From d5629d93590daa8f53b98822f31c0a2177f55780 Mon Sep 17 00:00:00 2001 From: jnicholsthru Date: Fri, 6 Mar 2020 13:35:53 -0500 Subject: [PATCH] Upgrade module to terraform 0.12 --- admin_service.tf | 68 +++++----- config.tf | 18 ++- daemonset.tf | 284 ++++++++++++++++++---------------------- deployment.tf | 283 ++++++++++++++++++--------------------- loadbalancer_service.tf | 84 ++++++------ local.tf | 11 +- main.tf | 1 - namespace.tf | 18 ++- output.tf | 1 - rbac.tf | 128 +++++++++--------- serviceaccount.tf | 21 ++- variables.tf | 13 +- versions.tf | 4 + 13 files changed, 430 insertions(+), 504 deletions(-) delete mode 100644 main.tf delete mode 100644 output.tf create mode 100644 versions.tf diff --git a/admin_service.tf b/admin_service.tf index 682e865..8876b72 100644 --- a/admin_service.tf +++ b/admin_service.tf @@ -1,42 +1,34 @@ resource "kubernetes_service" "this_admin" { - count = "${var.admin_service_enable ? 1 : 0}" + count = var.admin_service_enable ? 1 : 0 - metadata = [ - { - annotations = "${var.admin_service_annotations}" + metadata { + annotations = var.admin_service_annotations + name = "${var.name}-admin" + namespace = var.namespace_name + + labels = { + terrafrom = "true", + app = var.name + } + } + + spec { + type = var.admin_service_type + + port { name = "${var.name}-admin" - namespace = "${var.namespace_name}" - - labels { - terrafrom = "true" - } - - labels { - app = "${var.name}" - } - }, - ] - - spec = [ - { - type = "${var.admin_service_type}" - - port = [ - { - name = "${var.name}-admin" - port = 8877 - protocol = "TCP" - target_port = 8877 - }, - ] - - selector { - app = "${var.name}" - } - - session_affinity = "None" - }, - ] - - depends_on = ["kubernetes_namespace.this"] + port = 8877 + protocol = "TCP" + target_port = 8877 + } + + selector = { + app = var.name + } + + session_affinity = "None" + } + + depends_on = [kubernetes_namespace.this] } + diff --git a/config.tf b/config.tf index 161a873..e84f6cb 100644 --- a/config.tf +++ b/config.tf @@ -1,20 +1,18 @@ resource "kubernetes_config_map" "this" { metadata { name = "${var.name}-config" - namespace = "${var.namespace_name}" + namespace = var.namespace_name - labels { - terrafrom = "true" - } - - labels { - app = "${var.name}" + labels = { + terrafrom = "true", + app = var.name } } - data { - exporterConfiguration = "${var.exporter_configuration}" + data = { + exporterConfiguration = var.exporter_configuration } - depends_on = ["kubernetes_namespace.this"] + depends_on = [kubernetes_namespace.this] } + diff --git a/daemonset.tf b/daemonset.tf index fc53e3e..7f475ed 100644 --- a/daemonset.tf +++ b/daemonset.tf @@ -1,182 +1,160 @@ # Create a deployment for the service resource "kubernetes_daemonset" "this" { - count = "${var.daemon_set ? 1 : 0}" + count = var.daemon_set ? 1 : 0 metadata { - name = "${var.name}" - namespace = "${var.namespace_name}" + name = var.name + namespace = var.namespace_name } spec { selector { - app = "${var.name}" + match_labels = { + app = var.name + } } template { metadata { - annotations { + annotations = { "sidecar.istio.io/inject" = false "prometheus.io/port" = "9102" "prometheus.io/scrape" = true } - labels = [ - { - terrafrom = "true" - }, - { - app = "${var.name}" - }, - ] + labels = { + terrafrom = "true" + app = var.name + } } - spec = [ - { - service_account_name = "${var.name}" - restart_policy = "Always" + spec { + service_account_name = var.name + restart_policy = "Always" - volume = [ - { - name = "stats-exporter-mapping-config" + volume { + name = "stats-exporter-mapping-config" - config_map = { - name = "${var.name}-config" + config_map { + name = "${var.name}-config" - items = [ - { - key = "exporterConfiguration" - path = "mapping-config.yaml" - }, - ] - } - }, - ] + items { + key = "exporterConfiguration" + path = "mapping-config.yaml" + } + } + } - container = [ - { - name = "${var.name}-statsd-sink" - image = "${var.exporter_image}:${var.exporter_image_tag}" - image_pull_policy = "${var.image_pull_policy}" - - args = [ - "-statsd.listen-address=:8125", - "-statsd.mapping-config=/statsd-exporter/mapping-config.yaml", - ] - - port = [ - { - container_port = 9102 - name = "metrics" - protocol = "TCP" - }, - { - container_port = 8125 - name = "listener" - protocol = "TCP" - }, - ] - - volume_mount = [ - { - mount_path = "/statsd-exporter/" - name = "stats-exporter-mapping-config" - read_only = true - }, - ] - }, - { - name = "${var.name}" - image = "${var.ambassador_image}:${var.ambassador_image_tag}" - image_pull_policy = "${var.image_pull_policy}" - termination_message_path = "/dev/termination-log" - - resources { - requests { - memory = "${var.resources_requests_memory}" - cpu = "${var.resources_requests_cpu}" - } - - limits { - memory = "${var.resources_limits_memory}" - cpu = "${var.resources_limits_cpu}" - } - } + container { + name = "${var.name}-statsd-sink" + image = "${var.exporter_image}:${var.exporter_image_tag}" + image_pull_policy = var.image_pull_policy - env = [ - { - name = "AMBASSADOR_ID" - value = "${var.ambassador_id}" - }, - { - name = "AMBASSADOR_DEBUG" - value = "${var.ambassador_debug}" - }, - { - name = "AMBASSADOR_NAMESPACE" - - value_from = { - field_ref = { - field_path = "${var.ambassador_namespace_name}" - } - } - }, - ] - - port = [ - { - name = "http" - container_port = 80 - protocol = "TCP" - }, - { - name = "https" - container_port = 443 - protocol = "TCP" - }, - { - name = "admin" - container_port = 8877 - protocol = "TCP" - }, - ] - - liveness_probe = [ - { - initial_delay_seconds = 3 - success_threshold = 1 - timeout_seconds = 1 - - http_get = [ - { - path = "/ambassador/v0/check_alive" - port = 8877 - scheme = "HTTP" - }, - ] - }, - ] - - readiness_probe = [ - { - initial_delay_seconds = 3 - success_threshold = 1 - timeout_seconds = 1 - - http_get = [ - { - path = "/ambassador/v0/check_ready" - port = 8877 - scheme = "HTTP" - }, - ] - }, - ] - }, + args = [ + "-statsd.listen-address=:8125", + "-statsd.mapping-config=/statsd-exporter/mapping-config.yaml", ] - }, - ] + + port { + container_port = 9102 + name = "metrics" + protocol = "TCP" + } + port { + container_port = 8125 + name = "listener" + protocol = "TCP" + } + + volume_mount { + mount_path = "/statsd-exporter/" + name = "stats-exporter-mapping-config" + read_only = true + } + } + container { + name = var.name + image = "${var.ambassador_image}:${var.ambassador_image_tag}" + image_pull_policy = var.image_pull_policy + termination_message_path = "/dev/termination-log" + + resources { + requests { + memory = var.resources_requests_memory + cpu = var.resources_requests_cpu + } + + limits { + memory = var.resources_limits_memory + cpu = var.resources_limits_cpu + } + } + + env { + name = "AMBASSADOR_ID" + value = var.ambassador_id + } + env { + name = "AMBASSADOR_DEBUG" + value = var.ambassador_debug + } + env { + name = "AMBASSADOR_NAMESPACE" + + value_from { + field_ref { + field_path = var.ambassador_namespace_name + } + } + } + + port { + name = "http" + container_port = 80 + protocol = "TCP" + } + port { + name = "https" + container_port = 443 + protocol = "TCP" + } + port { + name = "admin" + container_port = 8877 + protocol = "TCP" + } + + liveness_probe { + initial_delay_seconds = 3 + success_threshold = 1 + timeout_seconds = 1 + + http_get { + path = "/ambassador/v0/check_alive" + port = 8877 + scheme = "HTTP" + } + } + + readiness_probe { + initial_delay_seconds = 3 + success_threshold = 1 + timeout_seconds = 1 + + http_get { + path = "/ambassador/v0/check_ready" + port = 8877 + scheme = "HTTP" + } + } + } + } } } - depends_on = ["kubernetes_namespace.this", "kubernetes_service_account.this"] + depends_on = [ + kubernetes_namespace.this, + kubernetes_service_account.this, + ] } + diff --git a/deployment.tf b/deployment.tf index ead8c67..92fa69e 100644 --- a/deployment.tf +++ b/deployment.tf @@ -1,183 +1,162 @@ # Create a deployment for the service resource "kubernetes_deployment" "this" { - count = "${! var.daemon_set ? 1 : 0}" + count = false == var.daemon_set ? 1 : 0 metadata { - name = "${var.name}" - namespace = "${var.namespace_name}" + name = var.name + namespace = var.namespace_name } spec { - replicas = "${var.replica_count}" + replicas = var.replica_count selector { - app = "${var.name}" + match_labels = { + app = var.name + } } template { metadata { - annotations { + annotations = { "sidecar.istio.io/inject" = false "prometheus.io/port" = "9102" "prometheus.io/scrape" = true } - labels { - terrafrom = "true" - } - - labels { - app = "${var.name}" + labels = { + terrafrom = "true", + app = var.name } } - spec = [ - { - service_account_name = "${local.service_account_name}" - restart_policy = "Always" + spec { + service_account_name = local.service_account_name + restart_policy = "Always" - volume = [ - { - name = "stats-exporter-mapping-config" + volume { + name = "stats-exporter-mapping-config" - config_map = { - name = "${var.name}-config" + config_map { + name = "${var.name}-config" - items = [ - { - key = "exporterConfiguration" - path = "mapping-config.yaml" - }, - ] - } - }, - ] + items { + key = "exporterConfiguration" + path = "mapping-config.yaml" + } + } + } - container = [ - { - name = "${var.name}-statsd-sink" - image = "${var.exporter_image}:${var.exporter_image_tag}" - image_pull_policy = "${var.image_pull_policy}" - - args = [ - "-statsd.listen-address=:8125", - "-statsd.mapping-config=/statsd-exporter/mapping-config.yaml", - ] - - port = [ - { - container_port = 9102 - name = "metrics" - protocol = "TCP" - }, - { - container_port = 8125 - name = "listener" - protocol = "TCP" - }, - ] - - volume_mount = [ - { - mount_path = "/statsd-exporter/" - name = "stats-exporter-mapping-config" - read_only = true - }, - ] - }, - { - name = "${var.name}" - image = "${var.ambassador_image}:${var.ambassador_image_tag}" - image_pull_policy = "${var.image_pull_policy}" - termination_message_path = "/dev/termination-log" - - resources { - requests { - memory = "${var.resources_requests_memory}" - cpu = "${var.resources_requests_cpu}" - } - - limits { - memory = "${var.resources_limits_memory}" - cpu = "${var.resources_limits_cpu}" - } - } + container { + name = "${var.name}-statsd-sink" + image = "${var.exporter_image}:${var.exporter_image_tag}" + image_pull_policy = var.image_pull_policy - env = [ - { - name = "AMBASSADOR_ID" - value = "${var.ambassador_id}" - }, - { - name = "AMBASSADOR_DEBUG" - value = "${var.ambassador_debug}" - }, - { - name = "AMBASSADOR_NAMESPACE" - - value_from = { - field_ref = { - field_path = "${var.ambassador_namespace_name}" - } - } - }, - ] - - port = [ - { - name = "http" - container_port = 80 - protocol = "TCP" - }, - { - name = "https" - container_port = 443 - protocol = "TCP" - }, - { - name = "admin" - container_port = 8877 - protocol = "TCP" - }, - ] - - liveness_probe = [ - { - initial_delay_seconds = 3 - success_threshold = 1 - timeout_seconds = 1 - - http_get = [ - { - path = "/ambassador/v0/check_alive" - port = 8877 - scheme = "HTTP" - }, - ] - }, - ] - - readiness_probe = [ - { - initial_delay_seconds = 3 - success_threshold = 1 - timeout_seconds = 1 - - http_get = [ - { - path = "/ambassador/v0/check_ready" - port = 8877 - scheme = "HTTP" - }, - ] - }, - ] - }, + args = [ + "-statsd.listen-address=:8125", + "-statsd.mapping-config=/statsd-exporter/mapping-config.yaml", ] - }, - ] + + port { + container_port = 9102 + name = "metrics" + protocol = "TCP" + } + port { + container_port = 8125 + name = "listener" + protocol = "TCP" + } + + volume_mount { + mount_path = "/statsd-exporter/" + name = "stats-exporter-mapping-config" + read_only = true + } + } + container { + name = var.name + image = "${var.ambassador_image}:${var.ambassador_image_tag}" + image_pull_policy = var.image_pull_policy + termination_message_path = "/dev/termination-log" + + resources { + requests { + memory = var.resources_requests_memory + cpu = var.resources_requests_cpu + } + + limits { + memory = var.resources_limits_memory + cpu = var.resources_limits_cpu + } + } + + env { + name = "AMBASSADOR_ID" + value = var.ambassador_id + } + env { + name = "AMBASSADOR_DEBUG" + value = var.ambassador_debug + } + env { + name = "AMBASSADOR_NAMESPACE" + + value_from { + field_ref { + field_path = var.ambassador_namespace_name + } + } + } + + port { + name = "http" + container_port = 80 + protocol = "TCP" + } + port { + name = "https" + container_port = 443 + protocol = "TCP" + } + port { + name = "admin" + container_port = 8877 + protocol = "TCP" + } + + liveness_probe { + initial_delay_seconds = 3 + success_threshold = 1 + timeout_seconds = 1 + + http_get { + path = "/ambassador/v0/check_alive" + port = 8877 + scheme = "HTTP" + } + } + + readiness_probe { + initial_delay_seconds = 3 + success_threshold = 1 + timeout_seconds = 1 + + http_get { + path = "/ambassador/v0/check_ready" + port = 8877 + scheme = "HTTP" + } + } + } + } } } - depends_on = ["kubernetes_namespace.this", "kubernetes_service_account.this"] + depends_on = [ + kubernetes_namespace.this, + kubernetes_service_account.this, + ] } + diff --git a/loadbalancer_service.tf b/loadbalancer_service.tf index df315d9..f935f00 100644 --- a/loadbalancer_service.tf +++ b/loadbalancer_service.tf @@ -1,48 +1,40 @@ resource "kubernetes_service" "this_loadbalancer" { - count = "${var.loadbalancer_service_enable ? 1 : 0}" - - metadata = [ - { - annotations = "${var.loadbalancer_service_annotations}" - name = "${var.name}" - namespace = "${var.namespace_name}" - - labels { - terrafrom = "true" - } - - labels { - app = "${var.name}" - } - }, - ] - - spec = [ - { - type = "${var.loadbalancer_service_type}" - - port = [ - { - name = "http" - protocol = "TCP" - port = 80 - target_port = "${var.loadbalancer_service_target_ports_http}" - }, - { - name = "https" - protocol = "TCP" - port = 443 - target_port = "${var.loadbalancer_service_target_ports_https}" - }, - ] - - selector { - app = "${var.name}" - } - - session_affinity = "None" - }, - ] - - depends_on = ["kubernetes_namespace.this"] + count = var.loadbalancer_service_enable ? 1 : 0 + + metadata { + annotations = var.loadbalancer_service_annotations + name = var.name + namespace = var.namespace_name + + labels = { + terrafrom = "true", + app = var.name + } + } + + spec { + type = var.loadbalancer_service_type + + port { + name = "http" + protocol = "TCP" + port = 80 + target_port = var.loadbalancer_service_target_ports_http + } + port { + name = "https" + protocol = "TCP" + port = 443 + target_port = var.loadbalancer_service_target_ports_https + } + + selector = { + app = var.name + } + + session_affinity = "None" + } + + depends_on = [kubernetes_namespace.this] } + diff --git a/local.tf b/local.tf index cdaa909..503f43d 100644 --- a/local.tf +++ b/local.tf @@ -1,11 +1,6 @@ locals { - cluster_role_name = "${ - var.cluster_role_name == "" ? - var.name : var.cluster_role_name - }" + cluster_role_name = var.cluster_role_name == "" ? var.name : var.cluster_role_name - service_account_name = "${ - var.service_account_name == "" ? - var.name : var.service_account_name - }" + service_account_name = var.service_account_name == "" ? var.name : var.service_account_name } + diff --git a/main.tf b/main.tf deleted file mode 100644 index 8b13789..0000000 --- a/main.tf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/namespace.tf b/namespace.tf index 9992fda..81ac71f 100644 --- a/namespace.tf +++ b/namespace.tf @@ -1,19 +1,17 @@ resource "kubernetes_namespace" "this" { - count = "${var.namespace_create ? 1 : 0}" + count = var.namespace_create ? 1 : 0 metadata { - annotations { - name = "${var.namespace_name}" + annotations = { + name = var.namespace_name } - labels { - terrafrom = "true" + labels = { + terrafrom = "true", + app = var.name } - labels { - app = "${var.name}" - } - - name = "${var.namespace_name}" + name = var.namespace_name } } + diff --git a/output.tf b/output.tf deleted file mode 100644 index 8b13789..0000000 --- a/output.tf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/rbac.tf b/rbac.tf index 20c7f6c..e154d57 100644 --- a/rbac.tf +++ b/rbac.tf @@ -1,94 +1,88 @@ resource "kubernetes_cluster_role" "this" { - count = "${var.rbac_create ? 1 : 0}" + count = var.rbac_create ? 1 : 0 metadata { - name = "${local.cluster_role_name}" + name = local.cluster_role_name - labels = [ - { - terrafrom = "true" - }, - { - app = "${var.name}" - }, - ] + labels = { + terrafrom = "true" + app = var.name + } } - rule = [ - { - api_groups = [""] - resources = ["endpoints", "namespaces", "secrets", "services"] - verbs = ["get", "list", "watch"] - }, - { - api_groups = ["getambassador.io"] - resources = ["*"] - verbs = ["get", "list", "watch"] - }, - { - api_groups = ["apiextensions.k8s.io"] - resources = ["customresourcedefinitions"] - verbs = ["get", "list", "watch"] - }, - { - api_groups = ["networking.internal.knative.dev"] - resources = ["clusteringresses", "ingresses"] - verbs = ["get", "list", "watch"] - }, - { - api_groups = ["networking.internal.knative.dev"] - resources = ["ingresses/status", "clusteringresses/status"] - verbs = ["update"] - }, - { - api_groups = ["extensions"] - resources = ["ingresses"] - verbs = ["get", "list", "watch"] - }, - { - api_groups = ["extensions"] - resources = ["ingresses/status"] - verbs = ["update"] - }, - { - api_groups = [""] - resources = ["configmaps"] - verbs = ["create", "update", "patch", "get", "list", "watch"] - }, - ] + rule { + api_groups = [""] + resources = ["endpoints", "namespaces", "secrets", "services"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["getambassador.io"] + resources = ["*"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["apiextensions.k8s.io"] + resources = ["customresourcedefinitions"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["networking.internal.knative.dev"] + resources = ["clusteringresses", "ingresses"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["networking.internal.knative.dev"] + resources = ["ingresses/status", "clusteringresses/status"] + verbs = ["update"] + } + rule { + api_groups = ["extensions"] + resources = ["ingresses"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["extensions"] + resources = ["ingresses/status"] + verbs = ["update"] + } + rule { + api_groups = [""] + resources = ["configmaps"] + verbs = ["create", "update", "patch", "get", "list", "watch"] + } } resource "kubernetes_cluster_role_binding" "this" { - count = "${var.rbac_create ? 1 : 0}" + count = var.rbac_create ? 1 : 0 lifecycle { - ignore_changes = ["subject.0.api_group"] + ignore_changes = [subject.0.api_group] } metadata { - name = "${local.cluster_role_name}" + name = local.cluster_role_name - labels = [ - { - terrafrom = "true" - }, - { - app = "${var.name}" - }, - ] + labels = { + terrafrom = "true" + app = var.name + } } role_ref { api_group = "rbac.authorization.k8s.io" - name = "${local.cluster_role_name}" + name = local.cluster_role_name kind = "ClusterRole" } subject { kind = "ServiceAccount" - name = "${local.service_account_name}" - namespace = "${var.namespace_name}" + name = local.service_account_name + namespace = var.namespace_name } - depends_on = ["kubernetes_namespace.this", "kubernetes_cluster_role.this"] + depends_on = [ + kubernetes_namespace.this, + kubernetes_cluster_role.this, + ] } + diff --git a/serviceaccount.tf b/serviceaccount.tf index abb958a..2def5a9 100644 --- a/serviceaccount.tf +++ b/serviceaccount.tf @@ -1,20 +1,17 @@ resource "kubernetes_service_account" "this" { - count = "${var.service_account_create ? 1 : 0}" + count = var.service_account_create ? 1 : 0 # automount_service_account_token = true metadata { - name = "${local.service_account_name}" - namespace = "${var.namespace_name}" + name = local.service_account_name + namespace = var.namespace_name - labels = [ - { - terrafrom = "true" - }, - { - app = "${var.name}" - }, - ] + labels = { + terrafrom = "true" + app = var.name + } } - depends_on = ["kubernetes_namespace.this"] + depends_on = [kubernetes_namespace.this] } + diff --git a/variables.tf b/variables.tf index 35628a0..c62741d 100644 --- a/variables.tf +++ b/variables.tf @@ -36,7 +36,7 @@ variable "image_pull_policy" { variable "image_pull_secrets" { description = "Image pull secrets" default = [] - type = "list" + type = list(string) } variable "daemon_set" { @@ -52,13 +52,13 @@ variable "replica_count" { variable "volumes" { description = "Volumes for the ambassador service" default = [] - type = "list" + type = list(string) } variable "volume_mounts" { description = "Volume mounts for the ambassador service" default = [] - type = "list" + type = list(string) } variable "resources_requests_cpu" { @@ -145,7 +145,7 @@ variable "loadbalancer_service_ip" { variable "loadbalancer_service_annotations" { description = "Annotations to apply to Ambassador loadbalancer service" default = {} - type = "map" + type = map(string) } variable "loadbalancer_service_source_ranges" { @@ -167,7 +167,7 @@ variable "admin_service_enable" { variable "admin_service_annotations" { description = "Annotations to apply to Ambassador loadbalancer service" default = {} - type = "map" + type = map(string) } variable "admin_service_type" { @@ -208,5 +208,6 @@ variable "timing_shutdown" { variable "lables_global" { description = "Additional global lables to be applied, list of maps" default = [] - type = "list" + type = list(string) } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..82db498 --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12.21" +}