTPScaledObject" apiVersion = "http.keda.sh/v1alpha1" metadata = { - name = var.name - namespace= var.namespace + name = var.name + namespace = var.namespace } spec = { host = var.scaler.host diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 968a81dd..873ddacd 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -5,3 +5,7 @@ output "service_name" { output "deployment_name" { value = kubernetes_deployment_v1.deployment.metadata.0.name } + +output "service_port" { + value = kubernetes_service_v1.service.spec.0.ports.0.port +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 189c3245..e683c15a 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,17 +76,17 @@ variable "scaler" { }) }) description = "The scaler for the application" - default = null + default = null } variable "env_secret_refs" { - type = list(string) + type = list(string) description = "The list of secret references to use as environment variables" default = [] } variable "env_configmap_refs" { - type = list(string) + type = list(string) description = "The list of configmap references to use as environment variables" default = [] } @@ -99,9 +99,10 @@ variable "config_path" { variable "volume_mounts" { type = list(object({ - claim = string + claim = string mount_path = string - sub_path = string + sub_path = string })) description = "The volume mounts for the application" + default = [] } From b0c2d2075beaa703fd0ceae5986c596ef82896cf Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:36:37 +0200 Subject: [PATCH 36/72] CM-27 - Add service port as output --- modules/kubernetes/deployment_with_service/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 873ddacd..b749ccb5 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -7,5 +7,5 @@ output "deployment_name" { } output "service_port" { - value = kubernetes_service_v1.service.spec.0.ports.0.port + value = kubernetes_service_v1.service.spec.0.port.0.port } From d59c88e49d737ffc84af916d83188966f4c856b1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 13:44:24 +0200 Subject: [PATCH 37/72] CM-27 - Update paths --- modules/kubernetes/ingress/main.tf | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index aff16053..02774ae4 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -29,17 +29,21 @@ resource "kubernetes_ingress_v1" "ingress" { content { host = rule.value.host http { - path { - backend { - service { - name = rule.value.service - port { - number = rule.value.port + dynamic "path" { + for_each = rule.value.paths + + content { + backend { + service { + name = path.value.service + port { + number = path.value.port + } } } - } - path = rule.value.path + path = path.value.path + } } } } From 08225abb48718bf713a0cd9c69f425882533c0c3 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:15:00 +0200 Subject: [PATCH 38/72] CM-27 - Add scaler proxy --- .../deployment_with_service/main.tf | 25 +++++++++++++++++++ .../deployment_with_service/outputs.tf | 9 ++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 3a4ba9c3..58c1d72c 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -200,3 +200,28 @@ resource "kubernetes_manifest" "http-scaler" { } } } + +# +resource "kubernetes_service_v1" "http-scaler-service-proxy" { + count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + + metadata { + name = "${var.name}-keda-bridge" + namespace = var.namespace + } + + spec { + external_name = "keda-add-ons-http-interceptor-proxy.keda.svc.cluster.local" + port { + port = 8080 + } + + type = "ExternalName" + } + + lifecycle { + ignore_changes = [ + metadata[0].labels, + ] + } +} diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index b749ccb5..2b0b63fe 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -1,11 +1,12 @@ -output "service_name" { - value = kubernetes_deployment_v1.deployment.metadata.0.name -} output "deployment_name" { value = kubernetes_deployment_v1.deployment.metadata.0.name } output "service_port" { - value = kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port +} + +output "service_name" { + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From fbcc430da09c4bcff4b2fb566cae8bda70545156 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:18:49 +0200 Subject: [PATCH 39/72] CM-27 - Add scaler proxy --- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index 2b0b63fe..d636c27e 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From b3ab518d79d3b02c11548e7e537c04ca10072929 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:30:34 +0200 Subject: [PATCH 40/72] CM-27 - Tweak --- modules/kubernetes/deployment_with_service/main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 58c1d72c..9f0a4b6d 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -101,9 +101,9 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 5 - period_seconds = 25 - failure_threshold = 3 + initial_delay_seconds = 10 + period_seconds = 5 + failure_threshold = 10 timeout_seconds = 5 } } @@ -119,7 +119,7 @@ resource "kubernetes_deployment_v1" "deployment" { } initial_delay_seconds = 5 - period_seconds = 25 + period_seconds = 5 failure_threshold = 3 timeout_seconds = 5 } @@ -191,7 +191,7 @@ resource "kubernetes_manifest" "http-scaler" { scaleTargetRef = { deployment = var.name service = var.name - port = var.container_port + port = var.target_port } replicas = { min = var.scaler.replicas.min From 20c0c9a22bcfc5e0f4ed3c8c42bac34e19dea3be Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:33:05 +0200 Subject: [PATCH 41/72] CM-27 - Tweak --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 9f0a4b6d..2286968f 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -103,7 +103,7 @@ resource "kubernetes_deployment_v1" "deployment" { initial_delay_seconds = 10 period_seconds = 5 - failure_threshold = 10 + failure_threshold = 50 timeout_seconds = 5 } } From 9bff980fa752b17b75462d1af08f31e342910735 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 20 Apr 2023 15:38:05 +0200 Subject: [PATCH 42/72] CM-27 - Update value --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 2286968f..0447cf5c 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -119,7 +119,7 @@ resource "kubernetes_deployment_v1" "deployment" { } initial_delay_seconds = 5 - period_seconds = 5 + period_seconds = 25 failure_threshold = 3 timeout_seconds = 5 } From 8fd8e6e4b73a8937d114a9ba53698a324dc140e4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:10:18 +0200 Subject: [PATCH 43/72] CM-27 - Add resource scaler --- .../deployment_with_service/main.tf | 46 +++++++++++++++++++ .../deployment_with_service/variables.tf | 4 ++ 2 files changed, 50 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 0447cf5c..b79c80ff 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -225,3 +225,49 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { ] } } + +resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { + count = var.scaler != null && var.scaler.type == "resource" ? 1 : 0 + + metadata { + name = var.name + namespace = var.namespace + } + + spec { + scale_target_ref { + api_version = "apps/v1" + kind = "Deployment" + name = var.name + } + + min_replicas = var.scaler.replicas.min + max_replicas = var.scaler.replicas.max + + metric { + type = "Resource" + + resource { + name = "cpu" + + target { + type = "Utilization" + average_utilization = lookup(var.scaler.metrics, "cpu", 70) + } + } + } + + metric { + type = "Resource" + + resource { + name = "memory" + + target { + type = "Utilization" + average_utilization = lookup(var.scaler.metrics, "memory", 80) + } + } + } + } +} diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index e683c15a..498d2840 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -74,6 +74,10 @@ variable "scaler" { min = number max = number }) + metrics = object({ + cpu = number, + memory = number + }) }) description = "The scaler for the application" default = null From 771bc6a8ea819edb2aebcd1f0ffd5578786d1fa1 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:17:28 +0200 Subject: [PATCH 44/72] CM-27 - Add probe properties --- .../kubernetes/deployment_with_service/main.tf | 16 ++++++++-------- .../deployment_with_service/variables.tf | 18 +++++++++++++----- modules/kubernetes/ingress/main.tf | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index b79c80ff..482b2da0 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -101,10 +101,10 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 10 - period_seconds = 5 - failure_threshold = 50 - timeout_seconds = 5 + initial_delay_seconds = lookup(var.readiness_probe, "initial_delay_seconds", 10) + period_seconds = lookup(var.readiness_probe, "period_seconds", 5) + failure_threshold = lookup(var.readiness_probe, "failure_threshold", 50) + timeout_seconds = lookup(var.readiness_probe, "timeout_seconds", 5) } } @@ -118,10 +118,10 @@ resource "kubernetes_deployment_v1" "deployment" { scheme = "HTTP" } - initial_delay_seconds = 5 - period_seconds = 25 - failure_threshold = 3 - timeout_seconds = 5 + initial_delay_seconds = lookup(var.liveness_probe, "initial_delay_seconds", 5) + period_seconds = lookup(var.liveness_probe, "period_seconds", 25) + failure_threshold = lookup(var.liveness_probe, "failure_threshold", 3) + timeout_seconds = lookup(var.liveness_probe, "timeout_seconds", 5) } } } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 498d2840..beda8230 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -50,8 +50,12 @@ variable "target_port" { variable "readiness_probe" { type = object({ - path = string - port = number + path = string + port = number + initial_delay_seconds = number + period_seconds = number + failure_threshold = number + timeout_seconds = number }) description = "The readiness probe for the application" default = null @@ -59,8 +63,12 @@ variable "readiness_probe" { variable "liveness_probe" { type = object({ - path = string - port = number + path = string + port = number + initial_delay_seconds = number + period_seconds = number + failure_threshold = number + timeout_seconds = number }) description = "The liveness probe for the application" default = null @@ -75,7 +83,7 @@ variable "scaler" { max = number }) metrics = object({ - cpu = number, + cpu = number, memory = number }) }) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index 02774ae4..b31895d4 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -37,7 +37,7 @@ resource "kubernetes_ingress_v1" "ingress" { service { name = path.value.service port { - number = path.value.port + number = path.value.port } } } From ec60a508aecad24a6724605601b3eca014abb545 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:20:38 +0200 Subject: [PATCH 45/72] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index beda8230..97fe5cd8 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -82,10 +82,10 @@ variable "scaler" { min = number max = number }) - metrics = object({ + metrics = optional(object({ cpu = number, memory = number - }) + })) }) description = "The scaler for the application" default = null From a57be4bdf0edeba6b55cf3e40a184216d6382ab5 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:21:20 +0200 Subject: [PATCH 46/72] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 97fe5cd8..af67d4c3 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -65,10 +65,10 @@ variable "liveness_probe" { type = object({ path = string port = number - initial_delay_seconds = number - period_seconds = number - failure_threshold = number - timeout_seconds = number + initial_delay_seconds = optional(number) + period_seconds = optional(number) + failure_threshold = optional(number) + timeout_seconds = optional(number) }) description = "The liveness probe for the application" default = null From 873e88a97c54a080d009a560b79d9e169a219900 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:22:12 +0200 Subject: [PATCH 47/72] CM-27 - Add probe properties --- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index af67d4c3..864cfc52 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -52,10 +52,10 @@ variable "readiness_probe" { type = object({ path = string port = number - initial_delay_seconds = number - period_seconds = number - failure_threshold = number - timeout_seconds = number + initial_delay_seconds = optional(number) + period_seconds = optional(number) + failure_threshold = optional(number) + timeout_seconds = optional(number) }) description = "The readiness probe for the application" default = null From 33c9dff4d3e6e7621a195066abd6fa73eac8e844 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:27:32 +0200 Subject: [PATCH 48/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 482b2da0..8524af93 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" From c8556d08cce692e8c43054d1bf97673625d15650 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:28:22 +0200 Subject: [PATCH 49/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 8524af93..0d2294bf 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = var.scaler != null && var.scaler.type == "http" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = var.scaler != null && var.scaler.type == "resource" ? 1 : 0 + count = var.scaler != null && lookup(var.scaler, "type", "-") == "resource" ? 1 : 0 metadata { name = var.name From daf737a9ff2bc74309bbc691713af91dd9327060 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:29:57 +0200 Subject: [PATCH 50/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 0d2294bf..5f6b64ef 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = var.scaler != null && lookup(var.scaler, "type", "-") == "resource" ? 1 : 0 + count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "resource" ? 1 : 0 metadata { name = var.name From 1b9ea2f62a832fb27d2ac8d2c0de0c66ada64ac4 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:30:59 +0200 Subject: [PATCH 51/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 864cfc52..d43b316a 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,8 +76,8 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string - host = string + type = optional(string) + host = optional(string) replicas = object({ min = number max = number From 9c59d5247acdd30f1bce879725132b871f4b8c8e Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:33:24 +0200 Subject: [PATCH 52/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- modules/kubernetes/deployment_with_service/variables.tf | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 5f6b64ef..2caa332f 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -203,7 +203,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "http" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -227,7 +227,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = lookup(var.scaler == null ? {} : var.scaler, "type", "-") == "resource" ? 1 : 0 + count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "resource" ? 1 : 0 metadata { name = var.name diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index d43b316a..864cfc52 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,8 +76,8 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = optional(string) - host = optional(string) + type = string + host = string replicas = object({ min = number max = number From 97bffaeec2ee67c6eb783548c49a62fe02e24204 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:34:19 +0200 Subject: [PATCH 53/72] CM-27 - Support no scaler --- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index d636c27e..c99e4bee 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } From 579cae1c0dee2e5c1809ecd9bd6d72e9fd0f68c0 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:37:17 +0200 Subject: [PATCH 54/72] CM-27 - Add env variable --- modules/kubernetes/deployment_with_service/main.tf | 9 +++++++++ modules/kubernetes/deployment_with_service/variables.tf | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 2caa332f..d4cec1c5 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -67,6 +67,15 @@ resource "kubernetes_deployment_v1" "deployment" { } } + dynamic "env" { + for_each = var.env + + content { + name = env.key + value = env.value + } + } + dynamic "env_from" { for_each = var.env_configmap_refs diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 864cfc52..7491d5fb 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -103,6 +103,12 @@ variable "env_configmap_refs" { default = [] } +variable "env" { + type = map(string) + description = "The environment variables for the application" + default = {} +} + variable "config_path" { type = string description = "The path to the config file" From 746b6c0da0c58e4d2a790a1bed20e7989fc4b83c Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 09:57:03 +0200 Subject: [PATCH 55/72] CM-27 - Add env variable --- modules/kubernetes/deployment_with_service/main.tf | 6 +++--- modules/kubernetes/deployment_with_service/outputs.tf | 4 ++-- modules/kubernetes/deployment_with_service/variables.tf | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index d4cec1c5..95d1d6b0 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -186,7 +186,7 @@ resource "kubernetes_service_v1" "service" { } resource "kubernetes_manifest" "http-scaler" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 + count = var.scaler.type == "http" ? 1 : 0 manifest = { kind = "HTTPScaledObject" @@ -212,7 +212,7 @@ resource "kubernetes_manifest" "http-scaler" { # resource "kubernetes_service_v1" "http-scaler-service-proxy" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? 1 : 0 + count = var.scaler.type == "http" ? 1 : 0 metadata { name = "${var.name}-keda-bridge" @@ -236,7 +236,7 @@ resource "kubernetes_service_v1" "http-scaler-service-proxy" { } resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { - count = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "resource" ? 1 : 0 + count = var.scaler.type == "resource" ? 1 : 0 metadata { name = var.name diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index c99e4bee..d636c27e 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -4,9 +4,9 @@ output "deployment_name" { } output "service_port" { - value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.spec.0.port.0.port : kubernetes_service_v1.service.spec.0.port.0.port } output "service_name" { - value = lookup(var.scaler == null ? {} : tomap(var.scaler), "type", "-") == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name + value = var.scaler.type == "http" ? kubernetes_service_v1.http-scaler-service-proxy.0.metadata.0.name : kubernetes_service_v1.service.metadata.0.name } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index 7491d5fb..bbaa0677 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -76,12 +76,12 @@ variable "liveness_probe" { variable "scaler" { type = object({ - type = string - host = string - replicas = object({ + type = optional(string) + host = optional(string) + replicas = optional(object({ min = number max = number - }) + })) metrics = optional(object({ cpu = number, memory = number From 8f31cb465a7f089f0ad1caa06ebbc0062305f387 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Fri, 21 Apr 2023 11:06:13 +0200 Subject: [PATCH 56/72] CM-27 - Allow conditional enabling of Ingress --- modules/kubernetes/ingress/main.tf | 2 ++ modules/kubernetes/ingress/variables.tf | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index b31895d4..cdd88523 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -16,6 +16,8 @@ provider "kubernetes" { } resource "kubernetes_ingress_v1" "ingress" { + count = var.enabled ? 1 : 0 + metadata { name = var.name namespace = var.namespace diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index 3d9fa6c8..312f89f9 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -32,3 +32,9 @@ variable "config_path" { description = "The path to the config file" default = "~/.kube/config" } + +variable "enabled" { + type = bool + description = "Whether to enable the ingress" + default = true +} From 385a1af18da4ca1d4eceb838bd27746ccdf0aa62 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Tue, 25 Apr 2023 14:49:40 +0200 Subject: [PATCH 57/72] Apply only one backend policy at a time as multiple backend policies are not supported --- modules/azure/api_management_api/main.tf | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/azure/api_management_api/main.tf b/modules/azure/api_management_api/main.tf index 70ffb08c..cfcea96a 100644 --- a/modules/azure/api_management_api/main.tf +++ b/modules/azure/api_management_api/main.tf @@ -185,18 +185,19 @@ resource "azurerm_api_management_api_policy" "api_policy" { %{endif} - - + %{if var.custom_backend_policy != null} - ${var.custom_backend_policy} - %{endif} + ${var.custom_backend_policy} + %{else} + + %{endif} - %{if var.custom_outbound_policy != null} - ${var.custom_outbound_policy} - %{endif} + %{if var.custom_outbound_policy != null} + ${var.custom_outbound_policy} + %{endif} XML From 57dfa212eee77401ab428a1803fc2f5e16f98149 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:02:04 +0200 Subject: [PATCH 58/72] Update modules/kubernetes/secret/main.tf Co-authored-by: tom-reinders --- modules/kubernetes/secret/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf index b9f3f63d..332399d1 100644 --- a/modules/kubernetes/secret/main.tf +++ b/modules/kubernetes/secret/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } From c57eeb35a080b13b6e5256c10553feb826bd52a2 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:02:10 +0200 Subject: [PATCH 59/72] Update modules/kubernetes/configmap/main.tf Co-authored-by: tom-reinders --- modules/kubernetes/configmap/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf index dbdb58aa..414908dd 100644 --- a/modules/kubernetes/configmap/main.tf +++ b/modules/kubernetes/configmap/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } From 4fac76e2bbd24c1586edc65efef959ff6ab61759 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Tue, 25 Apr 2023 16:03:27 +0200 Subject: [PATCH 60/72] Apply suggestions from code review Co-authored-by: tom-reinders --- modules/kubernetes/deployment_with_service/main.tf | 2 +- modules/kubernetes/ingress/main.tf | 2 +- modules/kubernetes/pvc/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 95d1d6b0..b7707194 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf index cdd88523..ad3fa2f8 100644 --- a/modules/kubernetes/ingress/main.tf +++ b/modules/kubernetes/ingress/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf index 6ba41699..ecf30d1a 100644 --- a/modules/kubernetes/pvc/main.tf +++ b/modules/kubernetes/pvc/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.19.0" + version = "~> 2.20" } } From 345c1264b697c00a024c9f253faa3cc6d7acffd8 Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Wed, 26 Apr 2023 08:02:59 +0200 Subject: [PATCH 61/72] fix logic app standard changes deployment --- modules/azure/logic_app_standard/main.tf | 33 ++++++++++++++++++------ 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index e3f39f55..01e3ebf5 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -54,11 +54,25 @@ resource "azurerm_logic_app_standard" "app" { virtual_network_subnet_id = var.integration_subnet_id } -# First, create a zip file containing the workflow -data "archive_file" "workflow" { +# First, create a check.zip with archive_file to check diffs (this step is required) +# replacing this step by checking of deploy.zip created by local-exec doesn't work +# because local-exec is not executed during 'plan' so it would take old deploy.zip +data "archive_file" "check_zip" { type = "zip" source_dir = var.workflows_source_path - output_path = "${path.module}/files/deploy.zip" + output_path = "${path.module}/files/check.zip" +} + +resource "null_resource" "zip_logic_app" { + depends_on = [data.archive_file.check_zip] + + triggers = { + deploy = data.archive_file.check_zip.output_sha + } + # if check.zip file changes, create deploy.zip file + provisioner "local-exec" { + command = "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." + } } # After the logic app is created, start a deployment using the Azure CLI @@ -70,11 +84,14 @@ data "archive_file" "workflow" { # deployment to make sure the app settings are available before the deployment is started. resource "time_sleep" "wait_for_app_settings" { - depends_on = [azurerm_logic_app_standard.app] + depends_on = [ + azurerm_logic_app_standard.app, + null_resource.zip_logic_app + ] create_duration = "${var.deployment_wait_timeout}s" triggers = { - time = timestamp() + deploy = data.archive_file.check_zip.output_sha } } @@ -83,7 +100,7 @@ resource "null_resource" "install-extension" { depends_on = [time_sleep.wait_for_app_settings] triggers = { - deploy = data.archive_file.workflow.output_sha + deploy = data.archive_file.check_zip.output_sha } provisioner "local-exec" { @@ -99,10 +116,10 @@ resource "null_resource" "deploy" { depends_on = [null_resource.install-extension] triggers = { - deploy = data.archive_file.workflow.output_sha + deploy = data.archive_file.check_zip.output_sha } provisioner "local-exec" { - command = "az logicapp deployment source config-zip --name ${var.logic_app_name} --resource-group ${var.resource_group_name} --subscription ${data.azurerm_subscription.current.display_name} --src ${data.archive_file.workflow.output_path}" + command = "az logicapp deployment source config-zip --name ${var.logic_app_name} --resource-group ${var.resource_group_name} --subscription ${data.azurerm_subscription.current.display_name} --src ${path.module}/files/deploy.zip" } } From 4919f2c099f9f841d1154c786a701d695f472eb0 Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Wed, 26 Apr 2023 08:03:54 +0200 Subject: [PATCH 62/72] fix formatting in logic_app_standard main.tf --- modules/azure/logic_app_standard/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index 01e3ebf5..04248d43 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -84,7 +84,7 @@ resource "null_resource" "zip_logic_app" { # deployment to make sure the app settings are available before the deployment is started. resource "time_sleep" "wait_for_app_settings" { - depends_on = [ + depends_on = [ azurerm_logic_app_standard.app, null_resource.zip_logic_app ] From a014431d1e0966f1793ccbb71deb94bf9414d024 Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Wed, 26 Apr 2023 12:08:58 +0200 Subject: [PATCH 63/72] add PowerShell command for non-linux machines --- modules/azure/logic_app_standard/main.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index 04248d43..413201c7 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -22,6 +22,10 @@ provider "azurerm" { provider "archive" { } +locals { + is_linux = length(regexall("/home/", lower(abspath(path.root)))) > 0 +} + resource "azurerm_logic_app_standard" "app" { name = var.logic_app_name location = var.location @@ -71,7 +75,8 @@ resource "null_resource" "zip_logic_app" { } # if check.zip file changes, create deploy.zip file provisioner "local-exec" { - command = "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." + interpreter = local.is_linux ? ["bash", "-c"] : ["PowerShell", "-Command"] + command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\"" } } From eb915612c0ed3e98ebf7d69d2b33eceff965af7d Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Wed, 26 Apr 2023 12:09:34 +0200 Subject: [PATCH 64/72] fix formatting in logic_app_standard main.tf --- modules/azure/logic_app_standard/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index 413201c7..fc9683d6 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -76,7 +76,7 @@ resource "null_resource" "zip_logic_app" { # if check.zip file changes, create deploy.zip file provisioner "local-exec" { interpreter = local.is_linux ? ["bash", "-c"] : ["PowerShell", "-Command"] - command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\"" + command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\"" } } From e56d2be92d5c9d91c56924934500d12313dda2d4 Mon Sep 17 00:00:00 2001 From: tjezek <122079792+tjezek@users.noreply.github.com> Date: Wed, 26 Apr 2023 16:52:34 +0200 Subject: [PATCH 65/72] simplify zip command Co-authored-by: tom-reinders --- modules/azure/logic_app_standard/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index fc9683d6..2ab83323 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -76,7 +76,7 @@ resource "null_resource" "zip_logic_app" { # if check.zip file changes, create deploy.zip file provisioner "local-exec" { interpreter = local.is_linux ? ["bash", "-c"] : ["PowerShell", "-Command"] - command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\"" + command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/files/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\"" } } From ab4272ad4af2599ce642c8f583c64fe9eafd019b Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Wed, 26 Apr 2023 17:04:38 +0200 Subject: [PATCH 66/72] update identity settings of logic app standard to support user identity --- modules/azure/logic_app_standard/main.tf | 5 +++-- modules/azure/logic_app_standard/outputs.tf | 2 +- modules/azure/logic_app_standard/variables.tf | 11 +++++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index e3f39f55..8aa86ba5 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -31,9 +31,10 @@ resource "azurerm_logic_app_standard" "app" { version = var.logic_app_version dynamic "identity" { - for_each = var.use_managed_identity ? [1] : [] + for_each = var.identity != null ? [1] : [] content { - type = "SystemAssigned" + type = var.identity.identity_type + identity_ids = var.identity.identity_ids } } diff --git a/modules/azure/logic_app_standard/outputs.tf b/modules/azure/logic_app_standard/outputs.tf index 554a0462..b1a36663 100644 --- a/modules/azure/logic_app_standard/outputs.tf +++ b/modules/azure/logic_app_standard/outputs.tf @@ -1,5 +1,5 @@ output "principal_id" { - value = var.use_managed_identity ? azurerm_logic_app_standard.app.identity[0].principal_id : null + value = length(azurerm_logic_app_standard.app.identity) > 0 ? azurerm_logic_app_standard.app.identity[0].principal_id : null } output "name" { diff --git a/modules/azure/logic_app_standard/variables.tf b/modules/azure/logic_app_standard/variables.tf index 62a2ed88..5da2e699 100644 --- a/modules/azure/logic_app_standard/variables.tf +++ b/modules/azure/logic_app_standard/variables.tf @@ -34,10 +34,13 @@ variable "enabled" { default = true } -variable "use_managed_identity" { - type = bool - description = "Use Managed Identity for this logic app" - default = false +variable "identity" { + type = object({ + identity_type = string, # use one of these values: "SystemAssigned", "UserAssigned", "SystemAssigned, UserAssigned" + identity_ids = optional(list(string), []) + }) + default = null + description = "Logic App Identity settings" } variable "app_settings" { From 5efe5220318ef404d22f19abc026afce86a31e73 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Fri, 28 Apr 2023 11:13:43 +0200 Subject: [PATCH 67/72] TD-239 Update changelog --- CHANGELOG.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e932269..7f415157 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,30 @@ All notable changes to this project will be documented in this file. The format is based on [Common Changelog](https://common-changelog.org), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.3.0] - 2023- + +### Changed + +- `azure/mysql_flexible_server`: Change default of variable `backup_retention_days` from `7` to `30` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) + +### Added + +- `azure/service_plan`: Add variable `scaling_rules` ([#309](https://github.com/recognizegroup/terraform/pull/309), [#312](https://github.com/recognizegroup/terraform/pull/312)) ([`fd0039e3`](https://github.com/recognizegroup/terraform/commit/fd0039e3), [`4fdb7698`](https://github.com/recognizegroup/terraform/commit/4fdb7698)) +- `azure/storage_account_public`: Add variable `auto_delete_rules` ([#310](https://github.com/recognizegroup/terraform/pull/310)) ([`d0eb9139`](https://github.com/recognizegroup/terraform/commit/d0eb9139)) +- `azure/api_management_api`: Add variable `custom_backend_policy` ([#311](https://github.com/recognizegroup/terraform/pull/311), [#314](https://github.com/recognizegroup/terraform/pull/314)) ([`37b46fd7`](https://github.com/recognizegroup/terraform/commit/37b46fd7), [`385a1af1`](https://github.com/recognizegroup/terraform/commit/385a1af1)) +- Add module `azure/mysql_flexible_server_public` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `azure/postgresql_public` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/configmap` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/deployment_with_service` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/ingress` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/pvc` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/secret` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) + +### Fixed + +- `azure/logic_app_standard`: Fix deployment bug caused by [hashicorp/terraform-provider-archive#40](https://github.com/hashicorp/terraform-provider-archive/issues/40) ([#316](https://github.com/recognizegroup/terraform/pull/316)) ([`cdae9fcb`](https://github.com/recognizegroup/terraform/commit/cdae9fcb)) + + ## [3.2.0] - 2023-04-11 ### Changed @@ -89,6 +113,7 @@ _If you are upgrading: please see [UPGRADE_3.0.md](UPGRADE_3.0.md)._ - **Breaking:** Remove module `azure/monitoring`, replace with `azure/azure/monitoring_action_group` and `azure/monitoring_log_analytics_alert` ([#268](https://github.com/recognizegroup/terraform/pull/268)) ([`5bd013c1`](https://github.com/recognizegroup/terraform/commit/5bd013c1)) - **Breaking:** Remove module `azure/api_connectors/storage_account`, replace with `azure/api_connectors/storage_blob` and `azure/api_connectors/storage_table` ([#276](https://github.com/recognizegroup/terraform/pull/276)) ([`7a483886`](https://github.com/recognizegroup/terraform/commit/7a483886)) +[3.3.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.3.0 [3.2.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.2.0 [3.1.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.1.0 [3.0.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.0.0 From b6d06c84b5d625dbc5ff5d38420b65c0b6e572db Mon Sep 17 00:00:00 2001 From: Tomas Jezek Date: Tue, 2 May 2023 10:48:58 +0200 Subject: [PATCH 68/72] split logic_app_standard identity object into use_managed_identity and identity_ids variables --- modules/azure/logic_app_standard/main.tf | 10 +++++++--- modules/azure/logic_app_standard/variables.tf | 17 ++++++++++------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf index 8aa86ba5..bad580fb 100644 --- a/modules/azure/logic_app_standard/main.tf +++ b/modules/azure/logic_app_standard/main.tf @@ -22,6 +22,10 @@ provider "azurerm" { provider "archive" { } +locals { + identity_type = var.use_managed_identity && length(var.identity_ids) > 0 ? "SystemAssigned, UserAssigned" : var.use_managed_identity ? "SystemAssigned" : length(var.identity_ids) > 0 ? "UserAssigned" : null +} + resource "azurerm_logic_app_standard" "app" { name = var.logic_app_name location = var.location @@ -31,10 +35,10 @@ resource "azurerm_logic_app_standard" "app" { version = var.logic_app_version dynamic "identity" { - for_each = var.identity != null ? [1] : [] + for_each = local.identity_type != null ? [1] : [] content { - type = var.identity.identity_type - identity_ids = var.identity.identity_ids + type = local.identity_type + identity_ids = var.identity_ids } } diff --git a/modules/azure/logic_app_standard/variables.tf b/modules/azure/logic_app_standard/variables.tf index 5da2e699..2eca211e 100644 --- a/modules/azure/logic_app_standard/variables.tf +++ b/modules/azure/logic_app_standard/variables.tf @@ -34,13 +34,16 @@ variable "enabled" { default = true } -variable "identity" { - type = object({ - identity_type = string, # use one of these values: "SystemAssigned", "UserAssigned", "SystemAssigned, UserAssigned" - identity_ids = optional(list(string), []) - }) - default = null - description = "Logic App Identity settings" +variable "use_managed_identity" { + type = bool + description = "Use System Assigned Managed Identity for this logic app" + default = false +} + +variable "identity_ids" { + type = list(string) + description = "User Assigned Managed Identity ids for this logic app" + default = [] } variable "app_settings" { From cd6ca71df52a833519c84183ef97e8ce355c6e20 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 8 May 2023 13:26:48 +0200 Subject: [PATCH 69/72] TD-590 Add minimums for passwords --- modules/azure/mssql/main.tf | 4 ++++ modules/azure/mysql/main.tf | 4 ++++ modules/azure/mysql_flexible_server/main.tf | 4 ++++ .../mysql_flexible_server_public/main.tf | 4 ++++ modules/azure/postgresql/main.tf | 4 ++++ modules/azure/postgresql_public/main.tf | 4 ++++ modules/azure/synapse_workspace/main.tf | 5 ++++ modules/other/password_generator/main.tf | 4 ++++ modules/other/password_generator/variables.tf | 24 +++++++++++++++++++ 9 files changed, 57 insertions(+) diff --git a/modules/azure/mssql/main.tf b/modules/azure/mssql/main.tf index e6c70a30..a962bc0b 100644 --- a/modules/azure/mssql/main.tf +++ b/modules/azure/mssql/main.tf @@ -22,6 +22,10 @@ resource "random_password" "mssql_admin_password" { special = true override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_mssql_server" "mssql_server" { diff --git a/modules/azure/mysql/main.tf b/modules/azure/mysql/main.tf index 917ba4e1..842f625a 100644 --- a/modules/azure/mysql/main.tf +++ b/modules/azure/mysql/main.tf @@ -20,6 +20,10 @@ resource "random_password" "mysql_admin_password" { special = true override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_mysql_server" "mysql_server" { diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf index 498ce6c4..9a84d16b 100644 --- a/modules/azure/mysql_flexible_server/main.tf +++ b/modules/azure/mysql_flexible_server/main.tf @@ -20,6 +20,10 @@ resource "random_password" "mysql_admin_password" { special = true override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index d2fae6c9..815ab2b7 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -20,6 +20,10 @@ resource "random_password" "mysql_admin_password" { special = true override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { diff --git a/modules/azure/postgresql/main.tf b/modules/azure/postgresql/main.tf index e2b6eeb7..49f9741b 100644 --- a/modules/azure/postgresql/main.tf +++ b/modules/azure/postgresql/main.tf @@ -20,6 +20,10 @@ resource "random_password" "postgresql_admin" { special = false override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_postgresql_flexible_server" "postgresql_server" { diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf index cecb4fd9..a2eb0cc0 100644 --- a/modules/azure/postgresql_public/main.tf +++ b/modules/azure/postgresql_public/main.tf @@ -20,6 +20,10 @@ resource "random_password" "postgresql_admin" { special = false override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } resource "azurerm_postgresql_flexible_server" "postgresql_server" { diff --git a/modules/azure/synapse_workspace/main.tf b/modules/azure/synapse_workspace/main.tf index 98defb76..758533b0 100644 --- a/modules/azure/synapse_workspace/main.tf +++ b/modules/azure/synapse_workspace/main.tf @@ -37,6 +37,11 @@ resource "random_password" "sql_admin_password" { upper = true numeric = true override_special = "_%@" + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 + keepers = { keeper = var.sql_admin_password_keeper } diff --git a/modules/other/password_generator/main.tf b/modules/other/password_generator/main.tf index 75b28e44..3636d6da 100644 --- a/modules/other/password_generator/main.tf +++ b/modules/other/password_generator/main.tf @@ -9,4 +9,8 @@ resource "random_password" "password" { special = true override_special = "_%@" keepers = var.password_keeper + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 } diff --git a/modules/other/password_generator/variables.tf b/modules/other/password_generator/variables.tf index 111e91eb..afe4d526 100644 --- a/modules/other/password_generator/variables.tf +++ b/modules/other/password_generator/variables.tf @@ -8,3 +8,27 @@ variable "password_keeper" { type = map(string) description = "Random map of strings, when changed the password will rotate." } + +variable "min_lower" { + type = number + description = "Minimum number of lower case characters of the password." + default = 0 +} + +variable "min_upper" { + type = number + description = "Minimum number of upper case characters of the password." + default = 0 +} + +variable "min_numeric" { + type = number + description = "Minimum number of numeric characters of the password." + default = 0 +} + +variable "min_special" { + type = number + description = "Minimum number of special characters of the password." + default = 0 +} From bd78f6564f8a900f1234f34448350210e3153482 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 8 May 2023 13:55:37 +0200 Subject: [PATCH 70/72] TD-590 PR fix --- modules/other/password_generator/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/other/password_generator/main.tf b/modules/other/password_generator/main.tf index 3636d6da..b6b5a433 100644 --- a/modules/other/password_generator/main.tf +++ b/modules/other/password_generator/main.tf @@ -9,8 +9,8 @@ resource "random_password" "password" { special = true override_special = "_%@" keepers = var.password_keeper - min_lower = 1 - min_upper = 1 - min_numeric = 1 - min_special = 1 + min_lower = var.min_lower + min_upper = var.min_upper + min_numeric = var.min_numeric + min_special = var.min_special } From 383bdda59e045821c6b055927d5ff3eea56aa68b Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 8 May 2023 17:09:20 +0200 Subject: [PATCH 71/72] TD-590 Reverse order to try hotfix issue hashicorp/terraform-provider-kubernetes#1188 --- modules/kubernetes/deployment_with_service/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index b7707194..0be521ea 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -257,11 +257,11 @@ resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { type = "Resource" resource { - name = "cpu" + name = "memory" target { type = "Utilization" - average_utilization = lookup(var.scaler.metrics, "cpu", 70) + average_utilization = lookup(var.scaler.metrics, "memory", 80) } } } @@ -270,11 +270,11 @@ resource "kubernetes_horizontal_pod_autoscaler_v2" "resource-scaler" { type = "Resource" resource { - name = "memory" + name = "cpu" target { type = "Utilization" - average_utilization = lookup(var.scaler.metrics, "memory", 80) + average_utilization = lookup(var.scaler.metrics, "cpu", 70) } } } From 10a03e76170809abfd0b27abebee186cf049a3d8 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 15 May 2023 11:49:36 +0200 Subject: [PATCH 72/72] TD-239 TD-590 - Update changelog --- CHANGELOG.md | 16 +++++++++++----- .../kubernetes/deployment_with_service/main.tf | 4 ++++ .../deployment_with_service/outputs.tf | 1 - .../deployment_with_service/variables.tf | 1 + modules/kubernetes/ingress/variables.tf | 1 + 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f415157..72b51795 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Common Changelog](https://common-changelog.org), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [3.3.0] - 2023- +## [3.3.0] - 2023-05-15 ### Changed @@ -16,18 +16,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `azure/service_plan`: Add variable `scaling_rules` ([#309](https://github.com/recognizegroup/terraform/pull/309), [#312](https://github.com/recognizegroup/terraform/pull/312)) ([`fd0039e3`](https://github.com/recognizegroup/terraform/commit/fd0039e3), [`4fdb7698`](https://github.com/recognizegroup/terraform/commit/4fdb7698)) - `azure/storage_account_public`: Add variable `auto_delete_rules` ([#310](https://github.com/recognizegroup/terraform/pull/310)) ([`d0eb9139`](https://github.com/recognizegroup/terraform/commit/d0eb9139)) - `azure/api_management_api`: Add variable `custom_backend_policy` ([#311](https://github.com/recognizegroup/terraform/pull/311), [#314](https://github.com/recognizegroup/terraform/pull/314)) ([`37b46fd7`](https://github.com/recognizegroup/terraform/commit/37b46fd7), [`385a1af1`](https://github.com/recognizegroup/terraform/commit/385a1af1)) -- Add module `azure/mysql_flexible_server_public` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) -- Add module `azure/postgresql_public` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `azure/mysql_flexible_server_public` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#320](https://github.com/recognizegroup/terraform/pull/320)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) +- Add module `azure/postgresql_public` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#320](https://github.com/recognizegroup/terraform/pull/320)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) - Add module `kubernetes/configmap` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) -- Add module `kubernetes/deployment_with_service` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- Add module `kubernetes/deployment_with_service` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#321](https://github.com/recognizegroup/terraform/pull/321)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`383bdda5`](https://github.com/recognizegroup/terraform/commit/383bdda5)) - Add module `kubernetes/ingress` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) - Add module `kubernetes/pvc` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) - Add module `kubernetes/secret` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489)) +- `azure/logic_app_standard`: Add variable `identity_ids` ([#317](https://github.com/recognizegroup/terraform/pull/317)) ([`ab4272ad`](https://github.com/recognizegroup/terraform/commit/ab4272ad), [`b6d06c84`](https://github.com/recognizegroup/terraform/commit/b6d06c84)) +- `other/password_generator`: Add variables `min_lower`, `min_upper`, `min_numeric`, `min_special` ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d), [`bd78f656`](https://github.com/recognizegroup/terraform/commit/bd78f656)) ### Fixed - `azure/logic_app_standard`: Fix deployment bug caused by [hashicorp/terraform-provider-archive#40](https://github.com/hashicorp/terraform-provider-archive/issues/40) ([#316](https://github.com/recognizegroup/terraform/pull/316)) ([`cdae9fcb`](https://github.com/recognizegroup/terraform/commit/cdae9fcb)) - +- `azure/mssql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) +- `azure/mysql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) +- `azure/mysql_flexible_server`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) +- `azure/postgresql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) +- `azure/synapse_workspace`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d)) ## [3.2.0] - 2023-04-11 diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf index 0be521ea..134e2232 100644 --- a/modules/kubernetes/deployment_with_service/main.tf +++ b/modules/kubernetes/deployment_with_service/main.tf @@ -19,6 +19,7 @@ resource "kubernetes_deployment_v1" "deployment" { metadata { name = var.name namespace = var.namespace + labels = { app = var.name } @@ -191,17 +192,20 @@ resource "kubernetes_manifest" "http-scaler" { manifest = { kind = "HTTPScaledObject" apiVersion = "http.keda.sh/v1alpha1" + metadata = { name = var.name namespace = var.namespace } spec = { host = var.scaler.host + scaleTargetRef = { deployment = var.name service = var.name port = var.target_port } + replicas = { min = var.scaler.replicas.min max = var.scaler.replicas.max diff --git a/modules/kubernetes/deployment_with_service/outputs.tf b/modules/kubernetes/deployment_with_service/outputs.tf index d636c27e..f81bb155 100644 --- a/modules/kubernetes/deployment_with_service/outputs.tf +++ b/modules/kubernetes/deployment_with_service/outputs.tf @@ -1,4 +1,3 @@ - output "deployment_name" { value = kubernetes_deployment_v1.deployment.metadata.0.name } diff --git a/modules/kubernetes/deployment_with_service/variables.tf b/modules/kubernetes/deployment_with_service/variables.tf index bbaa0677..71dc4c12 100644 --- a/modules/kubernetes/deployment_with_service/variables.tf +++ b/modules/kubernetes/deployment_with_service/variables.tf @@ -78,6 +78,7 @@ variable "scaler" { type = object({ type = optional(string) host = optional(string) + replicas = optional(object({ min = number max = number diff --git a/modules/kubernetes/ingress/variables.tf b/modules/kubernetes/ingress/variables.tf index 312f89f9..019ebb32 100644 --- a/modules/kubernetes/ingress/variables.tf +++ b/modules/kubernetes/ingress/variables.tf @@ -17,6 +17,7 @@ variable "annotations" { variable "rules" { type = list(object({ host = string + paths = list(object({ service = string port = number