kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10109 from bmelbourne/set-minimum-terraform-0.12 

Set minimum Terraform version to 0.12.26/0.13.0
This commit is contained in:
Kubernetes Prow Robot 2020-10-29 01:52:58 -07:00 committed by GitHub
parent aa8a51f70e 84417c330b
commit b7f66a6d98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
66 changed files with 502 additions and 1540 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/kops/integration_test.go
View File

@ -195,20 +195,12 @@ func TestBastionAdditionalUserData(t *testing.T) {
// TestMinimalJSON runs the test on a minimal data set and outputs JSON
func TestMinimalJSON(t *testing.T) {
featureflag.ParseFlags("+TerraformJSON")
unsetFeaureFlag := func() {
unsetFeatureFlags := func() {
featureflag.ParseFlags("-TerraformJSON")
}
defer unsetFeaureFlag()
newIntegrationTest("minimal-json.example.com", "minimal-json").withJSONOutput().runTestTerraformAWS(t)
}
defer unsetFeatureFlags()
func TestMinimalTerraform011(t *testing.T) {
featureflag.ParseFlags("-Terraform-0.12")
unsetFeaureFlag := func() {
featureflag.ParseFlags("+Terraform-0.12")
}
defer unsetFeaureFlag()
newIntegrationTest("minimal-tf11.example.com", "minimal-tf11").runTestTerraformAWS(t)
newIntegrationTest("minimal-json.example.com", "minimal-json").withJSONOutput().runTestTerraformAWS(t)
}
// TestPrivateWeave runs the test on a configuration with private topology, weave networking

4
docs/advanced/experimental.md
View File

@ -21,5 +21,5 @@ The following experimental features are currently available:
* `+SpotinstHybrid` - Toogles between hybrid and full instance group implementations
* `-SpotinstController` - Toggles the installation of the Spot controller addon off
* `+SkipEtcdVersionCheck` - Bypasses the check that etcd-manager is using a supported etcd version
* `+TerraformJSON` - Produce kubernetes.ts.json file instead of writing HCL v1 syntax. Can be consumed by terraform 0.12
* `+VFSVaultSupport` - Enables setting Vault as secret/keystore
* `+TerraformJSON` - Produce kubernetes.tf.json file instead of writing HCLv2 syntax. Can be consumed by terraform 0.12+
* `+VFSVaultSupport` - Enables setting Vault as secret/keystore

53
docs/terraform.md
View File

@ -10,11 +10,12 @@ Note that if you modify the Terraform files that kops spits out, it will overrid
### Terraform Version Compatibility
| Kops Version | Terraform Version | Feature Flag Notes |
|--------------|-------------------|-------|
| >= 1.18 | >= 0.12 | HCL2 supported by default |
| >= 1.18 | < 0.12 | `KOPS_FEATURE_FLAGS=-Terraform-0.12` |
| >= 1.17 | >= 0.12 | `KOPS_FEATURE_FLAGS=TerraformJSON` outputs JSON |
| <= 1.17 | < 0.12 | Supported by default |
|--------------|-------------------|--------------------|
| >= 1.19 | >= 0.12.26, >= 0.13 | HCL2 supported by default <br>`KOPS_FEATURE_FLAGS=Terraform-0.12` is now deprecated |
| >= 1.18 | >= 0.12 | HCL2 supported by default |
| >= 1.18 | < 0.12 | `KOPS_FEATURE_FLAGS=-Terraform-0.12` |
| >= 1.17 | >= 0.12 | `KOPS_FEATURE_FLAGS=TerraformJSON` outputs JSON |
| <= 1.17 | < 0.12 | Supported by default |
### Using Terraform
@ -32,13 +33,7 @@ terraform {
}
```
Then run:
```
$ terraform init
```
to set up s3 backend.
Learn more [about Terraform state here](https://www.terraform.io/docs/state/remote.html).
Learn more about [Terraform state](https://www.terraform.io/docs/state/remote.html).
#### Initialize/create a cluster
@ -54,7 +49,32 @@ $ kops create cluster \
--target=terraform
```
The above command will create kops state on S3 (defined in `--state`) and output a representation of your configuration into Terraform files. Thereafter you can preview your changes and then apply as shown below:
The above command will create kops state on S3 (defined in `--state`) and output a representation of your configuration into Terraform files. Thereafter you can preview your changes in `kubernetes.tf` and then use Terraform to create all the resources as shown below:
Additional Terraform `.tf` files could be added at this stage to customize your deployment, but remember the kops state should continue to remain the ultimate source of truth for the Kubernetes cluster.
Initialize Terraform to set-up the S3 backend and provider plugins.
```
$ terraform init
```
If you're using Terraform v0.12.26+, the following warning will be displayed and can be safely ignored. It will not be displayed if you're using Terraform v0.13.0+.
```
Warning: Provider source not supported in Terraform v0.12
on kubernetes.tf line 665, in terraform:
665: aws = {
666: "source" = "hashicorp/aws"
667: "version" = ">= 2.46.0"
668: }
A source was declared for provider aws. Terraform v0.12 does not support the
provider source attribute. It will be ignored.
```
Use Terraform to review and create the cloud infrastructure and Kubernetes cluster.
```
$ terraform plan
@ -110,7 +130,6 @@ $ kops delete cluster --yes \
Ps: You don't have to `kops delete cluster` if you just want to recreate from scratch. Deleting kops cluster state means that you've have to `kops create` again.
### Caveats
#### `kops rolling-update` might be needed after editing the cluster
@ -121,13 +140,11 @@ To see your changes applied to the cluster you'll also need to run `kops rolling
#### Terraform JSON output
With terraform 0.12 JSON is now officially supported as configuration language. To enable JSON output instead of HCLv1 output you need to enable it through a feature flag.
With terraform 0.12 JSON is now officially supported as configuration language. To enable JSON output instead of HCLv2 output you need to enable it through a feature flag.
```
export KOPS_FEATURE_FLAGS=TerraformJSON
kops update cluster .....
```
This is an alternative to of using terraforms own configuration syntax HCL. Be sure to delete the existing kubernetes.tf file. Terraform will otherwise use both and then complain.
Kops will require terraform 0.12 for JSON configuration. Inofficially (partially) it was also supported with terraform 0.11, so you can try and remove the `required_version` in `kubernetes.tf.json`.

1
go.mod
View File

@ -77,7 +77,6 @@ require (
github.com/google/uuid v1.1.1
github.com/gophercloud/gophercloud v0.11.1-0.20200518183226-7aec46f32c19
github.com/gorilla/mux v1.7.3
github.com/hashicorp/hcl v1.0.0
github.com/hashicorp/hcl/v2 v2.3.0
github.com/hashicorp/vault/api v1.0.4
github.com/huandu/xstrings v1.2.0 // indirect

12
hack/verify-terraform.sh
View File

@ -20,14 +20,8 @@ set -o pipefail
. "$(dirname "${BASH_SOURCE[0]}")/common.sh"
# integration test cluster directories that are terraform 0.11 compatible
CLUSTERS_0_11=(
"minimal-tf11"
)
# Terraform versions
TAG_0_13=0.13.0
TAG_0_11=0.11.14
TF_TAG=0.13.5
PROVIDER_CACHE="${KOPS_ROOT}/.cache/terraform"
@ -35,10 +29,8 @@ RC=0
while IFS= read -r -d '' -u 3 test_dir; do
[ -f "${test_dir}/kubernetes.tf" ] || [ -f "${test_dir}/kubernetes.tf.json" ] || continue
echo -e "${test_dir}\n"
cluster=$(basename "${test_dir}")
kube::util::array_contains "${cluster}" "${CLUSTERS_0_11[@]}" && tag=$TAG_0_11 || tag=$TAG_0_13
docker run --rm -e "TF_PLUGIN_CACHE_DIR=${PROVIDER_CACHE}" -v "${PROVIDER_CACHE}:${PROVIDER_CACHE}" -v "${test_dir}":"${test_dir}" -w "${test_dir}" --entrypoint=sh hashicorp/terraform:$tag -c '/bin/terraform init >/dev/null && /bin/terraform validate' || RC=$?
docker run --rm -e "TF_PLUGIN_CACHE_DIR=${PROVIDER_CACHE}" -v "${PROVIDER_CACHE}:${PROVIDER_CACHE}" -v "${test_dir}":"${test_dir}" -w "${test_dir}" --entrypoint=sh hashicorp/terraform:${TF_TAG} -c '/bin/terraform init >/dev/null && /bin/terraform validate' || RC=$?
done 3< <(find "${KOPS_ROOT}/tests/integration/update_cluster" -maxdepth 1 -type d -print0)
if [ $RC != 0 ]; then

2
pkg/featureflag/featureflag.go
View File

@ -91,8 +91,6 @@ var (
SkipEtcdVersionCheck = New("SkipEtcdVersionCheck", Bool(false))
// TerraformJSON outputs terraform in JSON instead of hcl output. JSON output can be also parsed by terraform 0.12
TerraformJSON = New("TerraformJSON", Bool(false))
// Terraform012 will output terraform in the 0.12 (hcl2) syntax
Terraform012 = New("Terraform-0.12", Bool(true))
// LegacyIAM will permit use of legacy IAM permissions.
LegacyIAM = New("LegacyIAM", Bool(false))
// ClusterAddons activates experimental cluster-addons support

8
tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf
View File

@ -946,5 +946,11 @@ resource "aws_vpc" "bastionuserdata-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/complex/kubernetes.tf
View File

@ -783,5 +783,11 @@ resource "aws_vpc" "complex-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/existing_iam/kubernetes.tf
View File

@ -844,5 +844,11 @@ resource "aws_vpc" "existing-iam-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/existing_sg/kubernetes.tf
View File

@ -1168,5 +1168,11 @@ resource "aws_vpc" "existingsg-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/externallb/kubernetes.tf
View File

@ -573,5 +573,11 @@ resource "aws_vpc" "externallb-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/externalpolicies/kubernetes.tf
View File

@ -749,5 +749,11 @@ resource "aws_vpc" "externalpolicies-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/ha/kubernetes.tf
View File

@ -896,5 +896,11 @@ resource "aws_vpc" "ha-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

11
tests/integration/update_cluster/ha_gce/kubernetes.tf
View File

@ -17,8 +17,7 @@ output "region" {
}
provider "google" {
region = "us-test1"
version = ">= 3.0.0"
region = "us-test1"
}
resource "google_compute_disk" "d1-etcd-events-ha-gce-example-com" {
@ -497,5 +496,11 @@ resource "google_compute_network" "default" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
google = {
"source" = "hashicorp/google"
"version" = ">= 2.19.0"
}
}
}

8
tests/integration/update_cluster/launch_templates/kubernetes.tf
View File

@ -714,5 +714,11 @@ resource "aws_vpc" "launchtemplates-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

88
tests/integration/update_cluster/lifecycle_phases/cluster-kubernetes.tf
View File

@ -1,29 +1,29 @@
locals = {
bastion_security_group_ids = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"]
bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
bastion_security_group_ids = [aws_security_group.bastion-lifecyclephases-example-com.id]
bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn
bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name
cluster_name = "lifecyclephases.example.com"
master_security_group_ids = ["${aws_security_group.masters-lifecyclephases-example-com.id}"]
masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
node_security_group_ids = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"]
node_subnet_ids = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
master_security_group_ids = [aws_security_group.masters-lifecyclephases-example-com.id]
masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn
masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name
node_security_group_ids = [aws_security_group.nodes-lifecyclephases-example-com.id]
node_subnet_ids = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn
nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name
region = "us-test-1"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
}
output "bastion_security_group_ids" {
value = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"]
value = [aws_security_group.bastion-lifecyclephases-example-com.id]
}
output "bastions_role_arn" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
value = aws_iam_role.bastions-lifecyclephases-example-com.arn
}
output "bastions_role_name" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
value = aws_iam_role.bastions-lifecyclephases-example-com.name
}
output "cluster_name" {
@ -31,31 +31,31 @@ output "cluster_name" {
}
output "master_security_group_ids" {
value = ["${aws_security_group.masters-lifecyclephases-example-com.id}"]
value = [aws_security_group.masters-lifecyclephases-example-com.id]
}
output "masters_role_arn" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
value = aws_iam_role.masters-lifecyclephases-example-com.arn
}
output "masters_role_name" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
value = aws_iam_role.masters-lifecyclephases-example-com.name
}
output "node_security_group_ids" {
value = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"]
value = [aws_security_group.nodes-lifecyclephases-example-com.id]
}
output "node_subnet_ids" {
value = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
value = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
}
output "nodes_role_arn" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
value = aws_iam_role.nodes-lifecyclephases-example-com.arn
}
output "nodes_role_name" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
value = aws_iam_role.nodes-lifecyclephases-example-com.name
}
output "region" {
@ -63,7 +63,7 @@ output "region" {
}
output "vpc_id" {
value = "${aws_vpc.lifecyclephases-example-com.id}"
value = aws_vpc.lifecyclephases-example-com.id
}
provider "aws" {
@ -72,10 +72,10 @@ provider "aws" {
resource "aws_autoscaling_group" "bastion-lifecyclephases-example-com" {
name = "bastion.lifecyclephases.example.com"
launch_configuration = "${aws_launch_configuration.bastion-lifecyclephases-example-com.id}"
launch_configuration = aws_launch_configuration.bastion-lifecyclephases-example-com.id
max_size = 1
min_size = 1
vpc_zone_identifier = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"]
vpc_zone_identifier = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id]
tag = {
key = "KubernetesCluster"
@ -101,10 +101,10 @@ resource "aws_autoscaling_group" "bastion-lifecyclephases-example-com" {
resource "aws_autoscaling_group" "master-us-test-1a-masters-lifecyclephases-example-com" {
name = "master-us-test-1a.masters.lifecyclephases.example.com"
launch_configuration = "${aws_launch_configuration.master-us-test-1a-masters-lifecyclephases-example-com.id}"
launch_configuration = aws_launch_configuration.master-us-test-1a-masters-lifecyclephases-example-com.id
max_size = 1
min_size = 1
vpc_zone_identifier = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
vpc_zone_identifier = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
tag = {
key = "KubernetesCluster"
@ -130,10 +130,10 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-lifecyclephases-exam
resource "aws_autoscaling_group" "nodes-lifecyclephases-example-com" {
name = "nodes.lifecyclephases.example.com"
launch_configuration = "${aws_launch_configuration.nodes-lifecyclephases-example-com.id}"
launch_configuration = aws_launch_configuration.nodes-lifecyclephases-example-com.id
max_size = 2
min_size = 2
vpc_zone_identifier = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
vpc_zone_identifier = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
tag = {
key = "KubernetesCluster"
@ -189,9 +189,9 @@ resource "aws_launch_configuration" "bastion-lifecyclephases-example-com" {
name_prefix = "bastion.lifecyclephases.example.com-"
image_id = "ami-12345678"
instance_type = "t2.micro"
key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}"
iam_instance_profile = "${aws_iam_instance_profile.bastions-lifecyclephases-example-com.id}"
security_groups = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"]
key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
iam_instance_profile = aws_iam_instance_profile.bastions-lifecyclephases-example-com.id
security_groups = [aws_security_group.bastion-lifecyclephases-example-com.id]
associate_public_ip_address = true
root_block_device = {
@ -211,11 +211,11 @@ resource "aws_launch_configuration" "master-us-test-1a-masters-lifecyclephases-e
name_prefix = "master-us-test-1a.masters.lifecyclephases.example.com-"
image_id = "ami-12345678"
instance_type = "m3.medium"
key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}"
iam_instance_profile = "${aws_iam_instance_profile.masters-lifecyclephases-example-com.id}"
security_groups = ["${aws_security_group.masters-lifecyclephases-example-com.id}"]
key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
iam_instance_profile = aws_iam_instance_profile.masters-lifecyclephases-example-com.id
security_groups = [aws_security_group.masters-lifecyclephases-example-com.id]
associate_public_ip_address = false
user_data = "${file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.lifecyclephases.example.com_user_data")}"
user_data = file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.lifecyclephases.example.com_user_data")
root_block_device = {
volume_type = "gp2"
@ -239,11 +239,11 @@ resource "aws_launch_configuration" "nodes-lifecyclephases-example-com" {
name_prefix = "nodes.lifecyclephases.example.com-"
image_id = "ami-12345678"
instance_type = "t2.medium"
key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}"
iam_instance_profile = "${aws_iam_instance_profile.nodes-lifecyclephases-example-com.id}"
security_groups = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"]
key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id
iam_instance_profile = aws_iam_instance_profile.nodes-lifecyclephases-example-com.id
security_groups = [aws_security_group.nodes-lifecyclephases-example-com.id]
associate_public_ip_address = false
user_data = "${file("${path.module}/data/aws_launch_configuration_nodes.lifecyclephases.example.com_user_data")}"
user_data = file("${path.module}/data/aws_launch_configuration_nodes.lifecyclephases.example.com_user_data")
root_block_device = {
volume_type = "gp2"
@ -258,6 +258,12 @@ resource "aws_launch_configuration" "nodes-lifecyclephases-example-com" {
enable_monitoring = false
}
terraform = {
required_version = ">= 0.9.3"
terraform {
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

74
tests/integration/update_cluster/lifecycle_phases/loadbalancer-kubernetes.tf
View File

@ -1,29 +1,29 @@
locals = {
bastion_security_group_ids = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"]
bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
bastion_security_group_ids = [aws_security_group.bastion-lifecyclephases-example-com.id]
bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn
bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name
cluster_name = "lifecyclephases.example.com"
master_security_group_ids = ["${aws_security_group.masters-lifecyclephases-example-com.id}"]
masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
node_security_group_ids = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"]
node_subnet_ids = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
master_security_group_ids = [aws_security_group.masters-lifecyclephases-example-com.id]
masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn
masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name
node_security_group_ids = [aws_security_group.nodes-lifecyclephases-example-com.id]
node_subnet_ids = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn
nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name
region = "us-test-1"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
}
output "bastion_security_group_ids" {
value = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"]
value = [aws_security_group.bastion-lifecyclephases-example-com.id]
}
output "bastions_role_arn" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
value = aws_iam_role.bastions-lifecyclephases-example-com.arn
}
output "bastions_role_name" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
value = aws_iam_role.bastions-lifecyclephases-example-com.name
}
output "cluster_name" {
@ -31,31 +31,31 @@ output "cluster_name" {
}
output "master_security_group_ids" {
value = ["${aws_security_group.masters-lifecyclephases-example-com.id}"]
value = [aws_security_group.masters-lifecyclephases-example-com.id]
}
output "masters_role_arn" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
value = aws_iam_role.masters-lifecyclephases-example-com.arn
}
output "masters_role_name" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
value = aws_iam_role.masters-lifecyclephases-example-com.name
}
output "node_security_group_ids" {
value = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"]
value = [aws_security_group.nodes-lifecyclephases-example-com.id]
}
output "node_subnet_ids" {
value = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"]
value = [aws_subnet.us-test-1a-lifecyclephases-example-com.id]
}
output "nodes_role_arn" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
value = aws_iam_role.nodes-lifecyclephases-example-com.arn
}
output "nodes_role_name" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
value = aws_iam_role.nodes-lifecyclephases-example-com.name
}
output "region" {
@ -63,7 +63,7 @@ output "region" {
}
output "vpc_id" {
value = "${aws_vpc.lifecyclephases-example-com.id}"
value = aws_vpc.lifecyclephases-example-com.id
}
provider "aws" {
@ -71,13 +71,13 @@ provider "aws" {
}
resource "aws_autoscaling_attachment" "bastion-lifecyclephases-example-com" {
elb = "${aws_elb.bastion-lifecyclephases-example-com.id}"
autoscaling_group_name = "${aws_autoscaling_group.bastion-lifecyclephases-example-com.id}"
elb = aws_elb.bastion-lifecyclephases-example-com.id
autoscaling_group_name = aws_autoscaling_group.bastion-lifecyclephases-example-com.id
}
resource "aws_autoscaling_attachment" "master-us-test-1a-masters-lifecyclephases-example-com" {
elb = "${aws_elb.api-lifecyclephases-example-com.id}"
autoscaling_group_name = "${aws_autoscaling_group.master-us-test-1a-masters-lifecyclephases-example-com.id}"
elb = aws_elb.api-lifecyclephases-example-com.id
autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-lifecyclephases-example-com.id
}
resource "aws_elb" "api-lifecyclephases-example-com" {
@ -90,8 +90,8 @@ resource "aws_elb" "api-lifecyclephases-example-com" {
lb_protocol = "TCP"
}
security_groups = ["${aws_security_group.api-elb-lifecyclephases-example-com.id}"]
subnets = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"]
security_groups = [aws_security_group.api-elb-lifecyclephases-example-com.id]
subnets = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id]
health_check = {
target = "SSL:443"
@ -119,8 +119,8 @@ resource "aws_elb" "bastion-lifecyclephases-example-com" {
lb_protocol = "TCP"
}
security_groups = ["${aws_security_group.bastion-elb-lifecyclephases-example-com.id}"]
subnets = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"]
security_groups = [aws_security_group.bastion-elb-lifecyclephases-example-com.id]
subnets = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id]
health_check = {
target = "TCP:22"
@ -144,14 +144,20 @@ resource "aws_route53_record" "api-lifecyclephases-example-com" {
type = "A"
alias = {
name = "${aws_elb.api-lifecyclephases-example-com.dns_name}"
zone_id = "${aws_elb.api-lifecyclephases-example-com.zone_id}"
name = aws_elb.api-lifecyclephases-example-com.dns_name
zone_id = aws_elb.api-lifecyclephases-example-com.zone_id
evaluate_target_health = false
}
zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
}
terraform = {
required_version = ">= 0.9.3"
terraform {
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf
View File

@ -168,5 +168,11 @@ resource "aws_vpc" "lifecyclephases-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

128
tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf
View File

@ -1,20 +1,20 @@
locals = {
bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn
bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name
cluster_name = "lifecyclephases.example.com"
masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn
masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name
nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn
nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name
region = "us-test-1"
}
output "bastions_role_arn" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}"
value = aws_iam_role.bastions-lifecyclephases-example-com.arn
}
output "bastions_role_name" {
value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
value = aws_iam_role.bastions-lifecyclephases-example-com.name
}
output "cluster_name" {
@ -22,19 +22,19 @@ output "cluster_name" {
}
output "masters_role_arn" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}"
value = aws_iam_role.masters-lifecyclephases-example-com.arn
}
output "masters_role_name" {
value = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
value = aws_iam_role.masters-lifecyclephases-example-com.name
}
output "nodes_role_arn" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}"
value = aws_iam_role.nodes-lifecyclephases-example-com.arn
}
output "nodes_role_name" {
value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
value = aws_iam_role.nodes-lifecyclephases-example-com.name
}
output "region" {
@ -47,60 +47,60 @@ provider "aws" {
resource "aws_iam_instance_profile" "bastions-lifecyclephases-example-com" {
name = "bastions.lifecyclephases.example.com"
role = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
role = aws_iam_role.bastions-lifecyclephases-example-com.name
}
resource "aws_iam_instance_profile" "masters-lifecyclephases-example-com" {
name = "masters.lifecyclephases.example.com"
role = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
role = aws_iam_role.masters-lifecyclephases-example-com.name
}
resource "aws_iam_instance_profile" "nodes-lifecyclephases-example-com" {
name = "nodes.lifecyclephases.example.com"
role = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
role = aws_iam_role.nodes-lifecyclephases-example-com.name
}
resource "aws_iam_role" "bastions-lifecyclephases-example-com" {
name = "bastions.lifecyclephases.example.com"
assume_role_policy = "${file("${path.module}/data/aws_iam_role_bastions.lifecyclephases.example.com_policy")}"
assume_role_policy = file("${path.module}/data/aws_iam_role_bastions.lifecyclephases.example.com_policy")
}
resource "aws_iam_role" "masters-lifecyclephases-example-com" {
name = "masters.lifecyclephases.example.com"
assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.lifecyclephases.example.com_policy")}"
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.lifecyclephases.example.com_policy")
}
resource "aws_iam_role" "nodes-lifecyclephases-example-com" {
name = "nodes.lifecyclephases.example.com"
assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.lifecyclephases.example.com_policy")}"
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.lifecyclephases.example.com_policy")
}
resource "aws_iam_role_policy" "bastions-lifecyclephases-example-com" {
name = "bastions.lifecyclephases.example.com"
role = "${aws_iam_role.bastions-lifecyclephases-example-com.name}"
policy = "${file("${path.module}/data/aws_iam_role_policy_bastions.lifecyclephases.example.com_policy")}"
role = aws_iam_role.bastions-lifecyclephases-example-com.name
policy = file("${path.module}/data/aws_iam_role_policy_bastions.lifecyclephases.example.com_policy")
}
resource "aws_iam_role_policy" "masters-lifecyclephases-example-com" {
name = "masters.lifecyclephases.example.com"
role = "${aws_iam_role.masters-lifecyclephases-example-com.name}"
policy = "${file("${path.module}/data/aws_iam_role_policy_masters.lifecyclephases.example.com_policy")}"
role = aws_iam_role.masters-lifecyclephases-example-com.name
policy = file("${path.module}/data/aws_iam_role_policy_masters.lifecyclephases.example.com_policy")
}
resource "aws_iam_role_policy" "nodes-lifecyclephases-example-com" {
name = "nodes.lifecyclephases.example.com"
role = "${aws_iam_role.nodes-lifecyclephases-example-com.name}"
policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.lifecyclephases.example.com_policy")}"
role = aws_iam_role.nodes-lifecyclephases-example-com.name
policy = file("${path.module}/data/aws_iam_role_policy_nodes.lifecyclephases.example.com_policy")
}
resource "aws_key_pair" "kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" {
key_name = "kubernetes.lifecyclephases.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57"
public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.lifecyclephases.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}"
public_key = file("${path.module}/data/aws_key_pair_kubernetes.lifecyclephases.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")
}
resource "aws_security_group" "api-elb-lifecyclephases-example-com" {
name = "api-elb.lifecyclephases.example.com"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
description = "Security group for api ELB"
tags = {
@ -112,7 +112,7 @@ resource "aws_security_group" "api-elb-lifecyclephases-example-com" {
resource "aws_security_group" "bastion-elb-lifecyclephases-example-com" {
name = "bastion-elb.lifecyclephases.example.com"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
description = "Security group for bastion ELB"
tags = {
@ -124,7 +124,7 @@ resource "aws_security_group" "bastion-elb-lifecyclephases-example-com" {
resource "aws_security_group" "bastion-lifecyclephases-example-com" {
name = "bastion.lifecyclephases.example.com"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
description = "Security group for bastion"
tags = {
@ -136,7 +136,7 @@ resource "aws_security_group" "bastion-lifecyclephases-example-com" {
resource "aws_security_group" "masters-lifecyclephases-example-com" {
name = "masters.lifecyclephases.example.com"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
description = "Security group for masters"
tags = {
@ -148,7 +148,7 @@ resource "aws_security_group" "masters-lifecyclephases-example-com" {
resource "aws_security_group" "nodes-lifecyclephases-example-com" {
name = "nodes.lifecyclephases.example.com"
vpc_id = "${aws_vpc.lifecyclephases-example-com.id}"
vpc_id = aws_vpc.lifecyclephases-example-com.id
description = "Security group for nodes"
tags = {
@ -160,8 +160,8 @@ resource "aws_security_group" "nodes-lifecyclephases-example-com" {
resource "aws_security_group_rule" "all-master-to-master" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -169,8 +169,8 @@ resource "aws_security_group_rule" "all-master-to-master" {
resource "aws_security_group_rule" "all-master-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -178,8 +178,8 @@ resource "aws_security_group_rule" "all-master-to-node" {
resource "aws_security_group_rule" "all-node-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -187,7 +187,7 @@ resource "aws_security_group_rule" "all-node-to-node" {
resource "aws_security_group_rule" "api-elb-egress" {
type = "egress"
security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -196,7 +196,7 @@ resource "aws_security_group_rule" "api-elb-egress" {
resource "aws_security_group_rule" "bastion-egress" {
type = "egress"
security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -205,7 +205,7 @@ resource "aws_security_group_rule" "bastion-egress" {
resource "aws_security_group_rule" "bastion-elb-egress" {
type = "egress"
security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -214,8 +214,8 @@ resource "aws_security_group_rule" "bastion-elb-egress" {
resource "aws_security_group_rule" "bastion-to-master-ssh" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id
from_port = 22
to_port = 22
protocol = "tcp"
@ -223,8 +223,8 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" {
resource "aws_security_group_rule" "bastion-to-node-ssh" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id
from_port = 22
to_port = 22
protocol = "tcp"
@ -232,7 +232,7 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" {
resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id
from_port = 443
to_port = 443
protocol = "tcp"
@ -241,8 +241,8 @@ resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" {
resource "aws_security_group_rule" "https-elb-to-master" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id
from_port = 443
to_port = 443
protocol = "tcp"
@ -250,7 +250,7 @@ resource "aws_security_group_rule" "https-elb-to-master" {
resource "aws_security_group_rule" "master-egress" {
type = "egress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -259,7 +259,7 @@ resource "aws_security_group_rule" "master-egress" {
resource "aws_security_group_rule" "node-egress" {
type = "egress"
security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 0
to_port = 0
protocol = "-1"
@ -268,8 +268,8 @@ resource "aws_security_group_rule" "node-egress" {
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 1
to_port = 2379
protocol = "tcp"
@ -277,8 +277,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 2382
to_port = 4000
protocol = "tcp"
@ -286,8 +286,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 4003
to_port = 65535
protocol = "tcp"
@ -295,8 +295,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.masters-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id
from_port = 1
to_port = 65535
protocol = "udp"
@ -304,8 +304,8 @@ resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
resource "aws_security_group_rule" "ssh-elb-to-bastion" {
type = "ingress"
security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}"
source_security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id
source_security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id
from_port = 22
to_port = 22
protocol = "tcp"
@ -313,13 +313,19 @@ resource "aws_security_group_rule" "ssh-elb-to-bastion" {
resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}"
security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
terraform = {
required_version = ">= 0.9.3"
terraform {
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/minimal-json/kubernetes.tf.json
View File

@ -641,6 +641,12 @@
}
},
"terraform": {
"required_version": "\u003e= 0.12.0"
"required_providers": {
"aws": {
"source": "hashicorp/aws",
"version": "\u003e= 2.46.0"
}
},
"required_version": "\u003e= 0.12.26"
}
}

10
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-json.example.com_policy
View File

@ -1,10 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

10
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-tf11.example.com_policy
View File

@ -1,10 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

10
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-json.example.com_policy
View File

@ -1,10 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

10
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-tf11.example.com_policy
View File

@ -1,10 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

102
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-json.example.com_policy
View File

@ -1,102 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"ec2:DescribeLaunchTemplateVersions"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Effect": "Allow",
"Action": [
"route53:GetChange"
],
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": [
"*"
]
}
]
}

170
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy
View File

@ -1,170 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeVolumesModifications",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-tf11.example.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:DescribeLaunchTemplateVersions"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"autoscaling:ResourceTag/KubernetesCluster": "minimal-tf11.example.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Effect": "Allow",
"Action": [
"route53:GetChange"
],
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": [
"*"
]
}
]
}

68
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy
View File

@ -1,68 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Effect": "Allow",
"Action": [
"route53:GetChange"
],
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": [
"*"
]
}
]
}

15
tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy
View File

@ -1,15 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Resource": [
"*"
]
}
]
}

1
tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==

1
tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==

1
tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data
View File

File diff suppressed because one or more lines are too long

1
tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data
View File

File diff suppressed because one or more lines are too long

1
tests/integration/update_cluster/minimal-tf11/id_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==

80
tests/integration/update_cluster/minimal-tf11/in-v1alpha2.yaml
View File

@ -1,80 +0,0 @@
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
creationTimestamp: "2016-12-10T22:42:27Z"
name: minimal-tf11.example.com
spec:
kubernetesApiAccess:
- 0.0.0.0/0
channel: stable
cloudProvider: aws
configBase: memfs://clusters.example.com/minimal-tf11.example.com
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: main
- etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: events
iam: {}
kubelet:
anonymousAuth: false
kubernetesVersion: v1.14.0
masterInternalName: api.internal.minimal-tf11.example.com
masterPublicName: api.minimal-tf11.example.com
networkCIDR: 172.20.0.0/16
networking:
kubenet: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
topology:
masters: public
nodes: public
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a
type: Public
zone: us-test-1a
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2016-12-10T22:42:28Z"
name: nodes
labels:
kops.k8s.io/cluster: minimal-tf11.example.com
spec:
associatePublicIp: true
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
machineType: t2.medium
maxSize: 2
minSize: 2
role: Node
subnets:
- us-test-1a
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2016-12-10T22:42:28Z"
name: master-us-test-1a
labels:
kops.k8s.io/cluster: minimal-tf11.example.com
spec:
associatePublicIp: true
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
machineType: m3.medium
maxSize: 1
minSize: 1
role: Master
subnets:
- us-test-1a

629
tests/integration/update_cluster/minimal-tf11/kubernetes.tf
View File

@ -1,629 +0,0 @@
locals = {
cluster_name = "minimal-tf11.example.com"
master_autoscaling_group_ids = ["${aws_autoscaling_group.master-us-test-1a-masters-minimal-tf11-example-com.id}"]
master_security_group_ids = ["${aws_security_group.masters-minimal-tf11-example-com.id}"]
masters_role_arn = "${aws_iam_role.masters-minimal-tf11-example-com.arn}"
masters_role_name = "${aws_iam_role.masters-minimal-tf11-example-com.name}"
node_autoscaling_group_ids = ["${aws_autoscaling_group.nodes-minimal-tf11-example-com.id}"]
node_security_group_ids = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"]
node_subnet_ids = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"]
nodes_role_arn = "${aws_iam_role.nodes-minimal-tf11-example-com.arn}"
nodes_role_name = "${aws_iam_role.nodes-minimal-tf11-example-com.name}"
region = "us-test-1"
route_table_public_id = "${aws_route_table.minimal-tf11-example-com.id}"
subnet_us-test-1a_id = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"
vpc_cidr_block = "${aws_vpc.minimal-tf11-example-com.cidr_block}"
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
}
output "cluster_name" {
value = "minimal-tf11.example.com"
}
output "master_autoscaling_group_ids" {
value = ["${aws_autoscaling_group.master-us-test-1a-masters-minimal-tf11-example-com.id}"]
}
output "master_security_group_ids" {
value = ["${aws_security_group.masters-minimal-tf11-example-com.id}"]
}
output "masters_role_arn" {
value = "${aws_iam_role.masters-minimal-tf11-example-com.arn}"
}
output "masters_role_name" {
value = "${aws_iam_role.masters-minimal-tf11-example-com.name}"
}
output "node_autoscaling_group_ids" {
value = ["${aws_autoscaling_group.nodes-minimal-tf11-example-com.id}"]
}
output "node_security_group_ids" {
value = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"]
}
output "node_subnet_ids" {
value = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"]
}
output "nodes_role_arn" {
value = "${aws_iam_role.nodes-minimal-tf11-example-com.arn}"
}
output "nodes_role_name" {
value = "${aws_iam_role.nodes-minimal-tf11-example-com.name}"
}
output "region" {
value = "us-test-1"
}
output "route_table_public_id" {
value = "${aws_route_table.minimal-tf11-example-com.id}"
}
output "subnet_us-test-1a_id" {
value = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"
}
output "vpc_cidr_block" {
value = "${aws_vpc.minimal-tf11-example-com.cidr_block}"
}
output "vpc_id" {
value = "${aws_vpc.minimal-tf11-example-com.id}"
}
provider "aws" {
region = "us-test-1"
}
resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-tf11-example-com" {
name = "master-us-test-1a.masters.minimal-tf11.example.com"
launch_template = {
id = "${aws_launch_template.master-us-test-1a-masters-minimal-tf11-example-com.id}"
version = "${aws_launch_template.master-us-test-1a-masters-minimal-tf11-example-com.latest_version}"
}
max_size = 1
min_size = 1
vpc_zone_identifier = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"]
tag = {
key = "KubernetesCluster"
value = "minimal-tf11.example.com"
propagate_at_launch = true
}
tag = {
key = "Name"
value = "master-us-test-1a.masters.minimal-tf11.example.com"
propagate_at_launch = true
}
tag = {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
value = "master"
propagate_at_launch = true
}
tag = {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master"
value = ""
propagate_at_launch = true
}
tag = {
key = "k8s.io/role/master"
value = "1"
propagate_at_launch = true
}
tag = {
key = "kops.k8s.io/instancegroup"
value = "master-us-test-1a"
propagate_at_launch = true
}
tag = {
key = "kubernetes.io/cluster/minimal-tf11.example.com"
value = "owned"
propagate_at_launch = true
}
metrics_granularity = "1Minute"
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
}
resource "aws_autoscaling_group" "nodes-minimal-tf11-example-com" {
name = "nodes.minimal-tf11.example.com"
launch_template = {
id = "${aws_launch_template.nodes-minimal-tf11-example-com.id}"
version = "${aws_launch_template.nodes-minimal-tf11-example-com.latest_version}"
}
max_size = 2
min_size = 2
vpc_zone_identifier = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"]
tag = {
key = "KubernetesCluster"
value = "minimal-tf11.example.com"
propagate_at_launch = true
}
tag = {
key = "Name"
value = "nodes.minimal-tf11.example.com"
propagate_at_launch = true
}
tag = {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
value = "node"
propagate_at_launch = true
}
tag = {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node"
value = ""
propagate_at_launch = true
}
tag = {
key = "k8s.io/role/node"
value = "1"
propagate_at_launch = true
}
tag = {
key = "kops.k8s.io/instancegroup"
value = "nodes"
propagate_at_launch = true
}
tag = {
key = "kubernetes.io/cluster/minimal-tf11.example.com"
value = "owned"
propagate_at_launch = true
}
metrics_granularity = "1Minute"
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
}
resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-tf11-example-com" {
availability_zone = "us-test-1a"
size = 20
type = "gp2"
encrypted = false
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "us-test-1a.etcd-events.minimal-tf11.example.com"
"k8s.io/etcd/events" = "us-test-1a/us-test-1a"
"k8s.io/role/master" = "1"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-tf11-example-com" {
availability_zone = "us-test-1a"
size = 20
type = "gp2"
encrypted = false
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "us-test-1a.etcd-main.minimal-tf11.example.com"
"k8s.io/etcd/main" = "us-test-1a/us-test-1a"
"k8s.io/role/master" = "1"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_iam_instance_profile" "masters-minimal-tf11-example-com" {
name = "masters.minimal-tf11.example.com"
role = "${aws_iam_role.masters-minimal-tf11-example-com.name}"
}
resource "aws_iam_instance_profile" "nodes-minimal-tf11-example-com" {
name = "nodes.minimal-tf11.example.com"
role = "${aws_iam_role.nodes-minimal-tf11-example-com.name}"
}
resource "aws_iam_role" "masters-minimal-tf11-example-com" {
name = "masters.minimal-tf11.example.com"
assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.minimal-tf11.example.com_policy")}"
}
resource "aws_iam_role" "nodes-minimal-tf11-example-com" {
name = "nodes.minimal-tf11.example.com"
assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.minimal-tf11.example.com_policy")}"
}
resource "aws_iam_role_policy" "masters-minimal-tf11-example-com" {
name = "masters.minimal-tf11.example.com"
role = "${aws_iam_role.masters-minimal-tf11-example-com.name}"
policy = "${file("${path.module}/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy")}"
}
resource "aws_iam_role_policy" "nodes-minimal-tf11-example-com" {
name = "nodes.minimal-tf11.example.com"
role = "${aws_iam_role.nodes-minimal-tf11-example-com.name}"
policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy")}"
}
resource "aws_internet_gateway" "minimal-tf11-example-com" {
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_key_pair" "kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" {
key_name = "kubernetes.minimal-tf11.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57"
public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_launch_template" "master-us-test-1a-masters-minimal-tf11-example-com" {
name_prefix = "master-us-test-1a.masters.minimal-tf11.example.com-"
lifecycle = {
create_before_destroy = true
}
block_device_mappings = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp2"
volume_size = 64
delete_on_termination = true
}
}
block_device_mappings = {
device_name = "/dev/sdc"
virtual_name = "ephemeral0"
}
iam_instance_profile = {
name = "${aws_iam_instance_profile.masters-minimal-tf11-example-com.id}"
}
image_id = "ami-12345678"
instance_type = "m3.medium"
key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}"
network_interfaces = {
associate_public_ip_address = true
delete_on_termination = true
security_groups = ["${aws_security_group.masters-minimal-tf11-example-com.id}"]
}
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "master-us-test-1a.masters.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
tag_specifications = {
resource_type = "instance"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "master-us-test-1a.masters.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
tag_specifications = {
resource_type = "volume"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "master-us-test-1a.masters.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
user_data = "${file("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data")}"
}
resource "aws_launch_template" "nodes-minimal-tf11-example-com" {
name_prefix = "nodes.minimal-tf11.example.com-"
lifecycle = {
create_before_destroy = true
}
block_device_mappings = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp2"
volume_size = 128
delete_on_termination = true
}
}
iam_instance_profile = {
name = "${aws_iam_instance_profile.nodes-minimal-tf11-example-com.id}"
}
image_id = "ami-12345678"
instance_type = "t2.medium"
key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}"
network_interfaces = {
associate_public_ip_address = true
delete_on_termination = true
security_groups = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"]
}
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "nodes.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
tag_specifications = {
resource_type = "instance"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "nodes.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
tag_specifications = {
resource_type = "volume"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "nodes.minimal-tf11.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
user_data = "${file("${path.module}/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data")}"
}
resource "aws_route" "route-0-0-0-0--0" {
route_table_id = "${aws_route_table.minimal-tf11-example-com.id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.minimal-tf11-example-com.id}"
}
resource "aws_route_table" "minimal-tf11-example-com" {
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
"kubernetes.io/kops/role" = "public"
}
}
resource "aws_route_table_association" "us-test-1a-minimal-tf11-example-com" {
subnet_id = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"
route_table_id = "${aws_route_table.minimal-tf11-example-com.id}"
}
resource "aws_security_group" "masters-minimal-tf11-example-com" {
name = "masters.minimal-tf11.example.com"
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
description = "Security group for masters"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "masters.minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_security_group" "nodes-minimal-tf11-example-com" {
name = "nodes.minimal-tf11.example.com"
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
description = "Security group for nodes"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "nodes.minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_security_group_rule" "all-master-to-master" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}
resource "aws_security_group_rule" "all-master-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}
resource "aws_security_group_rule" "all-node-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "master-egress" {
type = "egress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "node-egress" {
type = "egress"
security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 1
to_port = 2379
protocol = "tcp"
}
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 2382
to_port = 4000
protocol = "tcp"
}
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 4003
to_port = 65535
protocol = "tcp"
}
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 1
to_port = 65535
protocol = "udp"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
type = "ingress"
security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_subnet" "us-test-1a-minimal-tf11-example-com" {
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
cidr_block = "172.20.32.0/19"
availability_zone = "us-test-1a"
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "us-test-1a.minimal-tf11.example.com"
SubnetType = "Public"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
"kubernetes.io/role/elb" = "1"
}
}
resource "aws_vpc" "minimal-tf11-example-com" {
cidr_block = "172.20.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_vpc_dhcp_options" "minimal-tf11-example-com" {
domain_name = "us-test-1.compute.internal"
domain_name_servers = ["AmazonProvidedDNS"]
tags = {
KubernetesCluster = "minimal-tf11.example.com"
Name = "minimal-tf11.example.com"
"kubernetes.io/cluster/minimal-tf11.example.com" = "owned"
}
}
resource "aws_vpc_dhcp_options_association" "minimal-tf11-example-com" {
vpc_id = "${aws_vpc.minimal-tf11-example-com.id}"
dhcp_options_id = "${aws_vpc_dhcp_options.minimal-tf11-example-com.id}"
}
terraform = {
required_version = ">= 0.9.3"
}

8
tests/integration/update_cluster/minimal/kubernetes.tf
View File

@ -570,5 +570,11 @@ resource "aws_vpc" "minimal-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

11
tests/integration/update_cluster/minimal_gce/kubernetes.tf
View File

@ -17,8 +17,7 @@ output "region" {
}
provider "google" {
region = "us-test1"
version = ">= 3.0.0"
region = "us-test1"
}
resource "google_compute_disk" "d1-etcd-events-minimal-gce-example-com" {
@ -329,5 +328,11 @@ resource "google_compute_network" "default" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
google = {
"source" = "hashicorp/google"
"version" = ">= 2.19.0"
}
}
}

8
tests/integration/update_cluster/mixed_instances/kubernetes.tf
View File

@ -914,5 +914,11 @@ resource "aws_vpc" "mixedinstances-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf
View File

@ -914,5 +914,11 @@ resource "aws_vpc" "mixedinstances-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/private-shared-subnet/kubernetes.tf
View File

@ -804,5 +804,11 @@ resource "aws_security_group" "nodes-private-shared-subnet-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatecalico/kubernetes.tf
View File

@ -945,5 +945,11 @@ resource "aws_vpc" "privatecalico-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatecanal/kubernetes.tf
View File

@ -936,5 +936,11 @@ resource "aws_vpc" "privatecanal-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatecilium/kubernetes.tf
View File

@ -936,5 +936,11 @@ resource "aws_vpc" "privatecilium-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatecilium2/kubernetes.tf
View File

@ -936,5 +936,11 @@ resource "aws_vpc" "privatecilium-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf
View File

@ -950,5 +950,11 @@ resource "aws_vpc" "privateciliumadvanced-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatedns1/kubernetes.tf
View File

@ -1027,5 +1027,11 @@ resource "aws_vpc" "privatedns1-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatedns2/kubernetes.tf
View File

@ -896,5 +896,11 @@ resource "aws_subnet" "utility-us-test-1a-privatedns2-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privateflannel/kubernetes.tf
View File

@ -936,5 +936,11 @@ resource "aws_vpc" "privateflannel-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privatekopeio/kubernetes.tf
View File

@ -984,5 +984,11 @@ resource "aws_vpc" "privatekopeio-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/privateweave/kubernetes.tf
View File

@ -936,5 +936,11 @@ resource "aws_vpc" "privateweave-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/public-jwks/kubernetes.tf
View File

@ -597,5 +597,11 @@ resource "aws_vpc" "minimal-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/shared_subnet/kubernetes.tf
View File

@ -496,5 +496,11 @@ resource "aws_security_group" "nodes-sharedsubnet-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/shared_vpc/kubernetes.tf
View File

@ -530,5 +530,11 @@ resource "aws_subnet" "us-test-1a-sharedvpc-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

8
tests/integration/update_cluster/unmanaged/kubernetes.tf
View File

@ -861,5 +861,11 @@ resource "aws_subnet" "utility-us-test-1b-unmanaged-example-com" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}

6
upup/pkg/fi/cloudup/apply_cluster.go
View File

@ -724,11 +724,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
case TargetTerraform:
checkExisting = false
outDir := c.OutDir
tfVersion := terraform.Version011
if featureflag.Terraform012.Enabled() && !featureflag.TerraformJSON.Enabled() {
tfVersion = terraform.Version012
}
tf := terraform.NewTerraformTarget(cloud, region, project, outDir, tfVersion, cluster.Spec.Target)
tf := terraform.NewTerraformTarget(cloud, region, project, outDir, cluster.Spec.Target)
// We include a few "util" variables in the TF output
if err := tf.AddOutputVariable("region", terraform.LiteralFromStringValue(region)); err != nil {

16
upup/pkg/fi/cloudup/awstasks/autoscalinggroup_test.go
View File

@ -243,7 +243,13 @@ resource "aws_autoscaling_group" "test" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}
`,
},
@ -311,7 +317,13 @@ resource "aws_autoscaling_group" "test1" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}
`,
},

16
upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go
View File

@ -216,14 +216,7 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e
return err
}
if d != nil {
if featureflag.Terraform012.Enabled() && !featureflag.TerraformJSON.Enabled() {
userDataResource := fi.WrapResource(fi.NewBytesResource(d))
tf.UserData, err = target.AddFile("aws_launch_template", fi.StringValue(e.Name), "user_data", userDataResource, true)
if err != nil {
return err
}
} else {
if featureflag.TerraformJSON.Enabled() {
b64d := base64.StdEncoding.EncodeToString(d)
if b64d != "" {
b64UserDataResource := fi.WrapResource(fi.NewStringResource(b64d))
@ -232,6 +225,13 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e
return err
}
}
} else {
userDataResource := fi.WrapResource(fi.NewBytesResource(d))
tf.UserData, err = target.AddFile("aws_launch_template", fi.StringValue(e.Name), "user_data", userDataResource, true)
if err != nil {
return err
}
}
}
}

16
upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go
View File

@ -84,7 +84,13 @@ resource "aws_launch_template" "test" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}
`,
},
@ -154,7 +160,13 @@ resource "aws_launch_template" "test" {
}
terraform {
required_version = ">= 0.12.0"
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}
`,
},

2
upup/pkg/fi/cloudup/awstasks/render_test.go
View File

@ -56,7 +56,7 @@ func doRenderTests(t *testing.T, method string, cases []*renderTest) {
switch method {
case "RenderTerraform":
target = terraform.NewTerraformTarget(cloud, "eu-west-2", "test", outdir, terraform.Version012, nil)
target = terraform.NewTerraformTarget(cloud, "eu-west-2", "test", outdir, nil)
filename = "kubernetes.tf"
case "RenderCloudformation":
target = cloudformation.NewCloudformationTarget(cloud, "eu-west-2", "test", outdir)

10
upup/pkg/fi/cloudup/terraform/BUILD.bazel
View File

@ -4,12 +4,11 @@ go_library(
name = "go_default_library",
srcs = [
"hcl2.go",
"hcl_printer.go",
"lifecycle.go",
"literal.go",
"target.go",
"target_0_11.go",
"target_0_12.go",
"target_hcl2.go",
"target_json.go",
],
importpath = "k8s.io/kops/upup/pkg/fi/cloudup/terraform",
visibility = ["//visibility:public"],
@ -17,9 +16,6 @@ go_library(
"//pkg/apis/kops:go_default_library",
"//pkg/featureflag:go_default_library",
"//upup/pkg/fi:go_default_library",
"//vendor/github.com/hashicorp/hcl/hcl/ast:go_default_library",
"//vendor/github.com/hashicorp/hcl/hcl/printer:go_default_library",
"//vendor/github.com/hashicorp/hcl/json/parser:go_default_library",
"//vendor/github.com/hashicorp/hcl/v2:go_default_library",
"//vendor/github.com/hashicorp/hcl/v2/hclsyntax:go_default_library",
"//vendor/github.com/hashicorp/hcl/v2/hclwrite:go_default_library",
@ -33,7 +29,7 @@ go_test(
name = "go_default_test",
srcs = [
"hcl2_test.go",
"target_0_12_test.go",
"target_hcl2_test.go",
],
embed = [":go_default_library"],
deps = [

133
upup/pkg/fi/cloudup/terraform/hcl_printer.go
View File

@ -1,133 +0,0 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package terraform
import (
"bytes"
"fmt"
"strings"
"github.com/hashicorp/hcl/hcl/ast"
hcl_printer "github.com/hashicorp/hcl/hcl/printer"
"k8s.io/klog/v2"
"k8s.io/kops/pkg/featureflag"
)
const safeChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
// sanitizer fixes up an invalid HCL AST, as produced by the HCL parser for JSON
type astSanitizer struct {
}
// output prints creates b printable HCL output and returns it.
func (v *astSanitizer) visit(n interface{}) {
switch t := n.(type) {
case *ast.File:
v.visit(t.Node)
case *ast.ObjectList:
var index int
for {
if index == len(t.Items) {
break
}
v.visit(t.Items[index])
index++
}
case *ast.ObjectKey:
case *ast.ObjectItem:
v.visitObjectItem(t)
case *ast.LiteralType:
case *ast.ListType:
case *ast.ObjectType:
v.visit(t.List)
default:
klog.Warningf(" unknown type: %T\n", n)
}
}
func (v *astSanitizer) visitObjectItem(o *ast.ObjectItem) {
for i, k := range o.Keys {
if i == 0 {
text := k.Token.Text
if text != "" && text[0] == '"' && text[len(text)-1] == '"' {
v := text[1 : len(text)-1]
safe := true
for _, c := range v {
if !strings.ContainsRune(safeChars, c) {
safe = false
break
}
}
if safe {
k.Token.Text = v
}
}
}
}
// A hack so that Assign.IsValid is true, so that the printer will output =
o.Assign.Line = 1
v.visit(o.Val)
}
func hclPrint(node ast.Node) ([]byte, error) {
var sanitizer astSanitizer
sanitizer.visit(node)
var b bytes.Buffer
err := hcl_printer.Fprint(&b, node)
if err != nil {
return nil, fmt.Errorf("error writing HCL: %v", err)
}
s := b.String()
// Remove extra whitespace...
s = strings.Replace(s, "\n\n", "\n", -1)
// ...but leave whitespace between resources
s = strings.Replace(s, "}\nresource", "}\n\nresource", -1)
// Workaround HCL insanity #6359: quotes are _not_ escaped in quotes (huh?)
// This hits the file function
s = strings.Replace(s, "(\\\"", "(\"", -1)
s = strings.Replace(s, "\\\")", "\")", -1)
// We don't need to escape > or <
s = strings.Replace(s, "\\u003c", "<", -1)
s = strings.Replace(s, "\\u003e", ">", -1)
if featureflag.SkipTerraformFormat.Enabled() {
klog.Infof("feature-flag SkipTerraformFormat was set; skipping terraform format")
return []byte(s), nil
}
// Apply Terraform style (alignment etc.)
formatted, err := hcl_printer.Format([]byte(s))
if err != nil {
klog.Errorf("Invalid HCL follows:")
for i, line := range strings.Split(s, "\n") {
klog.Errorf("%d\t%s", (i + 1), line)
}
return nil, fmt.Errorf("error formatting HCL: %v", err)
}
return formatted, nil
}

25
upup/pkg/fi/cloudup/terraform/target.go
View File

@ -27,25 +27,16 @@ import (
"k8s.io/klog/v2"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/featureflag"
"k8s.io/kops/upup/pkg/fi"
)
// Version represents which terraform version is targeted
type Version string
// Version011 represents terraform versions before 0.12
const Version011 Version = "0.11"
// Version012 represents terraform versions 0.12 and above
const Version012 Version = "0.12"
type TerraformTarget struct {
Cloud fi.Cloud
Region string
Project string
ClusterName string
Version Version
outDir string
@ -61,12 +52,11 @@ type TerraformTarget struct {
clusterSpecTarget *kops.TargetSpec
}
func NewTerraformTarget(cloud fi.Cloud, region, project string, outDir string, version Version, clusterSpecTarget *kops.TargetSpec) *TerraformTarget {
func NewTerraformTarget(cloud fi.Cloud, region, project string, outDir string, clusterSpecTarget *kops.TargetSpec) *TerraformTarget {
return &TerraformTarget{
Cloud: cloud,
Region: region,
Project: project,
Version: version,
outDir: outDir,
files: make(map[string][]byte),
@ -193,13 +183,10 @@ func tfGetProviderExtraConfig(c *kops.TargetSpec) map[string]string {
func (t *TerraformTarget) Finish(taskMap map[string]fi.Task) error {
var err error
switch t.Version {
case Version011:
err = t.finish011(taskMap)
case Version012:
err = t.finish012(taskMap)
default:
err = fmt.Errorf("unrecognized terraform version %v", t.Version)
if featureflag.TerraformJSON.Enabled() {
err = t.finishJSON(taskMap)
} else {
err = t.finishHCL2(taskMap)
}
if err != nil {
return err

22
upup/pkg/fi/cloudup/terraform/target_0_12.go → upup/pkg/fi/cloudup/terraform/target_hcl2.go
View File

@ -27,7 +27,7 @@ import (
"k8s.io/kops/upup/pkg/fi"
)
func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error {
func (t *TerraformTarget) finishHCL2(taskMap map[string]fi.Task) error {
resourcesByType := make(map[string]map[string]interface{})
f := hclwrite.NewEmptyFile()
@ -42,9 +42,6 @@ func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error {
providerBlock := rootBody.AppendNewBlock("provider", []string{providerName})
providerBody := providerBlock.Body()
providerBody.SetAttributeValue("region", cty.StringVal(t.Region))
if t.Cloud.ProviderID() == kops.CloudProviderGCE {
providerBody.SetAttributeValue("version", cty.StringVal(">= 3.0.0"))
}
for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) {
providerBody.SetAttributeValue(k, cty.StringVal(v))
}
@ -87,7 +84,22 @@ func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error {
terraformBlock := rootBody.AppendNewBlock("terraform", []string{})
terraformBody := terraformBlock.Body()
terraformBody.SetAttributeValue("required_version", cty.StringVal(">= 0.12.0"))
terraformBody.SetAttributeValue("required_version", cty.StringVal(">= 0.12.26"))
requiredProvidersBlock := terraformBody.AppendNewBlock("required_providers", []string{})
requiredProvidersBody := requiredProvidersBlock.Body()
if t.Cloud.ProviderID() == kops.CloudProviderGCE {
writeMap(requiredProvidersBody, "google", map[string]cty.Value{
"source": cty.StringVal("hashicorp/google"),
"version": cty.StringVal(">= 2.19.0"),
})
} else if t.Cloud.ProviderID() == kops.CloudProviderAWS {
writeMap(requiredProvidersBody, "aws", map[string]cty.Value{
"source": cty.StringVal("hashicorp/aws"),
"version": cty.StringVal(">= 2.46.0"),
})
}
bytes := hclwrite.Format(f.Bytes())
t.files["kubernetes.tf"] = bytes

0
upup/pkg/fi/cloudup/terraform/target_0_12_test.go → upup/pkg/fi/cloudup/terraform/target_hcl2_test.go
View File

64
upup/pkg/fi/cloudup/terraform/target_0_11.go → upup/pkg/fi/cloudup/terraform/target_json.go
View File

@ -19,16 +19,12 @@ package terraform
import (
"encoding/json"
"fmt"
"os"
"path"
hcl_parser "github.com/hashicorp/hcl/json/parser"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/featureflag"
"k8s.io/kops/upup/pkg/fi"
)
func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error {
func (t *TerraformTarget) finishJSON(taskMap map[string]fi.Task) error {
resourcesByType := make(map[string]map[string]interface{})
for _, res := range t.resources {
@ -56,7 +52,6 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error {
providerGoogle[k] = v
}
providersByName["google"] = providerGoogle
providerGoogle["version"] = ">= 3.0.0"
} else if t.Cloud.ProviderID() == kops.CloudProviderAWS {
providerAWS := make(map[string]interface{})
providerAWS["region"] = t.Region
@ -108,16 +103,7 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error {
}
}
// See https://github.com/kubernetes/kops/pull/2424 for why we require 0.9.3
terraformConfiguration := make(map[string]interface{})
if featureflag.TerraformJSON.Enabled() {
terraformConfiguration["required_version"] = ">= 0.12.0"
} else {
terraformConfiguration["required_version"] = ">= 0.9.3"
}
data := make(map[string]interface{})
data["terraform"] = terraformConfiguration
data["resource"] = resourcesByType
if len(providersByName) != 0 {
data["provider"] = providersByName
@ -129,29 +115,39 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error {
data["locals"] = localVariables
}
terraformConfiguration := make(map[string]interface{})
terraformConfiguration["required_version"] = ">= 0.12.26"
requiredProvidersByName := make(map[string]interface{})
if t.Cloud.ProviderID() == kops.CloudProviderGCE {
requiredProviderGoogle := make(map[string]interface{})
requiredProviderGoogle["source"] = "hashicorp/google"
requiredProviderGoogle["version"] = ">= 2.19.0"
for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) {
requiredProviderGoogle[k] = v
}
requiredProvidersByName["google"] = requiredProviderGoogle
} else if t.Cloud.ProviderID() == kops.CloudProviderAWS {
requiredProviderAWS := make(map[string]interface{})
requiredProviderAWS["source"] = "hashicorp/aws"
requiredProviderAWS["version"] = ">= 2.46.0"
for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) {
requiredProviderAWS[k] = v
}
requiredProvidersByName["aws"] = requiredProviderAWS
}
if len(requiredProvidersByName) != 0 {
terraformConfiguration["required_providers"] = requiredProvidersByName
}
data["terraform"] = terraformConfiguration
jsonBytes, err := json.MarshalIndent(data, "", " ")
if err != nil {
return fmt.Errorf("error marshaling terraform data to json: %v", err)
}
if featureflag.TerraformJSON.Enabled() {
t.files["kubernetes.tf.json"] = jsonBytes
p := path.Join(t.outDir, "kubernetes.tf")
if _, err := os.Stat(p); err == nil {
return fmt.Errorf("Error generating kubernetes.tf.json: If you are upgrading from terraform 0.11 or earlier please read the release notes. Also, the kubernetes.tf file is already present. Please move the file away since it will be replaced by the kubernetes.tf.json file. ")
}
} else {
f, err := hcl_parser.Parse(jsonBytes)
if err != nil {
return fmt.Errorf("error parsing terraform json: %v", err)
}
b, err := hclPrint(f)
if err != nil {
return fmt.Errorf("error writing terraform data to output: %v", err)
}
t.files["kubernetes.tf"] = b
}
t.files["kubernetes.tf.json"] = jsonBytes
return nil
}

1
vendor/modules.txt vendored
View File

@ -370,7 +370,6 @@ github.com/hashicorp/go-version
github.com/hashicorp/golang-lru
github.com/hashicorp/golang-lru/simplelru
# github.com/hashicorp/hcl v1.0.0
## explicit
github.com/hashicorp/hcl
github.com/hashicorp/hcl/hcl/ast
github.com/hashicorp/hcl/hcl/parser