Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/terraform/hashicorp/azuread-tw-3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Carus11 authored Dec 30, 2024
2 parents d846854 + fca6e59 commit 7dc2129
Show file tree
Hide file tree
Showing 25 changed files with 111 additions and 308 deletions.
9 changes: 4 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ARG TERRAFORM_VERSION=1.8.2
ARG AZURECLI_VERSION=2.59.0
ARG TERRAFORM_VERSION=1.9.6
ARG AZURECLI_VERSION=2.64.0

FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
Expand All @@ -10,9 +10,8 @@ WORKDIR /viya4-iac-azure
COPY --from=terraform /bin/terraform /bin/terraform
COPY . .

RUN apk update \
&& apk upgrade \
&& apk add --no-cache git openssh curl\
RUN yum -y install git openssh jq which curl \
&& yum clean all && rm -rf /var/cache/yum \
&& curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
&& chmod 755 ./kubectl /viya4-iac-azure/docker-entrypoint.sh \
&& mv ./kubectl /usr/local/bin/kubectl \
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.

#### Terraform Requirements:
- [Terraform](https://www.terraform.io/downloads.html) - v1.8.2
- [Terraform](https://www.terraform.io/downloads.html) - v1.9.6
- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.29.7
- [jq](https://stedolan.github.io/jq/) - v1.6
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.59.0
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.64.0

#### Docker Requirements:
- [Docker](https://docs.docker.com/get-docker/)
Expand Down
6 changes: 3 additions & 3 deletions container-structure-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ fileExistenceTests:
shouldExist: true
permissions: '-rwxr-xr-x'
- name: 'azure-cli'
path: '/usr/local/bin/az'
path: '/usr/bin/az'
shouldExist: true
permissions: '-rwxr-xr-x'

commandTests:
- name: "terraform version"
command: "terraform"
args: ["--version"]
expectedOutput: ["Terraform v1.8.2"]
expectedOutput: ["Terraform v1.9.6"]
- name: "python version"
command: "python3"
args: ["--version"]
Expand All @@ -29,7 +29,7 @@ commandTests:
- -c
- |
az version -o tsv
expectedOutput: ["2.59.0\t2.59.0\t1.1.0"]
expectedOutput: ["2.64.0\t2.64.0\t1.1.0"]

metadataTest:
workdir: "/viya4-iac-azure"
Expand Down
6 changes: 3 additions & 3 deletions docs/CONFIG-VARS.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,22 +127,22 @@ The default values for the `subnets` variable are as follows:
aks = {
"prefixes": ["192.168.0.0/23"],
"service_endpoints": ["Microsoft.Sql"],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {},
}
misc = {
"prefixes": ["192.168.2.0/24"],
"service_endpoints": ["Microsoft.Sql"],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {},
}
## If using ha storage then the following is also added
netapp = {
"prefixes": ["192.168.3.0/24"],
"service_endpoints": [],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {
netapp = {
Expand Down
8 changes: 4 additions & 4 deletions examples/sample-input-postgres.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -43,21 +43,21 @@ postgres_servers = {
# aks = {
# "prefixes" : ["192.168.0.0/23"],
# "service_endpoints" : ["Microsoft.Sql"],
# "private_endpoint_network_policies_enabled" : true,
# "private_endpoint_network_policies" : "Enabled",
# "private_link_service_network_policies_enabled" : false,
# "service_delegations" : {},
# }
# misc = {
# "prefixes" : ["192.168.2.0/24"],
# "service_endpoints" : ["Microsoft.Sql"],
# "private_endpoint_network_policies_enabled" : true,
# "private_endpoint_network_policies" : "Enabled",
# "private_link_service_network_policies_enabled" : false,
# "service_delegations" : {},
# }
# netapp = {
# "prefixes" : ["192.168.3.0/24"],
# "service_endpoints" : [],
# "private_endpoint_network_policies_enabled" : false,
# "private_endpoint_network_policies" : "Disabled",
# "private_link_service_network_policies_enabled" : false,
# "service_delegations" : {
# netapp = {
Expand All @@ -69,7 +69,7 @@ postgres_servers = {
# postgresql = {
# "prefixes": ["192.168.4.0/24"],
# "service_endpoints": ["Microsoft.Sql"],
# "private_endpoint_network_policies_enabled": true,
# "private_endpoint_network_policies": "Enabled",
# "private_link_service_network_policies_enabled": false,
# "service_delegations": {
# flexpostgres = {
Expand Down
6 changes: 3 additions & 3 deletions examples/sample-input-singlestore.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -133,22 +133,22 @@ subnets = {
aks = {
"prefixes": ["192.168.0.0/21"],
"service_endpoints": ["Microsoft.Sql"],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {},
}
misc = {
"prefixes": ["192.168.8.0/24"],
"service_endpoints": ["Microsoft.Sql"],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {},
}
## If using ha storage then the following is also added
netapp = {
"prefixes": ["192.168.9.0/24"],
"service_endpoints": [],
"private_endpoint_network_policies_enabled": false,
"private_endpoint_network_policies": "Disabled",
"private_link_service_network_policies_enabled": false,
"service_delegations": {
netapp = {
Expand Down
3 changes: 2 additions & 1 deletion linting-configs/.hadolint.yaml
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
ignored:
- DL3018 # https://github.com/hadolint/hadolint/wiki/DL3018
# Specify version with yum install -y <package>-<version> - https://github.com/hadolint/hadolint/wiki/DL3033
- DL3033
32 changes: 8 additions & 24 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,6 @@ module "aks" {
aks_network_policy = var.aks_network_policy
aks_network_plugin_mode = var.aks_network_plugin_mode
aks_dns_service_ip = var.aks_dns_service_ip
aks_docker_bridge_cidr = var.aks_docker_bridge_cidr
cluster_egress_type = local.cluster_egress_type
aks_pod_cidr = var.aks_pod_cidr
aks_service_cidr = var.aks_service_cidr
Expand Down Expand Up @@ -194,15 +193,13 @@ module "node_pools" {

for_each = var.node_pools

node_pool_name = each.key
aks_cluster_id = module.aks.cluster_id
vnet_subnet_id = module.vnet.subnets["aks"].id
machine_type = each.value.machine_type
fips_enabled = var.fips_enabled
os_disk_size = each.value.os_disk_size
# TODO: enable with azurerm v2.37.0
# os_disk_type = each.value.os_disk_type
enable_auto_scaling = each.value.min_nodes == each.value.max_nodes ? false : true
node_pool_name = each.key
aks_cluster_id = module.aks.cluster_id
vnet_subnet_id = module.vnet.subnets["aks"].id
machine_type = each.value.machine_type
fips_enabled = var.fips_enabled
os_disk_size = each.value.os_disk_size
auto_scaling_enabled = each.value.min_nodes == each.value.max_nodes ? false : true
node_count = each.value.min_nodes
min_nodes = each.value.min_nodes == each.value.max_nodes ? null : each.value.min_nodes
max_nodes = each.value.min_nodes == each.value.max_nodes ? null : each.value.max_nodes
Expand All @@ -212,7 +209,7 @@ module "node_pools" {
zones = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]
proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)
orchestrator_version = var.kubernetes_version
enable_host_encryption = var.aks_cluster_enable_host_encryption
host_encryption_enabled = var.aks_cluster_enable_host_encryption
tags = var.tags
}

Expand Down Expand Up @@ -260,19 +257,6 @@ module "netapp" {
depends_on = [module.vnet]
}

module "message_broker" {
source = "./modules/azurerm_message_broker"
count = var.create_azure_message_broker ? 1 : 0

resource_group_name = local.aks_rg.name
location = var.location
prefix = var.prefix
message_broker_sku = var.message_broker_sku
message_broker_name = var.message_broker_name
message_broker_capacity = var.message_broker_capacity
tags = var.tags
}

data "external" "git_hash" {
program = ["${path.module}/files/tools/iac_git_info.sh"]
}
Expand Down
55 changes: 25 additions & 30 deletions modules/aks_node_pool/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,57 +4,52 @@
# Reference: https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster_node_pool.html

resource "azurerm_kubernetes_cluster_node_pool" "autoscale_node_pool" {
count = var.enable_auto_scaling ? 1 : 0
count = var.auto_scaling_enabled ? 1 : 0
name = var.node_pool_name
kubernetes_cluster_id = var.aks_cluster_id
vnet_subnet_id = var.vnet_subnet_id
zones = var.zones
fips_enabled = var.fips_enabled
enable_host_encryption = var.enable_host_encryption
host_encryption_enabled = var.host_encryption_enabled
proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
vm_size = var.machine_type
os_disk_size_gb = var.os_disk_size
# TODO: enable after azurerm v2.37.0
# os_disk_type = var.os_disk_type
os_type = var.os_type
enable_auto_scaling = var.enable_auto_scaling
# Still in preview, revisit if needed later - https://docs.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools-preview
# enable_node_public_ip = var.enable_node_public_ip
node_count = var.node_count
max_count = var.max_nodes
min_count = var.min_nodes
max_pods = var.max_pods
node_labels = var.node_labels
node_taints = var.node_taints
orchestrator_version = var.orchestrator_version
tags = var.tags
os_type = var.os_type
auto_scaling_enabled = var.auto_scaling_enabled
node_public_ip_enabled = var.node_public_ip_enabled
node_count = var.node_count
max_count = var.max_nodes
min_count = var.min_nodes
max_pods = var.max_pods
node_labels = var.node_labels
node_taints = var.node_taints
orchestrator_version = var.orchestrator_version
tags = var.tags

lifecycle {
ignore_changes = [node_count]
}
}

resource "azurerm_kubernetes_cluster_node_pool" "static_node_pool" {
count = var.enable_auto_scaling ? 0 : 1
count = var.auto_scaling_enabled ? 0 : 1
name = var.node_pool_name
kubernetes_cluster_id = var.aks_cluster_id
vnet_subnet_id = var.vnet_subnet_id
zones = var.zones
fips_enabled = var.fips_enabled
enable_host_encryption = var.enable_host_encryption
host_encryption_enabled = var.host_encryption_enabled
proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
vm_size = var.machine_type
os_disk_size_gb = var.os_disk_size
# TODO: enable after azurerm v2.37.0
# os_disk_type = var.os_disk_type
os_type = var.os_type
enable_auto_scaling = var.enable_auto_scaling
node_count = var.node_count
max_count = var.max_nodes
min_count = var.min_nodes
max_pods = var.max_pods
node_labels = var.node_labels
node_taints = var.node_taints
orchestrator_version = var.orchestrator_version
tags = var.tags
os_type = var.os_type
auto_scaling_enabled = var.auto_scaling_enabled
node_count = var.node_count
max_count = var.max_nodes
min_count = var.min_nodes
max_pods = var.max_pods
node_labels = var.node_labels
node_taints = var.node_taints
orchestrator_version = var.orchestrator_version
tags = var.tags
}
37 changes: 8 additions & 29 deletions modules/aks_node_pool/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ variable "fips_enabled" {
default = false
}

variable "enable_host_encryption" {
variable "host_encryption_enabled" {
description = "Enables host encryption on all the nodes in the Node Pool. Changing this forces a new resource to be created."
type = bool
default = false
Expand All @@ -46,13 +46,6 @@ variable "os_disk_size" {
default = 100
}

# TODO: enable after azurerm v2.37.0
# variable "os_disk_type" {
# description = "The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created"
# type = string
# default = "Managed"
# }

variable "os_type" {
description = "The Operating System which should be used for this Node Pool. Changing this forces a new resource to be created. Possible values are Linux and Windows. Defaults to Linux"
type = string
Expand All @@ -65,12 +58,18 @@ variable "node_count" {
default = 1
}

variable "enable_auto_scaling" {
variable "auto_scaling_enabled" {
description = "Whether to enable auto-scaler."
type = bool
default = false
}

variable "node_public_ip_enabled" {
description = "Should nodes in this Node Pool have a Public IP Address"
type = bool
default = false
}

variable "max_pods" {
description = "The maximum number of pods that can run on each agent. Changing this forces a new resource to be created."
type = number
Expand Down Expand Up @@ -116,23 +115,3 @@ variable "proximity_placement_group_id" {
type = string
default = ""
}

# For future - https://docs.microsoft.com/en-us/azure/aks/spot-node-pool
#
# variable "priority" {
# description = "The Priority for Virtual Machines within the Virtual Machine Scale Set that powers this Node Pool. Possible values are Regular and Spot. Defaults to Regular. Changing this forces a new resource to be created."
# type = string
# default = "Regular"
# }

# variable "eviction_policy" {
# description = "The Eviction Policy which should be used for Virtual Machines within the Virtual Machine Scale Set powering this Node Pool. Possible values are Deallocate and Delete. Changing this forces a new resource to be created. An Eviction Policy can only be configured when priority is set to Spot"
# type = string
# default = null
# }

# variable "spot_max_price" {
# description = "The maximum price you're willing to pay in USD per Virtual Machine. Valid values are -1 (the current on-demand price for a Virtual Machine) or a positive value with up to five decimal places. Changing this forces a new resource to be created."
# type = number
# default = -1
# }
Loading

0 comments on commit 7dc2129

Please sign in to comment.