-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Terraform http to v3 #101
Conversation
926b3b2
to
ed8788c
Compare
Terraform CI/CD
|
Terraform CI/CD (examples/civo-k3s)
|
Terraform CI/CD (examples/hcloud-k3s)
Terraform Plan outputdata.hcloud_image.ubuntu: Reading...
module.k3s.data.http.k3s_version: Reading...
module.k3s.data.http.k3s_version: Read complete after 0s [id=https://update.k3s.io/v1-release/channels]
module.k3s.data.http.k3s_installer: Reading...
data.hcloud_image.ubuntu: Read complete after 0s [name=ubuntu-20.04]
module.k3s.data.http.k3s_installer: Read complete after 0s [id=https://raw.githubusercontent.com/rancher/k3s/v1.25.2+k3s1/install.sh]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.kubernetes_secret.sa_credentials will be read during apply
# (config refers to values not yet known)
<= data "kubernetes_secret" "sa_credentials" {
+ data = (sensitive value)
+ id = (known after apply)
+ immutable = (known after apply)
+ type = (known after apply)
+ metadata {
+ generation = (known after apply)
+ name = (known after apply)
+ namespace = "default"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
# hcloud_network.k3s will be created
+ resource "hcloud_network" "k3s" {
+ delete_protection = false
+ id = (known after apply)
+ ip_range = "10.0.0.0/8"
+ name = "k3s-network"
}
# hcloud_network_subnet.k3s_nodes will be created
+ resource "hcloud_network_subnet" "k3s_nodes" {
+ gateway = (known after apply)
+ id = (known after apply)
+ ip_range = "10.254.1.0/24"
+ network_id = (known after apply)
+ network_zone = "eu-central"
+ type = "server"
}
# hcloud_server.agents[0] will be created
+ resource "hcloud_server" "agents" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "agent"
+ "nodepool" = "gpu"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-agent-0"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server.agents[1] will be created
+ resource "hcloud_server" "agents" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "agent"
+ "nodepool" = "general"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-agent-1"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server.agents[2] will be created
+ resource "hcloud_server" "agents" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "agent"
+ "nodepool" = "general"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-agent-2"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server.control_planes[0] will be created
+ resource "hcloud_server" "control_planes" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "control-plane"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-control-plane-0"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server.control_planes[1] will be created
+ resource "hcloud_server" "control_planes" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "control-plane"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-control-plane-1"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server.control_planes[2] will be created
+ resource "hcloud_server" "control_planes" {
+ allow_deprecated_images = false
+ backup_window = (known after apply)
+ backups = false
+ datacenter = (known after apply)
+ delete_protection = false
+ firewall_ids = (known after apply)
+ id = (known after apply)
+ ignore_remote_firewall_ids = false
+ image = "ubuntu-20.04"
+ ipv4_address = (known after apply)
+ ipv6_address = (known after apply)
+ ipv6_network = (known after apply)
+ keep_disk = false
+ labels = {
+ "engine" = "k3s"
+ "node_type" = "control-plane"
+ "provisioner" = "terraform"
}
+ location = (known after apply)
+ name = "k3s-control-plane-2"
+ rebuild_protection = false
+ server_type = "cx11"
+ ssh_keys = (known after apply)
+ status = (known after apply)
}
# hcloud_server_network.agents_network[0] will be created
+ resource "hcloud_server_network" "agents_network" {
+ id = (known after apply)
+ ip = "10.254.1.4"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_server_network.agents_network[1] will be created
+ resource "hcloud_server_network" "agents_network" {
+ id = (known after apply)
+ ip = "10.254.1.5"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_server_network.agents_network[2] will be created
+ resource "hcloud_server_network" "agents_network" {
+ id = (known after apply)
+ ip = "10.254.1.6"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_server_network.control_planes[0] will be created
+ resource "hcloud_server_network" "control_planes" {
+ id = (known after apply)
+ ip = "10.254.1.1"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_server_network.control_planes[1] will be created
+ resource "hcloud_server_network" "control_planes" {
+ id = (known after apply)
+ ip = "10.254.1.2"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_server_network.control_planes[2] will be created
+ resource "hcloud_server_network" "control_planes" {
+ id = (known after apply)
+ ip = "10.254.1.3"
+ mac_address = (known after apply)
+ server_id = (known after apply)
+ subnet_id = (known after apply)
}
# hcloud_ssh_key.default will be created
+ resource "hcloud_ssh_key" "default" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ name = "K3S terraform module - Provisionning SSH key"
}
# kubernetes_cluster_role_binding.boostrap will be created
+ resource "kubernetes_cluster_role_binding" "boostrap" {
+ id = (known after apply)
+ metadata {
+ generation = (known after apply)
+ name = "bootstrap"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
+ role_ref {
+ api_group = "rbac.authorization.k8s.io"
+ kind = "ClusterRole"
+ name = "admin"
}
+ subject {
+ api_group = (known after apply)
+ kind = "ServiceAccount"
+ name = "bootstrap"
+ namespace = "default"
}
}
# kubernetes_service_account.bootstrap will be created
+ resource "kubernetes_service_account" "bootstrap" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ generation = (known after apply)
+ name = "bootstrap"
+ namespace = "default"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
# module.k3s.null_resource.agents_drain["k3s-agent-0_node"] will be created
+ resource "null_resource" "agents_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_drain["k3s-agent-1_node"] will be created
+ resource "null_resource" "agents_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_drain["k3s-agent-2_node"] will be created
+ resource "null_resource" "agents_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_install["k3s-agent-0_node"] will be created
+ resource "null_resource" "agents_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "231c2099d0850d7cc82da54dad821067a7f24c4f"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.null_resource.agents_install["k3s-agent-1_node"] will be created
+ resource "null_resource" "agents_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "231c2099d0850d7cc82da54dad821067a7f24c4f"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.null_resource.agents_install["k3s-agent-2_node"] will be created
+ resource "null_resource" "agents_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "231c2099d0850d7cc82da54dad821067a7f24c4f"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.null_resource.agents_label["k3s-agent-0_node|node.kubernetes.io/pool"] will be created
+ resource "null_resource" "agents_label" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_label["k3s-agent-1_node|node.kubernetes.io/pool"] will be created
+ resource "null_resource" "agents_label" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_label["k3s-agent-2_node|node.kubernetes.io/pool"] will be created
+ resource "null_resource" "agents_label" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.agents_taint["k3s-agent-0_node|dedicated"] will be created
+ resource "null_resource" "agents_taint" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[0] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[1] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[2] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[3] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[4] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.k8s_ca_certificates_install[5] will be created
+ resource "null_resource" "k8s_ca_certificates_install" {
+ id = (known after apply)
}
# module.k3s.null_resource.kubernetes_ready will be created
+ resource "null_resource" "kubernetes_ready" {
+ id = (known after apply)
}
# module.k3s.null_resource.servers_drain["k3s-control-plane-0"] will be created
+ resource "null_resource" "servers_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.servers_drain["k3s-control-plane-1"] will be created
+ resource "null_resource" "servers_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.servers_drain["k3s-control-plane-2"] will be created
+ resource "null_resource" "servers_drain" {
+ id = (known after apply)
+ triggers = (known after apply)
}
# module.k3s.null_resource.servers_install["k3s-control-plane-0"] will be created
+ resource "null_resource" "servers_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "5bbc5b363504fa478032f0d97c877f884a076d94"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.null_resource.servers_install["k3s-control-plane-1"] will be created
+ resource "null_resource" "servers_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "5bbc5b363504fa478032f0d97c877f884a076d94"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.null_resource.servers_install["k3s-control-plane-2"] will be created
+ resource "null_resource" "servers_install" {
+ id = (known after apply)
+ triggers = {
+ "on_immutable_changes" = "5bbc5b363504fa478032f0d97c877f884a076d94"
+ "on_new_version" = "v1.25.2+k3s1"
}
}
# module.k3s.random_password.k3s_cluster_secret will be created
+ resource "random_password" "k3s_cluster_secret" {
+ bcrypt_hash = (sensitive value)
+ id = (known after apply)
+ length = 48
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (sensitive value)
+ special = false
+ upper = true
}
# module.k3s.tls_cert_request.master_user[0] will be created
+ resource "tls_cert_request" "master_user" {
+ cert_request_pem = (known after apply)
+ id = (known after apply)
+ key_algorithm = (known after apply)
+ private_key_pem = (sensitive value)
+ subject {
+ common_name = "master-user"
+ organization = "system:masters"
}
}
# module.k3s.tls_locally_signed_cert.master_user[0] will be created
+ resource "tls_locally_signed_cert" "master_user" {
+ allowed_uses = [
+ "key_encipherment",
+ "digital_signature",
+ "client_auth",
]
+ ca_cert_pem = (known after apply)
+ ca_key_algorithm = (known after apply)
+ ca_private_key_pem = (sensitive value)
+ cert_pem = (known after apply)
+ cert_request_pem = (known after apply)
+ early_renewal_hours = 0
+ id = (known after apply)
+ ready_for_renewal = true
+ validity_end_time = (known after apply)
+ validity_period_hours = 876600
+ validity_start_time = (known after apply)
}
# module.k3s.tls_private_key.kubernetes_ca[0] will be created
+ resource "tls_private_key" "kubernetes_ca" {
+ algorithm = "ECDSA"
+ ecdsa_curve = "P384"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
# module.k3s.tls_private_key.kubernetes_ca[1] will be created
+ resource "tls_private_key" "kubernetes_ca" {
+ algorithm = "ECDSA"
+ ecdsa_curve = "P384"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
# module.k3s.tls_private_key.kubernetes_ca[2] will be created
+ resource "tls_private_key" "kubernetes_ca" {
+ algorithm = "ECDSA"
+ ecdsa_curve = "P384"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
# module.k3s.tls_private_key.master_user[0] will be created
+ resource "tls_private_key" "master_user" {
+ algorithm = "ECDSA"
+ ecdsa_curve = "P384"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
# module.k3s.tls_self_signed_cert.kubernetes_ca_certs["0"] will be created
+ resource "tls_self_signed_cert" "kubernetes_ca_certs" {
+ allowed_uses = [
+ "digital_signature",
+ "key_encipherment",
+ "cert_signing",
]
+ cert_pem = (known after apply)
+ early_renewal_hours = 0
+ id = (known after apply)
+ is_ca_certificate = true
+ key_algorithm = (known after apply)
+ private_key_pem = (sensitive value)
+ ready_for_renewal = true
+ validity_end_time = (known after apply)
+ validity_period_hours = 876600
+ validity_start_time = (known after apply)
+ subject {
+ common_name = "kubernetes-client-ca"
}
}
# module.k3s.tls_self_signed_cert.kubernetes_ca_certs["1"] will be created
+ resource "tls_self_signed_cert" "kubernetes_ca_certs" {
+ allowed_uses = [
+ "digital_signature",
+ "key_encipherment",
+ "cert_signing",
]
+ cert_pem = (known after apply)
+ early_renewal_hours = 0
+ id = (known after apply)
+ is_ca_certificate = true
+ key_algorithm = (known after apply)
+ private_key_pem = (sensitive value)
+ ready_for_renewal = true
+ validity_end_time = (known after apply)
+ validity_period_hours = 876600
+ validity_start_time = (known after apply)
+ subject {
+ common_name = "kubernetes-server-ca"
}
}
# module.k3s.tls_self_signed_cert.kubernetes_ca_certs["2"] will be created
+ resource "tls_self_signed_cert" "kubernetes_ca_certs" {
+ allowed_uses = [
+ "digital_signature",
+ "key_encipherment",
+ "cert_signing",
]
+ cert_pem = (known after apply)
+ early_renewal_hours = 0
+ id = (known after apply)
+ is_ca_certificate = true
+ key_algorithm = (known after apply)
+ private_key_pem = (sensitive value)
+ ready_for_renewal = true
+ validity_end_time = (known after apply)
+ validity_period_hours = 876600
+ validity_start_time = (known after apply)
+ subject {
+ common_name = "kubernetes-request-header-key-ca"
}
}
Plan: 50 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ bootstrap_sa = (sensitive value)
+ summary = {
+ agents = [
+ {
+ annotations = []
+ labels = {
+ "node.kubernetes.io/pool" = "gpu"
}
+ name = "k3s-agent-0"
+ taints = {
+ dedicated = "gpu:NoSchedule"
}
},
+ {
+ annotations = []
+ labels = {
+ "node.kubernetes.io/pool" = "general"
}
+ name = "k3s-agent-1"
+ taints = {
+ dedicated = null
}
},
+ {
+ annotations = []
+ labels = {
+ "node.kubernetes.io/pool" = "general"
}
+ name = "k3s-agent-2"
+ taints = {
+ dedicated = null
}
},
]
+ servers = [
+ {
+ annotations = {
+ server_id = 0
}
+ labels = []
+ name = "k3s-control-plane-0"
+ taints = []
},
+ {
+ annotations = {
+ server_id = 1
}
+ labels = []
+ name = "k3s-control-plane-1"
+ taints = []
},
+ {
+ annotations = {
+ server_id = 2
}
+ labels = []
+ name = "k3s-control-plane-2"
+ taints = []
},
]
+ version = "v1.25.2+k3s1"
}
Warnings:
- Deprecated attribute
on k3s.tf line 84 (and 7 more)
To see the full warning notes, run Terraform without -compact-warnings.
|
With the latest release I still get this deprecation warning:
Would you mind releasing a new version containing this PR ? Thanks ! |
This PR contains the following updates:
~> 2.0
->~> 3.0
Release Notes
hashicorp/terraform-provider-http
v3.2.1
Compare Source
BUG FIXES
v3.2.0
Compare Source
ENHANCEMENTS:
ca_cert_pem
attribute which allows PEM encoded certificate(s) to be included in the set of root certificate authorities used when verifying server certificates (#125).insecure
attribute to allow disabling the verification of a server's certificate chain and host name. Defaults tofalse
(#125).v3.1.0
Compare Source
ENHANCEMENTS:
v3.0.1
Compare Source
BUG FIXES
body
attribute (#166).v3.0.0
Compare Source
NOTES:
terraform-plugin-framework
(#177).BREAKING CHANGES:
status_code
, has been added. It can be used either withprecondition and postcondition checks (Terraform >= 1.2.0), or, for instance,
with local-exec Provisioner (114).
body
has been removed (#137).v2.2.0
Compare Source
ENHANCEMENTS:
body
is now deprecated and has been superseded byresponse_body
.body
will be removed in the next major release (#137).NOTES:
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.