Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Google provider version and rename service accounts in regional configuration #112

Merged
merged 1 commit into from
Feb 9, 2025
Merged

Update Google provider version and rename service accounts in regional configuration #112

merged 1 commit into from
Feb 9, 2025

Conversation

brettcurtis
Copy link
Contributor

@brettcurtis brettcurtis commented Feb 9, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Documentation
    • Updated provider version and resource references in documentation for improved accuracy.
  • New Features
    • Added a new Kubernetes namespace resource with defined labels to enhance onboarding.
  • Refactor
    • Revised service account and output references throughout configuration for consistency.

@brettcurtis brettcurtis self-assigned this Feb 9, 2025
@infracost Infracost
Copy link

infracost bot commented Feb 9, 2025

💰 Infracost report

Monthly estimate generated

Estimate details (includes details of unsupported resources) 
──────────────────────────────────
6 projects have no cost estimate changes.
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
37 cloud resources were detected:
∙ 6 were estimated
∙ 20 were free
∙ 11 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 4 x google_gke_hub_membership
  ∙ 3 x google_gke_hub_feature
  ∙ 2 x google_cloud_identity_group_membership
  ∙ 2 x google_container_node_pool
This comment will be updated when code changes.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Feb 9, 2025
edited
Loading

Walkthrough

This pull request updates the Google Terraform provider version from 6.16.0 to 6.19.0 in multiple documentation files. It renames service account and IAM member resources from gke_operations to default_node in both documentation and Terraform configuration files. Additionally, it replaces an output reference accordingly and introduces a new Kubernetes namespace resource for gatekeeper-system in the onboarding area.

Changes

File(s) Change Summary
README.md Updated Google provider version from 6.16.0 to 6.19.0.
regional/README.md Updated provider version; renamed resources (google_project_iam_member and google_service_account from gke_operations to default_node) and updated corresponding output name.
regional/main.tf Revised service account references from gke_operations to default_node in IAM, container cluster, and node pool resources.
regional/onboarding/README.md,
regional/onboarding/main.tf		 Added documentation and resource declaration for kubernetes_namespace_v1.gatekeeper-system; modified merged namespaces in existing declaration.
regional/outputs.tf Replaced output "service_account_gke_operations_email" with "service_account_default_node_email" and updated its referenced value.

Possibly related PRs

  • Resource alignment #83: Addresses a provider version update (from 5.38.0 to 5.40.0) in the README, which is similar in nature to the current provider version update.
  • Use cert-manager for CA #95: Involves a provider version upgrade in regional documentation, directly relating to the version changes and resource renaming seen in this PR.
📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5025d02 and 0e4576e.

📒 Files selected for processing (6)
  • README.md (1 hunks)
  • regional/README.md (3 hunks)
  • regional/main.tf (4 hunks)
  • regional/onboarding/README.md (1 hunks)
  • regional/onboarding/main.tf (1 hunks)
  • regional/outputs.tf (1 hunks)
🧰 Additional context used
📓 Learnings (1)
regional/onboarding/main.tf (1) 
Learnt from: brettcurtis
PR: osinfra-io/google-cloud-kubernetes#170
File: regional/onboarding/main.tf:65-65
Timestamp: 2024-11-12T12:23:57.379Z
Learning: Updating the `kubernetes_engine_onboarding` module to version `v0.1.8` adds namespaces for Gatekeeper.
🔇 Additional comments (13)
regional/outputs.tf (1)

39-41: Service Account Output Renaming Validated
The output now correctly references google_service_account.default_node.email with an unchanged, clear description. This change aligns with the service account renaming objective.

regional/onboarding/README.md (1)

27-29: Documenting the New Gatekeeper Namespace Resource
The addition of the kubernetes_namespace_v1.gatekeeper-system resource entry—with the useful link to the official Terraform registry documentation—enhances clarity in this documentation. This is consistent with the changes made in the configuration.

regional/onboarding/main.tf (2)

13-22: New Gatekeeper Namespace Resource Added
The dedicated resource declaration for kubernetes_namespace_v1 "gatekeeper-system" is well defined with appropriate metadata labels. Consider ensuring any further integrations (e.g., policy bindings) are tested in your environment.

25-34: Removal of 'gatekeeper-system' from Merged Namespaces
Excluding the "gatekeeper-system" entry from the merged namespaces in the kubernetes_namespace_v1.this resource prevents conflicts with the new dedicated namespace resource. This change is appropriate.

README.md (1)

90-91: Google Provider Version Updated
Updating the provider version from 6.16.0 to 6.19.0 in the documentation reflects the necessary upgrade. This change is consistent with the updates in the regional files and clearly documented here.

regional/README.md (3)

14-15: Provider Version Consistency
The updated Google provider version 6.19.0 is applied in the documentation, ensuring consistency across the module’s files.

36-37: Service Account Resource Renaming
Renaming the resources from gke_operations to default_node (for both google_service_account and google_project_iam_member) is executed correctly. Ensure that any references to these resources in dependent modules or further configurations are updated accordingly.

76-77: Output Renaming Confirmed
The output has been updated to service_account_default_node_email, which is in line with the service account renaming. Confirm that downstream consumers of this output are also updated to reference the new name.

regional/main.tf (5)

31-33: Updated Service Account Reference in Cloud Identity Group Membership
The change from referencing "google_service_account.gke_operations.email" to "google_service_account.default_node.email" correctly reflects the new naming convention for service accounts.

75-75: Consistent Service Account in Cluster Auto-Provisioning
The update of the "service_account" attribute inside the auto_provisioning_defaults block to "google_service_account.default_node.email" is correctly applied and ensures consistency across the configuration.

271-273: Updated Service Account in Node Pool Configuration
The service_account reference in the node_config block now correctly uses "google_service_account.default_node.email", which aligns with the overall rename.

416-420: Renamed Project IAM Member Resource
The resource now named "google_project_iam_member.default_node" appropriately updates the member attribute to use "serviceAccount:${google_service_account.default_node.email}" and assigns the role "roles/container.defaultNodeServiceAccount". Please verify that this role accurately reflects the intended permissions in line with the new naming and organizational policies.

425-429: Renamed Service Account Resource Declaration
The change to declare the service account resource as "google_service_account.default_node" with the proper account_id and display_name is in line with the new configuration standards.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@brettcurtis brettcurtis marked this pull request as ready for review February 9, 2025 14:39
@brettcurtis brettcurtis merged commit d0d9eb5 into main Feb 9, 2025
7 checks passed
@brettcurtis brettcurtis deleted the brettcurtis/issue107 branch February 9, 2025 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

@brettcurtis brettcurtis

Labels
None yet
Projects
🔨 Open Source Infrastructure (as Code)
Status: Done ⚒
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@brettcurtis