From 3ad7202265d55a38f6f30ba7da7a95c30979e93c Mon Sep 17 00:00:00 2001
From: Diego Lagos <92735530+diegolagospagopa@users.noreply.github.com>
Date: Mon, 5 Aug 2024 10:11:13 +0200
Subject: [PATCH] feat: AKS added cilium network (#132)
* updated modules
* added cilium as aks network
* upgrated aks provider
* pre-commit fixs
* upated modules
* pre-commit fix
---
src/aks-platform/.terraform.lock.hcl | 56 +++++++--------------------
src/aks-platform/02_aks_0.tf | 8 ++--
src/aks-platform/02_aks_storage.tf | 2 +-
src/aks-platform/03_aks_middleware.tf | 4 +-
src/aks-platform/05_argocd.tf | 4 +-
src/aks-platform/05_keda.tf | 2 +-
src/aks-platform/99_main.tf | 2 +-
src/aks-platform/README.md | 12 +++---
src/packer/01_azure_devops_agent.tf | 2 +-
src/packer/02_dns_forwarder.tf | 2 +-
src/packer/README.md | 4 +-
11 files changed, 36 insertions(+), 62 deletions(-)
diff --git a/src/aks-platform/.terraform.lock.hcl b/src/aks-platform/.terraform.lock.hcl
index 74bb223..100caea 100644
--- a/src/aks-platform/.terraform.lock.hcl
+++ b/src/aks-platform/.terraform.lock.hcl
@@ -5,11 +5,7 @@ provider "registry.terraform.io/alekc/kubectl" {
version = "2.0.4"
constraints = "<= 2.0.4"
hashes = [
- "h1:1Ence3VDSQ7BNO+IFD6QoGBiBf6rJgCbygkATSdjcTA=",
- "h1:6xRO3WlBsOTbeJ90QFjxGbc4BjnoGdEaeSCdWI/B1jU=",
"h1:TUeUq1UdVkHTxcgq7CJWWXBrc8VEQTufmgU18qDmfGE=",
- "h1:V9WCWj18ygdOE0h4AycrJd9MtKG1W3RzGP636LfCgEo=",
- "h1:mCz0lOwNsFCZEcFf7DBSe6b4hZgn5piiy0mZDwRGUIU=",
"zh:15c227886bac78c8b8827f85595648212574ec81febc39e1055e1a6bf048fe65",
"zh:2211ebeeb0918dbb3587d206e32adca9e1f343a93bbffcd37d8d99bf4d8dea9a",
"zh:2303836cdea12ece8dbe39c2d7d30a9378fd06e9c2ebda66cbe5e01cc096ee2e",
@@ -31,11 +27,7 @@ provider "registry.terraform.io/hashicorp/azuread" {
version = "2.50.0"
constraints = "<= 2.50.0"
hashes = [
- "h1:/G7xnO8J6f2WvVXBfd111XeKjKsw2t9Oj7WkDLu4Ygc=",
"h1:9hS4fOOfMoJ769IJEmRuVbYzBPPo4TNVVCEk04Pqn14=",
- "h1:W+Td5+YZWw9o2PnF74Eh6NkdapCg+YHSAKpJAOjhi3Q=",
- "h1:bP4M0Qxdulv3kzTkFRDeGAnlzHbL0BO/phBgxNjnyLg=",
- "h1:x16O7bL2KRrR0tXS877tlkySNUjlBM/vyO6q3433iFs=",
"zh:0eb91d177d1d868dc50c006f07fb17905318555c5c7ff56ba5a8a623415e9342",
"zh:1baabaca448f4cab0cb31cbb1b564d1849a13ca4a6536d1a6f92097b88cd883d",
"zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
@@ -52,26 +44,22 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.105.0"
- constraints = "~> 3.30, <= 3.105.0"
+ version = "3.114.0"
+ constraints = "~> 3.30, ~> 3.100, <= 3.114.0"
hashes = [
- "h1:MK83TecMdabDD+HjbxdTt3emXp8G6djLj7KvvUGstM0=",
- "h1:OtWRTAMNOruOmwVB72QSGXC5IIGGQcHwEqnCCmsGbGM=",
- "h1:SOC7EdvKd5YowghQvb6hu209F1PQqtb8LulbQkxOZQQ=",
- "h1:tEDW5rEALglcH1JRy31z6AzDULECYrAZOD24B4mqry8=",
- "h1:zWkzhP2fx0WQIAUp6Amk/We3WNcbtiWagpKF5PJP5+M=",
- "zh:2f81bca6a3bf3d37604bf99fdb2c77d6118520aa379ab65fd28e6b76bed399cd",
- "zh:3578eb79d175af9544b0dc543124d551c0fed4c48f51773ee17e1dc62e22833a",
- "zh:377dbb56caea3fa1e6a6599193b55c8594204c40c054fc2ace4f576fdfe750a2",
- "zh:3d1cf01929cb213ff9a0f9753e35699bf13f60f7f0f15b38f1b216fa2cbb5f72",
- "zh:481376d79224a0e4aebc6e39dee10de3cc14efd1c7c58b6d74c538e356cf4bb2",
- "zh:625119aec0d24ff693c589d802b7983ffce3fcf1e9c3351396af02799dd176ca",
- "zh:65981e62a6e9eb8a39dd332632617e8c929dcce6af48d3829f590f5c0f14362f",
- "zh:72db82697f4e694c21defa8d0efb22f71d373676d078d71d567e8b4d9a134df7",
- "zh:a0fa43cf78716ff98eccd7506b017c5c487034d9d9cce88c1accdba9314a4822",
- "zh:b073f60b68b0102128815251dd895ec7f24bddec84a1b725fc0777de8a78dc7e",
- "zh:b601e509eb9735756b6b7ccacc15d6333769a7bb2f8ac8c394e39b29cfc6ee55",
+ "h1:sP1K3rtDj2pVQqBBn50rOXe+QPFBAKRbI2uExOxnh3M=",
+ "zh:016b6f4662d1cfcddbe968624e899c1a20c6df0ed5014cdeed19c3e945ea80ee",
+ "zh:08448eeaaa9e9e84a2887282f9524faa2bb000fbdfcdac610c088a74e36e6911",
+ "zh:17975bb18d0ad3e2530261773e4fbfae078bfc4db4e0a5458b823b3ec79642e1",
+ "zh:3030ad1b13fe487ce791c851c6b5f3035af08f60b335d7be5ce6ce76af43062f",
+ "zh:68b2914edae1049506aab9f2c11c5b2b2c8d01aa3e0ad53e07ce75ae58906a45",
+ "zh:cffa9af324a0c621317b6d33f80a28159d01706846877d5784d37dad76635d78",
+ "zh:d36d44617b890a8a6d404a016c10428c3393e072d484addfb56334183893998b",
+ "zh:d5c217d7a24b32b18cb9ad47544050c5ec9e6b40ce3f34ff37be5e2d232b4dad",
+ "zh:d5cd83a9701a9bcd17bbd86beb5accdc6c487fcfa472b868bc581e4d5b67d59d",
+ "zh:f4ba0bd65d9a10f8185e163217e10e5fa91e386c68e6773c188881b088315477",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:f807554e5e08e38e6526e363641219e89ad9eda0b24ec09f25e61c74eece2490",
]
}
@@ -79,11 +67,7 @@ provider "registry.terraform.io/hashicorp/helm" {
version = "2.14.0"
constraints = ">= 2.0.0, ~> 2.12, <= 2.14.0"
hashes = [
- "h1:2SNS+3NDQsl1uwoOK4TLofszyg2hzGr/j0Dosc3bBS8=",
- "h1:8Vt9264v3UE6mHLRG8yiteVl5h8ZSTkJXf1xdVLa7GA=",
"h1:K8aRZTK4Eq2RacrcCviWaxDlHmeUi+M4vmBFoKAk/O0=",
- "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=",
- "h1:QHpOJbeU6V8Qt6YFRWkQ7/kttJu8cN3egyG7TImZEKw=",
"zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575",
"zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7",
"zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106",
@@ -103,11 +87,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.31.0"
constraints = "~> 2.27, <= 2.31.0"
hashes = [
- "h1:+KpzTrSzd864Fd6+qAQl4cu0/x9N5TqgLAxvyyLSp88=",
"h1:G8S89g+vfZOgJGbOpSKIQXrp+jIvTwapc89pMVsUo3s=",
- "h1:WHHHlt0hm+I7edol7FQJzHiaQHoGr800dtpXrR9QJVc=",
- "h1:ZlKkkHJrjF4AiMueI2yA+abBc1c37cfwjyxURdLKhEw=",
- "h1:wGHbATbv/pBVTST1MtEn0zyVhZbzZJD2NYq2EddASHY=",
"zh:0d16b861edb2c021b3e9d759b8911ce4cf6d531320e5dc9457e2ea64d8c54ecd",
"zh:1bad69ed535a5f32dec70561eb481c432273b81045d788eb8b37f2e4a322cc40",
"zh:43c58e3912fcd5bb346b5cb89f31061508a9be3ca7dd4cd8169c066203bcdfb3",
@@ -127,11 +107,7 @@ provider "registry.terraform.io/hashicorp/local" {
version = "2.4.0"
constraints = "<= 2.4.0"
hashes = [
- "h1:7RnIbO3CFakblTJs7o0mUiY44dc9xGYsLhSNFSNS1Ds=",
"h1:Bs7LAkV/iQTLv72j+cTMrvx2U3KyXrcVHaGbdns1NcE=",
- "h1:OMqURhlP2IgLEgUCzSlaKXyb/IbnKForgDSjZF/NY4Y=",
- "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
- "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=",
"zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
"zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
"zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
@@ -151,11 +127,7 @@ provider "registry.terraform.io/hashicorp/null" {
version = "3.2.2"
constraints = "~> 3.2"
hashes = [
- "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=",
- "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
- "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=",
"h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
- "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=",
"zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
"zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
"zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
diff --git a/src/aks-platform/02_aks_0.tf b/src/aks-platform/02_aks_0.tf
index d5777b1..34b8f22 100644
--- a/src/aks-platform/02_aks_0.tf
+++ b/src/aks-platform/02_aks_0.tf
@@ -14,7 +14,7 @@ resource "azurerm_resource_group" "rg_aks_backup" {
module "aks" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.21.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.35.0"
name = local.aks_cluster_name
resource_group_name = azurerm_resource_group.rg_aks.name
@@ -51,7 +51,8 @@ module "aks" {
dns_service_ip = "10.0.0.10"
network_plugin = "azure"
network_plugin_mode = "overlay"
- network_policy = "azure"
+ network_policy = "cilium"
+ network_data_plane = "cilium"
outbound_type = "loadBalancer"
service_cidr = "10.0.0.0/16"
}
@@ -118,7 +119,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_nodepool_default" {
enable_node_public_ip = false
upgrade_settings {
- max_surge = var.aks_user_node_pool.upgrade_settings_max_surge
+ max_surge = var.aks_user_node_pool.upgrade_settings_max_surge
+ drain_timeout_in_minutes = 30
}
tags = merge(var.tags, var.aks_user_node_pool.node_tags)
diff --git a/src/aks-platform/02_aks_storage.tf b/src/aks-platform/02_aks_storage.tf
index 87694ee..c000f44 100644
--- a/src/aks-platform/02_aks_storage.tf
+++ b/src/aks-platform/02_aks_storage.tf
@@ -1,5 +1,5 @@
module "aks_storage_class" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class?ref=v8.21.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class?ref=v8.34.0"
depends_on = [module.aks]
}
diff --git a/src/aks-platform/03_aks_middleware.tf b/src/aks-platform/03_aks_middleware.tf
index 00cbb3c..87a3190 100644
--- a/src/aks-platform/03_aks_middleware.tf
+++ b/src/aks-platform/03_aks_middleware.tf
@@ -1,5 +1,5 @@
# module "velero" {
-# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=v8.21.0"
+# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=v8.34.0"
# count = var.aks_enabled ? 1 : 0
# backup_storage_container_name = "velero-backup"
# subscription_id = data.azurerm_subscription.current.subscription_id
@@ -20,7 +20,7 @@
# }
#
# module "aks_namespace_backup" {
-# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=v8.21.0"
+# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=v8.34.0"
# count = var.aks_enabled ? 1 : 0
# # required
# backup_name = "daily-backup"
diff --git a/src/aks-platform/05_argocd.tf b/src/aks-platform/05_argocd.tf
index 283089b..387ed1c 100644
--- a/src/aks-platform/05_argocd.tf
+++ b/src/aks-platform/05_argocd.tf
@@ -60,7 +60,7 @@ resource "azurerm_key_vault_secret" "argocd_admin_username" {
#
module "argocd_pod_identity" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.21.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.34.0"
cluster_name = module.aks.name
resource_group_name = azurerm_resource_group.rg_aks.name
@@ -89,7 +89,7 @@ resource "helm_release" "reloader_argocd" {
}
module "cert_mounter_argocd_internal" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.21.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.34.0"
namespace = "argocd"
certificate_name = replace(local.argocd_internal_url, ".", "-")
kv_name = data.azurerm_key_vault.kv_core_ita.name
diff --git a/src/aks-platform/05_keda.tf b/src/aks-platform/05_keda.tf
index b496303..cdb88b0 100644
--- a/src/aks-platform/05_keda.tf
+++ b/src/aks-platform/05_keda.tf
@@ -13,7 +13,7 @@ locals {
}
module "keda_pod_identity" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.21.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.34.0"
resource_group_name = azurerm_resource_group.rg_aks.name
location = var.location
diff --git a/src/aks-platform/99_main.tf b/src/aks-platform/99_main.tf
index 59ea122..0b551d9 100644
--- a/src/aks-platform/99_main.tf
+++ b/src/aks-platform/99_main.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "<= 3.105.0"
+ version = "<= 3.114.0"
}
azuread = {
source = "hashicorp/azuread"
diff --git a/src/aks-platform/README.md b/src/aks-platform/README.md
index 31fcd48..6e193c0 100644
--- a/src/aks-platform/README.md
+++ b/src/aks-platform/README.md
@@ -30,7 +30,7 @@ Re-enable all the resource, commented before to complete the procedure
|------|---------|
| [terraform](#requirement\_terraform) | >=1.8.0 |
| [azuread](#requirement\_azuread) | <= 2.50.0 |
-| [azurerm](#requirement\_azurerm) | <= 3.105.0 |
+| [azurerm](#requirement\_azurerm) | <= 3.114.0 |
| [helm](#requirement\_helm) | <= 2.14.0 |
| [kubectl](#requirement\_kubectl) | <= 2.0.4 |
| [kubernetes](#requirement\_kubernetes) | <= 2.31.0 |
@@ -40,12 +40,12 @@ Re-enable all the resource, commented before to complete the procedure
| Name | Source | Version |
|------|--------|---------|
-| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.21.0 |
+| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.35.0 |
| [aks\_prometheus\_install](#module\_aks\_prometheus\_install) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_install | v8.34.0 |
-| [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.21.0 |
-| [argocd\_pod\_identity](#module\_argocd\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.21.0 |
-| [cert\_mounter\_argocd\_internal](#module\_cert\_mounter\_argocd\_internal) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.21.0 |
-| [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.21.0 |
+| [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.34.0 |
+| [argocd\_pod\_identity](#module\_argocd\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.34.0 |
+| [cert\_mounter\_argocd\_internal](#module\_cert\_mounter\_argocd\_internal) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.34.0 |
+| [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.34.0 |
| [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
## Resources
diff --git a/src/packer/01_azure_devops_agent.tf b/src/packer/01_azure_devops_agent.tf
index 1240b54..6b0df21 100644
--- a/src/packer/01_azure_devops_agent.tf
+++ b/src/packer/01_azure_devops_agent.tf
@@ -3,7 +3,7 @@ data "azurerm_resource_group" "resource_group" {
}
module "azdoa_custom_image" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=update-azdo-image"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v8.34.0"
resource_group_name = data.azurerm_resource_group.resource_group.name
location = var.location
image_name = "azdo-agent-ubuntu2204-image"
diff --git a/src/packer/02_dns_forwarder.tf b/src/packer/02_dns_forwarder.tf
index db584e9..4cf54ee 100644
--- a/src/packer/02_dns_forwarder.tf
+++ b/src/packer/02_dns_forwarder.tf
@@ -1,5 +1,5 @@
module "dns_forwarder_image" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=update-azdo-image"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=v8.34.0"
resource_group_name = data.azurerm_resource_group.rg_vnet_ita.name
location = var.location
image_name = "${local.project}-dns-forwarder-ubuntu2204-image"
diff --git a/src/packer/README.md b/src/packer/README.md
index 329f0cb..46cee0b 100644
--- a/src/packer/README.md
+++ b/src/packer/README.md
@@ -13,8 +13,8 @@
| Name | Source | Version |
|------|--------|---------|
-| [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | update-azdo-image |
-| [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | update-azdo-image |
+| [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | v8.34.0 |
+| [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | v8.34.0 |
## Resources