From 5ab25228344dce2b26deaee8409bbc596fe836fb Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 5 Feb 2024 12:31:14 +0000 Subject: [PATCH 1/8] feat: migrate namespace to TIM --- .github/settings.yml | 4 +- README.md | 106 ++++++++++++----- examples/basic/README.md | 18 +-- examples/basic/main.tf | 107 ++++++++++++++++-- examples/basic/outputs.tf | 21 ++-- examples/basic/provider.tf | 10 +- examples/basic/variables.tf | 20 ++-- examples/basic/version.tf | 14 ++- examples/complete/README.md | 4 - examples/complete/main.tf | 3 - examples/complete/outputs.tf | 23 ---- examples/complete/provider.tf | 8 -- examples/complete/variables.tf | 29 ----- examples/complete/version.tf | 12 -- .../README.md | 3 + .../main.tf | 23 ++++ .../outputs.tf | 13 +++ .../provider.tf | 10 ++ .../variables.tf | 27 +++++ .../version.tf | 18 +++ main.tf | 24 +++- outputs.tf | 7 +- tests/go.mod | 2 +- tests/other_test.go | 18 --- tests/pr_test.go | 30 ++--- variables.tf | 19 ++-- version.tf | 16 ++- 27 files changed, 373 insertions(+), 216 deletions(-) delete mode 100644 examples/complete/README.md delete mode 100644 examples/complete/main.tf delete mode 100644 examples/complete/outputs.tf delete mode 100644 examples/complete/provider.tf delete mode 100644 examples/complete/variables.tf delete mode 100644 examples/complete/version.tf create mode 100644 examples/create-namespaces-existing-cluster/README.md create mode 100644 examples/create-namespaces-existing-cluster/main.tf create mode 100644 examples/create-namespaces-existing-cluster/outputs.tf create mode 100644 examples/create-namespaces-existing-cluster/provider.tf create mode 100644 examples/create-namespaces-existing-cluster/variables.tf create mode 100644 examples/create-namespaces-existing-cluster/version.tf delete mode 100644 tests/other_test.go diff --git a/.github/settings.yml b/.github/settings.yml index 7b03ead..5ea0780 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -15,14 +15,14 @@ repository: # By changing this field, you rename the repository. # Uncomment this name property and set the name to the current repo name. - # name: "" + name: "terraform-ibm-namespace-module" # The description is displayed under the repository name on the # organization page and in the 'About' section of the repository. # Uncomment this description property # and update the description to the current repo description. - # description: "" + description: "Creates Kubernetes namespaces with custom metadata." # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). topics: terraform, ibm-cloud, terraform-module diff --git a/README.md b/README.md index 54b664b..fdc5edd 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,31 @@ -# Terraform Modules Template Project +# Namespace Modules -[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) -[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-module-template?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-module-template/releases/latest) +[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) +[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-namespace-module?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-namespace-module/releases/latest) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release) -TODO: Replace me with description of the module(s) in this repo +This module supports creating multiple Kubernetes namespaces / OpenShift projects with optional annotations and labels. +## Compliance and security + +NIST controls do not apply to this module. ## Overview -* [terraform-ibm-module-template](#terraform-ibm-module-template) +* [terraform-ibm-namespace-module](#terraform-ibm-namespace-module) * [Examples](./examples) - * [Basic example](./examples/basic) - * [Complete example](./examples/complete) + * [Basic Example](./examples/basic) + * [Create Namespace on the existing cluster example](./examples/create-namespaces-existing-cluster) * [Contributing](#contributing) @@ -37,7 +40,7 @@ https://terraform-ibm-modules.github.io/documentation/#/implementation-guideline -## terraform-ibm-module-template +## terraform-ibm-namespace-module ### Usage @@ -49,30 +52,72 @@ unless real values don't help users know what to change. --> ```hcl - +############################################################################## +# Init cluster config for kubernetes providers +############################################################################## + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = var.cluster_id +} + +############################################################################## +# Config providers +############################################################################## + +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key # pragma: allowlist secret +} + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate +} + +############################################################################## +# Namespace Module +############################################################################## + +# Replace "master" with a GIT release version to lock into a specific release +module "namespace" { + source = "git::https://github.ibm.com/GoldenEye/namespace-module.git?ref=master" + namespaces = [ + { + name = "my-namespace" + metadata = { + labels = { + "istio-injection" = "enabled" + } + annotations = { + "name" = "example-annotation" + } + } + }, + { + name = "my-namespace-2" + metadata = { + labels = { + "istio-injection" = "enabled" + } + annotations = { + "name" = "example-annotation" + } + } + } + ] +} ``` ### Required IAM access policies - - - +- IAM Services + - **Kubernetes** service + - `Viewer` platform access + - `Manager` service access + +For more information about the access you need to run all the GoldenEye modules, see [GoldenEye IAM permissions](https://github.ibm.com/GoldenEye/documentation/blob/master/goldeneye-iam-permissions.md). +A basic example that shows how to create multiple namespaces (projects) with custom annotations and labels in an OCP cluster. -An end-to-end basic example that will provision the following: -- A new resource group if one is not passed in. -- A new Cloud Object Storage instance. +The following resources are provisioned by this example: + +- A new resource group, if an existing one is not passed in. +- A basic VPC. +- An OCP VPC cluster. + +The namespace module then runs and creates project(s) in the OCP cluster. diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 4aeca62..ad57f06 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,24 +1,111 @@ -######################################################################################################################## -# Resource group -######################################################################################################################## +############################################################################## +# Locals +############################################################################## + +locals { + cluster_name = var.prefix +} + + +############################################################################## +# Resource Group +############################################################################## module "resource_group" { - source = "terraform-ibm-modules/resource-group/ibm" - version = "1.1.4" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.1.4" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group } -######################################################################################################################## -# COS instance -######################################################################################################################## +################################################################## +## Create VPC and Cluster where namespaces will be created +################################################################## + +resource "ibm_is_vpc" "example_vpc" { + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + tags = var.resource_tags +} + +resource "ibm_is_subnet" "testacc_subnet" { + name = "${var.prefix}-subnet" + vpc = ibm_is_vpc.example_vpc.id + zone = "${var.region}-2" + total_ipv4_address_count = 256 + resource_group = module.resource_group.resource_group_id +} resource "ibm_resource_instance" "cos_instance" { name = "${var.prefix}-cos" - resource_group_id = module.resource_group.resource_group_id service = "cloud-object-storage" plan = "standard" location = "global" - tags = var.resource_tags + resource_group_id = module.resource_group.resource_group_id +} + +# Lookup the current default kube version +data "ibm_container_cluster_versions" "cluster_versions" {} +locals { + default_ocp_version = "${data.ibm_container_cluster_versions.cluster_versions.default_openshift_version}_openshift" +} + +resource "ibm_container_vpc_cluster" "cluster" { + name = local.cluster_name + vpc_id = ibm_is_vpc.example_vpc.id + kube_version = local.default_ocp_version + flavor = "bx2.4x16" + worker_count = "2" + entitlement = "cloud_pak" + cos_instance_crn = ibm_resource_instance.cos_instance.id + force_delete_storage = true + zones { + subnet_id = ibm_is_subnet.testacc_subnet.id + name = "${var.region}-2" + } + resource_group_id = module.resource_group.resource_group_id +} + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = ibm_container_vpc_cluster.cluster.id + resource_group_id = module.resource_group.resource_group_id +} + +# Sleep for 30 secs to allow RBAC sync on cluster +resource "time_sleep" "wait_operators" { + depends_on = [data.ibm_container_cluster_config.cluster_config] + create_duration = "30s" +} + +############################################################################## +# NAMESPACE +############################################################################## + +module "namespace" { + source = "../../" + depends_on = [time_sleep.wait_operators] + namespaces = [ + { + name = "my-namespace" + metadata = { + labels = { + "istio-injection" = "enabled" + } + annotations = { + "name" = "example-annotation" + } + } + }, + { + name = "my-namespace-2" + metadata = { + labels = { + "istio-injection" = "enabled" + } + annotations = { + "name" = "example-annotation" + } + } + } + ] } diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index 04b196e..ff80b1e 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -1,18 +1,13 @@ -######################################################################################################################## -# Outputs -######################################################################################################################## - -output "cos_instance_id" { - description = "COS instance id" - value = ibm_resource_instance.cos_instance.id +data "kubernetes_all_namespaces" "allns" { + depends_on = [module.namespace] } -output "resource_group_name" { - description = "Resource group name" - value = module.resource_group.resource_group_name +output "my_namespace_present" { + value = contains(data.kubernetes_all_namespaces.allns.namespaces, "my-namespace") + description = "Returns true if 'my-namespace' namespace is created. Otherwise false" } -output "resource_group_id" { - description = "Resource group ID" - value = module.resource_group.resource_group_id +output "my_namespace_2_present" { + value = contains(data.kubernetes_all_namespaces.allns.namespaces, "my-namespace-2") + description = "Returns true if 'my-namespace-2' namespace is created. Otherwise false" } diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf index 84b6985..ce807c2 100644 --- a/examples/basic/provider.tf +++ b/examples/basic/provider.tf @@ -1,8 +1,10 @@ -######################################################################################################################## -# Provider config -######################################################################################################################## - provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region } + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate +} diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index dd0d0af..457d421 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -1,28 +1,24 @@ -######################################################################################################################## -# Input variables -######################################################################################################################## - variable "ibmcloud_api_key" { type = string - description = "The IBM Cloud API Key" + description = "The IBM Cloud API Token" sensitive = true } -variable "region" { +variable "prefix" { type = string - description = "Region to provision all resources created by this example" - default = "us-south" + description = "Prefix to give all resources created by this example" + default = "namespace-test" } -variable "prefix" { +variable "region" { type = string - description = "Prefix to append to all resources created by this example" - default = "basic" + description = "Region where resources are created" + default = "ca-tor" } variable "resource_group" { type = string - description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable" + description = "An existing resource group name to use for this example, if unset a new resource group will be created" default = null } diff --git a/examples/basic/version.tf b/examples/basic/version.tf index 46915a6..66ce28c 100644 --- a/examples/basic/version.tf +++ b/examples/basic/version.tf @@ -1,12 +1,18 @@ terraform { required_version = ">= 1.3.0, <1.6.0" - - # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version. required_providers { + # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works ibm = { source = "IBM-Cloud/ibm" - version = "1.49.0" + version = "1.58.1" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.16.1" + } + time = { + source = "hashicorp/time" + version = "0.9.1" } } } diff --git a/examples/complete/README.md b/examples/complete/README.md deleted file mode 100644 index 139f8dd..0000000 --- a/examples/complete/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Complete example - - - diff --git a/examples/complete/main.tf b/examples/complete/main.tf deleted file mode 100644 index 558c210..0000000 --- a/examples/complete/main.tf +++ /dev/null @@ -1,3 +0,0 @@ -############################################################################## -# Complete example -############################################################################## diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf deleted file mode 100644 index addadea..0000000 --- a/examples/complete/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Outputs -############################################################################## - -output "region" { - description = "The region all resources were provisioned in" - value = var.region -} - -output "prefix" { - description = "The prefix used to name all provisioned resources" - value = var.prefix -} - -output "resource_group_name" { - description = "The name of the resource group used" - value = var.resource_group -} - -output "resource_tags" { - description = "List of resource tags" - value = var.resource_tags -} diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf deleted file mode 100644 index 2080946..0000000 --- a/examples/complete/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -############################################################################## -# Provider config -############################################################################## - -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.region -} diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf deleted file mode 100644 index 170a5ab..0000000 --- a/examples/complete/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud API Key" - sensitive = true -} - -variable "region" { - type = string - description = "Region to provision all resources created by this example" - default = "us-south" -} - -variable "prefix" { - type = string - description = "Prefix to append to all resources created by this example" - default = "complete" -} - -variable "resource_group" { - type = string - description = "An existing resource group name to use for this example, if unset a new resource group will be created" - default = null -} - -variable "resource_tags" { - type = list(string) - description = "Optional list of tags to be added to created resources" - default = [] -} diff --git a/examples/complete/version.tf b/examples/complete/version.tf deleted file mode 100644 index 5adb5b5..0000000 --- a/examples/complete/version.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_version = ">= 1.3.0, <1.6.0" - - # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version. - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - version = ">= 1.49.0, < 2.0.0" - } - } -} diff --git a/examples/create-namespaces-existing-cluster/README.md b/examples/create-namespaces-existing-cluster/README.md new file mode 100644 index 0000000..70356db --- /dev/null +++ b/examples/create-namespaces-existing-cluster/README.md @@ -0,0 +1,3 @@ +# Create Namespace on the existing cluster example + +An end to end example using the module to create custom namespaces on the existing cluster. diff --git a/examples/create-namespaces-existing-cluster/main.tf b/examples/create-namespaces-existing-cluster/main.tf new file mode 100644 index 0000000..43bff6d --- /dev/null +++ b/examples/create-namespaces-existing-cluster/main.tf @@ -0,0 +1,23 @@ +################################################################## +## Use existing cluster ID +################################################################## + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = var.cluster_id +} + +# Sleep to allow RBAC sync on cluster +resource "time_sleep" "wait_operators" { + depends_on = [data.ibm_container_cluster_config.cluster_config] + create_duration = "5s" +} + +############################################################################## +# NAMESPACE +############################################################################## + +module "namespace" { + source = "../../" + depends_on = [time_sleep.wait_operators] + namespaces = var.namespaces +} diff --git a/examples/create-namespaces-existing-cluster/outputs.tf b/examples/create-namespaces-existing-cluster/outputs.tf new file mode 100644 index 0000000..ff80b1e --- /dev/null +++ b/examples/create-namespaces-existing-cluster/outputs.tf @@ -0,0 +1,13 @@ +data "kubernetes_all_namespaces" "allns" { + depends_on = [module.namespace] +} + +output "my_namespace_present" { + value = contains(data.kubernetes_all_namespaces.allns.namespaces, "my-namespace") + description = "Returns true if 'my-namespace' namespace is created. Otherwise false" +} + +output "my_namespace_2_present" { + value = contains(data.kubernetes_all_namespaces.allns.namespaces, "my-namespace-2") + description = "Returns true if 'my-namespace-2' namespace is created. Otherwise false" +} diff --git a/examples/create-namespaces-existing-cluster/provider.tf b/examples/create-namespaces-existing-cluster/provider.tf new file mode 100644 index 0000000..ce807c2 --- /dev/null +++ b/examples/create-namespaces-existing-cluster/provider.tf @@ -0,0 +1,10 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region +} + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate +} diff --git a/examples/create-namespaces-existing-cluster/variables.tf b/examples/create-namespaces-existing-cluster/variables.tf new file mode 100644 index 0000000..332b149 --- /dev/null +++ b/examples/create-namespaces-existing-cluster/variables.tf @@ -0,0 +1,27 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud API Token" + sensitive = true +} + +variable "cluster_id" { + description = "Cluster name or id to create namespace in" + type = string +} + +variable "region" { + type = string + description = "Region where resources are created" + default = "ca-tor" +} + +variable "namespaces" { + type = list(object({ + name = string + metadata = optional(object({ + labels = map(string) + annotations = map(string) + })) + })) + description = "Set of namespaces to create" +} diff --git a/examples/create-namespaces-existing-cluster/version.tf b/examples/create-namespaces-existing-cluster/version.tf new file mode 100644 index 0000000..66ce28c --- /dev/null +++ b/examples/create-namespaces-existing-cluster/version.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 1.3.0, <1.6.0" + required_providers { + # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works + ibm = { + source = "IBM-Cloud/ibm" + version = "1.58.1" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.16.1" + } + time = { + source = "hashicorp/time" + version = "0.9.1" + } + } +} diff --git a/main.tf b/main.tf index 0b919ea..ba0a29b 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,21 @@ -/******************************************************************** -This file is used to implement the ROOT module. -*********************************************************************/ +############################################################################## +# Namespace module +# +# Creates kubernetes namespaces +############################################################################## + +resource "kubernetes_namespace" "create_namespace" { + for_each = { for namespace in var.namespaces : namespace.name => namespace } + metadata { + name = each.value.name + annotations = try(each.value.metadata.annotations, {}) + labels = try(each.value.metadata.labels, {}) + } + + lifecycle { + ignore_changes = [ + metadata[0].annotations, + metadata[0].labels + ] + } +} diff --git a/outputs.tf b/outputs.tf index bb6ea66..135186b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,8 +1,11 @@ -######################################################################################################################## +############################################################################## # Outputs -######################################################################################################################## +############################################################################## #output "myoutput" { # description = "Description of my output" # value = "value" +# depends_on = [] #} + +############################################################################## diff --git a/tests/go.mod b/tests/go.mod index ce6f0e1..b3392c9 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -1,4 +1,4 @@ -module github.com/terraform-ibm-modules/terraform-ibm-module-template +module github.com/terraform-ibm-modules/terraform-ibm-namespace-module go 1.21 diff --git a/tests/other_test.go b/tests/other_test.go deleted file mode 100644 index d03784f..0000000 --- a/tests/other_test.go +++ /dev/null @@ -1,18 +0,0 @@ -// Tests in this file are NOT run in the PR pipeline. They are run in the continuous testing pipeline along with the ones in pr_test.go -package test - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestRunBasicExample(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "mod-template-basic", "examples/basic") - - output, err := options.RunTestConsistency() - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} diff --git a/tests/pr_test.go b/tests/pr_test.go index 896d726..b80ef25 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -1,4 +1,4 @@ -// Tests in this file are run in the PR pipeline and the continuous testing pipeline +// Tests in this file are run in the PR pipeline package test import ( @@ -8,24 +8,19 @@ import ( "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" ) -// Use existing resource group -const resourceGroup = "geretain-test-resources" -const completeExampleDir = "examples/complete" +// Resource groups are maintained https://github.ibm.com/GoldenEye/ge-dev-account-management +const resourceGroup = "geretain-test-namespace" +const defaultExampleTerraformDir = "examples/basic" + +func TestRunDefaultExample(t *testing.T) { + t.Parallel() -func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions { options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ Testing: t, - TerraformDir: dir, - Prefix: prefix, + TerraformDir: defaultExampleTerraformDir, + Prefix: "namespace", ResourceGroup: resourceGroup, }) - return options -} - -func TestRunCompleteExample(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "mod-template", completeExampleDir) output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") @@ -35,7 +30,12 @@ func TestRunCompleteExample(t *testing.T) { func TestRunUpgradeExample(t *testing.T) { t.Parallel() - options := setupOptions(t, "mod-template-upg", completeExampleDir) + options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ + Testing: t, + TerraformDir: defaultExampleTerraformDir, + Prefix: "namespace-upg", + ResourceGroup: resourceGroup, + }) output, err := options.RunTestUpgrade() if !options.UpgradeTestSkipped { diff --git a/variables.tf b/variables.tf index df60434..e896045 100644 --- a/variables.tf +++ b/variables.tf @@ -1,9 +1,14 @@ -######################################################################################################################## +############################################################################## # Input Variables -######################################################################################################################## +############################################################################## -#variable "my_variable" { -# type = string -# description = "A description of my variable" -# default = "default_value" -#} +variable "namespaces" { + type = list(object({ + name = string + metadata = optional(object({ + labels = map(string) + annotations = map(string) + })) + })) + description = "Set of namespaces to create" +} diff --git a/version.tf b/version.tf index bcb2505..dc2f230 100644 --- a/version.tf +++ b/version.tf @@ -1,12 +1,10 @@ terraform { required_version = ">= 1.3.0, <1.6.0" - # If your module requires any terraform providers, uncomment the "required_providers" section below and add all required providers. - # Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions. - - # required_providers { - # ibm = { - # source = "IBM-Cloud/ibm" - # version = ">= 1.49.0, < 2.0.0" - # } - # } + required_providers { + # Use "greater than or equal to" range in modules + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.16.1, < 3.0.0" + } + } } From 8692c684d2e2fb0faf28318477d3221c8a19e0b7 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 5 Feb 2024 13:10:01 +0000 Subject: [PATCH 2/8] docs: update readme --- README.md | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index fdc5edd..33494f6 100644 --- a/README.md +++ b/README.md @@ -38,19 +38,10 @@ https://terraform-ibm-modules.github.io/documentation/#/implementation-guideline --> - - ## terraform-ibm-namespace-module ### Usage - - ```hcl ############################################################################## # Init cluster config for kubernetes providers @@ -78,9 +69,9 @@ provider "kubernetes" { # Namespace Module ############################################################################## -# Replace "master" with a GIT release version to lock into a specific release +# Replace "main" with a GIT release version to lock into a specific release module "namespace" { - source = "git::https://github.ibm.com/GoldenEye/namespace-module.git?ref=master" + source = "git@github.com:terraform-ibm-modules/terraform-ibm-namespace-module.git?ref=main" namespaces = [ { name = "my-namespace" @@ -117,16 +108,6 @@ You need the following permissions to run this module. - `Viewer` platform access - `Manager` service access -For more information about the access you need to run all the GoldenEye modules, see [GoldenEye IAM permissions](https://github.ibm.com/GoldenEye/documentation/blob/master/goldeneye-iam-permissions.md). - - - - - - ### Requirements From 5cec9216fd45310d6a38d9b7fb0003dfa8fe2eb9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 5 Feb 2024 13:22:20 +0000 Subject: [PATCH 3/8] fix: update cra target --- cra-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cra-config.yaml b/cra-config.yaml index 9f49af9..492111a 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -1,7 +1,7 @@ # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml version: "v1" CRA_TARGETS: - - CRA_TARGET: "examples/complete" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. + - CRA_TARGET: "examples/basic" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json` PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile). # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used. From d32a18d4bac3ef87a711d345eb6768d98f3d80c3 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 5 Feb 2024 13:42:58 +0000 Subject: [PATCH 4/8] fix: added ignore scc rules --- cra-tf-validate-ignore-rules.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/cra-tf-validate-ignore-rules.json b/cra-tf-validate-ignore-rules.json index adbff6e..fc92369 100644 --- a/cra-tf-validate-ignore-rules.json +++ b/cra-tf-validate-ignore-rules.json @@ -1,3 +1,10 @@ { - "scc_rules": [] + "scc_rules": [ + { + "scc_rule_id": "rule-2325054a-c338-474a-9740-0b7034487e40", + "description:": "Check whether OpenShift clusters are accessible only by using private endpoints", + "ignore_reason": "This rule is not relevant to the module itself, just the cluster resource that is used in the example that is scanned", + "is_valid": false + } + ] } From e594d884c9266526549b22b9b0ec2779d35faba6 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 6 Feb 2024 09:37:47 +0000 Subject: [PATCH 5/8] docs: update readme SKIP UPGRADE TEST --- README.md | 3 ++- tests/pr_test.go | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 33494f6..c3e8fc7 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,8 @@ provider "kubernetes" { # Replace "main" with a GIT release version to lock into a specific release module "namespace" { - source = "git@github.com:terraform-ibm-modules/terraform-ibm-namespace-module.git?ref=main" + source = "terraform-ibm-modules/namespace-module/ibm" + version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific namespaces = [ { name = "my-namespace" diff --git a/tests/pr_test.go b/tests/pr_test.go index b80ef25..fa3292f 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -8,7 +8,6 @@ import ( "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" ) -// Resource groups are maintained https://github.ibm.com/GoldenEye/ge-dev-account-management const resourceGroup = "geretain-test-namespace" const defaultExampleTerraformDir = "examples/basic" From 773f55d27a4c97c0e9e1ce6893c5e2bca5b2464d Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 6 Feb 2024 20:51:40 +0000 Subject: [PATCH 6/8] fix: resolve comments --- .github/settings.yml | 2 +- README.md | 33 ++++++--------------------------- examples/basic/README.md | 2 +- examples/basic/main.tf | 3 ++- 4 files changed, 10 insertions(+), 30 deletions(-) diff --git a/.github/settings.yml b/.github/settings.yml index ae49037..86f757e 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -22,7 +22,7 @@ repository: # Uncomment this description property # and update the description to the current repo description. - description: "Creates Kubernetes namespaces with custom metadata." + description: "Configures a Kubernetes namespace or Openshift project." # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). topics: terraform, ibm-cloud, terraform-module diff --git a/README.md b/README.md index a7b91c3..984ddab 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,7 @@ - -# Namespace Modules - - +# Namespace module + [![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) -[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-namespace-module?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-namespace-module/releases/latest) +[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-namespace?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-namespace/releases/latest) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release) @@ -15,31 +9,16 @@ Update status and "latest release" badges: This module supports creating multiple Kubernetes namespaces / OpenShift projects with optional annotations and labels. -## Compliance and security - -NIST controls do not apply to this module. - ## Overview * [terraform-ibm-namespace](#terraform-ibm-namespace) * [Examples](./examples) - * [Basic Example](./examples/basic) + * [Basic example](./examples/basic) * [Create Namespace on the existing cluster example](./examples/create-namespaces-existing-cluster) * [Contributing](#contributing) - - - - - - ## terraform-ibm-namespace ### Usage @@ -68,12 +47,12 @@ provider "kubernetes" { } ############################################################################## -# Namespace Module +# Namespace module ############################################################################## # Replace "main" with a GIT release version to lock into a specific release module "namespace" { - source = "terraform-ibm-modules/namespace-module/ibm" + source = "terraform-ibm-modules/namespace/ibm" version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific namespaces = [ { diff --git a/examples/basic/README.md b/examples/basic/README.md index 3d8798a..e058f25 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -1,4 +1,4 @@ -# Basic Example +# Basic example A basic example that shows how to create multiple namespaces (projects) with custom annotations and labels in an OCP cluster. diff --git a/examples/basic/main.tf b/examples/basic/main.tf index ad57f06..a71d5cb 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -12,7 +12,8 @@ locals { ############################################################################## module "resource_group" { - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.1.4" + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.4" # if an existing resource group is not set (null) create a new one using prefix resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null existing_resource_group_name = var.resource_group From b91a53fd423ccb73ae7ae4bdea5bfa2e0edad1e3 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 6 Feb 2024 20:54:34 +0000 Subject: [PATCH 7/8] docs: update readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 984ddab..2624b2a 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ provider "kubernetes" { # Namespace module ############################################################################## -# Replace "main" with a GIT release version to lock into a specific release module "namespace" { source = "terraform-ibm-modules/namespace/ibm" version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific From f1cb27aa2f894257f40d8c5e4819083ea60a2277 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 8 Feb 2024 13:38:38 +0000 Subject: [PATCH 8/8] fix: added topics --- .github/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/settings.yml b/.github/settings.yml index 86f757e..61fb301 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -25,4 +25,4 @@ repository: description: "Configures a Kubernetes namespace or Openshift project." # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). - topics: terraform, ibm-cloud, terraform-module + topics: terraform, namespace, core-team, ibm-cloud, terraform-module, supported, graduated, project, kubernetes, openshift