Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: (IAC-997) (IAC-995) Update viya4-iac-gcp Providers, Modules, & Dependencies and Patch Security Issues #173

Merged
merged 5 commits into from
May 15, 2023
Merged

feat!: (IAC-997) (IAC-995) Update viya4-iac-gcp Providers, Modules, & Dependencies and Patch Security Issues #173

merged 5 commits into from
May 15, 2023

Conversation

jarpat
Copy link
Contributor

@jarpat jarpat commented May 5, 2023
edited

Changes

Update the viya4-iac-gcp Providers, Modules, & Dependencies and Patch Security Issues

Below is notes and changes that I made as I upgraded the modules/providers.

Providers

hashicorp/google & hashicorp/google-beta
hashicorp/kubernetes
hashicorp/local
hashicorp/template
  • Versions:
    • Initial Version: 2.2.3
    • Final Version: Removed
      • Notes:
        • This provider has been deprecated in favor of the templatefile function since 2020, now would be a good time to make the swap before it's officially removed.
        • templatefile is already used in the OSS repo, so use that a reference
  • Deprecation Notice: Provider archived hashicorp/terraform-provider-template#85
hashicorp/random
hashicorp/null
hashicorp/external
hashicorp/time

Modules

module.gke
  • Source: terraform-google-modules/kubernetes-engine/google//modules/private-cluster
  • Versions:
    • Initial Version: 23.1.0
    • Final Version: 25.0.0
      • Notes:
        • enable auto repair and upgrade with cluster autoscaling #1530
          • Small update will need to be made to the cluster_autoscaling line here in main.tf. It now requires the attributes auto_repair & auto_upgrade and their values, similarly to how we added a default for gpu_resources during the last module update
          • The default of these additions should be either true or false. We actually set those values in the node_pools map already based off whether the user set var.kubernetes_channel here, so we can adopt the same behavior for cluster_autoscaling
  • Change Log: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/v25.0.0/CHANGELOG.md
module.postgresql
module.sql_proxy_sa
module.nat_address
module.cloud_nat

As part of updating the modules we are also going to set

  user_deletion_policy     = "ABANDON"
  database_deletion_policy = "ABANDON"

When creating a postgres instances so we will no longer be blocked by pgadmin & the SharedServices database when trying to delete the Postgres resource.
Fixes #47

Tests

See internal ticket for additional details and security report.

Scenario Provider commit kubernetes_version Deployment Method Order Cadance Notes
1 GCP 6ec6b01 1.26 (v1.26.3-gke.1000) Docker ****** fast:2020 external postgres
2 GCP d18955d 1.25 (v1.25.9-gke.400) Docker ****** fast:2020 external postgres, rebase retest & verify jump user-data
3 GCP 6186aaf 1.25 (v1.25.9-gke.400) Docker ****** fast:2020 external postgres verify updated DB deletion, enable_cluster_autoscaling verify auto-provisioning values,  create_nfs_public_ip verify user-data
4 GCP 6186aaf 1.26 (v1.26.4-gke.500) Docker ****** fast:2020 internal postgres
5 GCP fc09007 1.26 (v1.26.4-gke.500) Docker ****** fast:2020 external postgres
6 GCP 5eb5078 1.26 (v1.26.4-gke.500) Docker ****** fast:2020 external postgres

@jarpat jarpat added documentation Improvements or additions to documentation enhancement New feature or request labels May 5, 2023
@jarpat jarpat self-assigned this May 5, 2023
@jarpat jarpat changed the base branch from staging to stagingplus May 10, 2023 17:06
@jarpat jarpat mentioned this pull request May 10, 2023
Closed
@jarpat jarpat linked an issue May 11, 2023 that may be closed by this pull request
External PostgreSQL cannot be deleted by terraform when a database has been created externally #47
Closed
@jarpat jarpat marked this pull request as ready for review May 11, 2023 20:02
thpang
thpang reviewed May 11, 2023
View reviewed changes
main.tf Show resolved Hide resolved
dhoucgitter
dhoucgitter reviewed May 11, 2023
View reviewed changes
versions.tf Outdated Show resolved Hide resolved
dhoucgitter
dhoucgitter reviewed May 11, 2023
View reviewed changes
main.tf Show resolved Hide resolved
dhoucgitter
dhoucgitter reviewed May 11, 2023
View reviewed changes
network.tf Outdated Show resolved Hide resolved
thpang
thpang approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@thpang thpang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jarpat jarpat merged commit 0e663bb into stagingplus May 15, 2023
@jarpat jarpat deleted the IAC-997 branch May 15, 2023 19:32
This was referenced May 18, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhoucgitter dhoucgitter dhoucgitter approved these changes

@thpang thpang thpang approved these changes

@riragh riragh riragh approved these changes

@sayeun sayeun Awaiting requested review from sayeun

@anthoday anthoday Awaiting requested review from anthoday

Assignees

@jarpat jarpat

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

External PostgreSQL cannot be deleted by terraform when a database has been created externally
4 participants
@jarpat @dhoucgitter @thpang @riragh