Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add kubernetes agent deployment target #636

Merged
merged 18 commits into from
May 14, 2024
Merged

feat: Add kubernetes agent deployment target #636

merged 18 commits into from
May 14, 2024

Conversation

tleed5
Copy link
Collaborator

@tleed5 tleed5 commented May 3, 2024
edited
Loading

Background

To fully be able to manage the Kubernetes agent in an automated environment we need to add a new deployment target resource for it.

fixes #637
Internal Story SC-77238
Depends on OctopusDeploy/go-octopusdeploy#248 , OctopusDeploy/helm-charts#148 and OctopusDeploy/OctopusTentacle#927

Result

  • Added new deployment target resource octopusdeploy_kubernetes_agent_deployment_target
  • Added run configuration and instructions for debugging the provider

Example usage:

resource "octopusdeploy_kubernetes_agent_deployment_target" "agent" {
  name         = "my-agent"
  environments = [octopusdeploy_environment.development_environment.id]
  roles        = ["role-1", "role-2"]
}

data "octopusdeploy_kubernetes_agent_deployment_targets" "all" {}

@tleed5 tleed5 changed the title feat/Add kubernetes agent deployment target feat: Add kubernetes agent deployment target May 6, 2024
@tleed5 tleed5 marked this pull request as ready for review May 7, 2024 05:54
@tleed5 tleed5 marked this pull request as draft May 8, 2024 00:58
@tleed5 tleed5 marked this pull request as ready for review May 9, 2024 02:30
This was referenced May 9, 2024
Merged
Merged
tleed5
tleed5 commented May 10, 2024
View reviewed changes
octopusdeploy/schema_polling_subscription_id.go
Comment on lines +17 to +22
"dependencies": {
Optional: true,
Type: schema.TypeMap,
Description: "Optional map of dependencies that when modified will trigger a re-creation of this resource.",
ForceNew: true,
},
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using this in combination with a replace_triggered_by lifecycle hook on the helm release resource will allow the agent to "re-register" (It actually a re-install) so you could rotate the certificate and subscription IDs if you wanted to

APErebus
APErebus approved these changes May 13, 2024
View reviewed changes
Copy link
Collaborator

@APErebus APErebus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good to me! I'm not super confident on reviewing terraform so I'm going to give an approve, but might be worth getting 👀 from someone who's more familiar

zentron
zentron approved these changes May 13, 2024
View reviewed changes
Copy link
Contributor

@zentron zentron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did have some reservations about the new octopusdeploy_tentacle_certificate resource, but after looking at what we would need to do with the built-in cert I think the trade off for simplicity is ok, particularly given the reversable nature of this addition.

I haven't flagged as request changes but have included a comment to add some more notes to the documentation template. Feel free to merge once this is done.

README.md
```
- Optional - Install delve https://github.com/go-delve/delve

### Via Goland
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one. Ill include the VsCode docs details in a follow up

docs/resources/tentacle_certificate.md
Generates a X509Certificate for use with a Octopus Deploy Tentacle.
---

# octopusdeploy_tentacle_certificate (Resource)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure where the template for this file is, but it would be worth outlining that this certificate is self-signed and should not be used for other purposes.
Feel free to adjust the below as necessary for phrasing.

##Octopus certificates
The X.509 certificates generated are self-signed, 2048-bit private keys and intended for use [only between Octopus Server and Tentacle](https://octopus.com/docs/security/octopus-tentacle-communication#Octopus-Tentaclecommunication-Octopuscertificates) communications. There is an insightful discussion of [why Octopus uses self-signed certificates](https://octopus.com/blog/why-self-signed-certificates) by default.

Instead of generating a new certificate through this resource you can use an existing certificate and simply reference the appropriate thumbprint when registering the target.

### State Persistence
This resource that is generated will be stored in the state file and cannot be retrieved later from the external Octopus Server or Tentacle.

@tleed5 tleed5 merged commit b576e75 into main May 14, 2024
37 checks passed
@tleed5 tleed5 deleted the tl/add-kubernetes-agent branch May 14, 2024 04:01
@tleed5 tleed5 mentioned this pull request May 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zentron zentron zentron approved these changes

@APErebus APErebus APErebus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for Kubernetes Agent deployment target
3 participants
@tleed5 @APErebus @zentron