diff --git a/examples/full-cluster-tf-upgrade/1.28/common-services/main.tf b/examples/full-cluster-tf-upgrade/1.28/common-services/main.tf index f67ee9c..186542b 100644 --- a/examples/full-cluster-tf-upgrade/1.28/common-services/main.tf +++ b/examples/full-cluster-tf-upgrade/1.28/common-services/main.tf @@ -365,7 +365,8 @@ resource "helm_release" "istio-profile" { namespace = kubernetes_namespace.istio-system.metadata[0].name repository = "${path.module}/charts/" - depends_on = [helm_release.istio-operator, null_resource.certificate-issuers] + # depends_on = [helm_release.istio-operator, null_resource.certificate-issuers] + depends_on = [helm_release.istio-operator] set { name = "hub" diff --git a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data index b71a5ea..8e74475 100644 --- a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data +++ b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data @@ -1,8 +1,9 @@ -VERSION 1.4.2 +VERSION 2.0.0 REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh +TAG links LINKTOP init LINKTOP includes.d/variables.account_tags.tf LINKTOP includes.d/variables.account_tags.auto.tfvars @@ -26,34 +27,41 @@ LINK versions.tf LINK version.tf LINK variables.vpc.tf LINK variables.vpc.auto.tfvars + +TAG init COMMAND tf-init +TAG start module.images -TAG start-certificate -module.cert +TAG state-link COMMAND tf-directory-setup.py -l s3 -COMMENT Adding key to git-secret, hiding, and adding to git. Manually commit afterwards. -COMMAND git-secret add certs/*.key -COMMAND git-secret hide -m -COMMAND git add certs/*.key.secret -COMMENT execute: git commit -m add-pki-key -a - -COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing -COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate". -COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type. -COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate. -COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root. -STOP Wait for certificate to be signed, then continue with %%NEXT%%. +## certificates replaced with new subordindate_ca module usign acmpca +## TAG start-certificate +## module.cert +## +## COMMENT Adding key to git-secret, hiding, and adding to git. Manually commit afterwards. +## COMMAND git-secret add certs/*.key +## COMMAND git-secret hide -m +## COMMAND git add certs/*.key.secret +## COMMENT execute: git commit -m add-pki-key -a +## +## COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing +## COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate". +## COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type. +## COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate. +## COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root. +## STOP Wait for certificate to be signed, then continue with %%NEXT%%. +## +## TAG have-certificate +## module.cert +## module.cert -TAG have-certificate -module.cert -module.cert -ALL +TAG continue ALL -COMMENT Manually append the Trust Chain to the generated certificate bundle +## COMMENT Manually append the Trust Chain to the generated certificate bundle COMMENT cd cluster-autoscaler and tf-run.sh apply COMMENT come back to this directory COMMENT cd cloudwatch-agent and tf-run.sh apply diff --git a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.destroy.data b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.destroy.data index 73489f4..0d44f6e 100644 --- a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.destroy.data +++ b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.destroy.data @@ -1,8 +1,9 @@ -VERSION 1.0.1 +VERSION 2.0.0 BACKUP-STATE COMMAND tf-init COMMAND tf-state list -module.cert -COMMENT git-secret remove -c */*.key +## module.cert +## COMMENT git-secret remove -c */*.key + ALL