-
Notifications
You must be signed in to change notification settings - Fork 459
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move breaking change details into separate docs. add notice on v7.0.0 (…
…#355) * move breaking change detials into separate docs. add notice on v7.0.0
- Loading branch information
1 parent
5419474
commit ca7a93d
Showing
4 changed files
with
138 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
# Notice on Upgrade to v5.x | ||
|
||
V5.0.0 is a major version upgrade and a lot of breaking changes have been introduced. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident. | ||
|
||
Running the `terraform plan` first to inspect the plan is strongly advised. | ||
|
||
## Terraform and terraform-provider-azurerm version restrictions | ||
|
||
Now Terraform core's lowest version is v1.2.0 and terraform-provider-azurerm's lowest version is v3.21.0. | ||
|
||
## variable `user_assigned_identity_id` has been renamed. | ||
|
||
variable `user_assigned_identity_id` has been renamed to `identity_ids` and it's type has been changed from `string` to `list(string)`. | ||
|
||
## `addon_profile` in outputs is no longer available. | ||
|
||
It has been broken into the following new outputs: | ||
|
||
* `aci_connector_linux` | ||
* `aci_connector_linux_enabled` | ||
* `azure_policy_enabled` | ||
* `http_application_routing_enabled` | ||
* `ingress_application_gateway` | ||
* `ingress_application_gateway_enabled` | ||
* `key_vault_secrets_provider` | ||
* `key_vault_secrets_provider_enabled` | ||
* `oms_agent` | ||
* `oms_agent_enabled` | ||
* `open_service_mesh_enabled` | ||
|
||
## The following variables have been renamed from `enable_xxx` to `xxx_enabled` | ||
|
||
* `enable_azure_policy` has been renamed to `azure_policy_enabled` | ||
* `enable_http_application_routing` has been renamed to `http_application_routing_enabled` | ||
* `enable_ingress_application_gateway` has been renamed to `ingress_application_gateway_enabled` | ||
* `enable_log_analytics_workspace` has been renamed to `log_analytics_workspace_enabled` | ||
* `enable_open_service_mesh` has been renamed to `open_service_mesh_enabled` | ||
* `enable_role_based_access_control` has been renamed to `role_based_access_control_enabled` | ||
|
||
## `nullable = true` has been added to the following variables so setting them to `null` explicitly will use the default value | ||
|
||
* `log_analytics_workspace_enable` | ||
* `os_disk_type` | ||
* `private_cluster_enabled` | ||
* `rbac_aad_managed` | ||
* `rbac_aad_admin_group_object_ids` | ||
* `network_policy` | ||
* `enable_node_public_ip` | ||
|
||
## `var.admin_username`'s default value has been removed | ||
|
||
In v4.x `var.admin_username` has a default value `azureuser` and has been removed in V5.0.0. Since the `admin_username` argument in `linux_profile` block is a ForceNew argument, any value change to this argument will trigger a Kubernetes cluster replacement **SO THE EXTREME CAUTION MUST BE TAKEN**. The module's callers must set `var.admin_username` to `azureuser` explicitly if they didn't set it before. | ||
|
||
## `module.ssh-key` has been removed | ||
|
||
The file named `private_ssh_key` which contains the tls private key will be deleted since the `local_file` resource has been removed. Now the private key is exported via `generated_cluster_private_ssh_key` in output and the corresponding public key is exported via `generated_cluster_public_ssh_key` in output. | ||
|
||
A `moved` block has been added to relocate the existing `tls_private_key` resource to the new address. If the `var.admin_username` is not `null`, no action is needed. | ||
|
||
Resource `tls_private_key`'s creation now is conditional. Users may see the destruction of existing `tls_private_key` in the generated plan if `var.admin_username` is `null`. | ||
|
||
## `system_assigned_identity` in the output has been renamed to `cluster_identity` | ||
|
||
The `system_assigned_identity` was: | ||
|
||
```hcl | ||
output "system_assigned_identity" { | ||
value = azurerm_kubernetes_cluster.main.identity | ||
} | ||
``` | ||
|
||
Now it has been renamed to `cluster_identity`, and the block has been changed to: | ||
|
||
```hcl | ||
output "cluster_identity" { | ||
description = "The `azurerm_kubernetes_cluster`'s `identity` block." | ||
value = try(azurerm_kubernetes_cluster.main.identity[0], null) | ||
} | ||
``` | ||
|
||
The callers who used to read the cluster's identity block need to remove the index in their expression, from `module.aks.system_assigned_identity[0]` to `module.aks.cluster_identity`. | ||
|
||
## The following outputs are now sensitive. All outputs referenced them must be declared as sensitive too | ||
|
||
* `client_certificate` | ||
* `client_key` | ||
* `cluster_ca_certificate` | ||
* `generated_cluster_private_ssh_key` | ||
* `host` | ||
* `kube_admin_config_raw` | ||
* `kube_config_raw` | ||
* `password` | ||
* `username` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Notice on Upgrade to v6.x | ||
|
||
We've added a CI pipeline for this module to speed up our code review and to enforce a high code quality standard, if you want to contribute by submitting a pull request, please read [Pre-Commit & Pr-Check & Test](#Pre-Commit--Pr-Check--Test) section, or your pull request might be rejected by CI pipeline. | ||
|
||
A pull request will be reviewed when it has passed Pre Pull Request Check in the pipeline, and will be merged when it has passed the acceptance tests. Once the ci Pipeline failed, please read the pipeline's output, thanks for your cooperation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Notice on Upgrade to v7.x | ||
|
||
## Add validation block to enforce users to change `sku_tier` from `Paid` to `Standard` | ||
|
||
AzureRM's minimum version is `>= 3.51, < 4.0` now. | ||
[`var.sku_tier` cannot be set to `Paid` anymore](https://github.com/hashicorp/terraform-provider-azurerm/issues/20887), now possible values are `Free` and `Standard`. | ||
|
||
## Ignore changes on `kubernetes_version` from outside of Terraform | ||
|
||
Related issue: #335 | ||
|
||
Two new resources would be created when upgrading from v6.x to v7.x: | ||
|
||
* `null_resource.kubernetes_version_keeper` | ||
* `azapi_update_resource.aks_cluster_post_create` | ||
|
||
`azurerm_kubernetes_cluster.main` resource would ignore change on `kubernetes_version` from outside of Terraform in case AKS cluster's patch version has been upgraded automatically. | ||
When you change `var.kubernetes_version`'s value, it would trigger a re-creation of `null_resource.kubernetes_version_keeper` and re-creation of `azapi_update_resource.aks_cluster_post_create`, which would upgrade the AKS cluster's `kubernetes_version`. | ||
|
||
`azapi` provider is required to be configured in your Terraform configuration. | ||
|
||
## Fix #315 by amending missing `linux_os_config` block | ||
|
||
In v6.0, `default_node_pool.linux_os_config` block won't be added to `azurerm_kubernetes_cluster.main` resource when `var.enable_auto_scaling` is `true`. This bug has been fixed in v7.0.0 so you might see a diff on `azurerm_kubernetes_cluster.main` resource. | ||
|
||
## Wrap `log_analytics_solution_id` to an object to fix #263. | ||
|
||
`var.log_analytics_solution_id` is now an object with `id` attribute. This change is to fix #263. | ||
|
||
## Remove unused net_profile_docker_bridge_cidr | ||
|
||
`var.net_profile_docker_bridge_cidr` has been [deprecated](https://github.com/hashicorp/terraform-provider-azurerm/issues/18119) and is not used in the module anymore and has been removed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters