diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index e8e5f7f4af..127a28d63d 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = "~> 1.9" required_providers { aws = { diff --git a/terraform/azure/budget-alerts.tf b/terraform/azure/budget-alerts.tf index 4f359be9ee..dd9f823350 100644 --- a/terraform/azure/budget-alerts.tf +++ b/terraform/azure/budget-alerts.tf @@ -1,4 +1,7 @@ +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription data "azurerm_subscription" "current" {} + +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/consumption_budget_subscription resource "azurerm_consumption_budget_subscription" "budget" { count = var.budget_alert_enabled ? 1 : 0 diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index 33f59d5a90..a8292102b8 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -1,8 +1,9 @@ terraform { - required_version = "~> 1.5" + required_version = "~> 1.9" required_providers { azurerm = { + # FIXME: upgrade to v4, see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest source = "hashicorp/azurerm" version = "~> 3.111" @@ -17,14 +18,14 @@ terraform { kubernetes = { # ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest source = "hashicorp/kubernetes" - version = "~> 2.31" + version = "~> 2.32" } # Used to decrypt sops encrypted secrets containing PagerDuty keys sops = { # ref: https://registry.terraform.io/providers/carlpett/sops/latest source = "carlpett/sops" - version = "~> 1.0" + version = "~> 1.1" } } backend "gcs" { @@ -33,20 +34,24 @@ terraform { } } +# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs#argument-reference provider "azuread" { tenant_id = var.tenant_id } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#argument-reference provider "azurerm" { subscription_id = var.subscription_id features {} } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group resource "azurerm_resource_group" "jupyterhub" { name = var.resourcegroup_name location = var.location } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network resource "azurerm_virtual_network" "jupyterhub" { name = "k8s-network" location = azurerm_resource_group.jupyterhub.location @@ -54,6 +59,7 @@ resource "azurerm_virtual_network" "jupyterhub" { address_space = ["10.0.0.0/8"] } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet resource "azurerm_subnet" "node_subnet" { name = "k8s-nodes-subnet" virtual_network_name = azurerm_virtual_network.jupyterhub.name @@ -64,6 +70,7 @@ resource "azurerm_subnet" "node_subnet" { service_endpoints = ["Microsoft.Storage"] } +# ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs provider "kubernetes" { host = azurerm_kubernetes_cluster.jupyterhub.kube_config[0].host client_certificate = base64decode(azurerm_kubernetes_cluster.jupyterhub.kube_config[0].client_certificate) @@ -72,6 +79,7 @@ provider "kubernetes" { } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster resource "azurerm_kubernetes_cluster" "jupyterhub" { name = "hub-cluster" location = azurerm_resource_group.jupyterhub.location @@ -154,6 +162,7 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { for_each = { for i, v in var.node_pools["user"] : v.name => v } @@ -180,6 +189,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { for_each = { for i, v in var.node_pools["dask"] : v.name => v } @@ -205,6 +215,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry resource "azurerm_container_registry" "container_registry" { name = var.global_container_registry_name resource_group_name = azurerm_resource_group.jupyterhub.name diff --git a/terraform/azure/pagerduty.tf b/terraform/azure/pagerduty.tf index 38b61355d8..cbd8288b89 100644 --- a/terraform/azure/pagerduty.tf +++ b/terraform/azure/pagerduty.tf @@ -8,11 +8,13 @@ * https://2i2c-org.pagerduty.com/service-directory/?direction=asc&query=&team_ids=all * */ +# ref: https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file data "sops_file" "pagerduty_service_integration_keys" { # Read sops encrypted file containing integration key for pagerduty source_file = "secret/enc-pagerduty-service-integration-keys.secret.yaml" } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group resource "azurerm_monitor_action_group" "alerts" { name = "AlertsActionGroup" # Changing this forces a recreation resource_group_name = var.resourcegroup_name @@ -24,6 +26,7 @@ resource "azurerm_monitor_action_group" "alerts" { } } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert resource "azurerm_monitor_metric_alert" "disk_space_full_alert" { # Changing the name forces a recreation every time we apply name = "Used disk space approaching capacity on Azure Subscription ${var.subscription_id}" diff --git a/terraform/azure/service-principal.tf b/terraform/azure/service-principal.tf index 78760d860a..2cf2c79a48 100644 --- a/terraform/azure/service-principal.tf +++ b/terraform/azure/service-principal.tf @@ -1,3 +1,4 @@ +# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal resource "azuread_service_principal" "service_principal" { count = var.create_service_principal ? 1 : 0 @@ -6,6 +7,7 @@ resource "azuread_service_principal" "service_principal" { use_existing = true } +# ref: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password.html resource "azuread_service_principal_password" "service_principal_password" { count = var.create_service_principal ? 1 : 0 diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index b6c2346eb3..0a336ff073 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -1,3 +1,4 @@ +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account resource "azurerm_storage_account" "homes" { name = var.global_storage_account_name resource_group_name = azurerm_resource_group.jupyterhub.name @@ -27,6 +28,7 @@ resource "azurerm_storage_account" "homes" { } } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share resource "azurerm_storage_share" "homes" { name = "homes" storage_account_name = azurerm_storage_account.homes.name @@ -43,6 +45,7 @@ output "azure_fileshare_url" { value = azurerm_storage_share.homes.url } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/recovery_services_vault resource "azurerm_recovery_services_vault" "homedir_recovery_vault" { name = "homedir-recovery-vault" location = azurerm_resource_group.jupyterhub.location @@ -50,6 +53,7 @@ resource "azurerm_recovery_services_vault" "homedir_recovery_vault" { sku = "Standard" } +# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share resource "azurerm_backup_policy_file_share" "backup_policy" { name = "homedir-recovery-vault-policy" resource_group_name = azurerm_resource_group.jupyterhub.name diff --git a/terraform/gcp/main.tf b/terraform/gcp/main.tf index 8eda10ced3..9c80cc493c 100644 --- a/terraform/gcp/main.tf +++ b/terraform/gcp/main.tf @@ -1,23 +1,24 @@ terraform { - required_version = "~> 1.5" + required_version = "~> 1.9" backend "gcs" {} required_providers { google = { + # FIXME: upgrade to v6, see https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade # ref: https://registry.terraform.io/providers/hashicorp/google/latest source = "google" - version = "~> 5.36" + version = "~> 5.43" } kubernetes = { # ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest source = "hashicorp/kubernetes" - version = "~> 2.31" + version = "~> 2.32" } # Used to decrypt sops encrypted secrets containing PagerDuty keys sops = { # ref: https://registry.terraform.io/providers/carlpett/sops/latest source = "carlpett/sops" - version = "~> 1.0" + version = "~> 1.1" } } } diff --git a/terraform/uptime-checks/main.tf b/terraform/uptime-checks/main.tf index f497b15cc5..e6208b790a 100644 --- a/terraform/uptime-checks/main.tf +++ b/terraform/uptime-checks/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = "~> 1.9" backend "gcs" { # This is a separate GCS bucket than what we use for our other terraform state # This is less sensitive, so let's keep it separate @@ -8,16 +8,17 @@ terraform { } required_providers { google = { + # FIXME: upgrade to v6, see https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade # ref: https://registry.terraform.io/providers/hashicorp/google/latest source = "google" - version = "~> 4.55" + version = "~> 5.43" } # Used to decrypt sops encrypted secrets containing PagerDuty keys sops = { # ref: https://registry.terraform.io/providers/carlpett/sops/latest source = "carlpett/sops" - version = "~> 0.7.2" + version = "~> 1.1" } } }