diff --git a/.circleci/config.yml b/.circleci/config.yml index 35461ba..70b43d8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,49 +1,55 @@ version: 2.1 -orbs: - terraform: circleci/terraform@3.0.1 jobs: terraform-cycle: - executor: terraform/default + docker: + - image: "cimg/base:stable" steps: - checkout + - setup_remote_docker: + version: 20.10.7 - run: name: Create .terraformrc file locally command: >- echo "credentials \"app.terraform.io\" {token = \"$TERRAFORM_TOKEN\"}" > $HOME/.terraformrc - - run: + - run: + name: Install Terraform cli + command: | + wget https://releases.hashicorp.com/terraform/1.4.2/terraform_1.4.2_linux_386.zip + unzip terraform_1.4.2_linux_386.zip + sudo mv terraform /usr/local/bin + - run: name: Terraform cycle command: | cd aws/terraform-aws - terraform init -upgrade - terraform validate + terraform init terraform plan cd ../../azure/terraform-azure - terraform init -upgrade - terraform validate + terraform init terraform plan - working_directory: ~/src + working_directory: ~/project build-publish: docker: - - image: 'cimg/base:stable' + - image: "cimg/base:stable" auth: username: $DOCKER_USERNAME password: $DOCKER_PASSWORD + environment: + TAG: 0.1.<< pipeline.number >> steps: - checkout - setup_remote_docker: - version: 20.10.7 + version: 20.10.7 - run: - name: Build geekzone/infra image + name: Build geekzone/infra image command: | - docker build -t geekzone/infra . + docker build -t geekzone/infra:$TAG . - deploy: name: Push geekzone/infra image to Docker Hub command: | docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - docker push geekzone/infra - + docker push geekzone/infra:$TAG workflows: main-infra: @@ -51,14 +57,12 @@ workflows: - terraform-cycle: filters: branches: - ignore: - - /junk-.*/ + ignore: + - /junk-.*/ - build-publish: requires: - - terraform-cycle + - terraform-cycle filters: branches: - ignore: - - /junk-.*/ - - + ignore: + - /junk-.*/ diff --git a/aws/k8s/external-dns/external-dns.yaml b/aws/k8s/external-dns/external-dns.yaml index 62ef296..ce3efbc 100644 --- a/aws/k8s/external-dns/external-dns.yaml +++ b/aws/k8s/external-dns/external-dns.yaml @@ -9,15 +9,15 @@ kind: ClusterRole metadata: name: external-dns rules: -- apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] -- apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["services", "endpoints", "pods"] + verbs: ["get", "watch", "list"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -28,9 +28,9 @@ roleRef: kind: ClusterRole name: external-dns subjects: -- kind: ServiceAccount - name: external-dns - namespace: external-dns + - kind: ServiceAccount + name: external-dns + namespace: external-dns --- apiVersion: apps/v1 kind: Deployment @@ -50,14 +50,14 @@ spec: spec: serviceAccountName: external-dns containers: - - name: external-dns - image: k8s.gcr.io/external-dns/external-dns:v0.7.6 - args: - - --source=ingress # service is also possible - - --domain-filter=geek.zone # (optional) limit to only example.com domains; change to match the zone created above. - - --zone-id-filter=0a6922d1395d374729870d071e623aa0 # (optional) limit to a specific zone. - - --provider=cloudflare - - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) - envFrom: - - secretRef: - name: external-dns-secrets \ No newline at end of file + - name: external-dns + image: registry.k8s.io/external-dns/external-dns:v0.13.5 + args: + - --source=ingress # service is also possible + - --domain-filter=geek.zone # (optional) limit to only example.com domains; change to match the zone created above. + - --zone-id-filter=0a6922d1395d374729870d071e623aa0 # (optional) limit to a specific zone. + - --provider=cloudflare + - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) + envFrom: + - secretRef: + name: external-dns-secrets diff --git a/azure/k8s/external-dns/external-dns.yaml b/azure/k8s/external-dns/external-dns.yaml index 62ef296..ce3efbc 100644 --- a/azure/k8s/external-dns/external-dns.yaml +++ b/azure/k8s/external-dns/external-dns.yaml @@ -9,15 +9,15 @@ kind: ClusterRole metadata: name: external-dns rules: -- apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] -- apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["services", "endpoints", "pods"] + verbs: ["get", "watch", "list"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -28,9 +28,9 @@ roleRef: kind: ClusterRole name: external-dns subjects: -- kind: ServiceAccount - name: external-dns - namespace: external-dns + - kind: ServiceAccount + name: external-dns + namespace: external-dns --- apiVersion: apps/v1 kind: Deployment @@ -50,14 +50,14 @@ spec: spec: serviceAccountName: external-dns containers: - - name: external-dns - image: k8s.gcr.io/external-dns/external-dns:v0.7.6 - args: - - --source=ingress # service is also possible - - --domain-filter=geek.zone # (optional) limit to only example.com domains; change to match the zone created above. - - --zone-id-filter=0a6922d1395d374729870d071e623aa0 # (optional) limit to a specific zone. - - --provider=cloudflare - - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) - envFrom: - - secretRef: - name: external-dns-secrets \ No newline at end of file + - name: external-dns + image: registry.k8s.io/external-dns/external-dns:v0.13.5 + args: + - --source=ingress # service is also possible + - --domain-filter=geek.zone # (optional) limit to only example.com domains; change to match the zone created above. + - --zone-id-filter=0a6922d1395d374729870d071e623aa0 # (optional) limit to a specific zone. + - --provider=cloudflare + - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) + envFrom: + - secretRef: + name: external-dns-secrets diff --git a/azure/k8s/test-environment/deploy-test.yaml b/azure/k8s/test-environment/deploy-test.yaml index fefaa42..c6015ec 100644 --- a/azure/k8s/test-environment/deploy-test.yaml +++ b/azure/k8s/test-environment/deploy-test.yaml @@ -78,55 +78,55 @@ spec: app: gz-web spec: initContainers: - - name: wait-for-migration - image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} - command: ['python3', 'manage.py', 'migrate'] - envFrom: - - secretRef: - name: testing-secrets - - name: wait-for-database - image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} - command: ['python3', 'manage.py', 'wait_for_database'] - envFrom: - - secretRef: - name: testing-secrets + - name: wait-for-migration + image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} + command: ["python3", "manage.py", "migrate"] + envFrom: + - secretRef: + name: testing-secrets + - name: wait-for-database + image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} + command: ["python3", "manage.py", "wait_for_database"] + envFrom: + - secretRef: + name: testing-secrets containers: - - name: django-backend - image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} - envFrom: - - secretRef: - name: dynamic-secrets - - secretRef: - name: testing-secrets - resources: - limits: - memory: "100Mi" - cpu: 50m - requests: - memory: "50Mi" - cpu: 30m - - name: frontend-proxy - image: geekzone/frontend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} - ports: - - containerPort: 8080 - protocol: TCP - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 15 - periodSeconds: 20 - resources: - limits: - memory: "50Mi" - cpu: 50m - requests: - memory: "30Mi" - cpu: 30m + - name: django-backend + image: geekzone/backend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} + envFrom: + - secretRef: + name: dynamic-secrets + - secretRef: + name: testing-secrets + resources: + limits: + memory: "100Mi" + cpu: 50m + requests: + memory: "50Mi" + cpu: 30m + - name: frontend-proxy + image: geekzone/frontend:0.1.${CIRCLE_PREVIOUS_BUILD_NUM} + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + limits: + memory: "50Mi" + cpu: 50m + requests: + memory: "30Mi" + cpu: 30m --- apiVersion: v1 @@ -142,8 +142,8 @@ spec: selector: app: gz-web ports: - - port: 80 - targetPort: 8080 + - port: 80 + targetPort: 8080 --- apiVersion: networking.k8s.io/v1 @@ -152,22 +152,22 @@ metadata: name: ingress-gz-web namespace: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME} annotations: - nginx.ingress.kubernetes.io/app-root: /memberships/register + nginx.ingress.kubernetes.io/app-root: /memberships/register spec: tls: - - hosts: - - "${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}-test.geek.zone" - rules: - - host: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}-test.geek.zone - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: test-gz-web - port: - number: 80 + - hosts: + - "${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}-test.geek.zone" + rules: + - host: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}-test.geek.zone + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: test-gz-web + port: + number: 80 ingressClassName: nginx --- @@ -185,7 +185,7 @@ spec: template: metadata: labels: - name: postgres + name: postgres spec: containers: - name: postgres @@ -193,8 +193,8 @@ spec: ports: - containerPort: 5432 envFrom: - - secretRef: - name: testing-postgres-secrets + - secretRef: + name: testing-postgres-secrets volumeMounts: - name: data mountPath: /var/lib/postgresql @@ -235,14 +235,14 @@ metadata: name: delete-ns namespace: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME} rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - watch - - delete + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - watch + - delete --- apiVersion: rbac.authorization.k8s.io/v1 @@ -255,26 +255,32 @@ roleRef: kind: Role name: delete-ns subjects: -- kind: ServiceAccount - name: delete-ns - namespace: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME} + - kind: ServiceAccount + name: delete-ns + namespace: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME} --- apiVersion: batch/v1 kind: CronJob metadata: - name: delete-ns + name: delete-ns namespace: ${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME} spec: - schedule: "0/55 * * * *" + schedule: "0 */3 * * *" jobTemplate: spec: template: spec: - serviceAccountName: delete-ns + serviceAccountName: delete-ns containers: - - name: delete-ns - image: geekzone/infra - imagePullPolicy: IfNotPresent - command: ["kubectl", "delete", "ns", "${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}"] - restartPolicy: OnFailure \ No newline at end of file + - name: delete-ns + image: geekzone/infra + imagePullPolicy: IfNotPresent + command: + [ + "kubectl", + "delete", + "ns", + "${PR_NUMBER}-${CIRCLE_PROJECT_REPONAME}", + ] + restartPolicy: OnFailure diff --git a/azure/terraform-azure/.terraform.lock.hcl b/azure/terraform-azure/.terraform.lock.hcl index 73a2a0f..22da1da 100644 --- a/azure/terraform-azure/.terraform.lock.hcl +++ b/azure/terraform-azure/.terraform.lock.hcl @@ -1,59 +1,82 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/azure/azapi" { + version = "1.9.0" + constraints = ">= 1.4.0, < 2.0.0" + hashes = [ + "h1:zaLH2Owmj61RX2G1Cy6VDy8Ttfzx+lDsSCyiu5cXkm4=", + "zh:349569471fbf387feaaf8b88da1690669e201147c342f905e5eb03df42b3cf87", + "zh:54346d5fb78cbad3eb7cfd96e1dd7ce4f78666cabaaccfec6ee9437476330018", + "zh:64b799da915ea3a9a58ac7a926c6a31c59fd0d911687804d8e815eda88c5580b", + "zh:9336ed9e112555e0fda8af6be9ba21478e30117d79ba662233311d9560d2b7c6", + "zh:a8aace9897b28ea0b2dbd7a3be3df033e158af40412c9c7670be0956f216ed7e", + "zh:ab23df7de700d9e785009a4ca9ceb38ae1ab894a13f5788847f15d018556f415", + "zh:b4f13f0b13560a67d427c71c85246f8920f98987120341830071df4535842053", + "zh:e58377bf36d8a14d28178a002657865ee17446182dac03525fd43435e41a1b5c", + "zh:ea5db4acc6413fd0fe6b35981e58cdc9850f5f3118031cc3d2581de511aee6aa", + "zh:f0b32c06c6bd4e4af2c02a62be07b947766aeeb09289a03f21aba16c2fd3c60f", + "zh:f1518e766a90c257d7eb36d360dafaf311593a4a9352ff8db0bcfe0ed8cf45ae", + "zh:fa89e84cff0776b5b61ff27049b1d8ed52040bd58c81c4628890d644a6fb2989", + ] +} + provider "registry.terraform.io/hashicorp/azurerm" { - version = "2.99.0" - constraints = "~> 2.46" + version = "3.74.0" + constraints = ">= 3.69.0, < 4.0.0" hashes = [ - "h1:FXBB5TkvZpZA+ZRtofPvp5IHZpz4Atw7w9J8GDgMhvk=", - "zh:08d81e72e97351538ab4d15548942217bf0c4d3b79ad3f4c95d8f07f902d2fa6", - "zh:11fdfa4f42d6b6f01371f336fea56f28a1db9e7b490c5ca0b352f6bbca5a27f1", - "zh:12376e2c4b56b76098d5d713d1a4e07e748a926c4d165f0bd6f52157b1f7a7e9", - "zh:31f1cb5b88ed1307625050e3ee7dd9948773f522a3f3bf179195d607de843ea3", - "zh:767971161405d38412662a73ea40a422125cdc214c72fbc569bcfbea6e66c366", - "zh:973c402c3728b68c980ea537319b703c009b902a981b0067fbc64e04a90e434c", - "zh:9ec62a4f82ec1e92bceeff80dd8783f61de0a94665c133f7c7a7a68bda9cdbd6", - "zh:bbb3b7e1229c531c4634338e4fc81b28bce58312eb843a931a4420abe42d5b7e", - "zh:cbbe02cd410d21476b3a081b5fa74b4f1b3d9d79b00214009028d60e859c19a3", - "zh:cc00ecc7617a55543b60a0da1196ea92df48c399bcadbedf04c783e3d47c6e08", - "zh:eecb9fd0e7509c7fd4763e546ef0933f125770cbab2b46152416e23d5ec9dd53", + "h1:ETVZfmulZQ435+lgFCkZRpfVOLyAxfDOwbPXFg3aLLQ=", + "zh:0424c70152f949da1ec52ba96d20e5fd32fd22d9bd9203ce045d5f6aab3d20fc", + "zh:16dbf581d10f8e7937185bcdcceb4f91d08c919e452fb8da7580071288c8c397", + "zh:3019103bc2c3b4e185f5c65696c349697644c968f5c085af5505fed6d01c4241", + "zh:49bb56ebaed6653fdb913c2b2bb74fc8b5399e7258d1e89084f72c44ea1130dd", + "zh:85547666517f899d88620bd23a000a8f43c7dc93587c350eb1ea17bcb3e645c7", + "zh:8bed8b646ff1822d8764de68b56b71e5dd971a4b77eba80d47f400a530800bea", + "zh:8bfa6c70c004ba05ebce47f74f49ce872c28a68a18bb71b281a9681bcbbdbfa1", + "zh:a2ae9e38fda0695fb8aa810e4f1ce4b104bfda651a87923b307bb1728680d8b6", + "zh:beac1efe32f99072c892095f5ff46e40d6852b66679a03bc3acbe1b90fb1f653", + "zh:d8a6ca20e49ebe7ea5688d91233d571e2c2ccc3e41000c39a7d7031df209ea8e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f937b5fdf49b072c0347408d0a1c5a5d822dae1a23252915930e5a82d1d8ce8b", ] } -provider "registry.terraform.io/hashicorp/local" { - version = "2.2.2" +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = ">= 3.0.0" hashes = [ - "h1:5UYW2wJ320IggrzLt8tLD6MowePqycWtH1b2RInHZkE=", - "zh:027e4873c69da214e2fed131666d5de92089732a11d096b68257da54d30b6f9d", - "zh:0ba2216e16cfb72538d76a4c4945b4567a76f7edbfef926b1c5a08d7bba2a043", - "zh:1fee8f6aae1833c27caa96e156cf99a681b6f085e476d7e1b77d285e21d182c1", - "zh:2e8a3e72e877003df1c390a231e0d8e827eba9f788606e643f8e061218750360", - "zh:719008f9e262aa1523a6f9132adbe9eee93c648c2981f8359ce41a40e6425433", + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9a70fdbe6ef955c4919a4519caca116f34c19c7ddedd77990fbe4f80fe66dc84", - "zh:abc412423d670cbb6264827fa80e1ffdc4a74aff3f19ba6a239dd87b85b15bec", - "zh:ae953a62c94d2a2a0822e5717fafc54e454af57bd6ed02cd301b9786765c1dd3", - "zh:be0910bdf46698560f9e86f51a4ff795c62c02f8dc82b2b1dab77a0b3a93f61e", - "zh:e58f9083b7971919b95f553227adaa7abe864fce976f0166cf4d65fc17257ff2", - "zh:ff4f77cbdbb22cc98182821c7ef84dce16298ab0e997d5c7fae97247f7a4bcb0", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", ] } provider "registry.terraform.io/hashicorp/tls" { - version = "3.3.0" + version = "4.0.4" + constraints = ">= 3.1.0" hashes = [ - "h1:xx/b39Q9FVZSlDc97rlDmQ9dNaaxFFyVzP9kV+47z28=", - "zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561", - "zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743", - "zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a", - "zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86", - "zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1", - "zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f", - "zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2", - "zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b", - "zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295", - "zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99", + "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", + "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", + "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", + "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", + "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", + "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", + "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", + "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", + "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", + "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", + "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", + "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/azure/terraform-azure/main.tf b/azure/terraform-azure/main.tf index 248b068..3435146 100644 --- a/azure/terraform-azure/main.tf +++ b/azure/terraform-azure/main.tf @@ -1,19 +1,18 @@ terraform { - backend "remote" { - hostname = "app.terraform.io" + cloud { organization = "geekzone" - + hostname = "app.terraform.io" # Optional; defaults to app.terraform.io workspaces { - name = "dev-azure" + name = "Azure" } } } provider "azurerm" { - subscription_id = var.subscription_id - client_id = var.client_id - client_secret = var.client_secret - tenant_id = var.tenant_id + subscription_id = var.ARM_SUBSCRIPTION_ID + client_id = var.ARM_CLIENT_ID + client_secret = var.ARM_CLIENT_SECRET + tenant_id = var.ARM_TENANT_ID features {} } @@ -78,48 +77,47 @@ resource "azurerm_subnet" "endpoint" { virtual_network_name = azurerm_virtual_network.geekzone.name address_prefixes = ["10.10.3.0/24"] - enforce_private_link_endpoint_network_policies = true + private_endpoint_network_policies_enabled = true } module "aks" { - source = "Azure/aks/azurerm" - resource_group_name = azurerm_resource_group.geekzone.name - client_id = var.client_id - client_secret = var.client_secret - kubernetes_version = "1.21.7" - orchestrator_version = "1.21.7" - prefix = "prefix" - cluster_name = "GeekZoneCluster" - network_plugin = "azure" - vnet_subnet_id = azurerm_subnet.aks.id - os_disk_size_gb = 50 - sku_tier = "Paid" # defaults to Free - enable_role_based_access_control = false - rbac_aad_managed = false - private_cluster_enabled = false # default value - enable_http_application_routing = false - enable_azure_policy = true - enable_auto_scaling = true - enable_host_encryption = false - agents_min_count = 1 - agents_max_count = 2 - agents_count = null # Please set `agents_count` `null` while `enable_auto_scaling` is `true` to avoid possible `agents_count` changes. - agents_max_pods = 100 - agents_pool_name = "geekzone" - agents_availability_zones = ["1", "2", "3"] - agents_type = "VirtualMachineScaleSets" + source = "Azure/aks/azurerm" + resource_group_name = azurerm_resource_group.geekzone.name + client_id = var.ARM_CLIENT_ID + client_secret = var.ARM_CLIENT_SECRET + kubernetes_version = var.kubernetes_version + orchestrator_version = var.orchestrator_version + prefix = "prefix" + cluster_name = "GeekZoneCluster" + network_plugin = "azure" + vnet_subnet_id = azurerm_subnet.aks.id + os_disk_size_gb = 50 + sku_tier = "Standard" + role_based_access_control_enabled = false + rbac_aad = false + rbac_aad_managed = false + private_cluster_enabled = false # default value + http_application_routing_enabled = false + azure_policy_enabled = true + public_network_access_enabled = false + enable_auto_scaling = true + enable_host_encryption = false + agents_min_count = 1 + agents_max_count = 2 + agents_count = null # Please set `agents_count` `null` while `enable_auto_scaling` is `true` to avoid possible `agents_count` changes. + agents_max_pods = 100 + agents_pool_name = "geekzone" + agents_availability_zones = ["1", "2", "3"] + agents_type = "VirtualMachineScaleSets" agents_tags = { "env" : "prod" } - enable_ingress_application_gateway = false - - network_policy = "azure" - net_profile_dns_service_ip = "10.0.0.10" - net_profile_docker_bridge_cidr = "170.10.0.1/16" - net_profile_service_cidr = "10.0.0.0/16" + network_policy = "azure" + net_profile_dns_service_ip = "10.0.0.10" + net_profile_service_cidr = "10.0.0.0/16" depends_on = [azurerm_resource_group.geekzone, resource.azurerm_virtual_network.geekzone] } @@ -177,4 +175,4 @@ resource "azurerm_private_endpoint" "geekzone" { is_manual_connection = false } -} \ No newline at end of file +} diff --git a/azure/terraform-azure/variables.tf b/azure/terraform-azure/variables.tf index 70ee6dd..ae69f57 100644 --- a/azure/terraform-azure/variables.tf +++ b/azure/terraform-azure/variables.tf @@ -1,16 +1,13 @@ -variable "client_id" { +variable "ARM_CLIENT_ID" { } -variable "client_secret" { +variable "ARM_CLIENT_SECRET" { } -variable "tenant_id" { +variable "ARM_TENANT_ID" { } -variable "subscription_id" { -} - -variable "ssh_key" { +variable "ARM_SUBSCRIPTION_ID" { } variable "administrator_login" { @@ -24,5 +21,9 @@ variable "location" { } variable "kubernetes_version" { - default = "1.21.7" -} \ No newline at end of file + default = "1.27.7" +} + +variable "orchestrator_version" { + default = "1.27.7" +}