fix: TLS checker for testit-app (#122)

* added personal pvc * upgrated tls cert and tls check * update module and providers * pre-commit fixs
pagopa · May 28, 2024 · 263ba79 · 263ba79
1 parent 9246963
commit 263ba79
Show file tree

Hide file tree

Showing 7 changed files with 122 additions and 54 deletions.
diff --git a/src/domains/testit-app/.terraform.lock.hcl b/src/domains/testit-app/.terraform.lock.hcl
diff --git a/src/domains/testit-app/02_namespace_domain.tf b/src/domains/testit-app/02_namespace_domain.tf
@@ -5,7 +5,7 @@ resource "kubernetes_namespace" "domain_namespace" {
 }
 
 module "domain_pod_identity" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.13.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.17.1"
 
   resource_group_name = local.aks_resource_group_name
   location            = var.location

diff --git a/src/domains/testit-app/03_serviceaccounts_azure_devops.tf b/src/domains/testit-app/03_serviceaccounts_azure_devops.tf
@@ -5,7 +5,7 @@ resource "kubernetes_namespace" "system_domain_namespace" {
 }
 
 module "system_service_account" {
-  source    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_service_account?ref=v8.13.0"
+  source    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_service_account?ref=v8.17.1"
   name      = "azure-devops"
   namespace = kubernetes_namespace.system_domain_namespace.metadata[0].name
 }

diff --git a/src/domains/testit-app/04_k8s_storage.tf b/src/domains/testit-app/04_k8s_storage.tf
@@ -0,0 +1,64 @@
+resource "kubernetes_persistent_volume_claim_v1" "testit_hdd" {
+  metadata {
+    name      = "${var.domain}-hdd-pvc"
+    namespace = var.domain
+  }
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        storage = "4Gi"
+      }
+    }
+    storage_class_name = "standard-hdd"
+  }
+}
+
+resource "kubernetes_persistent_volume_claim_v1" "testit_ssd_az" {
+  metadata {
+    name      = "${var.domain}-ssd-az-pvc"
+    namespace = var.domain
+  }
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        storage = "8Gi"
+      }
+    }
+    storage_class_name = "managed-csi-premium-zrs"
+  }
+  wait_until_bound = false
+}
+
+# resource "kubernetes_persistent_volume_claim_v1" "testit_file_share_premium_zrs" {
+#   metadata {
+#     name = "testit-file-share-premium-zrs"
+#     namespace = "testit"
+#   }
+#   spec {
+#     access_modes = ["ReadWriteMany"]
+#     resources {
+#       requests = {
+#         storage = "100Gi"
+#       }
+#     }
+#     storage_class_name = "azurefile-premium-zrs"
+#   }
+# }
+
+resource "kubernetes_persistent_volume_claim_v1" "testit_file_share_zrs" {
+  metadata {
+    name      = "testit-file-share-zrs"
+    namespace = "testit"
+  }
+  spec {
+    access_modes = ["ReadWriteMany"]
+    resources {
+      requests = {
+        storage = "1Gi"
+      }
+    }
+    storage_class_name = "azurefile-zrs"
+  }
+}
diff --git a/src/domains/testit-app/80_middleware_tools.tf b/src/domains/testit-app/80_middleware_tools.tf
@@ -1,14 +1,14 @@
 module "tls_checker" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.13.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.18.0"
 
-  https_endpoint                                            = local.domain_aks_hostname
-  alert_name                                                = local.domain_aks_hostname
-  alert_enabled                                             = true
-  helm_chart_present                                        = true
-  helm_chart_version                                        = var.tls_cert_check_helm.chart_version
+  https_endpoint     = local.domain_aks_hostname
+  alert_name         = local.domain_aks_hostname
+  alert_enabled      = true
+  helm_chart_present = true
+  #   helm_chart_version                                        = var.tls_cert_check_helm.chart_version
+  #   helm_chart_image_name                                     = var.tls_cert_check_helm.image_name
+  #   helm_chart_image_tag                                      = var.tls_cert_check_helm.image_tag
   namespace                                                 = kubernetes_namespace.domain_namespace.metadata[0].name
-  helm_chart_image_name                                     = var.tls_cert_check_helm.image_name
-  helm_chart_image_tag                                      = var.tls_cert_check_helm.image_tag
   location_string                                           = var.location
   kv_secret_name_for_application_insights_connection_string = "dvopla-d-itn-appinsights-connection-string"
   keyvault_name                                             = data.azurerm_key_vault.kv_domain.name
@@ -18,10 +18,10 @@ module "tls_checker" {
   application_insights_action_group_ids                     = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
 }
 
-# module "cert_mounter" {
-#   source           = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.13.0"
-#   namespace        = var.domain
-#   certificate_name = replace(local.domain_aks_hostname, ".", "-")
-#   kv_name          = data.azurerm_key_vault.kv_domain.name
-#   tenant_id        = data.azurerm_subscription.current.tenant_id
-# }
+module "cert_mounter" {
+  source           = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.17.1"
+  namespace        = var.domain
+  certificate_name = replace(local.domain_aks_hostname, ".", "-")
+  kv_name          = data.azurerm_key_vault.kv_domain.name
+  tenant_id        = data.azurerm_subscription.current.tenant_id
+}
diff --git a/src/domains/testit-app/99_main.tf b/src/domains/testit-app/99_main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "<= 3.104.1"
+      version = "<= 3.105.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
@@ -14,7 +14,7 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "<= 2.26.0"
+      version = "<= 2.27.0"
     }
     helm = {
       source  = "hashicorp/helm"

diff --git a/src/domains/testit-app/README.md b/src/domains/testit-app/README.md
@@ -5,19 +5,20 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.47.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.104.1 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.105.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | <= 2.12.1 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | <= 2.26.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | <= 2.27.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | <= 2.5.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.1 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_domain_pod_identity"></a> [domain\_pod\_identity](#module\_domain\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.13.0 |
-| <a name="module_system_service_account"></a> [system\_service\_account](#module\_system\_service\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_service_account | v8.13.0 |
-| <a name="module_tls_checker"></a> [tls\_checker](#module\_tls\_checker) | git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker | v8.13.0 |
+| <a name="module_cert_mounter"></a> [cert\_mounter](#module\_cert\_mounter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.17.1 |
+| <a name="module_domain_pod_identity"></a> [domain\_pod\_identity](#module\_domain\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.17.1 |
+| <a name="module_system_service_account"></a> [system\_service\_account](#module\_system\_service\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_service_account | v8.17.1 |
+| <a name="module_tls_checker"></a> [tls\_checker](#module\_tls\_checker) | git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker | v8.18.0 |
 
 ## Resources
 
@@ -31,6 +32,9 @@
 | [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.domain_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.system_domain_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_persistent_volume_claim_v1.testit_file_share_zrs](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim_v1) | resource |
+| [kubernetes_persistent_volume_claim_v1.testit_hdd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim_v1) | resource |
+| [kubernetes_persistent_volume_claim_v1.testit_ssd_az](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim_v1) | resource |
 | [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_role_binding.system_deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |