Skip to content

Instantly share code, notes, and snippets.

@sudhikan

sudhikan/gist:6fed0557b7713625fb734239073f5cae

Created November 23, 2021 06:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sudhikan/6fed0557b7713625fb734239073f5cae to your computer and use it in GitHub Desktop.
Save sudhikan/6fed0557b7713625fb734239073f5cae to your computer and use it in GitHub Desktop.
Download ZIP
Terraform Plan - apply immediately false
Raw
gistfile1.txt
Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.orc8r.data.aws_iam_policy_document.es-management[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "es-management" {
~ id = "295713799" -> (known after apply)
~ json = jsonencode(
{
- Statement = [
- {
- Action = "es:*"
- Effect = "Allow"
- Principal = {
- AWS = "*"
}
- Resource = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
- version = "2012-10-17" -> null
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
# (3 unchanged attributes hidden)
# (1 unchanged block hidden)
}
}
# module.orc8r.aws_db_instance.default will be updated in-place
~ resource "aws_db_instance" "default" {
~ apply_immediately = true -> false
id = "orc8rdb"
name = "orc8r"
tags = {}
# (48 unchanged attributes hidden)
}
# module.orc8r.aws_elasticsearch_domain.es[0] will be updated in-place
~ resource "aws_elasticsearch_domain" "es" {
~ advanced_options = {
- "override_main_response_version" = "false" -> null
# (1 unchanged element hidden)
}
id = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es"
tags = {}
# (8 unchanged attributes hidden)
# (9 unchanged blocks hidden)
}
# module.orc8r.aws_elasticsearch_domain_policy.es_management_access[0] will be updated in-place
~ resource "aws_elasticsearch_domain_policy" "es_management_access" {
~ access_policies = jsonencode(
{
- Statement = [
- {
- Action = "es:*"
- Effect = "Allow"
- Principal = {
- AWS = "*"
}
- Resource = "arn:aws:es:eu-west-2:007606123670:domain/orc8r-es/*"
- Sid = ""
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "esd-policy-orc8r-es"
# (1 unchanged attribute hidden)
}
# module.orc8r-app.data.template_file.orc8r_values will be read during apply
# (config refers to values not yet known)
<= data "template_file" "orc8r_values" {
~ id = "78b103d341e68919fe68a03f86a183b5fe4e94cd45b82c89f90422ff8d0c1ef7" -> (known after apply)
~ rendered = <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT -> (known after apply)
# (2 unchanged attributes hidden)
}
# module.orc8r-app.helm_release.lte-orc8r[0] will be updated in-place
~ resource "helm_release" "lte-orc8r" {
id = "lte-orc8r"
name = "lte-orc8r"
~ values = [
- <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT,
] -> (known after apply)
# (28 unchanged attributes hidden)
set_sensitive {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
}
# module.orc8r-app.helm_release.orc8r will be updated in-place
~ resource "helm_release" "orc8r" {
id = "orc8r"
name = "orc8r"
~ values = [
- <<-EOT
################################################################################
# Copyright 2020 The Magma Authors.
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
imagePullSecrets:
- name: artifactory
secrets:
create: false
secret:
certs: orc8r-certs
configs:
orc8r: orc8r-configs
envdir: orc8r-envdir
nginx:
create: true
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/nginx
tag: "1.6.1"
replicas: 2
service:
enabled: true
legacyEnabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
extraAnnotations:
proxy:
external-dns.alpha.kubernetes.io/hostname: api.dbtest.fbmagma.ninja
bootstrapLagacy:
external-dns.alpha.kubernetes.io/hostname: bootstrapper-controller.dbtest.fbmagma.ninja
clientcertLegacy:
external-dns.alpha.kubernetes.io/hostname: controller.dbtest.fbmagma.ninja
name: orc8r-bootstrap-nginx
type: LoadBalancer
spec:
hostname: controller.dbtest.fbmagma.ninja
controller:
podDisruptionBudget:
enabled: true
image:
repository: docker.artifactory.magmacore.org/controller
tag: "1.6.1"
replicas: 2
spec:
database:
db: orc8r
host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
port: 5432
user: orc8r
service_registry:
mode: "k8s"
metrics:
imagePullSecrets:
- name: artifactory
metrics:
volumes:
prometheusData:
volumeSpec:
persistentVolumeClaim:
claimName: promdata
prometheusConfig:
volumeSpec:
persistentVolumeClaim:
claimName: promcfg
prometheus:
create: true
includeOrc8rAlerts: true
prometheusCacheHostname: orc8r-prometheus-cache
alertmanagerHostname: orc8r-alertmanager
alertmanager:
create: true
prometheusConfigurer:
create: true
image:
repository: docker.io/facebookincubator/prometheus-configurer
tag: 1.0.4
prometheusURL: orc8r-prometheus:9090
alertmanagerConfigurer:
create: true
image:
repository: docker.io/facebookincubator/alertmanager-configurer
tag: 1.0.4
alertmanagerURL: orc8r-alertmanager:9093
prometheusCache:
create: true
image:
repository: docker.io/facebookincubator/prometheus-edge-hub
tag: 1.1.0
limit: 500000
grafana:
create: false
userGrafana:
image:
repository: docker.io/grafana/grafana
tag: 6.6.2
create: true
volumes:
datasources:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadatasources
dashboardproviders:
volumeSpec:
persistentVolumeClaim:
claimName: grafanaproviders
dashboards:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadashboards
grafanaData:
volumeSpec:
persistentVolumeClaim:
claimName: grafanadata
thanos:
enabled: false
compact:
nodeSelector:
{}
store:
nodeSelector:
{}
query:
nodeSelector:
compute-type: thanos
objstore:
type: S3
config:
bucket:
endpoint: s3.eu-west-2.amazonaws.com
region: eu-west-2
access_key:
secret_key:
insecure: false
signature_version2: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 0s
response_header_timeout: 0s
insecure_skip_verify: false
trace:
enable: false
part_size: 0
nms:
enabled: true
imagePullSecrets:
- name: artifactory
secret:
certs: nms-certs
magmalte:
create: true
image:
repository: docker.artifactory.magmacore.org/magmalte
tag: "1.6.1"
env:
api_host: api.dbtest.fbmagma.ninja
mysql_db: orc8r
mysql_dialect: postgres
mysql_host: orc8rdb.czay9gi9jk5o.eu-west-2.rds.amazonaws.com
mysql_port: 5432
mysql_user: orc8r
mysql_pass: testpassword
grafana_address: orc8r-user-grafana:3000
nginx:
create: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.nms.dbtest.fbmagma.ninja"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "magma-uuid=default"
deployment:
spec:
ssl_cert_name: controller.crt
ssl_cert_key_name: controller.key
logging:
enabled: false
EOT,
] -> (known after apply)
# (28 unchanged attributes hidden)
set_sensitive {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
}
Plan: 0 to add, 5 to change, 0 to destroy.
Warning: Version constraints inside provider configuration blocks are deprecated
on .terraform/modules/orc8r/orc8r/cloud/deploy/terraform/orc8r-aws/providers.tf line 19, in provider "random":
19: version = "~> 2.1"
Terraform 0.13 and earlier allowed provider version constraints inside the
provider configuration block, but that is now deprecated and will be removed
in a future version of Terraform. To silence this warning, move the provider
version constraint into the required_providers block.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment