From ed9bcd2f7c1b93a007bc9214b19289047ad15e09 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 17:25:32 -0400 Subject: [PATCH 1/7] Auto-generate terraform docs --- .github/workflows/terraform-docs.yml | 33 +++++++++++++++++++ Taskfile.yaml | 18 ++++++++++- terraform/.terraform-docs.yml | 47 ++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/terraform-docs.yml create mode 100644 terraform/.terraform-docs.yml diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml new file mode 100644 index 000000000..a6b47f087 --- /dev/null +++ b/.github/workflows/terraform-docs.yml @@ -0,0 +1,33 @@ +name: Generate terraform docs +on: + push: + paths: + - 'terraform/**' + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Install Task + uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 + with: + version: '3.43.3' + repo-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate Terraform docs + run: task docs + + - name: Commit changes + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add docs/terraform/ + if git diff --staged --quiet; then + echo "No changes to commit" + exit 0 + fi + git commit -m "docs: regenerate terraform documentation [skip ci]" + git push \ No newline at end of file diff --git a/Taskfile.yaml b/Taskfile.yaml index 11f8707c1..b7520afaa 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -24,4 +24,20 @@ tasks: fmt: desc: Check Terraform formatting cmds: - - terraform fmt -recursive \ No newline at end of file + - terraform fmt -recursive + + docs: + desc: Generate Terraform documentation + cmds: + - rm -rf docs/terraform/* + - | + find terraform -type d -exec test -e '{}/main.tf' -a -e '{}/variables.tf' \; -print | while read -r dir; do + rel_path="${dir#terraform/}" + output_file="docs/terraform/$rel_path/$(basename "$dir").md" + mkdir -p "$(dirname "$output_file")" + if [ -f "$dir/README.md" ]; then + cat "$dir/README.md" > "$output_file" + echo >> "$output_file" + fi + docker run --rm -v "$(pwd):/src" -w "/src/$dir" quay.io/terraform-docs/terraform-docs:0.20.0 markdown . >> "$output_file" + done diff --git a/terraform/.terraform-docs.yml b/terraform/.terraform-docs.yml new file mode 100644 index 000000000..2a4d42359 --- /dev/null +++ b/terraform/.terraform-docs.yml @@ -0,0 +1,47 @@ +formatter: markdown + +recursive: + enabled: true + path: . + include-main: true + +sections: + show: + - header + - requirements + - providers + - inputs + - outputs + - resources + +content: |- + {{ .Header }} + + {{ .Requirements }} + + {{ .Providers }} + + {{ .Inputs }} + + {{ .Outputs }} + + {{ .Resources }} + +output: + file: "docs/terraform/{{ .Path }}.md" + mode: replace + +settings: + anchor: true + color: true + default: true + description: true + escape: true + hide-empty: false + html: true + indent: 2 + lockfile: true + read-comments: true + required: true + sensitive: true + type: true From 819ae7b907fa672c0cdb4a18481d890929c92a36 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 17:31:55 -0400 Subject: [PATCH 2/7] Commit changes to docs --- .github/workflows/terraform-docs.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index a6b47f087..06b8a2ef5 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -21,13 +21,12 @@ jobs: run: task docs - name: Commit changes + if: success() run: | - git config --local user.email "action@github.com" git config --local user.name "GitHub Action" + git config --local user.email "action@github.com" git add docs/terraform/ - if git diff --staged --quiet; then - echo "No changes to commit" - exit 0 - fi - git commit -m "docs: regenerate terraform documentation [skip ci]" - git push \ No newline at end of file + if ! git diff --staged --quiet; then + git commit -m "docs: update terraform documentation" + git push + fi From b4ec444ba9769db35155006d09c46fc335bf5a38 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 17:33:49 -0400 Subject: [PATCH 3/7] Always run docs --- .github/workflows/terraform-docs.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index 06b8a2ef5..6fe43ea66 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -1,8 +1,6 @@ name: Generate terraform docs on: push: - paths: - - 'terraform/**' jobs: docs: From ac47a426e7456c3e1563a7089afa88655ef746d6 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 17:39:35 -0400 Subject: [PATCH 4/7] Try automatic PR creation with docs --- .github/workflows/terraform-docs.yml | 54 +++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index 6fe43ea66..858690ad2 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -2,6 +2,10 @@ name: Generate terraform docs on: push: +permissions: + contents: write + pull-requests: write + jobs: docs: runs-on: ubuntu-latest @@ -18,13 +22,45 @@ jobs: - name: Generate Terraform docs run: task docs - - name: Commit changes + - name: Create or update PR if: success() - run: | - git config --local user.name "GitHub Action" - git config --local user.email "action@github.com" - git add docs/terraform/ - if ! git diff --staged --quiet; then - git commit -m "docs: update terraform documentation" - git push - fi + uses: actions/github-script@v7 + with: + script: | + const branchName = `docs/${context.ref.replace('refs/heads/', '')}`; + + // Configure git + await exec.exec('git', ['config', '--local', 'user.name', 'GitHub Action']); + await exec.exec('git', ['config', '--local', 'user.email', 'action@github.com']); + + // Create or update branch + await exec.exec('git', ['checkout', '-B', branchName]); + await exec.exec('git', ['add', 'docs/terraform/']); + + const { stdout: diffOutput } = await exec.exec('git', ['diff', '--staged', '--quiet'], { ignoreReturnCode: true }); + if (diffOutput !== '') { + await exec.exec('git', ['commit', '-m', 'docs: update terraform documentation']); + await exec.exec('git', ['push', '-f', 'origin', branchName]); + + // Create PR if it doesn't exist + const { data: existingPRs } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + head: `${context.repo.owner}:${branchName}`, + base: context.ref.replace('refs/heads/', '') + }); + + if (existingPRs.length === 0) { + await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: 'docs: update terraform documentation', + body: 'Automated documentation update', + head: branchName, + base: context.ref.replace('refs/heads/', ''), + labels: ['documentation'] + }); + } + } else { + console.log('No changes to commit'); + } From 15e1e1d6fa8aaab1a03403a068b6e64ecb85b319 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 17:52:08 -0400 Subject: [PATCH 5/7] Improve PR generation --- .github/release-drafter.yml | 5 ++++- .github/workflows/enforce-pr-labels.yaml | 2 +- .github/workflows/terraform-docs.yml | 17 +++++++++-------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index ae74e34ea..dee85ebf9 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -11,7 +11,9 @@ categories: - 'bugfix' - 'bug' - title: 'Maintenance' - label: 'chore' + labels: + - 'chore' + - 'documentation' - title: 'Dependencies' label: 'dependencies' change-template: '- $TITLE @$AUTHOR (#$NUMBER)' @@ -32,6 +34,7 @@ version-resolver: - 'chore' - 'dependencies' - 'enhancement' + - 'documentation' default: patch template: | ## Changes diff --git a/.github/workflows/enforce-pr-labels.yaml b/.github/workflows/enforce-pr-labels.yaml index 6610ae2ea..7518212b0 100644 --- a/.github/workflows/enforce-pr-labels.yaml +++ b/.github/workflows/enforce-pr-labels.yaml @@ -13,7 +13,7 @@ jobs: with: script: | const requiredLabels = [ - 'feature', 'enhancement', 'fix', 'bugfix', 'bug', 'chore', 'dependencies', 'major', 'minor', 'patch' + 'feature', 'enhancement', 'documentation','fix', 'bugfix', 'bug', 'chore', 'dependencies', 'major', 'minor', 'patch' ]; const prLabels = context.payload.pull_request.labels.map(label => label.name); const hasRequiredLabel = prLabels.some(label => requiredLabels.includes(label)); diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index 858690ad2..7efe827d5 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -1,6 +1,6 @@ name: Generate terraform docs on: - push: + pull_request: permissions: contents: write @@ -24,10 +24,11 @@ jobs: - name: Create or update PR if: success() - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | - const branchName = `docs/${context.ref.replace('refs/heads/', '')}`; + const sourcePR = context.payload.pull_request; + const branchName = `docs/${sourcePR.head.ref}`; // Configure git await exec.exec('git', ['config', '--local', 'user.name', 'GitHub Action']); @@ -39,7 +40,7 @@ jobs: const { stdout: diffOutput } = await exec.exec('git', ['diff', '--staged', '--quiet'], { ignoreReturnCode: true }); if (diffOutput !== '') { - await exec.exec('git', ['commit', '-m', 'docs: update terraform documentation']); + await exec.exec('git', ['commit', '-m', `docs: update terraform documentation for #${sourcePR.number}`]); await exec.exec('git', ['push', '-f', 'origin', branchName]); // Create PR if it doesn't exist @@ -47,17 +48,17 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, head: `${context.repo.owner}:${branchName}`, - base: context.ref.replace('refs/heads/', '') + base: 'main' }); if (existingPRs.length === 0) { await github.rest.pulls.create({ owner: context.repo.owner, repo: context.repo.repo, - title: 'docs: update terraform documentation', - body: 'Automated documentation update', + title: `docs: update terraform documentation for #${sourcePR.number}`, + body: `Automated documentation update for PR #${sourcePR.number}: ${sourcePR.title}\n\n${sourcePR.html_url}`, head: branchName, - base: context.ref.replace('refs/heads/', ''), + base: 'main', labels: ['documentation'] }); } From ece7f8e6085ba347a233b511cc8332132e8624b0 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 18:13:14 -0400 Subject: [PATCH 6/7] Warn on terraform docs being outdated --- .github/workflows/terraform-docs.yml | 57 +++++----------------------- 1 file changed, 10 insertions(+), 47 deletions(-) diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml index 7efe827d5..e84d1ebc3 100644 --- a/.github/workflows/terraform-docs.yml +++ b/.github/workflows/terraform-docs.yml @@ -1,10 +1,9 @@ -name: Generate terraform docs +name: Validate terraform docs on: - pull_request: + push: permissions: - contents: write - pull-requests: write + contents: read jobs: docs: @@ -22,46 +21,10 @@ jobs: - name: Generate Terraform docs run: task docs - - name: Create or update PR - if: success() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const sourcePR = context.payload.pull_request; - const branchName = `docs/${sourcePR.head.ref}`; - - // Configure git - await exec.exec('git', ['config', '--local', 'user.name', 'GitHub Action']); - await exec.exec('git', ['config', '--local', 'user.email', 'action@github.com']); - - // Create or update branch - await exec.exec('git', ['checkout', '-B', branchName]); - await exec.exec('git', ['add', 'docs/terraform/']); - - const { stdout: diffOutput } = await exec.exec('git', ['diff', '--staged', '--quiet'], { ignoreReturnCode: true }); - if (diffOutput !== '') { - await exec.exec('git', ['commit', '-m', `docs: update terraform documentation for #${sourcePR.number}`]); - await exec.exec('git', ['push', '-f', 'origin', branchName]); - - // Create PR if it doesn't exist - const { data: existingPRs } = await github.rest.pulls.list({ - owner: context.repo.owner, - repo: context.repo.repo, - head: `${context.repo.owner}:${branchName}`, - base: 'main' - }); - - if (existingPRs.length === 0) { - await github.rest.pulls.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: `docs: update terraform documentation for #${sourcePR.number}`, - body: `Automated documentation update for PR #${sourcePR.number}: ${sourcePR.title}\n\n${sourcePR.html_url}`, - head: branchName, - base: 'main', - labels: ['documentation'] - }); - } - } else { - console.log('No changes to commit'); - } + - name: Check for changes + run: | + if [[ -n "$(git status --porcelain)" ]]; then + echo "::error::Terraform documentation is out of date. Please run 'task docs' in the repository." + git diff + exit 1 + fi From e914dc0ccfea76af1c927002f1336f6a9ced2084 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Wed, 14 May 2025 18:14:54 -0400 Subject: [PATCH 7/7] Update docs --- docs/terraform/backend/azurerm/azurerm.md | 46 ++++++++++++ docs/terraform/backend/s3/s3.md | 53 ++++++++++++++ docs/terraform/cluster/azure-aks/azure-aks.md | 72 +++++++++++++++++++ .../cluster/talos/modules/machine/machine.md | 50 +++++++++++++ docs/terraform/cluster/talos/talos.md | 53 ++++++++++++++ docs/terraform/gitops/flux/flux.md | 45 ++++++++++++ .../network/azure-vnet/azure-vnet.md | 47 ++++++++++++ 7 files changed, 366 insertions(+) create mode 100644 docs/terraform/backend/azurerm/azurerm.md create mode 100644 docs/terraform/backend/s3/s3.md create mode 100644 docs/terraform/cluster/azure-aks/azure-aks.md create mode 100644 docs/terraform/cluster/talos/modules/machine/machine.md create mode 100644 docs/terraform/cluster/talos/talos.md create mode 100644 docs/terraform/gitops/flux/flux.md create mode 100644 docs/terraform/network/azure-vnet/azure-vnet.md diff --git a/docs/terraform/backend/azurerm/azurerm.md b/docs/terraform/backend/azurerm/azurerm.md new file mode 100644 index 000000000..db24c4f27 --- /dev/null +++ b/docs/terraform/backend/azurerm/azurerm.md @@ -0,0 +1,46 @@ +## Requirements + +| Name | Version | +|------|---------| +| [azurerm](#requirement\_azurerm) | 4.28.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | 4.28.0 | +| [local](#provider\_local) | 2.5.3 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.28.0/docs/resources/resource_group) | resource | +| [azurerm_storage_account.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.28.0/docs/resources/storage_account) | resource | +| [azurerm_storage_container.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.28.0/docs/resources/storage_container) | resource | +| [azurerm_user_assigned_identity.storage](https://registry.terraform.io/providers/hashicorp/azurerm/4.28.0/docs/resources/user_assigned_identity) | resource | +| [local_file.backend_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allow\_public\_access](#input\_allow\_public\_access) | Allow public access to the storage account | `bool` | `true` | no | +| [allowed\_ip\_ranges](#input\_allowed\_ip\_ranges) | List of IP ranges to allow access to the storage account | `list(string)` | `[]` | no | +| [container\_name](#input\_container\_name) | Name of the blob container for Terraform state | `string` | `""` | no | +| [context\_id](#input\_context\_id) | Context ID for the resources | `string` | n/a | yes | +| [context\_path](#input\_context\_path) | The path to the context folder | `string` | `""` | no | +| [enable\_cmk](#input\_enable\_cmk) | Enable customer managed key encryption | `bool` | `false` | no | +| [key\_vault\_key\_id](#input\_key\_vault\_key\_id) | The ID of the Key Vault Key to use for CMK encryption | `string` | `""` | no | +| [location](#input\_location) | Azure region where resources will be created | `string` | `"eastus2"` | no | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group where the storage account will be created | `string` | `""` | no | +| [storage\_account\_name](#input\_storage\_account\_name) | Name of the storage account. If not provided, a default name will be generated | `string` | `""` | no | +| [tags](#input\_tags) | Additional tags to apply to resources | `map(string)` | `{}` | no | + +## Outputs + +No outputs. diff --git a/docs/terraform/backend/s3/s3.md b/docs/terraform/backend/s3/s3.md new file mode 100644 index 000000000..ace853386 --- /dev/null +++ b/docs/terraform/backend/s3/s3.md @@ -0,0 +1,53 @@ +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | 5.97.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.97.0 | +| [local](#provider\_local) | 2.5.2 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_dynamodb_table.terraform_locks](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/dynamodb_table) | resource | +| [aws_kms_alias.terraform_state_alias](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/kms_alias) | resource | +| [aws_kms_key.terraform_state](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/kms_key) | resource | +| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_lifecycle_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_lifecycle_configuration) | resource | +| [aws_s3_bucket_logging.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_logging) | resource | +| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.this](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/resources/s3_bucket_versioning) | resource | +| [local_file.backend_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/5.97.0/docs/data-sources/caller_identity) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [context\_id](#input\_context\_id) | Context ID for the resources | `string` | `null` | no | +| [context\_path](#input\_context\_path) | The path to the context folder | `string` | `""` | no | +| [enable\_dynamodb](#input\_enable\_dynamodb) | Feature flag to enable DynamoDB table creation | `bool` | `true` | no | +| [enable\_kms](#input\_enable\_kms) | Feature flag to enable KMS encryption | `bool` | `true` | no | +| [kms\_key\_alias](#input\_kms\_key\_alias) | The KMS key ID for encrypting the S3 bucket | `string` | `""` | no | +| [kms\_policy\_override](#input\_kms\_policy\_override) | Override for the KMS policy document (for testing) | `string` | `null` | no | +| [region](#input\_region) | The AWS Region for the S3 Bucket and DynamoDB Table | `string` | `"us-east-2"` | no | +| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket for storing Terraform state, overrides the default bucket name | `string` | `""` | no | +| [s3\_log\_bucket\_name](#input\_s3\_log\_bucket\_name) | Name of a pre-existing, centralized S3 logging bucket to receive access logs. Must be created outside this module. | `string` | `""` | no | +| [tags](#input\_tags) | Additional tags to apply to resources (default is empty). | `map(string)` | `{}` | no | +| [terraform\_state\_iam\_roles](#input\_terraform\_state\_iam\_roles) | List of IAM role ARNs that should have access to the Terraform state bucket | `list(string)` | `[]` | no | + +## Outputs + +No outputs. diff --git a/docs/terraform/cluster/azure-aks/azure-aks.md b/docs/terraform/cluster/azure-aks/azure-aks.md new file mode 100644 index 000000000..715b1a45c --- /dev/null +++ b/docs/terraform/cluster/azure-aks/azure-aks.md @@ -0,0 +1,72 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.8 | +| [azurerm](#requirement\_azurerm) | ~> 4.28.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | 4.28.0 | +| [local](#provider\_local) | 2.5.3 | +| [random](#provider\_random) | 3.7.2 | +| [time](#provider\_time) | 0.13.1 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_disk_encryption_set.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/disk_encryption_set) | resource | +| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource | +| [azurerm_key_vault_access_policy.key_vault_access_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.key_vault_access_policy_disk](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_key.key_vault_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource | +| [azurerm_kubernetes_cluster.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) | resource | +| [azurerm_kubernetes_cluster_node_pool.autoscaled](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource | +| [azurerm_log_analytics_workspace.aks_logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | +| [azurerm_resource_group.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_user_assigned_identity.cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | +| [local_file.kube_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [random_string.key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [time_static.expiry](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_subnet.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [additional\_cluster\_identity\_ids](#input\_additional\_cluster\_identity\_ids) | Additional user assigned identity IDs for the AKS cluster | `list(string)` | `[]` | no | +| [auto\_scaler\_profile](#input\_auto\_scaler\_profile) | Configuration for the AKS cluster's auto-scaler | 
object({
    balance_similar_node_groups      = bool
    max_graceful_termination_sec     = number
    scale_down_delay_after_add       = string
    scale_down_delay_after_delete    = string
    scale_down_delay_after_failure   = string
    scan_interval                    = string
    scale_down_unneeded              = string
    scale_down_unready               = string
    scale_down_utilization_threshold = string
  })
| 
{
  "balance_similar_node_groups": true,
  "max_graceful_termination_sec": 600,
  "scale_down_delay_after_add": "10m",
  "scale_down_delay_after_delete": "10s",
  "scale_down_delay_after_failure": "3m",
  "scale_down_unneeded": "10m",
  "scale_down_unready": "20m",
  "scale_down_utilization_threshold": "0.5",
  "scan_interval": "10s"
}
| no | +| [automatic\_upgrade\_channel](#input\_automatic\_upgrade\_channel) | The automatic upgrade channel for the AKS cluster | `string` | `"stable"` | no | +| [autoscaled\_node\_pool](#input\_autoscaled\_node\_pool) | Configuration for the autoscaled node pool | 
object({
    enabled                 = bool
    name                    = string
    vm_size                 = string
    mode                    = string
    os_disk_type            = string
    max_pods                = number
    host_encryption_enabled = bool
    min_count               = number
    max_count               = number
  })
| 
{
  "enabled": true,
  "host_encryption_enabled": true,
  "max_count": 3,
  "max_pods": 30,
  "min_count": 1,
  "mode": "User",
  "name": "autoscaled",
  "os_disk_type": "Managed",
  "vm_size": "Standard_D2s_v3"
}
| no | +| [azure\_policy\_enabled](#input\_azure\_policy\_enabled) | Whether to enable Azure Policy for the AKS cluster | `bool` | `true` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the AKS cluster | `string` | `null` | no | +| [context\_id](#input\_context\_id) | Context ID for the resources | `string` | `null` | no | +| [context\_path](#input\_context\_path) | The path to the context folder, where kubeconfig is stored | `string` | `""` | no | +| [default\_node\_pool](#input\_default\_node\_pool) | Configuration for the default node pool | 
object({
    name                    = string
    vm_size                 = string
    os_disk_type            = string
    max_pods                = number
    host_encryption_enabled = bool
    min_count               = number
    max_count               = number
    node_count              = number
  })
| 
{
  "host_encryption_enabled": true,
  "max_count": 3,
  "max_pods": 30,
  "min_count": 1,
  "name": "system",
  "node_count": 1,
  "os_disk_type": "Managed",
  "vm_size": "Standard_D2s_v3"
}
| no | +| [expiration\_date](#input\_expiration\_date) | The expiration date for the AKS cluster's key vault | `string` | `null` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | Version of Kubernetes to use | `string` | `"1.32"` | no | +| [local\_account\_disabled](#input\_local\_account\_disabled) | Whether to disable local accounts for the AKS cluster | `bool` | `false` | no | +| [network\_acls\_default\_action](#input\_network\_acls\_default\_action) | The default action for the AKS cluster's network ACLs | `string` | `"Allow"` | no | +| [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | Whether to enable private cluster for the AKS cluster | `bool` | `false` | no | +| [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Whether to enable public network access for the AKS cluster | `bool` | `true` | no | +| [region](#input\_region) | Region for the resources | `string` | `"eastus"` | no | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | `null` | no | +| [role\_based\_access\_control\_enabled](#input\_role\_based\_access\_control\_enabled) | Whether to enable role-based access control for the AKS cluster | `bool` | `true` | no | +| [sku\_tier](#input\_sku\_tier) | The SKU tier for the AKS cluster | `string` | `"Standard"` | no | +| [soft\_delete\_retention\_days](#input\_soft\_delete\_retention\_days) | The number of days to retain the AKS cluster's key vault | `number` | `7` | no | +| [vnet\_name](#input\_vnet\_name) | Name of the VNET | `string` | `null` | no | +| [vnet\_resource\_group\_name](#input\_vnet\_resource\_group\_name) | Name of the VNET resource group | `string` | `null` | no | +| [vnet\_subnet\_id](#input\_vnet\_subnet\_id) | ID of the subnet | `string` | `null` | no | +| [workload\_autoscaler\_profile](#input\_workload\_autoscaler\_profile) | Configuration for the AKS cluster's workload autoscaler | 
object({
    keda_enabled                    = bool
    vertical_pod_autoscaler_enabled = bool
  })
| 
{
  "keda_enabled": false,
  "vertical_pod_autoscaler_enabled": false
}
| no | + +## Outputs + +No outputs. diff --git a/docs/terraform/cluster/talos/modules/machine/machine.md b/docs/terraform/cluster/talos/modules/machine/machine.md new file mode 100644 index 000000000..dcbd09ddc --- /dev/null +++ b/docs/terraform/cluster/talos/modules/machine/machine.md @@ -0,0 +1,50 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [talos](#provider\_talos) | 0.8.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [talos_machine_bootstrap.bootstrap](https://registry.terraform.io/providers/siderolabs/talos/latest/docs/resources/machine_bootstrap) | resource | +| [talos_machine_configuration_apply.this](https://registry.terraform.io/providers/siderolabs/talos/latest/docs/resources/machine_configuration_apply) | resource | +| [talos_machine_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/latest/docs/data-sources/machine_configuration) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [bootstrap](#input\_bootstrap) | Indicates whether to bootstrap the machine. | `bool` | `false` | no | +| [client\_configuration](#input\_client\_configuration) | The Talos client configuration. | `any` | n/a | yes | +| [cluster\_endpoint](#input\_cluster\_endpoint) | The cluster endpoint. | `string` | n/a | yes | +| [cluster\_name](#input\_cluster\_name) | The name of the cluster. | `string` | n/a | yes | +| [config\_patches](#input\_config\_patches) | The configuration patches to apply to the machine. | `list(string)` | `[]` | no | +| [disk\_selector](#input\_disk\_selector) | The disk selector to use for the machine. | 
object({
    busPath  = string
    modalias = string
    model    = string
    name     = string
    serial   = string
    size     = string
    type     = string
    uuid     = string
    wwid     = string
  })
| `null` | no | +| [endpoint](#input\_endpoint) | The endpoint of the machine. | `string` | n/a | yes | +| [extensions](#input\_extensions) | The extensions to use for the machine. | `list(object({ image = string }))` | `[]` | no | +| [extra\_kernel\_args](#input\_extra\_kernel\_args) | Additional kernel arguments to pass to the machine. | `list(string)` | `[]` | no | +| [hostname](#input\_hostname) | The hostname of the machine. | `string` | `""` | no | +| [image](#input\_image) | The Talos image to install. | `string` | `"ghcr.io/siderolabs/installer:latest"` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | The Kubernetes version. | `string` | n/a | yes | +| [machine\_secrets](#input\_machine\_secrets) | The Talos machine secrets. | `any` | n/a | yes | +| [machine\_type](#input\_machine\_type) | The machine type, which must be either 'controlplane' or 'worker'. | `string` | n/a | yes | +| [node](#input\_node) | The node address of the machine. | `string` | n/a | yes | +| [talos\_version](#input\_talos\_version) | The Talos version. | `string` | n/a | yes | +| [wipe\_disk](#input\_wipe\_disk) | Indicates whether to wipe the install disk. | `bool` | `true` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [endpoint](#output\_endpoint) | n/a | +| [node](#output\_node) | n/a | diff --git a/docs/terraform/cluster/talos/talos.md b/docs/terraform/cluster/talos/talos.md new file mode 100644 index 000000000..bdfc7657b --- /dev/null +++ b/docs/terraform/cluster/talos/talos.md @@ -0,0 +1,53 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.8 | +| [talos](#requirement\_talos) | 0.8.0 | + +## Providers + +| Name | Version | +|------|---------| +| [local](#provider\_local) | 2.5.2 | +| [null](#provider\_null) | 3.2.4 | +| [talos](#provider\_talos) | 0.8.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [controlplane\_bootstrap](#module\_controlplane\_bootstrap) | ./modules/machine | n/a | +| [controlplanes](#module\_controlplanes) | ./modules/machine | n/a | +| [workers](#module\_workers) | ./modules/machine | n/a | + +## Resources + +| Name | Type | +|------|------| +| [local_sensitive_file.kubeconfig](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource | +| [local_sensitive_file.talosconfig](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource | +| [null_resource.healthcheck](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [talos_cluster_kubeconfig.this](https://registry.terraform.io/providers/siderolabs/talos/0.8.0/docs/resources/cluster_kubeconfig) | resource | +| [talos_machine_secrets.this](https://registry.terraform.io/providers/siderolabs/talos/0.8.0/docs/resources/machine_secrets) | resource | +| [talos_client_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/0.8.0/docs/data-sources/client_configuration) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_endpoint](#input\_cluster\_endpoint) | The external controlplane API endpoint of the kubernetes API. | `string` | `"https://localhost:6443"` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the cluster. | `string` | `"talos"` | no | +| [common\_config\_patches](#input\_common\_config\_patches) | A YAML string of common config patches to apply. Can be an empty string or valid YAML. | `string` | `""` | no | +| [context\_path](#input\_context\_path) | The path to the context folder, where kubeconfig and talosconfig are stored | `string` | `""` | no | +| [controlplane\_config\_patches](#input\_controlplane\_config\_patches) | A YAML string of controlplane config patches to apply. Can be an empty string or valid YAML. | `string` | `""` | no | +| [controlplanes](#input\_controlplanes) | A list of machine configuration details for control planes. | 
list(object({
    hostname = optional(string)
    endpoint = string
    node     = string
    disk_selector = optional(object({
      busPath  = optional(string)
      modalias = optional(string)
      model    = optional(string)
      name     = optional(string)
      serial   = optional(string)
      size     = optional(string)
      type     = optional(string)
      uuid     = optional(string)
      wwid     = optional(string)
    }))
    wipe_disk         = optional(bool, true)
    extra_kernel_args = optional(list(string), [])
    config_patches    = optional(string, "")
  }))
| `[]` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | The kubernetes version to deploy. | `string` | `"1.33.0"` | no | +| [os\_type](#input\_os\_type) | The operating system type, must be either 'unix' or 'windows' | `string` | `"unix"` | no | +| [talos\_version](#input\_talos\_version) | The talos version to deploy. | `string` | `"1.10.1"` | no | +| [worker\_config\_patches](#input\_worker\_config\_patches) | A YAML string of worker config patches to apply. Can be an empty string or valid YAML. | `string` | `""` | no | +| [workers](#input\_workers) | A list of machine configuration details | 
list(object({
    hostname = optional(string)
    endpoint = string
    node     = string
    disk_selector = optional(object({
      busPath  = optional(string)
      modalias = optional(string)
      model    = optional(string)
      name     = optional(string)
      serial   = optional(string)
      size     = optional(string)
      type     = optional(string)
      uuid     = optional(string)
      wwid     = optional(string)
    }))
    wipe_disk         = optional(bool, true)
    extra_kernel_args = optional(list(string), [])
    config_patches    = optional(string, "")
  }))
| `[]` | no | + +## Outputs + +No outputs. diff --git a/docs/terraform/gitops/flux/flux.md b/docs/terraform/gitops/flux/flux.md new file mode 100644 index 000000000..66197141e --- /dev/null +++ b/docs/terraform/gitops/flux/flux.md @@ -0,0 +1,45 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.7.3 | +| [kubernetes](#requirement\_kubernetes) | 2.36.0 | + +## Providers + +| Name | Version | +|------|---------| +| [helm](#provider\_helm) | 2.17.0 | +| [kubernetes](#provider\_kubernetes) | 2.36.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [helm_release.flux_system](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.flux_system](https://registry.terraform.io/providers/hashicorp/kubernetes/2.36.0/docs/resources/namespace) | resource | +| [kubernetes_secret.git_auth](https://registry.terraform.io/providers/hashicorp/kubernetes/2.36.0/docs/resources/secret) | resource | +| [kubernetes_secret.webhook_token](https://registry.terraform.io/providers/hashicorp/kubernetes/2.36.0/docs/resources/secret) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [flux\_helm\_version](#input\_flux\_helm\_version) | The version of Flux Helm chart to install | `string` | `"2.15.0"` | no | +| [flux\_namespace](#input\_flux\_namespace) | The namespace in which Flux will be installed | `string` | `"system-gitops"` | no | +| [flux\_version](#input\_flux\_version) | The version of Flux to install | `string` | `"2.5.1"` | no | +| [git\_auth\_secret](#input\_git\_auth\_secret) | The name of the secret to store the git authentication details | `string` | `"flux-system"` | no | +| [git\_password](#input\_git\_password) | The git password or PAT used to authenticte with the git provider | `string` | `""` | no | +| [git\_username](#input\_git\_username) | The git user to use to authenticte with the git provider | `string` | `"git"` | no | +| [ssh\_known\_hosts](#input\_ssh\_known\_hosts) | The known hosts to use for SSH authentication | `string` | `""` | no | +| [ssh\_private\_key](#input\_ssh\_private\_key) | The private key to use for SSH authentication | `string` | `""` | no | +| [ssh\_public\_key](#input\_ssh\_public\_key) | The public key to use for SSH authentication | `string` | `""` | no | +| [webhook\_token](#input\_webhook\_token) | The token to use for the webhook | `string` | `""` | no | + +## Outputs + +No outputs. diff --git a/docs/terraform/network/azure-vnet/azure-vnet.md b/docs/terraform/network/azure-vnet/azure-vnet.md new file mode 100644 index 000000000..54c449a4c --- /dev/null +++ b/docs/terraform/network/azure-vnet/azure-vnet.md @@ -0,0 +1,47 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.8 | +| [azurerm](#requirement\_azurerm) | ~> 4.28.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | 4.28.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_nat_gateway.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway) | resource | +| [azurerm_nat_gateway_public_ip_association.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association) | resource | +| [azurerm_public_ip.nat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_resource_group.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_subnet.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_nat_gateway_association.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource | +| [azurerm_subnet_nat_gateway_association.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource | +| [azurerm_virtual_network.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [context\_id](#input\_context\_id) | Context ID for the resources | `string` | `null` | no | +| [region](#input\_region) | Region for the resources | `string` | `"eastus"` | no | +| [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | `null` | no | +| [vnet\_cidr](#input\_vnet\_cidr) | CIDR block for VNET | `string` | `"10.20.0.0/16"` | no | +| [vnet\_name](#input\_vnet\_name) | Name of the VNET | `string` | `null` | no | +| [vnet\_subnets](#input\_vnet\_subnets) | Subnets to create in the VNET | `map(list(string))` | 
{
  "data": [],
  "private": [],
  "public": []
}
| no | +| [vnet\_zones](#input\_vnet\_zones) | Number of availability zones to create | `number` | `1` | no | + +## Outputs + +No outputs.