Improved various nits

Signed-off-by: Philip Schmid <[email protected]>

Author: PhilipSchmid

.github/dependabot.yml

@@ -1,9 +1,22 @@
 version: 2
 updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 5
+    rebase-strategy: "disabled"
+    labels:
+      - ci/dependabot
+      - kind/enhancement
   - package-ecosystem: "terraform"
     directory: /
     schedule:
       interval: "daily"
       time: "23:00"
       timezone: "Europe/Zurich"
-    open-pull-requests-limit: 3
+    open-pull-requests-limit: 5
+    rebase-strategy: "disabled"
+    labels:
+      - ci/dependabot
+      - kind/enhancement

.github/workflows/terraform.yml

@@ -7,15 +7,15 @@ on:
       - reopened
   push:
     branches:
-      - master
+      - main
 jobs:
   formatting:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
         with:
-         ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       - name: terraform fmt
         uses: dflook/terraform-fmt-check@fc6a4d63e251c5d6f247fc8310171a4e45e18210
   docs:
@@ -24,7 +24,7 @@ jobs:
     steps:
     - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
       with:
-        ref: ${{ github.event.pull_request.head.ref }}
+        ref: ${{ github.ref }}
     - name: Render terraform docs and push changes back to PR branch
       uses: terraform-docs/gh-actions@cfde42f79b15256c71f4b79ae1d6acea0f689952
       with:

.terraform-docs.yml

@@ -2,4 +2,6 @@
 formatter: "markdown table"
 output:
   file: README.md
-  mode: inject
+  mode: inject
+settings:
+  indent: 3

Makefile

@@ -1,7 +1,32 @@
 SHELL := /bin/bash
-ROOT := $$(git rev-parse --show-toplevel)
 
 .PHONY: docs
+.DEFAULT_GOAL := help
 
+## Generate/update terraform docs inside README.md (https://terraform-docs.io/user-guide/introduction/)
 docs:
-	@terraform-docs markdown table --output-file "$(ROOT)/README.md" --output-mode inject "$(ROOT)"
+	terraform-docs .
+
+# COLORS
+GREEN  := $(shell tput -Txterm setaf 2)
+YELLOW := $(shell tput -Txterm setaf 3)
+WHITE  := $(shell tput -Txterm setaf 7)
+RESET  := $(shell tput -Txterm sgr0)
+
+TARGET_MAX_CHAR_NUM=20
+## Show this help
+help:
+	@echo ''
+	@echo 'Usage:'
+	@echo '  ${YELLOW}make${RESET} ${GREEN}<target>${RESET}'
+	@echo ''
+	@echo 'Targets:'
+	@awk '/^[a-zA-Z\-\_0-9]+:/ { \
+		helpMessage = match(lastLine, /^## (.*)/); \
+		if (helpMessage) { \
+			helpCommand = substr($$1, 0, index($$1, ":")-1); \
+			helpMessage = substr(lastLine, RSTART + 3, RLENGTH); \
+			printf "  ${YELLOW}%-$(TARGET_MAX_CHAR_NUM)s${RESET} ${GREEN}%s${RESET}\n", helpCommand, helpMessage; \
+		} \
+	} \
+	{ lastLine = $$0 }' $(MAKEFILE_LIST)

README.md

@@ -3,30 +3,30 @@
 An opinionated Terraform module that can be used to install and manage Cilium on top of a Kubernetes cluster.
 
 <!-- BEGIN_TF_DOCS -->
-## Requirements
+### Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.1.1 |
 
-## Providers
+### Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.1.1 |
 
-## Modules
+### Modules
 
 No modules.
 
-## Resources
+### Resources
 
 | Name | Type |
 |------|------|
 | [null_resource.main](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 
-## Inputs
+### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
@@ -40,14 +40,16 @@ No modules.
 | <a name="input_control_plane_nodes_label_selector"></a> [control\_plane\_nodes\_label\_selector](#input\_control\_plane\_nodes\_label\_selector) | The label selector used to filter control-plane nodes. | `string` | `"node-role.kubernetes.io/control-plane"` | no |
 | <a name="input_deploy_etcd_cluster"></a> [deploy\_etcd\_cluster](#input\_deploy\_etcd\_cluster) | Whether to deploy an 'etcd' cluster suitable for usage as the Cilium key-value store (HIGHLY EXPERIMENTAL). | `bool` | `false` | no |
 | <a name="input_extra_provisioner_environment_variables"></a> [extra\_provisioner\_environment\_variables](#input\_extra\_provisioner\_environment\_variables) | A map of extra environment variables to include when executing the provisioning script. | `map(string)` | `{}` | no |
+| <a name="input_install_kube_prometheus_servicemonitor_crd"></a> [install\_kube\_prometheus\_servicemonitor\_crd](#input\_install\_kube\_prometheus\_servicemonitor\_crd) | Whether to install the 'kube-prometheus' ServiceMonitor CRD. | `bool` | `true` | no |
 | <a name="input_ipsec_key"></a> [ipsec\_key](#input\_ipsec\_key) | The IPsec key to use for transparent encryption. Leave empty for none to be created (in which case encryption should be disabled in Helm as well). | `string` | `""` | no |
+| <a name="input_kube_prometheus_crds_version"></a> [kube\_prometheus\_crds\_version](#input\_kube\_prometheus\_crds\_version) | Version of the 'kube-prometheus' ServiceMonitor CRD to install. | `string` | `"v0.13.0"` | no |
 | <a name="input_path_to_kubeconfig_file"></a> [path\_to\_kubeconfig\_file](#input\_path\_to\_kubeconfig\_file) | The path to the kubeconfig file to use. | `string` | n/a | yes |
 | <a name="input_post_cilium_install_script"></a> [post\_cilium\_install\_script](#input\_post\_cilium\_install\_script) | A script to be run right after installing Cilium. | `string` | `""` | no |
 | <a name="input_pre_cilium_install_script"></a> [pre\_cilium\_install\_script](#input\_pre\_cilium\_install\_script) | A script to be run right before installing Cilium. | `string` | `""` | no |
 | <a name="input_total_control_plane_nodes"></a> [total\_control\_plane\_nodes](#input\_total\_control\_plane\_nodes) | The number of control-plane nodes expected in the cluster. | `number` | `3` | no |
 | <a name="input_wait_for_total_control_plane_nodes"></a> [wait\_for\_total\_control\_plane\_nodes](#input\_wait\_for\_total\_control\_plane\_nodes) | Whether to wait for the expected number of control-plane nodes to be registered before applying any changes. | `bool` | `false` | no |
 
-## Outputs
+### Outputs
 
 No outputs.
 <!-- END_TF_DOCS -->

locals.tf

@@ -24,7 +24,8 @@ locals {
     CILIUM_NAMESPACE                   = var.cilium_namespace,                                                                    // The namespace where to deploy Cilium.
     CONTROL_PLANE_NODES_LABEL_SELECTOR = var.control_plane_nodes_label_selector,                                                  // The label selector used to filter control-plane nodes.
     DEPLOY_ETCD_CLUSTER                = var.deploy_etcd_cluster                                                                  // Whether to deploy an 'etcd' cluster suitable for usage as the Cilium key-value store.
-    INSTALL_KUBE_PROMETHEUS_CRDS       = true,                                                                                    // Whether to install (some of) the 'kube-prometheus' CRDs (such as 'ServiceMonitor').
+    INSTALL_KUBE_PROMETHEUS_CRDS       = var.install_kube_prometheus_servicemonitor_crd,                                          // Whether to install the 'kube-prometheus' ServiceMonitor CRD.
+    KUBE_PROMETHEUS_CRDS_VERSION       = var.kube_prometheus_crds_version,                                                        // Version of the 'kube-prometheus' ServiceMonitor CRD to install.
     IPSEC_KEY                          = var.ipsec_key,                                                                           // The IPsec key to be used for transparent encryption.
     KUBECONFIG                         = var.path_to_kubeconfig_file                                                              // The path to the kubeconfig file that will be created and output.
     PRE_CILIUM_INSTALL_SCRIPT          = var.pre_cilium_install_script != "" ? base64encode(var.pre_cilium_install_script) : ""   // The script to execute before installing Cilium.

scripts/provisioner.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Copyright 2022 Isovalent, Inc.
 #
@@ -86,7 +86,7 @@ export IPSEC_ENABLED
 # Manually create the 'ServiceMonitor' CRD from 'kube-prometheus' so we can enable the creation of 'ServiceMonitor' resources in the Cilium Helm chart.
 if [[ "${INSTALL_KUBE_PROMETHEUS_CRDS}" == "true" ]];
 then
-  kubectl apply -f "https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.13/manifests/setup/0servicemonitorCustomResourceDefinition.yaml"
+  kubectl apply -f "https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/${KUBE_PROMETHEUS_CRDS_VERSION}/manifests/setup/0servicemonitorCustomResourceDefinition.yaml"
   until kubectl get servicemonitors --all-namespaces;
   do
       echo "Waiting for the 'servicemonitors' CRD...";

variables.tf

@@ -103,3 +103,15 @@ variable "wait_for_total_control_plane_nodes" {
   description = "Whether to wait for the expected number of control-plane nodes to be registered before applying any changes."
   type        = bool
 }
+
+variable "install_kube_prometheus_servicemonitor_crd" {
+  default     = true
+  description = "Whether to install the 'kube-prometheus' ServiceMonitor CRD."
+  type        = bool
+}
+
+variable "kube_prometheus_crds_version" {
+  default     = "v0.13.0"
+  description = "Version of the 'kube-prometheus' ServiceMonitor CRD to install."
+  type        = string
+}