feat: upgrade aks (#59)

* wip: fix bots

* fix: update aks cluster version

* feat: update azurerm to 4.23.0 (fixing problems)

* fix: use rg name and location from variable

* chore: format

* ci: fix

Author: lorenzocorallo

.github/workflows/tf-plan-apply.yml

@@ -24,9 +24,6 @@ jobs:
   terraform-plan:
     name: 'Terraform Plan'
     runs-on: ubuntu-latest
-    env:
-      #this is needed since we are running terraform with read-only permissions
-      ARM_SKIP_PROVIDER_REGISTRATION: true
     outputs:
       tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
 

.terraform.lock.hcl

@@ -1 +1,2 @@
+export ARM_SUBSCRIPTION_ID=$(az account show --query 'id' -o tsv)
 export ARM_ACCESS_KEY=$(az storage account keys list --resource-group rg-polinetwork --account-name polinetworksa --query '[0].value' -o tsv)

access_key.sh

@@ -42,29 +42,29 @@ applications:
     info:
       - name: url
         value: https://argoproj.github.io/
-  bot-mat:
-    name: bot-mat
-    namespace: argocd
-    project: default
-    source:
-      repoURL: https://github.com/poliNetworkOrg/polinetwork-cd
-      targetRevision: HEAD
-      path: bot-mat
-      directory:
-        recurse: true
-    destination:
-      server: https://kubernetes.default.svc
-      namespace: bot-mat
-    syncPolicy:
-      automated:
-        prune: true
-        selfHeal: true
-      syncOptions:
-        - CreateNamespace=false
-        - Replace=true
-    info:
-      - name: url
-        value: https://argoproj.github.io/
+  # bot-mat:
+  #   name: bot-mat
+  #   namespace: argocd
+  #   project: default
+  #   source:
+  #     repoURL: https://github.com/poliNetworkOrg/polinetwork-cd
+  #     targetRevision: HEAD
+  #     path: bot-mat
+  #     directory:
+  #       recurse: true
+  #   destination:
+  #     server: https://kubernetes.default.svc
+  #     namespace: bot-mat
+  #   syncPolicy:
+  #     automated:
+  #       prune: true
+  #       selfHeal: true
+  #     syncOptions:
+  #       - CreateNamespace=false
+  #       - Replace=true
+  #   info:
+  #     - name: url
+  #       value: https://argoproj.github.io/
   mariadb:
     name: mariadb
     namespace: argocd

argocd-applications.yaml

@@ -1,5 +1,5 @@
 provider "azurerm" {
   features {}
-  skip_provider_registration = true
-  use_oidc                   = true
+  resource_provider_registrations = "none"
+  use_oidc                        = true
 }

features.tf

@@ -16,7 +16,8 @@ locals {
 }
 
 module "aks" {
-  source = "./modules/aks/"
+  depends_on = [module.keyvault]
+  source     = "./modules/aks/"
 
   ca_tls_key = data.azurerm_key_vault_secret.ca_tls_key.value
   ca_tls_crt = data.azurerm_key_vault_secret.ca_tls_crt.value
@@ -33,10 +34,10 @@ module "aks" {
     }
   ]
 
-  location = azurerm_resource_group.rg.location
-  rg_name  = azurerm_resource_group.rg.name
+  rg_location = azurerm_resource_group.rg.location
+  rg_name     = azurerm_resource_group.rg.name
 
-  kubernetes_orchestrator_version = "1.26.3"
+  kubernetes_orchestrator_version = "1.29.13"
 
 }
 
@@ -55,6 +56,15 @@ module "argo-cd" {
   ]
 }
 
+module "aule_bot" {
+  depends_on = [
+    module.mariadb
+  ]
+
+  source        = "./modules/bots-migration/"
+  bot_namespace = "bot-rooms"
+}
+
 module "cloudflare" {
   depends_on = [
     module.aks
@@ -127,22 +137,13 @@ module "bot_mat_migration" {
     module.mariadb
   ]
 
-  source = "./modules/bots/"
+  source = "./modules/bots-migration/"
 
   bot_namespace               = "bot-mat"
-  bot_token                   = data.azurerm_key_vault_secret.prod_mat_token.value
-  bot_onMessage               = "mat"
-  db_database                 = "polinetwork_materials"
-  db_host                     = local.mariadb_internal_ip
-  db_password                 = data.azurerm_key_vault_secret.prod_mat_db_password.value
-  db_user                     = data.azurerm_key_vault_secret.prod_mat_db_user.value
   persistent_storage          = true
   persistent_storage_size_gi  = "250"
   persistent_storage_location = azurerm_resource_group.rg.location
   persistent_storage_rg_name  = azurerm_resource_group.rg.name
-
-  material_password = data.azurerm_key_vault_secret.dev_mat_config_password.value
-  material_root_dir = "/Repos/"
 }
 
 module "keyvault" {

main.tf

@@ -3,10 +3,10 @@ data "azurerm_subscription" "primary" {
 
 # tfsec:ignore:azure-container-limit-authorized-ips
 resource "azurerm_kubernetes_cluster" "k8s" {
-  location                          = "westeurope"
   name                              = "aks-polinetwork"
-  resource_group_name               = var.rg_name
   dns_prefix                        = "aks-polinetwork"
+  location                          = var.rg_location
+  resource_group_name               = var.rg_name
   role_based_access_control_enabled = true
   http_application_routing_enabled  = false // replaced by az aks approuting enable -g <ResourceGroupName> -n <ClusterName>
 
@@ -15,7 +15,6 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   }
 
   azure_active_directory_role_based_access_control {
-    managed            = true
     azure_rbac_enabled = true
     admin_group_object_ids = [
       "57561933-3873-400d-be92-cdad68d57c1f",
@@ -37,7 +36,7 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     os_disk_type                = "Managed"
     os_disk_size_gb             = 30
     orchestrator_version        = var.kubernetes_orchestrator_version
-    enable_auto_scaling         = true
+    auto_scaling_enabled        = true
     max_count                   = 1
     min_count                   = 1
     node_count                  = 1
@@ -68,7 +67,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "systempool" {
   mode                  = each.value.mode == null ? "User" : each.value.mode
   tags                  = each.value.tags
   orchestrator_version  = var.kubernetes_orchestrator_version
-  enable_auto_scaling   = each.value.enable_auto_scaling
+  auto_scaling_enabled  = each.value.enable_auto_scaling
   max_count             = each.value.max_count
   min_count             = each.value.min_count
 }

modules/aks/k8s.tf

@@ -7,7 +7,7 @@ terraform {
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.63.0"
+      version = "=4.23.0"
     }
     helm = {
       source  = "hashicorp/helm"

modules/aks/providers.tf

@@ -1,4 +1,4 @@
-variable "location" {
+variable "rg_location" {
   type     = string
   nullable = false
 }

modules/aks/variables.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.63.0"
+      version = "=4.23.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"