From f5dc5f9c28cccea565f805fdf5c4664170e6c40c Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Fri, 19 Jan 2024 11:08:56 -0500 Subject: [PATCH 1/5] feat: (IAC-1262) Update Dependencies to Resolve Security Warnings (#102) --- Dockerfile | 2 +- README.md | 4 ++-- docs/REQUIREMENTS.md | 4 ++-- requirements.txt | 2 +- versions.tf | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9cbc1fc..c9612c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \ FROM baseline as tool_builder ARG HELM_VERSION=3.13.2 ARG KUBECTL_VERSION=1.27.9 -ARG TERRAFORM_VERSION=1.6.3-* +ARG TERRAFORM_VERSION=1.6.6-* WORKDIR /build diff --git a/README.md b/README.md index cb44c4d..419a0d3 100644 --- a/README.md +++ b/README.md @@ -100,8 +100,8 @@ This project supports the following options for running the scripts in this repo The following software is required in order to run the SAS Viya IaC tools here on your local system: -- [Terraform](https://www.terraform.io/downloads) - v1.6.3 -- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) - v2.15.6 +- [Terraform](https://www.terraform.io/downloads) - v1.6.6 +- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) - v2.16.1 - [Docker](https://docs.docker.com/engine/install/) - v20.10.17 - [Helm](https://helm.sh/docs/intro/install/) - v3.13.2 diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md index 7444378..749db94 100644 --- a/docs/REQUIREMENTS.md +++ b/docs/REQUIREMENTS.md @@ -671,7 +671,7 @@ The third-party applications that are listed in the following table are supporte | Application | Minimum Version | | ---: | ---: | -| [Ansible](https://www.ansible.com/) | Core 2.15.6 | -| [Terraform](https://www.terraform.io/) | 1.6.3 | +| [Ansible](https://www.ansible.com/) | Core 2.16.1 | +| [Terraform](https://www.terraform.io/) | 1.6.6 | | [Docker](https://www.docker.com/) | 20.10.17 | | [Helm](https://helm.sh/) | 3.13.2 | diff --git a/requirements.txt b/requirements.txt index 3f69aa8..ee93d96 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ # # Reference : pypi.org # -ansible==8.6.0 # 8.0.0 # 6.4.0 # 5.5.0 # 2.10.7 +ansible==9.1.0 # 8.6.0 # 8.0.0 # 6.4.0 # 5.5.0 # 2.10.7 openshift==0.13.1 # 0.12.0 kubernetes==26.1.0 # 24.2.0 # 23.3.0 # 12.0.1 dnspython==2.3.0 # 2.2.1 # 2.1.0 diff --git a/versions.tf b/versions.tf index b56bbbd..6fa9ff1 100644 --- a/versions.tf +++ b/versions.tf @@ -6,11 +6,11 @@ terraform { required_providers { vsphere = { source = "hashicorp/vsphere" - version = "2.5.1" + version = "2.6.1" } local = { source = "hashicorp/local" - version = "2.4.0" + version = "2.4.1" } } } From f173803ad92c1dd3c10502a3ed2633276c7ac878 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Tue, 30 Jan 2024 11:05:58 -0500 Subject: [PATCH 2/5] chore: (IAC-1306) Add Bug Report Form (#105) --- .github/ISSUE_TEMPLATE/config.yml | 1 + .github/ISSUE_TEMPLATE/issue--bug-report.yml | 89 +++++++++++++++++++ .../ISSUE_TEMPLATE/issue--feature-request.yml | 44 +++++++++ 3 files changed, 134 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/issue--bug-report.yml create mode 100644 .github/ISSUE_TEMPLATE/issue--feature-request.yml diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..3ba13e0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/issue--bug-report.yml b/.github/ISSUE_TEMPLATE/issue--bug-report.yml new file mode 100644 index 0000000..696fc57 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/issue--bug-report.yml @@ -0,0 +1,89 @@ +name: Bug Report +description: | + Welcome, Thanks for opening an issue. The more information you provide, the easier it is for us to assess the problem, prioritize, assign, develop, then release a fix. The SAS Viya 4 IaC team. +labels: [bug, new] +body: + - type: textarea + id: tf_version + attributes: + label: Terraform Version Details + description: | + We ask this to be sure you are currently running a supported terraform version from your work environment. + + Run `./files/tools/iac_tooling_version.sh` to show the version + + If you are not running the latest version of Terraform we support, please try upgrading because your issue may have already been fixed. + + If you're not sure which versions are supported, here's a link : https://github.com/sassoftware/viya4-iac-k8s?tab=readme-ov-file#technical-prerequisites to help. + validations: + required: false + - type: textarea + id: tf_vars + attributes: + label: Terraform Variable File Details + description: | + Paste the relevant parts of your Terraform variables here. + + The relevant parts should come from your `terraform.tfvars` file or equivalent and small snippets of the `*.tf` file/files that seem to be causing the error. + + security reasons, do not copy and paste any sensitive information in this issue, like account information and passwords etc. + validations: + required: false + - type: textarea + id: iac_vars + attributes: + label: Ansible Variable File Details + description: | + Paste the relevant parts of your ansible-vars.yaml variables file or variable flag values here. + + The relevant parts should come from your `ansible-vars.yaml` file or equivalent that seem to be causing the error. + + For security reasons, do not copy and paste any sensitive information in this issue, like account information and passwords etc. + validations: + required: false + - type: textarea + id: tf_steps_to_reproduce + attributes: + label: Steps to Reproduce + description: Please list the full steps required to reproduce the issue + validations: + required: true + - type: textarea + id: tf_expected_behavior + attributes: + label: Expected Behavior + description: What should have happened? + validations: + required: true + - type: textarea + id: tf_actual_behavior + attributes: + label: Actual Behavior + description: | + What actually happened? Here you can include output and information from your terraform run. + validations: + required: true + - type: textarea + id: tf_additional_context + attributes: + label: Additional Context + description: | + Is there anything atypical about your situation that we should know? For example: Are you passing any unusual command line options or environment variables to opt-in to non-default behavior? + validations: + required: false + - type: input + id: tf_references + attributes: + label: References + description: | + Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? + validations: + required: false + - type: checkboxes + id: tf_terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/sassoftware/viya4-iac-k8s/blob/main/CODE_OF_CONDUCT.md) + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/issue--feature-request.yml b/.github/ISSUE_TEMPLATE/issue--feature-request.yml new file mode 100644 index 0000000..9d25824 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/issue--feature-request.yml @@ -0,0 +1,44 @@ +name: Feature Request +description: | + Welcome, Thanks for opening a feature request. The more information you provide, the easier it is for us to assess your request, prioritize, assign, develop, and release. The SAS Viya 4 IaC team. +labels: [enhancement, new] +body: + - type: textarea + id: problem + attributes: + label: Is your feature request related to a problem? Please describe. + description: | + A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + validations: + required: true + - type: textarea + id: solution + attributes: + label: Describe the solution you'd like + description: | + A clear and concise description of what you want to happen. + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Describe alternatives you've considered + description: | + A clear and concise description of any alternative solutions or features you've considered. + validations: + required: false + - type: textarea + id: additional + attributes: + label: Additional context + description: Add any other context or screenshots about the feature request here. + validations: + required: false + - type: checkboxes + id: tf_terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/sassoftware/viya4-iac-k8s/blob/main/CODE_OF_CONDUCT.md) + options: + - label: I agree to follow this project's Code of Conduct + required: true From cc7fba80ef04a2a074fb6c66d915c90c936b297a Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Wed, 31 Jan 2024 15:25:11 -0500 Subject: [PATCH 3/5] feat: (IAC-1313) Use the ~> Notation for Provider Version Constraints (#107) --- versions.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions.tf b/versions.tf index 6fa9ff1..0372ccd 100644 --- a/versions.tf +++ b/versions.tf @@ -6,11 +6,11 @@ terraform { required_providers { vsphere = { source = "hashicorp/vsphere" - version = "2.6.1" + version = "~> 2.6" } local = { source = "hashicorp/local" - version = "2.4.1" + version = "~> 2.4" } } } From 45d548b5b670836aa6da0b029e01141b09029af7 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Mon, 5 Feb 2024 14:59:39 -0500 Subject: [PATCH 4/5] feat: (IAC-1334) Add a variable and set a default for the kube-vip-cloud-provider version (#108) --- docs/REQUIREMENTS.md | 2 +- roles/kubernetes/loadbalancer/kube_vip/defaults/main.yaml | 7 +++++++ roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 roles/kubernetes/loadbalancer/kube_vip/defaults/main.yaml diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md index 749db94..5ed36a6 100644 --- a/docs/REQUIREMENTS.md +++ b/docs/REQUIREMENTS.md @@ -68,7 +68,7 @@ The current repository supports the provisioning of vSphere VMs. The following t | Requirement | Description | | --- | --- | -| Disk | The `root` partition `/` must be on `/dev/sd2`. | +| Disk | The `root` partition `/` must be on `/dev/sd2` and must be an `XFS` file system | | Hard Disk | Specify `Thin Provision` to adjust the size of the disk to match the machine requirements that were listed previously. | ### Physical Machines or Linux VMs diff --git a/roles/kubernetes/loadbalancer/kube_vip/defaults/main.yaml b/roles/kubernetes/loadbalancer/kube_vip/defaults/main.yaml new file mode 100644 index 0000000..3459067 --- /dev/null +++ b/roles/kubernetes/loadbalancer/kube_vip/defaults/main.yaml @@ -0,0 +1,7 @@ +# Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +--- +# https://github.com/kube-vip/kube-vip-cloud-provider +# value must be a tag or branch +kube_vip_cloud_provider_version: "v0.0.8" diff --git a/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml b/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml index aae946e..9316518 100644 --- a/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml +++ b/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml @@ -9,7 +9,7 @@ block: - name: Install kube-vip Cloud Provider ansible.builtin.shell: | - kubectl apply -f https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml + kubectl apply -f https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/{{ kube_vip_cloud_provider_version }}/manifest/kube-vip-cloud-controller.yaml tags: - install - update From 41beecbb62a91eeb283e2d4da3b979b884ffdb01 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Tue, 6 Feb 2024 13:05:38 -0500 Subject: [PATCH 5/5] docs: (IAC-1244) Add Detailed Dependencies Documentation (#106) Closes #15 --- README.md | 7 +--- docs/user/Dependencies.md | 68 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 docs/user/Dependencies.md diff --git a/README.md b/README.md index 419a0d3..55fd1a3 100644 --- a/README.md +++ b/README.md @@ -98,12 +98,7 @@ This project supports the following options for running the scripts in this repo #### Script Requirements -The following software is required in order to run the SAS Viya IaC tools here on your local system: - -- [Terraform](https://www.terraform.io/downloads) - v1.6.6 -- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) - v2.16.1 -- [Docker](https://docs.docker.com/engine/install/) - v20.10.17 -- [Helm](https://helm.sh/docs/intro/install/) - v3.13.2 +View the [Dependencies Documentation](./docs/user/Dependencies.md) to see the required software that needs to installed in order to run the SAS Viya IaC tools here on your local system #### Docker Requirements diff --git a/docs/user/Dependencies.md b/docs/user/Dependencies.md new file mode 100644 index 0000000..4e86936 --- /dev/null +++ b/docs/user/Dependencies.md @@ -0,0 +1,68 @@ +# Dependency Versions + +The following table details our dependencies and versions (~ indicates multiple possible sources) + +For dependency installation instructions and sources, links have been provided in the table below: + +| SOURCE | NAME | VERSION | +|----------------|------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------| +| ~ | [python](https://www.python.org/downloads/) | >=3.10 | +| ~ | [pip](https://packaging.python.org/en/latest/guides/installing-using-linux-tools/#installing-pip-setuptools-wheel-with-linux-package-managers) | >=22.0 | +| ~ | [terraform](https://www.terraform.io/downloads) | >=1.4.5 | +| ~ | [docker](https://docs.docker.com/engine/install/) | >=20.10.17 | +| ~ | [helm](https://helm.sh/docs/intro/install/) | >=3 | +| ~ | [kubectl](https://kubernetes.io/docs/tasks/tools/) | 1.26 - 1.28 | +| ~ | [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) | any | +| ~ | [jq](https://jqlang.github.io/jq/download/) | >=1.6 | +| pip | ansible | 9.1.0 (ansible core v2.16.1) | +| pip | openshift | 0.13.1 | +| pip | kubernetes | 26.1.0 | +| pip | dnspython | 2.3.0 | +| pip | jmespath | 1.0.1 | +| ansible-galaxy | community.general | 5.6.0 | +| ansible-galaxy | community.postgresql | 2.2.0 | +| ansible-galaxy | kubernetes.core | 2.3.2 | +| ansible-galaxy | ansible.posix | 1.4.0 | +| ansible-galaxy | ansible.utils | 2.6.1 | + +Python dependencies can be installed via `pip` using the `requirements.txt` provided in this project + +```bash +pip install -r ./requirements.txt +``` + +Ansible dependencies can be installed via `ansible-galaxy` using the `requirements.yaml` provided in this project. + +```bash +ansible-galaxy install -r ./requirements.yaml +``` + +Required project dependencies are generally pinned to known working or stable versions to ensure users have a smooth initial experience. In some cases it may be required to change the default version of a dependency. In such cases users are welcome to experiment with alternate versions, however compatibility may not be guaranteed. + +# Docker + +If you are standing up your infrastructure via a Docker image created from the [Dockerfile](../../Dockerfile) overriding a dependency version can be accomplished by supplying one or more docker build arguments: + +| ARG | NOTE | +|-------------------|-----------------------------------| +| HELM_VERSION | the version of helm to install | +| KUBECTL_VERSION | the version of kubectl to install | +| TERRAFORM_VERSION | the version terraform to install | + +Example of using build arguments to control specific versions of dependencies installed within the Docker image : +```bash +# Override kubectl version +docker build \ + --build-arg KUBECTL_VERSION=1.27.9 \ + -t viya4-iac-k8s . +``` + +# Install Script + +If deploying via the [installation script](./ScriptUsage.md) you can modify the dependency requirements files for python and ansible respectively: + +| FILE | FOR | +|-------------------|---------------------------------| +| requirements.txt | dependencies for python | +| requirements.yaml | dependencies for ansible-galaxy | +