Merge pull request #302 from sassoftware/staging

6.4.0 - March 30, 2023

Author: riragh

Dockerfile

@@ -1,5 +1,5 @@
 ARG TERRAFORM_VERSION=1.0.0
-ARG AZURECLI_VERSION=2.24.2
+ARG AZURECLI_VERSION=2.45.0
 
 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION

README.md

@@ -60,7 +60,7 @@ Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformA
 - [Terraform](https://www.terraform.io/downloads.html) - v1.0.0
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.24
 - [jq](https://stedolan.github.io/jq/) - v1.6
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.24.2
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.45.0
 
 #### Docker Requirements:
 - [Docker](https://docs.docker.com/get-docker/)

container-structure-test.yaml

@@ -1,3 +1,6 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 schemaVersion: "2.0.0"
 
 fileExistenceTests:
@@ -26,7 +29,7 @@ commandTests:
       - -c
       - |
         az version -o tsv
-    expectedOutput: ["2.24.2\t2.24.2\t1.0.6"]
+    expectedOutput: ["2.45.0\t2.45.0\t1.0.8"]
 
 metadataTest:
   workdir: "/viya4-iac-azure"

docker-entrypoint.sh

@@ -1,4 +1,8 @@
 #!/usr/bin/env bash
+
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 set -e
 
 # setup container user

docs/CONFIG-VARS.md

@@ -83,7 +83,9 @@ You can use `default_public_access_cidrs` to set a default range for all created
 | :--- | ---: | ---: | ---: | :--- |
 | vnet_address_space | Address space for created vnet | string | "192.168.0.0/16" | This variable is ignored when vnet_name is set (AKA bring your own vnet). |
 | subnets | Subnets to be created and their settings | map(object) | *check below* | This variable is ignored when subnet_names is set (AKA bring your own subnets). All defined subnets must exist within the vnet address space. |
-| cluster_egress_type | The outbound (egress) routing method to be used for this Kubernetes Cluster | string | "loadBalancer" | Possible values: <ul><li>`loadBalancer`<li>`userDefinedRouting`</ul> By default, AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing connections.<p>Set to `userDefinedRouting` when using your own network [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype). |
+| cluster_egress_type | The outbound (egress) routing method to be used for this Kubernetes Cluster | string | "loadBalancer" | Possible values: <ul><li>`loadBalancer`<li>`userDefinedRouting`</ul> By default, AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing connections.<p>Set to `userDefinedRouting` when using your own network [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype).|
+| aks_network_plugin | Network plugin to use for networking. Currently supported values are `azure` and `kubenet`| string | `kubenet`| For details see Azure's documentation on: [configure kubenet](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet), [Configure Azure CNI](https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni).<br>**Note**: To support Azure CNI your Subnet must be large enough to accommodate the nodes, pods, and all Kubernetes and Azure resources that might be provisioned in your cluster.<br>To calculate the minimum subnet size including an additional node for upgrade operations use formula: `(number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)` <br>Example for a 5 node cluster: `(5) + (5 * 110) = 555 (/22 or larger)`|
+| aks_network_policy | Sets up network policy to be used with Azure CNI. Network policy allows to control the traffic flow between pods. Currently supported values are `calico` and `azure`.| string | `azure`| Network policy can only be used when `aks_network_plugin` is set to `azure`. |
 
 
 The default values for the `subnets` variable are as follows:

files/tools/iac_git_info.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 # We need to return an error if things don't work
 set -e
 

files/tools/iac_tooling_version.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 # We need to return an error if things don't work
 set -e
 

files/tools/terraform_env_variable_helper.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 echo -e "\nUsage: You must have an active az cli login 'az login' before this script will work"
 echo -e "\nUsage: Run an export referenced in line 8 or 9 before this script before continuing"
 echo "    For example: export YOURSP=your-SP-name or export YOURSP=\$USER"

iam.tf

@@ -1,11 +1,14 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 data "azurerm_user_assigned_identity" "uai" {
-  count               = var.aks_identity == "uai" ? ( var.aks_uai_name == null ? 0 : 1 ) : 0
+  count               = var.aks_identity == "uai" ? (var.aks_uai_name == null ? 0 : 1) : 0
   name                = var.aks_uai_name
   resource_group_name = local.network_rg.name
 }
 
 resource "azurerm_user_assigned_identity" "uai" {
-  count               = var.aks_identity == "uai" ? ( var.aks_uai_name == null ? 1 : 0 ) : 0
+  count               = var.aks_identity == "uai" ? (var.aks_uai_name == null ? 1 : 0) : 0
   name                = "${var.prefix}-aks-identity"
   resource_group_name = local.aks_rg.name
   location            = var.location

locals.tf

@@ -1,3 +1,6 @@
+# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 locals {
 
   # Useful flags
@@ -20,9 +23,9 @@ locals {
   kubeconfig_path     = var.iac_tooling == "docker" ? "/workspace/${local.kubeconfig_filename}" : local.kubeconfig_filename
 
   # PostgreSQL
-  default_postgres_configuration = [{name: "max_prepared_transactions", value: 1024}]
-  postgres_servers        = var.postgres_servers == null ? {} : { for k, v in var.postgres_servers : k => merge(var.postgres_server_defaults, v, ) }
-  postgres_firewall_rules = [for addr in local.postgres_public_access_cidrs : { "name" : replace(replace(addr, "/", "_"), ".", "_"), "start_ip" : cidrhost(addr, 0), "end_ip" : cidrhost(addr, abs(pow(2, 32 - split("/", addr)[1]) - 1)) }]
+  default_postgres_configuration = [{ name : "max_prepared_transactions", value : 1024 }]
+  postgres_servers               = var.postgres_servers == null ? {} : { for k, v in var.postgres_servers : k => merge(var.postgres_server_defaults, v, ) }
+  postgres_firewall_rules        = [for addr in local.postgres_public_access_cidrs : { "name" : replace(replace(addr, "/", "_"), ".", "_"), "start_ip" : cidrhost(addr, 0), "end_ip" : cidrhost(addr, abs(pow(2, 32 - split("/", addr)[1]) - 1)) }]
 
   postgres_outputs = length(module.flex_postgresql) != 0 ? { for k, v in module.flex_postgresql :
     k => {