From cb940620702ebc220c1979f46ef0ac1a71cddc19 Mon Sep 17 00:00:00 2001 From: Stve Hb Date: Sun, 5 Oct 2025 21:03:46 +0200 Subject: [PATCH 1/3] Upgrade all versions and replace bitnami image with bitnamilegacy due to their new paywall --- terraform/cloudflare/cloudflare.tf | 48 ++++++++++++------ terraform/cluster/docker/alloy.tf | 2 +- terraform/cluster/docker/caddy.tf | 2 +- terraform/cluster/docker/docker.tf | 34 +------------ terraform/cluster/docker/mariadb.tf | 2 +- terraform/cluster/docker/node-exporter.tf | 2 +- terraform/cluster/docker/tempo.tf | 6 --- terraform/cluster/docker/thanos.tf | 2 +- terraform/cluster/docker/versions.tf | 60 +++++++++++++++++++++++ terraform/hetzner_server/server.tf | 3 +- terraform/main.tf | 8 +-- 11 files changed, 105 insertions(+), 64 deletions(-) create mode 100644 terraform/cluster/docker/versions.tf diff --git a/terraform/cloudflare/cloudflare.tf b/terraform/cloudflare/cloudflare.tf index 7ba6642..7b91945 100644 --- a/terraform/cloudflare/cloudflare.tf +++ b/terraform/cloudflare/cloudflare.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = ">= 4.49.1" + version = ">= 5.11.0" } } } @@ -67,20 +67,34 @@ resource "cloudflare_load_balancer_pool" "pool" { name = "monitoring-cluster-pool" monitor = cloudflare_load_balancer_monitor.monitor[0].id - dynamic "origins" { - //TODO: when ipv6 is enabled, us it; fallback to ipv4 - for_each = { for i, addr in var.ipv6_addresses : i => addr } - content { - name = "node-${origins.key}" - address = "node-${origins.key}.${var.domain}" - header { - header = "Host" - values = ["node-${origins.key}.${var.domain}"] + origins = [ + for i, addr in var.ipv6_addresses : { + name = "node-${i}" + address = "node-${i}.${var.domain}" + + header = { + host = ["node-${i}.${var.domain}"] } + enabled = true weight = 1 } - } + ] + + #dynamic "origins" { + # //TODO: when ipv6 is enabled, us it; fallback to ipv4 + # for_each = { for i, addr in var.ipv6_addresses : i => addr } + # content { + # name = "node-${origins.key}" + # address = "node-${origins.key}.${var.domain}" + # header { + # header = "Host" + # values = ["node-${origins.key}.${var.domain}"] + # } + # enabled = true + # weight = 1 + # } + # } account_id = var.cloudflare_account_id } @@ -89,10 +103,12 @@ resource "cloudflare_load_balancer_pool" "pool" { data "cloudflare_zone" "domain" { count = var.cloudflare_api_token == "" ? 0 : 1 # Option to disable by providing no token - name = var.base_domain + filter = { + name = var.base_domain + } } -resource "cloudflare_record" "monitoring_nodes_ipv6" { +resource "cloudflare_dns_record" "monitoring_nodes_ipv6" { count = var.cloudflare_api_token == "" ? 0 : length(var.ipv6_addresses) zone_id = data.cloudflare_zone.domain[0].id name = "node-${count.index}.${var.domain}" @@ -102,7 +118,7 @@ resource "cloudflare_record" "monitoring_nodes_ipv6" { ttl = 60 } -resource "cloudflare_record" "monitoring_nodes_ipv4" { +resource "cloudflare_dns_record" "monitoring_nodes_ipv4" { count = var.cloudflare_api_token == "" ? 0 : length(var.ipv4_addresses) zone_id = data.cloudflare_zone.domain[0].id name = "node-${count.index}.${var.domain}" @@ -118,8 +134,8 @@ resource "cloudflare_load_balancer" "lb" { zone_id = data.cloudflare_zone.domain[0].id name = var.domain - default_pool_ids = [cloudflare_load_balancer_pool.pool[0].id] - fallback_pool_id = cloudflare_load_balancer_pool.pool[0].id + default_pools = [cloudflare_load_balancer_pool.pool[0].id] + fallback_pool = cloudflare_load_balancer_pool.pool[0].id enabled = true proxied = true session_affinity = "cookie" diff --git a/terraform/cluster/docker/alloy.tf b/terraform/cluster/docker/alloy.tf index ea14e37..0a94b8b 100644 --- a/terraform/cluster/docker/alloy.tf +++ b/terraform/cluster/docker/alloy.tf @@ -1,5 +1,5 @@ resource "docker_image" "alloy" { - name = "grafana/alloy-dev:v1.7.0-devel-adf80dbfe" + name = var.alloy_image keep_locally = true depends_on = [null_resource.docker_network] diff --git a/terraform/cluster/docker/caddy.tf b/terraform/cluster/docker/caddy.tf index a1b3763..1a0d053 100644 --- a/terraform/cluster/docker/caddy.tf +++ b/terraform/cluster/docker/caddy.tf @@ -1,5 +1,5 @@ resource "docker_image" "caddy" { - name = "caddy:2.9" + name = "caddy:${var.caddy_version}" keep_locally = true depends_on = [null_resource.docker_network] diff --git a/terraform/cluster/docker/docker.tf b/terraform/cluster/docker/docker.tf index 8ebc1f9..46b6f7d 100644 --- a/terraform/cluster/docker/docker.tf +++ b/terraform/cluster/docker/docker.tf @@ -2,11 +2,11 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.2" + version = "3.6.2" } null = { source = "hashicorp/null" - version = "~> 3.0" + version = "~> 3.0" # Do NOT upgrade, newer versions seem to have bugs regarding to Apple Silicon } ssh = { source = "askrella/ssh" @@ -115,54 +115,24 @@ variable "minio_region" { description = "The MinIO region" } -variable "loki_version" { - type = string - default = "3.3.2" - description = "The version of Loki to use" -} - -variable "promtail_version" { - type = string - default = "3.3.2" - description = "The version of Promtail to use" -} - variable "node_exporter_port" { type = number default = 9100 description = "The port to expose Node Exporter on" } -variable "prometheus_version" { - type = string - default = "v3.1.0-rc.1" - description = "The version of Prometheus to use" -} - variable "prometheus_port" { type = number default = 9090 description = "The port to expose Prometheus on" } -variable "cadvisor_version" { - type = string - default = "v0.49.2" - description = "The version of cAdvisor to use" -} - variable "cadvisor_port" { type = number default = 8080 description = "The port to expose cAdvisor on" } -variable "grafana_version" { - type = string - default = "11.4.0" - description = "The version of Grafana to use" -} - variable "grafana_port" { type = number default = 3000 diff --git a/terraform/cluster/docker/mariadb.tf b/terraform/cluster/docker/mariadb.tf index c1216d7..3023812 100644 --- a/terraform/cluster/docker/mariadb.tf +++ b/terraform/cluster/docker/mariadb.tf @@ -1,5 +1,5 @@ resource "docker_image" "mariadb" { - name = "bitnami/mariadb-galera:11.4.4" + name = "bitnamilegacy/mariadb-galera:${var.mariadb_galera_version}" # TODO: Move EVERYTHING off bitnami, they pulled everything and broke production systems by doing this keep_locally = true depends_on = [null_resource.docker_network] diff --git a/terraform/cluster/docker/node-exporter.tf b/terraform/cluster/docker/node-exporter.tf index 715ea2d..64fb4ad 100644 --- a/terraform/cluster/docker/node-exporter.tf +++ b/terraform/cluster/docker/node-exporter.tf @@ -1,6 +1,6 @@ resource "docker_image" "node_exporter" { - name = "prom/node-exporter:latest" + name = "prom/node-exporter:${var.node_exporter_version}" keep_locally = true depends_on = [null_resource.docker_network] diff --git a/terraform/cluster/docker/tempo.tf b/terraform/cluster/docker/tempo.tf index 73663ea..7c7ffe0 100644 --- a/terraform/cluster/docker/tempo.tf +++ b/terraform/cluster/docker/tempo.tf @@ -1,9 +1,3 @@ -variable "tempo_version" { - type = string - default = "2.6.1" - description = "The version of Tempo to use" -} - variable "tempo_port" { type = number default = 3200 diff --git a/terraform/cluster/docker/thanos.tf b/terraform/cluster/docker/thanos.tf index 5ca7a4b..be13ac3 100644 --- a/terraform/cluster/docker/thanos.tf +++ b/terraform/cluster/docker/thanos.tf @@ -1,5 +1,5 @@ resource "docker_image" "thanos" { - name = "quay.io/thanos/thanos:v0.37.2" + name = "quay.io/thanos/thanos:v0.39.2" keep_locally = true depends_on = [ diff --git a/terraform/cluster/docker/versions.tf b/terraform/cluster/docker/versions.tf new file mode 100644 index 0000000..157de1f --- /dev/null +++ b/terraform/cluster/docker/versions.tf @@ -0,0 +1,60 @@ +variable "cadvisor_version" { + type = string + default = "v0.52.0" + description = "The version of cAdvisor to use" +} + +variable "prometheus_version" { + type = string + default = "v3.6.0" + description = "The version of Prometheus to use" +} + +variable "promtail_version" { + type = string + default = "3.5.5" + description = "The version of Promtail to use" +} + +variable "alloy_image" { + type = string + default = "grafana/alloy:v1.11.0" + description = "The alloy image to use" # We sometimes use dev versions due to changes we contributed to Alloy +} + +variable "grafana_version" { + type = string + default = "12.2.0" + description = "The version of Grafana to use" +} + +variable "tempo_version" { + type = string + default = "2.8.2" + description = "The version of Tempo to use" +} + +variable "loki_version" { + type = string + default = "3.5.5" + description = "The version of Loki to use" +} + +variable "caddy_version" { + type = string + default = "2.10.2" + description = "The Caddy version to use" +} + +variable "mariadb_galera_version" { + type = string + default = "11.4.4" + description = "The Mariadb Galera version to use" +} + +variable "node_exporter_version" { + type = string + default = "v1.9.1" + description = "The Node Exporter version to use" +} + diff --git a/terraform/hetzner_server/server.tf b/terraform/hetzner_server/server.tf index 6ce78da..81c0571 100644 --- a/terraform/hetzner_server/server.tf +++ b/terraform/hetzner_server/server.tf @@ -2,7 +2,7 @@ terraform { required_providers { hcloud = { source = "hetznercloud/hcloud" - version = "1.49.1" + version = "1.53.1" } } } @@ -115,6 +115,7 @@ resource "hcloud_server" "server" { network { network_id = hcloud_network.network.id ip = "10.0.0.${each.value + 2}" + alias_ips = [] } labels = local.labels diff --git a/terraform/main.tf b/terraform/main.tf index 4575f7d..d4a5032 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,18 +1,18 @@ terraform { - required_version = ">= v1.10.3" + required_version = ">= v1.13.3" required_providers { hcloud = { source = "hetznercloud/hcloud" - version = "1.49.1" + version = "1.53.1" } minio = { source = "aminueza/minio" - version = "3.2.2" + version = "3.6.5" } cloudflare = { source = "cloudflare/cloudflare" - version = "4.49.1" + version = "5.11.0" } } } From cf64f479835a1371cc2b1b3f046bf6862a182c53 Mon Sep 17 00:00:00 2001 From: Stve Hb Date: Sun, 5 Oct 2025 21:04:22 +0200 Subject: [PATCH 2/3] Remove comment --- terraform/cloudflare/cloudflare.tf | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/terraform/cloudflare/cloudflare.tf b/terraform/cloudflare/cloudflare.tf index 7b91945..1dc0bfc 100644 --- a/terraform/cloudflare/cloudflare.tf +++ b/terraform/cloudflare/cloudflare.tf @@ -81,21 +81,6 @@ resource "cloudflare_load_balancer_pool" "pool" { } ] - #dynamic "origins" { - # //TODO: when ipv6 is enabled, us it; fallback to ipv4 - # for_each = { for i, addr in var.ipv6_addresses : i => addr } - # content { - # name = "node-${origins.key}" - # address = "node-${origins.key}.${var.domain}" - # header { - # header = "Host" - # values = ["node-${origins.key}.${var.domain}"] - # } - # enabled = true - # weight = 1 - # } - # } - account_id = var.cloudflare_account_id } From 6879f4a1d3e1228be71a7dba5a3a1da0c4b3172a Mon Sep 17 00:00:00 2001 From: Stve Hb Date: Sun, 5 Oct 2025 21:05:54 +0200 Subject: [PATCH 3/3] Upgrade pipelines --- .github/workflows/linter.yml | 2 +- .github/workflows/quality_gates.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index e271748..1873f93 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -23,7 +23,7 @@ jobs: path: ~/.tflint.d/plugins key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }} - - uses: terraform-linters/setup-tflint@v4 + - uses: terraform-linters/setup-tflint@v6 name: Setup TFLint with: tflint_version: v0.52.0 diff --git a/.github/workflows/quality_gates.yml b/.github/workflows/quality_gates.yml index af419d3..6e89170 100644 --- a/.github/workflows/quality_gates.yml +++ b/.github/workflows/quality_gates.yml @@ -21,7 +21,7 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.10.3" + terraform_version: "1.13.3" - name: Remove S3 backend from Terraform run: sed -i '/backend \"s3\" { /,/}/d' terraform.tf