From ec94fa6a8afb8684c84cae7747bff5a54183cb9d Mon Sep 17 00:00:00 2001 From: Deepak Verma Date: Wed, 27 Nov 2024 23:08:28 +0530 Subject: [PATCH 1/3] feat: update to azurerm version 4.11.0 --- examples/complete/example.tf | 17 +++++++++++------ examples/complete/versions.tf | 2 +- main.tf | 36 +++++++++++++++++------------------ variables.tf | 1 + 4 files changed, 31 insertions(+), 25 deletions(-) diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 8a848d4..069d467 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -1,5 +1,6 @@ provider "azurerm" { features {} + subscription_id = "2334-12-343-23-##-34343" } data "azurerm_client_config" "current_client_config" {} @@ -7,7 +8,7 @@ module "resource_group" { source = "clouddrove/resource-group/azure" version = "1.0.2" - name = "Public-app" + name = "aks-test" environment = "test" label_order = ["name", "environment", ] location = "Canada Central" @@ -52,7 +53,7 @@ module "subnet" { module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "2.0.0" name = "app" environment = "test" label_order = ["name", "environment"] @@ -63,9 +64,13 @@ module "log-analytics" { } module "vault" { + providers = { + azurerm.dns_sub = azurerm, #chagnge this to other alias if dns hosted in other subscription. + azurerm.main_sub = azurerm + } source = "clouddrove/key-vault/azure" - version = "1.1.0" - name = "appakstest" + version = "1.2.0" + name = "appakstestcd2" #environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location @@ -97,7 +102,7 @@ module "aks" { resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - kubernetes_version = "1.27.7" + kubernetes_version = "1.30.5" private_cluster_enabled = false default_node_pool = { name = "agentpool1" @@ -109,7 +114,7 @@ module "aks" { max_surge = "33%" } - ##### if requred more than one node group. + ##### if required more than one node group. nodes_pools = [ { name = "nodegroup2" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 18fc9ba..a32fb80 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=3.112.0" } } } diff --git a/main.tf b/main.tf index 2730b5c..91ba935 100644 --- a/main.tf +++ b/main.tf @@ -74,7 +74,7 @@ resource "azurerm_kubernetes_cluster" "aks" { resource_group_name = local.resource_group_name dns_prefix = replace(module.labels.id, "/[\\W_]/", "-") kubernetes_version = var.kubernetes_version - automatic_channel_upgrade = var.automatic_channel_upgrade + automatic_upgrade_channel = var.automatic_channel_upgrade sku_tier = var.aks_sku_tier node_resource_group = var.node_resource_group == null ? format("%s-aks-node-rg", module.labels.id) : var.node_resource_group disk_encryption_set_id = var.key_vault_id != null ? azurerm_disk_encryption_set.main[0].id : null @@ -94,9 +94,9 @@ resource "azurerm_kubernetes_cluster" "aks" { content { name = var.agents_pool_name vm_size = var.agents_size - enable_auto_scaling = var.enable_auto_scaling - enable_host_encryption = var.enable_host_encryption - enable_node_public_ip = var.enable_node_public_ip + auto_scaling_enabled = var.enable_auto_scaling + host_encryption_enabled = var.enable_host_encryption + node_public_ip_enabled = var.enable_node_public_ip fips_enabled = var.default_node_pool_fips_enabled max_count = var.agents_max_count max_pods = var.agents_max_pods @@ -255,8 +255,8 @@ resource "azurerm_kubernetes_cluster" "aks" { content { authorized_ip_ranges = var.api_server_access_profile.authorized_ip_ranges - vnet_integration_enabled = var.api_server_access_profile.vnet_integration_enabled - subnet_id = var.api_server_access_profile.subnet_id + # vnet_integration_enabled = var.api_server_access_profile.vnet_integration_enabled + # subnet_id = var.api_server_access_profile.subnet_id } } @@ -333,7 +333,6 @@ resource "azurerm_kubernetes_cluster" "aks" { dynamic "azure_active_directory_role_based_access_control" { for_each = var.role_based_access_control == null ? [] : var.role_based_access_control content { - managed = azure_active_directory_role_based_access_control.value.managed tenant_id = azure_active_directory_role_based_access_control.value.tenant_id admin_group_object_ids = !azure_active_directory_role_based_access_control.value.azure_rbac_enabled ? var.admin_group_id : null azure_rbac_enabled = azure_active_directory_role_based_access_control.value.azure_rbac_enabled @@ -343,7 +342,7 @@ resource "azurerm_kubernetes_cluster" "aks" { name = local.default_node_pool.name node_count = local.default_node_pool.count vm_size = local.default_node_pool.vm_size - enable_auto_scaling = local.default_node_pool.enable_auto_scaling + auto_scaling_enabled = local.default_node_pool.enable_auto_scaling min_count = local.default_node_pool.min_count max_count = local.default_node_pool.max_count max_pods = local.default_node_pool.max_pods @@ -352,7 +351,7 @@ resource "azurerm_kubernetes_cluster" "aks" { type = local.default_node_pool.type vnet_subnet_id = local.default_node_pool.vnet_subnet_id temporary_name_for_rotation = var.temporary_name_for_rotation - enable_host_encryption = local.default_node_pool.enable_host_encryption + host_encryption_enabled = local.default_node_pool.enable_host_encryption dynamic "upgrade_settings" { for_each = local.default_node_pool.max_surge == null ? [] : ["upgrade_settings"] @@ -387,6 +386,7 @@ resource "azurerm_kubernetes_cluster" "aks" { mode = var.service_mesh_profile.mode external_ingress_gateway_enabled = var.service_mesh_profile.external_ingress_gateway_enabled internal_ingress_gateway_enabled = var.service_mesh_profile.internal_ingress_gateway_enabled + revisions = var.service_mesh_profile.internal_ingress_gateway_enabled.revisions } } dynamic "service_principal" { @@ -403,7 +403,7 @@ resource "azurerm_kubernetes_cluster" "aks" { content { blob_driver_enabled = var.storage_profile.blob_driver_enabled disk_driver_enabled = var.storage_profile.disk_driver_enabled - disk_driver_version = var.storage_profile.disk_driver_version + # disk_driver_version = var.storage_profile.disk_driver_version file_driver_enabled = var.storage_profile.file_driver_enabled snapshot_controller_enabled = var.storage_profile.snapshot_controller_enabled } @@ -512,13 +512,13 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pools" { os_disk_type = local.nodes_pools[count.index].os_disk_type os_disk_size_gb = local.nodes_pools[count.index].os_disk_size_gb vnet_subnet_id = local.nodes_pools[count.index].vnet_subnet_id - enable_auto_scaling = local.nodes_pools[count.index].enable_auto_scaling - enable_host_encryption = local.nodes_pools[count.index].enable_host_encryption + auto_scaling_enabled = local.nodes_pools[count.index].enable_auto_scaling + host_encryption_enabled = local.nodes_pools[count.index].enable_host_encryption node_count = local.nodes_pools[count.index].count min_count = local.nodes_pools[count.index].min_count max_count = local.nodes_pools[count.index].max_count max_pods = local.nodes_pools[count.index].max_pods - enable_node_public_ip = local.nodes_pools[count.index].enable_node_public_ip + node_public_ip_enabled = local.nodes_pools[count.index].enable_node_public_ip mode = local.nodes_pools[count.index].mode orchestrator_version = local.nodes_pools[count.index].orchestrator_version node_taints = local.nodes_pools[count.index].node_taints @@ -616,7 +616,7 @@ resource "azurerm_role_assignment" "aks_system_identity" { count = var.enabled && var.cmk_enabled ? 1 : 0 principal_id = azurerm_kubernetes_cluster.aks[0].identity[0].principal_id scope = azurerm_disk_encryption_set.main[0].id - role_definition_name = "Key Vault Crypto Service Encryption User" + role_definition_name = "Reader" } # Allow aks system indentiy access to ACR @@ -796,7 +796,7 @@ resource "azurerm_monitor_diagnostic_setting" "aks_diag" { } } lifecycle { - ignore_changes = [log_analytics_destination_type] + ignore_changes = [target_resource_id, log_analytics_destination_type] } } @@ -838,7 +838,7 @@ resource "azurerm_monitor_diagnostic_setting" "pip_aks" { } lifecycle { - ignore_changes = [log_analytics_destination_type] + ignore_changes = [target_resource_id, log_analytics_destination_type] } } @@ -873,7 +873,7 @@ resource "azurerm_monitor_diagnostic_setting" "aks-nsg" { } lifecycle { - ignore_changes = [log_analytics_destination_type] + ignore_changes = [target_resource_id,log_analytics_destination_type] } } @@ -908,7 +908,7 @@ resource "azurerm_monitor_diagnostic_setting" "aks-nic" { } lifecycle { - ignore_changes = [log_analytics_destination_type] + ignore_changes = [log_analytics_destination_type, log_analytics_destination_type] } } diff --git a/variables.tf b/variables.tf index 83ff639..7c87a34 100644 --- a/variables.tf +++ b/variables.tf @@ -453,6 +453,7 @@ variable "service_mesh_profile" { mode = string internal_ingress_gateway_enabled = optional(bool, true) external_ingress_gateway_enabled = optional(bool, true) + revisions = list(string) }) default = null description = <<-EOT From e697b6cc25002bc9172926d8b8413d9761c4bdae Mon Sep 17 00:00:00 2001 From: Deepak Verma Date: Wed, 27 Nov 2024 23:08:37 +0530 Subject: [PATCH 2/3] fmt run --- main.tf | 20 ++++++++++---------- variables.tf | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index 91ba935..27250a6 100644 --- a/main.tf +++ b/main.tf @@ -96,7 +96,7 @@ resource "azurerm_kubernetes_cluster" "aks" { vm_size = var.agents_size auto_scaling_enabled = var.enable_auto_scaling host_encryption_enabled = var.enable_host_encryption - node_public_ip_enabled = var.enable_node_public_ip + node_public_ip_enabled = var.enable_node_public_ip fips_enabled = var.default_node_pool_fips_enabled max_count = var.agents_max_count max_pods = var.agents_max_pods @@ -254,7 +254,7 @@ resource "azurerm_kubernetes_cluster" "aks" { for_each = var.api_server_access_profile != null ? [1] : [] content { - authorized_ip_ranges = var.api_server_access_profile.authorized_ip_ranges + authorized_ip_ranges = var.api_server_access_profile.authorized_ip_ranges # vnet_integration_enabled = var.api_server_access_profile.vnet_integration_enabled # subnet_id = var.api_server_access_profile.subnet_id } @@ -342,7 +342,7 @@ resource "azurerm_kubernetes_cluster" "aks" { name = local.default_node_pool.name node_count = local.default_node_pool.count vm_size = local.default_node_pool.vm_size - auto_scaling_enabled = local.default_node_pool.enable_auto_scaling + auto_scaling_enabled = local.default_node_pool.enable_auto_scaling min_count = local.default_node_pool.min_count max_count = local.default_node_pool.max_count max_pods = local.default_node_pool.max_pods @@ -351,7 +351,7 @@ resource "azurerm_kubernetes_cluster" "aks" { type = local.default_node_pool.type vnet_subnet_id = local.default_node_pool.vnet_subnet_id temporary_name_for_rotation = var.temporary_name_for_rotation - host_encryption_enabled = local.default_node_pool.enable_host_encryption + host_encryption_enabled = local.default_node_pool.enable_host_encryption dynamic "upgrade_settings" { for_each = local.default_node_pool.max_surge == null ? [] : ["upgrade_settings"] @@ -401,8 +401,8 @@ resource "azurerm_kubernetes_cluster" "aks" { for_each = var.storage_profile_enabled ? ["storage_profile"] : [] content { - blob_driver_enabled = var.storage_profile.blob_driver_enabled - disk_driver_enabled = var.storage_profile.disk_driver_enabled + blob_driver_enabled = var.storage_profile.blob_driver_enabled + disk_driver_enabled = var.storage_profile.disk_driver_enabled # disk_driver_version = var.storage_profile.disk_driver_version file_driver_enabled = var.storage_profile.file_driver_enabled snapshot_controller_enabled = var.storage_profile.snapshot_controller_enabled @@ -512,13 +512,13 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pools" { os_disk_type = local.nodes_pools[count.index].os_disk_type os_disk_size_gb = local.nodes_pools[count.index].os_disk_size_gb vnet_subnet_id = local.nodes_pools[count.index].vnet_subnet_id - auto_scaling_enabled = local.nodes_pools[count.index].enable_auto_scaling - host_encryption_enabled = local.nodes_pools[count.index].enable_host_encryption + auto_scaling_enabled = local.nodes_pools[count.index].enable_auto_scaling + host_encryption_enabled = local.nodes_pools[count.index].enable_host_encryption node_count = local.nodes_pools[count.index].count min_count = local.nodes_pools[count.index].min_count max_count = local.nodes_pools[count.index].max_count max_pods = local.nodes_pools[count.index].max_pods - node_public_ip_enabled = local.nodes_pools[count.index].enable_node_public_ip + node_public_ip_enabled = local.nodes_pools[count.index].enable_node_public_ip mode = local.nodes_pools[count.index].mode orchestrator_version = local.nodes_pools[count.index].orchestrator_version node_taints = local.nodes_pools[count.index].node_taints @@ -873,7 +873,7 @@ resource "azurerm_monitor_diagnostic_setting" "aks-nsg" { } lifecycle { - ignore_changes = [target_resource_id,log_analytics_destination_type] + ignore_changes = [target_resource_id, log_analytics_destination_type] } } diff --git a/variables.tf b/variables.tf index 7c87a34..b6902e5 100644 --- a/variables.tf +++ b/variables.tf @@ -453,7 +453,7 @@ variable "service_mesh_profile" { mode = string internal_ingress_gateway_enabled = optional(bool, true) external_ingress_gateway_enabled = optional(bool, true) - revisions = list(string) + revisions = list(string) }) default = null description = <<-EOT From 7f5980b33223bbfc39885c54bc1bdc40147dab9a Mon Sep 17 00:00:00 2001 From: Deepak Verma Date: Wed, 4 Dec 2024 15:42:30 +0530 Subject: [PATCH 3/3] remove commented attributes --- examples/aks_with_microsoft_entra_id/example.tf | 15 ++++++++++----- examples/aks_with_microsoft_entra_id/versions.tf | 2 +- examples/basic/example.tf | 1 + examples/basic/versions.tf | 4 ++-- examples/complete/example.tf | 2 +- main.tf | 7 ++----- 6 files changed, 17 insertions(+), 14 deletions(-) diff --git a/examples/aks_with_microsoft_entra_id/example.tf b/examples/aks_with_microsoft_entra_id/example.tf index a8e0bf0..d7e04b4 100644 --- a/examples/aks_with_microsoft_entra_id/example.tf +++ b/examples/aks_with_microsoft_entra_id/example.tf @@ -1,5 +1,6 @@ provider "azurerm" { features {} + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } data "azurerm_client_config" "current_client_config" {} @@ -7,7 +8,7 @@ module "resource_group" { source = "clouddrove/resource-group/azure" version = "1.0.2" - name = "Public-app" + name = "app-aks" environment = "test" label_order = ["name", "environment", ] location = "Canada Central" @@ -52,7 +53,7 @@ module "subnet" { module "log-analytics" { source = "clouddrove/log-analytics/azure" - version = "1.0.1" + version = "2.0.0" name = "app" environment = "test" label_order = ["name", "environment"] @@ -63,9 +64,13 @@ module "log-analytics" { } module "vault" { + providers = { + azurerm.dns_sub = azurerm, #chagnge this to other alias if dns hosted in other subscription. + azurerm.main_sub = azurerm + } source = "clouddrove/key-vault/azure" - version = "1.1.0" - name = "apptestwvshaks" + version = "1.2.0" + name = "appakstestcd222" #environment = local.environment resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location @@ -97,7 +102,7 @@ module "aks" { resource_group_name = module.resource_group.resource_group_name location = module.resource_group.resource_group_location - kubernetes_version = "1.27.7" + kubernetes_version = "1.30.5" private_cluster_enabled = false default_node_pool = { name = "agentpool1" diff --git a/examples/aks_with_microsoft_entra_id/versions.tf b/examples/aks_with_microsoft_entra_id/versions.tf index 18fc9ba..a32fb80 100644 --- a/examples/aks_with_microsoft_entra_id/versions.tf +++ b/examples/aks_with_microsoft_entra_id/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=3.112.0" } } } diff --git a/examples/basic/example.tf b/examples/basic/example.tf index 8eca4c8..72d9f46 100644 --- a/examples/basic/example.tf +++ b/examples/basic/example.tf @@ -1,5 +1,6 @@ provider "azurerm" { features {} + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } module "aks" { diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf index f3fa032..a32fb80 100644 --- a/examples/basic/versions.tf +++ b/examples/basic/versions.tf @@ -7,7 +7,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.112.0" + version = ">=3.112.0" } } -} \ No newline at end of file +} diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 069d467..550d0da 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -1,6 +1,6 @@ provider "azurerm" { features {} - subscription_id = "2334-12-343-23-##-34343" + subscription_id = "000001-11111-1223-XXX-XXXXXXXXXXXX" } data "azurerm_client_config" "current_client_config" {} diff --git a/main.tf b/main.tf index 27250a6..f20f51c 100644 --- a/main.tf +++ b/main.tf @@ -255,8 +255,6 @@ resource "azurerm_kubernetes_cluster" "aks" { content { authorized_ip_ranges = var.api_server_access_profile.authorized_ip_ranges - # vnet_integration_enabled = var.api_server_access_profile.vnet_integration_enabled - # subnet_id = var.api_server_access_profile.subnet_id } } @@ -401,9 +399,8 @@ resource "azurerm_kubernetes_cluster" "aks" { for_each = var.storage_profile_enabled ? ["storage_profile"] : [] content { - blob_driver_enabled = var.storage_profile.blob_driver_enabled - disk_driver_enabled = var.storage_profile.disk_driver_enabled - # disk_driver_version = var.storage_profile.disk_driver_version + blob_driver_enabled = var.storage_profile.blob_driver_enabled + disk_driver_enabled = var.storage_profile.disk_driver_enabled file_driver_enabled = var.storage_profile.file_driver_enabled snapshot_controller_enabled = var.storage_profile.snapshot_controller_enabled }