rework the images, charts and main.tf with new versions

terraform-modules · Jul 24, 2023 · beb2704 · beb2704
1 parent 8506962
commit beb2704
Show file tree

Hide file tree

Showing 7 changed files with 251 additions and 32 deletions.
diff --git a/...pgrade/1.25/common-services/copy_image.sh → ...de/1.25/common-services/copy_image.sh.off b/...pgrade/1.25/common-services/copy_image.sh → ...de/1.25/common-services/copy_image.sh.off
diff --git a/...grade/1.25/common-services/copy_images.tf → ...e/1.25/common-services/copy_images.tf.off b/...grade/1.25/common-services/copy_images.tf → ...e/1.25/common-services/copy_images.tf.off
@@ -89,4 +89,3 @@ resource "null_resource" "copy_images" {
     }
   }
 }
-
diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/images.tf b/examples/full-cluster-tf-upgrade/1.25/common-services/images.tf
@@ -0,0 +1,69 @@
+locals {
+  image_config = [for k, v in var.image_details : v if v.enabled]
+  image_output = { for k, v in module.images.image_info : v.name => v }
+}
+
+module "images" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git?ref=tf-upgrade"
+
+  profile          = var.profile
+  application_list = []
+  application_name = format("eks/%v", var.cluster_name)
+  image_config     = local.image_config
+  tags = merge(
+    local.base_tags,
+    local.common_tags,
+    var.tags,
+    var.application_tags,
+  )
+
+  ### optional
+  ##  account_alias        = ""
+  ##  account_id           = ""
+  ##  destination_password = ""
+  ##  destination_username = ""
+  ##  override_prefixes    = {}
+  ##  region               = ""
+  ##  source_password      = ""
+  ##  source_username      = ""
+}
+
+
+## image_info = {
+##   "elastic/elasticsearch#7.14.0" = {
+##     "dest_full_path" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com/eks/test-cluster-name/elastic/elasticsearch:7.14.0"
+##     "dest_registry" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com"
+##     "dest_repository" = "eks/test-cluster-name/elastic/elasticsearch"
+##     "enabled" = true
+##     "key" = "elastic/elasticsearch#7.14.0"
+##     "name" = "elastic/elasticsearch"
+##     "source_full_path" = "docker.elastic.co/elasticsearch/elasticsearch:7.14.0"
+##     "source_image" = "elasticsearch/elasticsearch"
+##     "source_registry" = "docker.elastic.co"
+##     "tag" = "7.14.0"
+##   }
+##   "elastic/kibana#7.14.0" = {
+##     "dest_full_path" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com/eks/test-cluster-name/elastic/kibana:7.14.0"
+##     "dest_registry" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com"
+##     "dest_repository" = "eks/test-cluster-name/elastic/kibana"
+##     "enabled" = true
+##     "key" = "elastic/kibana#7.14.0"
+##     "name" = "elastic/kibana"
+##     "source_full_path" = "docker.elastic.co/kibana/kibana:7.14.0"
+##     "source_image" = "kibana/kibana"
+##     "source_registry" = "docker.elastic.co"
+##     "tag" = "7.14.0"
+##   }
+##   "fluent/fluentd-kubernetes-daemonset#v1.13.3-debian-elasticsearch7-1.2" = {
+##     "dest_full_path" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com/eks/test-cluster-name/fluent/fluentd-kubernetes-daemonset:v1.13.3-debian-elasticsearch7-1.2"
+##     "dest_registry" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com"
+##     "dest_repository" = "eks/test-cluster-name/fluent/fluentd-kubernetes-daemonset"
+##     "enabled" = true
+##     "key" = "fluent/fluentd-kubernetes-daemonset#v1.13.3-debian-elasticsearch7-1.2"
+##     "name" = "fluent/fluentd-kubernetes-daemonset"
+##     "source_full_path" = "docker.io/fluent/fluentd-kubernetes-daemonset:v1.13.3-debian-elasticsearch7-1.2"
+##     "source_image" = "fluent/fluentd-kubernetes-daemonset"
+##     "source_registry" = "docker.io"
+##     "tag" = "v1.13.3-debian-elasticsearch7-1.2"
+##   }
+## }
diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/main.tf b/examples/full-cluster-tf-upgrade/1.25/common-services/main.tf
@@ -44,7 +44,8 @@ resource "helm_release" "metrics-server" {
   repository = local.charts["metrics-server"].use_remote ? local.charts["metrics-server"].repository : "${path.module}/charts"
   version    = local.charts["metrics-server"].use_remote ? local.charts["metrics-server"].version : null
 
-  depends_on = [null_resource.copy_images]
+  #  depends_on = [null_resource.copy_images]
+  depends_on = [module.images]
   set {
     name  = "extraArgs[0]"
     value = "--kubelet-preferred-address-types=InternalIP"
@@ -70,18 +71,21 @@ resource "helm_release" "metrics-server" {
   #    value = "--kubelet-insecure-tls=true"
   #  }
   set {
-    name  = "image.registry"
-    value = local.account_ecr_registry
+    name = "image.registry"
+    #    value = local.account_ecr_registry
+    value = local.image_output["metrics-server"].dest_registry
   }
   set {
     name = "image.repository"
     #    value =  format("%v/%v", local.repo_parent_name, local.images["metric-server"].name)
-    value = local.image_map["metrics-server"].repository
+    # value = local.image_map["metrics-server"].repository
+    value = local.image_output["metrics-server"].dest_repository
   }
 
   set {
-    name  = "image.tag"
-    value = var.metrics_server_tag
+    name = "image.tag"
+    #    value = var.metrics_server_tag
+    value = local.image_output["metrics-server"].tag
   }
 
   timeout = 300
@@ -94,12 +98,14 @@ resource "helm_release" "cluster-autoscaler" {
   repository = "${path.module}/charts/"
   depends_on = [null_resource.copy_images]
   set {
-    name  = "image.repository"
-    value = local.image_repos["cluster-autoscaler"]
+    name = "image.repository"
+    #    value = local.image_repos["cluster-autoscaler"]
+    value = split(":", local.image_output["cluster-autoscaler"].dest_full_path)[0]
   }
   set {
-    name  = "image.tag"
-    value = var.cluster_autoscaler_tag
+    name = "image.tag"
+    #    value = var.cluster_autoscaler_tag
+    value = local.image_output["cluster-autoscaler"].tag
   }
   set {
     name  = "autoDiscovery.clusterName"
@@ -135,30 +141,36 @@ resource "helm_release" "cert-manager" {
   }
 
   set {
-    name  = "image.repository"
-    value = local.image_repos["cert-manager-controller"]
+    name = "image.repository"
+    #    value = local.image_repos["cert-manager-controller"]
+    value = split(":", local.image_output["cert-manager-controller"].dest_full_path)[0]
   }
   set {
-    name  = "image.tag"
-    value = var.cert_manager_controller_tag
+    name = "image.tag"
+    #    value = var.cert_manager_controller_tag
+    value = local.image_output["cert-manager-controller"].tag
   }
 
   set {
-    name  = "cainjector.image.repository"
-    value = local.image_repos["cert-manager-cainjector"]
+    name = "cainjector.image.repository"
+    #    value = local.image_repos["cert-manager-cainjector"]
+    value = split(":", local.image_output["cert-manager-cainjector"].dest_full_path)[0]
   }
   set {
-    name  = "cainjector.image.tag"
-    value = var.cert_manager_cainjector_tag
+    name = "cainjector.image.tag"
+    #    value = var.cert_manager_cainjector_tag
+    value = local.image_output["cert-manager-cainjector"].tag
   }
 
   set {
-    name  = "webhook.image.repository"
-    value = local.image_repos["cert-manager-webhook"]
+    name = "webhook.image.repository"
+    #    value = local.image_repos["cert-manager-webhook"]
+    value = split(":", local.image_output["cert-manager-webhook"].dest_full_path)[0]
   }
   set {
-    name  = "webhook.image.tag"
-    value = var.cert_manager_webhook_tag
+    name = "webhook.image.tag"
+    #    value = var.cert_manager_webhook_tag
+    value = local.image_output["cert-manager-webhook"].tag
   }
 
   timeout = 180
@@ -324,8 +336,9 @@ resource "helm_release" "istio-operator" {
     value = format("%v/%v", local.account_ecr, "istio")
   }
   set {
-    name  = "tag"
-    value = var.istio_tag
+    name = "tag"
+    #    value = var.istio_tag
+    value = local.image_output["istio-operator"].tag
   }
   set {
     name  = "operatorNamespace"
@@ -400,3 +413,58 @@ resource "null_resource" "certificate-issuers" {
   }
 }
 
+## 
+##     name       = "cert-manager"
+##     name       = "metrics-server"
+##     name            = "cert-manager-controller"
+##     name            = "cert-manager-cainjector"
+##     name            = "cert-manager-webhook"
+##     name            = "cluster-autoscaler"
+##     name            = "metrics-server"
+##     name            = "istio/operator"
+##     name            = "istio/pilot"
+##     name            = "istio/proxyv2"
+## 
+## 
+## local.image_output[name].
+## 
+## ##   "fluent/fluentd-kubernetes-daemonset#v1.13.3-debian-elasticsearch7-1.2" = {
+## ##     "dest_full_path" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com/eks/test-cluster-name/fluent/fluentd-kubernetes-daemonset:v1.13.3-debian-elasticsearch7-1.2"
+## ##     "dest_registry" = "817869416306.dkr.ecr.us-gov-east-1.amazonaws.com"
+## ##     "dest_repository" = "eks/test-cluster-name/fluent/fluentd-kubernetes-daemonset"
+## ##     "enabled" = true
+## ##     "key" = "fluent/fluentd-kubernetes-daemonset#v1.13.3-debian-elasticsearch7-1.2"
+## ##     "name" = "fluent/fluentd-kubernetes-daemonset"
+## ##     "source_full_path" = "docker.io/fluent/fluentd-kubernetes-daemonset:v1.13.3-debian-elasticsearch7-1.2"
+## ##     "source_image" = "fluent/fluentd-kubernetes-daemonset"
+## ##     "source_registry" = "docker.io"
+## ##     "tag" = "v1.13.3-debian-elasticsearch7-1.2"
+## ##   }
+## 
+## 
+## 
+## > local.image_map
+## {
+##   "cert-manager-cainjector" = {
+##     "enabled" = true
+##     "full_path" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/cert-manager-cainjector"
+##     "image" = "quay.io/jetstack/cert-manager-cainjector"
+##     "name" = "cert-manager-cainjector"
+##     "registry" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com"
+##     "repository" = "eks/ditd-gppsys-ite/cert-manager-cainjector"
+##     "tag" = "v1.4.3"
+##   }
+## 
+## 
+## > local.image_repos
+## {
+##   "cert-manager-cainjector" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/cert-manager-cainjector"
+##   "cert-manager-controller" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/cert-manager-controller"
+##   "cert-manager-webhook" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/cert-manager-webhook"
+##   "cluster-autoscaler" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/cluster-autoscaler"
+##   "istio/operator" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/istio/operator"
+##   "istio/pilot" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/istio/pilot"
+##   "istio/proxyv2" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/istio/proxyv2"
+##   "metrics-server" = "247901282001.dkr.ecr.us-gov-west-1.amazonaws.com/eks/ditd-gppsys-ite/metrics-server"
+## }
+## 
diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/tf-run.data b/examples/full-cluster-tf-upgrade/1.25/common-services/tf-run.data
@@ -1,4 +1,4 @@
-VERSION 1.3.0
+VERSION 1.4.0
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
@@ -11,6 +11,7 @@ LINK variables.application_tags.auto.tfvars
 LINK variables.vpc.tf
 LINK variables.vpc.auto.tfvars
 
+module.images
 module.cert
 COMMAND tf-directory-setup.py -l s3
 

diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.25/common-services/variables.common-services.auto.tfvars
@@ -1,9 +1,9 @@
-cert_manager_cainjector_tag    = "v1.4.3"
-cert_manager_controller_tag    = "v1.4.3"
-cert_manager_webhook_tag       = "v1.4.3"
-cluster_autoscaler_tag         = "v1.24.0"
-istio_tag                      = "1.10.1"
-metrics_server_tag             = "0.6.2-debian-11-r9"
+#cert_manager_cainjector_tag    = "v1.4.3"
+#cert_manager_controller_tag    = "v1.4.3"
+#cert_manager_webhook_tag       = "v1.4.3"
+#cluster_autoscaler_tag         = "v1.24.0"
+#istio_tag                      = "1.16.1"
+#metrics_server_tag             = "0.6.2-debian-11-r9"
 tls_crt_b64                    = ""
 tls_crt_contents               = ""
 tls_crt_file                   = ""
@@ -39,3 +39,71 @@ chart_details = {
     use_remote = true
   }
 }
+
+image_details = {
+  "cert-manager-controller" = {
+    name            = "cert-manager-controller"
+    image           = "quay.io/jetstack/cert-manager-controller"
+    source_registry = "quay.io"
+    source_image    = "jetstack/cert-manager-controller"
+    source_tag      = "v1.12.2"
+    enabled         = true
+  }
+  "cert-manager-cainjector" = {
+    name            = "cert-manager-cainjector"
+    image           = "quay.io/jetstack/cert-manager-cainjector"
+    source_registry = "quay.io"
+    source_image    = "jetstack/cert-manager-cainjector"
+    source_tag      = "v1.12.2"
+    enabled         = true
+  }
+  "cert-manager-webhook" = {
+    name            = "cert-manager-webhook"
+    image           = "quay.io/jetstack/cert-manager-webhook"
+    source_registry = "quay.io"
+    source_image    = "jetstack/cert-manager-webhook"
+    source_tag      = "v1.12.2"
+    enabled         = true
+  }
+
+  "cluster-autoscaler" = {
+    name            = "cluster-autoscaler"
+    image           = "k8s.gcr.io/autoscaling/cluster-autoscaler"
+    source_registry = "k8s.gcr.io"
+    source_image    = "autoscaling/cluster-autoscaler"
+    source_tag      = "v1.24.0"
+    enabled         = true
+  }
+  "metrics-server" = {
+    name            = "metrics-server"
+    image           = "docker.io/bitnami/metrics-server"
+    source_registry = "docker.io"
+    source_iamge    = "bitnami/metrics-server"
+    source_tag      = "0.6.2-debian-11-r9"
+    enabled         = true
+  }
+  "istio-operator" = {
+    name            = "istio/operator"
+    image           = "docker.io/istio/operator"
+    source_registry = "docker.io"
+    source_image    = "istio/operator"
+    source_tag      = "1.16.1"
+    enabled         = true
+  }
+  "istio-pilot" = {
+    name            = "istio/pilot"
+    image           = "docker.io/istio/pilot"
+    source_registry = "docker.io"
+    source_image    = "istio/pilot"
+    source_tag      = "1.16.1"
+    enabled         = true
+  }
+  "istio-proxyv2" = {
+    name            = "istio/proxyv2"
+    image           = "docker.io/istio/proxyv2"
+    source_registry = "docker.io"
+    source_image    = "istio/proxyv2"
+    source_tag      = "1.16.1"
+    enabled         = true
+  }
+}
diff --git a/examples/full-cluster-tf-upgrade/1.25/common-services/variables.common-services.tf b/examples/full-cluster-tf-upgrade/1.25/common-services/variables.common-services.tf
@@ -218,3 +218,17 @@ variable "chart_details" {
   }))
   default = {}
 }
+
+variable "image_details" {
+  description = "Map of object with details about images to obtain from external sources"
+  type = map(object(
+    {
+      name            = string
+      image           = string
+      source_registry = string
+      source_image    = string
+      source_tag      = string
+      enabled         = bool
+  }))
+  default = {}
+}