Merge pull request #51 from Discngine/3.0.5-1.9.1

3.0.5

CHANGELOG.md

@@ -0,0 +1,27 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+Dates are ISO8601 / YYYY-MM-DD
+Version equals the version of the equivalent 3decision helm chart release
+Add a `-0` with incrementing numbers in case of a terraform / cloudformation change without equivalent helm changes 
+
+## [3.0.5] - 2024-05-02
+### Cloudformation
+#### Added
+- Added InboundCidrs parameter to specify ingress cidr blocks for the loadbalancer security group @JonathanManass
+
+#### Changed
+- Nothing
+
+#### Removed
+- Nothing
+
+### Terraform
+#### Added
+- Added inbound_cidrs parameter passed to the helm chart @JonathanManass
+
+#### Changed
+- Updated 3decision helm chart default value to 3.0.5 @JonathanManass
+
+#### Removed
+- Nothing
+---

templates/discngine-3decision-existing-vpc.template.yaml

@@ -57,6 +57,7 @@ Metadata:
           - HostedZoneId
           - CertificateArn
           - LoadBalancerType
+          - InboundCidrs
       - Label:
           default : Discngine 3decision database configuration
         Parameters:
@@ -158,6 +159,8 @@ Metadata:
         default: Arns of certificates to connect to the loadbalancer
       LoadBalancerType:
         default: Type of loadbalancer created
+      InboundCidrs:
+        default: Inbound access to loadbalancer
       AzureClientId:
         default: Azure app client id
       AzureSecret:
@@ -403,6 +406,12 @@ Parameters:
     Description: "Type of loadbalancer created.
                   This can either be equal to internet-facing for public loadbalancer or internal for private loadbalancers"
     Type: String
+  InboundCidrs:
+    Default: ""
+    Description: >
+      Optional: List of cidr blocks to configure for ingress access to the loadbalancer. If left empty all incoming traffic will be accepted.
+      Write this as: cidr,cidr.
+    Type: String
   AzureClientId:
     Type: String
     Default: ""
@@ -814,6 +823,7 @@ Resources:
             db_delete_automated_backups = ${DBDeleteAutoBackups}
             load_balancer_type = "${LoadBalancerType}"
             certificate_arn = "${CertificateArn}"
+            inbound_cidrs = "${InboundCidrs}"
             domain = "${DomainName}"
             main_subdomain = "${MainSubdomain}"
             additional_main_fqdns = [${AdditionalMainFQDNs}]

templates/discngine-3decision-main.template.yaml

@@ -60,6 +60,7 @@ Metadata:
           - HostedZoneId
           - CertificateArn
           - LoadBalancerType
+          - InboundCidrs
       - Label:
           default : Discngine 3decision database configuration
         Parameters:
@@ -181,6 +182,8 @@ Metadata:
         default: Arns of certificates to connect to the loadbalancer
       LoadBalancerType:
         default: Type of loadbalancer created
+      InboundCidrs:
+        default: Inbound access to loadbalancer
       AzureClientId:
         default: Azure app client id
       AzureSecret:
@@ -479,6 +482,12 @@ Parameters:
     Description: "Type of loadbalancer created.
                   This can either be equal to internet-facing for public loadbalancer or internal for private loadbalancers"
     Type: String
+  InboundCidrs:
+    Default: ""
+    Description: >
+      Optional: List of cidr blocks to configure for ingress access to the loadbalancer. If left empty all incoming traffic will be accepted.
+      Write this as: cidr,cidr.
+    Type: String
   AzureClientId:
     Type: String
     Default: ""
@@ -610,6 +619,7 @@ Resources:
         AdditionalEKSAdminRoleArn: !Ref AdditionalEKSAdminRoleArn
         NodeVolumeSize: !Ref NodeVolumeSize
         LoadBalancerType: !Ref LoadBalancerType
+        InboundCidrs: !Ref InboundCidrs
         DBSnapshotIdentifier: !Ref DBSnapshotIdentifier
         DBDeleteAutoBackups: !Ref DBDeleteAutoBackups
         AdminInitialPassword: !Ref AdminInitialPassword

terraform/main.tf

@@ -251,6 +251,7 @@ module "kubernetes" {
   azure_oidc               = var.azure_oidc
   google_oidc              = var.google_oidc
   certificate_arn          = var.certificate_arn
+  inbound_cidrs             = var.inbound_cidrs
   domain                   = var.domain
   main_subdomain           = var.main_subdomain
   additional_main_fqdns    = var.additional_main_fqdns

terraform/modules/kubernetes/main.tf

@@ -562,6 +562,7 @@ ingress:
   host: ${var.domain}
   certificateArn: ${var.certificate_arn}
   visibility: ${var.load_balancer_type}
+  inboundCidrs: ${var.inbound_cidrs == "" ? "null" : var.inbound_cidrs}
   ui:
     host: ${var.main_subdomain}
     additionalHosts: [${join(", ", var.additional_main_fqdns)}]

terraform/modules/kubernetes/variables.tf

@@ -17,6 +17,7 @@ variable "okta_oidc" {}
 variable "azure_oidc" {}
 variable "google_oidc" {}
 variable "certificate_arn" {}
+variable "inbound_cidrs" {}
 variable "domain" {}
 variable "main_subdomain" {}
 variable "additional_main_fqdns" {}

terraform/variables.tf

@@ -164,6 +164,11 @@ variable "certificate_arn" {
   description = "Arn of the certificate to add to the loadbalancer"
 }
 
+variable "inbound_cidrs" {
+  default     = ""
+  description = "List of cidr blocks to allow access to the loadbalancer"
+}
+
 variable "domain" {
   description = "Root domain name used for load balancer rules. This is only the root domain name not the fqdn, eg: example.com"
 }
@@ -205,7 +210,7 @@ variable "tdecision_chart" {
     repository       = optional(string, "oci://fra.ocir.io/discngine1/3decision_kube")
     chart            = optional(string, "tdecision")
     namespace        = optional(string, "tdecision")
-    version          = optional(string, "3.0.1")
+    version          = optional(string, "3.0.5")
     create_namespace = optional(bool, true)
   })
   default = {}