Skip to content

chore: bump terraform helm version to v3 and fix errors #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Aug 12, 2025
Merged

chore: bump terraform helm version to v3 and fix errors #149

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
e9c4ec6
chore: bump terraform help version to v3 and fix errors
kierramarie Jul 8, 2025
2a016e3
Merge branch 'main' into ks-helmv3
kierramarie Jul 8, 2025
38107da
Merge branch 'main' into ks-helmv3
vbontempi Jul 9, 2025
56aa9a1
Merge branch 'main' into ks-helmv3
kierramarie Jul 11, 2025
aacc3b9
fix: helm required provider limit
kierramarie Jul 11, 2025
330eab3
Merge branch 'ks-helmv3' of github.com:terraform-ibm-modules/terrafor…
kierramarie Jul 11, 2025
e8c2b81
Merge branch 'main' into ks-helmv3
vbontempi Jul 14, 2025
2a0333a
Merge branch 'main' into ks-helmv3
vbontempi Jul 16, 2025
8078144
Merge branch 'main' into ks-helmv3
kierramarie Jul 21, 2025
1274ff7
Merge branch 'main' into ks-helmv3
kierramarie Jul 23, 2025
789698a
Merge branch 'main' into ks-helmv3
kierramarie Jul 29, 2025
2d47775
Merge branch 'main' into ks-helmv3
kierramarie Aug 6, 2025
9be45e5
SKIP UPGRADE TEST
kierramarie Aug 7, 2025
d06e14d
Merge branch 'main' into ks-helmv3
vbontempi Aug 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,7 @@ You need the following permissions to run this module.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0, < 3.0.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1, < 3.0.0 |

### Modules
Expand Down
2 changes: 1 addition & 1 deletion examples/all-combined/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ provider "kubernetes" {


provider "helm" {
kubernetes {
kubernetes = {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
Expand Down
2 changes: 1 addition & 1 deletion examples/all-combined/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = ">= 2.11.0"
version = ">= 3.0.0, <4.0.0"
}
time = {
source = "hashicorp/time"
Expand Down
2 changes: 1 addition & 1 deletion examples/basic/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ provider "kubernetes" {


provider "helm" {
kubernetes {
kubernetes = {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
Expand Down
2 changes: 1 addition & 1 deletion examples/basic/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = "= 2.11.0"
version = "= 3.0.0"
}
time = {
source = "hashicorp/time"
Expand Down
2 changes: 1 addition & 1 deletion examples/trusted-profiles-authentication/providers.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ provider "kubernetes" {


provider "helm" {
kubernetes {
kubernetes = {
client_certificate = data.ibm_container_cluster_config.cluster_config.admin_certificate
client_key = data.ibm_container_cluster_config.cluster_config.admin_key
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
Expand Down
2 changes: 1 addition & 1 deletion examples/trusted-profiles-authentication/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = ">= 2.8.0"
version = ">= 3.0.0, <4.0.0"
}
ibm = {
source = "IBM-Cloud/ibm"
Expand Down
232 changes: 107 additions & 125 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,46 +178,60 @@ resource "helm_release" "external_secrets_operator" {
wait = true
repository = var.eso_chart_location

set {
set = [{
name = "image.repository"
type = "string"
value = var.eso_image
}

set {
name = "image.tag"
type = "string"
value = var.eso_image_version
}

set {
name = "webhook.image.repository"
type = "string"
value = var.eso_image
}

set {
name = "webhook.image.tag"
type = "string"
value = var.eso_image_version
}

set {
name = "certController.image.repository"
type = "string"
value = var.eso_image
}

set {
name = "certController.image.tag"
type = "string"
value = var.eso_image_version
}
},
{
name = "image.tag"
type = "string"
value = var.eso_image_version
},
{
name = "webhook.image.repository"
type = "string"
value = var.eso_image
},
{
name = "webhook.image.tag"
type = "string"
value = var.eso_image_version
},
{
name = "certController.image.repository"
type = "string"
value = var.eso_image
},
{
name = "certController.image.tag"
type = "string"
value = var.eso_image_version
}]

# The following mounts are needed for the CRI based authentication with Trusted Profiles
values = [local.eso_helm_release_values_cri, local.eso_helm_release_values_workerselector]
}

locals {
reloader_namespaces_to_ignore = var.reloader_namespaces_to_ignore != null ? [{
name = "reloader.namespacesToIgnore"
value = var.reloader_namespaces_to_ignore
}] : []
reloader_resources_to_ignore = var.reloader_resources_to_ignore != null ? [{
name = "reloader.resourcesToIgnore"
value = var.reloader_resources_to_ignore
}] : []
reloader_is_openshift = var.reloader_is_openshift ? [{
name = "reloader.deployment.securityContext.runAsUser"
value = "null"
}] : []
reloader_log_format = var.reloader_log_format == "json" ? [{
name = "reloader.logFormat"
value = var.reloader_log_format
}] : []
}

resource "helm_release" "pod_reloader" {
depends_on = [module.eso_namespace, data.kubernetes_namespace.existing_eso_namespace]
count = var.reloader_deployed == true ? 1 : 0
Expand All @@ -228,100 +242,68 @@ resource "helm_release" "pod_reloader" {
version = var.reloader_chart_version
wait = true

set {
name = "image.repository"
type = "string"
value = var.reloader_image
}

set {
name = "image.tag"
type = "string"
value = var.reloader_image_version
}

# Set reload strategy
set {
name = "reloader.reloadStrategy"
type = "string"
value = var.reloader_reload_strategy
}

# Set namespaces to ignore
dynamic "set" {
for_each = var.reloader_namespaces_to_ignore != null ? [1] : []
content {
name = "reloader.namespacesToIgnore"
value = var.reloader_namespaces_to_ignore
}
}

# Set resources to ignore
dynamic "set" {
for_each = var.reloader_resources_to_ignore != null ? [1] : []
content {
name = "reloader.resourcesToIgnore"
value = var.reloader_resources_to_ignore
}
}

# Set watchGlobally based on conditions
set {
name = "reloader.watchGlobally"
value = var.reloader_namespaces_selector == null && var.reloader_resource_label_selector == null ? true : false
}

# Set ignoreSecrets and ignoreConfigMaps
set {
name = "reloader.ignoreSecrets"
value = var.reloader_ignore_secrets
}

set {
name = "reloader.ignoreConfigMaps"
value = var.reloader_ignore_configmaps
}

# Set OpenShift and Argo Rollouts options
set {
name = "reloader.isOpenshift"
value = var.reloader_is_openshift
}
# Set runAsUser to null if isOpenShift is true
dynamic "set" {
for_each = var.reloader_is_openshift ? [1] : []
content {
name = "reloader.deployment.securityContext.runAsUser"
value = "null"
}
}

set {
name = "reloader.podMonitor.enabled"
value = var.reloader_pod_monitor_metrics
}
dynamic "set" {
for_each = var.reloader_log_format == "json" ? [1] : []
content {
name = "reloader.logFormat"
value = var.reloader_log_format
set = concat([
{
name = "image.repository"
type = "string"
value = var.reloader_image
},
{
name = "image.tag"
type = "string"
value = var.reloader_image_version
},
# Set reload strategy
{
name = "reloader.reloadStrategy"
type = "string"
value = var.reloader_reload_strategy
},
# Set watchGlobally based on conditions
{
name = "reloader.watchGlobally"
value = var.reloader_namespaces_selector == null && var.reloader_resource_label_selector == null ? true : false
},
# Set ignoreSecrets and ignoreConfigMaps
{
name = "reloader.ignoreSecrets"
value = var.reloader_ignore_secrets
},
{
name = "reloader.ignoreConfigMaps"
value = var.reloader_ignore_configmaps
},
# Set OpenShift and Argo Rollouts options
{
name = "reloader.isOpenshift"
value = var.reloader_is_openshift
},
{
name = "reloader.podMonitor.enabled"
value = var.reloader_pod_monitor_metrics
},
{
name = "reloader.isArgoRollouts"
value = var.reloader_is_argo_rollouts
},
# Set reloadOnCreate and syncAfterRestart options
{
name = "reloader.reloadOnCreate"
value = var.reloader_reload_on_create
},
{
name = "reloader.syncAfterRestart"
value = var.reloader_sync_after_restart
}
}
set {
name = "reloader.isArgoRollouts"
value = var.reloader_is_argo_rollouts
}

# Set reloadOnCreate and syncAfterRestart options
set {
name = "reloader.reloadOnCreate"
value = var.reloader_reload_on_create
}

set {
name = "reloader.syncAfterRestart"
value = var.reloader_sync_after_restart
}
],
# Set namespaces to ignore
local.reloader_namespaces_to_ignore,
# Set resources to ignore
local.reloader_resources_to_ignore,
# Set runAsUser to null if isOpenShift is true
local.reloader_is_openshift,
local.reloader_log_format
)

# Set the values attribute conditionally
values = var.reloader_custom_values != null ? yamldecode(var.reloader_custom_values) : []
Expand Down
2 changes: 1 addition & 1 deletion modules/eso-clusterstore/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ For more information about Trusted Profiles refer to the IBM Cloud documentation
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.8.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1, <3.0.0 |

### Modules
Expand Down
2 changes: 1 addition & 1 deletion modules/eso-clusterstore/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = ">= 2.8.0"
version = ">= 3.0.0, <4.0.0"
}
}
}
2 changes: 1 addition & 1 deletion modules/eso-external-secret/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ For more information about ExternalSecrets on ESO please refer to the ESO docume
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.8.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 |

### Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/eso-external-secret/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
# Use "greater than or equal to" range in modules
helm = {
source = "hashicorp/helm"
version = ">= 2.8.0"
version = ">= 3.0.0, <4.0.0"
}
}
}
2 changes: 1 addition & 1 deletion modules/eso-secretstore/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ For more information about Trusted Profiles refer to the IBM Cloud documentation
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.8.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1, <3.0.0 |

### Modules
Expand Down
2 changes: 1 addition & 1 deletion modules/eso-secretstore/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = ">= 2.8.0"
version = ">= 3.0.0, <4.0.0"
}
}
}
2 changes: 1 addition & 1 deletion solutions/fully-configurable/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ provider "kubernetes" {
}

provider "helm" {
kubernetes {
kubernetes = {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
Expand Down
2 changes: 1 addition & 1 deletion solutions/fully-configurable/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = "2.17.0"
version = "3.0.2"
}
ibm = {
source = "IBM-Cloud/ibm"
Expand Down
2 changes: 1 addition & 1 deletion version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = ">= 2.11.0, < 3.0.0"
version = ">= 3.0.0, <4.0.0"
}
}
}