Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform: Prepare upgrade terraform to 4.0.0 #3021

Merged
merged 1 commit into from
Nov 3, 2021
Merged

terraform: Prepare upgrade terraform to 4.0.0 #3021

merged 1 commit into from
Nov 3, 2021

Conversation

ameukam
Copy link
Member

@ameukam ameukam commented Nov 2, 2021

Prepare the upgrade to 4.0.0 for the GCP terraform providers:

Signed-off-by: Arnaud Meukam ameukam@gmail.com

@ameukam
terraform: Prepare upgrade terraform to 4.0.0
4043b0b 
Prepare the upgrade to 4.0.0 for the GCP terraform providers:

- bump the provider to 3.90.1
- remove fields unsupport in 4.0.0. The fieds unsupported in 4.0.0 can
  be found here: https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/guides/version_4_upgrade#resource-google_container_cluster
- ensure Shielded Nodes feature is disabled. See: hashicorp/terraform-provider-google#10403

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/infra Infrastructure management, infrastructure design, code in infra/ labels Nov 2, 2021
@k8s-ci-robot k8s-ci-robot added area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Nov 2, 2021
@ameukam
Copy link
Member Author

ameukam commented Nov 2, 2021

/hold
cc @spiffxp @endocrimes

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 2, 2021
spiffxp
spiffxp approved these changes Nov 2, 2021
View reviewed changes
Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 2, 2021
endocrimes
endocrimes approved these changes Nov 3, 2021
View reviewed changes
Copy link
Member

@endocrimes endocrimes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yay for shielding 🎉

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, endocrimes, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

cpanato
cpanato reviewed Nov 3, 2021
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@ameukam
Copy link
Member Author

ameukam commented Nov 3, 2021

Ran terraform plan for k8s-infra-prow-build-trusted:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.prow_build_cluster.google_container_cluster.prod_cluster[0] will be updated in-place
  ~ resource "google_container_cluster" "prod_cluster" {
        id                          = "projects/k8s-infra-prow-build-trusted/locations/us-central1/clusters/prow-build-trusted"
        name                        = "prow-build-trusted"
        # (27 unchanged attributes hidden)

      ~ workload_identity_config {
          - identity_namespace = "k8s-infra-prow-build-trusted.svc.id.goog" -> null
          + workload_pool      = "k8s-infra-prow-build-trusted.svc.id.goog"
        }
        # (17 unchanged blocks hidden)
    }

Ran terraform apply:

module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Modifying... [id=projects/k8s-infra-prow-build-trusted/locations/us-central1/clusters/prow-build-trusted]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Still modifying... [id=projects/k8s-infra-prow-build-trusted/l...s-central1/clusters/prow-build-trusted, 10s elapsed]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Still modifying... [id=projects/k8s-infra-prow-build-trusted/l...s-central1/clusters/prow-build-trusted, 20s elapsed]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Modifications complete after 27s [id=projects/k8s-infra-prow-build-trusted/locations/us-central1/clusters/prow-build-trusted]
Releasing state lock. This may take a few moments...

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

@ameukam
Copy link
Member Author

ameukam commented Nov 3, 2021
edited
Loading

Ran terraform apply for k8s-infra-monitoring (created in hhttps://github.com//pull/2944):

❯ tf apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_monitoring_notification_channel.email["sig-k8s-infra-leads@kubernetes.io"] will be created
  + resource "google_monitoring_notification_channel" "email" {
      + display_name        = "sig-k8s-infra-leads@kubernetes.io"
      + enabled             = true
      + id                  = (known after apply)
      + labels              = {
          + "email_address" = "sig-k8s-infra-leads@kubernetes.io"
        }
      + name                = (known after apply)
      + project             = "kubernetes-public"
      + type                = "email"
      + verification_status = (known after apply)
    }

  # google_monitoring_notification_channel.email["steering@kubernetes.io"] will be created
  + resource "google_monitoring_notification_channel" "email" {
      + display_name        = "steering@kubernetes.io"
      + enabled             = true
      + id                  = (known after apply)
      + labels              = {
          + "email_address" = "steering@kubernetes.io"
        }
      + name                = (known after apply)
      + project             = "kubernetes-public"
      + type                = "email"
      + verification_status = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_monitoring_notification_channel.email["steering@kubernetes.io"]: Creating...
google_monitoring_notification_channel.email["sig-k8s-infra-leads@kubernetes.io"]: Creating...
google_monitoring_notification_channel.email["sig-k8s-infra-leads@kubernetes.io"]: Creation complete after 2s [id=projects/kubernetes-public/notificationChannels/17602855847120079267]
google_monitoring_notification_channel.email["steering@kubernetes.io"]: Creation complete after 2s [id=projects/kubernetes-public/notificationChannels/7352329561369729250]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

@ameukam
Copy link
Member Author

ameukam commented Nov 3, 2021

I had to update the billing budgets in k8s-infra-kubernetes-io. Somehow I got duplicate for notification channels :

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # google_billing_budget.capg_budget will be updated in-place
  ~ resource "google_billing_budget" "capg_budget" {
        id              = "billingAccounts/018801-93540E-22A20E/budgets/48207778-f6ad-44c1-9bd1-1b88e3006c81"
        name            = "48207778-f6ad-44c1-9bd1-1b88e3006c81"
        # (2 unchanged attributes hidden)

      ~ all_updates_rule {
          ~ monitoring_notification_channels = [
              - "projects/kubernetes-public/notificationChannels/5718453951835890521",
              + "projects/kubernetes-public/notificationChannels/13343268313622391552",
            ]
            # (2 unchanged attributes hidden)
        }




        # (7 unchanged blocks hidden)
    }

  # google_billing_budget.k8s_infra will be updated in-place
  ~ resource "google_billing_budget" "k8s_infra" {
        id              = "billingAccounts/018801-93540E-22A20E/budgets/c29e1d1a-8040-4e9e-a0b8-8743e5364d73"
        name            = "c29e1d1a-8040-4e9e-a0b8-8743e5364d73"
        # (2 unchanged attributes hidden)

      ~ all_updates_rule {
          ~ monitoring_notification_channels = [
              - "projects/kubernetes-public/notificationChannels/5718453951835890521",
              + "projects/kubernetes-public/notificationChannels/13343268313622391552",
            ]
            # (2 unchanged attributes hidden)
        }




        # (5 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.
google_billing_budget.k8s_infra: Modifying... [id=billingAccounts/018801-93540E-22A20E/budgets/c29e1d1a-8040-4e9e-a0b8-8743e5364d73]
google_billing_budget.capg_budget: Modifying... [id=billingAccounts/018801-93540E-22A20E/budgets/48207778-f6ad-44c1-9bd1-1b88e3006c81]
google_billing_budget.k8s_infra: Modifications complete after 3s [id=billingAccounts/018801-93540E-22A20E/budgets/c29e1d1a-8040-4e9e-a0b8-8743e5364d73]
google_billing_budget.capg_budget: Modifications complete after 3s [id=billingAccounts/018801-93540E-22A20E/budgets/48207778-f6ad-44c1-9bd1-1b88e3006c81]

Apply complete! Resources: 0 added, 2 changed, 0 destroyed.

@ameukam
Copy link
Member Author

ameukam commented Nov 3, 2021

Ran terraform apply for k8s-infra-prow-build:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.prow_build_cluster.google_container_cluster.prod_cluster[0] will be updated in-place
  ~ resource "google_container_cluster" "prod_cluster" {
        id                          = "projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build"
        name                        = "prow-build"
        # (27 unchanged attributes hidden)

      ~ workload_identity_config {
          - identity_namespace = "k8s-infra-prow-build.svc.id.goog" -> null
          + workload_pool      = "k8s-infra-prow-build.svc.id.goog"
        }
        # (18 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Modifying... [id=projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Still modifying... [id=projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build, 10s elapsed]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Still modifying... [id=projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build, 20s elapsed]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Still modifying... [id=projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build, 30s elapsed]
module.prow_build_cluster.google_container_cluster.prod_cluster[0]: Modifications complete after 34s [id=projects/k8s-infra-prow-build/locations/us-central1/clusters/prow-build]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

@ameukam
Copy link
Member Author

ameukam commented Nov 3, 2021

I skipped kubernetes-public. @spiffxp is making changes on the terraform state for this project in #3028.

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 3, 2021
@k8s-ci-robot k8s-ci-robot merged commit 667feb9 into kubernetes:main Nov 3, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Nov 3, 2021
@spiffxp
Copy link
Member

spiffxp commented Nov 3, 2021

Done with kubernetes-public

terraform init -upgrade
terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # google_container_cluster.cluster will be updated in-place
  ~ resource "google_container_cluster" "cluster" {
        id                          = "aaa"
        name                        = "aaa"
        # (27 unchanged attributes hidden)

      ~ workload_identity_config {
          - identity_namespace = "kubernetes-public.svc.id.goog" -> null
          + workload_pool      = "kubernetes-public.svc.id.goog"
        }
        # (20 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_container_cluster.cluster: Modifying... [id=aaa]
google_container_cluster.cluster: Still modifying... [id=aaa, 10s elapsed]
google_container_cluster.cluster: Still modifying... [id=aaa, 20s elapsed]
google_container_cluster.cluster: Still modifying... [id=aaa, 30s elapsed]
google_container_cluster.cluster: Modifications complete after 35s [id=aaa]

ameukam added a commit to ameukam/k8s.io that referenced this pull request Nov 3, 2021
@ameukam
Remove terraform plan accidentally merged in kubernetes#3021
93c12cd 
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
ameukam added a commit to ameukam/k8s.io that referenced this pull request May 18, 2022
@ameukam
prow: Bump GCP provider for the build clusters
c175be7 
Followup of: kubernetes#3021

Upgrade Terraform provider for GCP to 4.16.

I did an upgrade to the 4.0.0 of the provider to ensure we are not
impacated.
Changelog of 4.0.O: https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md#400-november-02-2021

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
@ameukam ameukam mentioned this pull request May 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato left review comments

@spiffxp spiffxp spiffxp approved these changes

@endocrimes endocrimes endocrimes approved these changes

@cjwagner cjwagner Awaiting requested review from cjwagner

Assignees

@spiffxp spiffxp

@endocrimes endocrimes

@cpanato cpanato

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.23
Development

Successfully merging this pull request may close these issues.
5 participants
@ameukam @k8s-ci-robot @spiffxp @endocrimes @cpanato