Add Terraform v0.11.x support and migration docs
* Add explicit "providers" section to modules for Terraform v0.11.x * Retain support for Terraform v0.10.4+ * Add migration guide from Terraform v0.10.x to v0.11.x for those managing existing clusters (action required!)
This commit is contained in:
parent
d8db296932
commit
bbe295a3f1
|
@ -4,6 +4,10 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
|
* Add Terraform v0.11.x support
|
||||||
|
* Add explicit "providers" section to modules for Terraform v0.11.x
|
||||||
|
* Retain support for Terraform v0.10.4+
|
||||||
|
* Add [migration guide](https://github.com/poseidon/typhoon/blob/master/docs/topics/maintenance.md) from Terraform v0.10.x to v0.11.x (action required!)
|
||||||
* Update etcd from 3.2.13 to 3.2.14
|
* Update etcd from 3.2.13 to 3.2.14
|
||||||
* Update kube-dns from v1.14.7 to v1.14.8
|
* Update kube-dns from v1.14.7 to v1.14.8
|
||||||
* Use separate service account for kube-dns
|
* Use separate service account for kube-dns
|
||||||
|
|
|
@ -45,6 +45,14 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo
|
||||||
module "google-cloud-yavin" {
|
module "google-cloud-yavin" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
google = "google.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
# Google Cloud
|
# Google Cloud
|
||||||
region = "us-central1"
|
region = "us-central1"
|
||||||
dns_zone = "example.com"
|
dns_zone = "example.com"
|
||||||
|
|
37
docs/aws.md
37
docs/aws.md
|
@ -10,15 +10,15 @@ Controllers and workers are provisioned to run a `kubelet`. A one-time [bootkube
|
||||||
|
|
||||||
* AWS Account and IAM credentials
|
* AWS Account and IAM credentials
|
||||||
* AWS Route53 DNS Zone (registered Domain Name or delegated subdomain)
|
* AWS Route53 DNS Zone (registered Domain Name or delegated subdomain)
|
||||||
* Terraform v0.10.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
* Terraform v0.11.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
||||||
|
|
||||||
## Terraform Setup
|
## Terraform Setup
|
||||||
|
|
||||||
Install [Terraform](https://www.terraform.io/downloads.html) v0.10.x on your system.
|
Install [Terraform](https://www.terraform.io/downloads.html) v0.11.x on your system.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ terraform version
|
$ terraform version
|
||||||
Terraform v0.10.7
|
Terraform v0.11.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
||||||
|
@ -57,9 +57,32 @@ Configure the AWS provider to use your access key credentials in a `providers.tf
|
||||||
|
|
||||||
```tf
|
```tf
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
|
version = "~> 1.5.0"
|
||||||
|
alias = "default"
|
||||||
|
|
||||||
region = "eu-central-1"
|
region = "eu-central-1"
|
||||||
shared_credentials_file = "/home/user/.config/aws/credentials"
|
shared_credentials_file = "/home/user/.config/aws/credentials"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "local" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "null" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "template" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tls" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Additional configuration options are described in the `aws` provider [docs](https://www.terraform.io/docs/providers/aws/).
|
Additional configuration options are described in the `aws` provider [docs](https://www.terraform.io/docs/providers/aws/).
|
||||||
|
@ -75,6 +98,14 @@ Define a Kubernetes cluster using the module `aws/container-linux/kubernetes`.
|
||||||
module "aws-tempest" {
|
module "aws-tempest" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
aws = "aws.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
cluster_name = "tempest"
|
cluster_name = "tempest"
|
||||||
|
|
||||||
# AWS
|
# AWS
|
||||||
|
|
|
@ -12,7 +12,7 @@ Controllers are provisioned as etcd peers and run `etcd-member` (etcd3) and `kub
|
||||||
* PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment
|
* PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment
|
||||||
* Matchbox v0.6+ deployment with API enabled
|
* Matchbox v0.6+ deployment with API enabled
|
||||||
* Matchbox credentials `client.crt`, `client.key`, `ca.crt`
|
* Matchbox credentials `client.crt`, `client.key`, `ca.crt`
|
||||||
* Terraform v0.10.x and [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) installed locally
|
* Terraform v0.11.x and [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) installed locally
|
||||||
|
|
||||||
## Machines
|
## Machines
|
||||||
|
|
||||||
|
@ -109,11 +109,11 @@ Read about the [many ways](https://coreos.com/matchbox/docs/latest/network-setup
|
||||||
|
|
||||||
## Terraform Setup
|
## Terraform Setup
|
||||||
|
|
||||||
Install [Terraform](https://www.terraform.io/downloads.html) v0.10.x on your system.
|
Install [Terraform](https://www.terraform.io/downloads.html) v0.11.x on your system.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ terraform version
|
$ terraform version
|
||||||
Terraform v0.10.7
|
Terraform v0.11.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) plugin binary for your system.
|
Add the [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) plugin binary for your system.
|
||||||
|
@ -149,6 +149,26 @@ provider "matchbox" {
|
||||||
client_key = "${file("~/.config/matchbox/client.key")}"
|
client_key = "${file("~/.config/matchbox/client.key")}"
|
||||||
ca = "${file("~/.config/matchbox/ca.crt")}"
|
ca = "${file("~/.config/matchbox/ca.crt")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "local" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "null" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "template" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tls" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## Cluster
|
## Cluster
|
||||||
|
@ -159,6 +179,13 @@ Define a Kubernetes cluster using the module `bare-metal/container-linux/kuberne
|
||||||
module "bare-metal-mercury" {
|
module "bare-metal-mercury" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//bare-metal/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//bare-metal/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
# install
|
# install
|
||||||
matchbox_http_endpoint = "http://matchbox.example.com"
|
matchbox_http_endpoint = "http://matchbox.example.com"
|
||||||
container_linux_channel = "stable"
|
container_linux_channel = "stable"
|
||||||
|
|
|
@ -10,15 +10,15 @@ Controllers and workers are provisioned to run a `kubelet`. A one-time [bootkube
|
||||||
|
|
||||||
* Digital Ocean Account and Token
|
* Digital Ocean Account and Token
|
||||||
* Digital Ocean Domain (registered Domain Name or delegated subdomain)
|
* Digital Ocean Domain (registered Domain Name or delegated subdomain)
|
||||||
* Terraform v0.10.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
* Terraform v0.11.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
||||||
|
|
||||||
## Terraform Setup
|
## Terraform Setup
|
||||||
|
|
||||||
Install [Terraform](https://www.terraform.io/downloads.html) v0.10.x on your system.
|
Install [Terraform](https://www.terraform.io/downloads.html) v0.11.x on your system.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ terraform version
|
$ terraform version
|
||||||
Terraform v0.10.7
|
Terraform v0.11.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
||||||
|
@ -58,7 +58,29 @@ Configure the DigitalOcean provider to use your token in a `providers.tf` file.
|
||||||
|
|
||||||
```tf
|
```tf
|
||||||
provider "digitalocean" {
|
provider "digitalocean" {
|
||||||
|
version = "0.1.2"
|
||||||
token = "${chomp(file("~/.config/digital-ocean/token"))}"
|
token = "${chomp(file("~/.config/digital-ocean/token"))}"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "local" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "null" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "template" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tls" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -70,6 +92,14 @@ Define a Kubernetes cluster using the module `digital-ocean/container-linux/kube
|
||||||
module "digital-ocean-nemo" {
|
module "digital-ocean-nemo" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//digital-ocean/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//digital-ocean/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
digitalocean = "digitalocean.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
region = "nyc3"
|
region = "nyc3"
|
||||||
dns_zone = "digital-ocean.example.com"
|
dns_zone = "digital-ocean.example.com"
|
||||||
|
|
||||||
|
|
|
@ -10,15 +10,15 @@ Controllers and workers are provisioned to run a `kubelet`. A one-time [bootkube
|
||||||
|
|
||||||
* Google Cloud Account and Service Account
|
* Google Cloud Account and Service Account
|
||||||
* Google Cloud DNS Zone (registered Domain Name or delegated subdomain)
|
* Google Cloud DNS Zone (registered Domain Name or delegated subdomain)
|
||||||
* Terraform v0.10.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
* Terraform v0.11.x and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
||||||
|
|
||||||
## Terraform Setup
|
## Terraform Setup
|
||||||
|
|
||||||
Install [Terraform](https://www.terraform.io/downloads.html) v0.10.x on your system.
|
Install [Terraform](https://www.terraform.io/downloads.html) v0.11.x on your system.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ terraform version
|
$ terraform version
|
||||||
Terraform v0.10.7
|
Terraform v0.11.1
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
||||||
|
@ -57,10 +57,33 @@ Configure the Google Cloud provider to use your service account key, project-id,
|
||||||
|
|
||||||
```tf
|
```tf
|
||||||
provider "google" {
|
provider "google" {
|
||||||
|
version = "1.2"
|
||||||
|
alias = "default"
|
||||||
|
|
||||||
credentials = "${file("~/.config/google-cloud/terraform.json")}"
|
credentials = "${file("~/.config/google-cloud/terraform.json")}"
|
||||||
project = "project-id"
|
project = "project-id"
|
||||||
region = "us-central1"
|
region = "us-central1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "local" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "null" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "template" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tls" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Additional configuration options are described in the `google` provider [docs](https://www.terraform.io/docs/providers/google/index.html).
|
Additional configuration options are described in the `google` provider [docs](https://www.terraform.io/docs/providers/google/index.html).
|
||||||
|
@ -76,6 +99,14 @@ Define a Kubernetes cluster using the module `google-cloud/container-linux/kuber
|
||||||
module "google-cloud-yavin" {
|
module "google-cloud-yavin" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
google = "google.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
# Google Cloud
|
# Google Cloud
|
||||||
region = "us-central1"
|
region = "us-central1"
|
||||||
dns_zone = "example.com"
|
dns_zone = "example.com"
|
||||||
|
|
|
@ -45,6 +45,14 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo
|
||||||
module "google-cloud-yavin" {
|
module "google-cloud-yavin" {
|
||||||
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
source = "git::https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
google = "google.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
# Google Cloud
|
# Google Cloud
|
||||||
region = "us-central1"
|
region = "us-central1"
|
||||||
dns_zone = "example.com"
|
dns_zone = "example.com"
|
||||||
|
|
|
@ -127,3 +127,78 @@ Typhoon supports multi-controller clusters, so it is possible to upgrade a clust
|
||||||
!!! warning
|
!!! warning
|
||||||
Typhoon does not support or document node replacement as an upgrade strategy. It limits Typhoon's ability to make infrastructure and architectural changes between tagged releases.
|
Typhoon does not support or document node replacement as an upgrade strategy. It limits Typhoon's ability to make infrastructure and architectural changes between tagged releases.
|
||||||
|
|
||||||
|
## Terraform v0.11.x
|
||||||
|
|
||||||
|
Terraform v0.10.x to v0.11.x introduced breaking changes in the provider and module inheritance relationship that you MUST be aware of when upgrading to the v0.11.x `terraform` binary. Terraform now allows multiple named (i.e. aliased) copies of a provider to exist (e.g `aws.default`, `aws.somename`). Terraform now also requires providers be explicitly passed to modules in order to satisfy module version contraints (which Typhoon modules define). Full details can be found in [typhoon#77](https://github.com/poseidon/typhoon/issues/77) and [hashicorp#16824](https://github.com/hashicorp/terraform/issues/16824).
|
||||||
|
|
||||||
|
In particular, after upgrading to the v0.11.x `terraform` binary, you'll notice:
|
||||||
|
|
||||||
|
* `terraform plan` does not succeed and prompts for variables when it didn't before
|
||||||
|
* `terraform plan` does not succeed and mentions "provider configuration block is required for all operations"
|
||||||
|
* `terraform apply` fails when you comment or remove a module usage in order to delete a cluster
|
||||||
|
|
||||||
|
### New users
|
||||||
|
|
||||||
|
New users can start with Terraform v0.11.x and follow the Typhoon docs without issue.
|
||||||
|
|
||||||
|
### Existing
|
||||||
|
|
||||||
|
Users who used modules to create clusters with Terraform v0.10.x and still manage those clusters via Terraform must explicitly add each provider used in `provider.tf`:
|
||||||
|
|
||||||
|
```
|
||||||
|
provider "local" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "null" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "template" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tls" {
|
||||||
|
version = "~> 1.0"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Modify the `google`, `aws`, or `digitalocean` provider section to specify an explicit `alias` name.
|
||||||
|
|
||||||
|
```
|
||||||
|
provider "digitalocean" {
|
||||||
|
version = "0.1.2"
|
||||||
|
token = "${chomp(file("~/.config/digital-ocean/token"))}"
|
||||||
|
alias = "default"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! note
|
||||||
|
In these examples, we've chosen to name each provider "default", though the point of the Terraform changes is that other possibilities are possible.
|
||||||
|
|
||||||
|
Edit each instance (i.e. usage) of a module and explicitly pass the providers.
|
||||||
|
|
||||||
|
```
|
||||||
|
module "aws-cluster" {
|
||||||
|
source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes"
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
aws = "aws.default"
|
||||||
|
local = "local.default"
|
||||||
|
null = "null.default"
|
||||||
|
template = "template.default"
|
||||||
|
tls = "tls.default"
|
||||||
|
}
|
||||||
|
|
||||||
|
cluster_name = "somename"
|
||||||
|
```
|
||||||
|
|
||||||
|
Re-run `terraform plan`. Plan will claim there are no changes to apply. Run `terraform apply` anyway as this will update Terraform state to be aware of the explicit provider versions.
|
||||||
|
|
||||||
|
### Verify
|
||||||
|
|
||||||
|
You should now be able to run `terraform plan` without errors. When you choose, you may comment or delete a module from Terraform configs and `terraform apply` should destroy the cluster correctly.
|
||||||
|
|
Loading…
Reference in New Issue