Skip to content
This repository was archived by the owner on Dec 16, 2020. It is now read-only.

Commit d509b79

Browse files
yorinasub17yorinasub17
committed
Update to support terraform 0.12
1 parent 1a06c66 commit d509b79

File tree

29 files changed

+625
-565
lines changed

29 files changed

+625
-565
lines changed

.circleci/config.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ defaults: &defaults
88
KUBERGRUNT_VERSION: v0.3.8
99
HELM_VERSION: v2.12.2
1010
MODULE_CI_VERSION: v0.13.12
11-
TERRAFORM_VERSION: 0.11.11
11+
TERRAFORM_VERSION: 0.12.0
1212
TERRAGRUNT_VERSION: NONE
1313
PACKER_VERSION: NONE
1414
GOLANG_VERSION: 1.11.2

examples/k8s-namespace-with-service-account/main.tf

+21-13
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,18 @@
44
# ServiceAccounts that are bound to each default role.
55
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
66

7+
terraform {
8+
required_version = ">= 0.12"
9+
}
10+
711
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
812
# CONFIGURE OUR KUBERNETES CONNECTIONS
913
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1014

1115
provider "kubernetes" {
1216
version = "~> 1.5"
13-
config_context = "${var.kubectl_config_context_name}"
14-
config_path = "${var.kubectl_config_path}"
17+
config_context = var.kubectl_config_context_name
18+
config_path = var.kubectl_config_path
1519
}
1620

1721
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -24,7 +28,7 @@ module "namespace" {
2428
# source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.0.1"
2529
source = "../../modules/k8s-namespace"
2630

27-
name = "${var.name}"
31+
name = var.name
2832
}
2933

3034
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -38,13 +42,15 @@ module "service_account_access_all" {
3842
source = "../../modules/k8s-service-account"
3943

4044
name = "${var.name}-admin"
41-
namespace = "${module.namespace.name}"
45+
namespace = module.namespace.name
4246
num_rbac_roles = 1
4347

44-
rbac_roles = [{
45-
name = "${module.namespace.rbac_access_all_role}"
46-
namespace = "${module.namespace.name}"
47-
}]
48+
rbac_roles = [
49+
{
50+
name = module.namespace.rbac_access_all_role
51+
namespace = module.namespace.name
52+
},
53+
]
4854

4955
# How to tag the service account with a label
5056
labels = {
@@ -59,13 +65,15 @@ module "service_account_access_read_only" {
5965
source = "../../modules/k8s-service-account"
6066

6167
name = "${var.name}-read-only"
62-
namespace = "${module.namespace.name}"
68+
namespace = module.namespace.name
6369
num_rbac_roles = 1
6470

65-
rbac_roles = [{
66-
name = "${module.namespace.rbac_access_read_only_role}"
67-
namespace = "${module.namespace.name}"
68-
}]
71+
rbac_roles = [
72+
{
73+
name = module.namespace.rbac_access_read_only_role
74+
namespace = module.namespace.name
75+
},
76+
]
6977

7078
# How to tag the service account with a label
7179
labels = {

examples/k8s-namespace-with-service-account/outputs.tf

+5-5
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,24 @@
11
output "name" {
22
description = "Name of the created namespace"
3-
value = "${module.namespace.name}"
3+
value = module.namespace.name
44
}
55

66
output "rbac_access_all_role" {
77
description = "The name of the RBAC role that grants admin level permissions on the namespace."
8-
value = "${module.namespace.rbac_access_all_role}"
8+
value = module.namespace.rbac_access_all_role
99
}
1010

1111
output "rbac_access_read_only_role" {
1212
description = "The name of the RBAC role that grants read only permissions on the namespace."
13-
value = "${module.namespace.rbac_access_read_only_role}"
13+
value = module.namespace.rbac_access_read_only_role
1414
}
1515

1616
output "service_account_access_all" {
1717
description = "The name of the ServiceAccount that has admin level permissions."
18-
value = "${module.service_account_access_all.name}"
18+
value = module.service_account_access_all.name
1919
}
2020

2121
output "service_account_access_read_only" {
2222
description = "The name of the ServiceAccount that has read only level permissions."
23-
value = "${module.service_account_access_read_only.name}"
23+
value = module.service_account_access_read_only.name
2424
}

examples/k8s-tiller-kubergrunt-minikube/main.tf

+49-50
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,17 @@
66
# - Using kubergrunt to deploy Tiller with TLS management
77
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
88

9+
terraform {
10+
required_version = ">= 0.12"
11+
}
12+
913
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1014
# CONFIGURE OUR KUBERNETES CONNECTIONS
1115
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1216

1317
provider "kubernetes" {
14-
config_context = "${var.kubectl_config_context_name}"
15-
config_path = "${var.kubectl_config_path}"
18+
config_context = var.kubectl_config_context_name
19+
config_path = var.kubectl_config_path
1620
}
1721

1822
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -25,7 +29,7 @@ module "tiller_namespace" {
2529
# source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.3.0"
2630
source = "../../modules/k8s-namespace"
2731

28-
name = "${var.tiller_namespace}"
32+
name = var.tiller_namespace
2933
}
3034

3135
module "resource_namespace" {
@@ -34,7 +38,7 @@ module "resource_namespace" {
3438
# source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-namespace?ref=v0.3.0"
3539
source = "../../modules/k8s-namespace"
3640

37-
name = "${var.resource_namespace}"
41+
name = var.resource_namespace
3842
}
3943

4044
module "tiller_service_account" {
@@ -43,18 +47,18 @@ module "tiller_service_account" {
4347
# source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-service-account?ref=v0.3.0"
4448
source = "../../modules/k8s-service-account"
4549

46-
name = "${var.service_account_name}"
47-
namespace = "${module.tiller_namespace.name}"
50+
name = var.service_account_name
51+
namespace = module.tiller_namespace.name
4852
num_rbac_roles = 2
4953

5054
rbac_roles = [
5155
{
52-
name = "${module.tiller_namespace.rbac_tiller_metadata_access_role}"
53-
namespace = "${module.tiller_namespace.name}"
56+
name = module.tiller_namespace.rbac_tiller_metadata_access_role
57+
namespace = module.tiller_namespace.name
5458
},
5559
{
56-
name = "${module.resource_namespace.rbac_tiller_resource_access_role}"
57-
namespace = "${module.resource_namespace.name}"
60+
name = module.resource_namespace.rbac_tiller_resource_access_role
61+
namespace = module.resource_namespace.name
5862
},
5963
]
6064

@@ -73,31 +77,31 @@ module "tiller" {
7377
# source = "git::https://github.com/gruntwork-io/terraform-kubernetes-helm.git//modules/k8s-tiller?ref=v0.3.0"
7478
source = "../../modules/k8s-tiller"
7579

76-
tiller_service_account_name = "${module.tiller_service_account.name}"
77-
tiller_service_account_token_secret_name = "${module.tiller_service_account.token_secret_name}"
78-
namespace = "${module.tiller_namespace.name}"
79-
tiller_image_version = "${var.tiller_version}"
80+
tiller_service_account_name = module.tiller_service_account.name
81+
tiller_service_account_token_secret_name = module.tiller_service_account.token_secret_name
82+
namespace = module.tiller_namespace.name
83+
tiller_image_version = var.tiller_version
8084

8185
tiller_tls_gen_method = "kubergrunt"
82-
tiller_tls_subject = "${var.tls_subject}"
83-
private_key_algorithm = "${var.private_key_algorithm}"
84-
private_key_ecdsa_curve = "${var.private_key_ecdsa_curve}"
85-
private_key_rsa_bits = "${var.private_key_rsa_bits}"
86+
tiller_tls_subject = var.tls_subject
87+
private_key_algorithm = var.private_key_algorithm
88+
private_key_ecdsa_curve = var.private_key_ecdsa_curve
89+
private_key_rsa_bits = var.private_key_rsa_bits
8690

87-
kubectl_config_context_name = "${var.kubectl_config_context_name}"
88-
kubectl_config_path = "${var.kubectl_config_path}"
91+
kubectl_config_context_name = var.kubectl_config_context_name
92+
kubectl_config_path = var.kubectl_config_path
8993
}
9094

9195
# We use kubergrunt to wait for Tiller to be deployed. Any resources that depend on this can assume Tiller is
9296
# successfully deployed and up at that point.
9397
resource "null_resource" "wait_for_tiller" {
9498
provisioner "local-exec" {
9599
command = <<-EOF
96-
${lookup(module.require_executables.executables, "kubergrunt")} helm wait-for-tiller ${local.esc_newl}
97-
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
98-
--tiller-deployment-name ${module.tiller.deployment_name} ${local.esc_newl}
99-
--expected-tiller-version ${var.tiller_version}
100-
EOF
100+
${module.require_executables.executables["kubergrunt"]} helm wait-for-tiller ${local.esc_newl}
101+
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
102+
--tiller-deployment-name ${module.tiller.deployment_name} ${local.esc_newl}
103+
--expected-tiller-version ${var.tiller_version}
104+
EOF
101105
}
102106
}
103107

@@ -106,24 +110,24 @@ resource "null_resource" "wait_for_tiller" {
106110
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
107111

108112
resource "null_resource" "grant_helm_access" {
109-
count = "${var.configure_helm}"
110-
depends_on = ["null_resource.wait_for_tiller"]
113+
count = var.configure_helm ? 1 : 0
114+
depends_on = [null_resource.wait_for_tiller]
111115

112116
provisioner "local-exec" {
113117
command = <<-EOF
114-
${lookup(module.require_executables.executables, "kubergrunt")} helm grant ${local.esc_newl}
115-
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
116-
${local.kubectl_config_options} ${local.esc_newl}
117-
--tls-subject-json '${jsonencode(var.client_tls_subject)}' ${local.esc_newl}
118-
${local.configure_args}
119-
120-
${lookup(module.require_executables.executables, "kubergrunt")} helm configure ${local.esc_newl}
121-
--helm-home ${local.helm_home_with_default} ${local.esc_newl}
122-
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
123-
--resource-namespace ${module.resource_namespace.name} ${local.esc_newl}
124-
${local.kubectl_config_options} ${local.esc_newl}
125-
${local.configure_args}
126-
EOF
118+
${module.require_executables.executables["kubergrunt"]} helm grant ${local.esc_newl}
119+
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
120+
${local.kubectl_config_options} ${local.esc_newl}
121+
--tls-subject-json '${jsonencode(var.client_tls_subject)}' ${local.esc_newl}
122+
${local.configure_args}
123+
124+
${module.require_executables.executables["kubergrunt"]} helm configure ${local.esc_newl}
125+
--helm-home ${local.helm_home_with_default} ${local.esc_newl}
126+
--tiller-namespace ${module.tiller_namespace.name} ${local.esc_newl}
127+
--resource-namespace ${module.resource_namespace.name} ${local.esc_newl}
128+
${local.kubectl_config_options} ${local.esc_newl}
129+
${local.configure_args}
130+
EOF
127131
}
128132
}
129133

@@ -135,24 +139,19 @@ resource "null_resource" "grant_helm_access" {
135139
locals {
136140
kubectl_config_options = "${var.kubectl_config_context_name != "" ? "--kubectl-context-name ${var.kubectl_config_context_name}" : ""} ${var.kubectl_config_path != "" ? "--kubeconfig ${var.kubectl_config_path}" : ""}"
137141

138-
helm_home_with_default = "${var.helm_home == "" ? pathexpand("~/.helm") : var.helm_home}"
142+
helm_home_with_default = var.helm_home == "" ? pathexpand("~/.helm") : var.helm_home
139143

140-
configure_args = "${
141-
var.helm_client_rbac_user != "" ? "--rbac-user ${var.helm_client_rbac_user}"
142-
: var.helm_client_rbac_group != "" ? "--rbac-group ${var.helm_client_rbac_group}"
143-
: var.helm_client_rbac_service_account != "" ? "--rbac-service-account ${var.helm_client_rbac_service_account}"
144-
: ""
145-
}"
144+
configure_args = var.helm_client_rbac_user != "" ? "--rbac-user ${var.helm_client_rbac_user}" : var.helm_client_rbac_group != "" ? "--rbac-group ${var.helm_client_rbac_group}" : var.helm_client_rbac_service_account != "" ? "--rbac-service-account ${var.helm_client_rbac_service_account}" : ""
146145

147-
esc_newl = "${module.os.name == "Windows" ? "`" : "\\"}"
146+
esc_newl = module.os.name == "Windows" ? "`" : "\\"
148147
}
149148

150149
module "os" {
151-
source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/operating-system?ref=v0.0.8"
150+
source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/operating-system?ref=tf12"
152151
}
153152

154153
module "require_executables" {
155-
source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/require-executable?ref=v0.0.8"
154+
source = "git::https://github.com/gruntwork-io/package-terraform-utilities.git//modules/require-executable?ref=tf12"
156155

157156
required_executables = ["kubergrunt"]
158157
error_message = "The __EXECUTABLE_NAME__ binary is not available in your PATH. Install the binary by following the instructions at https://github.com/gruntwork-io/terraform-kubernetes-helm/blob/master/examples/k8s-tiller-kubergrunt-minikube/README.md#installing-necessary-tools, or update your PATH variable to search where you installed __EXECUTABLE_NAME__."

examples/k8s-tiller-kubergrunt-minikube/outputs.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
output "tiller_namespace" {
22
description = "The name of the namespace that houses Tiller."
3-
value = "${module.tiller_namespace.name}"
3+
value = module.tiller_namespace.name
44
}
55

66
output "resource_namespace" {
77
description = "The name of the namespace where Tiller will deploy resources into."
8-
value = "${module.resource_namespace.name}"
8+
value = module.resource_namespace.name
99
}

examples/k8s-tiller-kubergrunt-minikube/variables.tf

+2-4
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,12 @@ variable "service_account_name" {
1717

1818
variable "tls_subject" {
1919
description = "The issuer information that contains the identifying information for the Tiller server. Used to generate the TLS certificate keypairs."
20-
type = "map"
20+
type = map(string)
2121

2222
default = {
2323
common_name = "tiller"
2424
org = "Gruntwork"
2525
}
26-
2726
# Expects the following keys
2827
# - common_name
2928
# - org
@@ -35,13 +34,12 @@ variable "tls_subject" {
3534

3635
variable "client_tls_subject" {
3736
description = "The issuer information that contains the identifying information for the helm client of the operator. Used to generate the TLS certificate keypairs."
38-
type = "map"
37+
type = map(string)
3938

4039
default = {
4140
common_name = "admin"
4241
org = "Gruntwork"
4342
}
44-
4543
# Expects the following keys
4644
# - common_name
4745
# - org

0 commit comments

Comments
 (0)