Merge pull request #139 from kbst/tf013

Upgrade to Terraform v0.13

Author: pst

.github/workflows/main.yml

@@ -24,14 +24,14 @@ jobs:
         sudo chown -R `id -u`:`id -g` ./quickstart/_dist
 
     - name: 'Upload artifacts'
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v2
       with:
         name: test-artifacts
         path: ./quickstart/_dist
 
   build-image:
     runs-on: ubuntu-latest
-
+    needs: [build-test-artifacts]
     strategy:
       matrix:
         starter: ["multi-cloud", "aks", "eks", "gke" ,"kind"]
@@ -40,6 +40,12 @@ jobs:
     - name: 'Checkout'
       uses: actions/checkout@v1
 
+    - name: 'Download test-artifacts'
+      uses: actions/download-artifact@v2
+      with:
+        name: test-artifacts
+        path: ./quickstart/_dist
+
     - name: 'Docker login'
       run: |
         echo ${{ secrets.DOCKER_AUTH }} | docker login --username kbstci --password-stdin
@@ -51,14 +57,14 @@ jobs:
         docker run \
           --rm \
           --privileged \
-          -v `pwd`/oci:/tmp/work \
+          -v `pwd`:/tmp/work \
           -v $HOME/.docker:/root/.docker \
           --entrypoint buildctl-daemonless.sh \
           moby/buildkit:master \
               build \
               --frontend dockerfile.v0 \
               --local context=/tmp/work \
-              --local dockerfile=/tmp/work \
+              --local dockerfile=/tmp/work/oci \
               --output type=image,name=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }},push=true \
               --export-cache type=registry,ref=kubestack/framework-dev:buildcache-${{ matrix.starter }},push=true \
               --import-cache type=registry,ref=kubestack/framework-dev:buildcache-${{ matrix.starter }} \
@@ -74,13 +80,14 @@ jobs:
 
     steps:
     - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v2
       with:
         name: test-artifacts
+        path: ./quickstart/_dist
 
     - name: 'Unzip ${{ matrix.starter }} quickstart'
       run: |
-        unzip test-artifacts/kubestack-starter-${{ matrix.starter }}-*.zip
+        unzip quickstart/_dist/kubestack-starter-${{ matrix.starter }}-*.zip
 
     - name: 'Docker build'
       env:
@@ -109,7 +116,7 @@ jobs:
         sed -i 's/resource_group = ""/resource_group = "terraform-kubestack-testing"/g' config.auto.tfvars
 
         # EKS: set region
-        sed -i 's/region = ""/region = "eu-west-1"/g' providers.tf
+        sed -i 's/region = ""/region = "eu-west-1"/g' providers.tf || true
 
         # EKS: set cluster_availability_zones
         sed -i 's/cluster_availability_zones = ""/cluster_availability_zones = "eu-west-1a,eu-west-1b"/g' config.auto.tfvars
@@ -173,9 +180,10 @@ jobs:
 
     steps:
     - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v2
       with:
         name: test-artifacts
+        path: ./quickstart/_dist
 
     - name: 'Docker login'
       run: |
@@ -188,7 +196,7 @@ jobs:
       run: |
         SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
         docker pull $SOURCE_IMAGE
-        TARGET_IMAGE=$(cat test-artifacts/kubestack-starter-${{ matrix.starter }}/Dockerfile | sed 's/FROM //')
+        TARGET_IMAGE=$(cat quickstart/_dist/kubestack-starter-${{ matrix.starter }}/Dockerfile | sed 's/FROM //')
         docker tag $SOURCE_IMAGE $TARGET_IMAGE
         docker push $TARGET_IMAGE
 
@@ -204,9 +212,10 @@ jobs:
 
     steps:
     - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v2
       with:
         name: test-artifacts
+        path: ./quickstart/_dist
 
     - name: 'Setup gcloud'
       uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
@@ -215,12 +224,12 @@ jobs:
 
     - name: 'Publish ${{ matrix.starter }} starter'
       run: |
-        SOURCE_FILE=test-artifacts/kubestack-starter-${{ matrix.starter }}-${{ github.sha }}.zip
+        SOURCE_FILE=quickstart/_dist/kubestack-starter-${{ matrix.starter }}-${{ github.sha }}.zip
         TARGET_BUCKET=dev.quickstart.kubestack.com
         if [[ $GITHUB_REF = refs/tags/v* ]]
         then
           VERSION=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
-          SOURCE_FILE=test-artifacts/kubestack-starter-${{ matrix.starter }}-${VERSION}.zip
+          SOURCE_FILE=quickstart/_dist/kubestack-starter-${{ matrix.starter }}-${VERSION}.zip
           TARGET_BUCKET=quickstart.kubestack.com
         fi
         gsutil -m cp $SOURCE_FILE gs://$TARGET_BUCKET

Makefile

@@ -0,0 +1,23 @@
+_all: dist build
+
+GITHUB_REF := $(shell echo "refs/heads/"`git rev-parse --abbrev-ref HEAD`)
+GITHUB_SHA := $(shell echo `git rev-parse --verify HEAD^{commit}`)
+
+dist:
+	docker build -t actions_build_artifacts:$(GITHUB_SHA) .github/actions/build_artifacts/
+	docker run --rm -e GITHUB_REF=$(GITHUB_REF) -e GITHUB_SHA=$(GITHUB_SHA) -v `pwd`/quickstart:/opt/quickstart:z actions_build_artifacts:$(GITHUB_SHA)
+
+build: dist
+	docker build --file oci/Dockerfile --progress plain -t kubestack/framework:local-$(GITHUB_SHA) . 
+
+test:
+	cloud-build-local --substitutions=_KBST_AUTH_AWS=${KBST_AUTH_AWS},_KBST_AUTH_GCLOUD=${KBST_AUTH_GCLOUD},_KBST_AUTH_AZ=${KBST_AUTH_AZ},_GITHUB_REF=$(GITHUB_REF),_GITHUB_SHA=$(GITHUB_SHA) --dryrun=false --config cloudbuild-test.yaml .
+
+test-cleanup:
+	cloud-build-local --substitutions=_KBST_AUTH_AWS=${KBST_AUTH_AWS},_KBST_AUTH_GCLOUD=${KBST_AUTH_GCLOUD},_KBST_AUTH_AZ=${KBST_AUTH_AZ},_GITHUB_REF=$(GITHUB_REF),_GITHUB_SHA=$(GITHUB_SHA) --dryrun=false --config cloudbuild-cleanup.yaml .
+
+providers:
+	cloud-build-local --substitutions=_KBST_AUTH_AWS=${KBST_AUTH_AWS},_KBST_AUTH_GCLOUD=${KBST_AUTH_GCLOUD},_KBST_AUTH_AZ=${KBST_AUTH_AZ},_GITHUB_REF=$(GITHUB_REF),_GITHUB_SHA=$(GITHUB_SHA) --dryrun=false --config cloudbuild-providers.yaml .
+
+shell: build
+	docker run -ti --rm -e KBST_AUTH_AWS -e KBST_AUTH_AZ -e KBST_AUTH_GCLOUD -e HOME=/infra/tests/.user -v `pwd`:/infra:z --workdir /infra/tests kubestack/framework:local-$(GITHUB_SHA) bash

aws/_modules/eks/roles_master.tf

@@ -20,11 +20,11 @@ POLICY
 
 resource "aws_iam_role_policy_attachment" "master_cluster_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
-  role = aws_iam_role.master.name
+  role       = aws_iam_role.master.name
 }
 
 resource "aws_iam_role_policy_attachment" "master_service_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
-  role = aws_iam_role.master.name
+  role       = aws_iam_role.master.name
 }
 

aws/_modules/eks/roles_worker.tf

@@ -20,17 +20,17 @@ POLICY
 
 resource "aws_iam_role_policy_attachment" "node_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
-  role = aws_iam_role.node.name
+  role       = aws_iam_role.node.name
 }
 
 resource "aws_iam_role_policy_attachment" "node_cni_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
-  role = aws_iam_role.node.name
+  role       = aws_iam_role.node.name
 }
 
 resource "aws_iam_role_policy_attachment" "node_container_registry_ro" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
-  role = aws_iam_role.node.name
+  role       = aws_iam_role.node.name
 }
 
 resource "aws_iam_instance_profile" "nodes" {

aws/_modules/eks/versions.tf

@@ -1,4 +1,21 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.9.0"
+    }
+
+    external = {
+      source  = "hashicorp/external"
+      version = "~> 1.2.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 1.12.0"
+    }
+  }
+
+  required_version = ">= 0.13"
 }

aws/cluster-local/versions.tf

@@ -1,4 +1,4 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
 }

aws/cluster/providers.tf

@@ -1,4 +1,4 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
 }

aws/cluster/versions.tf

@@ -1,3 +1,7 @@
+provider "azurerm" {
+  features {}
+}
+
 provider "kubernetes" {
   alias = "aks"
 
@@ -12,4 +16,3 @@ provider "kubernetes" {
     azurerm_kubernetes_cluster.current.kube_config[0].cluster_ca_certificate,
   )
 }
-

azurerm/_modules/aks/provider.tf

@@ -1,4 +1,31 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 2.23.0"
+    }
+
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 0.11.0"
+    }
+
+    external = {
+      source  = "hashicorp/external"
+      version = "~> 1.2.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 1.12.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 2.3.0"
+    }
+  }
+
+  required_version = ">= 0.13"
 }