From 381efa327739948f4b499d4221e63fad955ac328 Mon Sep 17 00:00:00 2001 From: acialini Date: Fri, 27 Sep 2024 17:16:47 +0200 Subject: [PATCH 1/2] [PPANTT-137] feat: Introduced namespace, aks_middelware_tools --- .../paymentoptions-app/02_namespace.tf | 22 +++++++++---------- .../05_aks_middleware_tools.tf | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/domains/paymentoptions-app/02_namespace.tf b/src/domains/paymentoptions-app/02_namespace.tf index a62b8cc66c..7f0eaf8096 100644 --- a/src/domains/paymentoptions-app/02_namespace.tf +++ b/src/domains/paymentoptions-app/02_namespace.tf @@ -4,17 +4,17 @@ resource "kubernetes_namespace" "namespace" { } } -module "pod_identity" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.18.0" +module "workload_identity" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity?ref=v8.44.3" - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name + workload_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + aks_name = data.azurerm_kubernetes_cluster.aks.name + aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + namespace = var.domain - identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = data.azurerm_key_vault.kv.id - - secret_permissions = ["Get"] + key_vault_id = data.azurerm_key_vault.kv.id + key_vault_certificate_permissions = ["Get"] + key_vault_key_permissions = ["Get"] + key_vault_secret_permissions = ["Get"] } diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf index 83a33add1e..489fa5e82c 100644 --- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf +++ b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf @@ -1,5 +1,5 @@ module "tls_checker" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.22.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker?ref=v8.44.3" https_endpoint = local.domain_hostname alert_name = local.domain_hostname @@ -19,7 +19,7 @@ resource "helm_release" "cert_mounter" { name = "cert-mounter-blueprint" repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" chart = "cert-mounter-blueprint" - version = "1.0.4" + version = "2.0.0" namespace = var.domain timeout = 120 force_update = true From fbbeb4c74b2a6558be25b3c9dee25ac2feef7de6 Mon Sep 17 00:00:00 2001 From: acialini Date: Thu, 3 Oct 2024 10:19:33 +0200 Subject: [PATCH 2/2] [PPANTT-137] feat: introducing aks_middleware_tools --- src/domains/paymentoptions-app/05_aks_middleware_tools.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf index 489fa5e82c..47d88144f4 100644 --- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf +++ b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf @@ -39,7 +39,7 @@ resource "helm_release" "reloader" { name = "reloader" repository = "https://stakater.github.io/stakater-charts" chart = "reloader" - version = "v1.0.69" + version = "v1.1.0" namespace = kubernetes_namespace.namespace.metadata[0].name set {