From 0a91d9569fbe318bc72a4df764fa7bef590f5c05 Mon Sep 17 00:00:00 2001 From: Saverio Proto Date: Thu, 31 Oct 2024 14:10:07 +0100 Subject: [PATCH 1/4] Upgrade to azurerm provider version 4 --- README.md | 6 +-- examples/default/README.md | 4 +- examples/default/main.tf | 2 +- examples/with_availability_zone/README.md | 4 +- examples/with_availability_zone/main.tf | 2 +- examples/without_availability_zone/README.md | 4 +- examples/without_availability_zone/main.tf | 2 +- main.tf | 43 ++++++++++---------- terraform.tf | 2 +- 9 files changed, 35 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 85e159c..9b48a41 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ The following requirements are needed by this module: - [azapi](#requirement\_azapi) (>=2.0, < 3.0) -- [azurerm](#requirement\_azurerm) (>= 3.86.0, <4.0) +- [azurerm](#requirement\_azurerm) (>= 4, <5) - [modtm](#requirement\_modtm) (>= 0.3, < 1.0) @@ -364,9 +364,9 @@ The following Modules are called: ### [avm\_res\_containerregistry\_registry](#module\_avm\_res\_containerregistry\_registry) -Source: Azure/avm-res-containerregistry-registry/azurerm +Source: github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry -Version: 0.3.1 +Version: provider-v4 ## Data Collection diff --git a/examples/default/README.md b/examples/default/README.md index 1bd5a82..26099cb 100644 --- a/examples/default/README.md +++ b/examples/default/README.md @@ -9,7 +9,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } random = { source = "hashicorp/random" @@ -117,7 +117,7 @@ The following requirements are needed by this module: - [terraform](#requirement\_terraform) (>= 1.3.0) -- [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) +- [azurerm](#requirement\_azurerm) (>= 4, <5) - [random](#requirement\_random) (>= 3.5.0, < 4.0.0) diff --git a/examples/default/main.tf b/examples/default/main.tf index 9f8ffe5..026d784 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } random = { source = "hashicorp/random" diff --git a/examples/with_availability_zone/README.md b/examples/with_availability_zone/README.md index 1fba2e5..e4c5120 100644 --- a/examples/with_availability_zone/README.md +++ b/examples/with_availability_zone/README.md @@ -9,7 +9,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } } } @@ -127,7 +127,7 @@ The following requirements are needed by this module: - [terraform](#requirement\_terraform) (>= 1.3.0) -- [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) +- [azurerm](#requirement\_azurerm) (>= 4, <5) ## Resources diff --git a/examples/with_availability_zone/main.tf b/examples/with_availability_zone/main.tf index 39ba6f4..b1ed475 100644 --- a/examples/with_availability_zone/main.tf +++ b/examples/with_availability_zone/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } } } diff --git a/examples/without_availability_zone/README.md b/examples/without_availability_zone/README.md index 3f9f9cd..4f5e625 100644 --- a/examples/without_availability_zone/README.md +++ b/examples/without_availability_zone/README.md @@ -9,7 +9,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } } } @@ -123,7 +123,7 @@ The following requirements are needed by this module: - [terraform](#requirement\_terraform) (>= 1.3.0) -- [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0) +- [azurerm](#requirement\_azurerm) (>= 4, <5) ## Resources diff --git a/examples/without_availability_zone/main.tf b/examples/without_availability_zone/main.tf index 49031ed..f5efc5a 100644 --- a/examples/without_availability_zone/main.tf +++ b/examples/without_availability_zone/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.7.0, < 4.0.0" + version = ">= 4, <5" } } } diff --git a/main.tf b/main.tf index de9d093..e2f7cb8 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,9 @@ module "avm_res_containerregistry_registry" { - for_each = toset(var.acr == null ? [] : ["acr"]) - source = "Azure/avm-res-containerregistry-registry/azurerm" - version = "0.3.1" + for_each = toset(var.acr == null ? [] : ["acr"]) + # point to https://github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry/tree/provider-v4 + source = "github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry?ref=provider-v4" + #source = "Azure/avm-res-containerregistry-registry/azurerm" + #version = "0.3.1" name = var.acr.name location = var.location resource_group_name = var.resource_group_name @@ -60,12 +62,12 @@ resource "azurerm_kubernetes_cluster" "this" { location = var.location name = "aks-${var.name}" resource_group_name = var.resource_group_name - automatic_channel_upgrade = "patch" + automatic_upgrade_channel = "patch" azure_policy_enabled = true dns_prefix = var.name kubernetes_version = var.kubernetes_version local_account_disabled = true - node_os_channel_upgrade = "NodeImage" + node_os_upgrade_channel = "NodeImage" oidc_issuer_enabled = true private_cluster_enabled = true private_dns_zone_id = var.private_dns_zone_id @@ -75,20 +77,20 @@ resource "azurerm_kubernetes_cluster" "this" { workload_identity_enabled = true default_node_pool { - name = "agentpool" - vm_size = "Standard_D4d_v5" - enable_auto_scaling = true - enable_host_encryption = true - max_count = 9 - max_pods = 110 - min_count = 3 - node_labels = var.node_labels - node_taints = var.node_taints - orchestrator_version = var.orchestrator_version - os_sku = var.os_sku - tags = merge(var.tags, var.agents_tags) - vnet_subnet_id = var.network.node_subnet_id - zones = local.default_node_pool_available_zones + name = "agentpool" + vm_size = "Standard_D4d_v5" + auto_scaling_enabled = true + host_encryption_enabled = true + max_count = 9 + max_pods = 110 + min_count = 3 + node_labels = var.node_labels + node_taints = var.node_taints + orchestrator_version = var.orchestrator_version + os_sku = var.os_sku + tags = merge(var.tags, var.agents_tags) + vnet_subnet_id = var.network.node_subnet_id + zones = local.default_node_pool_available_zones upgrade_settings { max_surge = "10%" @@ -100,7 +102,6 @@ resource "azurerm_kubernetes_cluster" "this" { azure_active_directory_role_based_access_control { admin_group_object_ids = var.rbac_aad_admin_group_object_ids azure_rbac_enabled = var.rbac_aad_azure_rbac_enabled - managed = true tenant_id = var.rbac_aad_tenant_id } ## Resources that only support UserAssigned @@ -272,7 +273,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" { kubernetes_cluster_id = azurerm_kubernetes_cluster.this.id name = each.value.name vm_size = each.value.vm_size - enable_auto_scaling = true + auto_scaling_enabled = true max_count = each.value.max_count min_count = each.value.min_count node_labels = each.value.labels diff --git a/terraform.tf b/terraform.tf index 28c91bd..6c25c5a 100644 --- a/terraform.tf +++ b/terraform.tf @@ -7,7 +7,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = ">= 3.86.0, <4.0" + version = ">= 4, <5" } modtm = { source = "Azure/modtm" From b70a9e122228d62c5b3162bfaf0e201ca3ed7c63 Mon Sep 17 00:00:00 2001 From: Saverio Proto Date: Mon, 16 Dec 2024 16:23:05 +0100 Subject: [PATCH 2/4] Revert "add node taints (#132)" This reverts commit 599d6e34de1299a368d1c31d2dfbab1ca118312f. --- README.md | 12 +----------- locals.tf | 1 - main.tf | 2 -- variables.tf | 8 -------- 4 files changed, 1 insertion(+), 22 deletions(-) diff --git a/README.md b/README.md index 9b48a41..4c2b1a4 100644 --- a/README.md +++ b/README.md @@ -225,8 +225,7 @@ map(object({ mode = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`. os\_disk\_size\_gb = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created. tags = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API. - labels = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool. - node\_taints = (Optional) A list of the taints added to new nodes during node pool create and scale. + labels = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool. })) Example input: @@ -268,20 +267,11 @@ map(object({ os_disk_size_gb = optional(number, null) tags = optional(map(string), {}) labels = optional(map(string), {}) - node_taints = optional(list(string), null) })) ``` Default: `{}` -### [node\_taints](#input\_node\_taints) - -Description: (Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created. - -Type: `list(string)` - -Default: `null` - ### [orchestrator\_version](#input\_orchestrator\_version) Description: Specify which Kubernetes release to use. Specify only minor version, such as '1.28'. diff --git a/locals.tf b/locals.tf index db66ec8..16c903c 100644 --- a/locals.tf +++ b/locals.tf @@ -49,7 +49,6 @@ locals { max_count = pool.max_count min_count = pool.min_count labels = pool.labels - node_taints = pool.node_taints os_sku = pool.os_sku mode = pool.mode os_disk_size_gb = pool.os_disk_size_gb diff --git a/main.tf b/main.tf index e2f7cb8..1fbe5e0 100644 --- a/main.tf +++ b/main.tf @@ -85,7 +85,6 @@ resource "azurerm_kubernetes_cluster" "this" { max_pods = 110 min_count = 3 node_labels = var.node_labels - node_taints = var.node_taints orchestrator_version = var.orchestrator_version os_sku = var.os_sku tags = merge(var.tags, var.agents_tags) @@ -277,7 +276,6 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" { max_count = each.value.max_count min_count = each.value.min_count node_labels = each.value.labels - node_taints = each.value.node_taints orchestrator_version = each.value.orchestrator_version os_disk_size_gb = each.value.os_disk_size_gb os_sku = each.value.os_sku diff --git a/variables.tf b/variables.tf index 5cb5091..4a5af26 100644 --- a/variables.tf +++ b/variables.tf @@ -133,7 +133,6 @@ variable "node_pools" { os_disk_size_gb = optional(number, null) tags = optional(map(string), {}) labels = optional(map(string), {}) - node_taints = optional(list(string), null) })) default = {} description = <<-EOT @@ -149,7 +148,6 @@ map(object({ os_disk_size_gb = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created. tags = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API. labels = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool. - node_taints = (Optional) A list of the taints added to new nodes during node pool create and scale. })) Example input: @@ -184,12 +182,6 @@ EOT } } -variable "node_taints" { - type = list(string) - default = null - description = "(Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created." -} - variable "orchestrator_version" { type = string default = null From 5c51a430471a73783f874d1afc371111fcf32cd3 Mon Sep 17 00:00:00 2001 From: Saverio Proto Date: Mon, 16 Dec 2024 16:27:58 +0100 Subject: [PATCH 3/4] Point to main branch of terraform-azurerm-avm-res-containerregistry-registry --- README.md | 4 ++-- main.tf | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4c2b1a4..51307c4 100644 --- a/README.md +++ b/README.md @@ -354,9 +354,9 @@ The following Modules are called: ### [avm\_res\_containerregistry\_registry](#module\_avm\_res\_containerregistry\_registry) -Source: github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry +Source: github.com/Azure/terraform-azurerm-avm-res-containerregistry-registry -Version: provider-v4 +Version: ## Data Collection diff --git a/main.tf b/main.tf index 1fbe5e0..f7bc059 100644 --- a/main.tf +++ b/main.tf @@ -1,9 +1,8 @@ module "avm_res_containerregistry_registry" { for_each = toset(var.acr == null ? [] : ["acr"]) - # point to https://github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry/tree/provider-v4 - source = "github.com/zioproto/terraform-azurerm-avm-res-containerregistry-registry?ref=provider-v4" + source = "github.com/Azure/terraform-azurerm-avm-res-containerregistry-registry" #source = "Azure/avm-res-containerregistry-registry/azurerm" - #version = "0.3.1" + #version = "0.4.0" name = var.acr.name location = var.location resource_group_name = var.resource_group_name From 51918b9b0d32f1f81a79960602b68b687b4c8754 Mon Sep 17 00:00:00 2001 From: Saverio Proto Date: Fri, 20 Dec 2024 12:11:35 +0100 Subject: [PATCH 4/4] Add rbac_aad_tenant_id --- examples/default/README.md | 5 +++++ examples/default/main.tf | 4 ++++ examples/with_availability_zone/README.md | 5 +++++ examples/with_availability_zone/main.tf | 4 ++++ examples/without_availability_zone/README.md | 6 ++++++ examples/without_availability_zone/main.tf | 5 +++++ 6 files changed, 29 insertions(+) diff --git a/examples/default/README.md b/examples/default/README.md index 26099cb..1208373 100644 --- a/examples/default/README.md +++ b/examples/default/README.md @@ -53,6 +53,9 @@ resource "azurerm_resource_group" "this" { name = module.naming.resource_group.name_unique } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -66,6 +69,7 @@ module "test" { location = azurerm_resource_group.this.location private_dns_zone_id = azurerm_private_dns_zone.mydomain.id private_dns_zone_id_enabled = true + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id network = { name = module.avm_res_network_virtualnetwork.name resource_group_name = azurerm_resource_group.this.name @@ -129,6 +133,7 @@ The following resources are used by this module: - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource) - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource) +- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source) ## Required Inputs diff --git a/examples/default/main.tf b/examples/default/main.tf index 026d784..730c94b 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -47,6 +47,9 @@ resource "azurerm_resource_group" "this" { name = module.naming.resource_group.name_unique } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -60,6 +63,7 @@ module "test" { location = azurerm_resource_group.this.location private_dns_zone_id = azurerm_private_dns_zone.mydomain.id private_dns_zone_id_enabled = true + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id network = { name = module.avm_res_network_virtualnetwork.name resource_group_name = azurerm_resource_group.this.name diff --git a/examples/with_availability_zone/README.md b/examples/with_availability_zone/README.md index e4c5120..e0ffd3f 100644 --- a/examples/with_availability_zone/README.md +++ b/examples/with_availability_zone/README.md @@ -41,6 +41,9 @@ resource "azurerm_user_assigned_identity" "this" { resource_group_name = azurerm_resource_group.this.name } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -67,6 +70,7 @@ module "test" { azurerm_user_assigned_identity.this.id ] } + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id location = "East US 2" # Hardcoded because we have to test in a region with availability zones node_pools = { @@ -136,6 +140,7 @@ The following resources are used by this module: - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource) - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) - [azurerm_user_assigned_identity.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource) +- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source) ## Required Inputs diff --git a/examples/with_availability_zone/main.tf b/examples/with_availability_zone/main.tf index b1ed475..ab80169 100644 --- a/examples/with_availability_zone/main.tf +++ b/examples/with_availability_zone/main.tf @@ -35,6 +35,9 @@ resource "azurerm_user_assigned_identity" "this" { resource_group_name = azurerm_resource_group.this.name } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -61,6 +64,7 @@ module "test" { azurerm_user_assigned_identity.this.id ] } + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id location = "East US 2" # Hardcoded because we have to test in a region with availability zones node_pools = { diff --git a/examples/without_availability_zone/README.md b/examples/without_availability_zone/README.md index 4f5e625..427faad 100644 --- a/examples/without_availability_zone/README.md +++ b/examples/without_availability_zone/README.md @@ -40,6 +40,9 @@ resource "azurerm_user_assigned_identity" "this" { resource_group_name = azurerm_resource_group.this.name } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -67,6 +70,8 @@ module "test" { ] } + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id + location = "West US" # Hardcoded because we have to test in a region without availability zones node_pools = { workload = { @@ -132,6 +137,7 @@ The following resources are used by this module: - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource) - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource) - [azurerm_user_assigned_identity.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource) +- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source) ## Required Inputs diff --git a/examples/without_availability_zone/main.tf b/examples/without_availability_zone/main.tf index f5efc5a..a50f509 100644 --- a/examples/without_availability_zone/main.tf +++ b/examples/without_availability_zone/main.tf @@ -34,6 +34,9 @@ resource "azurerm_user_assigned_identity" "this" { resource_group_name = azurerm_resource_group.this.name } +# Datasource of current tenant ID +data "azurerm_client_config" "current" {} + # This is the module call # Do not specify location here due to the randomization above. # Leaving location as `null` will cause the module to use the resource group location @@ -61,6 +64,8 @@ module "test" { ] } + rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id + location = "West US" # Hardcoded because we have to test in a region without availability zones node_pools = { workload = {