Merge pull request #405 from sassoftware/staging

10.0.0 - October 31, 2024

Author: riragh

Dockerfile

@@ -1,5 +1,5 @@
-ARG TERRAFORM_VERSION=1.8.2
-ARG AZURECLI_VERSION=2.59.0
+ARG TERRAFORM_VERSION=1.9.6
+ARG AZURECLI_VERSION=2.64.0
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
@@ -10,9 +10,8 @@ WORKDIR /viya4-iac-azure
 COPY --from=terraform /bin/terraform /bin/terraform
 COPY . .
 
-RUN apk update \
-  && apk upgrade \
-  && apk add --no-cache git openssh curl\
+RUN yum -y install git openssh jq which curl \
+  && yum clean all && rm -rf /var/cache/yum \
   && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
   && chmod 755 ./kubectl /viya4-iac-azure/docker-entrypoint.sh \
   && mv ./kubectl /usr/local/bin/kubectl \

README.md

@@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
 Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.
 
 #### Terraform Requirements:
-- [Terraform](https://www.terraform.io/downloads.html) - v1.8.2
+- [Terraform](https://www.terraform.io/downloads.html) - v1.9.6
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.29.7
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.59.0
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.64.0
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

container-structure-test.yaml

@@ -9,15 +9,15 @@ fileExistenceTests:
     shouldExist: true
     permissions: '-rwxr-xr-x'
   - name: 'azure-cli'
-    path: '/usr/local/bin/az'
+    path: '/usr/bin/az'
     shouldExist: true
     permissions: '-rwxr-xr-x'
 
 commandTests:
   - name: "terraform version"
     command: "terraform"
     args: ["--version"]
-    expectedOutput: ["Terraform v1.8.2"]
+    expectedOutput: ["Terraform v1.9.6"]
   - name: "python version"
     command: "python3"
     args: ["--version"]
@@ -29,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.59.0\t2.59.0\t1.1.0"]
+    expectedOutput: ["2.64.0\t2.64.0\t1.1.0"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

docs/CONFIG-VARS.md

@@ -127,22 +127,22 @@ The default values for the `subnets` variable are as follows:
   aks = {
     "prefixes": ["192.168.0.0/23"],
     "service_endpoints": ["Microsoft.Sql"],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   misc = {
     "prefixes": ["192.168.2.0/24"],
     "service_endpoints": ["Microsoft.Sql"],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   ## If using ha storage then the following is also added
   netapp = {
     "prefixes": ["192.168.3.0/24"],
     "service_endpoints": [],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {
       netapp = {

examples/sample-input-postgres.tfvars

@@ -43,21 +43,21 @@ postgres_servers = {
 #   aks = {
 #     "prefixes" : ["192.168.0.0/23"],
 #     "service_endpoints" : ["Microsoft.Sql"],
-#     "private_endpoint_network_policies_enabled" : true,
+#     "private_endpoint_network_policies" : "Enabled",
 #     "private_link_service_network_policies_enabled" : false,
 #     "service_delegations" : {},
 #   }
 #   misc = {
 #     "prefixes" : ["192.168.2.0/24"],
 #     "service_endpoints" : ["Microsoft.Sql"],
-#     "private_endpoint_network_policies_enabled" : true,
+#     "private_endpoint_network_policies" : "Enabled",
 #     "private_link_service_network_policies_enabled" : false,
 #     "service_delegations" : {},
 #   }
 #   netapp = {
 #     "prefixes" : ["192.168.3.0/24"],
 #     "service_endpoints" : [],
-#     "private_endpoint_network_policies_enabled" : false,
+#     "private_endpoint_network_policies" : "Disabled",
 #     "private_link_service_network_policies_enabled" : false,
 #     "service_delegations" : {
 #       netapp = {
@@ -69,7 +69,7 @@ postgres_servers = {
 #   postgresql = {
 #     "prefixes": ["192.168.4.0/24"],
 #     "service_endpoints": ["Microsoft.Sql"],
-#     "private_endpoint_network_policies_enabled": true,
+#     "private_endpoint_network_policies": "Enabled",
 #     "private_link_service_network_policies_enabled": false,
 #     "service_delegations": {
 #       flexpostgres = {

examples/sample-input-singlestore.tfvars

@@ -133,22 +133,22 @@ subnets = {
   aks = {
     "prefixes": ["192.168.0.0/21"],
     "service_endpoints": ["Microsoft.Sql"],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   misc = {
     "prefixes": ["192.168.8.0/24"],
     "service_endpoints": ["Microsoft.Sql"],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   ## If using ha storage then the following is also added
   netapp = {
     "prefixes": ["192.168.9.0/24"],
     "service_endpoints": [],
-    "private_endpoint_network_policies_enabled": false,
+    "private_endpoint_network_policies": "Disabled",
     "private_link_service_network_policies_enabled": false,
     "service_delegations": {
       netapp = {

linting-configs/.hadolint.yaml

@@ -1,2 +1,3 @@
 ignored:
-  - DL3018 # https://github.com/hadolint/hadolint/wiki/DL3018
+  # Specify version with yum install -y <package>-<version> - https://github.com/hadolint/hadolint/wiki/DL3033
+  - DL3033

main.tf

@@ -159,7 +159,6 @@ module "aks" {
   aks_network_policy                       = var.aks_network_policy
   aks_network_plugin_mode                  = var.aks_network_plugin_mode
   aks_dns_service_ip                       = var.aks_dns_service_ip
-  aks_docker_bridge_cidr                   = var.aks_docker_bridge_cidr
   cluster_egress_type                      = local.cluster_egress_type
   aks_pod_cidr                             = var.aks_pod_cidr
   aks_service_cidr                         = var.aks_service_cidr
@@ -194,15 +193,13 @@ module "node_pools" {
 
   for_each = var.node_pools
 
-  node_pool_name = each.key
-  aks_cluster_id = module.aks.cluster_id
-  vnet_subnet_id = module.vnet.subnets["aks"].id
-  machine_type   = each.value.machine_type
-  fips_enabled   = var.fips_enabled
-  os_disk_size   = each.value.os_disk_size
-  # TODO: enable with azurerm v2.37.0
-  #  os_disk_type                 = each.value.os_disk_type
-  enable_auto_scaling          = each.value.min_nodes == each.value.max_nodes ? false : true
+  node_pool_name               = each.key
+  aks_cluster_id               = module.aks.cluster_id
+  vnet_subnet_id               = module.vnet.subnets["aks"].id
+  machine_type                 = each.value.machine_type
+  fips_enabled                 = var.fips_enabled
+  os_disk_size                 = each.value.os_disk_size
+  auto_scaling_enabled         = each.value.min_nodes == each.value.max_nodes ? false : true
   node_count                   = each.value.min_nodes
   min_nodes                    = each.value.min_nodes == each.value.max_nodes ? null : each.value.min_nodes
   max_nodes                    = each.value.min_nodes == each.value.max_nodes ? null : each.value.max_nodes
@@ -212,7 +209,7 @@ module "node_pools" {
   zones                        = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]
   proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)
   orchestrator_version         = var.kubernetes_version
-  enable_host_encryption       = var.aks_cluster_enable_host_encryption
+  host_encryption_enabled      = var.aks_cluster_enable_host_encryption
   tags                         = var.tags
 }
 
@@ -260,19 +257,6 @@ module "netapp" {
   depends_on          = [module.vnet]
 }
 
-module "message_broker" {
-  source = "./modules/azurerm_message_broker"
-  count  = var.create_azure_message_broker ? 1 : 0
-
-  resource_group_name     = local.aks_rg.name
-  location                = var.location
-  prefix                  = var.prefix
-  message_broker_sku      = var.message_broker_sku
-  message_broker_name     = var.message_broker_name
-  message_broker_capacity = var.message_broker_capacity
-  tags                    = var.tags
-}
-
 data "external" "git_hash" {
   program = ["files/tools/iac_git_info.sh"]
 }

modules/aks_node_pool/main.tf

@@ -4,57 +4,52 @@
 # Reference: https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster_node_pool.html
 
 resource "azurerm_kubernetes_cluster_node_pool" "autoscale_node_pool" {
-  count                        = var.enable_auto_scaling ? 1 : 0
+  count                        = var.auto_scaling_enabled ? 1 : 0
   name                         = var.node_pool_name
   kubernetes_cluster_id        = var.aks_cluster_id
   vnet_subnet_id               = var.vnet_subnet_id
   zones                        = var.zones
   fips_enabled                 = var.fips_enabled
-  enable_host_encryption       = var.enable_host_encryption
+  host_encryption_enabled      = var.host_encryption_enabled
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size
-  # TODO: enable after azurerm v2.37.0
-  # os_disk_type                 = var.os_disk_type
-  os_type             = var.os_type
-  enable_auto_scaling = var.enable_auto_scaling
-  # Still in preview, revisit if needed later - https://docs.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools-preview
-  # enable_node_public_ip        = var.enable_node_public_ip
-  node_count           = var.node_count
-  max_count            = var.max_nodes
-  min_count            = var.min_nodes
-  max_pods             = var.max_pods
-  node_labels          = var.node_labels
-  node_taints          = var.node_taints
-  orchestrator_version = var.orchestrator_version
-  tags                 = var.tags
+  os_type                      = var.os_type
+  auto_scaling_enabled         = var.auto_scaling_enabled
+  node_public_ip_enabled       = var.node_public_ip_enabled
+  node_count                   = var.node_count
+  max_count                    = var.max_nodes
+  min_count                    = var.min_nodes
+  max_pods                     = var.max_pods
+  node_labels                  = var.node_labels
+  node_taints                  = var.node_taints
+  orchestrator_version         = var.orchestrator_version
+  tags                         = var.tags
 
   lifecycle {
     ignore_changes = [node_count]
   }
 }
 
 resource "azurerm_kubernetes_cluster_node_pool" "static_node_pool" {
-  count                        = var.enable_auto_scaling ? 0 : 1
+  count                        = var.auto_scaling_enabled ? 0 : 1
   name                         = var.node_pool_name
   kubernetes_cluster_id        = var.aks_cluster_id
   vnet_subnet_id               = var.vnet_subnet_id
   zones                        = var.zones
   fips_enabled                 = var.fips_enabled
-  enable_host_encryption       = var.enable_host_encryption
+  host_encryption_enabled      = var.host_encryption_enabled
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size
-  # TODO: enable after azurerm v2.37.0
-  # os_disk_type                 = var.os_disk_type
-  os_type              = var.os_type
-  enable_auto_scaling  = var.enable_auto_scaling
-  node_count           = var.node_count
-  max_count            = var.max_nodes
-  min_count            = var.min_nodes
-  max_pods             = var.max_pods
-  node_labels          = var.node_labels
-  node_taints          = var.node_taints
-  orchestrator_version = var.orchestrator_version
-  tags                 = var.tags
+  os_type                      = var.os_type
+  auto_scaling_enabled         = var.auto_scaling_enabled
+  node_count                   = var.node_count
+  max_count                    = var.max_nodes
+  min_count                    = var.min_nodes
+  max_pods                     = var.max_pods
+  node_labels                  = var.node_labels
+  node_taints                  = var.node_taints
+  orchestrator_version         = var.orchestrator_version
+  tags                         = var.tags
 }

modules/aks_node_pool/variables.tf

@@ -23,7 +23,7 @@ variable "fips_enabled" {
   default     = false
 }
 
-variable "enable_host_encryption" {
+variable "host_encryption_enabled" {
   description = "Enables host encryption on all the nodes in the Node Pool. Changing this forces a new resource to be created."
   type        = bool
   default     = false
@@ -46,13 +46,6 @@ variable "os_disk_size" {
   default     = 100
 }
 
-# TODO: enable after azurerm v2.37.0
-# variable "os_disk_type" {
-#   description = "The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created"
-#   type = string
-#   default = "Managed"
-# }
-
 variable "os_type" {
   description = "The Operating System which should be used for this Node Pool. Changing this forces a new resource to be created. Possible values are Linux and Windows. Defaults to Linux"
   type        = string
@@ -65,12 +58,18 @@ variable "node_count" {
   default     = 1
 }
 
-variable "enable_auto_scaling" {
+variable "auto_scaling_enabled" {
   description = "Whether to enable auto-scaler."
   type        = bool
   default     = false
 }
 
+variable "node_public_ip_enabled" {
+  description = "Should nodes in this Node Pool have a Public IP Address"
+  type        = bool
+  default     = false
+}
+
 variable "max_pods" {
   description = "The maximum number of pods that can run on each agent. Changing this forces a new resource to be created."
   type        = number
@@ -116,23 +115,3 @@ variable "proximity_placement_group_id" {
   type        = string
   default     = ""
 }
-
-# For future - https://docs.microsoft.com/en-us/azure/aks/spot-node-pool
-#
-# variable "priority" {
-#   description = "The Priority for Virtual Machines within the Virtual Machine Scale Set that powers this Node Pool. Possible values are Regular and Spot. Defaults to Regular. Changing this forces a new resource to be created."
-#   type        = string
-#   default     = "Regular"
-# }
-
-# variable "eviction_policy" {
-#   description = "The Eviction Policy which should be used for Virtual Machines within the Virtual Machine Scale Set powering this Node Pool. Possible values are Deallocate and Delete. Changing this forces a new resource to be created. An Eviction Policy can only be configured when priority is set to Spot"
-#   type        = string
-#   default     = null
-# }
-
-# variable "spot_max_price" {
-#   description = "The maximum price you're willing to pay in USD per Virtual Machine. Valid values are -1 (the current on-demand price for a Virtual Machine) or a positive value with up to five decimal places. Changing this forces a new resource to be created."
-#   type        = number
-#   default     = -1
-# }