Merge pull request #379 from sassoftware/staging

9.2.0 - April 18, 2024
sassoftware · Apr 18, 2024 · 7ce32d8 · 7ce32d8
2 parents f12ea54 + e99988d
commit 7ce32d8
Show file tree

Hide file tree

Showing 47 changed files with 164 additions and 95 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,9 @@
 ARG TERRAFORM_VERSION=1.7.3
-ARG AZURECLI_VERSION=2.57.0
+ARG AZURECLI_VERSION=2.59.0
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
-ARG KUBECTL_VERSION=1.27.9
+ARG KUBECTL_VERSION=1.28.7
 
 WORKDIR /viya4-iac-azure
 

diff --git a/README.md b/README.md
@@ -58,9 +58,9 @@ Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformA
 
 #### Terraform Requirements:
 - [Terraform](https://www.terraform.io/downloads.html) - v1.7.3
-- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.27.9
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.28.7
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.57.0
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.59.0
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

diff --git a/container-structure-test.yaml b/container-structure-test.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 schemaVersion: "2.0.0"
@@ -29,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.57.0\t2.57.0\t1.1.0"]
+    expectedOutput: ["2.59.0\t2.59.0\t1.1.0"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 set -e

diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -182,7 +182,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
 | :--- | ---: | ---: | ---: | ---: |
 | partner_id | A GUID that is registered with Microsoft to facilitate partner resource usage attribution | string | "5d27f3ae-e49c-4dea-9aa3-b44e4750cd8c" | Defaults to SAS partner GUID. When you deploy this Terraform configuration, Microsoft can identify the installation of SAS software with the deployed Azure resources. Microsoft can then correlate the resources that are used to support the software. Microsoft collects this information to provide the best experiences with their products and to operate their business. The data is collected and governed by Microsoft's privacy policies, located at https://www.microsoft.com/trustcenter. |
 | create_static_kubeconfig | Allows the user to create a provider / service account-based kubeconfig file | bool | true | A value of `false` will default to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` will create a static kubeconfig that uses a `Service Account` and `Cluster Role Binding` to provide credentials. |
-| kubernetes_version | The AKS cluster Kubernetes version | string | "1.27" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version |
+| kubernetes_version | The AKS cluster Kubernetes version | string | "1.28" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version |
 | create_jump_vm | Create bastion host | bool | true | |
 | create_jump_public_ip | Add public IP address to the jump VM | bool | true | |
 | enable_jump_public_static_ip | Enables `Static` allocation method for the public IP address of Jump Server. Setting false will enable `Dynamic` allocation method. | bool | true | Only used with `create_jump_public_ip=true` |

diff --git a/examples/sample-input-byo.tfvars b/examples/sample-input-byo.tfvars
@@ -45,7 +45,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input-connect.tfvars b/examples/sample-input-connect.tfvars
@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input-ha.tfvars b/examples/sample-input-ha.tfvars
@@ -32,7 +32,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input-minimal.tfvars b/examples/sample-input-minimal.tfvars
@@ -32,7 +32,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D4_v3"
 #v3 still has local temp storage

diff --git a/examples/sample-input-postgres.tfvars b/examples/sample-input-postgres.tfvars
@@ -86,7 +86,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input-ppg.tfvars b/examples/sample-input-ppg.tfvars
@@ -33,7 +33,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input-singlestore.tfvars b/examples/sample-input-singlestore.tfvars
@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/examples/sample-input.tfvars b/examples/sample-input.tfvars
@@ -34,7 +34,7 @@ container_registry_sku              = "Standard"
 container_registry_admin_enabled    = false
 
 # AKS config
-kubernetes_version         = "1.27"
+kubernetes_version         = "1.28"
 default_nodepool_min_nodes = 2
 default_nodepool_vm_type   = "Standard_D8s_v4"
 

diff --git a/files/tools/iac_git_info.sh b/files/tools/iac_git_info.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # We need to return an error if things don't work

diff --git a/files/tools/iac_tooling_version.sh b/files/tools/iac_tooling_version.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # We need to return an error if things don't work

diff --git a/files/tools/terraform_env_variable_helper.sh b/files/tools/terraform_env_variable_helper.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 echo -e "\nUsage: You must have an active az cli login 'az login' before this script will work"

diff --git a/iam.tf b/iam.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 data "azurerm_user_assigned_identity" "uai" {

diff --git a/locals.tf b/locals.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 locals {

diff --git a/main.tf b/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 ## Azure-AKS
@@ -49,6 +49,7 @@ data "azurerm_resource_group" "aks_rg" {
   count = var.resource_group_name == null ? 0 : 1
   name  = var.resource_group_name
 }
+
 resource "azurerm_proximity_placement_group" "proximity" {
   count = var.node_pools_proximity_placement ? 1 : 0
 
@@ -143,6 +144,8 @@ module "aks" {
   aks_cluster_max_pods                     = var.default_nodepool_max_pods
   aks_cluster_os_disk_size                 = var.default_nodepool_os_disk_size
   aks_cluster_node_vm_size                 = var.default_nodepool_vm_type
+  aks_cluster_enable_host_encryption       = var.aks_cluster_enable_host_encryption
+  aks_node_disk_encryption_set_id          = var.aks_node_disk_encryption_set_id
   aks_cluster_node_admin                   = var.node_vm_admin
   aks_cluster_ssh_public_key               = try(file(var.ssh_public_key), "")
   aks_cluster_private_dns_zone_id          = var.aks_cluster_private_dns_zone_id
@@ -206,6 +209,7 @@ module "node_pools" {
   zones                        = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone]
   proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0)
   orchestrator_version         = var.kubernetes_version
+  enable_host_encryption       = var.aks_cluster_enable_host_encryption
   tags                         = var.tags
 }
 

diff --git a/modules/aks_node_pool/main.tf b/modules/aks_node_pool/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # Reference: https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster_node_pool.html
@@ -10,6 +10,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "autoscale_node_pool" {
   vnet_subnet_id               = var.vnet_subnet_id
   zones                        = var.zones
   fips_enabled                 = var.fips_enabled
+  enable_host_encryption       = var.enable_host_encryption
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size
@@ -40,6 +41,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "static_node_pool" {
   vnet_subnet_id               = var.vnet_subnet_id
   zones                        = var.zones
   fips_enabled                 = var.fips_enabled
+  enable_host_encryption       = var.enable_host_encryption
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size

diff --git a/modules/aks_node_pool/variables.tf b/modules/aks_node_pool/variables.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 variable "node_pool_name" {
@@ -23,6 +23,12 @@ variable "fips_enabled" {
   default     = false
 }
 
+variable "enable_host_encryption" {
+  description = "Enables host encryption on all the nodes in the Node Pool. Changing this forces a new resource to be created."
+  type        = bool
+  default     = false
+}
+
 variable "vnet_subnet_id" {
   description = "The ID of the Subnet where this Node Pool should exist. Changing this forces a new resource to be created."
   type        = string

diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
@@ -13,6 +13,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   support_plan                      = var.cluster_support_tier
   role_based_access_control_enabled = true
   http_application_routing_enabled  = false
+  disk_encryption_set_id            = var.aks_node_disk_encryption_set_id
 
   # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
   # az aks get-versions --location eastus -o table
@@ -52,22 +53,23 @@ resource "azurerm_kubernetes_cluster" "aks" {
   }
 
   default_node_pool {
-    name                  = "system"
-    vm_size               = var.aks_cluster_node_vm_size
-    zones                 = var.aks_availability_zones
-    enable_auto_scaling   = var.aks_cluster_node_auto_scaling
-    enable_node_public_ip = false
-    node_labels           = {}
-    node_taints           = []
-    fips_enabled          = var.fips_enabled
-    max_pods              = var.aks_cluster_max_pods
-    os_disk_size_gb       = var.aks_cluster_os_disk_size
-    max_count             = var.aks_cluster_max_nodes
-    min_count             = var.aks_cluster_min_nodes
-    node_count            = var.aks_cluster_node_count
-    vnet_subnet_id        = var.aks_vnet_subnet_id
-    tags                  = var.aks_cluster_tags
-    orchestrator_version  = var.kubernetes_version
+    name                   = "system"
+    vm_size                = var.aks_cluster_node_vm_size
+    zones                  = var.aks_availability_zones
+    enable_auto_scaling    = var.aks_cluster_node_auto_scaling
+    enable_node_public_ip  = false
+    node_labels            = {}
+    node_taints            = []
+    fips_enabled           = var.fips_enabled
+    enable_host_encryption = var.aks_cluster_enable_host_encryption
+    max_pods               = var.aks_cluster_max_pods
+    os_disk_size_gb        = var.aks_cluster_os_disk_size
+    max_count              = var.aks_cluster_max_nodes
+    min_count              = var.aks_cluster_min_nodes
+    node_count             = var.aks_cluster_node_count
+    vnet_subnet_id         = var.aks_vnet_subnet_id
+    tags                   = var.aks_cluster_tags
+    orchestrator_version   = var.kubernetes_version
   }
 
   dynamic "service_principal" {

diff --git a/modules/azure_aks/outputs.tf b/modules/azure_aks/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 output "client_key" {

diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 variable "aks_cluster_name" {
@@ -113,10 +113,22 @@ variable "aks_cluster_max_pods" {
   default     = 110
 }
 
+variable "aks_cluster_enable_host_encryption" {
+  description = "Enables host encryption on all the nodes in the Default Node Pool"
+  type        = bool
+  default     = false
+}
+
+variable "aks_node_disk_encryption_set_id" {
+  description = "The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. Changing this forces a new resource to be created."
+  type        = string
+  default     = null
+}
+
 variable "kubernetes_version" {
   description = "The AKS cluster K8s version"
   type        = string
-  default     = "1.27"
+  default     = "1.28"
 }
 
 variable "aks_cluster_endpoint_public_access_cidrs" {

diff --git a/modules/azurerm_message_broker/main.tf b/modules/azurerm_message_broker/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # Azure Service Bus

diff --git a/modules/azurerm_message_broker/outputs.tf b/modules/azurerm_message_broker/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 output "message_broker_hostname" {

diff --git a/modules/azurerm_message_broker/variables.tf b/modules/azurerm_message_broker/variables.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 variable "prefix" {

diff --git a/modules/azurerm_netapp/main.tf b/modules/azurerm_netapp/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 # Terraform docs - https://www.terraform.io/docs/providers/azurerm/r/netapp_volume.html

diff --git a/modules/azurerm_netapp/outputs.tf b/modules/azurerm_netapp/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 output "netapp_account_id" {

diff --git a/modules/azurerm_netapp/variables.tf b/modules/azurerm_netapp/variables.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 variable "prefix" {

diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 ###################################################

diff --git a/modules/azurerm_postgresql_flex/outputs.tf b/modules/azurerm_postgresql_flex/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 output "server_name" {

diff --git a/modules/azurerm_postgresql_flex/variables.tf b/modules/azurerm_postgresql_flex/variables.tf
@@ -1,4 +1,4 @@
-# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 variable "resource_group_name" {