Update dependency dagger/dagger to v0.13.3 #43

renovate · 2022-11-30T23:17:19Z

This PR contains the following updates:

Package	Update	Change
dagger/dagger	minor	`0.2.36` -> `0.13.3`

Release Notes

dagger/dagger (dagger/dagger)

`v0.13.3`

Compare Source

Fixed

fixed version nag showing up even when up-to-date by @vito in https://github.com/dagger/dagger/pull/8521

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.13.2`

Compare Source

Added

New Container.up API by @rajatjindal in https://github.com/dagger/dagger/pull/8479
This is an alias to .AsService().Up().

Fixed

removed noisy "check for updates" span by @vito in https://github.com/dagger/dagger/pull/8491
fix log output having extra blank lines by @vito in https://github.com/dagger/dagger/pull/8500

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.13.1`

Compare Source

Added

Added new methods Container.withoutFiles and Directory.withoutFiles by @jedevc in https://github.com/dagger/dagger/pull/8216
Add Container.withAnnotation to set OCI annotations by @aluzzardi in https://github.com/dagger/dagger/pull/8409
ignore combined with defaultPath now works if the module is fetch from git instead of local by @TomChv in https://github.com/dagger/dagger/pull/8430
New Directory.withoutFiles and Container.withoutFiles core APIs by @jedevc in https://github.com/dagger/dagger/pull/8216
These can be used to remove multiple files from a filesystem in one call.

Fixed

Fix Directory.digest on scratch directory by @jedevc in https://github.com/dagger/dagger/pull/8445
Allow private secrets to pass between different modules by @jedevc in https://github.com/dagger/dagger/pull/8358
Handle session-wide cached functions that return secrets by @jedevc in https://github.com/dagger/dagger/pull/8358
cli: fix plaintext being printed on screen when calling a function that returns a dagger.Secret by @helderco in https://github.com/dagger/dagger/pull/8468

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.13.0`

Compare Source

🔥 Breaking Changes

Remove deprecated fields and arguments by @jedevc in https://github.com/dagger/dagger/pull/8065
- Remove Container.withExec's skipEntrypoint argument - this is now the default (see useEntrypoint)
- Remove pipeline, Container.pipeline and Directory.pipeline
- Remove GitModuleSource.cloneURL (see GitModuleSource.cloneRef)

Added

Added new Directory.digest and ModuleSource.digest fields by @jedevc in https://github.com/dagger/dagger/pull/8282
These fields mirror the behavior of the File.digest field, computing a
unique cryptographic digest over the contents of the object.
TUI: add --no-exit/-E so you can poke around after the call completes by @vito in https://github.com/dagger/dagger/pull/8389

Changed

The trace url is printed just before the final output to make it easy to find by @rajatjindal in https://github.com/dagger/dagger/pull/8366
Also, the url will be printed only for a subset of dagger commands to reduce noise.
Increase the minimum connect timeout from 1s to 3s by @neutronth in https://github.com/dagger/dagger/pull/8328
Connecting to a distant remote engine could otherwise fail if it was not reachable in 1s.

Fixed

Fixed void types from core incorrectly being seen as named scalars by @helderco in https://github.com/dagger/dagger/pull/8336
Fix setting secrets on module object in constructor by @sipsma in https://github.com/dagger/dagger/pull/8149
Allow top-level field access with no constructor by @jedevc in https://github.com/dagger/dagger/pull/8331
Previously, if a field access was made immediately after the default constructor was called, then the access would fail.
Plain progress correctly displays carriage returns by @jedevc in https://github.com/dagger/dagger/pull/8347
Carriage returns could previously render weirdly in the output, displaying empty lines, and similar visual glitches.
cli: Fix default value on Platform flag by @helderco in https://github.com/dagger/dagger/pull/8360

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.7`

Compare Source

Fixed

Fixed regression in module ref parsing for no-protocol refs that had version suffixes by @jedevc in https://github.com/dagger/dagger/pull/8298
Make Git.tags URL parsing consistent with Git.tree by @jedevc in https://github.com/dagger/dagger/pull/8298
Load specified version when loading php or elixir sdk by @rajatjindal in https://github.com/dagger/dagger/pull/8297

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.6`

Compare Source

Added

Add new context directory support by @TomChv in https://github.com/dagger/dagger/pull/7744
This allows accessing their own source directory, without needing to
explicitly pass directories around.
Support private modules with new SSH ref scheme and forward of SSH agent by @grouville in https://github.com/dagger/dagger/pull/7708
- Go-like public module refs (currently used) remain active
- HTTP / HTTPS schemes are now supported as alternative public module refs
- SSH refs are introduced, with support of SCP-like refs git@provider:user/repo and explicit ssh://provider/user/repo
Implements CLI call argument --interactive-command for overriding the default command used in interactive mode by @samalba in https://github.com/dagger/dagger/pull/8171

Fixed

Error out if non-existent local module directory is passed to CLI by @jedevc in https://github.com/dagger/dagger/pull/8193
The file-not-found errors were previously silently ignored for the top-level
module passed in the CLI.
Silence noisy failed to get repo HEAD CLI error by @jedevc in https://github.com/dagger/dagger/pull/8189
Fix performance issues in Container.withExec after using withMountedTemp or withMountedSecret by @jedevc in https://github.com/dagger/dagger/pull/8180

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.5`

Compare Source

Added

cli: allow calling core functions directly by @helderco in https://github.com/dagger/dagger/pull/7310
Usage: dagger core <function>
Example: dagger core container from --address=alpine terminal

Works the same as dagger call, but instead of loading a user module,
it only uses functions from the core API.

Run dagger core --help for available functions.

Note that this command is experimental and the DX for calling core functions
in the CLI may change in the future.
New SDK aliases for elixir and php by @jedevc in https://github.com/dagger/dagger/pull/8067
SDKs with experimental module support (elixir and php) can now be accessed
using --sdk=<sdk> (such as --sdk=elixir and --sdk=php respectively)
instead of the full form
--sdk=github.com/dagger/dagger/sdk/<sdk>@<version>.
Add File.digest method by @TomChv in https://github.com/dagger/dagger/pull/8114
This method provides an efficient way to compute a file's digest, which
unlock optimized file comparison or check for file changes.
Bundle CLI in the Engine image so that both parts of Dagger (CLI+Engine) ship as a single artefact by @gerhard in https://github.com/dagger/dagger/pull/8147

Changed

Reimplemented the OpenTelemetry data pipeline to avoid hangs and other complications by @vito in https://github.com/dagger/dagger/pull/7996

Fixed

Fix Directory.glob to correctly handle globs with subdir prefixes by @jedevc in https://github.com/dagger/dagger/pull/8110
Previously, attempting to glob with a prefix subdir in a pattern like
<subdir>/* would not match any files. This should now be fixed, and files
in <subdir> will now be correctly matched.
Fix failed to collect IDs from parent fields error when module objects contain fields with nil values by @jedevc/@sipsma in https://github.com/dagger/dagger/pull/8132
Fixed enum lists in modules by @helderco in https://github.com/dagger/dagger/pull/8096
Fixed referring to module's own objects/interfaces/enums in constructor signature by @jedevc in https://github.com/dagger/dagger/pull/8115
Previously, modules would fail to launch if they declared a constructor that
contained a reference to a type from it's own module in it's args.
Fixed using custom enum types as optional arguments by @jedevc in https://github.com/dagger/dagger/pull/8148
Previously, function calls that defined an optional argument would not be
callable.
Make retrieving secret from command works on Windows by @wingyplus in https://github.com/dagger/dagger/pull/8121

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.4`

Compare Source

Changed

Deprecate old pipeline APIs by @jedevc in https://github.com/dagger/dagger/pull/8064
These operations have been no-ops since v0.11.0, and will be removed in v0.13.0.

Fixed

Fix errors when using Dockerfile builds from module functions that have secrets by @sipsma in https://github.com/dagger/dagger/pull/8049
Fix dagger terminal prompt with debian-based images by @vmaffet in https://github.com/dagger/dagger/pull/7960
Fix occasional leaks in secret scrubbing algorithm by @jedevc in https://github.com/dagger/dagger/pull/8047
Fix frequent context switches in --progress=plain output by @jedevc in https://github.com/dagger/dagger/pull/7956
Extend multi git server support to Azure devOps by @grouville in https://github.com/dagger/dagger/pull/8063
Our support for Azure refs was broken on monorepos. We special-case Azure
DevOps since it doesn't work with the go standard convention of discovering
the root of a git repository

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.3`

Compare Source

Added

cli: propagate exit code from function by @helderco in https://github.com/dagger/dagger/pull/8019

Fixed

Fix rare condition in which clients could use wrong files in filesync by @sipsma in https://github.com/dagger/dagger/pull/7900
Fix missing secret errors when secrets are set in objects fields during chained function calls by @sipsma in https://github.com/dagger/dagger/pull/8011

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.2`

Compare Source

Changed

dagger init now generates files in the current directory by default and no longer in ./dagger by @TomChv in https://github.com/dagger/dagger/pull/7824

Fixed

cli: fix handling of enum default values by @helderco in https://github.com/dagger/dagger/pull/8000
cli: fix Cloud traces and GitHub checks always being succeeded by @vito in https://github.com/dagger/dagger/pull/8001
- note: this only affects telemetry; the command itself still fails.

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.1`

Compare Source

Added

cli: add support for passing Sockets as arguments from the CLI to Functions by @sipsma in https://github.com/dagger/dagger/pull/7804
cli: new --compat flag for develop to target a specific api version by @jedevc in https://github.com/dagger/dagger/pull/7948

Changed

cloud: traces are not uploaded for dagger version/dagger login/dagger logout/etc by @jedevc in https://github.com/dagger/dagger/pull/7928

Fixed

core: allow @ in local module name by @grouville in https://github.com/dagger/dagger/pull/7891
cli: fix dagger version sometimes disappearing by @jedevc in https://github.com/dagger/dagger/pull/7919
cli: avoid api errors when calling modules in compat mode by @jedevc in https://github.com/dagger/dagger/pull/7924

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.12.0`

Compare Source

This release is significant. All details (including videos & code examples)
are captured in this blog post.

🔥 Breaking Changes

sdk: Various breaking changes to the Go SDK
See the SDK-specific release notes for more information.
api: Align Container.withNewFile signature with Directory.withNewFile by @helderco in https://github.com/dagger/dagger/pull/7293
Callers of Container.withNewFile will need to change contents from optional to required argument.
api: Skip entrypoint by default in withExec by @helderco in https://github.com/dagger/dagger/pull/7136
Callers relying on a Container's entrypoint will need to be updated
to opt-in with useEntrypoint.
api: Don't fallback to the default command on Container.stdout and Container.stderr by @helderco in https://github.com/dagger/dagger/pull/7857
Callers of stdout and stderr without a previous withExec will need to
insert an explicit empty withExec.
api: Container.terminal now returns a Container by @aluzzardi in https://github.com/dagger/dagger/pull/7586
Callers of terminal will need be updated to handle the updated type.
api: Return absolute path on export instead of boolean by @helderco in https://github.com/dagger/dagger/pull/7500
Callers expecting a boolean return will need to be updated to instead
handle a string path.
api: Removed deprecated sshAuthSocket and sshKnownHosts args from GitRef.tree by @jedevc in https://github.com/dagger/dagger/pull/6934
Callers should instead attach these arguments onto the top-level git call.
api: Removed id parameters for container, directory and socket by @jedevc in https://github.com/dagger/dagger/pull/6934
Users of these parameters should instead use the standalone
loadContainerFromID, loadDirectoryFromID and loadSocketFromID
respectively.
api: Removed checkVersionCompatibility field (versioning checks are now automatically performed on all connections) by @jedevc in https://github.com/dagger/dagger/pull/7751
Versioning checks are now all automatically performed on all connections, and
never need to be manually performed through the API.

Upgrade Instructions

Thanks to the new compatibility mode feature, these breaking changes should not
impact any existing Modules immediately. dagger call should still work on
v0.12.0 without any changes to your Module code (any compat issues for modules
are likely a bug, please report!)

After upgrading to Engine v0.12.0, you can upgrade your Module to use the
latest v0.12.0 APIs by running dagger develop. That will update the
engineVersion field of your module's dagger.json configuration file to
v0.12.0 and enable the new APIs.

After that, if your code is impacted by any of the breaking changes, you will
see errors when running dagger call. Once the errors are fixed, dagger call
will work again and your module can be updated in Daggerverse if desired.

More detailed instructions on addressing the individual API incompatible
changes can be found in the PR descriptions linked above.

Added

api: terminal can be inserted into the middle of Container and Directory pipelines to pop an interactive shell by @aluzzardi in https://github.com/dagger/dagger/pull/7586
api: Introduced module versioning compatibility by @jedevc in https://github.com/dagger/dagger/pull/7759
tui: Improved progress navigation and verbosity settings by @vito in https://github.com/dagger/dagger/pull/7671
cli: Add -q flag and DAGGER_QUIET=1 to restore previous verbosity default by @vito in https://github.com/dagger/dagger/pull/7822
cli: Expand tilde (~) in file, directory and secret file argument by @wingyplus in https://github.com/dagger/dagger/pull/7818
api: Add git tags API by @grouville in https://github.com/dagger/dagger/pull/7742
api: Add core APIs for local cache state by @sipsma in https://github.com/dagger/dagger/pull/7767

Changed

cli: Print module object fields with dagger call by @helderco in https://github.com/dagger/dagger/pull/7479

Fixed

cli: Allow absolute paths for local module paths by @Michael Albers in https://github.com/dagger/dagger/pull/7476
cli: Generate LICENSE only if --sdk is set on dagger develop by @TomChv in https://github.com/dagger/dagger/pull/7719
core: Correctly set new engine gc policy defaults by @jedevc in https://github.com/dagger/dagger/pull/7749
tui: plain progress output updated to not use hyperlinks by @jedevc in https://github.com/dagger/dagger/pull/7754
core: Prevent service healthchecks from using too long a retry interval by @sipsma in https://github.com/dagger/dagger/pull/7848

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.9`

Compare Source

Fixed

Fix engine local disk cache growing indefinitely by @sipsma in https://github.com/dagger/dagger/pull/7738

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.8`

Compare Source

🔥Breaking Changes

core: when manually connecting cli and engine, versions must be at least v0.11.8 by @sipsma in https://github.com/dagger/dagger/pull/7643

Added

core: allow hosting modules outside of GitHub by @grouville in https://github.com/dagger/dagger/pull/7511

Changed

core: generate license only if code has been generated by @TomChv in https://github.com/dagger/dagger/pull/7658
windows: enhanced windows install script by @pjmagee and @angrybat in https://github.com/dagger/dagger/pull/7445 https://github.com/dagger/dagger/pull/7569 https://github.com/dagger/dagger/pull/7659

Fixed

core: fixed telemetry draining when clients exit uncleanly by @vito in https://github.com/dagger/dagger/pull/7660
cli: fixed infinite loop when simplifying on high verbosity levels by @jedevc in https://github.com/dagger/dagger/pull/7679
cli: improve chunking of plain progress logs by @jedevc in https://github.com/dagger/dagger/pull/7653

Dependencies

core: revert iptables to legacy to avoid use of nftables by @marcosnils in https://github.com/dagger/dagger/pull/7670

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.7`

Compare Source

🔥 Breaking Changes

core: when manually connecting cli and engine, versions must be at least v0.11.7 by @jedevc in https://github.com/dagger/dagger/pull/7031
sdk: runtime module interface accepts schema as File instead of string for improved performance by @sipsma in https://github.com/dagger/dagger/pull/7549

Changed

core: engine gc policy is less aggressive by @marcosnils in https://github.com/dagger/dagger/pull/7563
cli: minor improvements to progress viewer by @jedevc in https://github.com/dagger/dagger/pull/7474
cli: decrease connect timeout in gRPC dial by @marcosnils in https://github.com/dagger/dagger/pull/7612

Fixed

core: fix File.export to local Windows client by @wingyplus in https://github.com/dagger/dagger/pull/7564
core: handle secrets in dockerfile builds with syntax directives by @jedevc in https://github.com/dagger/dagger/pull/7595
core: improved telemetry draining and prevents hangs by @vito in https://github.com/dagger/dagger/pull/7452

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.6`

Compare Source

Added

Add withName method to File by @TomChv in https://github.com/dagger/dagger/pull/7491

Fixed

cli: don't validate flags when requesting --help by @helderco in https://github.com/dagger/dagger/pull/7417
fix container init being wrong platform in arm image by @sipsma in https://github.com/dagger/dagger/pull/7497
fix container DNS resolution when host has no search domains by @sipsma in https://github.com/dagger/dagger/pull/7501
honor system proxy config during git operations by @sipsma in https://github.com/dagger/dagger/pull/7504
fix windows-style paths used as file+directory arg values in dagger call by @sipsma in https://github.com/dagger/dagger/pull/7506

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.5`

Compare Source

Added

cli: dagger login cloud traces support by @aluzzardi in https://github.com/dagger/dagger/pull/7125
cli: improved --progress=plain implementation for better visibility by @jedevc in https://github.com/dagger/dagger/pull/7272

Changed

cli: cleaner tty progress view by @jedevc in https://github.com/dagger/dagger/pull/7347 https://github.com/dagger/dagger/pull/7371 https://github.com/dagger/dagger/pull/7386
cli: don't show functions that can't be called by @helderco in https://github.com/dagger/dagger/pull/7418
cli: don't show inherited flags in function commands by @helderco in https://github.com/dagger/dagger/pull/7419
core: remove shim and switch to dumb-init by @sipsma in https://github.com/dagger/dagger/pull/7367

Fixed

core: fixed custom CA certs in modules by @sipsma in https://github.com/dagger/dagger/pull/7356
cli: don't validate flags when requesting --help by @helderco in https://github.com/dagger/dagger/pull/7417

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.4`

Compare Source

Fixed

cli: Fix panic when calling function with list of scalars by @jedevc in https://github.com/dagger/dagger/pull/7322
Avoid hang caused by client id conflicts by @sipsma in https://github.com/dagger/dagger/pull/7335
Avoid unneccessary module cache invalidation from internal plumbing values by @sipsma in https://github.com/dagger/dagger/pull/7336

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.3`

Compare Source

🔥 Breaking Changes

cli: remove space stripping from secret arguments by @marcosnils in https://github.com/dagger/dagger/pull/7271

Added

Added support for custom scalars and enums in function arguments by @jedevc in https://github.com/dagger/dagger/pull/7158
Added support for propagating system proxy settings by @sipsma in https://github.com/dagger/dagger/pull/7255
api: Added Container.withoutSecretVariable by @helderco in https://github.com/dagger/dagger/pull/7291
api: Added Container.withoutDirectory and Container.withoutFile by @helderco in https://github.com/dagger/dagger/pull/7292

Changed

cli: Added a visual cue for required flags in --help by @grouville in https://github.com/dagger/dagger/pull/7262
cli: Conventionalized usage syntax in --help by @grouville in https://github.com/dagger/dagger/pull/7143
cli: Use "functions" and "arguments" in dagger call --help by @helderco in https://github.com/dagger/dagger/pull/7286

Fixed

api: Set Container.platform correctly when using Container.from by @marcosnils in https://github.com/dagger/dagger/pull/7298
Avoid intermittent failed to get state for index errors by @sipsma in https://github.com/dagger/dagger/pull/7295 https://github.com/dagger/dagger/pull/7309
Avoid panic when masked parent is missing by @vito in https://github.com/dagger/dagger/pull/7227
Fix terminal broken on Windows by @wingyplus in https://github.com/dagger/dagger/pull/7305

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.2`

Compare Source

Added

New version field to get engine version details by @jedevc in https://github.com/dagger/dagger/pull/7029

Changed

cli: style headings in BOLD UPPERCASE to help break sections visually by @grouville in https://github.com/dagger/dagger/pull/7126
cli: remove discrepancy in usage between dagger query and the rest of the commands by @grouville in https://github.com/dagger/dagger/pull/7124
cli: move arguments section below functions/commands in usage, for better readability by @grouville in https://github.com/dagger/dagger/pull/7134
cli: adopt options terminology instead of flags by @grouville in https://github.com/dagger/dagger/pull/7170

Fixed

Fixed more windows path issues by @jedevc in https://github.com/dagger/dagger/pull/7118
cli: Fixed using --help after arguments in dagger functions by @helderco in https://github.com/dagger/dagger/pull/7187

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.1`

Compare Source

Added

Add withAuthToken and withAuthHeader fields to GitRepository by @jedevc in https://github.com/dagger/dagger/pull/6992

Fixed

Restored plain progress output after removal in v0.11.0 by @morlay in https://github.com/dagger/dagger/pull/7069
Fixed various windows regressions by @jedevc in https://github.com/dagger/dagger/pull/7003 https://github.com/dagger/dagger/pull/7050 https://github.com/dagger/dagger/pull/7095
Git can now be used with dumb HTTP clones by @jedevc in https://github.com/dagger/dagger/pull/6992

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.11.0`

Compare Source

🔥 Breaking Changes

Old clients <=0.10.3 cannot connect to a new >=v0.11.0 engine
Old progress interfaces removed by @vito in https://github.com/dagger/dagger/pull/6835
--focus CLI flag removed by @vito in https://github.com/dagger/dagger/pull/6835

Added

Add OTEL trace exports by @vito in https://github.com/dagger/dagger/pull/6835
Add Head field to GitRepository to get the default branch by @jedevc in https://github.com/dagger/dagger/pull/6994

Fixed

Fix DOCKER_HOST not working when DAGGER_CLOUD_TOKEN set by @sipsma in https://github.com/dagger/dagger/pull/7006

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.10.3`

Compare Source

Added

Add support for wipe arg to Directory.export by @sipsma in https://github.com/dagger/dagger/pull/6909
Add new Secret.Name field by @jedevc in https://github.com/dagger/dagger/pull/6924
Support directory arg filtering via views by @sipsma in https://github.com/dagger/dagger/pull/6857
Make automatic .gitignore creation for modules configurable by @sipsma in https://github.com/dagger/dagger/pull/6888

Changed

Allow id as argument name to functions by @sipsma in https://github.com/dagger/dagger/pull/6912

Fixed

Fix Container.withFiles not respecting absolute paths by @helderco in https://github.com/dagger/dagger/pull/6879
Fix Directory.glob on directories with a sub path by @helderco in https://github.com/dagger/dagger/pull/6904
Allow unicode parent path components by @jedevc in https://github.com/dagger/dagger/pull/6925

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.10.2`

Compare Source

Fixed

Fix panic on unset default terminal arg by @TomChv in https://github.com/dagger/dagger/pull/6838
Trim spaces on file and command secret source inputs by @kpenfound in https://github.com/dagger/dagger/pull/6845
Fix name conflicts with Query by @jedevc in https://github.com/dagger/dagger/pull/6849
Propagate GraphQL client to child clients by @jedevc in https://github.com/dagger/dagger/pull/6851
Prevent glob from returning duplicate directories by @jedevc in https://github.com/dagger/dagger/pull/6852
Do find-up of dagger.json for all relevant commands (works from subdirs) by @sipsma in https://github.com/dagger/dagger/pull/6860

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.10.1`

Compare Source

Added

Allow passing git URLs to dagger call file type args by @jedevc in https://github.com/dagger/dagger/pull/6769
Support privileges and nesting in default terminal command by @TomChv in https://github.com/dagger/dagger/pull/6805

Fixed

Fix panic in Contents for massive files by @jedevc in https://github.com/dagger/dagger/pull/6772
Dagger go modules default to the module name instead of "main" by @jedevc in https://github.com/dagger/dagger/pull/6774
Fix a regression where secrets used with dockerBuild could error out by @jedevc in https://github.com/dagger/dagger/pull/6809
Fix goroutine and memory leaks in engine by @sipsma in https://github.com/dagger/dagger/pull/6760
Fix potential name clash with "Client" in Go functions by @jedevc in https://github.com/dagger/dagger/pull/6716

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.10.0`

Compare Source

Added

New Dagger functions and modules
- Modules allow bundling up and sharing reuable pipeline functions in a
  cross-language way.
- New CLI commands (such as dagger call) provide a consistent interface
  to easily invoke functions inside modules.
- A new TUI interface allows easily following along with what's going on.

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.11`

Compare Source

Fixed

Improve docker error logging by @jedevc in https://github.com/dagger/dagger/pull/6676

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.10`

Compare Source

Added

Add new Directory.WithFiles and Container.WithFiles by @tomasmota in https://github.com/dagger/dagger/pull/6556

Fixed

Avoid panic in secret scrubber caused by similar secret names @jedevc in https://github.com/dagger/dagger/pull/6641

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.9`

Compare Source

Added

Add new Git.ref function by @jedevc in https://github.com/dagger/dagger/pull/6376

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.8`

Compare Source

🔥 Breaking Changes

Service.Stop now uses SIGTERM instead of SIGKILL by default by @jedevc in https://github.com/dagger/dagger/pull/6354

Added

Add option to skip healthcheck on exposed ports by @KGB33 in https://github.com/dagger/dagger/pull/6214
New kill option for Service.Stop by @jedevc in https://github.com/dagger/dagger/pull/6354

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.7`

Compare Source

Added

New File.name field by @jedevc in https://github.com/dagger/dagger/pull/6431

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.6`

Compare Source

🔥 Breaking Changes

Argument to withDefaultArgs is now required by @helderco in https://github.com/dagger/dagger/pull/6281

Fixed

Fix shim panic when exec-ing an unknown command by @Juneezee in https://github.com/dagger/dagger/pull/6356
Fix potential panic when exporting cache by @jedevc in https://github.com/dagger/dagger/pull/6378
Fix concurrent map access in api server by @jedevc in https://github.com/dagger/dagger/pull/6388

What to do next?

Read the documentation
Join our Discord server
Follow us on Twitter

`v0.9.5`

Compare Source

Added

New withoutEntryoint and withoutDefaultArgs fields by @helderco in https://github.com/dagger/dagger/pull/6278

Fixed

Clear defaultArgs on `w

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2022-11-30T23:18:33Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-mxcnMvQtbznRKgZk

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...
random_id.cluster_id: Refreshing state... [id=E40GLQ]
digitalocean_loadbalancer.this: Refreshing state... [id=f6ce579e-14a8-4958-bb45-ca67f26b212d]
digitalocean_record.loadbalancer_subdomain: Refreshing state... [id=306458646]
digitalocean_kubernetes_cluster.this: Refreshing state... [id=a4a2d3de-c7e7-4baa-b487-b558044f2530]
module.gatekeeper.helm_release.gatekeeper: Refreshing state... [id=gatekeeper]
module.ingress_controller.helm_release.ingress_nginx: Refreshing state... [id=ingress-nginx]
module.gatekeeper.kubectl_manifest.uniqueingresshost_template: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost]
module.external_dns.kubernetes_namespace.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cert_manager: Refreshing state... [id=cert-manager]
module.gatekeeper.kubectl_manifest.uniqueingresshost_constraint: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8suniqueingresshosts/unique-ingress-host]
module.external_dns.kubernetes_secret.digital_ocean_token: Refreshing state... [id=external-dns/digital-ocean-token]
module.external_dns.helm_release.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cluster_issuer: Refreshing state... [id=cluster-issuer]
module.ntfy.helm_release.nfty: Refreshing state... [id=ntfy]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # digitalocean_kubernetes_cluster.this has changed
  ~ resource "digitalocean_kubernetes_cluster" "this" {
        id             = "a4a2d3de-c7e7-4baa-b487-b558044f2530"
        name           = "k8s-nyc3-138d062d"
        tags           = []
      ~ updated_at     = "2022-11-18 03:00:27 +0000 UTC" -> "2022-11-25 03:00:38 +0000 UTC"
        # (14 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }

  # digitalocean_loadbalancer.this has changed
  ~ resource "digitalocean_loadbalancer" "this" {
      + http_idle_timeout_seconds        = 60
        id                               = "f6ce579e-14a8-4958-bb45-ca67f26b212d"
        name                             = "lb-nyc3-138d062d"
      + project_id                       = "3c3f8e34-d0f6-453a-aa48-cc85a072b376"
        # (12 unchanged attributes hidden)



        # (4 unchanged blocks hidden)
    }

  # module.ntfy.helm_release.nfty has changed
  ~ resource "helm_release" "nfty" {
        id                         = "ntfy"
        name                       = "ntfy"
        # (26 unchanged attributes hidden)

      ~ set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

No changes. Your infrastructure matches the configuration.

Your configuration already matches the changes detected above. If you'd like
to update the Terraform state to match, create and apply a refresh-only plan.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2022-12-01T21:59:12Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-wNGpYrTxTErdAxTy

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...
random_id.cluster_id: Refreshing state... [id=E40GLQ]
digitalocean_loadbalancer.this: Refreshing state... [id=f6ce579e-14a8-4958-bb45-ca67f26b212d]
digitalocean_record.loadbalancer_subdomain: Refreshing state... [id=306458646]
digitalocean_kubernetes_cluster.this: Refreshing state... [id=a4a2d3de-c7e7-4baa-b487-b558044f2530]
module.gatekeeper.helm_release.gatekeeper: Refreshing state... [id=gatekeeper]
module.ingress_controller.helm_release.ingress_nginx: Refreshing state... [id=ingress-nginx]
module.gatekeeper.kubectl_manifest.uniqueingresshost_template: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost]
module.external_dns.kubernetes_namespace.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cert_manager: Refreshing state... [id=cert-manager]
module.gatekeeper.kubectl_manifest.uniqueingresshost_constraint: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8suniqueingresshosts/unique-ingress-host]
module.external_dns.kubernetes_secret.digital_ocean_token: Refreshing state... [id=external-dns/digital-ocean-token]
module.external_dns.helm_release.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cluster_issuer: Refreshing state... [id=cluster-issuer]
module.ntfy.helm_release.nfty: Refreshing state... [id=ntfy]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # digitalocean_kubernetes_cluster.this has changed
  ~ resource "digitalocean_kubernetes_cluster" "this" {
        id             = "a4a2d3de-c7e7-4baa-b487-b558044f2530"
      ~ kube_config    = (sensitive value)
        name           = "k8s-nyc3-138d062d"
        tags           = []
      ~ updated_at     = "2022-11-18 03:00:27 +0000 UTC" -> "2022-11-25 03:00:38 +0000 UTC"
        # (13 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }

  # digitalocean_loadbalancer.this has changed
  ~ resource "digitalocean_loadbalancer" "this" {
      + http_idle_timeout_seconds        = 60
        id                               = "f6ce579e-14a8-4958-bb45-ca67f26b212d"
        name                             = "lb-nyc3-138d062d"
      + project_id                       = "3c3f8e34-d0f6-453a-aa48-cc85a072b376"
        # (12 unchanged attributes hidden)



        # (4 unchanged blocks hidden)
    }

  # module.ntfy.helm_release.nfty has changed
  ~ resource "helm_release" "nfty" {
        id                         = "ntfy"
        name                       = "ntfy"
        # (26 unchanged attributes hidden)

      ~ set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

No changes. Your infrastructure matches the configuration.

Your configuration already matches the changes detected above. If you'd like
to update the Terraform state to match, create and apply a refresh-only plan.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-01-09T18:52:41Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-u9ScKk4i3AZHfFoX

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...
random_id.cluster_id: Refreshing state... [id=E40GLQ]
digitalocean_loadbalancer.this: Refreshing state... [id=f6ce579e-14a8-4958-bb45-ca67f26b212d]
digitalocean_record.loadbalancer_subdomain: Refreshing state... [id=306458646]
digitalocean_kubernetes_cluster.this: Refreshing state... [id=a4a2d3de-c7e7-4baa-b487-b558044f2530]
module.gatekeeper.helm_release.gatekeeper: Refreshing state... [id=gatekeeper]
module.ingress_controller.helm_release.ingress_nginx: Refreshing state... [id=ingress-nginx]
module.gatekeeper.kubectl_manifest.uniqueingresshost_template: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost]
module.gatekeeper.kubectl_manifest.uniqueingresshost_constraint: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8suniqueingresshosts/unique-ingress-host]
module.external_dns.kubernetes_namespace.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cert_manager: Refreshing state... [id=cert-manager]
module.external_dns.kubernetes_secret.digital_ocean_token: Refreshing state... [id=external-dns/digital-ocean-token]
module.external_dns.helm_release.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cluster_issuer: Refreshing state... [id=cluster-issuer]
module.ntfy.helm_release.nfty: Refreshing state... [id=ntfy]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # digitalocean_kubernetes_cluster.this has changed
  ~ resource "digitalocean_kubernetes_cluster" "this" {
        id             = "a4a2d3de-c7e7-4baa-b487-b558044f2530"
      ~ ipv4_address   = "104.131.18.38" -> "174.138.95.33"
      ~ kube_config    = (sensitive value)
        name           = "k8s-nyc3-138d062d"
        tags           = []
      ~ updated_at     = "2022-11-18 03:00:27 +0000 UTC" -> "2023-01-06 03:00:16 +0000 UTC"
      ~ version        = "1.23.10-do.0" -> "1.24.8-do.0"
        # (11 unchanged attributes hidden)


      ~ node_pool {
            id                = "a4df8eeb-69c3-4bd8-8a33-ce52168c1fc0"
            name              = "worker-pool"
          ~ nodes             = [
              ~ {
                  ~ created_at = "2022-11-09 23:41:46 +0000 UTC" -> "2022-12-15 05:08:01 +0000 UTC"
                  ~ droplet_id = "325310735" -> "331305004"
                  ~ id         = "a5842b9d-7617-4a66-9655-b92b39a03289" -> "46cce650-6152-4a41-ab11-4abf9b1ec424"
                  ~ name       = "worker-pool-m8p61" -> "worker-pool-mayrq"
                  ~ updated_at = "2022-11-09 23:42:26 +0000 UTC" -> "2022-12-15 05:08:41 +0000 UTC"
                    # (1 unchanged element hidden)
                },
              ~ {
                  ~ created_at = "2022-11-09 23:41:46 +0000 UTC" -> "2022-12-15 05:08:01 +0000 UTC"
                  ~ droplet_id = "325310734" -> "331305003"
                  ~ id         = "b3678b5a-9780-4cca-bfec-04bce44fe696" -> "74240b33-e8c2-45fb-aa5c-5c124cc787e9"
                  ~ name       = "worker-pool-m8p6z" -> "worker-pool-mayrf"
                  ~ updated_at = "2022-11-09 23:42:26 +0000 UTC" -> "2022-12-15 05:08:41 +0000 UTC"
                    # (1 unchanged element hidden)
                },
            ]
            tags              = []
            # (7 unchanged attributes hidden)
        }
        # (1 unchanged block hidden)
    }

  # digitalocean_loadbalancer.this has changed
  ~ resource "digitalocean_loadbalancer" "this" {
      ~ droplet_ids                      = [
          - 325310734,
          - 325310735,
          + 331305003,
          + 331305004,
        ]
      + http_idle_timeout_seconds        = 60
        id                               = "f6ce579e-14a8-4958-bb45-ca67f26b212d"
        name                             = "lb-nyc3-138d062d"
      + project_id                       = "3c3f8e34-d0f6-453a-aa48-cc85a072b376"
        # (11 unchanged attributes hidden)



        # (4 unchanged blocks hidden)
    }

  # module.ntfy.helm_release.nfty has changed
  ~ resource "helm_release" "nfty" {
        id                         = "ntfy"
        name                       = "ntfy"
        # (26 unchanged attributes hidden)

      ~ set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.gatekeeper.kubectl_manifest.uniqueingresshost_template will be updated in-place
  ~ resource "kubectl_manifest" "uniqueingresshost_template" {
        id                      = "/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost"
        name                    = "k8suniqueingresshost"
      ~ yaml_body               = (sensitive value)
      ~ yaml_body_parsed        = <<-EOT
            apiVersion: templates.gatekeeper.sh/v1
            kind: ConstraintTemplate
            metadata:
              annotations:
                description: |-
                  Requires all Ingress rule hosts to be unique.
                  Does not handle hostname wildcards: https://kubernetes.io/docs/concepts/services-networking/ingress/
                metadata.gatekeeper.sh/requiresSyncData: |
                  "[
                    [
                      {
          -             "groups":["extensions"],
          +             "groups": ["extensions"],
                        "versions": ["v1beta1"],
                        "kinds": ["Ingress"]
                      },
                      {
          -             "group": ["networking.k8s.io"],
          -             "version": ["v1beta1", "v1"],
          -             "kind": ["Ingress"]
          +             "groups": ["networking.k8s.io"],
          +             "versions": ["v1beta1", "v1"],
          +             "kinds": ["Ingress"]
                      }
                    ]
                  ]"
                metadata.gatekeeper.sh/title: Unique Ingress Host
          -     metadata.gatekeeper.sh/version: 1.0.1
          +     metadata.gatekeeper.sh/version: 1.0.2
              name: k8suniqueingresshost
            spec:
              crd:
                spec:
                  names:
                    kind: K8sUniqueIngressHost
              targets:
              - rego: |
                  package k8suniqueingresshost
            
                  identical(obj, review) {
                    obj.metadata.namespace == review.object.metadata.namespace
                    obj.metadata.name == review.object.metadata.name
                  }
            
                  violation[{"msg": msg}] {
                    input.review.kind.kind == "Ingress"
                    re_match("^(extensions|networking.k8s.io)$", input.review.kind.group)
                    host := input.review.object.spec.rules[_].host
                    other := data.inventory.namespace[_][otherapiversion]["Ingress"][name]
                    re_match("^(extensions|networking.k8s.io)/.+$", otherapiversion)
                    other.spec.rules[_].host == host
                    not identical(other, input.review)
                    msg := sprintf("ingress host conflicts with an existing ingress <%v>", [host])
                  }
                target: admission.k8s.gatekeeper.sh
        EOT
        # (12 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-01-09T23:35:22Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-Bqe5JxA1zhDjFaG3

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...
random_id.cluster_id: Refreshing state... [id=E40GLQ]
digitalocean_loadbalancer.this: Refreshing state... [id=f6ce579e-14a8-4958-bb45-ca67f26b212d]
digitalocean_record.loadbalancer_subdomain: Refreshing state... [id=306458646]
digitalocean_kubernetes_cluster.this: Refreshing state... [id=a4a2d3de-c7e7-4baa-b487-b558044f2530]
module.gatekeeper.helm_release.gatekeeper: Refreshing state... [id=gatekeeper]
module.ingress_controller.helm_release.ingress_nginx: Refreshing state... [id=ingress-nginx]
module.gatekeeper.kubectl_manifest.uniqueingresshost_template: Refreshing state... [id=/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost]
module.external_dns.kubernetes_namespace.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cert_manager: Refreshing state... [id=cert-manager]
module.gatekeeper.kubectl_manifest.uniqueingresshost_constraint: Refreshing state... [id=/apis/constraints.gatekeeper.sh/v1beta1/k8suniqueingresshosts/unique-ingress-host]
module.external_dns.kubernetes_secret.digital_ocean_token: Refreshing state... [id=external-dns/digital-ocean-token]
module.external_dns.helm_release.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cluster_issuer: Refreshing state... [id=cluster-issuer]
module.ntfy.helm_release.nfty: Refreshing state... [id=ntfy]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # digitalocean_kubernetes_cluster.this has changed
  ~ resource "digitalocean_kubernetes_cluster" "this" {
        id             = "a4a2d3de-c7e7-4baa-b487-b558044f2530"
      ~ ipv4_address   = "104.131.18.38" -> "174.138.95.33"
      ~ kube_config    = (sensitive value)
        name           = "k8s-nyc3-138d062d"
        tags           = []
      ~ updated_at     = "2022-11-18 03:00:27 +0000 UTC" -> "2023-01-06 03:00:16 +0000 UTC"
      ~ version        = "1.23.10-do.0" -> "1.24.8-do.0"
        # (11 unchanged attributes hidden)


      ~ node_pool {
            id                = "a4df8eeb-69c3-4bd8-8a33-ce52168c1fc0"
            name              = "worker-pool"
          ~ nodes             = [
              ~ {
                  ~ created_at = "2022-11-09 23:41:46 +0000 UTC" -> "2022-12-15 05:08:01 +0000 UTC"
                  ~ droplet_id = "325310735" -> "331305004"
                  ~ id         = "a5842b9d-7617-4a66-9655-b92b39a03289" -> "46cce650-6152-4a41-ab11-4abf9b1ec424"
                  ~ name       = "worker-pool-m8p61" -> "worker-pool-mayrq"
                  ~ updated_at = "2022-11-09 23:42:26 +0000 UTC" -> "2022-12-15 05:08:41 +0000 UTC"
                    # (1 unchanged element hidden)
                },
              ~ {
                  ~ created_at = "2022-11-09 23:41:46 +0000 UTC" -> "2022-12-15 05:08:01 +0000 UTC"
                  ~ droplet_id = "325310734" -> "331305003"
                  ~ id         = "b3678b5a-9780-4cca-bfec-04bce44fe696" -> "74240b33-e8c2-45fb-aa5c-5c124cc787e9"
                  ~ name       = "worker-pool-m8p6z" -> "worker-pool-mayrf"
                  ~ updated_at = "2022-11-09 23:42:26 +0000 UTC" -> "2022-12-15 05:08:41 +0000 UTC"
                    # (1 unchanged element hidden)
                },
            ]
            tags              = []
            # (7 unchanged attributes hidden)
        }
        # (1 unchanged block hidden)
    }

  # digitalocean_loadbalancer.this has changed
  ~ resource "digitalocean_loadbalancer" "this" {
      ~ droplet_ids                      = [
          - 325310734,
          - 325310735,
          + 331305003,
          + 331305004,
        ]
      + http_idle_timeout_seconds        = 60
        id                               = "f6ce579e-14a8-4958-bb45-ca67f26b212d"
        name                             = "lb-nyc3-138d062d"
      + project_id                       = "3c3f8e34-d0f6-453a-aa48-cc85a072b376"
        # (11 unchanged attributes hidden)



        # (4 unchanged blocks hidden)
    }

  # module.ntfy.helm_release.nfty has changed
  ~ resource "helm_release" "nfty" {
        id                         = "ntfy"
        name                       = "ntfy"
        # (26 unchanged attributes hidden)

      ~ set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.gatekeeper.kubectl_manifest.uniqueingresshost_template will be updated in-place
  ~ resource "kubectl_manifest" "uniqueingresshost_template" {
        id                      = "/apis/templates.gatekeeper.sh/v1/constrainttemplates/k8suniqueingresshost"
        name                    = "k8suniqueingresshost"
      ~ yaml_body               = (sensitive value)
      ~ yaml_body_parsed        = <<-EOT
            apiVersion: templates.gatekeeper.sh/v1
            kind: ConstraintTemplate
            metadata:
              annotations:
                description: |-
                  Requires all Ingress rule hosts to be unique.
                  Does not handle hostname wildcards: https://kubernetes.io/docs/concepts/services-networking/ingress/
                metadata.gatekeeper.sh/requiresSyncData: |
                  "[
                    [
                      {
          -             "groups":["extensions"],
          +             "groups": ["extensions"],
                        "versions": ["v1beta1"],
                        "kinds": ["Ingress"]
                      },
                      {
          -             "group": ["networking.k8s.io"],
          -             "version": ["v1beta1", "v1"],
          -             "kind": ["Ingress"]
          +             "groups": ["networking.k8s.io"],
          +             "versions": ["v1beta1", "v1"],
          +             "kinds": ["Ingress"]
                      }
                    ]
                  ]"
                metadata.gatekeeper.sh/title: Unique Ingress Host
          -     metadata.gatekeeper.sh/version: 1.0.1
          +     metadata.gatekeeper.sh/version: 1.0.2
              name: k8suniqueingresshost
            spec:
              crd:
                spec:
                  names:
                    kind: K8sUniqueIngressHost
              targets:
              - rego: |
                  package k8suniqueingresshost
            
                  identical(obj, review) {
                    obj.metadata.namespace == review.object.metadata.namespace
                    obj.metadata.name == review.object.metadata.name
                  }
            
                  violation[{"msg": msg}] {
                    input.review.kind.kind == "Ingress"
                    re_match("^(extensions|networking.k8s.io)$", input.review.kind.group)
                    host := input.review.object.spec.rules[_].host
                    other := data.inventory.namespace[_][otherapiversion]["Ingress"][name]
                    re_match("^(extensions|networking.k8s.io)/.+$", otherapiversion)
                    other.spec.rules[_].host == host
                    not identical(other, input.review)
                    msg := sprintf("ingress host conflicts with an existing ingress <%v>", [host])
                  }
                target: admission.k8s.gatekeeper.sh
        EOT
        # (12 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-01-26T20:36:44Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-CARnGRjAwZn3aNa2

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...
random_id.cluster_id: Refreshing state... [id=E40GLQ]
digitalocean_loadbalancer.this: Refreshing state... [id=dbb30a02-4201-4cd4-838c-cd4d7db0f80e]
digitalocean_record.loadbalancer_subdomain: Refreshing state... [id=306458646]
digitalocean_kubernetes_cluster.this: Refreshing state... [id=a4a2d3de-c7e7-4baa-b487-b558044f2530]
module.ingress_controller.helm_release.ingress_nginx: Refreshing state... [id=ingress-nginx]
module.external_dns.kubernetes_namespace.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cert_manager: Refreshing state... [id=cert-manager]
module.external_dns.kubernetes_secret.digital_ocean_token: Refreshing state... [id=external-dns/digital-ocean-token]
module.external_dns.helm_release.external_dns: Refreshing state... [id=external-dns]
module.cert_automation.helm_release.cluster_issuer: Refreshing state... [id=cluster-issuer]
module.ntfy.helm_release.nfty: Refreshing state... [id=ntfy]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # digitalocean_kubernetes_cluster.this has changed
  ~ resource "digitalocean_kubernetes_cluster" "this" {
        id             = "a4a2d3de-c7e7-4baa-b487-b558044f2530"
      ~ kube_config    = (sensitive value)
        name           = "k8s-nyc3-138d062d"
        tags           = []
      ~ updated_at     = "2023-01-17 04:03:11 +0000 UTC" -> "2023-01-20 03:00:26 +0000 UTC"
      ~ version        = "1.24.8-do.0" -> "1.25.4-do.0"
        # (12 unchanged attributes hidden)


      ~ node_pool {
            id                = "a4df8eeb-69c3-4bd8-8a33-ce52168c1fc0"
            name              = "worker-pool"
          ~ nodes             = [
              ~ {
                  ~ created_at = "2022-12-15 05:08:01 +0000 UTC" -> "2023-01-17 04:13:07 +0000 UTC"
                  ~ droplet_id = "331305004" -> "336151015"
                  ~ id         = "46cce650-6152-4a41-ab11-4abf9b1ec424" -> "702ec705-db2d-4771-b0ad-2eb121fa0c65"
                  ~ name       = "worker-pool-mayrq" -> "worker-pool-mvz7e"
                  ~ updated_at = "2022-12-15 05:08:41 +0000 UTC" -> "2023-01-17 04:13:47 +0000 UTC"
                    # (1 unchanged element hidden)
                },
              ~ {
                  ~ created_at = "2022-12-15 05:08:01 +0000 UTC" -> "2023-01-17 04:13:07 +0000 UTC"
                  ~ droplet_id = "331305003" -> "336151014"
                  ~ id         = "74240b33-e8c2-45fb-aa5c-5c124cc787e9" -> "f670fc5a-1c46-4916-8688-24c59f3e34c3"
                  ~ name       = "worker-pool-mayrf" -> "worker-pool-mvz7a"
                  ~ updated_at = "2022-12-15 05:08:41 +0000 UTC" -> "2023-01-17 04:13:47 +0000 UTC"
                    # (1 unchanged element hidden)
                },
            ]
            tags              = []
            # (7 unchanged attributes hidden)
        }
        # (1 unchanged block hidden)
    }

  # digitalocean_loadbalancer.this has changed
  ~ resource "digitalocean_loadbalancer" "this" {
      ~ droplet_ids                      = [
          + 336151014,
          + 336151015,
        ]
        id                               = "dbb30a02-4201-4cd4-838c-cd4d7db0f80e"
        name                             = "lb-nyc3-138d062d"
        # (13 unchanged attributes hidden)

      + forwarding_rule {
          + entry_port      = 443
          + entry_protocol  = "tcp"
          + target_port     = 30081
          + target_protocol = "tcp"
          + tls_passthrough = false
        }
      - forwarding_rule {
          - entry_port      = 80 -> null
          - entry_protocol  = "http" -> null
          - target_port     = 80 -> null
          - target_protocol = "http" -> null
          - tls_passthrough = false -> null
        }
      + forwarding_rule {
          + entry_port      = 80
          + entry_protocol  = "tcp"
          + target_port     = 30851
          + target_protocol = "tcp"
          + tls_passthrough = false
        }

      ~ healthcheck {
          ~ check_interval_seconds   = 10 -> 3
          - path                     = "/" -> null
          ~ port                     = 80 -> 30851
          ~ protocol                 = "http" -> "tcp"
            # (3 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

No changes. Your infrastructure matches the configuration.

Your configuration already matches the changes detected above. If you'd like
to update the Terraform state to match, create and apply a refresh-only plan.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-02-08T20:52:13Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-6KHCS9LjdqKMsfLf

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.25.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall {
          + allow = (known after apply)
          + deny  = (known after apply)
        }

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck {
          + check_interval_seconds   = (known after apply)
          + healthy_threshold        = (known after apply)
          + path                     = (known after apply)
          + port                     = (known after apply)
          + protocol                 = (known after apply)
          + response_timeout_seconds = (known after apply)
          + unhealthy_threshold      = (known after apply)
        }

      + sticky_sessions {
          + cookie_name        = (known after apply)
          + cookie_ttl_seconds = (known after apply)
          + type               = (known after apply)
        }
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "6.13.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      + data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.4.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-02-24T21:39:21Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-mQbuBvymn8Pw3yvh

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.25.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall {
          + allow = (known after apply)
          + deny  = (known after apply)
        }

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck {
          + check_interval_seconds   = (known after apply)
          + healthy_threshold        = (known after apply)
          + path                     = (known after apply)
          + port                     = (known after apply)
          + protocol                 = (known after apply)
          + response_timeout_seconds = (known after apply)
          + unhealthy_threshold      = (known after apply)
        }

      + sticky_sessions {
          + cookie_name        = (known after apply)
          + cookie_ttl_seconds = (known after apply)
          + type               = (known after apply)
        }
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "6.14.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      + data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.5.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-03-08T20:45:21Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-MqiWxZoPaJpfF8aY

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Warning: This plan was generated using a different version of Terraform, the
diff presented here maybe missing representations of recent features.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.25.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "6.14.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.5.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-03-16T16:55:04Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-2BcF6QcSz1dXT1k8

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Warning: This plan was generated using a different version of Terraform, the
diff presented here maybe missing representations of recent features.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.25.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "6.14.3"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.5.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

Pusher: @renovate[bot], Action: pull_request

github-actions · 2023-03-23T05:06:44Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-WTFXDpCJCUFU4UuY

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Warning: This plan was generated using a different version of Terraform, the
diff presented here maybe missing representations of recent features.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.26.3-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "6.14.4"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.5.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-07-22T21:56:23Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-JuL5YDv2S2tAEhpi

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.2-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.2.3"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-07-25T23:21:28Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-XDJBxQK4MkfzmjG4

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.2-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.1"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.3"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-08-02T13:51:12Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-YPauwp2Laj8sEMt9

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.2-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.3"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-08-15T19:11:27Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-BySJVonRf167XYDm

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.2-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.5"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-08-30T12:23:57Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-AeMWPDuDdEQekQqg

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.5"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-09-02T16:43:40Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-a2RAmz73J1dNLgbR

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.5"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-09-11T17:09:43Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-3PM5aw1ttbEXwXxn

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.30.4-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.7"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-09-18T19:59:05Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-CQgnweECEaovpEq6

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.31.1-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.8"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-09-20T19:12:26Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-vYypx98a31RmGzor

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.31.1-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.8"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

github-actions · 2024-09-20T23:02:53Z

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan


terraform
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/jameswcurtin/do-k8s-cluster/runs/run-nYE7ZZxfLGYCGGUa

Waiting for the plan to start...

Terraform v1.1.8
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_kubernetes_cluster.this will be created
  + resource "digitalocean_kubernetes_cluster" "this" {
      + auto_upgrade   = true
      + cluster_subnet = (known after apply)
      + created_at     = (known after apply)
      + endpoint       = (known after apply)
      + ha             = false
      + id             = (known after apply)
      + ipv4_address   = (known after apply)
      + kube_config    = (sensitive value)
      + name           = (known after apply)
      + region         = "nyc3"
      + service_subnet = (known after apply)
      + status         = (known after apply)
      + surge_upgrade  = true
      + updated_at     = (known after apply)
      + urn            = (known after apply)
      + version        = "1.31.1-do.0"
      + vpc_uuid       = (known after apply)

      + maintenance_policy {
          + day        = "friday"
          + duration   = (known after apply)
          + start_time = "03:00"
        }

      + node_pool {
          + actual_node_count = (known after apply)
          + auto_scale        = true
          + id                = (known after apply)
          + max_nodes         = 2
          + min_nodes         = 1
          + name              = "worker-pool"
          + nodes             = (known after apply)
          + size              = "s-1vcpu-2gb"
        }
    }

  # digitalocean_loadbalancer.this will be created
  + resource "digitalocean_loadbalancer" "this" {
      + algorithm                        = "round_robin"
      + disable_lets_encrypt_dns_records = false
      + droplet_ids                      = (known after apply)
      + enable_backend_keepalive         = false
      + enable_proxy_protocol            = true
      + http_idle_timeout_seconds        = (known after apply)
      + id                               = (known after apply)
      + ip                               = (known after apply)
      + name                             = (known after apply)
      + project_id                       = (known after apply)
      + redirect_http_to_https           = false
      + region                           = "nyc3"
      + size_unit                        = (known after apply)
      + status                           = (known after apply)
      + urn                              = (known after apply)
      + vpc_uuid                         = (known after apply)

      + firewall (known after apply)

      + forwarding_rule {
          + certificate_id   = (known after apply)
          + certificate_name = (known after apply)
          + entry_port       = 80
          + entry_protocol   = "http"
          + target_port      = 80
          + target_protocol  = "http"
          + tls_passthrough  = false
        }

      + healthcheck (known after apply)

      + sticky_sessions (known after apply)
    }

  # digitalocean_record.loadbalancer_subdomain will be created
  + resource "digitalocean_record" "loadbalancer_subdomain" {
      + domain = (sensitive value)
      + fqdn   = (known after apply)
      + id     = (known after apply)
      + name   = "kube"
      + ttl    = 60
      + type   = "A"
      + value  = (known after apply)
    }

  # module.cert_automation.helm_release.cert_manager will be created
  + resource "helm_release" "cert_manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://artifacthub.io/packages/helm/cert-manager/cert-manager
                resources:
                  requests:
                    cpu: 10m
                    memory: 32Mi
                cainjector:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                startupapicheck:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
                webhook:
                  resources:
                    requests:
                      cpu: 10m
                      memory: 32Mi
            EOT,
        ]
      + verify                     = false
      + version                    = "v1.15.3"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "createCustomResource"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
      + set {
          + name  = "installCRDs"
          + value = "true"
            # (1 unchanged attribute hidden)
        }
    }

  # module.cert_automation.helm_release.cluster_issuer will be created
  + resource "helm_release" "cluster_issuer" {
      + atomic                     = false
      + chart                      = "modules/cert-automation/charts/cert-automation"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "cluster-issuer"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.helm_release.external_dns will be created
  + resource "helm_release" "external_dns" {
      + atomic                     = false
      + chart                      = "external-dns"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "external-dns"
      + namespace                  = "external-dns"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/bitnami/charts/tree/master/bitnami/external-dns
                digitalocean:
                  secretName: "digital-ocean-token"
                interval: "15s"
                provider: "digitalocean"
                policy: "sync"
                txtPrefix: "xdns-"
                resources:
                  requests:
                    memory: "64Mi"
                    cpu: "100m"
            EOT,
        ]
      + verify                     = false
      + version                    = "8.3.8"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.external_dns.kubernetes_namespace.external_dns will be created
  + resource "kubernetes_namespace" "external_dns" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.external_dns.kubernetes_secret.digital_ocean_token will be created
  + resource "kubernetes_secret" "digital_ocean_token" {
      # Warning: this attribute value will be marked as sensitive and will not
      # display in UI output after applying this change. The value is unchanged.
      ~ data                           = (sensitive value)
      + id                             = (known after apply)
      + type                           = "Opaque"
      + wait_for_service_account_token = true

      + metadata {
          + generation       = (known after apply)
          + labels           = {
              + "sensitive" = "true"
            }
          + name             = "digital-ocean-token"
          + namespace        = "external-dns"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

  # module.ingress_controller.helm_release.ingress_nginx will be created
  + resource "helm_release" "ingress_nginx" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ingress-nginx"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                # See https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
                controller:
                  config:
                    use-proxy-protocol: true
                  service:
                    annotations:
                      "service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol": "true"
                    externalTrafficPolicy: "Cluster"
                    type: "LoadBalancer"
            EOT,
        ]
      + verify                     = false
      + version                    = "4.11.2"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.ntfy.helm_release.nfty will be created
  + resource "helm_release" "nfty" {
      + atomic                     = false
      + chart                      = "modules/ntfy/charts/ntfy"
      + cleanup_on_fail            = true
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = true
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 3
      + metadata                   = (known after apply)
      + name                       = "ntfy"
      + namespace                  = "ntfy"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.0.1"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_id.cluster_id will be created
  + resource "random_id" "cluster_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + cluster_name = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @renovate[bot], Action: pull_request

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from d977e7c to 5006d69 Compare December 1, 2022 21:57

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.6~~ Update dependency dagger/dagger to v0.3.7 Dec 1, 2022

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 5006d69 to 2e03240 Compare January 9, 2023 18:51

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.7~~ Update dependency dagger/dagger to v0.3.8 Jan 9, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 2e03240 to 613c03a Compare January 9, 2023 23:34

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.8~~ Update dependency dagger/dagger to v0.3.9 Jan 9, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 613c03a to e5ea09d Compare January 26, 2023 20:35

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.9~~ Update dependency dagger/dagger to v0.3.10 Jan 26, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from e5ea09d to 6fba77c Compare February 8, 2023 20:51

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.10~~ Update dependency dagger/dagger to v0.3.12 Feb 8, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 6fba77c to d9c5ff1 Compare February 24, 2023 21:38

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.12~~ Update dependency dagger/dagger to v0.3.13 Feb 24, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from d9c5ff1 to 10da7d3 Compare March 8, 2023 20:44

renovate bot changed the title ~~Update dependency dagger/dagger to v0.3.13~~ Update dependency dagger/dagger to v0.4.0 Mar 8, 2023

renovate bot changed the title ~~Update dependency dagger/dagger to v0.4.0~~ Update dependency dagger/dagger to v0.4.1 Mar 16, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 10da7d3 to fa57640 Compare March 16, 2023 16:53

renovate bot changed the title ~~Update dependency dagger/dagger to v0.4.1~~ Update dependency dagger/dagger to v0.4.2 Mar 23, 2023

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from fa57640 to cba8da4 Compare March 23, 2023 05:05

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from cba8da4 to ef88acf Compare April 17, 2023 11:04

renovate bot changed the title ~~Update dependency dagger/dagger to v0.4.2~~ Update dependency dagger/dagger to v0.5.0 Apr 17, 2023

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.1~~ Update dependency dagger/dagger to v0.12.2 Jul 22, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from e4976f1 to ae3089d Compare July 25, 2024 23:20

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.2~~ Update dependency dagger/dagger to v0.12.3 Jul 25, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from ae3089d to e6d31b7 Compare August 2, 2024 13:50

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.3~~ Update dependency dagger/dagger to v0.12.4 Aug 2, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from e6d31b7 to 9594b64 Compare August 15, 2024 19:10

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.4~~ Update dependency dagger/dagger to v0.12.5 Aug 15, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 9594b64 to 448af15 Compare August 30, 2024 12:23

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.5~~ Update dependency dagger/dagger to v0.12.6 Aug 30, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 448af15 to 0668422 Compare September 2, 2024 16:42

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.6~~ Update dependency dagger/dagger to v0.12.7 Sep 2, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 0668422 to a18baa5 Compare September 11, 2024 17:08

renovate bot changed the title ~~Update dependency dagger/dagger to v0.12.7~~ Update dependency dagger/dagger to v0.13.0 Sep 11, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from a18baa5 to 14e3f14 Compare September 18, 2024 19:58

renovate bot changed the title ~~Update dependency dagger/dagger to v0.13.0~~ Update dependency dagger/dagger to v0.13.1 Sep 18, 2024

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from 14e3f14 to d4e1452 Compare September 20, 2024 19:11

renovate bot changed the title ~~Update dependency dagger/dagger to v0.13.1~~ Update dependency dagger/dagger to v0.13.2 Sep 20, 2024

Update dependency dagger/dagger to v0.13.3

3bfcd24

renovate bot force-pushed the renovate/dagger-dagger-0.x branch from d4e1452 to 3bfcd24 Compare September 20, 2024 23:02

renovate bot changed the title ~~Update dependency dagger/dagger to v0.13.2~~ Update dependency dagger/dagger to v0.13.3 Sep 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency dagger/dagger to v0.13.3 #43

Update dependency dagger/dagger to v0.13.3 #43

renovate bot commented Nov 30, 2022 •

edited

Loading

github-actions bot commented Nov 30, 2022

github-actions bot commented Dec 1, 2022

github-actions bot commented Jan 9, 2023

github-actions bot commented Jan 9, 2023

github-actions bot commented Jan 26, 2023

github-actions bot commented Feb 8, 2023

github-actions bot commented Feb 24, 2023

github-actions bot commented Mar 8, 2023

github-actions bot commented Mar 16, 2023

github-actions bot commented Mar 23, 2023

github-actions bot commented Jul 22, 2024

github-actions bot commented Jul 25, 2024

github-actions bot commented Aug 2, 2024

github-actions bot commented Aug 15, 2024

github-actions bot commented Aug 30, 2024

github-actions bot commented Sep 2, 2024

github-actions bot commented Sep 11, 2024

github-actions bot commented Sep 18, 2024

github-actions bot commented Sep 20, 2024

github-actions bot commented Sep 20, 2024

Update dependency dagger/dagger to v0.13.3 #43

Are you sure you want to change the base?

Update dependency dagger/dagger to v0.13.3 #43

Conversation

renovate bot commented Nov 30, 2022 • edited Loading

Release Notes

Fixed

What to do next?

Added

Fixed

What to do next?

Added

Fixed

What to do next?

🔥 Breaking Changes

Added

Changed

Fixed

What to do next?

Fixed

What to do next?

Added

Fixed

What to do next?

Added

Changed

Fixed

What to do next?

Changed

Fixed

What to do next?

Added

Fixed

What to do next?

Changed

Fixed

What to do next?

Added

Changed

Fixed

What to do next?

🔥 Breaking Changes

Upgrade Instructions

Added

Changed

Fixed

What to do next?

Fixed

What to do next?

🔥Breaking Changes

Added

Changed

Fixed

Dependencies

What to do next?

🔥 Breaking Changes

Changed

Fixed

What to do next?

Added

Fixed

What to do next?

Added

Changed

Fixed

What to do next?

Fixed

What to do next?

🔥 Breaking Changes

Added

Changed

Fixed

What to do next?

Added

Changed

Fixed

What to do next?

Added

Fixed

What to do next?

renovate bot commented Nov 30, 2022 •

edited

Loading