From 52251d670b174848d6d1acdd79373099f379c968 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:38:11 -0400 Subject: [PATCH 01/56] update tool versions --- .pre-commit-config.yaml | 2 +- .ruby-version | 1 - .terraform-version | 1 - .tool-versions | 3 +-- 4 files changed, 2 insertions(+), 5 deletions(-) delete mode 100644 .ruby-version delete mode 100644 .terraform-version diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 47c8b08..77975fd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt - id: terraform_docs diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index 8614229..0000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -3.2.2-r0 \ No newline at end of file diff --git a/.terraform-version b/.terraform-version deleted file mode 100644 index 3e1ad72..0000000 --- a/.terraform-version +++ /dev/null @@ -1 +0,0 @@ -1.5.0 \ No newline at end of file diff --git a/.tool-versions b/.tool-versions index 7b827bf..3874604 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1 @@ -terraform 1.5.0 -ruby 3.2.2-r0 +terraform 1.9.2 From ee434f70b8e095cf0b628b859978a7145af931f4 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:40:50 -0400 Subject: [PATCH 02/56] update provider versions and module versions --- README.md | 57 ++++++++++++++++++++--------------------------------- main.tf | 12 +++++------ versions.tf | 18 ++++++++++++----- 3 files changed, 40 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index a85fefc..a4abe25 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ # Terraform GCP-module for JupyterHub -![kitchen-tests](https://github.com/BrownUniversity/terraform-gcp-jupyterhub/workflows/kitchen-tests/badge.svg) +![terraform-tests](https://github.com/BrownUniversity/terraform-gcp-jupyterhub/actions/workflows/terraform-tests/badge.svg) This repository defines a [Terraform module](https://www.terraform.io/docs/modules/usage.html), which you can use in your code by adding a `module` configuration and setting its `source` parameter to URL of this folder. This module builds a Kubernetes-based JupyterHub in Google Cloud as used by Brown University. In general this module of JupyterHub is configured as follows: * Two pools: one for the core components, one for user pods -* Authentication (Google OAuth has been tested, other arepossible), dummy authenticator is the default. +* Authentication (Google OAuth has been tested, other are possible), dummy authenticator is the default. * We currently use Infoblox to configure our DNS, we will be making that optional in the future. * We provide scale-up and scale-down cronjobs that can change the number of replicas to have nodes be warm for users during class-time. * Optional shared nfs volume (for shared data, for instance). @@ -59,35 +59,34 @@ code by adding a `module` configuration and setting its `source` parameter to UR | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.5.0 | -| [google](#requirement\_google) | >= 4.72.0, <5.0.0 | -| [google-beta](#requirement\_google-beta) | >= 4.72.0, <5.0.0 | -| [helm](#requirement\_helm) | >= 2.10.1 | -| [kubernetes](#requirement\_kubernetes) | >= 2.22.0 | +| [terraform](#requirement\_terraform) | >= 1.9.2 | +| [google](#requirement\_google) | 5.38.0 | +| [helm](#requirement\_helm) | 2.14.0 | +| [kubernetes](#requirement\_kubernetes) | 2.31.0 | ## Providers | Name | Version | |------|---------| -| [google](#provider\_google) | >= 4.72.0, <5.0.0 | +| [google](#provider\_google) | 5.38.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | -| [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 27.0.0 | -| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.6 | +| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | +| [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 31.0.0 | +| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.7 | | [jhub\_helm](#module\_jhub\_helm) | ./modules/helm-jhub | n/a | -| [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.5 | -| [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.3 | -| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | +| [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.6 | +| [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.4 | +| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | ## Resources | Name | Type | |------|------| -| [google_compute_address.static](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_address) | resource | +| [google_compute_address.static](https://registry.terraform.io/providers/hashicorp/google/5.38.0/docs/resources/compute_address) | resource | ## Inputs @@ -273,7 +272,7 @@ See [here](https://cloud.google.com/blog/products/containers-kubernetes/kubectl- ## Testing -This repository uses Kitchen-Terraform to test the terraform modules. In the [examples](/examples) directory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen](https://kitchen.ci/). To install test kitchen, first make sure you have Ruby and bundler installed. +This repository uses the native terraform tests to test the modules. In the [tests](/tests) directory you can find examples of how each module can be used and the test scripts. ### Install testing dependencies @@ -297,12 +296,13 @@ In the example folders, rename the following files: Set the corresponding values inside of the files. They should automatically be ignored via our `.gitignore` file ### Run the tests -And now you're ready to run test kitchen. Test kitchen has a couple main commands: -- `bundle exec kitchen create` initializes terraform. -- `bundle exec kitchen converge` runs our terraform examples. -- `bundle exec kitchen verify` runs our inspec scripts against a converged kitchen. -- `bundle exec kitchen test` does all the above. +Use the `terraform test` command to test the modules in this repo. You can also specify the name of the files to run each test individually: + +```sh +terraform test -filter=tests/test-sample-jhub.tftest.hcl # runs the test without nfs +terraform test -filter=tests/test-sample-jhub-nfs.tftest.hcl # runs the test with nfs +``` ### Running terraform directly If you need finer control when trouble shooting, you can directly run terraform within the desired example directory. @@ -339,21 +339,6 @@ This project has three workflows enabled: We aim to upgrade this package at least once a year. -#### Update Ruby Version - -To install/upgrade the version of Ruby we use `rbenv` or `asdf`. For instance to install and update to `2.7.3`: - -``` -rbenv install -v 2.7.3 -rbenv local 2.7.3 -``` - -This will update the `.ruby-version` file if necessary - -#### Gemfile - -Look at the Gemfile and the output of `bundle outdated` to decide what to update. Usually I update the versions in the Gemfile directly, then type `bundle update` - ### Update the version of Terraform Use `tfenv` to manage your versions of terraform. You can update the version in the `.terraform-version` file and run `tfenv install` and `tf use` to install and use the version specified in the file. diff --git a/main.tf b/main.tf index 5df3e79..7456d58 100644 --- a/main.tf +++ b/main.tf @@ -11,7 +11,7 @@ locals { # PROJECT # ------------------------------------------------------------ module "jhub_project" { - source = "git::https://github.com/BrownUniversity/terraform-gcp-project.git?ref=v0.1.5" + source = "git::https://github.com/BrownUniversity/terraform-gcp-project.git?ref=v0.1.6" project_name = var.project_name org_id = var.org_id @@ -28,7 +28,7 @@ module "jhub_project" { # VPC # ------------------------------------------------------------ module "jhub_vpc" { - source = "git::https://github.com/BrownUniversity/terraform-gcp-vpc.git?ref=v0.1.3" + source = "git::https://github.com/BrownUniversity/terraform-gcp-vpc.git?ref=v0.1.4" project_id = module.jhub_project.project_id network_name = var.network_name @@ -50,7 +50,7 @@ resource "google_compute_address" "static" { # Assign Brown-DNS via infoblox module "production_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain @@ -58,7 +58,7 @@ module "production_infoblox_record" { } module "external_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain @@ -72,7 +72,7 @@ module "external_infoblox_record" { # tfsec:ignore:google-gke-use-cluster-labels # tfsec:ignore:google-gke-enable-private-cluster module "jhub_cluster" { - source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=v0.1.6" + source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=v0.1.7" cluster_name = var.cluster_name project_id = module.jhub_project.project_id kubernetes_version = var.kubernetes_version @@ -131,7 +131,7 @@ locals { module "gke_auth" { source = "terraform-google-modules/kubernetes-engine/google//modules/auth" - version = "27.0.0" + version = "31.0.0" depends_on = [module.jhub_cluster] project_id = module.jhub_project.project_id location = local.gcloud_location diff --git a/versions.tf b/versions.tf index ba32807..c9f24b0 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,18 @@ terraform { - required_version = ">= 1.5.0" + required_version = ">= 1.9.2" required_providers { - google = ">= 4.72.0, <5.0.0" - google-beta = ">= 4.72.0, <5.0.0" - kubernetes = ">= 2.22.0" - helm = ">= 2.10.1" + google = { + source = "hashicorp/google" + version = "5.38.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.31.0" + } + helm = { + source = "hashicorp/helm" + version = "2.14.0" + } } } From 8d40c467b87d86ee67d83f759bc3fb83375069ab Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:41:22 -0400 Subject: [PATCH 03/56] update provider versions in modules --- modules/helm-jhub/versions.tf | 18 +++++++++++++----- modules/shared-nfs/versions.tf | 18 +++++++++++++----- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/modules/helm-jhub/versions.tf b/modules/helm-jhub/versions.tf index 439fb5a..516f0e5 100644 --- a/modules/helm-jhub/versions.tf +++ b/modules/helm-jhub/versions.tf @@ -1,11 +1,19 @@ terraform { - required_version = ">= 1.5.0" + required_version = ">= 1.9.2" required_providers { - google = ">= 4.72.0, <5.0.0" - google-beta = ">= 4.72.0, <5.0.0" - kubernetes = ">= 2.22.0" - helm = ">= 2.10.1" + google = { + source = "hashicorp/google" + version = "5.38.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.31.0" + } + helm = { + source = "hashicorp/helm" + version = "2.14.0" + } random = { source = "hashicorp/random" version = "3.5.1" diff --git a/modules/shared-nfs/versions.tf b/modules/shared-nfs/versions.tf index 439fb5a..45b8375 100644 --- a/modules/shared-nfs/versions.tf +++ b/modules/shared-nfs/versions.tf @@ -1,11 +1,19 @@ terraform { - required_version = ">= 1.5.0" + required_version = ">= 1.92.0" required_providers { - google = ">= 4.72.0, <5.0.0" - google-beta = ">= 4.72.0, <5.0.0" - kubernetes = ">= 2.22.0" - helm = ">= 2.10.1" + google = { + source = "hashicorp/google" + version = "5.38.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.31.0" + } + helm = { + source = "hashicorp/helm" + version = "2.14.0" + } random = { source = "hashicorp/random" version = "3.5.1" From 7c27d0f66c1238c3aa2689693ee5133555a79f87 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:43:00 -0400 Subject: [PATCH 04/56] Move sample modules to tests directory --- examples/sample-jhub-nfs/versions.tf | 14 -- examples/sample-jhub/versions.tf | 14 -- tests/sample-jhub-nfs/.terraform.lock.hcl | 158 ++++++++++++++++++ {examples => tests}/sample-jhub-nfs/main.tf | 4 +- .../sample-jhub-nfs/outputs.tf | 0 .../sample-jhub-nfs/values.yaml | 0 .../sample-jhub-nfs/variables.tf | 0 tests/sample-jhub-nfs/versions.tf | 22 +++ tests/sample-jhub/.terraform.lock.hcl | 158 ++++++++++++++++++ .../sample-jhub/local-example.tfvars | 0 .../sample-jhub/local-example.yaml | 0 {examples => tests}/sample-jhub/main.tf | 4 +- {examples => tests}/sample-jhub/outputs.tf | 0 {examples => tests}/sample-jhub/values.yaml | 0 {examples => tests}/sample-jhub/variables.tf | 0 tests/sample-jhub/versions.tf | 22 +++ 16 files changed, 364 insertions(+), 32 deletions(-) delete mode 100644 examples/sample-jhub-nfs/versions.tf delete mode 100644 examples/sample-jhub/versions.tf create mode 100644 tests/sample-jhub-nfs/.terraform.lock.hcl rename {examples => tests}/sample-jhub-nfs/main.tf (96%) rename {examples => tests}/sample-jhub-nfs/outputs.tf (100%) rename {examples => tests}/sample-jhub-nfs/values.yaml (100%) rename {examples => tests}/sample-jhub-nfs/variables.tf (100%) create mode 100644 tests/sample-jhub-nfs/versions.tf create mode 100644 tests/sample-jhub/.terraform.lock.hcl rename {examples => tests}/sample-jhub/local-example.tfvars (100%) rename {examples => tests}/sample-jhub/local-example.yaml (100%) rename {examples => tests}/sample-jhub/main.tf (96%) rename {examples => tests}/sample-jhub/outputs.tf (100%) rename {examples => tests}/sample-jhub/values.yaml (100%) rename {examples => tests}/sample-jhub/variables.tf (100%) create mode 100644 tests/sample-jhub/versions.tf diff --git a/examples/sample-jhub-nfs/versions.tf b/examples/sample-jhub-nfs/versions.tf deleted file mode 100644 index 439fb5a..0000000 --- a/examples/sample-jhub-nfs/versions.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_version = ">= 1.5.0" - - required_providers { - google = ">= 4.72.0, <5.0.0" - google-beta = ">= 4.72.0, <5.0.0" - kubernetes = ">= 2.22.0" - helm = ">= 2.10.1" - random = { - source = "hashicorp/random" - version = "3.5.1" - } - } -} diff --git a/examples/sample-jhub/versions.tf b/examples/sample-jhub/versions.tf deleted file mode 100644 index 439fb5a..0000000 --- a/examples/sample-jhub/versions.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_version = ">= 1.5.0" - - required_providers { - google = ">= 4.72.0, <5.0.0" - google-beta = ">= 4.72.0, <5.0.0" - kubernetes = ">= 2.22.0" - helm = ">= 2.10.1" - random = { - source = "hashicorp/random" - version = "3.5.1" - } - } -} diff --git a/tests/sample-jhub-nfs/.terraform.lock.hcl b/tests/sample-jhub-nfs/.terraform.lock.hcl new file mode 100644 index 0000000..ac66edc --- /dev/null +++ b/tests/sample-jhub-nfs/.terraform.lock.hcl @@ -0,0 +1,158 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "4.77.0" + constraints = ">= 3.33.0, >= 3.43.0, >= 3.45.0, >= 3.50.0, >= 3.53.0, >= 3.83.0, >= 4.25.0, ~> 4.28, >= 4.47.0, != 4.49.0, != 4.50.0, >= 4.51.0, != 4.65.0, != 4.65.1, >= 4.69.0, >= 4.72.0, < 5.0.0" + hashes = [ + "h1:GaMgixQivqoXA+TDfmk3Zk080wOrxBtEZfRno9fU0GU=", + "zh:0f5d68c6166d4be73a3cd932ddc58324589db6557ca0d95462e21d3be9e5453e", + "zh:1e5cd136603ae54fb64dc42694ddee31b8a435f3b1c63d31601791ae771c6037", + "zh:21dea4fbf65e560414d7cf8ffea795ba90a5a4056efbde5035068465ff983d3c", + "zh:29070054dd61e5edefc9da92142d06d0a6d9799cee9076c90f8b85773979326d", + "zh:2fbe52ca8d9a4e47704fbec5ad781c42fa31867053fb409e292ec29e3b8b213a", + "zh:44276ddbb188d176e266bc4f0dbfcdb296efeaf038baa055480d86e7348fc420", + "zh:62c3b947f1dd4d213c2ea82ff4b11e92b34ce48149b35143504810dc719ef868", + "zh:7203adaa431207b6c67b617b94d37dfc499023ae0d5c56138151c9e30fe5666b", + "zh:7b482babc4df98b5ab496962ab5d7432be132207fd82ba9c6d35b42c7d7100a5", + "zh:c2e842b07c8e2b7623e18eaa0dfdcc2e786bf1883eb9dee2ada2347d47bce68c", + "zh:de18790b4ecba4e28618e319f34a2a13c52e376bec390dc94c3fdf53b71573f0", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "4.77.0" + constraints = ">= 3.43.0, >= 3.45.0, >= 3.50.0, ~> 4.11, ~> 4.28, >= 4.51.0, != 4.65.0, != 4.65.1, >= 4.72.0, < 5.0.0" + hashes = [ + "h1:T009yce9y7iugukUAsBxn5XDXu4mwJxL2MvosWZ5gAU=", + "zh:2cf8d006db195d914b9f0c4b1fe21a93ffaa38b834a48f5d49a3444f29f8e4ca", + "zh:3c65c70448735f35ad993aadac173ddbbc38d60d0b965be1edcee53014527a28", + "zh:5b318868e928653ff2c90b17eb89c72c760ff0b6867886e5fc7d8976ab7ef92e", + "zh:6580f9d393a2f59a4ead9ebf32823455b1672a23fe3998672f3583b5b4c8ca9a", + "zh:77d26efc8666e51ec3f2d4f4c3b66cb1962f4d28c7dadd75aa998e3fdb46145b", + "zh:a882e183c6ac8d54b5a4043a74192142ee0f575bc912b9b581eac5e312af9fff", + "zh:b1a79bd50d3f0a2a5e77d3dbf444c3087ec075d96ad37c326d0a22c0f9a313d4", + "zh:cb9105f5bfe1315d0786c6752b4cc3165c67dbae4ac6ddab7fb89bd01dc9223b", + "zh:ce856760ecab1d850377c76386fbc481433c0984b78d897d750dffa5a292a421", + "zh:d949886611376ada319613eac1132a11a277dfce7056992e28d036435af1745c", + "zh:ee321706488747bf0ed04e4dad33caaecdd64e4f4a913bb294c0e960095872f0", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.10.1" + constraints = ">= 2.10.1" + hashes = [ + "h1:ctDhNJU4tEcyoUgPzwKuJmbDIqUl25mCY+s/lVHP6Sg=", + "zh:0717312baed39fb0a00576297241b69b419880cad8771bf72dec97ebdc96b200", + "zh:0e0e287b4e8429a0700143c8159764502eba0b33b1d094bf0d4ef4d93c7802cb", + "zh:4f74605377dab4065aaad35a2c5fa6186558c6e2e57b9058bdc8a62cf91857b9", + "zh:505f4af4dedb7a4f8f45b4201900b8e16216bdc2a01cc84fe13cdbf937570e7e", + "zh:83f37fe692513c0ce307d487248765383e00f9a84ed95f993ce0d3efdf4204d3", + "zh:840e5a84e1b5744f0211f611a2c6890da58016a40aafd5971f12285164d4e29b", + "zh:8c03d8dee292fa0367b0511cf3e95b706e034f78025f5dff0388116e1798bf47", + "zh:937800d1860f6b3adbb20e65f11e5fcd940b21ce8bdb48198630426244691325", + "zh:c1853aa5cbbdd1d46f4b169e84c3482103f0e8575a9bb044dbde908e27348c5d", + "zh:c9b0f640590da20931c30818b0b0587aa517d5606cb6e8052e4e4bf38f97b54d", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fe8bd4dd09dc7ca218959eda1ced9115408c2cdc9b4a76964bfa455f3bcadfd3", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.22.0" + constraints = "~> 2.10, >= 2.22.0" + hashes = [ + "h1:b6Wj111/wsMNg8FrHFXrf4mCZFtSXKHx4JvbZh3YTCY=", + "zh:1eac662b1f238042b2068401e510f0624efaf51fd6a4dd9c49d710a49d383b61", + "zh:4c35651603493437b0b13e070148a330c034ac62c8967c2de9da6620b26adca4", + "zh:50c0e8654efb46e3a3666c638ca2e0c8aec07f985fbc80f9205bed960386dc9b", + "zh:5f65194ddd6ea7e89b378297d882083a4b84962edb35dd35752f0c7e9d6282a0", + "zh:6fc0c2d65864324edde4db84f528268065df58229fc3ee321626687b0e603637", + "zh:73c58d007aba7f67c0aa9029794e10c2517bec565b7cb57d0f5948ea3f30e407", + "zh:7d6fc9d3c1843baccd2e1fc56317925a2f9df372427d30fcb5052d123adc887a", + "zh:a0ad9eb863b51586ea306c5f2beef74476c96684aed41a3ee99eb4b6d8898d01", + "zh:e218fcfbf4994ff741408a023a9d9eb6c697ce9f63ce5540d3b35226d86c963e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f95625f317795f0e38cc6293dd31c85863f4e225209d07d1e233c50d9295083c", + "zh:f96e0923a632bc430267fe915794972be873887f5e761ed11451d67202e256c8", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = ">= 2.1.0" + hashes = [ + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = ">= 2.1.0, >= 2.2.0, 3.5.1" + hashes = [ + "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} + +provider "registry.terraform.io/hashicorp/time" { + version = "0.9.1" + constraints = ">= 0.5.0" + hashes = [ + "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=", + "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", + "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", + "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", + "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", + "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", + "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", + "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", + "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", + "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", + "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + ] +} + +provider "registry.terraform.io/infobloxopen/infoblox" { + version = "2.1.0" + constraints = "2.1.0" + hashes = [ + "h1:R+bS/5X1ZXdMlSKOZWTFLjR6nuInvaycUBwXss54xgk=", + "zh:0f1e7b20e4d240c37921443cc8c65c724075f0a3f3ec4acc40ebd2910882b937", + "zh:13f133583b8d3133d92e99334e1c54f7101874865f7a87e6a1ccb24f1f3edb40", + "zh:8832073deca1ff11b4b4dbcfcebd322eae24781793d670e8970737db9fc2d766", + "zh:8dd923fedc328b27f43cd6983e74c5ed39f8340cb0511fdabdde8e5d34dd6c0a", + "zh:a6b7e88cdf553aa688e5c2c44ccc85fc32a79b7cecd5f6691e718dc8539b0d2e", + "zh:a70657baf42497e5475961d505f3efa0bdcbe2cc252ee621cb36e540d30690cb", + "zh:cc59ca20090769c68a900b0fee4b6332b7f6a538b8043427442e601d2b40e0a1", + "zh:e95d79df549b9ee5697be61ee792de5ad2fb075c6e3fda6bda1eb90925d91aa3", + ] +} diff --git a/examples/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf similarity index 96% rename from examples/sample-jhub-nfs/main.tf rename to tests/sample-jhub-nfs/main.tf index 965072a..6b5ce5c 100644 --- a/examples/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -28,7 +28,7 @@ module "sample-jhub" { record_domain = local.jhub_domain # ---------------- CLUSTER VARIABLES ----------------------- - kubernetes_version = 1.27 + kubernetes_version = 1.29 regional = false region = local.gcp_region gcp_zone = local.gcp_zone @@ -66,7 +66,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" + jhub_helm_version = "3.3.7" helm_deploy_timeout = 4000 helm_values_file = "./values.yaml" diff --git a/examples/sample-jhub-nfs/outputs.tf b/tests/sample-jhub-nfs/outputs.tf similarity index 100% rename from examples/sample-jhub-nfs/outputs.tf rename to tests/sample-jhub-nfs/outputs.tf diff --git a/examples/sample-jhub-nfs/values.yaml b/tests/sample-jhub-nfs/values.yaml similarity index 100% rename from examples/sample-jhub-nfs/values.yaml rename to tests/sample-jhub-nfs/values.yaml diff --git a/examples/sample-jhub-nfs/variables.tf b/tests/sample-jhub-nfs/variables.tf similarity index 100% rename from examples/sample-jhub-nfs/variables.tf rename to tests/sample-jhub-nfs/variables.tf diff --git a/tests/sample-jhub-nfs/versions.tf b/tests/sample-jhub-nfs/versions.tf new file mode 100644 index 0000000..516f0e5 --- /dev/null +++ b/tests/sample-jhub-nfs/versions.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.9.2" + + required_providers { + google = { + source = "hashicorp/google" + version = "5.38.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.31.0" + } + helm = { + source = "hashicorp/helm" + version = "2.14.0" + } + random = { + source = "hashicorp/random" + version = "3.5.1" + } + } +} diff --git a/tests/sample-jhub/.terraform.lock.hcl b/tests/sample-jhub/.terraform.lock.hcl new file mode 100644 index 0000000..dc4c8c3 --- /dev/null +++ b/tests/sample-jhub/.terraform.lock.hcl @@ -0,0 +1,158 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "4.75.0" + constraints = ">= 3.33.0, >= 3.43.0, >= 3.45.0, >= 3.50.0, >= 3.53.0, >= 3.83.0, >= 4.25.0, ~> 4.28, >= 4.47.0, != 4.49.0, != 4.50.0, >= 4.51.0, != 4.65.0, != 4.65.1, >= 4.69.0, >= 4.72.0, < 5.0.0" + hashes = [ + "h1:Z1HpnN+PA3b5pNH7bKq/Fl7Uap01Anw4StAHDa1+ZG4=", + "zh:0aca44e6c27f0a74f874ecc374329ae8899a879425a08cfdedabbd16239ea6e3", + "zh:3f5095feedff781b38ee20b44a33c666963e3ea344aa72d9ba8744da3fbcf860", + "zh:4c65296952fb424cf3419cf16982cc65b8a53ecd424b8224c5b85f40821b2f33", + "zh:4eb6a0a5ad3bd8ca2a9290116d92d4f09ce022ad2263c84a7f1ed079896195a0", + "zh:4fa9eb7af42804e7ec2a195397abc16f4eb3d9e005eb516937f4d85a4579190c", + "zh:579658df974d31c41e7749dd6c611ffe044af867793b89677442ec0791018bec", + "zh:b6307bc0841f90393105545b2dc7a904dd2f481b5e67a876ec429e7ad6915a1b", + "zh:db256c7c430a741fb1eeb9b8b7818fb19d9227b7648eaf6f6e8796cb479f8190", + "zh:f4f8a82548fa5d83d31e53a7b5a4a1b626df181ab96eb1a4d9ece3185c5fd2d3", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f5e50b927484d755ad296c7376782991273c871fac4ea63f9a0de3cee052918e", + "zh:f8c1785f55b284fa19ca6a991e150c967c24bddd35b4508c5d9aca859c294719", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "4.75.0" + constraints = ">= 3.43.0, >= 3.45.0, >= 3.50.0, ~> 4.11, ~> 4.28, >= 4.51.0, != 4.65.0, != 4.65.1, >= 4.72.0, < 5.0.0" + hashes = [ + "h1:ZBAKsp/Fj+0hllqSsDnsCu1yBRPbRSyNefSSjhZB7+g=", + "zh:09a63aac1964cc1d56656a8ed4e974ff4804454084038843699bf38ba39b1bac", + "zh:0b0f650937a924bc9015a8c92117ebe479043155b490f846a93bf6971e39de66", + "zh:2102c9e918f8e7935cde5fa662695075b2347b70d24218ba2902201107f8380c", + "zh:39ec0761fa5ff4ba14a53a7f080a323f0b411ffcc1b0c069b2d635dbf024bca7", + "zh:44a8207e381f8117dab251ecefaa6b06844610c26780dcf4d54bb223c9af31bd", + "zh:7c390bb6c4adf0e16a2829f2dd24df9f14f776e95713d7e1b5444bb68795e6bc", + "zh:8ec152fdecdb91fe5a3b00ce1f02004c3e1bad24eb6704b0e8d02ac9c0a439ee", + "zh:c3d526f27cd5e95e906f206b46931c507a73cb7d52f7ffe161f810d4280db206", + "zh:d961f9d3dd64d79dce234eae554295e444660ef7c70ab33ee9d8a5d51befd149", + "zh:eb3a86c4747427b7b943b5e9815a666e45df43c5ae5f6de1351f489f4aee112c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f60a7e8e05aaad6c7b8a07aeb3069e9587ad387faf5ab3127e4e68d670fd32fe", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.10.1" + constraints = ">= 2.10.1" + hashes = [ + "h1:ctDhNJU4tEcyoUgPzwKuJmbDIqUl25mCY+s/lVHP6Sg=", + "zh:0717312baed39fb0a00576297241b69b419880cad8771bf72dec97ebdc96b200", + "zh:0e0e287b4e8429a0700143c8159764502eba0b33b1d094bf0d4ef4d93c7802cb", + "zh:4f74605377dab4065aaad35a2c5fa6186558c6e2e57b9058bdc8a62cf91857b9", + "zh:505f4af4dedb7a4f8f45b4201900b8e16216bdc2a01cc84fe13cdbf937570e7e", + "zh:83f37fe692513c0ce307d487248765383e00f9a84ed95f993ce0d3efdf4204d3", + "zh:840e5a84e1b5744f0211f611a2c6890da58016a40aafd5971f12285164d4e29b", + "zh:8c03d8dee292fa0367b0511cf3e95b706e034f78025f5dff0388116e1798bf47", + "zh:937800d1860f6b3adbb20e65f11e5fcd940b21ce8bdb48198630426244691325", + "zh:c1853aa5cbbdd1d46f4b169e84c3482103f0e8575a9bb044dbde908e27348c5d", + "zh:c9b0f640590da20931c30818b0b0587aa517d5606cb6e8052e4e4bf38f97b54d", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fe8bd4dd09dc7ca218959eda1ced9115408c2cdc9b4a76964bfa455f3bcadfd3", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.22.0" + constraints = "~> 2.10, >= 2.22.0" + hashes = [ + "h1:b6Wj111/wsMNg8FrHFXrf4mCZFtSXKHx4JvbZh3YTCY=", + "zh:1eac662b1f238042b2068401e510f0624efaf51fd6a4dd9c49d710a49d383b61", + "zh:4c35651603493437b0b13e070148a330c034ac62c8967c2de9da6620b26adca4", + "zh:50c0e8654efb46e3a3666c638ca2e0c8aec07f985fbc80f9205bed960386dc9b", + "zh:5f65194ddd6ea7e89b378297d882083a4b84962edb35dd35752f0c7e9d6282a0", + "zh:6fc0c2d65864324edde4db84f528268065df58229fc3ee321626687b0e603637", + "zh:73c58d007aba7f67c0aa9029794e10c2517bec565b7cb57d0f5948ea3f30e407", + "zh:7d6fc9d3c1843baccd2e1fc56317925a2f9df372427d30fcb5052d123adc887a", + "zh:a0ad9eb863b51586ea306c5f2beef74476c96684aed41a3ee99eb4b6d8898d01", + "zh:e218fcfbf4994ff741408a023a9d9eb6c697ce9f63ce5540d3b35226d86c963e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f95625f317795f0e38cc6293dd31c85863f4e225209d07d1e233c50d9295083c", + "zh:f96e0923a632bc430267fe915794972be873887f5e761ed11451d67202e256c8", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = ">= 2.1.0" + hashes = [ + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = ">= 2.1.0, >= 2.2.0, 3.5.1" + hashes = [ + "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} + +provider "registry.terraform.io/hashicorp/time" { + version = "0.9.1" + constraints = ">= 0.5.0" + hashes = [ + "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=", + "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", + "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", + "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", + "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", + "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", + "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", + "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", + "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", + "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", + "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + ] +} + +provider "registry.terraform.io/infobloxopen/infoblox" { + version = "2.1.0" + constraints = "2.1.0" + hashes = [ + "h1:R+bS/5X1ZXdMlSKOZWTFLjR6nuInvaycUBwXss54xgk=", + "zh:0f1e7b20e4d240c37921443cc8c65c724075f0a3f3ec4acc40ebd2910882b937", + "zh:13f133583b8d3133d92e99334e1c54f7101874865f7a87e6a1ccb24f1f3edb40", + "zh:8832073deca1ff11b4b4dbcfcebd322eae24781793d670e8970737db9fc2d766", + "zh:8dd923fedc328b27f43cd6983e74c5ed39f8340cb0511fdabdde8e5d34dd6c0a", + "zh:a6b7e88cdf553aa688e5c2c44ccc85fc32a79b7cecd5f6691e718dc8539b0d2e", + "zh:a70657baf42497e5475961d505f3efa0bdcbe2cc252ee621cb36e540d30690cb", + "zh:cc59ca20090769c68a900b0fee4b6332b7f6a538b8043427442e601d2b40e0a1", + "zh:e95d79df549b9ee5697be61ee792de5ad2fb075c6e3fda6bda1eb90925d91aa3", + ] +} diff --git a/examples/sample-jhub/local-example.tfvars b/tests/sample-jhub/local-example.tfvars similarity index 100% rename from examples/sample-jhub/local-example.tfvars rename to tests/sample-jhub/local-example.tfvars diff --git a/examples/sample-jhub/local-example.yaml b/tests/sample-jhub/local-example.yaml similarity index 100% rename from examples/sample-jhub/local-example.yaml rename to tests/sample-jhub/local-example.yaml diff --git a/examples/sample-jhub/main.tf b/tests/sample-jhub/main.tf similarity index 96% rename from examples/sample-jhub/main.tf rename to tests/sample-jhub/main.tf index 36f4614..3257136 100644 --- a/examples/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -29,7 +29,7 @@ module "sample-jhub" { record_domain = local.jhub_domain # ---------------- CLUSTER VARIABLES ----------------------- - kubernetes_version = 1.27 + kubernetes_version = 1.29 regional = false region = local.gcp_region gcp_zone = local.gcp_zone @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" + jhub_helm_version = "3.3.7" helm_deploy_timeout = 1000 helm_values_file = "./values.yaml" diff --git a/examples/sample-jhub/outputs.tf b/tests/sample-jhub/outputs.tf similarity index 100% rename from examples/sample-jhub/outputs.tf rename to tests/sample-jhub/outputs.tf diff --git a/examples/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml similarity index 100% rename from examples/sample-jhub/values.yaml rename to tests/sample-jhub/values.yaml diff --git a/examples/sample-jhub/variables.tf b/tests/sample-jhub/variables.tf similarity index 100% rename from examples/sample-jhub/variables.tf rename to tests/sample-jhub/variables.tf diff --git a/tests/sample-jhub/versions.tf b/tests/sample-jhub/versions.tf new file mode 100644 index 0000000..516f0e5 --- /dev/null +++ b/tests/sample-jhub/versions.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.9.2" + + required_providers { + google = { + source = "hashicorp/google" + version = "5.38.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.31.0" + } + helm = { + source = "hashicorp/helm" + version = "2.14.0" + } + random = { + source = "hashicorp/random" + version = "3.5.1" + } + } +} From efad966c1646fcb7ee9bad8adcc2a8d94b440318 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:56:24 -0400 Subject: [PATCH 05/56] add tests --- tests/test-sample-jhub-nfs.tftest.hcl | 26 ++++++++++++++++++++++++++ tests/test-sample-jhub.tftest.hcl | 26 ++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 tests/test-sample-jhub-nfs.tftest.hcl create mode 100644 tests/test-sample-jhub.tftest.hcl diff --git a/tests/test-sample-jhub-nfs.tftest.hcl b/tests/test-sample-jhub-nfs.tftest.hcl new file mode 100644 index 0000000..3afc5c7 --- /dev/null +++ b/tests/test-sample-jhub-nfs.tftest.hcl @@ -0,0 +1,26 @@ +run "test_website_creation" { + # Apply the module + command = plan + + module { + source = "./tests/sample-jhub-nfs" + } + + # Assert that the module ran successfully + assert { + condition = output.sample_website.jhub_url != "" + error_message = "Website URL is empty" + } + + # Use a data block to check the website + data "http" "jhub_check" { + url = output.sample_website.jhub_url + method = "GET" + } + + # Check if the website returns a successful status code + assert { + condition = data.http.jhub_check.status_code == 200 + error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" + } +} \ No newline at end of file diff --git a/tests/test-sample-jhub.tftest.hcl b/tests/test-sample-jhub.tftest.hcl new file mode 100644 index 0000000..31d9d4a --- /dev/null +++ b/tests/test-sample-jhub.tftest.hcl @@ -0,0 +1,26 @@ +run "test_website_creation" { + # Apply the module + command = plan + + module { + source = "./tests/sample-jhub" + } + + # Assert that the module ran successfully + assert { + condition = output.sample_website.jhub_url != "" + error_message = "Website URL is empty" + } + + # Use a data block to check the website + data "http" "jhub_check" { + url = output.sample_website.jhub_url + method = "GET" + } + + # Check if the website returns a successful status code + assert { + condition = data.http.jhub_check.status_code == 200 + error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" + } +} \ No newline at end of file From be425449ddc603bd649f28bea1286472b9288233 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:56:40 -0400 Subject: [PATCH 06/56] remove kitchen tests --- .github/workflows/kitchen-tests.yml | 157 ------------------ .kitchen.yml | 26 --- .../controls/sample-jhub-nfs.rb | 9 - test/integration/sample-jhub-nfs/inspec.yml | 10 -- .../sample-jhub/controls/sample-jhub.rb | 20 --- test/integration/sample-jhub/inspec.yml | 10 -- 6 files changed, 232 deletions(-) delete mode 100644 .github/workflows/kitchen-tests.yml delete mode 100644 .kitchen.yml delete mode 100644 test/integration/sample-jhub-nfs/controls/sample-jhub-nfs.rb delete mode 100644 test/integration/sample-jhub-nfs/inspec.yml delete mode 100644 test/integration/sample-jhub/controls/sample-jhub.rb delete mode 100644 test/integration/sample-jhub/inspec.yml diff --git a/.github/workflows/kitchen-tests.yml b/.github/workflows/kitchen-tests.yml deleted file mode 100644 index 62b0325..0000000 --- a/.github/workflows/kitchen-tests.yml +++ /dev/null @@ -1,157 +0,0 @@ -name: kitchen-tests - -on: - push: - branches: - - "main" - tags: - - "v*.*.*" - pull_request: - -env: - REGISTRY: ghcr.io - IMAGE_NAME: brownuniversity/terraform-gcp-jupyterhub - USE_GKE_GCLOUD_AUTH_PLUGIN: true - GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json - -jobs: - docker: - runs-on: ubuntu-latest - - permissions: - packages: write - contents: read - - outputs: - full_image_id: ${{ steps.save_full_image_id.outputs.full_image_id }} - - steps: - - uses: actions/checkout@v3 - - - uses: dorny/paths-filter@v2.2.0 - id: filter - with: - base: ${{ github.ref }} - filters: | - all: - - '.github/workflows/kitchen-tests.yml' - - 'Dockerfile' - - 'Gemfile*' - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Log into the container registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{major}}.{{minor}} - - # NOTE: We are tapping into json output because tags could become a list if prior step is modified - - id: save_full_image_id - run: echo "full_image_id=${{ fromJSON(steps.meta.outputs.json).tags[0] }}" >> $GITHUB_OUTPUT - - - name: print_tag - run: echo "${{ fromJSON(steps.meta.outputs.json).tags[0] }}" - - - name: Build and push Docker image - uses: docker/build-push-action@v4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache - - test-sample-jhub: - needs: [docker] - if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} - runs-on: self-hosted - container: - image: "${{ needs.docker.outputs.full_image_id }}" - steps: - - uses: actions/checkout@v3 - - - name: Create Credential File - run: | - echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json - env: - GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} - - name: Create TLS Files - run: | - echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer - echo "$JUPYTERHUB_TLS_KEY" > /tmp/tls.key - env: - JUPYTERHUB_TLS_CER: ${{ secrets.JUPYTERHUB_TLS_CER }} - JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - - name: Authorize service account - run: | - gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json - kubectl config view - ls -la /tmp - - name: Run Kitchen - run: kitchen test sample-jhub - env: - TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} - TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} - TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }} - INFOBLOX_USERNAME: ${{ secrets.INFOBLOX_JHUB_USER }} - INFOBLOX_PASSWORD: ${{ secrets.INFOBLOX_JHUB_PSWD }} - INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} - TF_VAR_site_certificate_file: /tmp/tls.cer - TF_VAR_site_certificate_key_file: /tmp/tls.key - USE_GKE_GCLOUD_AUTH_PLUGIN: true - - test-sample-jhub-nfs: - needs: [docker] - if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} - runs-on: self-hosted - container: - image: "${{ needs.docker.outputs.full_image_id }}" - steps: - - uses: actions/checkout@v3 - - - name: Create Credential File - run: | - echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json - env: - GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} - - name: Create TLS Files - run: | - echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer - echo "$JUPYTERHUB_TLS_KEY" > /tmp/tls.key - env: - JUPYTERHUB_TLS_CER: ${{ secrets.JUPYTERHUB_TLS_CER }} - JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - - name: Authorize service account - run: | - gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json - kubectl config view - ls -la /tmp - - name: Run Kitchen - run: kitchen test nfs - env: - TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} - TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} - TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }} - INFOBLOX_USERNAME: ${{ secrets.INFOBLOX_JHUB_USER }} - INFOBLOX_PASSWORD: ${{ secrets.INFOBLOX_JHUB_PSWD }} - INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} - TF_VAR_site_certificate_file: /tmp/tls.cer - TF_VAR_site_certificate_key_file: /tmp/tls.key - USE_GKE_GCLOUD_AUTH_PLUGIN: true diff --git a/.kitchen.yml b/.kitchen.yml deleted file mode 100644 index 400b92d..0000000 --- a/.kitchen.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - provisioner: - name: terraform - - verifier: - name: terraform - systems: - - name: basic - backend: local - - platforms: - - name: terraform - - suites: - - name: sample-jhub - driver: - name: terraform - root_module_directory: examples/sample-jhub - command_timeout: 24000 - parallelism: 1 - - name: nfs - driver: - name: terraform - root_module_directory: examples/sample-jhub-nfs - command_timeout: 24000 - parallelism: 1 \ No newline at end of file diff --git a/test/integration/sample-jhub-nfs/controls/sample-jhub-nfs.rb b/test/integration/sample-jhub-nfs/controls/sample-jhub-nfs.rb deleted file mode 100644 index a48b329..0000000 --- a/test/integration/sample-jhub-nfs/controls/sample-jhub-nfs.rb +++ /dev/null @@ -1,9 +0,0 @@ -# copyright: 2018, The Authors -title "Test basic availability of JupyterHub" - -jhub_url = attribute("jhub_url") - -describe http("#{jhub_url}/hub/login", ssl_verify: false) do - its('status') { should cmp 200 } - its('headers.Content-Type') { should cmp 'text/html' } -end \ No newline at end of file diff --git a/test/integration/sample-jhub-nfs/inspec.yml b/test/integration/sample-jhub-nfs/inspec.yml deleted file mode 100644 index 268da2d..0000000 --- a/test/integration/sample-jhub-nfs/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: sample-jhub-nfs -title: JupyterHub InSpec Profile -maintainer: Brown CIS -copyright: Brown University -license: MIT -summary: An InSpec Compliance Profile For JupyterHub -version: 0.1.0 -inspec_version: ">= 2.3.5" -supports: - - platform: os \ No newline at end of file diff --git a/test/integration/sample-jhub/controls/sample-jhub.rb b/test/integration/sample-jhub/controls/sample-jhub.rb deleted file mode 100644 index 258573f..0000000 --- a/test/integration/sample-jhub/controls/sample-jhub.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'rspec/retry' - -title "Test basic availability of JupyterHub" - -jhub_url = attribute("jhub_url") - -RSpec.configure do |config| - # show retry status in spec process - config.verbose_retry = true - # show exception that triggers a retry if verbose_retry is set to true - config.display_try_failure_messages = true -end - -describe 'Hub Alive' do - context 'Is Hub Responding', retry: 6, retry_wait: 10 do - subject { http("#{jhub_url}/hub/login", ssl_verify: false) } - its(:status) { should eql 200 } - its('headers.Content-Type') { should cmp 'text/html' } - end -end \ No newline at end of file diff --git a/test/integration/sample-jhub/inspec.yml b/test/integration/sample-jhub/inspec.yml deleted file mode 100644 index 9985b87..0000000 --- a/test/integration/sample-jhub/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: sample-jhub -title: JupyterHub InSpec Profile -maintainer: Brown CIS -copyright: Brown University -license: MIT -summary: An InSpec Compliance Profile For JupyterHub -version: 0.1.0 -inspec_version: ">= 2.3.5" -supports: - - platform: os \ No newline at end of file From 6437b4ddbda6e11231e856bb5f1d80a751c9b780 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 09:56:51 -0400 Subject: [PATCH 07/56] update github actions --- .github/workflows/pr-labeler.yml | 2 +- .github/workflows/release-drafter.yml | 2 +- .github/workflows/terraform-tests.yml | 83 +++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/terraform-tests.yml diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 9c6c65f..5afdeff 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -7,7 +7,7 @@ jobs: pr-labeler: runs-on: ubuntu-latest steps: - - uses: TimonVS/pr-labeler-action@v3 + - uses: TimonVS/pr-labeler-action@v5 with: configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value env: diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index d948b4b..1b589a1 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: # Drafts your next Release notes as Pull Requests are merged into "main" - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml new file mode 100644 index 0000000..573f744 --- /dev/null +++ b/.github/workflows/terraform-tests.yml @@ -0,0 +1,83 @@ +name: kitchen-tests + +on: + push: + branches: + - "main" + tags: + - "v*.*.*" + pull_request: + +jobs: + test-sample-jhub: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Create Credential File + run: | + echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json + env: + GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} + - name: Create TLS Files + run: | + echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer + echo "$JUPYTERHUB_TLS_KEY" > /tmp/tls.key + env: + JUPYTERHUB_TLS_CER: ${{ secrets.JUPYTERHUB_TLS_CER }} + JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} + - name: Authorize service account + run: | + gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json + kubectl config view + ls -la /tmp + - name: Run Terraform Test + run: | + terraform init + terraform test -filter=tests/test-sample-jhub.tftest.hcl + env: + TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} + TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} + TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }} + INFOBLOX_USERNAME: ${{ secrets.INFOBLOX_JHUB_USER }} + INFOBLOX_PASSWORD: ${{ secrets.INFOBLOX_JHUB_PSWD }} + INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} + TF_VAR_site_certificate_file: /tmp/tls.cer + TF_VAR_site_certificate_key_file: /tmp/tls.key + + test-sample-jhub-nfs: + if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Create Credential File + run: | + echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json + env: + GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} + - name: Create TLS Files + run: | + echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer + echo "$JUPYTERHUB_TLS_KEY" > /tmp/tls.key + env: + JUPYTERHUB_TLS_CER: ${{ secrets.JUPYTERHUB_TLS_CER }} + JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} + - name: Authorize service account + run: | + gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json + kubectl config view + ls -la /tmp + - name: Run Terraform Test + run: | + terraform init + terraform test -filter=tests/test-sample-jhub-nfs.tftest.hcl + env: + TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} + TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} + TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }} + INFOBLOX_USERNAME: ${{ secrets.INFOBLOX_JHUB_USER }} + INFOBLOX_PASSWORD: ${{ secrets.INFOBLOX_JHUB_PSWD }} + INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} + TF_VAR_site_certificate_file: /tmp/tls.cer + TF_VAR_site_certificate_key_file: /tmp/tls.key From 0fa4bad9062154376983e1ba05d911ef61352463 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 31 Jul 2024 10:13:56 -0400 Subject: [PATCH 08/56] fix problem with google/google-beta --- README.md | 1 + modules/helm-jhub/versions.tf | 4 ++++ modules/shared-nfs/versions.tf | 4 ++++ tests/sample-jhub-nfs/versions.tf | 4 ++++ tests/sample-jhub/versions.tf | 4 ++++ versions.tf | 4 ++++ 6 files changed, 21 insertions(+) diff --git a/README.md b/README.md index a4abe25..caa0201 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR |------|---------| | [terraform](#requirement\_terraform) | >= 1.9.2 | | [google](#requirement\_google) | 5.38.0 | +| [google-beta](#requirement\_google-beta) | 5.38.0 | | [helm](#requirement\_helm) | 2.14.0 | | [kubernetes](#requirement\_kubernetes) | 2.31.0 | diff --git a/modules/helm-jhub/versions.tf b/modules/helm-jhub/versions.tf index 516f0e5..f08cc78 100644 --- a/modules/helm-jhub/versions.tf +++ b/modules/helm-jhub/versions.tf @@ -6,6 +6,10 @@ terraform { source = "hashicorp/google" version = "5.38.0" } + google-beta = { + source = "hashicorp/google-beta" + version = "5.38.0" + } kubernetes = { source = "hashicorp/kubernetes" version = "2.31.0" diff --git a/modules/shared-nfs/versions.tf b/modules/shared-nfs/versions.tf index 45b8375..0821448 100644 --- a/modules/shared-nfs/versions.tf +++ b/modules/shared-nfs/versions.tf @@ -6,6 +6,10 @@ terraform { source = "hashicorp/google" version = "5.38.0" } + google-beta = { + source = "hashicorp/google-beta" + version = "5.38.0" + } kubernetes = { source = "hashicorp/kubernetes" version = "2.31.0" diff --git a/tests/sample-jhub-nfs/versions.tf b/tests/sample-jhub-nfs/versions.tf index 516f0e5..f08cc78 100644 --- a/tests/sample-jhub-nfs/versions.tf +++ b/tests/sample-jhub-nfs/versions.tf @@ -6,6 +6,10 @@ terraform { source = "hashicorp/google" version = "5.38.0" } + google-beta = { + source = "hashicorp/google-beta" + version = "5.38.0" + } kubernetes = { source = "hashicorp/kubernetes" version = "2.31.0" diff --git a/tests/sample-jhub/versions.tf b/tests/sample-jhub/versions.tf index 516f0e5..f08cc78 100644 --- a/tests/sample-jhub/versions.tf +++ b/tests/sample-jhub/versions.tf @@ -6,6 +6,10 @@ terraform { source = "hashicorp/google" version = "5.38.0" } + google-beta = { + source = "hashicorp/google-beta" + version = "5.38.0" + } kubernetes = { source = "hashicorp/kubernetes" version = "2.31.0" diff --git a/versions.tf b/versions.tf index c9f24b0..7eacf86 100644 --- a/versions.tf +++ b/versions.tf @@ -6,6 +6,10 @@ terraform { source = "hashicorp/google" version = "5.38.0" } + google-beta = { + source = "hashicorp/google-beta" + version = "5.38.0" + } kubernetes = { source = "hashicorp/kubernetes" version = "2.31.0" From 605f90cb4571757b57e69d1f0593f23ff11a8d59 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 14:33:19 -0400 Subject: [PATCH 09/56] update env.sh with 1password cli --- env.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/env.sh b/env.sh index 6aa7b76..26844d7 100755 --- a/env.sh +++ b/env.sh @@ -2,9 +2,9 @@ export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcp/project-factory-gcp.json" export USE_GKE_GCLOUD_AUTH_PLUGIN=True -export INFOBLOX_USERNAME=$(lpass show infoblox --username) -export INFOBLOX_PASSWORD=$(lpass show infoblox --password) -export INFOBLOX_SERVER=$(lpass show infoblox --url | awk -F/ '{print $3}') +export INFOBLOX_USERNAME=$(op item get infoblox --field username) +export INFOBLOX_PASSWORD=$(op item get infoblox --field password) +export INFOBLOX_SERVER=$(op item get infoblox --format json | jq -r '.urls[].href' | awk -F/ '{print $3}') deactivate() { From e0ea4a2e356e4cd8085119d9bc3ccbb115c15fb1 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 14:33:46 -0400 Subject: [PATCH 10/56] fix bug of terraform version in modules/shared-nfs --- modules/shared-nfs/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/shared-nfs/versions.tf b/modules/shared-nfs/versions.tf index 0821448..f08cc78 100644 --- a/modules/shared-nfs/versions.tf +++ b/modules/shared-nfs/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.92.0" + required_version = ">= 1.9.2" required_providers { google = { From f1b161fd591c2a2ba6239bd22eac63d53216787b Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 14:40:54 -0400 Subject: [PATCH 11/56] use checks in test modules --- tests/sample-jhub-nfs/main.tf | 14 ++++++++++++++ tests/sample-jhub/main.tf | 13 +++++++++++++ tests/test-sample-jhub-nfs.tftest.hcl | 12 ------------ tests/test-sample-jhub.tftest.hcl | 12 ------------ 4 files changed, 27 insertions(+), 24 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 6b5ce5c..6fe4f8b 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -77,3 +77,17 @@ module "sample-jhub" { scale_down_command = ["kubectl", "scale", "--replicas=0", "statefulset/user-placeholder"] } + +check "jhub_running" { + # Use a data block to check the website + data "http" "jhub_check" { + url = output.sample_website.jhub_url + method = "GET" + } + + # Check if the website returns a successful status code + assert { + condition = data.http.jhub_check.status_code == 200 + error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" + } +} diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 3257136..65ece09 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -78,3 +78,16 @@ module "sample-jhub" { scale_down_command = ["kubectl", "scale", "--replicas=0", "statefulset/user-placeholder"] } + +check "jhub_running" { + data "http" "jhub_check" { + url = output.sample_website.jhub_url + method = "GET" + } + + # Check if the website returns a successful status code + assert { + condition = data.http.jhub_check.status_code == 200 + error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" + } +} diff --git a/tests/test-sample-jhub-nfs.tftest.hcl b/tests/test-sample-jhub-nfs.tftest.hcl index 3afc5c7..605295d 100644 --- a/tests/test-sample-jhub-nfs.tftest.hcl +++ b/tests/test-sample-jhub-nfs.tftest.hcl @@ -11,16 +11,4 @@ run "test_website_creation" { condition = output.sample_website.jhub_url != "" error_message = "Website URL is empty" } - - # Use a data block to check the website - data "http" "jhub_check" { - url = output.sample_website.jhub_url - method = "GET" - } - - # Check if the website returns a successful status code - assert { - condition = data.http.jhub_check.status_code == 200 - error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" - } } \ No newline at end of file diff --git a/tests/test-sample-jhub.tftest.hcl b/tests/test-sample-jhub.tftest.hcl index 31d9d4a..145a00a 100644 --- a/tests/test-sample-jhub.tftest.hcl +++ b/tests/test-sample-jhub.tftest.hcl @@ -11,16 +11,4 @@ run "test_website_creation" { condition = output.sample_website.jhub_url != "" error_message = "Website URL is empty" } - - # Use a data block to check the website - data "http" "jhub_check" { - url = output.sample_website.jhub_url - method = "GET" - } - - # Check if the website returns a successful status code - assert { - condition = data.http.jhub_check.status_code == 200 - error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" - } } \ No newline at end of file From 751b4e9dd4b102e28e30804398a552aa864d30ea Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:04:21 -0400 Subject: [PATCH 12/56] remove parameters that no logner exist --- README.md | 2 -- main.tf | 2 -- variables.tf | 12 ------------ 3 files changed, 16 deletions(-) diff --git a/README.md b/README.md index caa0201..1cbd724 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,6 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [create\_tls\_secret](#input\_create\_tls\_secret) | If set to true, user will be passing tls key and certificate to create a kubernetes secret, and use it in their helm chart | `bool` | `true` | no | | [default\_service\_account](#input\_default\_service\_account) | Project default service account setting: can be one of delete, depriviledge, or keep. | `string` | `"delete"` | no | | [disable\_dependent\_services](#input\_disable\_dependent\_services) | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `string` | `"true"` | no | -| [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | | [folder\_id](#input\_folder\_id) | The ID of a folder to host this project | `string` | n/a | yes | | [gcp\_zone](#input\_gcp\_zone) | The GCP zone to deploy the runner into. | `string` | `"us-east1-b"` | no | | [helm\_deploy\_timeout](#input\_helm\_deploy\_timeout) | Time for helm to wait for deployment of chart and downloading of docker image | `number` | `1000` | no | @@ -128,7 +127,6 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [labels](#input\_labels) | Map of labels for project. | `map(string)` | 
{
  "environment": "automation",
  "managed_by": "terraform"
}
| no | | [logging\_service](#input\_logging\_service) | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | [maintenance\_start\_time](#input\_maintenance\_start\_time) | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"03:00"` | no | -| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"172.16.0.0/28"` | no | | [monitoring\_service](#input\_monitoring\_service) | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | [network\_name](#input\_network\_name) | Name of the VPC. | `string` | `"kubernetes-vpc"` | no | | [network\_policy](#input\_network\_policy) | Enable network policy addon | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 7456d58..29a75c7 100644 --- a/main.tf +++ b/main.tf @@ -89,8 +89,6 @@ module "jhub_cluster" { http_load_balancing = var.http_load_balancing horizontal_pod_autoscaling = var.horizontal_pod_autoscaling network_policy = var.network_policy - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block remove_default_node_pool = var.remove_default_node_pool core_pool_name = var.core_pool_name diff --git a/variables.tf b/variables.tf index 14c8dca..55f4607 100644 --- a/variables.tf +++ b/variables.tf @@ -164,18 +164,6 @@ variable "network_policy" { default = true } -variable "enable_private_nodes" { - type = bool - description = "(Beta) Whether nodes have internal IP addresses only" - default = false -} - -variable "master_ipv4_cidr_block" { - type = string - description = "(Beta) The IP range in CIDR notation to use for the hosted master network" - default = "172.16.0.0/28" -} - variable "remove_default_node_pool" { type = bool description = "Remove default node pool while setting up the cluster" From 1a259c95a8575c4b183ee49a51ea6dbe5162c2b3 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:06:19 -0400 Subject: [PATCH 13/56] fix errors in test files --- tests/test-sample-jhub-nfs.tftest.hcl | 2 +- tests/test-sample-jhub.tftest.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test-sample-jhub-nfs.tftest.hcl b/tests/test-sample-jhub-nfs.tftest.hcl index 605295d..82ad3a9 100644 --- a/tests/test-sample-jhub-nfs.tftest.hcl +++ b/tests/test-sample-jhub-nfs.tftest.hcl @@ -8,7 +8,7 @@ run "test_website_creation" { # Assert that the module ran successfully assert { - condition = output.sample_website.jhub_url != "" + condition = output.jhub_url != "" error_message = "Website URL is empty" } } \ No newline at end of file diff --git a/tests/test-sample-jhub.tftest.hcl b/tests/test-sample-jhub.tftest.hcl index 145a00a..392580d 100644 --- a/tests/test-sample-jhub.tftest.hcl +++ b/tests/test-sample-jhub.tftest.hcl @@ -8,7 +8,7 @@ run "test_website_creation" { # Assert that the module ran successfully assert { - condition = output.sample_website.jhub_url != "" + condition = output.jhub_url != "" error_message = "Website URL is empty" } } \ No newline at end of file From 4d5ec21533864cbb1cf8d07fd2123580f5457614 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:09:34 -0400 Subject: [PATCH 14/56] fix errors in test files --- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 6fe4f8b..9893cc6 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -81,7 +81,7 @@ module "sample-jhub" { check "jhub_running" { # Use a data block to check the website data "http" "jhub_check" { - url = output.sample_website.jhub_url + url = output.jhub_url method = "GET" } diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 65ece09..51d108e 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -81,7 +81,7 @@ module "sample-jhub" { check "jhub_running" { data "http" "jhub_check" { - url = output.sample_website.jhub_url + url = output.jhub_url method = "GET" } From 6691a71c4a85fd4c0807f7a85da6e4ac4b7d8735 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:12:36 -0400 Subject: [PATCH 15/56] fix errors in test files --- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 9893cc6..ab89e0b 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -81,7 +81,7 @@ module "sample-jhub" { check "jhub_running" { # Use a data block to check the website data "http" "jhub_check" { - url = output.jhub_url + url = "https://${local.jhub_tenant}.${local.jhub_domain}" method = "GET" } diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 51d108e..1166673 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -81,7 +81,7 @@ module "sample-jhub" { check "jhub_running" { data "http" "jhub_check" { - url = output.jhub_url + url = "https://${local.jhub_tenant}.${local.jhub_domain}" method = "GET" } From cc9ae5f24078e2d38576801b046d63745aab0fb3 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:19:40 -0400 Subject: [PATCH 16/56] get rid of checks --- tests/sample-jhub-nfs/main.tf | 13 ------------- tests/sample-jhub/main.tf | 13 ------------- 2 files changed, 26 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index ab89e0b..c69f2f5 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -78,16 +78,3 @@ module "sample-jhub" { } -check "jhub_running" { - # Use a data block to check the website - data "http" "jhub_check" { - url = "https://${local.jhub_tenant}.${local.jhub_domain}" - method = "GET" - } - - # Check if the website returns a successful status code - assert { - condition = data.http.jhub_check.status_code == 200 - error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" - } -} diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 1166673..3257136 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -78,16 +78,3 @@ module "sample-jhub" { scale_down_command = ["kubectl", "scale", "--replicas=0", "statefulset/user-placeholder"] } - -check "jhub_running" { - data "http" "jhub_check" { - url = "https://${local.jhub_tenant}.${local.jhub_domain}" - method = "GET" - } - - # Check if the website returns a successful status code - assert { - condition = data.http.jhub_check.status_code == 200 - error_message = "Website did not return a 200 OK status. Actual status: ${data.http.website_check.status_code}" - } -} From 227ea6ded7fcbec428926a45353a470af3761ea0 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:25:05 -0400 Subject: [PATCH 17/56] update workflow file to setup terraform --- .github/workflows/terraform-tests.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 573f744..7278f39 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -1,4 +1,4 @@ -name: kitchen-tests +name: terraform-tests on: push: @@ -13,12 +13,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Create Credential File run: | echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json env: GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.9.2 - name: Create TLS Files run: | echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer @@ -56,6 +59,10 @@ jobs: echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json env: GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.9.2 - name: Create TLS Files run: | echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer From 478bc08d7e0bf53cdbf177d63d4f28206b24448e Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:32:27 -0400 Subject: [PATCH 18/56] add back USE_GKE_CLOUD_AUTH_PLUGIN --- .github/workflows/terraform-tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 7278f39..9dacbee 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -47,6 +47,7 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key + USE_GKE_GCLOUD_AUTH_PLUGIN: true test-sample-jhub-nfs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} @@ -88,3 +89,4 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key + USE_GKE_GCLOUD_AUTH_PLUGIN: true From 3e04e4e59f1a5a28087f83264ceacd0f457941f8 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:41:58 -0400 Subject: [PATCH 19/56] use GOOGLE_APPLICATION_CREDENTIALS --- .github/workflows/terraform-tests.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 9dacbee..94af0af 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -31,7 +31,6 @@ jobs: JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - name: Authorize service account run: | - gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json kubectl config view ls -la /tmp - name: Run Terraform Test @@ -47,7 +46,7 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - USE_GKE_GCLOUD_AUTH_PLUGIN: true + GOOGLE_APPLICAITON_CREDENTIALS: /tmp/credentials.json test-sample-jhub-nfs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} @@ -73,7 +72,6 @@ jobs: JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - name: Authorize service account run: | - gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json kubectl config view ls -la /tmp - name: Run Terraform Test @@ -89,4 +87,4 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - USE_GKE_GCLOUD_AUTH_PLUGIN: true + GOOGLE_APPLICAITON_CREDENTIALS: /tmp/credentials.json From 8cd12ffbce78379b764d87ff495cb322fa8a2e8d Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:51:32 -0400 Subject: [PATCH 20/56] fix typos in adc --- .github/workflows/terraform-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 94af0af..6300914 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -46,7 +46,7 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICAITON_CREDENTIALS: /tmp/credentials.json + GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json test-sample-jhub-nfs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} @@ -87,4 +87,4 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICAITON_CREDENTIALS: /tmp/credentials.json + GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json From afd75ed64918b1a1b8f22a7ef07963a31787f34f Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:55:22 -0400 Subject: [PATCH 21/56] fix values.yaml path in sample-jhub --- tests/sample-jhub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 3257136..b81d594 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -69,7 +69,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" helm_deploy_timeout = 1000 - helm_values_file = "./values.yaml" + helm_values_file = "./sample-jhub/values.yaml" # ---------------- CRONJOB VARIABLES ----------------------- scale_up_schedule = "30 19 * * 4" From 2b0f7c67da00cfd62408124698f4926ae3f26c26 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 15:59:41 -0400 Subject: [PATCH 22/56] fix values.yaml path in sample-jhub --- tests/test-sample-jhub.tftest.hcl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/test-sample-jhub.tftest.hcl b/tests/test-sample-jhub.tftest.hcl index 392580d..3e20f85 100644 --- a/tests/test-sample-jhub.tftest.hcl +++ b/tests/test-sample-jhub.tftest.hcl @@ -1,3 +1,8 @@ +variables { + helm_values_file = "./tests/sample-jhub/values.yaml" +} + + run "test_website_creation" { # Apply the module command = plan From b1773203869871544bf490c21324744f057cdddc Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 16:02:39 -0400 Subject: [PATCH 23/56] fix values.yaml path in sample-jhub --- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub-nfs/variables.tf | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index c69f2f5..863752e 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" helm_deploy_timeout = 4000 - helm_values_file = "./values.yaml" + helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- scale_up_schedule = "30 19 * * 4" diff --git a/tests/sample-jhub-nfs/variables.tf b/tests/sample-jhub-nfs/variables.tf index d0bcbe7..cfa0b25 100644 --- a/tests/sample-jhub-nfs/variables.tf +++ b/tests/sample-jhub-nfs/variables.tf @@ -10,6 +10,10 @@ variable "folder_id" { type = string } +variable "helm_values_file" { + type = string +} + variable "site_certificate_file" { type = string default = "./secrets/tls.cer" From a1fa0d05b0ebc168ee2ecd863382c0f712783bc5 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 16:05:04 -0400 Subject: [PATCH 24/56] fix values.yaml path in sample-jhub --- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub-nfs/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 863752e..a7526eb 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" helm_deploy_timeout = 4000 - helm_values_file = var.helm_values_file + helm_values_file = file(var.helm_values_file) # ---------------- CRONJOB VARIABLES ----------------------- scale_up_schedule = "30 19 * * 4" diff --git a/tests/sample-jhub-nfs/variables.tf b/tests/sample-jhub-nfs/variables.tf index cfa0b25..928eff1 100644 --- a/tests/sample-jhub-nfs/variables.tf +++ b/tests/sample-jhub-nfs/variables.tf @@ -16,10 +16,10 @@ variable "helm_values_file" { variable "site_certificate_file" { type = string - default = "./secrets/tls.cer" + default = "./tests/secrets/tls.cer" } variable "site_certificate_key_file" { type = string - default = "./secrets/tls.key" + default = "./tests/secrets/tls.key" } From b6b51f9db0fb061e97de49b7ca7311c397d3632f Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 16:08:39 -0400 Subject: [PATCH 25/56] fix values.yaml path in sample-jhub --- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub/main.tf | 2 +- tests/sample-jhub/variables.tf | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index a7526eb..863752e 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" helm_deploy_timeout = 4000 - helm_values_file = file(var.helm_values_file) + helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- scale_up_schedule = "30 19 * * 4" diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index b81d594..5ef1896 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -69,7 +69,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" helm_deploy_timeout = 1000 - helm_values_file = "./sample-jhub/values.yaml" + helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- scale_up_schedule = "30 19 * * 4" diff --git a/tests/sample-jhub/variables.tf b/tests/sample-jhub/variables.tf index d0bcbe7..939dfae 100644 --- a/tests/sample-jhub/variables.tf +++ b/tests/sample-jhub/variables.tf @@ -10,12 +10,16 @@ variable "folder_id" { type = string } +variable "helm_values_file" { + type = string +} + variable "site_certificate_file" { type = string - default = "./secrets/tls.cer" + default = "./tests/secrets/tls.cer" } variable "site_certificate_key_file" { type = string - default = "./secrets/tls.key" + default = "../tests/secrets/tls.key" } From 01a09c2ad6e4b847e57f8890f84efcf1731ac3ce Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Wed, 14 Aug 2024 16:10:46 -0400 Subject: [PATCH 26/56] change test to apply --- tests/test-sample-jhub.tftest.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test-sample-jhub.tftest.hcl b/tests/test-sample-jhub.tftest.hcl index 3e20f85..516f5c9 100644 --- a/tests/test-sample-jhub.tftest.hcl +++ b/tests/test-sample-jhub.tftest.hcl @@ -5,7 +5,7 @@ variables { run "test_website_creation" { # Apply the module - command = plan + command = apply module { source = "./tests/sample-jhub" From e52a9b6a35952a4242c7cda2708fc3d52b87ccbd Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 09:02:25 -0400 Subject: [PATCH 27/56] add verbose tag to outputs --- .github/workflows/terraform-tests.yml | 4 ++-- tests/sample-jhub/main.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 6300914..1a02163 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -36,7 +36,7 @@ jobs: - name: Run Terraform Test run: | terraform init - terraform test -filter=tests/test-sample-jhub.tftest.hcl + terraform test -filter=tests/test-sample-jhub.tftest.hcl -verbose env: TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} @@ -77,7 +77,7 @@ jobs: - name: Run Terraform Test run: | terraform init - terraform test -filter=tests/test-sample-jhub-nfs.tftest.hcl + terraform test -filter=tests/test-sample-jhub-nfs.tftest.hcl -verbose env: TF_VAR_billing_account: ${{ secrets.GCP_BILLING_ACCOUNT }} TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }} diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 5ef1896..d692e86 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" - helm_deploy_timeout = 1000 + helm_deploy_timeout = 4000 helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- From 21dc746f827d4c2c2617f3b21992aac0b7e29db1 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 10:16:29 -0400 Subject: [PATCH 28/56] add back parameters that were errouneously deleted --- README.md | 4 +++- main.tf | 4 +++- variables.tf | 12 ++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1cbd724..ead1867 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR |------|--------|---------| | [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | | [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 31.0.0 | -| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.7 | +| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | chore-update-2023 | | [jhub\_helm](#module\_jhub\_helm) | ./modules/helm-jhub | n/a | | [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.6 | | [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.4 | @@ -116,6 +116,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [create\_tls\_secret](#input\_create\_tls\_secret) | If set to true, user will be passing tls key and certificate to create a kubernetes secret, and use it in their helm chart | `bool` | `true` | no | | [default\_service\_account](#input\_default\_service\_account) | Project default service account setting: can be one of delete, depriviledge, or keep. | `string` | `"delete"` | no | | [disable\_dependent\_services](#input\_disable\_dependent\_services) | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `string` | `"true"` | no | +| [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `true` | no | | [folder\_id](#input\_folder\_id) | The ID of a folder to host this project | `string` | n/a | yes | | [gcp\_zone](#input\_gcp\_zone) | The GCP zone to deploy the runner into. | `string` | `"us-east1-b"` | no | | [helm\_deploy\_timeout](#input\_helm\_deploy\_timeout) | Time for helm to wait for deployment of chart and downloading of docker image | `number` | `1000` | no | @@ -127,6 +128,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [labels](#input\_labels) | Map of labels for project. | `map(string)` | 
{
  "environment": "automation",
  "managed_by": "terraform"
}
| no | | [logging\_service](#input\_logging\_service) | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | [maintenance\_start\_time](#input\_maintenance\_start\_time) | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"03:00"` | no | +| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"172.16.0.0/28"` | no | | [monitoring\_service](#input\_monitoring\_service) | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | [network\_name](#input\_network\_name) | Name of the VPC. | `string` | `"kubernetes-vpc"` | no | | [network\_policy](#input\_network\_policy) | Enable network policy addon | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 29a75c7..de2c7b7 100644 --- a/main.tf +++ b/main.tf @@ -72,7 +72,7 @@ module "external_infoblox_record" { # tfsec:ignore:google-gke-use-cluster-labels # tfsec:ignore:google-gke-enable-private-cluster module "jhub_cluster" { - source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=v0.1.7" + source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=chore-update-2023" cluster_name = var.cluster_name project_id = module.jhub_project.project_id kubernetes_version = var.kubernetes_version @@ -89,6 +89,8 @@ module "jhub_cluster" { http_load_balancing = var.http_load_balancing horizontal_pod_autoscaling = var.horizontal_pod_autoscaling network_policy = var.network_policy + enable_private_nodes = var.enable_private_nodes + master_ipv4_cidr_block = var.master_ipv4_cidr_block remove_default_node_pool = var.remove_default_node_pool core_pool_name = var.core_pool_name diff --git a/variables.tf b/variables.tf index 55f4607..1e60f56 100644 --- a/variables.tf +++ b/variables.tf @@ -164,6 +164,18 @@ variable "network_policy" { default = true } +variable "enable_private_nodes" { + type = bool + description = "(Beta) Whether nodes have internal IP addresses only" + default = true +} + +variable "master_ipv4_cidr_block" { + type = string + description = "(Beta) The IP range in CIDR notation to use for the hosted master network" + default = "172.16.0.0/28" +} + variable "remove_default_node_pool" { type = bool description = "Remove default node pool while setting up the cluster" From ec37007462f252d2d7c109b08404dd510f46241e Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 12:03:47 -0400 Subject: [PATCH 29/56] update workflow --- .github/workflows/terraform-tests.yml | 2 ++ README.md | 2 +- main.tf | 2 +- tests/sample-jhub-nfs/main.tf | 2 +- tests/sample-jhub/main.tf | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index 1a02163..a4a1ded 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -31,6 +31,7 @@ jobs: JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - name: Authorize service account run: | + gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json kubectl config view ls -la /tmp - name: Run Terraform Test @@ -72,6 +73,7 @@ jobs: JUPYTERHUB_TLS_KEY: ${{ secrets.JUPYTERHUB_TLS_KEY }} - name: Authorize service account run: | + gcloud auth activate-service-account ${{ secrets.GCP_PF_SA }} --key-file=/tmp/credentials.json kubectl config view ls -la /tmp - name: Run Terraform Test diff --git a/README.md b/README.md index ead1867..74ed747 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR |------|--------|---------| | [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | | [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 31.0.0 | -| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | chore-update-2023 | +| [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.9 | | [jhub\_helm](#module\_jhub\_helm) | ./modules/helm-jhub | n/a | | [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.6 | | [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.4 | diff --git a/main.tf b/main.tf index de2c7b7..3742545 100644 --- a/main.tf +++ b/main.tf @@ -72,7 +72,7 @@ module "external_infoblox_record" { # tfsec:ignore:google-gke-use-cluster-labels # tfsec:ignore:google-gke-enable-private-cluster module "jhub_cluster" { - source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=chore-update-2023" + source = "git::https://github.com/BrownUniversity/terraform-gcp-cluster.git?ref=v0.1.9" cluster_name = var.cluster_name project_id = module.jhub_project.project_id kubernetes_version = var.kubernetes_version diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 863752e..0ceb248 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" - helm_deploy_timeout = 4000 + helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index d692e86..5ef1896 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.3.7" - helm_deploy_timeout = 4000 + helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- From 274a5f99ad1ea6598d4821af4dd53c7c84674c60 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 12:43:55 -0400 Subject: [PATCH 30/56] remove GOOGLE_APPLICATION_CREDENTIALS --- .github/workflows/terraform-tests.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index a4a1ded..f359016 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -47,7 +47,6 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json test-sample-jhub-nfs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} @@ -89,4 +88,3 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json From 0b9e32ca580cf77f6500cf743ce54d4ed748c198 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 12:45:28 -0400 Subject: [PATCH 31/56] add back GOOGLE_APPLICATION_CREDENTIALS --- .github/workflows/terraform-tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index f359016..a4a1ded 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -47,6 +47,7 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key + GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json test-sample-jhub-nfs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} @@ -88,3 +89,4 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key + GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json From 2eacdd2f0b88e96f8f67a94c6b0796d64c8d57c1 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 12:50:17 -0400 Subject: [PATCH 32/56] use old version of infoblox --- README.md | 4 ++-- main.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 74ed747..ce61e50 100644 --- a/README.md +++ b/README.md @@ -75,13 +75,13 @@ code by adding a `module` configuration and setting its `source` parameter to UR | Name | Source | Version | |------|--------|---------| -| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | +| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | | [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 31.0.0 | | [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.9 | | [jhub\_helm](#module\_jhub\_helm) | ./modules/helm-jhub | n/a | | [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.6 | | [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.4 | -| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | +| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | ## Resources diff --git a/main.tf b/main.tf index 3742545..df1a85c 100644 --- a/main.tf +++ b/main.tf @@ -50,7 +50,7 @@ resource "google_compute_address" "static" { # Assign Brown-DNS via infoblox module "production_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain @@ -58,7 +58,7 @@ module "production_infoblox_record" { } module "external_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain From 8e1cfeb47c01db976a5f939be64ca5cd389845e8 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 13:24:35 -0400 Subject: [PATCH 33/56] roll back jhub version --- README.md | 4 ++-- main.tf | 4 ++-- tests/sample-jhub/main.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ce61e50..74ed747 100644 --- a/README.md +++ b/README.md @@ -75,13 +75,13 @@ code by adding a `module` configuration and setting its `source` parameter to UR | Name | Source | Version | |------|--------|---------| -| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | +| [external\_infoblox\_record](#module\_external\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | | [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | 31.0.0 | | [jhub\_cluster](#module\_jhub\_cluster) | git::https://github.com/BrownUniversity/terraform-gcp-cluster.git | v0.1.9 | | [jhub\_helm](#module\_jhub\_helm) | ./modules/helm-jhub | n/a | | [jhub\_project](#module\_jhub\_project) | git::https://github.com/BrownUniversity/terraform-gcp-project.git | v0.1.6 | | [jhub\_vpc](#module\_jhub\_vpc) | git::https://github.com/BrownUniversity/terraform-gcp-vpc.git | v0.1.4 | -| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.5 | +| [production\_infoblox\_record](#module\_production\_infoblox\_record) | git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git | v0.1.6 | ## Resources diff --git a/main.tf b/main.tf index df1a85c..3742545 100644 --- a/main.tf +++ b/main.tf @@ -50,7 +50,7 @@ resource "google_compute_address" "static" { # Assign Brown-DNS via infoblox module "production_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain @@ -58,7 +58,7 @@ module "production_infoblox_record" { } module "external_infoblox_record" { - source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.5" + source = "git::https://github.com/BrownUniversity/terraform-infoblox-record-a.git?ref=v0.1.6" record_ip = google_compute_address.static.address record_hostname = var.record_hostname record_domain = var.record_domain diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 5ef1896..8d03395 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.3.7" + jhub_helm_version = "3.0.0" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file From c7ed980cd8f91e4633441352f7e5f67e80d33088 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 13:54:42 -0400 Subject: [PATCH 34/56] try different kubernetes version --- tests/sample-jhub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 8d03395..7d64677 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -29,7 +29,7 @@ module "sample-jhub" { record_domain = local.jhub_domain # ---------------- CLUSTER VARIABLES ----------------------- - kubernetes_version = 1.29 + kubernetes_version = 1.27 regional = false region = local.gcp_region gcp_zone = local.gcp_zone From 6148d409cb74ed7c8b526c74d36b742ac0bd3a60 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 14:30:04 -0400 Subject: [PATCH 35/56] remove proxy --- tests/sample-jhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index 9ec2924..ce7c0a0 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -35,7 +35,7 @@ singleuser: ["/bin/sh", "-c", "chmod -f 600 /home/jovyan/.ssh/id_rsa || true;"] proxy: https: - enabled: true + enabled: false type: secret secret: name: jupyterhub-tls From 9818d2e1b278a8990f28175fc315c928d1704cdf Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 15:02:52 -0400 Subject: [PATCH 36/56] revert jupyterhub version --- tests/sample-jhub/main.tf | 2 +- tests/sample-jhub/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 7d64677..31b5966 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.0.0" + jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index ce7c0a0..9ec2924 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -35,7 +35,7 @@ singleuser: ["/bin/sh", "-c", "chmod -f 600 /home/jovyan/.ssh/id_rsa || true;"] proxy: https: - enabled: false + enabled: true type: secret secret: name: jupyterhub-tls From d2b81edd6e1822f2c612663f15cd11cbedfcd4bf Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 15:31:31 -0400 Subject: [PATCH 37/56] revert all provider versions --- README.md | 4 ++-- tests/sample-jhub/main.tf | 2 +- versions.tf | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 74ed747..f70e6f0 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [terraform](#requirement\_terraform) | >= 1.9.2 | | [google](#requirement\_google) | 5.38.0 | | [google-beta](#requirement\_google-beta) | 5.38.0 | -| [helm](#requirement\_helm) | 2.14.0 | -| [kubernetes](#requirement\_kubernetes) | 2.31.0 | +| [helm](#requirement\_helm) | 2.10.1 | +| [kubernetes](#requirement\_kubernetes) | 2.22.0 | ## Providers diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 31b5966..38ec75e 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -29,7 +29,7 @@ module "sample-jhub" { record_domain = local.jhub_domain # ---------------- CLUSTER VARIABLES ----------------------- - kubernetes_version = 1.27 + kubernetes_version = 1.25 regional = false region = local.gcp_region gcp_zone = local.gcp_zone diff --git a/versions.tf b/versions.tf index 7eacf86..7e8e093 100644 --- a/versions.tf +++ b/versions.tf @@ -12,11 +12,11 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = "2.31.0" + version = "2.22.0" } helm = { source = "hashicorp/helm" - version = "2.14.0" + version = "2.10.1" } } } From b3d140f09b03b00b74f44d50d5a6da1523acc7f3 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 15:41:42 -0400 Subject: [PATCH 38/56] revert all provider versions --- README.md | 4 ++-- versions.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f70e6f0..f296663 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [terraform](#requirement\_terraform) | >= 1.9.2 | | [google](#requirement\_google) | 5.38.0 | | [google-beta](#requirement\_google-beta) | 5.38.0 | -| [helm](#requirement\_helm) | 2.10.1 | -| [kubernetes](#requirement\_kubernetes) | 2.22.0 | +| [helm](#requirement\_helm) | >=2.10.1 | +| [kubernetes](#requirement\_kubernetes) | >=2.22.0 | ## Providers diff --git a/versions.tf b/versions.tf index 7e8e093..8bb4289 100644 --- a/versions.tf +++ b/versions.tf @@ -12,11 +12,11 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = "2.22.0" + version = ">=2.22.0" } helm = { source = "hashicorp/helm" - version = "2.10.1" + version = ">=2.10.1" } } } From 7b30323000f60d91972f0d631163a8e4ed6f652d Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 15:59:24 -0400 Subject: [PATCH 39/56] revert all provider versions --- tests/sample-jhub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 38ec75e..1cf4472 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -29,7 +29,7 @@ module "sample-jhub" { record_domain = local.jhub_domain # ---------------- CLUSTER VARIABLES ----------------------- - kubernetes_version = 1.25 + kubernetes_version = 1.29 regional = false region = local.gcp_region gcp_zone = local.gcp_zone From cc4b5a89ff7cbc458bea778ab8e357e6a8ac8b0b Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 16:17:14 -0400 Subject: [PATCH 40/56] switch to self-hosted runner --- .github/workflows/terraform-tests.yml | 92 +++++++++++++++++++++++---- Dockerfile | 28 +------- README.md | 4 +- tests/sample-jhub/main.tf | 2 +- versions.tf | 4 +- 5 files changed, 87 insertions(+), 43 deletions(-) diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml index a4a1ded..a268c6f 100644 --- a/.github/workflows/terraform-tests.yml +++ b/.github/workflows/terraform-tests.yml @@ -8,9 +8,82 @@ on: - "v*.*.*" pull_request: +env: + REGISTRY: ghcr.io + IMAGE_NAME: brownuniversity/terraform-gcp-jupyterhub + USE_GKE_GCLOUD_AUTH_PLUGIN: true + GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json + jobs: - test-sample-jhub: + docker: runs-on: ubuntu-latest + + permissions: + packages: write + contents: read + + outputs: + full_image_id: ${{ steps.save_full_image_id.outputs.full_image_id }} + + steps: + - uses: actions/checkout@v4 + + - uses: dorny/paths-filter@v3 + id: filter + with: + base: ${{ github.ref }} + filters: | + all: + - '.github/workflows/kitchen-tests.yml' + - 'Dockerfile' + - 'Gemfile*' + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into the container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{major}}.{{minor}} + + # NOTE: We are tapping into json output because tags could become a list if prior step is modified + - id: save_full_image_id + run: echo "full_image_id=${{ fromJSON(steps.meta.outputs.json).tags[0] }}" >> $GITHUB_OUTPUT + + - name: print_tag + run: echo "${{ fromJSON(steps.meta.outputs.json).tags[0] }}" + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache + + test-sample-jhub: + needs: [docker] + if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} + runs-on: self-hosted + container: + image: "${{ needs.docker.outputs.full_image_id }}" steps: - uses: actions/checkout@v4 - name: Create Credential File @@ -18,10 +91,6 @@ jobs: echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json env: GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.9.2 - name: Create TLS Files run: | echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer @@ -47,11 +116,14 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json + USE_GKE_GCLOUD_AUTH_PLUGIN: true test-sample-jhub-nfs: + needs: [docker] if: ${{ !contains(github.event.head_commit.message, '[skip ci]') && contains(github.event.head_commit.message, '[test nfs]') }} - runs-on: ubuntu-latest + runs-on: self-hosted + container: + image: "${{ needs.docker.outputs.full_image_id }}" steps: - uses: actions/checkout@v4 @@ -60,10 +132,6 @@ jobs: echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json env: GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CREDENTIAL_JSON }} - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.9.2 - name: Create TLS Files run: | echo "$JUPYTERHUB_TLS_CER" > /tmp/tls.cer @@ -89,4 +157,4 @@ jobs: INFOBLOX_SERVER: ${{ secrets.INFOBLOX_JHUB_HOST }} TF_VAR_site_certificate_file: /tmp/tls.cer TF_VAR_site_certificate_key_file: /tmp/tls.key - GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json + USE_GKE_GCLOUD_AUTH_PLUGIN: true diff --git a/Dockerfile b/Dockerfile index e98d18a..04842f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/google.com/cloudsdktool/cloud-sdk:439.0.0-alpine +FROM gcr.io/google.com/cloudsdktool/cloud-sdk:488.0.0-alpine # Putting the version of alpine here. # Ruby version available to apk can be found here @@ -18,7 +18,7 @@ RUN gcloud components install gke-gcloud-auth-plugin RUN gcloud components install kubectl #terraform -ENV TERRAFORM_VERSION=1.5.0 +ENV TERRAFORM_VERSION=1.9.2 ENV TERRAFORM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" RUN curl -L ${TERRAFORM_URL} -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip \ && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip \ @@ -26,29 +26,5 @@ RUN curl -L ${TERRAFORM_URL} -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip \ && chmod +x /usr/bin/terraform \ && rm -rf terraform* - -COPY .ruby-version .ruby-version - -# Update and install all of the required packages. -# At the end, remove the apk cache -RUN apk upgrade && \ - apk add --update \ - openssh ca-certificates bash jq \ - curl-dev \ - "ruby-dev=$(cat .ruby-version)" \ - "ruby-full=$(cat .ruby-version)" \ - build-base \ - python3 && \ - rm -rf /var/cache/apk/* - - -RUN mkdir /usr/app -WORKDIR /usr/app - -COPY Gemfile ./ -RUN gem install bundler && \ - bundle config set system 'true' && \ - bundle install - ENTRYPOINT ["/bin/bash"] diff --git a/README.md b/README.md index f296663..74ed747 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [terraform](#requirement\_terraform) | >= 1.9.2 | | [google](#requirement\_google) | 5.38.0 | | [google-beta](#requirement\_google-beta) | 5.38.0 | -| [helm](#requirement\_helm) | >=2.10.1 | -| [kubernetes](#requirement\_kubernetes) | >=2.22.0 | +| [helm](#requirement\_helm) | 2.14.0 | +| [kubernetes](#requirement\_kubernetes) | 2.31.0 | ## Providers diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 1cf4472..5ef1896 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" + jhub_helm_version = "3.3.7" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file diff --git a/versions.tf b/versions.tf index 8bb4289..7eacf86 100644 --- a/versions.tf +++ b/versions.tf @@ -12,11 +12,11 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = ">=2.22.0" + version = "2.31.0" } helm = { source = "hashicorp/helm" - version = ">=2.10.1" + version = "2.14.0" } } } From 701c5f92d4058283f4d2130e377166f85182603c Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 16:52:28 -0400 Subject: [PATCH 41/56] change jupyterhub version for sample-jhub --- tests/sample-jhub/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 5ef1896..294cb70 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,8 +67,8 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.3.7" - helm_deploy_timeout = 1000 + jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" + helm_deploy_timeout = 2000 helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- From 1034cdee6f898900960765aafb1952952edc3b91 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 17:30:17 -0400 Subject: [PATCH 42/56] change image address --- tests/sample-jhub/main.tf | 2 +- tests/sample-jhub/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 294cb70..1cf4472 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -68,7 +68,7 @@ module "sample-jhub" { # ---------------- HELM/JHUB VARIABLES ----------------------- jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" - helm_deploy_timeout = 2000 + helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file # ---------------- CRONJOB VARIABLES ----------------------- diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index 9ec2924..e38f66b 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -24,7 +24,7 @@ singleuser: limit: 1 guarantee: 0.05 image: - name: gcr.io/jupyterhub-docker-images/mpa2065 + name: us-east1-docker.pkg.dev/jupyterhub-docker-images/all-classes/mpa2065 tag: latest pullPolicy: Always defaultUrl: "/lab" From bbb1c38c8467b8deb39518eb748b0cfe9c36dcbb Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 18:39:53 -0400 Subject: [PATCH 43/56] bump jhub_helm_version --- tests/sample-jhub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 1cf4472..01a4b0a 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.0.0-beta.3.git.6259.h5b6e57ed" + jhub_helm_version = "3.3.8" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file From b25b94f811939b12a0540bd483da95a816a36580 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 19:11:49 -0400 Subject: [PATCH 44/56] try an older version of helm chart --- tests/sample-jhub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 01a4b0a..2b25dac 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.3.8" + jhub_helm_version = "3.2.1" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file From 0c72755be287068bd7a8fdf9d98916f2d45f3e83 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 19:30:30 -0400 Subject: [PATCH 45/56] disable prePuller hooks: --- tests/sample-jhub/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index e38f66b..e78a890 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -5,6 +5,8 @@ hub: prePuller: continuous: enabled: true + hooks: + enabled: false scheduling: userScheduler: enabled: true From 4c8e6e5090d72e994843d715d09bdb563a9de025 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 20:57:22 -0400 Subject: [PATCH 46/56] force docker image pull --- tests/sample-jhub/values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index e78a890..a118e06 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -5,8 +5,11 @@ hub: prePuller: continuous: enabled: true - hooks: + hook: enabled: false + image: + name: docker.io/jupyterhub/k8s-image-awaiter + tag: 3.2.0 scheduling: userScheduler: enabled: true From 2a701f75adb9952130bef20beeaee4741367bafa Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 20:58:43 -0400 Subject: [PATCH 47/56] enable pre-puller hooks --- tests/sample-jhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index a118e06..3c0bd0f 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -6,7 +6,7 @@ prePuller: continuous: enabled: true hook: - enabled: false + enabled: true image: name: docker.io/jupyterhub/k8s-image-awaiter tag: 3.2.0 From 36450bb07f41a7440667b405e967cdf371c5128b Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 22:40:37 -0400 Subject: [PATCH 48/56] downgrade to 3.1.0 --- tests/sample-jhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index 3c0bd0f..73a564d 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -9,7 +9,7 @@ prePuller: enabled: true image: name: docker.io/jupyterhub/k8s-image-awaiter - tag: 3.2.0 + tag: 3.1.0 scheduling: userScheduler: enabled: true From b3098a9b691046c612d2c6e2842c79e08e85aeb6 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 22:57:10 -0400 Subject: [PATCH 49/56] disable private nodes --- README.md | 2 +- tests/sample-jhub/main.tf | 2 +- tests/sample-jhub/values.yaml | 5 ----- variables.tf | 2 +- 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 74ed747..0d7f870 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ code by adding a `module` configuration and setting its `source` parameter to UR | [create\_tls\_secret](#input\_create\_tls\_secret) | If set to true, user will be passing tls key and certificate to create a kubernetes secret, and use it in their helm chart | `bool` | `true` | no | | [default\_service\_account](#input\_default\_service\_account) | Project default service account setting: can be one of delete, depriviledge, or keep. | `string` | `"delete"` | no | | [disable\_dependent\_services](#input\_disable\_dependent\_services) | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `string` | `"true"` | no | -| [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `true` | no | +| [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | | [folder\_id](#input\_folder\_id) | The ID of a folder to host this project | `string` | n/a | yes | | [gcp\_zone](#input\_gcp\_zone) | The GCP zone to deploy the runner into. | `string` | `"us-east1-b"` | no | | [helm\_deploy\_timeout](#input\_helm\_deploy\_timeout) | Time for helm to wait for deployment of chart and downloading of docker image | `number` | `1000` | no | diff --git a/tests/sample-jhub/main.tf b/tests/sample-jhub/main.tf index 2b25dac..01a4b0a 100644 --- a/tests/sample-jhub/main.tf +++ b/tests/sample-jhub/main.tf @@ -67,7 +67,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.2.1" + jhub_helm_version = "3.3.8" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file diff --git a/tests/sample-jhub/values.yaml b/tests/sample-jhub/values.yaml index 73a564d..e38f66b 100644 --- a/tests/sample-jhub/values.yaml +++ b/tests/sample-jhub/values.yaml @@ -5,11 +5,6 @@ hub: prePuller: continuous: enabled: true - hook: - enabled: true - image: - name: docker.io/jupyterhub/k8s-image-awaiter - tag: 3.1.0 scheduling: userScheduler: enabled: true diff --git a/variables.tf b/variables.tf index 1e60f56..14c8dca 100644 --- a/variables.tf +++ b/variables.tf @@ -167,7 +167,7 @@ variable "network_policy" { variable "enable_private_nodes" { type = bool description = "(Beta) Whether nodes have internal IP addresses only" - default = true + default = false } variable "master_ipv4_cidr_block" { From 0180c7dec5ae09b92a195438ad34acaf54a4488c Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Thu, 15 Aug 2024 23:12:46 -0400 Subject: [PATCH 50/56] set nfs test to apply [test nfs] --- tests/sample-jhub-nfs/main.tf | 2 +- tests/test-sample-jhub-nfs.tftest.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/sample-jhub-nfs/main.tf b/tests/sample-jhub-nfs/main.tf index 0ceb248..a5680cf 100644 --- a/tests/sample-jhub-nfs/main.tf +++ b/tests/sample-jhub-nfs/main.tf @@ -66,7 +66,7 @@ module "sample-jhub" { shared_storage_capacity = 2 # ---------------- HELM/JHUB VARIABLES ----------------------- - jhub_helm_version = "3.3.7" + jhub_helm_version = "3.3.8" helm_deploy_timeout = 1000 helm_values_file = var.helm_values_file diff --git a/tests/test-sample-jhub-nfs.tftest.hcl b/tests/test-sample-jhub-nfs.tftest.hcl index 82ad3a9..0f7ed96 100644 --- a/tests/test-sample-jhub-nfs.tftest.hcl +++ b/tests/test-sample-jhub-nfs.tftest.hcl @@ -1,6 +1,6 @@ run "test_website_creation" { # Apply the module - command = plan + command = apply module { source = "./tests/sample-jhub-nfs" From 2be27f312feaef0e03921b5b7e62a0e26c3a8351 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Fri, 16 Aug 2024 07:45:01 -0400 Subject: [PATCH 51/56] update image url for nfs [test nfs] --- tests/sample-jhub-nfs/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sample-jhub-nfs/values.yaml b/tests/sample-jhub-nfs/values.yaml index fbd5db5..9b25b10 100644 --- a/tests/sample-jhub-nfs/values.yaml +++ b/tests/sample-jhub-nfs/values.yaml @@ -24,7 +24,7 @@ singleuser: limit: 1 guarantee: 0.05 image: - name: gcr.io/jupyterhub-docker-images/mpa2065 + name: us-east1-docker.pkg.dev/jupyterhub-docker-images/all-classes/mpa2065 tag: latest pullPolicy: Always defaultUrl: "/lab" From aeba9c1f7080ebf276d605b6d81f14d44ee68977 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Mon, 19 Aug 2024 15:58:02 -0400 Subject: [PATCH 52/56] set run as group to 100 --- modules/shared-nfs/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/shared-nfs/main.tf b/modules/shared-nfs/main.tf index 2d8383f..33270f2 100644 --- a/modules/shared-nfs/main.tf +++ b/modules/shared-nfs/main.tf @@ -103,7 +103,8 @@ resource "kubernetes_stateful_set" "nfs_server" { container_port = 111 } security_context { - privileged = true # TODO test with false + run_as_group = 100 + privileged = true # TODO test with false } volume_mount { mount_path = "/exports" From 56789838ca530a6fab518afa8be88eaeff9a1465 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Tue, 20 Aug 2024 13:53:40 -0400 Subject: [PATCH 53/56] remove security context definition --- modules/shared-nfs/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/shared-nfs/main.tf b/modules/shared-nfs/main.tf index 33270f2..2d8383f 100644 --- a/modules/shared-nfs/main.tf +++ b/modules/shared-nfs/main.tf @@ -103,8 +103,7 @@ resource "kubernetes_stateful_set" "nfs_server" { container_port = 111 } security_context { - run_as_group = 100 - privileged = true # TODO test with false + privileged = true # TODO test with false } volume_mount { mount_path = "/exports" From e6b67b28056707dac687c2b304054f31e9786286 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Tue, 20 Aug 2024 16:22:55 -0400 Subject: [PATCH 54/56] update infoblox password reveal --- env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.sh b/env.sh index 26844d7..258f9e3 100755 --- a/env.sh +++ b/env.sh @@ -3,7 +3,7 @@ export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcp/project-factory-gcp.json" export USE_GKE_GCLOUD_AUTH_PLUGIN=True export INFOBLOX_USERNAME=$(op item get infoblox --field username) -export INFOBLOX_PASSWORD=$(op item get infoblox --field password) +export INFOBLOX_PASSWORD=$(op item get infoblox --field password --reveal) export INFOBLOX_SERVER=$(op item get infoblox --format json | jq -r '.urls[].href' | awk -F/ '{print $3}') From 7cab5e8e91e52a48cf1f49cf4000bac38e546aa7 Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Tue, 20 Aug 2024 16:28:06 -0400 Subject: [PATCH 55/56] remove ruby files and update Brewfile --- Brewfile | 2 +- Gemfile | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 Gemfile diff --git a/Brewfile b/Brewfile index 7bf9998..cced2d7 100644 --- a/Brewfile +++ b/Brewfile @@ -2,7 +2,7 @@ brew "pre-commit" brew "terraform-docs" brew "tflint" brew "tfsec" -brew "lastpass-cli" +brew "1password-cli" brew "helm" cask "google-cloud-sdk" \ No newline at end of file diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 40ba71a..0000000 --- a/Gemfile +++ /dev/null @@ -1,4 +0,0 @@ -source "https://rubygems.org/" do - gem "kitchen-terraform", "~> 7.0.0" - gem "rspec-retry", "~>0.6.2" -end \ No newline at end of file From 09bd10cc7d83d5d8c97f7670914525273e0ce2db Mon Sep 17 00:00:00 2001 From: Paul Xu Date: Tue, 20 Aug 2024 16:39:17 -0400 Subject: [PATCH 56/56] update readme file --- README.md | 72 ++++++++++++++++++++++++++----------------------------- 1 file changed, 34 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 0d7f870..fb2d5a4 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,12 @@ Additionally make sure that `gcloud init` is using the appropriate service accou Error: error installing: Post "http://localhost/apis/apps/v1/namespaces/kube-system/deployments": dial tcp [::1]:80: connect: connection refused ``` -Finally, this module also configures records in infoblox and therefore you'll need credentials to the server. For Brown users we recommend using `lastpass-cli` to source your secrets into environment variables (ask for access to creds)., ie +Finally, this module also configures records in infoblox and therefore you'll need credentials to the server. For Brown users we recommend using `1password-cli` to source your secrets into environment variables (ask for access to creds)., ie ``` -export INFOBLOX_USERNAME=$(lpass show infoblox --username) -export INFOBLOX_PASSWORD=$(lpass show infoblox --password) -export INFOBLOX_SERVER=$(lpass show infoblox --url | awk -F/ '{print $3}') +export INFOBLOX_USERNAME=$(op item get infoblox --field username) +export INFOBLOX_PASSWORD=$(op item get infoblox --field password --reveal) +export INFOBLOX_SERVER=$(op item get infoblox --format json | jq -r '.urls[].href' | awk -F/ '{print $3}') ``` The following envs are required @@ -189,25 +189,9 @@ Use [GitLab Flow](https://docs.gitlab.com/ee/topics/gitlab_flow.html#production- * Merge only from PR with review * After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy -### Version managers +### Terraform -We recommend using [asdf](https://asdf-vm.com) to manage your versions of Terrafom and Ruby. - -``` -brew install asdf -``` - -Alternatively you can use [tfenv](https://github.com/tfutils/tfenv) and [rbenv](https://github.com/rbenv/rbenv) - -### Terraform and Ruby - -The tests can simply run in CI. If you want to run the tests locally, you will need to install the version of terraform and Ruby specified in the `.tool-versions` file (or `.terraform-version`, `.ruby-version`). - -``` -asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git -asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git -asdf install -``` +We recommend installing the latest version of terraform whenever you are updating this module. The current terraform version for this module is 1.9.2. You can install terraform with homebrew. #### Pre-commit hooks You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform [pre-commit hooks](https://github.com/antonbabenko/pre-commit-terraform) as follows: @@ -245,7 +229,7 @@ This is only needed if running tests locally. The google-cloud-sdk and last-pass This repo includes a `env.sh` file that where you set the path to the google credentials file and infoblox secrets. First you'll need to make sure you are logged in to last pass, ``` -lpass login +eval $(op signin) ``` Then use @@ -275,17 +259,6 @@ See [here](https://cloud.google.com/blog/products/containers-kubernetes/kubectl- This repository uses the native terraform tests to test the modules. In the [tests](/tests) directory you can find examples of how each module can be used and the test scripts. -### Install testing dependencies - -``` -gem install bundler -``` - -Then install the prerequisites for test kitchen. - -``` -bundle install -``` ### Setup secrets In addition to the GCLOUD and INFOBLOX variables configured by the `env.sh` file, we also need to add some additional secret variables. @@ -305,8 +278,31 @@ terraform test -filter=tests/test-sample-jhub.tftest.hcl # runs the test wi terraform test -filter=tests/test-sample-jhub-nfs.tftest.hcl # runs the test with nfs ``` -### Running terraform directly -If you need finer control when trouble shooting, you can directly run terraform within the desired example directory. +### Running terraform in a container + +If you need finer control when trouble shooting, you can directly run terraform within the container specified by the Dockerfile. + +First, build the Dockerfile with: + +```sh +docker build -t --platform linux/amd64 . +``` + +Note that `--platform linux/amd64` is necessary for ARM-based systems (e.g. Apple Silicon Macs). + +Then run the docker container with + +```sh +docker run -t -d -v $(pwd):/usr/app --platform linux/amd64 +``` + +Finally, you can get a shell inside the running container with: + +```sh +docker exec -it /bin/bash +``` + +Follow the next section to authenticate to Google Cloud and 1Password. ## Troubleshooting @@ -326,15 +322,15 @@ gcloud auth activate-service-account --key-file=