Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: change environment variable for oauth due to migration #249

Merged
merged 1 commit into from
Nov 14, 2022

Conversation

42atomys
Copy link
Owner

Describe the pull request

To add more clarity to te codebase and oauth2 credentials, I remove the CLIENT_ from forty-two provider, due to the fact he is the only one to have the _CLIENT part on env var naming

Checklist

  • I have linked the relative issue to this pull request
  • I have made the modifications or added tests related to my PR
  • I have added/updated the documentation for my RP
  • I put my PR in Ready for Review only when all the checklist is checked

Breaking changes ?
no

@github-actions github-actions bot added the state/triage 🚦 Has not been triaged & therefore, not ready for work label Nov 14, 2022
@github-actions
Copy link

Terraform data for pre-cluster stack

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation
Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan
helm_release.rabbitmq_operator: Refreshing state... [id=primary]
helm_release.sealed_secret: Refreshing state... [id=sealed-secret]
helm_release.istio_base: Refreshing state... [id=istio-base]
helm_release.reflector: Refreshing state... [id=reflector]
kubernetes_namespace.namespace["permission-manager"]: Refreshing state... [id=permission-manager]
kubernetes_namespace.namespace["cert-manager"]: Refreshing state... [id=cert-manager]
kubernetes_namespace.namespace["sandbox"]: Refreshing state... [id=sandbox]
kubernetes_namespace.namespace["production"]: Refreshing state... [id=production]
kubernetes_namespace.namespace["monitoring"]: Refreshing state... [id=monitoring]
kubernetes_namespace.namespace["previews"]: Refreshing state... [id=previews]
kubernetes_namespace.namespace["staging"]: Refreshing state... [id=staging]
kubernetes_namespace.namespace["istio-system"]: Refreshing state... [id=istio-system]
helm_release.gateway: Refreshing state... [id=istio-ingressgateway]
helm_release.istiod: Refreshing state... [id=istiod]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

@github-actions
Copy link

Terraform data for apps stack

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation
Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan
module.s42.random_password.next_auth_secret: Refreshing state... [id=none]
module.s42.random_password.postgres: Refreshing state... [id=none]
module.webhooked.module.webhooked.kubernetes_service.app[0]: Refreshing state... [id=production/webhooked]
module.webhooked.module.webhooked.kubernetes_config_map.app["config"]: Refreshing state... [id=production/webhooked-config]
module.s42.module.interface.kubernetes_service.app[0]: Refreshing state... [id=production/interface]
module.s42.kubernetes_config_map.stud42_config: Refreshing state... [id=production/stud42-config]
module.s42.module.crawler_locations.kubernetes_cron_job.app[0]: Refreshing state... [id=production/crawler-locations]
module.s42.module.jwtks_service.kubernetes_service.app[0]: Refreshing state... [id=production/jwtks-service]
module.s42.module.crawler_campus.kubernetes_cron_job.app[0]: Refreshing state... [id=production/crawler-campus]
module.s42.module.jwtks_service.kubernetes_deployment.app[0]: Refreshing state... [id=production/jwtks-service]
module.s42.module.api.kubernetes_service.app[0]: Refreshing state... [id=production/api]
module.s42.module.api.kubernetes_deployment.app[0]: Refreshing state... [id=production/api]
module.s42.module.interface.kubernetes_deployment.app[0]: Refreshing state... [id=production/interface]
module.s42.kubernetes_secret.next_auth_secret: Refreshing state... [id=production/next-auth-secret]
module.s42.module.postgres.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=production/postgres-data]
module.s42.module.postgres.kubernetes_service.app[0]: Refreshing state... [id=production/postgres]
module.s42.module.jwtks_service.kubernetes_manifest.certificate["grpc-internal"]: Refreshing state...
module.s42.module.postgres.kubernetes_config_map.app["config"]: Refreshing state... [id=production/postgres-config]
module.webhooked.module.secrets.kubernetes_manifest.sealed_secret["s42-webhooked-secrets"]: Refreshing state...
module.s42.module.webhooks_processor.kubernetes_deployment.app[0]: Refreshing state... [id=production/webhooks-processor]
module.s42.module.istio.kubectl_manifest.virtual_services["app-s42"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/production/virtualservices/app-s42]
module.s42.module.jwtks_service.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/jwtks-service]
module.s42.module.interface.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/interface]
module.s42.kubernetes_manifest.rabbitmq: Refreshing state...
module.s42.module.postgres.kubernetes_secret.app["credentials"]: Refreshing state... [id=production/postgres-credentials]
module.s42.module.api.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/api]
module.s42.module.postgres.kubernetes_stateful_set.app[0]: Refreshing state... [id=production/postgres]
module.s42.module.webhooks_processor.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/webhooks-processor]
module.webhooked.module.webhooked.kubernetes_deployment.app[0]: Refreshing state... [id=production/webhooked]
module.webhooked.module.webhooked.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/webhooked]
module.s42.module.service-token.kubernetes_manifest.sealed_secret["discord-token"]: Refreshing state...
module.s42.module.service-token.kubernetes_manifest.sealed_secret["oauth2-providers"]: Refreshing state...
module.s42.module.service-token.kubernetes_manifest.sealed_secret["sentry-dsns"]: Refreshing state...
module.s42.module.service-token.kubernetes_manifest.sealed_secret["s42-service-token"]: Refreshing state...
module.s42.module.service-token.kubernetes_manifest.sealed_secret["github-token"]: Refreshing state...
module.s42.module.service-token.kubernetes_manifest.sealed_secret["jwtks-service-certs-jwk"]: Refreshing state...
module.s42.kubernetes_pod_disruption_budget.rabbitmq: Refreshing state... [id=production/rabbitmq]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.s42.module.api.kubernetes_deployment.app[0] will be updated in-place
  ~ resource "kubernetes_deployment" "app" {
        id               = "production/api"
        # (1 unchanged attribute hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "api"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {
              ~ metadata {
                  ~ labels      = {
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (4 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (11 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                        name                       = "api"
                        # (8 unchanged attributes hidden)

                        # (14 unchanged blocks hidden)
                    }

                    # (3 unchanged blocks hidden)
                }
            }

            # (2 unchanged blocks hidden)
        }
    }

  # module.s42.module.api.kubernetes_service.app[0] will be updated in-place
  ~ resource "kubernetes_service" "app" {
        id                     = "production/api"
        # (2 unchanged attributes hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "api"
            # (5 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.s42.module.crawler_campus.kubernetes_cron_job.app[0] will be updated in-place
  ~ resource "kubernetes_cron_job" "app" {
        id = "production/crawler-campus"

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "crawler-campus"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (6 unchanged attributes hidden)

          ~ job_template {
              ~ metadata {
                  ~ labels      = {
                      ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (5 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (7 unchanged attributes hidden)

                  ~ template {
                      ~ metadata {
                          ~ labels      = {
                              ~ "version"                      = "0.15.1" -> "latest"
                                # (5 unchanged elements hidden)
                            }
                            # (2 unchanged attributes hidden)
                        }

                      ~ spec {
                            # (11 unchanged attributes hidden)

                          ~ container {
                              ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                                name                       = "crawler-campus"
                                # (8 unchanged attributes hidden)

                              ~ env {
                                  ~ name = "FORTY_TWO_CLIENT_ID" -> "FORTY_TWO_ID"

                                    # (1 unchanged block hidden)
                                }
                              ~ env {
                                  ~ name = "FORTY_TWO_CLIENT_SECRET" -> "FORTY_TWO_SECRET"

                                    # (1 unchanged block hidden)
                                }

                                # (10 unchanged blocks hidden)
                            }

                            # (3 unchanged blocks hidden)
                        }
                    }
                }
            }
        }
    }

  # module.s42.module.crawler_locations.kubernetes_cron_job.app[0] will be updated in-place
  ~ resource "kubernetes_cron_job" "app" {
        id = "production/crawler-locations"

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "crawler-locations"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (6 unchanged attributes hidden)

          ~ job_template {
              ~ metadata {
                  ~ labels      = {
                      ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (5 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (7 unchanged attributes hidden)

                  ~ template {
                      ~ metadata {
                          ~ labels      = {
                              ~ "version"                      = "0.15.1" -> "latest"
                                # (5 unchanged elements hidden)
                            }
                            # (2 unchanged attributes hidden)
                        }

                      ~ spec {
                            # (11 unchanged attributes hidden)

                          ~ container {
                              ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                                name                       = "crawler-locations"
                                # (8 unchanged attributes hidden)

                              ~ env {
                                  ~ name = "FORTY_TWO_CLIENT_ID" -> "FORTY_TWO_ID"

                                    # (1 unchanged block hidden)
                                }
                              ~ env {
                                  ~ name = "FORTY_TWO_CLIENT_SECRET" -> "FORTY_TWO_SECRET"

                                    # (1 unchanged block hidden)
                                }

                                # (10 unchanged blocks hidden)
                            }

                            # (3 unchanged blocks hidden)
                        }
                    }
                }
            }
        }
    }

  # module.s42.module.interface.kubernetes_deployment.app[0] will be updated in-place
  ~ resource "kubernetes_deployment" "app" {
        id               = "production/interface"
        # (1 unchanged attribute hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "interface"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {
              ~ metadata {
                  ~ labels      = {
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (4 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (11 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                        name                       = "interface"
                        # (8 unchanged attributes hidden)

                      ~ env {
                          ~ name = "FORTY_TWO_CLIENT_ID" -> "FORTY_TWO_ID"

                            # (1 unchanged block hidden)
                        }
                      ~ env {
                          ~ name = "FORTY_TWO_CLIENT_SECRET" -> "FORTY_TWO_SECRET"

                            # (1 unchanged block hidden)
                        }

                        # (17 unchanged blocks hidden)
                    }

                    # (4 unchanged blocks hidden)
                }
            }

            # (2 unchanged blocks hidden)
        }
    }

  # module.s42.module.interface.kubernetes_service.app[0] will be updated in-place
  ~ resource "kubernetes_service" "app" {
        id                     = "production/interface"
        # (2 unchanged attributes hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "interface"
            # (5 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.s42.module.jwtks_service.kubernetes_deployment.app[0] will be updated in-place
  ~ resource "kubernetes_deployment" "app" {
        id               = "production/jwtks-service"
        # (1 unchanged attribute hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "jwtks-service"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {
              ~ metadata {
                  ~ labels      = {
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (4 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (11 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                        name                       = "jwtks-service"
                        # (8 unchanged attributes hidden)

                        # (10 unchanged blocks hidden)
                    }

                    # (5 unchanged blocks hidden)
                }
            }

            # (2 unchanged blocks hidden)
        }
    }

  # module.s42.module.jwtks_service.kubernetes_manifest.certificate["grpc-internal"] will be updated in-place
  ~ resource "kubernetes_manifest" "certificate" {
      ~ manifest = {
          ~ metadata   = {
              ~ labels    = {
                  ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
                  ~ version                        = "0.15.1" -> "latest"
                    # (5 unchanged elements hidden)
                }
                name      = "jwtks-service-grpc-internal"
                # (1 unchanged element hidden)
            }
            # (3 unchanged elements hidden)
        }
      ~ object   = {
          ~ metadata   = {
              ~ labels                     = {
                  - "app"                          = "jwtks-service"
                  - "app.kubernetes.io/created-by" = "github-actions"
                  - "app.kubernetes.io/managed-by" = "terraform"
                  - "app.kubernetes.io/part-of"    = "jwtks-service"
                  - "app.kubernetes.io/version"    = "0.15.1"
                  - "kubernetes.io/name"           = "jwtks-service"
                  - "version"                      = "0.15.1"
                } -> (known after apply)
                name                       = "jwtks-service-grpc-internal"
                # (14 unchanged elements hidden)
            }
            # (3 unchanged elements hidden)
        }
    }

  # module.s42.module.jwtks_service.kubernetes_service.app[0] will be updated in-place
  ~ resource "kubernetes_service" "app" {
        id                     = "production/jwtks-service"
        # (2 unchanged attributes hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "jwtks-service"
            # (5 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.s42.module.webhooks_processor.kubernetes_deployment.app[0] will be updated in-place
  ~ resource "kubernetes_deployment" "app" {
        id               = "production/webhooks-processor"
        # (1 unchanged attribute hidden)

      ~ metadata {
          ~ labels           = {
              ~ "app.kubernetes.io/version"    = "0.15.1" -> "latest"
              ~ "version"                      = "0.15.1" -> "latest"
                # (5 unchanged elements hidden)
            }
            name             = "webhooks-processor"
            # (5 unchanged attributes hidden)
        }

      ~ spec {
            # (5 unchanged attributes hidden)

          ~ template {
              ~ metadata {
                  ~ labels      = {
                      ~ "version"                      = "0.15.1" -> "latest"
                        # (5 unchanged elements hidden)
                    }
                    # (2 unchanged attributes hidden)
                }

              ~ spec {
                    # (11 unchanged attributes hidden)

                  ~ container {
                      ~ image                      = "ghcr.io/42atomys/stud42:0.15.1" -> "ghcr.io/42atomys/stud42:latest"
                        name                       = "webhooks-processor"
                        # (8 unchanged attributes hidden)

                        # (18 unchanged blocks hidden)
                    }

                    # (3 unchanged blocks hidden)
                }
            }

            # (2 unchanged blocks hidden)
        }
    }

Plan: 0 to add, 10 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: apps-tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "apps-tfplan"

@github-actions
Copy link

Terraform data for cluster stack

Terraform Initialization ⚙️ success

Terraform Validation 🤖 success

Show Validation
Success! The configuration is valid.


Terraform Plan 📖 success

Show Plan
module.loki.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/loki-data]
module.loki.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/loki-config]
module.loki.kubernetes_service.app[0]: Refreshing state... [id=monitoring/loki]
module.cert_manager.helm_release.cert_manager: Refreshing state... [id=cert-manager]
kubernetes_service_account.tempo: Refreshing state... [id=monitoring/tempo]
module.istio.kubectl_manifest.gateways["app-s42"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/production/gateways/app-s42]
module.istio.kubectl_manifest.gateways["dev-s42"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/sandbox/gateways/dev-s42]
module.monitoring_routing.kubectl_manifest.virtual_services["app-s42-dashboards"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/monitoring/virtualservices/app-s42-dashboards]
module.istio.kubectl_manifest.gateways["dev-s42-previews"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/previews/gateways/dev-s42-previews]
module.istio.kubectl_manifest.gateways["app-s42-dashboards"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/monitoring/gateways/app-s42-dashboards]
module.istio.kubectl_manifest.gateways["app-s42-next"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/staging/gateways/app-s42-next]
module.prometheus.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/prometheus-data]
module.prometheus.kubernetes_service.app[0]: Refreshing state... [id=monitoring/prometheus]
module.prometheus.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/prometheus-config]
module.grafana.kubernetes_service.app[0]: Refreshing state... [id=monitoring/grafana]
module.grafana.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/grafana-data]
module.grafana.kubernetes_deployment.app[0]: Refreshing state... [id=monitoring/grafana]
kubernetes_service_account.promtail: Refreshing state... [id=monitoring/promtail]
module.promtail.kubernetes_daemonset.app[0]: Refreshing state... [id=monitoring/promtail]
module.promtail.kubernetes_service.app[0]: Refreshing state... [id=monitoring/promtail]
module.promtail.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/promtail-config]
module.cert_manager.null_resource.cert_manager_ovh_source: Refreshing state... [id=6901452211892208863]
kubernetes_cluster_role.prometheus: Refreshing state... [id=prometheus]
kubernetes_role.loki: Refreshing state... [id=monitoring/loki]
kubernetes_service_account.loki: Refreshing state... [id=monitoring/loki]
kubernetes_cluster_role.promtail: Refreshing state... [id=promtail]
kubernetes_service_account.prometheus: Refreshing state... [id=monitoring/prometheus]
module.tempo.kubernetes_service.app[0]: Refreshing state... [id=monitoring/tempo]
module.tempo.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/tempo-config]
module.tempo.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/tempo-data]
module.prometheus.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/prometheus]
module.loki.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/loki]
module.cert_manager.kubectl_manifest.certificates["dev-s42-previews"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/dev-s42-previews]
module.cert_manager.kubectl_manifest.certificates["app-s42"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42]
module.cert_manager.kubectl_manifest.certificates["app-s42-next"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42-next]
module.cert_manager.kubectl_manifest.certificates["app-s42-dashboards"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42-dashboards]
module.cert_manager.kubectl_manifest.certificates["dev-s42"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/dev-s42]
module.cert_manager.kubernetes_role.cert_manager_webhook_ovh_secret_reader: Refreshing state... [id=cert-manager/cert-manager-webhook-ovh:secret-reader]
kubernetes_cluster_role_binding.promtail: Refreshing state... [id=promtail]
kubernetes_role_binding.loki: Refreshing state... [id=monitoring/loki]
kubernetes_cluster_role_binding.prometheus: Refreshing state... [id=prometheus]
module.tempo.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/tempo]
module.cert_manager.kubernetes_role_binding.cert_manager_webhook_ovh_secret_reader: Refreshing state... [id=cert-manager/cert-manager-webhook-ovh:secret-reader]
module.cert_manager.helm_release.cert_manager_ovh: Refreshing state... [id=cert-manager-webhook-ovh]
module.cert_manager.kubectl_manifest.self_signed_issuers["selfsigned-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/selfsigned-issuer]
module.cert_manager.kubectl_manifest.issuers["ovh-staging-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/ovh-staging-issuer]
module.cert_manager.kubectl_manifest.issuers["ovh-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/ovh-issuer]
module.secrets.kubernetes_manifest.sealed_secret["ghcr-creds"]: Refreshing state...
module.secrets.kubernetes_manifest.sealed_secret["ovh-credentials"]: Refreshing state...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.secrets.kubernetes_manifest.sealed_secret["ghcr-creds"] must be replaced
-/+ resource "kubernetes_manifest" "sealed_secret" {
      ~ manifest = {
          ~ metadata   = {
              ~ annotations = {
                  ~ "sealedsecrets.bitnami.com/cluster-wide"   = "true" -> "false"
                  ~ "sealedsecrets.bitnami.com/namespace-wide" = "false" -> "true"
                }
                name        = "ghcr-creds"
                # (1 unchanged element hidden)
            }
          ~ spec       = {
              ~ encryptedData = { # forces replacement
                  ~ ".dockerconfigjson" = "AgA0gQETza4ZHq7T/AWRxd4mXk4CBlJS7nyWrQ2NloNDIcRp3iGkj+N6uCGtxeqo2Xuz5mtDYzQ6WMqg2FfqJVIg2FQeW7Vkadm38ZApnp6gA9+qYFqDPFjwyhHVEtu4rSR1oz+AFcQKPEJbwDoeOhxnJxyn8jU+EqgZl7MLflgFSLb+4gqVCeBoonDWU8AUzZW9cITHQVhdylozGkbI9je+xbjZKwGXymSq8NfOed99FGvml1+7LcYQJl/VhuFtviFET8CrFy223EVdeVj3mmSXdyzhGQhbud3fPM0AfDXybY8b277La+bUXq1qTfE9WlQGoW+GWqhUqZYjFwRBOD+F8YJS2GUyPIIETUGKO172JndRTGvmagvkYmf/uCKXHHYXdT8Fh8Xru7KNPYFpdfM/NowwQvRzTSfQYwiorNIht98prHX/cYmdS1kCzZjQ7P10wRUOHgyB85LcSvDQ53vphr7WekrJqW5C8EbqZSRoj6qTKjtk5ovG2OBZMVtqAbTLCiJ1nrK+FsSTrNZiIX2hOMW4DgEwg3bxFF9VT4d/KQ6KwSOV3AoqAnDdRjLyoiM19Q439hW+47ONyktq5YEvr+R+4wWlSWtPrO9LbiE+V+IiAJFurg3EWtYqD/rBCemiFDfC3y/JadEte+t3spHMbG/x6CRypls2ETqIbKiX2r/H26/5uH3sGUieP+zKAdzq06dTHlPjVcHpKOel3x4oiPdtLo7QnqITp5CxP9Cm/T0IGAsQYbNreh8XU/rrdTFcqWzU0G9kIqWpTmNVLDpOaBvw3/Me7lETPX8prALN7Vb8ZR5QgxFRlROFBznFhuk34Zb6yfwCfKyV3QKehxqGBRYWGKkUaejt1fjVt0O/eMwYmhx2lFjsC88q0dplRwzfcjB+1dd8573m1Fi2wrJli5d3v6e+bGurTdhAw0+ccBc=" -> "AgA6cjvRXnpCTnZDf3gt3Co+K/i+TUShOBhbT+0N0JqJai/EQYDJBWriKFB7AzujY13iBTiP0HykKAmA+CfrB8nd2Q775cIDvpyQlHhc2dU/zUs3wpboIZroq2bGrEOUqw9bcWh/oCaTX3krEjyVROdI71FJ4QIfER5EceeI33KT+gDfQLnW6b6DAL26Vh+obMvTyso7iaeHywfC2GI0QDRxjg2rHajZOE4ciHZj3wOkMaT5p5pgpt0CsQlubkkE4Rv0qdt0fZA/MPgYdL+XfiVYQfz3aR4IMHV0l0AwdVEQkUrTLWR4DIRM3xhaHLnWiIiS5Ks53gK3yJEy/3r1yoNi5Cs2TMGab/utf7O8ZwDrbrRpzI3atk+E/WCDdg7STXHR/N0cxSCeUUdoFbHnx+u5AcdW3mLQsEXjpQG8xW6y3ThS1jpi/j6Nmn6JoAvgZlWBKNiNR33tQrRtgDSi8+6GBijl4IYky/V/OZ1TccKUZZwT0lYneDtwjWYuKtdzXFrrOczhconvNrnwYnKuy/nyq91fVBdOkY1r7otIYCPFPXCIASpT8VhaIlnNHBes0QdPQILyI+xxlOMiW/pJ2/QG6c2dPzgIYxVeIo5E4wdOfnXEp6AESnBrOkKvwm9tVh7RuK6tPgp5wzbNkOoJC8jA5AKtlWmFhPABN5TzfrKoIR5q0Bc/YOSkSJuMJVC7lgzBE1OOqm8jHhpM3OEon7lAAyJOMTj8zTlU1Y/DecL7dpM6WG8DvaFj/1L7RCoKFNPn0R5clXQ2/8urm86mp1QaVBcLxsi0CcTO4Xznii8GAoyr9HLJnVipCvA58XCk85q+8a7Nf7g+a46CsP1qLj6yahYIY9R7HPLKAN+kkNPGfvKUlsiB6hE9mXkKl9WBFemudfKujPdNq7DbWKS891Cz3pgV8i/GKr2iYkUazyeVMWU="
                }
              ~ template      = {
                  ~ metadata = {
                      ~ annotations = {
                          ~ "reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" = "" -> "production,staging,previews,sandbox"
                          ~ "reflector.v1.k8s.emberstack.com/reflection-auto-namespaces"    = "" -> "production,staging,previews,sandbox"
                          ~ "sealedsecrets.bitnami.com/cluster-wide"                        = "true" -> "false"
                          ~ "sealedsecrets.bitnami.com/namespace-wide"                      = "false" -> "true"
                            # (2 unchanged elements hidden)
                        }
                        name        = "ghcr-creds"
                        # (1 unchanged element hidden)
                    } # forces replacement
                    # (1 unchanged element hidden)
                }
            }
            # (2 unchanged elements hidden)
        }
      ~ object   = {
          ~ metadata   = {
              ~ annotations                = {
                  - "sealedsecrets.bitnami.com/cluster-wide"   = "false"
                  - "sealedsecrets.bitnami.com/namespace-wide" = "true"
                } -> (known after apply)
              ~ clusterName                = null -> (known after apply)
              ~ creationTimestamp          = null -> (known after apply)
              ~ deletionGracePeriodSeconds = null -> (known after apply)
              ~ deletionTimestamp          = null -> (known after apply)
              ~ finalizers                 = null -> (known after apply)
              ~ generateName               = null -> (known after apply)
              ~ generation                 = null -> (known after apply)
              ~ labels                     = null -> (known after apply)
              ~ managedFields              = null -> (known after apply)
                name                       = "ghcr-creds"
              ~ ownerReferences            = null -> (known after apply)
              ~ resourceVersion            = null -> (known after apply)
              ~ selfLink                   = null -> (known after apply)
              ~ uid                        = null -> (known after apply)
                # (1 unchanged element hidden)
            }
          ~ spec       = {
              ~ data          = null -> (known after apply)
              ~ encryptedData = {
                  ~ ".dockerconfigjson" = "AgA0gQETza4ZHq7T/AWRxd4mXk4CBlJS7nyWrQ2NloNDIcRp3iGkj+N6uCGtxeqo2Xuz5mtDYzQ6WMqg2FfqJVIg2FQeW7Vkadm38ZApnp6gA9+qYFqDPFjwyhHVEtu4rSR1oz+AFcQKPEJbwDoeOhxnJxyn8jU+EqgZl7MLflgFSLb+4gqVCeBoonDWU8AUzZW9cITHQVhdylozGkbI9je+xbjZKwGXymSq8NfOed99FGvml1+7LcYQJl/VhuFtviFET8CrFy223EVdeVj3mmSXdyzhGQhbud3fPM0AfDXybY8b277La+bUXq1qTfE9WlQGoW+GWqhUqZYjFwRBOD+F8YJS2GUyPIIETUGKO172JndRTGvmagvkYmf/uCKXHHYXdT8Fh8Xru7KNPYFpdfM/NowwQvRzTSfQYwiorNIht98prHX/cYmdS1kCzZjQ7P10wRUOHgyB85LcSvDQ53vphr7WekrJqW5C8EbqZSRoj6qTKjtk5ovG2OBZMVtqAbTLCiJ1nrK+FsSTrNZiIX2hOMW4DgEwg3bxFF9VT4d/KQ6KwSOV3AoqAnDdRjLyoiM19Q439hW+47ONyktq5YEvr+R+4wWlSWtPrO9LbiE+V+IiAJFurg3EWtYqD/rBCemiFDfC3y/JadEte+t3spHMbG/x6CRypls2ETqIbKiX2r/H26/5uH3sGUieP+zKAdzq06dTHlPjVcHpKOel3x4oiPdtLo7QnqITp5CxP9Cm/T0IGAsQYbNreh8XU/rrdTFcqWzU0G9kIqWpTmNVLDpOaBvw3/Me7lETPX8prALN7Vb8ZR5QgxFRlROFBznFhuk34Zb6yfwCfKyV3QKehxqGBRYWGKkUaejt1fjVt0O/eMwYmhx2lFjsC88q0dplRwzfcjB+1dd8573m1Fi2wrJli5d3v6e+bGurTdhAw0+ccBc=" -> "AgA6cjvRXnpCTnZDf3gt3Co+K/i+TUShOBhbT+0N0JqJai/EQYDJBWriKFB7AzujY13iBTiP0HykKAmA+CfrB8nd2Q775cIDvpyQlHhc2dU/zUs3wpboIZroq2bGrEOUqw9bcWh/oCaTX3krEjyVROdI71FJ4QIfER5EceeI33KT+gDfQLnW6b6DAL26Vh+obMvTyso7iaeHywfC2GI0QDRxjg2rHajZOE4ciHZj3wOkMaT5p5pgpt0CsQlubkkE4Rv0qdt0fZA/MPgYdL+XfiVYQfz3aR4IMHV0l0AwdVEQkUrTLWR4DIRM3xhaHLnWiIiS5Ks53gK3yJEy/3r1yoNi5Cs2TMGab/utf7O8ZwDrbrRpzI3atk+E/WCDdg7STXHR/N0cxSCeUUdoFbHnx+u5AcdW3mLQsEXjpQG8xW6y3ThS1jpi/j6Nmn6JoAvgZlWBKNiNR33tQrRtgDSi8+6GBijl4IYky/V/OZ1TccKUZZwT0lYneDtwjWYuKtdzXFrrOczhconvNrnwYnKuy/nyq91fVBdOkY1r7otIYCPFPXCIASpT8VhaIlnNHBes0QdPQILyI+xxlOMiW/pJ2/QG6c2dPzgIYxVeIo5E4wdOfnXEp6AESnBrOkKvwm9tVh7RuK6tPgp5wzbNkOoJC8jA5AKtlWmFhPABN5TzfrKoIR5q0Bc/YOSkSJuMJVC7lgzBE1OOqm8jHhpM3OEon7lAAyJOMTj8zTlU1Y/DecL7dpM6WG8DvaFj/1L7RCoKFNPn0R5clXQ2/8urm86mp1QaVBcLxsi0CcTO4Xznii8GAoyr9HLJnVipCvA58XCk85q+8a7Nf7g+a46CsP1qLj6yahYIY9R7HPLKAN+kkNPGfvKUlsiB6hE9mXkKl9WBFemudfKujPdNq7DbWKS891Cz3pgV8i/GKr2iYkUazyeVMWU="
                }
              ~ template      = {
                  ~ data     = null -> (known after apply)
                  ~ metadata = {
                      ~ annotations = {
                          ~ "reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" = "" -> "production,staging,previews,sandbox"
                          ~ "reflector.v1.k8s.emberstack.com/reflection-auto-namespaces"    = "" -> "production,staging,previews,sandbox"
                            # (4 unchanged elements hidden)
                        }
                        name        = "ghcr-creds"
                        # (1 unchanged element hidden)
                    }
                    # (1 unchanged element hidden)
                }
            }
            # (2 unchanged elements hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above

  with kubernetes_service_account.prometheus,
  on monitoring.tf line 73, in resource "kubernetes_service_account" "prometheus":
  73: resource "kubernetes_service_account" "prometheus" {

Starting from version 1.24.0 Kubernetes does not automatically generate a
token for service accounts, in this case, "default_secret_name" will be empty

(and 3 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: cluster-tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "cluster-tfplan"

@42atomys 42atomys merged commit 57f971c into main Nov 14, 2022
@42atomys 42atomys deleted the fix/deploy-oauth-creds branch November 14, 2022 22:53
@42atomys 42atomys temporarily deployed to previews November 14, 2022 22:53 Inactive
@42atomys 42atomys temporarily deployed to previews November 14, 2022 22:53 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
state/triage 🚦 Has not been triaged & therefore, not ready for work
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant