diff --git a/src/domains/testit-app/.terraform.lock.hcl b/src/domains/testit-app/.terraform.lock.hcl
index 3f4a046..a2a32cc 100644
--- a/src/domains/testit-app/.terraform.lock.hcl
+++ b/src/domains/testit-app/.terraform.lock.hcl
@@ -22,21 +22,21 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.97.1"
- constraints = ">= 3.30.0, ~> 3.30, <= 3.97.1, <= 3.105.0"
+ version = "3.115.0"
+ constraints = "~> 3.30, ~> 3.110, <= 3.115.0"
hashes = [
- "h1:LtwGbd4HEb5QCXmdxSvTjPSh8/Gp8eAQMYfiAKaubV4=",
- "zh:15171efcc3aa3a37748c502c493cb16ecff603b81ada4499a843574976bac524",
- "zh:2ca6c13a4a96f67763ecced0015c7b101ee02d54ea54b28a8df4ae06468071b1",
- "zh:2e3c77dbfd8f760132ecef2d6117e939cbea26b96aba5e4d926e7f7f0f7afe72",
- "zh:4bc346eece1622be93c73801d8256502b11fd7c2e7f7cea12d048bb9fc9fe900",
- "zh:4f1042942ed8d0433680a367527289459d43b0894a51eaba83ac414e80d5187f",
- "zh:63e674c31482ae3579ea84daf5b1ba066ce40cb23475f54e17b6b131320a1bec",
- "zh:8327148766dcb7a174673729a832c8095d7e137d0e6c7e2a9a01da48b8b73fbe",
- "zh:851b3ae417059a80c7813e7f0063298a590a42f056004f2c2558ea14061c207e",
- "zh:ac081b48907139c121a422ae9b1f40fc72c6aaaeb05cbdbf848102a6a5f426f4",
- "zh:dc1d663df2d95e4ba91070ceb20d3560b6ea5c465d39c57a5979319302643e41",
- "zh:ed26457367cbbb94237e935d297cb31b5687f9abf697377da0ee46974480db9b",
+ "h1:/ugKKmEZJl2+BDO9sSeSa4VIRp+t6IQhO0S9FPfXMC4=",
+ "zh:0ea93abd53cb872691bad6d5625bda88b5d9619ea813c208b36e0ee236308589",
+ "zh:26703cb9c2c38bc43e97bc83af03559d065750856ea85834b71fbcb2ef9d935c",
+ "zh:316255a3391c49fe9bd7c5b6aa53b56dd490e1083d19b722e7b8f956a2dfe004",
+ "zh:431637ae90c592126fb1ec813fee6390604275438a0d5e15904c65b0a6a0f826",
+ "zh:4cee0fa2e84f89853723c0bc72b7debf8ea2ffffc7ae34ff28d8a69269d3a879",
+ "zh:64a3a3c78ea877515365ed336bd0f3abbe71db7c99b3d2837915fbca168d429c",
+ "zh:7380d7b503b5a87fd71a31360c3eeab504f78e4f314824e3ceda724d9dc74cf0",
+ "zh:974213e05708037a6d2d8c58cc84981819138f44fe40e344034eb80e16ca6012",
+ "zh:9a91614de0476074e9c62bbf08d3bb9c64adbd1d3a4a2b5a3e8e41d9d6d5672f",
+ "zh:a438471c85b8788ab21bdef4cd5ca391a46cbae33bd0262668a80f5e6c4610e1",
+ "zh:bf823f2c941b336a1208f015466212b1a8fdf6da28abacf59bea708377709d9e",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
@@ -62,21 +62,21 @@ provider "registry.terraform.io/hashicorp/helm" {
}
provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.27.0"
- constraints = "~> 2.27, <= 2.27.0"
+ version = "2.30.0"
+ constraints = "~> 2.27, ~> 2.30.0, <= 2.35.0"
hashes = [
- "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=",
- "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f",
- "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c",
- "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef",
- "zh:653063d44b44881af3a480f7f8eaa94fa300e0229df2072d30f606bddcc9f025",
- "zh:87f306e37efb61d13efa6da53a1e45e97e5996ebc0568b1caf8c3c5e54c05809",
- "zh:8c428b9708f9634391e52300218771eab3fe942bb1295d8c0ad50ca4b33db3d9",
- "zh:a44e87119a0337ded15479851786a13f412b413d9a463ba550d1210249206b0f",
- "zh:aa2c4d110b0de6ef997c0d45f3f23f8a98f5530753095d6eff439a6d91a8ea31",
- "zh:eb15ed8781ac6a0dec2f7d03cf090e23cfa05e3225806c6231ff2c574662fd63",
- "zh:eb81c563f93bd3303f9620d11cd49f21f3f89ac3475c6d3e821b239feb9c217d",
- "zh:f1a344a7f16131123577e4ec994d04a34ea458ec16c1ccac53fe7946bd817b18",
+ "h1:z0Gy1p59XfS9MawIqCck7m2eeEEhAj6D7n8Ngglu8vE=",
+ "zh:06531333a72fe6d2829f37a328e08a3fc4ed66226344a003b62418a834ac6c69",
+ "zh:34480263939ef5007ce65c9f4945df5cab363f91e5260ae552bcd9f2ffeed444",
+ "zh:59e71f9177da570c33507c44828288264c082d512138c5755800f2cd706c62bc",
+ "zh:6e979b0c07326f9c8d1999096a920322d22261ca61d346b3a9775283d00a2fa5",
+ "zh:73e3f228de0077b5c0a84ec5b1ada507fbb3456cba35a6b5758723f77715b7af",
+ "zh:79e0de985159c056f001cc47a654620d51f5d55f554bcbcde1fe7d52f667db40",
+ "zh:8accb9100f609377db42e3ced42cc9d5c36065a06644dfb21d3893bb8d4797fd",
+ "zh:9f99aa0bf5caa4223a7dbf5d22d71c16083e782c4eea4b0130abfd6e6f1cec18",
+ "zh:bcb2ad76ad05ec23f8da62231a2360d1f70bbcd28abd06b8458a9e2f17da7873",
+ "zh:bce317d7790c2d3c4e724726dc78070db28daf7d861faa646fc891fe28842a29",
+ "zh:ed0a8e7fa8a1c419a19840b421d18200c3a63cf16ccbcbc400cb375d5397f615",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
diff --git a/src/domains/testit-app/02_namespace_domain.tf b/src/domains/testit-app/02_namespace_domain.tf
index 15982fe..f109f89 100644
--- a/src/domains/testit-app/02_namespace_domain.tf
+++ b/src/domains/testit-app/02_namespace_domain.tf
@@ -4,22 +4,6 @@ resource "kubernetes_namespace" "domain_namespace" {
}
}
-module "domain_pod_identity" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.17.1"
-
- resource_group_name = local.aks_resource_group_name
- location = var.location
- tenant_id = data.azurerm_subscription.current.tenant_id
- cluster_name = local.aks_name
-
- identity_name = "${var.domain}-pod-identity"
- namespace = kubernetes_namespace.domain_namespace.metadata[0].name
- key_vault_id = data.azurerm_key_vault.kv_domain.id
-
- secret_permissions = ["Get"]
- certificate_permissions = ["Get"]
-}
-
resource "helm_release" "reloader" {
name = "reloader"
repository = "https://stakater.github.io/stakater-charts"
diff --git a/src/domains/testit-app/05_pod_identity.tf b/src/domains/testit-app/05_pod_identity.tf
new file mode 100644
index 0000000..76ff090
--- /dev/null
+++ b/src/domains/testit-app/05_pod_identity.tf
@@ -0,0 +1,15 @@
+module "domain_pod_identity" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.17.1"
+
+ resource_group_name = local.aks_resource_group_name
+ location = var.location
+ tenant_id = data.azurerm_subscription.current.tenant_id
+ cluster_name = local.aks_name
+
+ identity_name = "${var.domain}-pod-identity"
+ namespace = kubernetes_namespace.domain_namespace.metadata[0].name
+ key_vault_id = data.azurerm_key_vault.kv_domain.id
+
+ secret_permissions = ["Get"]
+ certificate_permissions = ["Get"]
+}
diff --git a/src/domains/testit-app/05_workload_identity.tf b/src/domains/testit-app/05_workload_identity.tf
new file mode 100644
index 0000000..ab25c49
--- /dev/null
+++ b/src/domains/testit-app/05_workload_identity.tf
@@ -0,0 +1,14 @@
+module "workload_identity" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity?ref=v8.39.0"
+
+ workload_name_prefix = var.domain
+ workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
+ aks_name = data.azurerm_kubernetes_cluster.aks.name
+ aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
+ namespace = var.domain
+
+ key_vault_id = data.azurerm_key_vault.kv_domain.id
+ key_vault_certificate_permissions = ["Get"]
+ key_vault_key_permissions = ["Get"]
+ key_vault_secret_permissions = ["Get"]
+}
diff --git a/src/domains/testit-app/80_middleware_tools.tf b/src/domains/testit-app/80_middleware_tools.tf
index 2979f3b..5be47b2 100644
--- a/src/domains/testit-app/80_middleware_tools.tf
+++ b/src/domains/testit-app/80_middleware_tools.tf
@@ -1,13 +1,27 @@
+# module "tls_checker" {
+# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.18.0"
+#
+# https_endpoint = local.domain_aks_hostname
+# alert_name = local.domain_aks_hostname
+# alert_enabled = true
+# helm_chart_present = true
+# namespace = kubernetes_namespace.domain_namespace.metadata[0].name
+# location_string = var.location
+# kv_secret_name_for_application_insights_connection_string = "dvopla-d-itn-appinsights-connection-string"
+# keyvault_name = data.azurerm_key_vault.kv_domain.name
+# keyvault_tenant_id = data.azurerm_client_config.current.tenant_id
+# application_insights_resource_group = data.azurerm_resource_group.monitor_rg.name
+# application_insights_id = data.azurerm_application_insights.application_insights.id
+# application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
+# }
+
module "tls_checker" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.18.0"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.38.0"
- https_endpoint = local.domain_aks_hostname
- alert_name = local.domain_aks_hostname
- alert_enabled = true
- helm_chart_present = true
- # helm_chart_version = var.tls_cert_check_helm.chart_version
- # helm_chart_image_name = var.tls_cert_check_helm.image_name
- # helm_chart_image_tag = var.tls_cert_check_helm.image_tag
+ https_endpoint = local.domain_aks_hostname
+ alert_name = local.domain_aks_hostname
+ alert_enabled = true
+ helm_chart_present = true
namespace = kubernetes_namespace.domain_namespace.metadata[0].name
location_string = var.location
kv_secret_name_for_application_insights_connection_string = "dvopla-d-itn-appinsights-connection-string"
@@ -16,12 +30,27 @@ module "tls_checker" {
application_insights_resource_group = data.azurerm_resource_group.monitor_rg.name
application_insights_id = data.azurerm_application_insights.application_insights.id
application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
+
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
}
+# module "cert_mounter" {
+# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.17.1"
+# namespace = var.domain
+# certificate_name = replace(local.domain_aks_hostname, ".", "-")
+# kv_name = data.azurerm_key_vault.kv_domain.name
+# tenant_id = data.azurerm_subscription.current.tenant_id
+# }
+
module "cert_mounter" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.17.1"
- namespace = var.domain
- certificate_name = replace(local.domain_aks_hostname, ".", "-")
- kv_name = data.azurerm_key_vault.kv_domain.name
- tenant_id = data.azurerm_subscription.current.tenant_id
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.38.0"
+ namespace = var.domain
+ certificate_name = replace(local.domain_aks_hostname, ".", "-")
+ kv_name = data.azurerm_key_vault.kv_domain.name
+ tenant_id = data.azurerm_subscription.current.tenant_id
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
}
diff --git a/src/domains/testit-app/99_main.tf b/src/domains/testit-app/99_main.tf
index 788dd9a..753bba4 100644
--- a/src/domains/testit-app/99_main.tf
+++ b/src/domains/testit-app/99_main.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "<= 3.105.0"
+ version = "<= 3.115.0"
}
azuread = {
source = "hashicorp/azuread"
@@ -14,7 +14,7 @@ terraform {
}
kubernetes = {
source = "hashicorp/kubernetes"
- version = "<= 2.27.0"
+ version = "<= 2.35.0"
}
helm = {
source = "hashicorp/helm"
diff --git a/src/domains/testit-app/README.md b/src/domains/testit-app/README.md
index b4fdec1..845a8a8 100644
--- a/src/domains/testit-app/README.md
+++ b/src/domains/testit-app/README.md
@@ -5,9 +5,9 @@
| Name | Version |
|------|---------|
| [azuread](#requirement\_azuread) | <= 2.47.0 |
-| [azurerm](#requirement\_azurerm) | <= 3.105.0 |
+| [azurerm](#requirement\_azurerm) | <= 3.115.0 |
| [helm](#requirement\_helm) | <= 2.12.1 |
-| [kubernetes](#requirement\_kubernetes) | <= 2.27.0 |
+| [kubernetes](#requirement\_kubernetes) | <= 2.35.0 |
| [local](#requirement\_local) | <= 2.5.1 |
| [null](#requirement\_null) | <= 3.2.1 |
@@ -15,10 +15,11 @@
| Name | Source | Version |
|------|--------|---------|
-| [cert\_mounter](#module\_cert\_mounter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.17.1 |
+| [cert\_mounter](#module\_cert\_mounter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v8.38.0 |
| [domain\_pod\_identity](#module\_domain\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.17.1 |
| [system\_service\_account](#module\_system\_service\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_service_account | v8.17.1 |
-| [tls\_checker](#module\_tls\_checker) | git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker | v8.18.0 |
+| [tls\_checker](#module\_tls\_checker) | git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker | v8.38.0 |
+| [workload\_identity](#module\_workload\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity | v8.39.0 |
## Resources