Merge remote-tracking branch 'origin/main' into sebastian/prod-2981-s…

…et-up-catalog-pipeline

resources/monitoring/services/agent.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: monitoring
   git:
     folder: helm/monitoring
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   configurationRef:
     name: basic-auth-prom
     namespace: infra

resources/monitoring/services/mgmt.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: monitoring
   git:
     folder: helm/monitoring
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   configurationRef:
     name: basic-auth-prom
     namespace: infra

resources/policy/services/bundle.yaml

@@ -8,7 +8,7 @@ spec:
     namespace: policy
     git:
       folder: resources/policy/bundles/{{ context.bundle }}
-      ref: main
+      ref: [[ or .Context.Branch "main" ]]
     repositoryRef:
       kind: GitRepository
       name: infra

resources/policy/services/constraints.yaml

@@ -8,7 +8,7 @@ spec:
     namespace: policy
     git:
       folder: resources/policy/constraints
-      ref: main
+      ref: [[ or .Context.Branch "main" ]]
     repositoryRef:
       kind: GitRepository
       name: infra

setup/cert-manager.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: cert-manager
   git:
     folder: helm-values
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   repositoryRef:
     kind: GitRepository
     name: infra

setup/console.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: plrl-console
   git:
     folder: helm-values
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   repositoryRef:
     kind: GitRepository
     name: infra

setup/flux.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: flux
   git:
     folder: helm-values
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   repositoryRef:
     kind: GitRepository
     name: infra

setup/pr-automation/cluster-creator.yaml

@@ -22,6 +22,7 @@ spec:
   title: "Adding {{ context.cloud }} cluster: {{ context.name }}"
   message: "Adding {{ context.cloud }} cluster {{ context.name }} and registering it with Plural"
   identifier: [[ .Identifier ]] # REPLACEME with your own repo slug
+  branch: [[ or .Context.Branch "main" ]]
   configuration:
   - name: name
     type: STRING
@@ -42,3 +43,6 @@ spec:
     values:
     - dev
     - prd
+  - name: branch
+    type: STRING
+    documentation: name for the current branch

setup/pr-automation/gatekeeper-setup.yaml

@@ -16,6 +16,7 @@ spec:
   title: "Setup OPA gatekeeper and install the {{ context.bundle }} policy bundle"
   message: "Setup OPA gatekeeper and install the {{ context.bundle }} policy bundle"
   identifier: [[ .Identifier ]] # REPLACEME with your own repo slug
+  branch: [[ or .Context.Branch "main" ]]
   configuration:
   - name: bundle
     type: ENUM

setup/pr-automation/prometheus/prom-agent-creator.yaml

@@ -19,6 +19,7 @@ spec:
   title: "Setup prometheus agent for metrics shipping"
   message: "Setup prometheus agent for metrics shipping"
   identifier: [[ .Identifier ]] # REPLACEME with your own repo slug
+  branch: [[ or .Context.Branch "main" ]]
   configuration:
   - name: cluster
     type: STRING

setup/pr-automation/prometheus/prom-creator.yaml

@@ -19,6 +19,7 @@ spec:
   title: "Setup a prometheus cluster for fleetwide metrics"
   message: "Setup a prometheus cluster for fleetwide metrics in {{ context.cluster }}"
   identifier: [[ .Identifier ]] # REPLACEME with your own repo slug
+  branch: [[ or .Context.Branch "main" ]]
   configuration:
   - name: cluster
     type: STRING

setup/runtime.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: plural-runtime
   git:
     folder: helm-values
-    ref: main
+    ref: [[ or .Context.Branch "main" ]]
   repositoryRef:
     kind: GitRepository
     name: infra

templates/blob/service.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: infra
   git:
     folder: services/blobstores
-    ref: main
+    ref: {{ context.branch | default "main" }}
   repositoryRef:
     kind: GitRepository
     name: infra

templates/blob/stack.yaml

@@ -18,7 +18,7 @@ spec:
     name: mgmt
     namespace: infra
   git:
-    ref: main
+    ref: {{ context.branch | default "main" }}
     folder: terraform/modules/blob/{{ context.type }}
   variables:
     region: {{ context.region }}

templates/clusters/clusters.yaml

@@ -7,7 +7,7 @@ spec:
   namespace: infra
   git:
     folder: services/clusters
-    ref: main
+    ref: {{ context.branch | default "main" }}
   repositoryRef:
     kind: GitRepository
     name: infra

templates/clusters/stack.yaml

@@ -18,7 +18,7 @@ spec:
     name: mgmt
     namespace: infra
   git:
-    ref: main
+    ref: {{ context.branch | default "main" }}
     folder: terraform/modules/clusters/{{ context.cloud }}
   environment:
   - name: TF_VAR_cluster

templates/providers/apps/gcp.tf

@@ -7,6 +7,7 @@ terraform {
   required_providers {
     google = {
       source = "hashicorp/google"
+      version = ">= 6.10.0"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"
@@ -44,4 +45,4 @@ data "kubernetes_secret" "console-auth" {
 provider "plural" {
   console_url = "https://console.{{ .Subdomain }}"
   access_token = data.kubernetes_secret.console-auth.data.access-token
-}
+}

templates/providers/bootstrap/gcp.tf

@@ -7,6 +7,7 @@ terraform {
   required_providers {
     google = {
       source = "hashicorp/google"
+      version = ">= 6.10.0"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"
@@ -44,4 +45,4 @@ provider "helm" {
 
 provider "plural" {
   use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
-}
+}

templates/setup/cd.tf

@@ -1,11 +1,17 @@
 locals {
   context = yamldecode(data.local_sensitive_file.context.content)
+  workspace = yamldecode(data.local_sensitive_file.workspace.content)
+  branch = local.workspace.spec.context.Branch == null ? "main" : local.workspace.spec.context.Branch
 }
 
 data "local_sensitive_file" "context" {
   filename = "${path.module}/../../context.yaml"
 }
 
+data "local_sensitive_file" "workspace" {
+  filename = "${path.module}/../../workspace.yaml"
+}
+
 data "plural_cluster" "mgmt" {
     handle = "mgmt"
 }
@@ -21,7 +27,7 @@ resource "plural_service_deployment" "apps" {
     namespace = "infra"
     repository = {
         id = plural_git_repository.infra.id
-        ref = "main"
+        ref = local.branch
         folder = "bootstrap"
     }
     cluster = {
@@ -30,4 +36,4 @@ resource "plural_service_deployment" "apps" {
 
     protect = true
     templated = true
-}
+}

templates/setup/console.tf

@@ -76,7 +76,7 @@ resource "helm_release" "console" {
   namespace        = "plrl-console"
   chart            = "console"
   repository       = "https://pluralsh.github.io/console"
-  version          = "0.3.49"
+  version          = "0.3.68"
   create_namespace = true
   timeout          = 600
   wait             = true
@@ -89,4 +89,4 @@ resource "helm_release" "console" {
 
 output "identity" {
   value = module.mgmt.identity 
-}
+}

templates/setup/providers/aws.tf

@@ -1,5 +1,12 @@
+variable "deletion_protection" {
+    type    = bool
+    default = true
+}
+
 module "mgmt" {
     source        = "./cluster"
     cluster_name  = "{{ .Cluster }}"
     create_db     = {{ .RequireDB }}
-}
+    deletion_protection = "${var.deletion_protection}"
+}
+

templates/setup/providers/gcp.tf

@@ -1,7 +1,23 @@
+# Variable passthrough to the GCP module in order
+# to enable TF_VAR_xxx environment variable usage.
+variable "network" {
+  type = string
+  description = "The VPC network created to host the cluster in"
+  default     = "plural-network"
+}
+
+variable "subnetwork" {
+  type = string
+  description = "The subnetwork created to host the cluster in"
+  default     = "plural-subnet"
+}
+
 module "mgmt" {
     source        = "./cluster"
     project_id    = "{{ .Project }}"
     cluster_name  = "{{ .Cluster }}"
     region        = "{{ .Region }}"
     create_db     = {{ .RequireDB }}
-}
+    network       = "${var.network}"
+    subnetwork    = "${var.subnetwork}"
+}

terraform/clouds/azure/aks.tf

@@ -1,6 +1,6 @@
 module "aks" {
   source = "Azure/aks/azurerm"
-  version = "7.5.0"
+  version = "9.2.0"
 
   kubernetes_version   = var.kubernetes_version
   cluster_name         = var.cluster_name

terraform/clouds/azure/providers.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">=1.3"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.51.0, < 4.0"
+    }
+  }
+}

terraform/clouds/gcp/gke.tf

@@ -1,6 +1,6 @@
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
-  version = "~> 29.0"
+  version = "~> 33.0"
 
   kubernetes_version     = var.kubernetes_version
   project_id             = var.project_id
@@ -29,4 +29,4 @@ module "gke" {
     google_project_service.dns,
     # local.db_created,
   ]
-}
+}

terraform/clouds/gcp/postgres.tf

@@ -9,7 +9,7 @@ resource "random_password" "password" {
 module "pg" {
   count = var.create_db ? 1 : 0
   source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
-  version = "18.2.0"
+  version = "~> 22.0"
 
   name                 = local.db_name
   random_instance_name = false
@@ -63,4 +63,4 @@ module "pg" {
     google_project_service.servicenetworking,
     google_service_networking_connection.postgres
   ]
-}
+}

terraform/modules/clusters/gcp/gke.tf

@@ -1,6 +1,6 @@
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
-  version = "~> 29.0"
+  version = "~> 33.0"
 
   kubernetes_version     = var.kubernetes_version
   project_id             = var.project_id
@@ -29,4 +29,4 @@ module "gke" {
     google_project_service.dns,
     # local.db_created,
   ]
-}
+}

terraform/modules/clusters/gcp/plural.tf

@@ -1,5 +1,3 @@
-data "google_client_config" "default" {}
-
 resource "plural_cluster" "this" {
     handle = var.cluster
     name   = var.cluster
@@ -17,4 +15,4 @@ resource "plural_cluster" "this" {
     }
 
     depends_on = [ module.gcp-network ]
-}
+}

terraform/modules/clusters/gcp/variables.tf

@@ -13,6 +13,7 @@ variable "tier" {
 
 variable "region" {
   type = string
+  description = "The region to host the cluster in"
   default = "us-east-2"
 }
 
@@ -46,12 +47,6 @@ variable "project_id" {
   default = "pluralsh-test-384515"
 }
 
-variable "region" {
-  type = string
-  description = "The region to host the cluster in"
-  default     = "us-central1"
-}
-
 variable "network" {
   type = string
   description = "The VPC network created to host the cluster in"
@@ -99,4 +94,4 @@ variable "ip_range_services_name" {
 variable "tags" {
   type = map(string)
   default = {}
-}
+}

terraform/modules/clusters/gcp/versions.tf

@@ -4,6 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
+      version = ">= 6.10.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -25,4 +26,4 @@ provider "google" {
 
 data "google_client_config" "default" {}
 
-provider "plural" { }
+provider "plural" { }