Skip to content

Commit

Permalink
Merge pull request 2i2c-org#4745 from consideRatio/pr/terraform-comme…
Browse files Browse the repository at this point in the history
…nts-and-minor-bumps

terraform: add fixme comments about major versions bumps, and reference comments
  • Loading branch information
consideRatio authored Sep 9, 2024
2 parents 28d58cd + a465181 commit 99b0ff8
Show file tree
Hide file tree
Showing 8 changed files with 36 additions and 11 deletions.
2 changes: 1 addition & 1 deletion terraform/aws/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = "~> 1.5"
required_version = "~> 1.9"

required_providers {
aws = {
Expand Down
3 changes: 3 additions & 0 deletions terraform/azure/budget-alerts.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription
data "azurerm_subscription" "current" {}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/consumption_budget_subscription
resource "azurerm_consumption_budget_subscription" "budget" {
count = var.budget_alert_enabled ? 1 : 0

Expand Down
17 changes: 14 additions & 3 deletions terraform/azure/main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@

terraform {
required_version = "~> 1.5"
required_version = "~> 1.9"
required_providers {
azurerm = {
# FIXME: upgrade to v4, see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide
# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest
source = "hashicorp/azurerm"
version = "~> 3.111"
Expand All @@ -17,14 +18,14 @@ terraform {
kubernetes = {
# ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest
source = "hashicorp/kubernetes"
version = "~> 2.31"
version = "~> 2.32"
}

# Used to decrypt sops encrypted secrets containing PagerDuty keys
sops = {
# ref: https://registry.terraform.io/providers/carlpett/sops/latest
source = "carlpett/sops"
version = "~> 1.0"
version = "~> 1.1"
}
}
backend "gcs" {
Expand All @@ -33,27 +34,32 @@ terraform {
}
}

# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs#argument-reference
provider "azuread" {
tenant_id = var.tenant_id
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#argument-reference
provider "azurerm" {
subscription_id = var.subscription_id
features {}
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group
resource "azurerm_resource_group" "jupyterhub" {
name = var.resourcegroup_name
location = var.location
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network
resource "azurerm_virtual_network" "jupyterhub" {
name = "k8s-network"
location = azurerm_resource_group.jupyterhub.location
resource_group_name = azurerm_resource_group.jupyterhub.name
address_space = ["10.0.0.0/8"]
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet
resource "azurerm_subnet" "node_subnet" {
name = "k8s-nodes-subnet"
virtual_network_name = azurerm_virtual_network.jupyterhub.name
Expand All @@ -64,6 +70,7 @@ resource "azurerm_subnet" "node_subnet" {
service_endpoints = ["Microsoft.Storage"]
}

# ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
provider "kubernetes" {
host = azurerm_kubernetes_cluster.jupyterhub.kube_config[0].host
client_certificate = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config[0].client_certificate)
Expand All @@ -72,6 +79,7 @@ provider "kubernetes" {
}


# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
resource "azurerm_kubernetes_cluster" "jupyterhub" {
name = "hub-cluster"
location = azurerm_resource_group.jupyterhub.location
Expand Down Expand Up @@ -154,6 +162,7 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" {
}


# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool
resource "azurerm_kubernetes_cluster_node_pool" "user_pool" {
for_each = { for i, v in var.node_pools["user"] : v.name => v }

Expand All @@ -180,6 +189,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_pool" {
}


# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool
resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" {
for_each = { for i, v in var.node_pools["dask"] : v.name => v }

Expand All @@ -205,6 +215,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" {
}


# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry
resource "azurerm_container_registry" "container_registry" {
name = var.global_container_registry_name
resource_group_name = azurerm_resource_group.jupyterhub.name
Expand Down
3 changes: 3 additions & 0 deletions terraform/azure/pagerduty.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,13 @@
* https://2i2c-org.pagerduty.com/service-directory/?direction=asc&query=&team_ids=all
*
*/
# ref: https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file
data "sops_file" "pagerduty_service_integration_keys" {
# Read sops encrypted file containing integration key for pagerduty
source_file = "secret/enc-pagerduty-service-integration-keys.secret.yaml"
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group
resource "azurerm_monitor_action_group" "alerts" {
name = "AlertsActionGroup" # Changing this forces a recreation
resource_group_name = var.resourcegroup_name
Expand All @@ -24,6 +26,7 @@ resource "azurerm_monitor_action_group" "alerts" {
}
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert
resource "azurerm_monitor_metric_alert" "disk_space_full_alert" {
# Changing the name forces a recreation every time we apply
name = "Used disk space approaching capacity on Azure Subscription ${var.subscription_id}"
Expand Down
2 changes: 2 additions & 0 deletions terraform/azure/service-principal.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal
resource "azuread_service_principal" "service_principal" {
count = var.create_service_principal ? 1 : 0

Expand All @@ -6,6 +7,7 @@ resource "azuread_service_principal" "service_principal" {
use_existing = true
}

# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password.html
resource "azuread_service_principal_password" "service_principal_password" {
count = var.create_service_principal ? 1 : 0

Expand Down
4 changes: 4 additions & 0 deletions terraform/azure/storage.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account
resource "azurerm_storage_account" "homes" {
name = var.global_storage_account_name
resource_group_name = azurerm_resource_group.jupyterhub.name
Expand Down Expand Up @@ -27,6 +28,7 @@ resource "azurerm_storage_account" "homes" {
}
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share
resource "azurerm_storage_share" "homes" {
name = "homes"
storage_account_name = azurerm_storage_account.homes.name
Expand All @@ -43,13 +45,15 @@ output "azure_fileshare_url" {
value = azurerm_storage_share.homes.url
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/recovery_services_vault
resource "azurerm_recovery_services_vault" "homedir_recovery_vault" {
name = "homedir-recovery-vault"
location = azurerm_resource_group.jupyterhub.location
resource_group_name = azurerm_resource_group.jupyterhub.name
sku = "Standard"
}

# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share
resource "azurerm_backup_policy_file_share" "backup_policy" {
name = "homedir-recovery-vault-policy"
resource_group_name = azurerm_resource_group.jupyterhub.name
Expand Down
9 changes: 5 additions & 4 deletions terraform/gcp/main.tf
Original file line number Diff line number Diff line change
@@ -1,23 +1,24 @@
terraform {
required_version = "~> 1.5"
required_version = "~> 1.9"

backend "gcs" {}
required_providers {
google = {
# FIXME: upgrade to v6, see https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade
# ref: https://registry.terraform.io/providers/hashicorp/google/latest
source = "google"
version = "~> 5.36"
version = "~> 5.43"
}
kubernetes = {
# ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest
source = "hashicorp/kubernetes"
version = "~> 2.31"
version = "~> 2.32"
}
# Used to decrypt sops encrypted secrets containing PagerDuty keys
sops = {
# ref: https://registry.terraform.io/providers/carlpett/sops/latest
source = "carlpett/sops"
version = "~> 1.0"
version = "~> 1.1"
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions terraform/uptime-checks/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = "~> 1.5"
required_version = "~> 1.9"
backend "gcs" {
# This is a separate GCS bucket than what we use for our other terraform state
# This is less sensitive, so let's keep it separate
Expand All @@ -8,16 +8,17 @@ terraform {
}
required_providers {
google = {
# FIXME: upgrade to v6, see https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade
# ref: https://registry.terraform.io/providers/hashicorp/google/latest
source = "google"
version = "~> 4.55"
version = "~> 5.43"
}

# Used to decrypt sops encrypted secrets containing PagerDuty keys
sops = {
# ref: https://registry.terraform.io/providers/carlpett/sops/latest
source = "carlpett/sops"
version = "~> 0.7.2"
version = "~> 1.1"
}
}
}

0 comments on commit 99b0ff8

Please sign in to comment.