Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SKIP-964] Istio changes #172

Merged
merged 9 commits into from
Mar 6, 2023
Merged

[SKIP-964] Istio changes #172

merged 9 commits into from
Mar 6, 2023

Conversation

omaen
Copy link
Contributor

@omaen omaen commented Mar 2, 2023

Background

Because of the work with refactoring ASM setup in https://github.com/kartverket/asm/pull/1 we need to make some changes to where skiperator puts the certificate resource and allow the ingress gateways to connect with the pods in the application namespaces.

⚠️ Must be merged and deployed at the same time as ASM is installed the new way.

@omaen omaen requested a review from a team as a code owner March 2, 2023 08:22
@omaen omaen changed the title Istio changes [SKIP-964] Istio changes Mar 2, 2023
@github-actions
Copy link

github-actions bot commented Mar 2, 2023

Results for sandbox – ❗ CHANGED

Terraform Format and Style 🖌 success

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Validation Output

Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan

[command]/home/runner/work/_temp/993b7c62-c614-4877-82ca-2b90823b0a83/terraform-bin plan -input=false -no-color -detailed-exitcode -out=plan-sandbox.tfplan -var=image=ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6 -var-file=sandbox.tfvars
Acquiring state lock. This may take a few moments...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_config_map.namespace-exclusions-map will be updated in-place
  ~ resource "kubernetes_config_map" "namespace-exclusions-map" {
      ~ data        = {
          + "istio-shipwreck"              = "true"
            # (33 unchanged elements hidden)
        }
        id          = "skiperator-system/namespace-exclusions"
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_deployment_v1.deployment will be updated in-place
  ~ resource "kubernetes_deployment_v1" "deployment" {
        id               = "skiperator-system/skiperator"
        # (1 unchanged attribute hidden)

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {

              ~ spec {
                    # (12 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/kartverket/skiperator-controller:sha-b445386fe35be963fb94b8edf2f2c8b2fa0c47f5" -> "ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6"
                        name                       = "skiperator"
                        # (8 unchanged attributes hidden)

                        # (7 unchanged blocks hidden)
                    }
                }

                # (1 unchanged block hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.cluster_role will be updated in-place
  ~ resource "kubernetes_manifest" "cluster_role" {
      ~ object   = {
          ~ metadata        = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "skiperator"
                # (13 unchanged elements hidden)
            }
            # (4 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.custom_resource_definition will be updated in-place
  ~ resource "kubernetes_manifest" "custom_resource_definition" {
      ~ object   = {
          ~ metadata   = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "applications.skiperator.kartverket.no"
                # (13 unchanged elements hidden)
            }
            # (3 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with kubernetes_service_account_v1.service_account,
  on role.tf line 1, in resource "kubernetes_service_account_v1" "service_account":
   1: resource "kubernetes_service_account_v1" "service_account" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty

Next action 🚀

Changes detected. Will run Terraform apply job on merge to

Pusher: @omaen, Working Directory: deployment, Commit: ae4b6e1, Generated at: 6.3.2023, 19:10:42

Results for dev – ❗ CHANGED

Terraform Format and Style 🖌 success

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Validation Output

Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan

[command]/home/runner/work/_temp/e710bfe8-62a7-46e1-987e-3e06051b29fc/terraform-bin plan -input=false -no-color -detailed-exitcode -out=plan-dev.tfplan -var=image=ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6 -var-file=dev.tfvars
Acquiring state lock. This may take a few moments...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_config_map.namespace-exclusions-map will be updated in-place
  ~ resource "kubernetes_config_map" "namespace-exclusions-map" {
      ~ data        = {
          + "istio-shipwreck"              = "true"
            # (33 unchanged elements hidden)
        }
        id          = "skiperator-system/namespace-exclusions"
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_deployment_v1.deployment will be updated in-place
  ~ resource "kubernetes_deployment_v1" "deployment" {
        id               = "skiperator-system/skiperator"
        # (1 unchanged attribute hidden)

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {

              ~ spec {
                    # (12 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/kartverket/skiperator-controller:sha-b66f44b558d8517370076dd665757044084224a8" -> "ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6"
                        name                       = "skiperator"
                        # (8 unchanged attributes hidden)

                        # (7 unchanged blocks hidden)
                    }
                }

                # (1 unchanged block hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.cluster_role will be updated in-place
  ~ resource "kubernetes_manifest" "cluster_role" {
      ~ object   = {
          ~ metadata        = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "skiperator"
                # (14 unchanged elements hidden)
            }
            # (4 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.custom_resource_definition will be updated in-place
  ~ resource "kubernetes_manifest" "custom_resource_definition" {
      ~ object   = {
          ~ metadata   = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "applications.skiperator.kartverket.no"
                # (14 unchanged elements hidden)
            }
            # (3 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with kubernetes_service_account_v1.service_account,
  on role.tf line 1, in resource "kubernetes_service_account_v1" "service_account":
   1: resource "kubernetes_service_account_v1" "service_account" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty
Releasing state lock. This may take a few moments...

Next action 🚀

Changes detected. Will run Terraform apply job on merge to

Pusher: @omaen, Working Directory: deployment, Commit: ae4b6e1, Generated at: 6.3.2023, 19:13:02

Results for test – ❗ CHANGED

Terraform Format and Style 🖌 success

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Validation Output

Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan

[command]/home/runner/work/_temp/dc1d295c-3a0e-428a-8a6b-57170798fd82/terraform-bin plan -input=false -no-color -detailed-exitcode -out=plan-test.tfplan -var=image=ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6 -var-file=test.tfvars
Acquiring state lock. This may take a few moments...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_config_map.namespace-exclusions-map will be updated in-place
  ~ resource "kubernetes_config_map" "namespace-exclusions-map" {
      ~ data        = {
          + "istio-shipwreck"              = "true"
            # (33 unchanged elements hidden)
        }
        id          = "skiperator-system/namespace-exclusions"
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_deployment_v1.deployment will be updated in-place
  ~ resource "kubernetes_deployment_v1" "deployment" {
        id               = "skiperator-system/skiperator"
        # (1 unchanged attribute hidden)

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {

              ~ spec {
                    # (12 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/kartverket/skiperator-controller:sha-b66f44b558d8517370076dd665757044084224a8" -> "ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6"
                        name                       = "skiperator"
                        # (8 unchanged attributes hidden)

                        # (7 unchanged blocks hidden)
                    }
                }

                # (1 unchanged block hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.cluster_role will be updated in-place
  ~ resource "kubernetes_manifest" "cluster_role" {
      ~ object   = {
          ~ metadata        = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "skiperator"
                # (14 unchanged elements hidden)
            }
            # (4 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.custom_resource_definition will be updated in-place
  ~ resource "kubernetes_manifest" "custom_resource_definition" {
      ~ object   = {
          ~ metadata   = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "applications.skiperator.kartverket.no"
                # (14 unchanged elements hidden)
            }
            # (3 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with kubernetes_service_account_v1.service_account,
  on role.tf line 1, in resource "kubernetes_service_account_v1" "service_account":
   1: resource "kubernetes_service_account_v1" "service_account" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty
Releasing state lock. This may take a few moments...

Next action 🚀

Changes detected. Will run Terraform apply job on merge to

Pusher: @omaen, Working Directory: deployment, Commit: ae4b6e1, Generated at: 6.3.2023, 19:15:01

Results for prod – ❗ CHANGED

Terraform Format and Style 🖌 success

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Validation Output

Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan

[command]/home/runner/work/_temp/3aea98fa-6746-44c7-a9fb-80bdef06ed6e/terraform-bin plan -input=false -no-color -detailed-exitcode -out=plan-prod.tfplan -var=image=ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6 -var-file=prod.tfvars
Acquiring state lock. This may take a few moments...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_config_map.namespace-exclusions-map will be updated in-place
  ~ resource "kubernetes_config_map" "namespace-exclusions-map" {
      ~ data        = {
          + "istio-shipwreck"              = "true"
            # (33 unchanged elements hidden)
        }
        id          = "skiperator-system/namespace-exclusions"
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_deployment_v1.deployment will be updated in-place
  ~ resource "kubernetes_deployment_v1" "deployment" {
        id               = "skiperator-system/skiperator"
        # (1 unchanged attribute hidden)

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {

              ~ spec {
                    # (12 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/kartverket/skiperator-controller:sha-b66f44b558d8517370076dd665757044084224a8" -> "ghcr.io/kartverket/skiperator-controller:sha-ae4b6e1df42e1dbaff916abb219b642b449d4ec6"
                        name                       = "skiperator"
                        # (8 unchanged attributes hidden)

                        # (7 unchanged blocks hidden)
                    }
                }

                # (1 unchanged block hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.cluster_role will be updated in-place
  ~ resource "kubernetes_manifest" "cluster_role" {
      ~ object   = {
          ~ metadata        = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "skiperator"
                # (14 unchanged elements hidden)
            }
            # (4 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

  # kubernetes_manifest.custom_resource_definition will be updated in-place
  ~ resource "kubernetes_manifest" "custom_resource_definition" {
      ~ object   = {
          ~ metadata   = {
              ~ creationTimestamp          = null -> (known after apply)
                name                       = "applications.skiperator.kartverket.no"
                # (14 unchanged elements hidden)
            }
            # (3 unchanged elements hidden)
        }
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with kubernetes_service_account_v1.service_account,
  on role.tf line 1, in resource "kubernetes_service_account_v1" "service_account":
   1: resource "kubernetes_service_account_v1" "service_account" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty
Releasing state lock. This may take a few moments...

Next action 🚀

Changes detected. Will run Terraform apply job on merge to

Pusher: @omaen, Working Directory: deployment, Commit: ae4b6e1, Generated at: 6.3.2023, 19:17:09

@omaen omaen temporarily deployed to sandbox March 2, 2023 09:57 — with GitHub Actions Inactive
@anderssonw anderssonw added this pull request to the merge queue Mar 6, 2023
Merged via the queue into main with commit 0bbd9b1 Mar 6, 2023
@anderssonw anderssonw deleted the istio-changes branch March 6, 2023 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants