Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8.4.0 - November 30, 2023 #354

Merged
merged 5 commits into from
Nov 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
ARG TERRAFORM_VERSION=1.4.5
ARG AZURECLI_VERSION=2.48.1
ARG TERRAFORM_VERSION=1.6.4
ARG AZURECLI_VERSION=2.54.0

FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION
ARG KUBECTL_VERSION=1.26.3
ARG KUBECTL_VERSION=1.26.10

WORKDIR /viya4-iac-azure

Expand All @@ -12,7 +12,7 @@ COPY . .

RUN apk update \
&& apk upgrade \
&& apk add --no-cache git openssh \
&& apk add --no-cache git openssh curl\
&& curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
&& chmod 755 ./kubectl /viya4-iac-azure/docker-entrypoint.sh \
&& mv ./kubectl /usr/local/bin/kubectl \
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ This project helps you to automate the cluster-provisioning phase of SAS Viya pl

[<img src="./docs/images/viya4-iac-azure-diag.png" alt="Architecture Diagram" width="750"/>](./docs/images/viya4-iac-azure-diag.png?raw=true)

This project addresses the first of three steps in [Steps for Getting Started](https://go.documentation.sas.com/doc/en/itopscdc/default/itopscon/n12fgslcw9swbsn10rva4bp0mr2w.htm) in _SAS&reg; Viya&reg; Platform Operations_:
This project addresses the first of three steps in [Steps for Getting Started](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopscon&docsetTarget=n12fgslcw9swbsn10rva4bp0mr2w.htm) in _SAS&reg; Viya&reg; Platform Operations_:

1. Provision resources.
1. Prepare for the deployment.
Expand All @@ -25,7 +25,7 @@ This project addresses the first of three steps in [Steps for Getting Started](h

Once the cloud resources are provisioned, use the [viya4-deployment](https://github.com/sassoftware/viya4-deployment) project to deploy
the SAS Viya platform in your cloud environment. To learn about all phases and options of the SAS Viya platform deployment process, see
[Getting Started with SAS Viya and Azure Kubernetes Service](https://go.documentation.sas.com/doc/en/itopscdc/default/itopscon/n1d7qc4nfr3s5zn103a1qy0kj4l1.htm) in _SAS Viya Platform Operations_.
[Getting Started with SAS Viya and Azure Kubernetes Service](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopscon&docsetTarget=n1d7qc4nfr3s5zn103a1qy0kj4l1.htm) in _SAS Viya Platform Operations_.


This project follows the [SemVer](https://semver.org/#summary) versioning scheme. Given a version number MAJOR.MINOR.PATCH, we increment the:
Expand Down Expand Up @@ -57,10 +57,10 @@ This project supports two options for running Terraform scripts:
Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformAzureAuthentication.md) with the *Contributor* role are required.

#### Terraform Requirements:
- [Terraform](https://www.terraform.io/downloads.html) - v1.4.5
- [Terraform](https://www.terraform.io/downloads.html) - v1.6.4
- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.26
- [jq](https://stedolan.github.io/jq/) - v1.6
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.48.1
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.54.0

#### Docker Requirements:
- [Docker](https://docs.docker.com/get-docker/)
Expand Down
4 changes: 2 additions & 2 deletions container-structure-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ commandTests:
- name: "terraform version"
command: "terraform"
args: ["--version"]
expectedOutput: ["Terraform v1.4.5"]
expectedOutput: ["Terraform v1.6.4"]
- name: "python version"
command: "python3"
args: ["--version"]
Expand All @@ -29,7 +29,7 @@ commandTests:
- -c
- |
az version -o tsv
expectedOutput: ["2.48.1\t2.48.1\t1.0.8"]
expectedOutput: ["2.54.0\t2.54.0\t1.1.0"]

metadataTest:
workdir: "/viya4-iac-azure"
Expand Down
6 changes: 3 additions & 3 deletions docs/CONFIG-VARS.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ You can use `default_public_access_cidrs` to set a default range for all created

| Name | Description | Type | Default | Notes |
| :--- | ---: | ---: | ---: | ---: |
| default_public_access_cidrs | IP address ranges allowed to access all created cloud resources | list of strings | | Sets a default for all resources. |
| default_public_access_cidrs | IP address ranges allowed to access all created cloud resources | list of strings | | Sets a default for all resources. Not setting the CIDR range creates a fully public site, this is not recommended for security reasons. |
| cluster_endpoint_public_access_cidrs | IP address ranges allowed to access the AKS cluster API | list of strings | | For client admin access to the cluster api (by `kubectl`, for example). Only used with `cluster_api_mode=public`|
| vm_public_access_cidrs | IP address ranges allowed to access the VMs | list of strings | | Opens port 22 for SSH access to the jump server and/or NFS VM by adding Ingress Rule on the NSG. Only used with `create_jump_public_ip=true` or `create_nfs_public_ip=true` |
| postgres_public_access_cidrs | IP address ranges allowed to access the Azure PostgreSQL Flexible Server | list of strings || Opens port 5432 by adding Ingress Rule on the NSG. Only used when creating postgres instances. |
Expand Down Expand Up @@ -358,12 +358,12 @@ Each server element, like `foo = {}`, can contain none, some, or all of the para
| geo_redundant_backup_enabled | Enable Geo-redundant or not for server backup | bool | false | Not supported for the basic tier. |
| administrator_login | The Administrator Login for the PostgreSQL Flexible Server. Changing this forces a new resource to be created. | string | "pgadmin" | The admin login name cannot be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It cannot start with pg_. See: [Microsoft Quickstart Server Database](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal) |
| administrator_password | The Password associated with the administrator_login for the PostgreSQL Flexible Server | string | "my$up3rS3cretPassw0rd" | The password must contain between 8 and 128 characters and must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.). |
| server_version | The version of the PostgreSQL Flexible server instance | string | "13" | Refer to the [SAS Viya Platform Administration Guide](https://go.documentation.sas.com/doc/en/sasadmincdc/default/itopssr/p05lfgkwib3zxbn1t6nyihexp12n.htm?fromDefault=#p1wq8ouke3c6ixn1la636df9oa1u) for the supported versions of PostgreSQL for the SAS Viya platform. |
| server_version | The version of the PostgreSQL Flexible server instance | string | "13" | Refer to the [SAS Viya Platform Administration Guide](https://documentation.sas.com/?cdcId=sasadmincdc&cdcVersion=default&docsetId=itopssr&docsetTarget=p05lfgkwib3zxbn1t6nyihexp12n.htm#p1wq8ouke3c6ixn1la636df9oa1u) for the supported versions of PostgreSQL for the SAS Viya platform. |
| ssl_enforcement_enabled | Enforce SSL on connection to the Azure Database for PostgreSQL Flexible server instance | bool | true | |
| connectivity_method | Network connectivity option to connect to your flexible server. There are two connectivity options available: Public access (allowed IP addresses) and Private access (VNet Integration). Defaults to public access with firewall rules enabled.| string | "public" | Valid options are `public` and `private`. See sample input file [here](../examples/sample-input-postgres.tfvars) and Private access documentation [here](./user/PostgreSQLPrivateAccess.md). For more details see [Networking overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking) |
| postgresql_configurations | Sets a PostgreSQL Configuration value on a Azure PostgreSQL Flexible Server | list(object) | [] | More details can be found [here](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-server-parameters-using-cli) |

Multiple SAS offerings require a second PostgreSQL instance referred to as SAS Common Data Store, or CDS PostgreSQL. For more information, see [Common Customizations](https://go.documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=dplyml0phy0dkr&docsetTarget=n08u2yg8tdkb4jn18u8zsi6yfv3d.htm#p0wkxxi9s38zbzn19ukjjaxsc0kl). A list of SAS offerings that require CDS PostgreSQL is provided in [SAS Common Data Store Requirements](https://go.documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=p05lfgkwib3zxbn1t6nyihexp12n.htm#n03wzanutmc6gon1val5fykas9aa). To create and configure an external CDS PostgreSQL instance in addition to the external platform PostgreSQL instance named `default`, specify `cds-postgres` as a second PostgreSQL instance, as shown in the example below.
Multiple SAS offerings require a second PostgreSQL instance referred to as SAS Common Data Store, or CDS PostgreSQL. For more information, see [Common Customizations](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=dplyml0phy0dkr&docsetTarget=n08u2yg8tdkb4jn18u8zsi6yfv3d.htm#p0wkxxi9s38zbzn19ukjjaxsc0kl). A list of SAS offerings that require CDS PostgreSQL is provided in [SAS Common Data Store Requirements](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=p05lfgkwib3zxbn1t6nyihexp12n.htm#n03wzanutmc6gon1val5fykas9aa). To create and configure an external CDS PostgreSQL instance in addition to the external platform PostgreSQL instance named `default`, specify `cds-postgres` as a second PostgreSQL instance, as shown in the example below.

Here is an example of the `postgres_servers` variable with the `default` server entry overriding only the `administrator_password` and `postgresql_configurations` parameters, and the `cds-postgres` entry overriding the `sku_name`, `storage_mb`, `backup_retention_days`, `administrator_login` and `administrator_password` parameters:

Expand Down
4 changes: 2 additions & 2 deletions docs/sas-updates.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
New in the SAS Viya platform 2021.2.6: the connect workload class is no longer required. For more information, see [Connect Workload Class Changes](https://go.documentation.sas.com/doc/en/itopscdc/v_026/itopswn/n0jh2fbifqgoksn1uou9p2zgbzdy.htm#p15778dvqwzjtgn1e95nq9v0y1wv).
New in the SAS Viya platform 2021.2.6: the connect workload class is no longer required. For more information, see [Connect Workload Class Changes](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopswn&docsetTarget=n0jh2fbifqgoksn1uou9p2zgbzdy.htm#p15778dvqwzjtgn1e95nq9v0y1wv).

To deploy the SAS Viya platform 2021.2.6 and later, use the most recent version of SAS Viya 4 Infrastructure as Code. The default settings do not create a connect node pool. If your current software order has a requirement for the connect node pool, you can use the connect node pool example file in `examples/sample-input-connect.tfvars`.

If you are updating the SAS Viya platform to version 2021.2.6, take some additional steps to remove the connect nodes.

1. Perform the update by following the steps in the [SAS Viya platform documentation](https://go.documentation.sas.com/doc/en/itopscdc/default/k8sag/p043aa4ghwwom6n1beyfifdgkve7.htm).
1. Perform the update by following the steps in the [SAS Viya platform documentation](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=k8sag&docsetTarget=p043aa4ghwwom6n1beyfifdgkve7.htm).
2. When the update to 2021.2.6 has completed successfully, use the `examples/sample-input.tfvars` file or edit your customized variable definition file (tfvars) to remove `connect={}` from the "node_pools" section.
3. Run `terraform apply` using your edited tfvars file.

10 changes: 5 additions & 5 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -281,13 +281,13 @@ resource "kubernetes_config_map" "sas_iac_buildinfo" {
}

data = {
git-hash = lookup(data.external.git_hash.result, "git-hash")
git-hash = data.external.git_hash.result["git-hash"]
iac-tooling = var.iac_tooling
terraform = <<EOT
version: ${lookup(data.external.iac_tooling_version.result, "terraform_version")}
revision: ${lookup(data.external.iac_tooling_version.result, "terraform_revision")}
provider-selections: ${lookup(data.external.iac_tooling_version.result, "provider_selections")}
outdated: ${lookup(data.external.iac_tooling_version.result, "terraform_outdated")}
version: ${data.external.iac_tooling_version.result["terraform_version"]}
revision: ${data.external.iac_tooling_version.result["terraform_revision"]}
provider-selections: ${data.external.iac_tooling_version.result["provider_selections"]}
outdated: ${data.external.iac_tooling_version.result["terraform_outdated"]}
EOT
}

Expand Down
12 changes: 6 additions & 6 deletions versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,28 @@

terraform {

required_version = ">= 1.4.5"
required_version = ">= 1.6.4"

required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.64.0"
version = "3.81.0"
}
azuread = {
source = "hashicorp/azuread"
version = "2.39.0"
version = "2.46.0"
}
external = {
source = "hashicorp/external"
version = "2.3.1"
version = "2.3.2"
}
local = {
source = "hashicorp/local"
version = "2.4.0"
}
null = {
source = "hashicorp/null"
version = "3.2.1"
version = "3.2.2"
}
tls = {
source = "hashicorp/tls"
Expand All @@ -36,7 +36,7 @@ terraform {
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.20.0"
version = "2.23.0"
}
}
}
Loading