docs: add Terraform module #2560
Conversation
✅ Deploy Preview for constellation-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
elchead
force-pushed
the
doc/cli/terraform-module
branch
from
0d79aa2 to
d436d28
Compare
elchead
force-pushed
the
doc/cli/terraform-module
branch
2 times, most recently
from
5590366 to
b01e13a
Compare
There was a problem hiding this comment.
Just from reading over everything, I'd say we could be a bit more elaborate on the steps. I'll test the module myself. Duo to vacation will only be able to do so in 2 weeks, if there is someone quicker than me @thomasten, please don't see this as a blocker.
Ideally someone with low terraform knowledge (like me) would do this as a rubber duck debugging.
| - `infrastructure/iam/{csp}`: contains the resources to set up IAM | ||
|
|
||
| ## Cluster upgrades | ||
| Using the remote URL of the terraform-module zip as source, the instructions inside your `main.tf` file are as follows: |
There was a problem hiding this comment.
I don't understand this sentence
There was a problem hiding this comment.
tried to make it more clear
| 2. (Optional) Update the image version. | ||
|
|
||
| `image` is a mandatory field and needs to be updated to `$NEW_VERSION` to perform a node image upgrade. | ||
|
|
||
| 3. (Optional) Update the Kubernetes version. | ||
|
|
||
| If `kubernetes_version` isn't set, the latest version default on the newer Constellation release will be used, which might imply a Kubernetes upgrade. If you want to avoid implicit upgrades, explicitly set the field. For the supported versions, refer to [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy). | ||
|
|
||
| #TODO should we add the info from /dev-docs/workflows/versions-support.md on the official page to provide info on image / microservice support too? | ||
|
|
||
| 4. (Optional) Update the microservice version. | ||
|
|
||
| If `microservice_version` isn't set, the new version of the Constellation release will be used. This is a reasonable default, but you might want to prevent implicit upgrades by explicitly setting the field. |
There was a problem hiding this comment.
It's hard to understand for users when they should do what. For upgrading with the CLI, we just say that skipping one of these is only for "advanced users." Maybe we should limit this workflow to the default case?
There was a problem hiding this comment.
What's a good way to explain this fields then to the user since they are exposed as variables in the module. Should we add "ADVANCED USAGE:" to the description of the terraform variable to advise the user to not touch it?
There was a problem hiding this comment.
We could add this hint to microservice_version.
For image, I'd just describe it as a non-optional step.
kubernetes_version might be easy enough to be understandable.
What do you think?
Did I forget something?
There was a problem hiding this comment.
Moritz was against adding the hint. I went with limiting the workflow to the default case and removed the config steps.
There was a problem hiding this comment.
In my opinion, we should not have such "hints" in the variable descriptions, as we currently don't have these in the config either, which could create uncertainty on what is "correct". We already say that there are defaults in the variable descriptions, which is enough in my opinion.
elchead
force-pushed
the
doc/cli/terraform-module
branch
2 times, most recently
from
3b72eb6 to
a9b275c
Compare
elchead
force-pushed
the
doc/cli/terraform-module
branch
3 times, most recently
from
2d79819 to
c7228a8
Compare
elchead
dismissed
m1ghtym0’s stale review
we need to address any other improvements in a future PR to not block the release
| @@ -266,7 +68,7 @@ management tooling of your choice. You need to keep the essential functionality | |||
|
|
|||
| Make sure all necessary resources are created, e.g., through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. | |||
|
|
|||
| Fill these outputs into the corresponding fields of the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. | |||
| Fill these outputs into the corresponding fields of the `Infrastructure` block inside the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. | |||
There was a problem hiding this comment.
Idea for making it less "handwavy":
Move the bash snippets from above here and say that they'll work for the default but have to be adjusted accordingly if the outputs are changed by the modifications made by the user. Just as an idea, does not have to be implemented here necessarily. We could keep track of it while linking this PR if we want to do it at some point though.
There was a problem hiding this comment.
I tracked it in the docs ticket AB#3532
msanft
force-pushed
the
feat/terraform/azure-tf-module
branch
from
d1debde to
b85c11a
Compare
elchead
force-pushed
the
doc/cli/terraform-module
branch
from
9aae855 to
ddff944
Compare
elchead
force-pushed
the
doc/cli/terraform-module
branch
from
c42f11d to
408fa83
Compare
elchead
force-pushed
the
doc/cli/terraform-module
branch
from
408fa83 to
a983942
Compare
This reverts commit a983942.
There was a problem hiding this comment.
2 small nits. Other than that, the content looks okay to me, under the premise of the follow-up ticket. Can't say much regarding wording, etc., which should probably be checked by @thomasten
Co-authored-by: Thomas Tendyck <[email protected]>
|
|
||
| :::caution | ||
|
|
||
| The current module still relies on the Constellation CLI. Consequently, `terraform apply` creates files such as `constellation.conf.yaml`, `constellation-state.yaml` , `constellation-admin.conf`, `constellation-mastersecret.json` and a directory `constellation-terraform"` containing backups. Make sure to check in these files in your version control when using GitOps. |
There was a problem hiding this comment.
Do all of these files have to be kept?
There was a problem hiding this comment.
No, but most of them. constellation.conf.yaml could be reconstructed, but the rest contains cluster information from the apply command.
elchead
force-pushed
the
doc/cli/terraform-module
branch
from
2e93c2e to
257ade0
Compare
Co-authored-by: Thomas Tendyck <[email protected]>
Co-authored-by: Thomas Tendyck <[email protected]>
|
|
||
| ``` | ||
| module "azure-constellation" { | ||
| source = "https://github.com/edgelesssys/constellation/releases/download/<version>/terraform-module.zip//terraform-module/azure-constellation" // insert Constellation version here. |
There was a problem hiding this comment.
| source = "https://github.com/edgelesssys/constellation/releases/download/<version>/terraform-module.zip//terraform-module/azure-constellation" // insert Constellation version here. | |
| // replace <version> with a Constellation version, e.g., v2.13.0 | |
| source = "https://github.com/edgelesssys/constellation/releases/download/<version>/terraform-module.zip//terraform-module/azure-constellation" |
- The comment at the end of the line can easily be overlooked.
- We should give a hint on the format of the version number.
Still waiting for all TF modules to be merged and not sure yet about the exact release path. Is on hold until then.
Context
This adds user-facing docs on how to use the Terraform module.
Proposed change(s)
Additional info
Checklist