From fdb340ed388698bd4d88313f9106854194edd9e8 Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Tue, 15 Jul 2025 11:55:30 -0500 Subject: [PATCH 1/6] chore: bump terraform helm version v3 and fix errors --- README.md | 2 +- examples/logs-agent-iks/provider.tf | 6 +- examples/logs-agent-iks/version.tf | 2 +- examples/logs-agent-ocp/provider.tf | 6 +- examples/logs-agent-ocp/version.tf | 2 +- main.tf | 131 ++++++++++++----------- solutions/fully-configurable/provider.tf | 6 +- solutions/fully-configurable/version.tf | 2 +- version.tf | 2 +- 9 files changed, 81 insertions(+), 78 deletions(-) diff --git a/README.md b/README.md index f5ea4aea..c6b82f3a 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ You need the following permissions to run this module. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.9.0 | -| [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 | +| [helm](#requirement\_helm) | >= 3.0.0, <4.0.0 | | [ibm](#requirement\_ibm) | >= 1.76.1, <2.0.0 | ### Modules diff --git a/examples/logs-agent-iks/provider.tf b/examples/logs-agent-iks/provider.tf index 76346099..4870cff2 100644 --- a/examples/logs-agent-iks/provider.tf +++ b/examples/logs-agent-iks/provider.tf @@ -4,17 +4,17 @@ provider "ibm" { } provider "helm" { - kubernetes { + kubernetes = { host = data.ibm_container_cluster_config.cluster_config.host token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } # IBM Cloud credentials are required to authenticate to the helm repo - registry { + registries = [{ url = "oci://icr.io/ibm/observe/logs-agent-helm" username = "iamapikey" password = var.ibmcloud_api_key - } + }] } provider "kubernetes" { diff --git a/examples/logs-agent-iks/version.tf b/examples/logs-agent-iks/version.tf index 4e0bbcea..037c69f8 100644 --- a/examples/logs-agent-iks/version.tf +++ b/examples/logs-agent-iks/version.tf @@ -10,7 +10,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.15.0" + version = "3.0.2" } # The kubernetes provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version kubernetes = { diff --git a/examples/logs-agent-ocp/provider.tf b/examples/logs-agent-ocp/provider.tf index 76346099..4870cff2 100644 --- a/examples/logs-agent-ocp/provider.tf +++ b/examples/logs-agent-ocp/provider.tf @@ -4,17 +4,17 @@ provider "ibm" { } provider "helm" { - kubernetes { + kubernetes = { host = data.ibm_container_cluster_config.cluster_config.host token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } # IBM Cloud credentials are required to authenticate to the helm repo - registry { + registries = [{ url = "oci://icr.io/ibm/observe/logs-agent-helm" username = "iamapikey" password = var.ibmcloud_api_key - } + }] } provider "kubernetes" { diff --git a/examples/logs-agent-ocp/version.tf b/examples/logs-agent-ocp/version.tf index a2c679d0..7f333013 100644 --- a/examples/logs-agent-ocp/version.tf +++ b/examples/logs-agent-ocp/version.tf @@ -11,7 +11,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = ">= 2.15.0" + version = ">= 3.0.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/main.tf b/main.tf index ecc16aad..d7704b2b 100644 --- a/main.tf +++ b/main.tf @@ -47,73 +47,76 @@ resource "helm_release" "logs_agent" { recreate_pods = true force_update = true - set { - name = "metadata.name" - type = "string" - value = var.logs_agent_name - } - set { - name = "image.version" - type = "string" - value = var.logs_agent_image_version - } - set { - name = "env.ingestionHost" - type = "string" - value = local.cloud_logs_ingress_endpoint - } - set { - name = "env.ingestionPort" - value = var.cloud_logs_ingress_port - } - set_sensitive { + set = [ + { + name = "metadata.name" + type = "string" + value = var.logs_agent_name + }, + { + name = "image.version" + type = "string" + value = var.logs_agent_image_version + }, + { + name = "env.ingestionHost" + type = "string" + value = local.cloud_logs_ingress_endpoint + }, + { + name = "env.ingestionPort" + value = var.cloud_logs_ingress_port + }, + { + name = "env.trustedProfileID" + type = "string" + value = local.logs_agent_trusted_profile_id + }, + { + name = "env.iamMode" + type = "string" + value = var.logs_agent_iam_mode + }, + { + name = "env.iamEnvironment" + type = "string" + value = var.logs_agent_iam_environment + }, + { + name = "additionalLogSourcePaths" + type = "string" + value = join("\\,", var.logs_agent_additional_log_source_paths) + }, + { + name = "excludeLogSourcePaths" + type = "string" + value = join("\\,", var.logs_agent_exclude_log_source_paths) + }, + { + name = "selectedLogSourcePaths" + type = "string" + value = join("\\,", local.logs_agent_selected_log_source_paths) + }, + { + name = "clusterName" + type = "string" + value = local.cluster_name + }, + { + name = "scc.create" + value = var.logs_agent_enable_scc + }, + { + name = "enableMultiline" + value = var.enable_multiline + } + ] + + set_sensitive = [{ name = "secret.iamAPIKey" type = "string" value = local.logs_agent_iam_api_key - } - set { - name = "env.trustedProfileID" - type = "string" - value = local.logs_agent_trusted_profile_id - } - set { - name = "env.iamMode" - type = "string" - value = var.logs_agent_iam_mode - } - set { - name = "env.iamEnvironment" - type = "string" - value = var.logs_agent_iam_environment - } - set { - name = "additionalLogSourcePaths" - type = "string" - value = join("\\,", var.logs_agent_additional_log_source_paths) - } - set { - name = "excludeLogSourcePaths" - type = "string" - value = join("\\,", var.logs_agent_exclude_log_source_paths) - } - set { - name = "selectedLogSourcePaths" - type = "string" - value = join("\\,", local.logs_agent_selected_log_source_paths) - } - set { - name = "clusterName" - type = "string" - value = local.cluster_name - } - set { - name = "scc.create" - value = var.logs_agent_enable_scc - } - set { - name = "enableMultiline" - value = var.enable_multiline - } + }] # dummy value hack to force update https://github.com/hashicorp/terraform-provider-helm/issues/515#issuecomment-813088122 values = [ diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf index 40a74691..046248ac 100644 --- a/solutions/fully-configurable/provider.tf +++ b/solutions/fully-configurable/provider.tf @@ -9,17 +9,17 @@ provider "kubernetes" { } provider "helm" { - kubernetes { + kubernetes = { host = data.ibm_container_cluster_config.cluster_config.host token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } # IBM Cloud credentials are required to authenticate to the helm repo - registry { + registries = [{ url = "oci://icr.io/ibm/observe/logs-agent-helm" username = "iamapikey" password = var.ibmcloud_api_key - } + }] } # Retrieve information about an existing VPC cluster diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf index e996e0af..12291980 100644 --- a/solutions/fully-configurable/version.tf +++ b/solutions/fully-configurable/version.tf @@ -10,7 +10,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.17.0" + version = "3.0.2" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/version.tf b/version.tf index a63e930b..c50552ac 100644 --- a/version.tf +++ b/version.tf @@ -9,7 +9,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = ">= 2.15.0, <3.0.0" + version = ">= 3.0.0, <4.0.0" } } } From c79aa47b0a1f15b8ec41e4c78e1f292526df1394 Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Mon, 21 Jul 2025 10:01:26 -0500 Subject: [PATCH 2/6] fix: pin to lowest version --- examples/logs-agent-iks/version.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/logs-agent-iks/version.tf b/examples/logs-agent-iks/version.tf index 037c69f8..72e17f0a 100644 --- a/examples/logs-agent-iks/version.tf +++ b/examples/logs-agent-iks/version.tf @@ -10,7 +10,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "3.0.2" + version = "3.0.0" } # The kubernetes provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version kubernetes = { From 292594f295e6d55f8d0db1638ec370c28b1b6c46 Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Tue, 29 Jul 2025 15:51:46 -0400 Subject: [PATCH 3/6] fix: merge fix --- main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/main.tf b/main.tf index 69cdf85a..08b87479 100644 --- a/main.tf +++ b/main.tf @@ -87,11 +87,6 @@ resource "helm_release" "logs_agent" { type = "string" value = join("\\,", var.logs_agent_system_logs) }, - { - name = "additionalLogSourcePaths" - type = "string" - value = join("\\,", var.logs_agent_additional_log_source_paths) - }, { name = "excludeLogSourcePaths" type = "string" From c7394510bd0c1c65cfda45d69d4c1e182be2b31e Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Thu, 28 Aug 2025 13:07:43 -0400 Subject: [PATCH 4/6] fix: extra set moved into list --- main.tf | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index aa56266b..e3c2fefc 100644 --- a/main.tf +++ b/main.tf @@ -109,6 +109,10 @@ resource "helm_release" "logs_agent" { { name = "enableMultiline" value = var.enable_multiline + }, + { + name = "includeAnnotations" + value = var.enable_annotations } ] @@ -118,11 +122,6 @@ resource "helm_release" "logs_agent" { value = local.logs_agent_iam_api_key }] - set { - name = "includeAnnotations" - value = var.enable_annotations - } - # dummy value hack to force update https://github.com/hashicorp/terraform-provider-helm/issues/515#issuecomment-813088122 values = [ yamlencode({ From 0e4e400eaf9856af731ad27a0bdf5d8d11c96496 Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Thu, 28 Aug 2025 13:08:40 -0400 Subject: [PATCH 5/6] docs: typo fix --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e3c2fefc..5eac5b9e 100644 --- a/main.tf +++ b/main.tf @@ -32,7 +32,7 @@ locals { for metadata in var.logs_agent_additional_metadata : { (metadata.key) = metadata.value }]...) : {} # DO NOT REMOVE "...", it is used to convert list of objects into a single object - cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 + cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publicaly documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 } resource "helm_release" "logs_agent" { From 498a751384972e7dd98911c0393f0cdd4cf707d3 Mon Sep 17 00:00:00 2001 From: "kierra.searle@ibm.com" Date: Thu, 28 Aug 2025 13:09:15 -0400 Subject: [PATCH 6/6] docs: typo fix --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5eac5b9e..7da705f2 100644 --- a/main.tf +++ b/main.tf @@ -32,7 +32,7 @@ locals { for metadata in var.logs_agent_additional_metadata : { (metadata.key) = metadata.value }]...) : {} # DO NOT REMOVE "...", it is used to convert list of objects into a single object - cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publicaly documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 + cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publicly documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 } resource "helm_release" "logs_agent" {