From d5ec7a1265be10c2c5e930b36138bf4b3d6e1df2 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Mon, 14 Jun 2021 13:33:45 -0400 Subject: [PATCH 1/2] prow: migrate external ips to terraform For whatever reason when I ran `terraform plan` with terraform v0.15, it warned it was going to delete these external ips. I had a TODO about this anyway, so I guess now's as good a time as any --- .../k8s-infra-prow-build/prow-build/main.tf | 18 +++++++++++++++ infra/gcp/prow/ensure-e2e-projects.sh | 22 ------------------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf index 1238379243b..88593245631 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/main.tf @@ -106,6 +106,24 @@ resource "google_service_account_iam_policy" "boskos_janitor_sa_iam" { policy_data = data.google_iam_policy.boskos_janitor_sa_workload_identity.policy_data } +// external ip formerly managed by infra/gcp/prow/ensure-e2e-projects.sh +resource "google_compute_address" "boskos_metrics" { + name = "boskos-metrics" + description = "to allow monitoring.k8s.prow.io to scrape boskos metrics" + project = local.project_id + region = local.cluster_location + address_type = "EXTERNAL" +} + +// external ip formerly managed by infra/gcp/prow/ensure-e2e-projects.sh +resource "google_compute_address" "greenhouse_metrics" { + name = "greenhouse-metrics" + description = "to allow monitoring.k8s.prow.io to scrape greenhouse metrics" + project = local.project_id + region = local.cluster_location + address_type = "EXTERNAL" +} + module "prow_build_cluster" { source = "../../../modules/gke-cluster" project_name = local.project_id diff --git a/infra/gcp/prow/ensure-e2e-projects.sh b/infra/gcp/prow/ensure-e2e-projects.sh index e20f906fbec..cc294835915 100755 --- a/infra/gcp/prow/ensure-e2e-projects.sh +++ b/infra/gcp/prow/ensure-e2e-projects.sh @@ -47,13 +47,6 @@ BOSKOS_JANITOR_SVCACCT=$(svc_acct_email "${BUILD_CLUSTER_PROJECT}" "boskos-janit mapfile -t E2E_PROJECTS < <(k8s_infra_projects "e2e") readonly E2E_PROJECTS -# prow build cluster services that expose metrics endpoints to be scraped -# by monitoring.prow.k8s.io; they each get a regional address -readonly PROW_BUILD_CLUSTER_METRICS_SERVICES=( - "boskos-metrics" - "greenhouse-metrics" -) - function ensure_e2e_project() { if [ $# != 1 ] || [ -z "$1" ]; then echo "${FUNCNAME[0]}(project) requires 1 argument" >&2 @@ -144,21 +137,6 @@ function ensure_e2e_project() { fi } -# TODO: this should be moved to the terraform responsible for k8s-infra-prow-build -function ensure_prow_build_cluster_metrics_endpoints() { - local project="${BUILD_CLUSTER_PROJECT}" - local region="us-central1" - for service in "${PROW_BUILD_CLUSTER_METRICS_SERVICES[@]}"; do - color 6 "Ensuring monitoring.prow.k8s.io can scrape ${service} for: ${project}" - ensure_regional_address \ - "${project}" \ - "${region}" \ - "${service}" \ - "to allow monitoring.k8s.prow.io to scrape ${service}" \ - 2>&1 | indent - done -} - # TODO: this should be moved to the terraform responsible for k8s-infra-prow-build-trusted function ensure_trusted_prow_build_cluster_secrets() { local project="${TRUSTED_BUILD_CLUSTER_PROJECT}" From 92249034280ae96f4ed0d40094f75662083087f1 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Mon, 14 Jun 2021 13:01:39 -0400 Subject: [PATCH 2/2] infra/clusters: upgrade terraform to 0.15 for most Migration was performed by editing required versions, then running: terraform init -reconfigure terraform apply The following folders have been migrated - modules/gke-cluster - modules/gke-nodepool - modules/gke-project - projects/k8s-infra-ii-sandbox - projects/k8s-infra-prow-build - projects/k8s-infra-prow-build-trusted The one folder not migrated is projects/k8s-infra-public-pii since that's still being deployed. However, since it doesn't depend on modules/ it can be done as a followup --- infra/gcp/clusters/modules/gke-cluster/versions.tf | 2 +- infra/gcp/clusters/modules/gke-nodepool/versions.tf | 2 +- infra/gcp/clusters/modules/gke-project/versions.tf | 2 +- infra/gcp/clusters/projects/k8s-infra-ii-sandbox/versions.tf | 2 +- .../k8s-infra-prow-build-trusted/prow-build-trusted/versions.tf | 2 +- .../projects/k8s-infra-prow-build/prow-build/versions.tf | 2 +- infra/gcp/clusters/projects/kubernetes-public/aaa/00-inputs.tf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/infra/gcp/clusters/modules/gke-cluster/versions.tf b/infra/gcp/clusters/modules/gke-cluster/versions.tf index 453bc0b1273..4dc3f94e493 100644 --- a/infra/gcp/clusters/modules/gke-cluster/versions.tf +++ b/infra/gcp/clusters/modules/gke-cluster/versions.tf @@ -15,7 +15,7 @@ */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" required_providers { google = { source = "hashicorp/google" diff --git a/infra/gcp/clusters/modules/gke-nodepool/versions.tf b/infra/gcp/clusters/modules/gke-nodepool/versions.tf index 453bc0b1273..4dc3f94e493 100644 --- a/infra/gcp/clusters/modules/gke-nodepool/versions.tf +++ b/infra/gcp/clusters/modules/gke-nodepool/versions.tf @@ -15,7 +15,7 @@ */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" required_providers { google = { source = "hashicorp/google" diff --git a/infra/gcp/clusters/modules/gke-project/versions.tf b/infra/gcp/clusters/modules/gke-project/versions.tf index 453bc0b1273..4dc3f94e493 100644 --- a/infra/gcp/clusters/modules/gke-project/versions.tf +++ b/infra/gcp/clusters/modules/gke-project/versions.tf @@ -15,7 +15,7 @@ */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" required_providers { google = { source = "hashicorp/google" diff --git a/infra/gcp/clusters/projects/k8s-infra-ii-sandbox/versions.tf b/infra/gcp/clusters/projects/k8s-infra-ii-sandbox/versions.tf index 8b8e0bdefca..48b2d8c2b70 100644 --- a/infra/gcp/clusters/projects/k8s-infra-ii-sandbox/versions.tf +++ b/infra/gcp/clusters/projects/k8s-infra-ii-sandbox/versions.tf @@ -4,5 +4,5 @@ This file defines: */ terraform { - required_version = "~> 0.14" + required_version = "~> 0.15" } diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/versions.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/versions.tf index 07b1984ba39..1694441efd1 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/versions.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/versions.tf @@ -4,5 +4,5 @@ This file defines: */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" } diff --git a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/versions.tf b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/versions.tf index 07b1984ba39..1694441efd1 100644 --- a/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/versions.tf +++ b/infra/gcp/clusters/projects/k8s-infra-prow-build/prow-build/versions.tf @@ -4,5 +4,5 @@ This file defines: */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" } diff --git a/infra/gcp/clusters/projects/kubernetes-public/aaa/00-inputs.tf b/infra/gcp/clusters/projects/kubernetes-public/aaa/00-inputs.tf index f34e5eabe53..32bf5e8a2f3 100644 --- a/infra/gcp/clusters/projects/kubernetes-public/aaa/00-inputs.tf +++ b/infra/gcp/clusters/projects/kubernetes-public/aaa/00-inputs.tf @@ -7,7 +7,7 @@ This file defines: */ terraform { - required_version = "~> 0.14.0" + required_version = "~> 0.15.0" backend "gcs" { bucket = "k8s-infra-tf-public-clusters"