feat: AKS added cilium network (#132)

* updated modules * added cilium as aks network * upgrated aks provider * pre-commit fixs * upated modules * pre-commit fix
pagopa · Aug 5, 2024 · 3ad7202 · 3ad7202
1 parent c062e86
commit 3ad7202
Show file tree

Hide file tree

Showing 11 changed files with 36 additions and 62 deletions.
diff --git a/src/aks-platform/.terraform.lock.hcl b/src/aks-platform/.terraform.lock.hcl
diff --git a/src/aks-platform/02_aks_0.tf b/src/aks-platform/02_aks_0.tf
@@ -14,7 +14,7 @@ resource "azurerm_resource_group" "rg_aks_backup" {
 
 
 module "aks" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.21.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.35.0"
 
   name                       = local.aks_cluster_name
   resource_group_name        = azurerm_resource_group.rg_aks.name
@@ -51,7 +51,8 @@ module "aks" {
     dns_service_ip      = "10.0.0.10"
     network_plugin      = "azure"
     network_plugin_mode = "overlay"
-    network_policy      = "azure"
+    network_policy      = "cilium"
+    network_data_plane  = "cilium"
     outbound_type       = "loadBalancer"
     service_cidr        = "10.0.0.0/16"
   }
@@ -118,7 +119,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_nodepool_default" {
   enable_node_public_ip = false
 
   upgrade_settings {
-    max_surge = var.aks_user_node_pool.upgrade_settings_max_surge
+    max_surge                = var.aks_user_node_pool.upgrade_settings_max_surge
+    drain_timeout_in_minutes = 30
   }
 
   tags = merge(var.tags, var.aks_user_node_pool.node_tags)

diff --git a/src/aks-platform/02_aks_storage.tf b/src/aks-platform/02_aks_storage.tf
@@ -1,5 +1,5 @@
 module "aks_storage_class" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class?ref=v8.21.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class?ref=v8.34.0"
 
   depends_on = [module.aks]
 }
diff --git a/src/aks-platform/03_aks_middleware.tf b/src/aks-platform/03_aks_middleware.tf
@@ -1,5 +1,5 @@
 # module "velero" {
-#   source                              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=v8.21.0"
+#   source                              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=v8.34.0"
 #   count                               = var.aks_enabled ? 1 : 0
 #   backup_storage_container_name       = "velero-backup"
 #   subscription_id                     = data.azurerm_subscription.current.subscription_id
@@ -20,7 +20,7 @@
 # }
 #
 # module "aks_namespace_backup" {
-#   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=v8.21.0"
+#   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=v8.34.0"
 #   count  = var.aks_enabled ? 1 : 0
 #   # required
 #   backup_name      = "daily-backup"

diff --git a/src/aks-platform/05_argocd.tf b/src/aks-platform/05_argocd.tf
@@ -60,7 +60,7 @@ resource "azurerm_key_vault_secret" "argocd_admin_username" {
 #
 
 module "argocd_pod_identity" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.21.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.34.0"
 
   cluster_name        = module.aks.name
   resource_group_name = azurerm_resource_group.rg_aks.name
@@ -89,7 +89,7 @@ resource "helm_release" "reloader_argocd" {
 }
 
 module "cert_mounter_argocd_internal" {
-  source           = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.21.0"
+  source           = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.34.0"
   namespace        = "argocd"
   certificate_name = replace(local.argocd_internal_url, ".", "-")
   kv_name          = data.azurerm_key_vault.kv_core_ita.name

diff --git a/src/aks-platform/05_keda.tf b/src/aks-platform/05_keda.tf
@@ -13,7 +13,7 @@ locals {
 }
 
 module "keda_pod_identity" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.21.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.34.0"
 
   resource_group_name = azurerm_resource_group.rg_aks.name
   location            = var.location

diff --git a/src/aks-platform/99_main.tf b/src/aks-platform/99_main.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "<= 3.105.0"
+      version = "<= 3.114.0"
     }
     azuread = {
       source  = "hashicorp/azuread"

diff --git a/src/aks-platform/README.md b/src/aks-platform/README.md
@@ -30,7 +30,7 @@ Re-enable all the resource, commented before to complete the procedure
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.8.0 |
 | <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.50.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.105.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.114.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | <= 2.14.0 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | <= 2.0.4 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | <= 2.31.0 |
@@ -40,12 +40,12 @@ Re-enable all the resource, commented before to complete the procedure
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.21.0 |
+| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.35.0 |
 | <a name="module_aks_prometheus_install"></a> [aks\_prometheus\_install](#module\_aks\_prometheus\_install) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_install | v8.34.0 |
-| <a name="module_aks_storage_class"></a> [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.21.0 |
-| <a name="module_argocd_pod_identity"></a> [argocd\_pod\_identity](#module\_argocd\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.21.0 |
-| <a name="module_cert_mounter_argocd_internal"></a> [cert\_mounter\_argocd\_internal](#module\_cert\_mounter\_argocd\_internal) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.21.0 |
-| <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.21.0 |
+| <a name="module_aks_storage_class"></a> [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.34.0 |
+| <a name="module_argocd_pod_identity"></a> [argocd\_pod\_identity](#module\_argocd\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.34.0 |
+| <a name="module_cert_mounter_argocd_internal"></a> [cert\_mounter\_argocd\_internal](#module\_cert\_mounter\_argocd\_internal) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.34.0 |
+| <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.34.0 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
 
 ## Resources

diff --git a/src/packer/01_azure_devops_agent.tf b/src/packer/01_azure_devops_agent.tf
@@ -3,7 +3,7 @@ data "azurerm_resource_group" "resource_group" {
 }
 
 module "azdoa_custom_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=update-azdo-image"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v8.34.0"
   resource_group_name = data.azurerm_resource_group.resource_group.name
   location            = var.location
   image_name          = "azdo-agent-ubuntu2204-image"

diff --git a/src/packer/02_dns_forwarder.tf b/src/packer/02_dns_forwarder.tf
@@ -1,5 +1,5 @@
 module "dns_forwarder_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=update-azdo-image"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=v8.34.0"
   resource_group_name = data.azurerm_resource_group.rg_vnet_ita.name
   location            = var.location
   image_name          = "${local.project}-dns-forwarder-ubuntu2204-image"

diff --git a/src/packer/README.md b/src/packer/README.md
@@ -13,8 +13,8 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_azdoa_custom_image"></a> [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | update-azdo-image |
-| <a name="module_dns_forwarder_image"></a> [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | update-azdo-image |
+| <a name="module_azdoa_custom_image"></a> [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | v8.34.0 |
+| <a name="module_dns_forwarder_image"></a> [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | v8.34.0 |
 
 ## Resources