search

activa-prefapp / documentation

Project documentation
Apache License 2.0
0 stars 0 forks source link

Update versions of providers #17

Closed manuelver closed 1 year ago

manuelver commented 1 year ago

It seems that in order to be able to update the versions of the providers that use the modules it is necessary to maintain an addon like the official kubevela addon, with our own modules and versions, correct?

d-vm commented 1 year ago

No, it is not quite correct, you should not maintain the addon.

You should keep the modules and the provider versions in the git repositories.

To update the provider versions that use the modules you should update the version in the repository. Every time you are going to make a new provisioning, the specified provider version is installed in the terraform-init container of the pod.

$ kubectl -n default logs pod/activaprefapp-sample-s3-apply-dpw27 -c terraform-init

Initializing the backend...

Successfully configured the backend "kubernetes"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Finding hashicorp/aws versions matching "3.74.3"...
- Installing hashicorp/aws v3.74.3...
- Installed hashicorp/aws v3.74.3 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
manuelver commented 1 year ago

One possibility to check the version is to have the addon on local: https://kubevela.net/docs/platform-engineers/addon/intro#install-addon-locally

Test: https://github.com/activa-prefapp/oam-terraform-controller/tree/feature/add-addons-custom/addon-providers/terraform-aws-custom

Fixed version of the provider:

# addon-providers/terraform-aws-custom/metadata.yaml
name: terraform-aws-custom
version: 1.0.3-custom
description: AWS Custom Provider set to version 5.17.0 for Kubernetes Terraform Controller 
icon: https://static.kubevela.net/images/logos/aws.png
url: https://registry.terraform.io/providers/hashicorp/aws/5.17.0

tags:
  - Terraform Provider
  - Cloud Resource

deployTo:
  control_plane: true
  runtime_cluster: false

dependencies:
- name: terraform

system:
  vela: ">=v1.6.0-alpha.6"

It is executed with the command:

vela addon enable ./addon-providers/terraform-aws-custom/

2023-09-19_11-14

manuelver commented 1 year ago

No, it is not quite correct, you should not maintain the addon.

You should keep the modules and the provider versions in the git repositories.

To update the provider versions that use the modules you should update the version in the repository. Every time you are going to make a new provisioning, the specified provider version is installed in the terraform-init container of the pod.

How to specify the provider's version?

d-vm commented 1 year ago

In the above example with the official addon you can see that it downloads the aws provider version 3.74 to provision the buckect s3

launching with the same addon the OAM application from the repository example oam-terraform-controller: https://github.com/activa-prefapp/oam-terraform-controller/blob/terraform-controller-tes/oam-applications/aws-ia-vpc.yaml

you can check that the version of aws provider is v5.17.0

$ kubectl -n default logs pod/activaprefapp-sample-vpc-apply-pxf2s -c terraform-init

Initializing the backend...

Successfully configured the backend "kubernetes"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
- calculate_subnets in modules/calculate_subnets
Downloading registry.terraform.io/drewmullen/subnets/cidr 1.0.2 for calculate_subnets.subnet_calculator...
- calculate_subnets.subnet_calculator in .terraform/modules/calculate_subnets.subnet_calculator
- calculate_subnets_ipv6 in modules/calculate_subnets_ipv6
Downloading registry.terraform.io/drewmullen/subnets/cidr 1.0.2 for calculate_subnets_ipv6.subnet_calculator...
- calculate_subnets_ipv6.subnet_calculator in .terraform/modules/calculate_subnets_ipv6.subnet_calculator
- flow_logs in modules/flow_logs
Downloading registry.terraform.io/aws-ia/cloudwatch-log-group/aws 1.0.0 for flow_logs.cloudwatch_log_group...
- flow_logs.cloudwatch_log_group in .terraform/modules/flow_logs.cloudwatch_log_group
- flow_logs.s3_log_bucket in modules/flow_logs/modules/s3_log_bucket
Downloading registry.terraform.io/aws-ia/label/aws 0.0.5 for subnet_tags...
- subnet_tags in .terraform/modules/subnet_tags
Downloading registry.terraform.io/aws-ia/label/aws 0.0.5 for tags...
- tags in .terraform/modules/tags
Downloading registry.terraform.io/aws-ia/label/aws 0.0.5 for vpc_lattice_tags...
- vpc_lattice_tags in .terraform/modules/vpc_lattice_tags

Initializing provider plugins...
- Finding hashicorp/awscc versions matching "~> 0.9, >= 0.15.0"...
- Finding hashicorp/aws versions matching ">= 3.68.0, >= 3.72.0, >= 4.0.0, >= 4.27.0"...
- Installing hashicorp/awscc v0.60.0...
- Installed hashicorp/awscc v0.60.0 (signed by HashiCorp)
- Installing hashicorp/aws v5.17.0...
- Installed hashicorp/aws v5.17.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

In the first example I have shown you in the previous message the version is marked in its componentdefinition

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  annotations:
    definition.oam.dev/description: Terraform configuration for AWS S3
  creationTimestamp: "2023-08-07T09:51:41Z"
  generation: 1
  labels:
    oam.dev/render-hash: 5c6ec4fef0c9dad1
    type: terraform
  name: aws-s3
  namespace: vela-system
  ownerReferences:
  - apiVersion: core.oam.dev/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: Application
    name: addon-terraform-aws
    uid: 057a9090-7e46-4213-84fe-c244322e4db2
  resourceVersion: "58978777"
  uid: f3b0592f-0031-4fd7-afdb-e5b3b204d612
spec:
  schematic:
    terraform:
      configuration: |
        terraform {
          required_providers {
            aws = {
              source = "hashicorp/aws"
              version = "3.74.3"
            }
          }
        }

        resource "aws_s3_bucket" "bucket-acl" {
          bucket = var.bucket
          acl    = var.acl
        }
        output "BUCKET_NAME" {
          description = "Bucket name"
          value = aws_s3_bucket.bucket-acl.bucket_domain_name
        }
        variable "bucket" {
          description = "S3 bucket name"
          type        = string
        }
        variable "acl" {
          description = "S3 bucket ACL"
          default     = "private"
          type        = string
        }
      deleteResource: true
      providerRef:
        name: aws
        namespace: default
      type: hcl
  workload:
    definition:
      apiVersion: terraform.core.oam.dev/v1beta1
      kind: Configuration
    type: configurations.terraform.core.oam.dev
status:
  conditions:
  - lastTransitionTime: "2023-08-07T09:51:41Z"
    reason: ReconcileSuccess
    status: "True"
    type: Synced
  configMapRef: component-schema-aws-s3
  latestRevision:
    name: aws-s3-v1
    revision: 1
    revisionHash: 826557ffb8a41dc8

In this last example the version is limited in its providers.tf file in the repository:

https://github.com/aws-ia/terraform-aws-vpc/blob/main/providers.tf

apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
  annotations:
    definition.oam.dev/description: This module can be used to deploy a pragmatic VPC with various subnets types in AZs
  creationTimestamp: null
  labels:
    type: terraform
  name: aws-vpc-aws-orig
  namespace: vela-system
spec:
  schematic:
    terraform:
      configuration: https://github.com/aws-ia/terraform-aws-vpc.git
      providerRef:
        name: aws
        namespace: default
      type: remote
  workload:
    definition:
      apiVersion: terraform.core.oam.dev/v1beta1
      kind: Configuration
status: {}
manuelver commented 1 year ago

I think the issue is finished