From ae140deeea1c8e0cc054fbc4379b7f17dc2a3059 Mon Sep 17 00:00:00 2001 From: Flavio Bernasconi <51084281+flavio-bernasconi@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:07:26 +0100 Subject: [PATCH] Update terraform providers (#271) * Update Terraform provider --------- Co-authored-by: daniele --- terraform/gitlab/main.tf | 2 +- terraform/terraform-cloud/main.tf | 16 +++++++---- terraform/vault/main.tf | 4 +-- .../terraform/base/digitalocean-k8s/main.tf | 2 +- .../base/digitalocean-k8s/variables.tf | 4 +-- .../cluster/digitalocean-k8s/main.tf | 9 +++--- .../modules/kubernetes/metrics/main.tf | 12 +++++--- .../modules/kubernetes/traefik/main.tf | 15 ++++++---- .../terraform/cluster/other-k8s/main.tf | 7 +++-- .../environment/digitalocean-k8s/main.tf | 6 ++-- .../environment/digitalocean-k8s/variables.tf | 6 ++-- .../kubernetes/database-dump-cronjob/main.tf | 2 +- .../modules/kubernetes/monitoring/main.tf | 13 +++++---- .../modules/kubernetes/postgres/main.tf | 4 +-- .../modules/kubernetes/redis/main.tf | 4 +-- .../modules/kubernetes/routing/main.tf | 28 +++++++++---------- .../modules/kubernetes/routing/variables.tf | 14 +++++----- .../terraform/environment/other-k8s/main.tf | 6 ++-- .../environment/other-k8s/variables.tf | 5 ++-- 19 files changed, 88 insertions(+), 71 deletions(-) diff --git a/terraform/gitlab/main.tf b/terraform/gitlab/main.tf index 41c3f060..a051f816 100644 --- a/terraform/gitlab/main.tf +++ b/terraform/gitlab/main.tf @@ -30,7 +30,7 @@ terraform { required_providers { gitlab = { source = "gitlabhq/gitlab" - version = "~> 3.18" + version = "~> 16.10.0" } } } diff --git a/terraform/terraform-cloud/main.tf b/terraform/terraform-cloud/main.tf index 2f9e7206..f4c51d87 100644 --- a/terraform/terraform-cloud/main.tf +++ b/terraform/terraform-cloud/main.tf @@ -43,7 +43,7 @@ terraform { required_providers { tfe = { source = "hashicorp/tfe" - version = "~> 0.37" + version = "~> 0.53" } } } @@ -70,12 +70,16 @@ resource "tfe_organization" "main" { /* Workspaces */ -resource "tfe_workspace" "test" { +resource "tfe_workspace" "main" { for_each = { for i in local.workspaces : i.name => i } - name = each.value.name - description = each.value.description - organization = local.organization.name + name = each.value.name + description = each.value.description + organization = local.organization.name + tag_names = each.value.tags +} + +resource "tfe_workspace_settings" "main-settings" { + workspace_id = tfe_workspace.main.id execution_mode = "local" - tag_names = each.value.tags } diff --git a/terraform/vault/main.tf b/terraform/vault/main.tf index 56ffaadf..4e135e5c 100644 --- a/terraform/vault/main.tf +++ b/terraform/vault/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { vault = { source = "hashicorp/vault" - version = "~>3.11.0" + version = "~> 4.2.0" } } } @@ -16,7 +16,7 @@ provider "vault" { token = var.vault_token dynamic "auth_login_oidc" { - for_each = var.vault_token == "" ? ["default"] : [] + for_each = toset(var.vault_token == "" ? ["default"] : []) content { role = auth_login_oidc.value diff --git a/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/main.tf index 0329e02b..30cbd538 100644 --- a/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/main.tf @@ -24,7 +24,7 @@ terraform { required_providers { digitalocean = { source = "digitalocean/digitalocean" - version = "~> 2.22" + version = "~> 2.36" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf index bbe4827f..131ccb14 100644 --- a/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf +++ b/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf @@ -66,13 +66,13 @@ variable "k8s_cluster_node_min_vcpus" { variable "k8s_cluster_node_max_memory" { description = "The DigitalOcean Kubernetes nodes candidate maximum memory (in GB)." type = number - default = 16 + default = 256 } variable "k8s_cluster_node_max_vcpus" { description = "The DigitalOcean Kubernetes nodes candidate maximum number of vCPUs." type = number - default = 4 + default = 48 } variable "k8s_cluster_node_size" { diff --git a/{{cookiecutter.project_dirname}}/terraform/cluster/digitalocean-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/cluster/digitalocean-k8s/main.tf index 5a442444..b5e29998 100644 --- a/{{cookiecutter.project_dirname}}/terraform/cluster/digitalocean-k8s/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/cluster/digitalocean-k8s/main.tf @@ -6,15 +6,15 @@ terraform { required_providers { digitalocean = { source = "digitalocean/digitalocean" - version = "~> 2.22" + version = "~> 2.36" } helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } @@ -64,8 +64,9 @@ module "traefik" { resource "helm_release" "reloader" { name = "reloader" - chart = "reloader" repository = "https://stakater.github.io/stakater-charts" + chart = "reloader" + version = "1.0.74" } /* Metrics */ diff --git a/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/metrics/main.tf b/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/metrics/main.tf index 03bd2116..e90fc289 100644 --- a/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/metrics/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/metrics/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } } } @@ -11,11 +11,13 @@ terraform { resource "helm_release" "metrics_server" { name = "metrics-server" - namespace = "metrics-server" repository = "https://kubernetes-sigs.github.io/metrics-server" chart = "metrics-server" + version = "3.12.0" + + namespace = "metrics-server" + create_namespace = true - version = "3.8.2" values = [file("${path.module}/metrics-server/values.yaml")] } @@ -24,7 +26,9 @@ resource "helm_release" "metrics_server" { resource "helm_release" "kube_state_metrics" { name = "kube-state-metrics" - namespace = "kube-system" repository = "https://charts.bitnami.com/bitnami" chart = "kube-state-metrics" + version = "3.16.2" + + namespace = "kube-system" } diff --git a/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/traefik/main.tf b/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/traefik/main.tf index 97cf3047..1c4ea749 100644 --- a/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/traefik/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/cluster/modules/kubernetes/traefik/main.tf @@ -2,23 +2,25 @@ terraform { required_providers { helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } resource "helm_release" "traefik" { name = "traefik" + repository = "https://traefik.github.io/charts" chart = "traefik" + version = var.traefik_helm_chart_version + namespace = "traefik" create_namespace = true - repository = "https://traefik.github.io/charts" + timeout = 900 - version = var.traefik_helm_chart_version values = [ file("${path.module}/values.yaml"), @@ -40,11 +42,12 @@ resource "helm_release" "cert_manager" { count = var.letsencrypt_certificate_email != "" ? 1 : 0 name = "cert-manager" + repository = "https://charts.jetstack.io" chart = "cert-manager" + version = "1.14.4" + namespace = "cert-manager" create_namespace = true - repository = "https://charts.jetstack.io" - version = "1.14.4" set { name = "installCRDs" diff --git a/{{cookiecutter.project_dirname}}/terraform/cluster/other-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/cluster/other-k8s/main.tf index 92d90571..8db3563d 100644 --- a/{{cookiecutter.project_dirname}}/terraform/cluster/other-k8s/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/cluster/other-k8s/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } @@ -39,8 +39,9 @@ module "traefik" { resource "helm_release" "reloader" { name = "reloader" - chart = "reloader" repository = "https://stakater.github.io/stakater-charts" + chart = "reloader" + version = "1.0.74" } /* Metrics */ diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf index d7e1806b..a60ffe45 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf @@ -25,15 +25,15 @@ terraform { required_providers { digitalocean = { source = "digitalocean/digitalocean" - version = "~> 2.22" + version = "~> 2.36" } helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf index f1dff961..f7849a11 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf @@ -128,7 +128,7 @@ variable "grafana_user" { variable "grafana_version" { description = "The Grafana version." type = string - default = "9.4.1" + default = "10.2.0" } variable "letsencrypt_certificate_email" { @@ -231,14 +231,14 @@ variable "subdomains" { } variable "tls_certificate_crt" { - description = "The TLS certificate .crt file content." + description = "The base64-encoded PEM-formatted TLS full certificate." type = string sensitive = true default = "" } variable "tls_certificate_key" { - description = "The TLS certificate .key file content." + description = "The base64-encoded PEM-formatted TLS private key." type = string sensitive = true default = "" diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/database-dump-cronjob/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/database-dump-cronjob/main.tf index 0642d882..ae9e9a76 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/database-dump-cronjob/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/database-dump-cronjob/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf index fdc2472c..029b1be8 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf @@ -17,11 +17,11 @@ terraform { required_providers { helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } @@ -36,10 +36,11 @@ resource "kubernetes_namespace_v1" "log_storage" { resource "helm_release" "loki" { name = "loki" - namespace = local.namespace repository = "https://grafana.github.io/helm-charts" chart = "loki-stack" - version = "2.9.10" + version = "2.10.2" + + namespace = local.namespace values = [ file("${path.module}/loki/values.yaml"), @@ -79,9 +80,11 @@ resource "kubernetes_config_map_v1" "k8s_logs_dashboard" { resource "helm_release" "grafana" { name = "grafana" - namespace = local.namespace repository = "https://grafana.github.io/helm-charts" chart = "grafana" + version = "7.3.7" + + namespace = local.namespace values = [file("${path.module}/grafana/values.yaml")] diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/postgres/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/postgres/main.tf index 87c563bc..ff43f890 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/postgres/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/postgres/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } random = { source = "hashicorp/random" - version = "~> 3.4" + version = "~> 3.6" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/redis/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/redis/main.tf index 9180c554..4d8fae08 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/redis/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/redis/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } random = { source = "hashicorp/random" - version = "~> 3.4" + version = "~> 3.6" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf index 87fa0b6c..ba244d22 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf @@ -32,7 +32,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } } } @@ -59,16 +59,16 @@ resource "kubernetes_manifest" "traefik_basic_auth_middleware" { count = var.basic_auth_enabled && local.basic_auth_ready ? 1 : 0 manifest = { - "apiVersion" = "traefik.containo.us/v1alpha1" - "kind" = "Middleware" - "metadata" = { - "name" = "traefik-basic-auth" - "namespace" = var.namespace + apiVersion = "traefik.io/v1alpha1" + kind = "Middleware" + metadata = { + name = "traefik-basic-auth" + namespace = var.namespace } - "spec" = { - "basicAuth" = { - "removeHeader" = true - "secret" = kubernetes_secret_v1.traefik_basic_auth[0].metadata[0].name + spec = { + basicAuth = { + removeHeader = true + secret = kubernetes_secret_v1.traefik_basic_auth[0].metadata[0].name } } } @@ -152,7 +152,7 @@ resource "kubernetes_manifest" "certificate" { resource "kubernetes_manifest" "main_ingress_route" { manifest = { - apiVersion = "traefik.containo.us/v1alpha1" + apiVersion = "traefik.io/v1alpha1" kind = "IngressRoute" metadata = { name = "main" @@ -213,7 +213,7 @@ resource "kubernetes_manifest" "monitoring_ingress_route" { count = local.monitoring_domain != "" ? 1 : 0 manifest = { - apiVersion = "traefik.containo.us/v1alpha1" + apiVersion = "traefik.io/v1alpha1" kind = "IngressRoute" metadata = { name = "monitoring" @@ -266,7 +266,7 @@ resource "kubernetes_manifest" "metrics_basic_auth_middleware" { count = local.basic_auth_ready ? 1 : 0 manifest = { - apiVersion = "traefik.containo.us/v1alpha1" + apiVersion = "traefik.io/v1alpha1" kind = "Middleware" metadata = { name = "metrics-basic-auth-${var.env_slug}" @@ -284,7 +284,7 @@ resource "kubernetes_manifest" "metrics_basic_auth_middleware" { resource "kubernetes_manifest" "metrics_ingress_route" { manifest = { - apiVersion = "traefik.containo.us/v1alpha1" + apiVersion = "traefik.io/v1alpha1" kind = "IngressRoute" metadata = { name = "metrics-${var.env_slug}" diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf index 4d5464f0..4c5a2969 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf @@ -102,28 +102,28 @@ variable "secondary_domains" { description = "An optional list of secondary domains to redirect to the main one." type = list(string) default = [] - - validation { - condition = length(var.subdomains) > 0 - error_message = "At least one subdomain must be specified." - } } variable "subdomains" { description = "The subdomains associated to the environment." type = list(string) default = [] + + validation { + condition = length(var.subdomains) > 0 + error_message = "At least one subdomain must be specified." + } } variable "tls_certificate_crt" { - description = "The TLS certificate .crt file content." + description = "The base64-encoded PEM-formatted TLS full certificate." type = string sensitive = true default = "" } variable "tls_certificate_key" { - description = "The TLS certificate .key file content." + description = "The base64-encoded PEM-formatted TLS private key." type = string sensitive = true default = "" diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf index 528b1a88..7adcfc20 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf @@ -17,15 +17,15 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.13" + version = "~> 2.27" } helm = { source = "hashicorp/helm" - version = "~> 2.6" + version = "~> 2.12" } random = { source = "hashicorp/random" - version = "~> 3.4" + version = "~> 3.6" } } } diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf index e8f975fd..852a956f 100644 --- a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf +++ b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf @@ -247,19 +247,20 @@ variable "subdomains" { } variable "tls_certificate_crt" { - description = "The TLS certificate .crt file content." + description = "The base64-encoded PEM-formatted TLS full certificate." type = string sensitive = true default = "" } variable "tls_certificate_key" { - description = "The TLS certificate .key file content." + description = "The base64-encoded PEM-formatted TLS private key." type = string sensitive = true default = "" } + variable "use_redis" { description = "Tell if a Redis service is used." type = bool