From 5194d8306e1e02c9236b59b868841c2375d502c3 Mon Sep 17 00:00:00 2001 From: Robin Wallace Date: Sat, 7 Oct 2023 04:45:41 +0200 Subject: [PATCH] upcloud: update terraform provider strict anti-affinity (#10474) --- contrib/terraform/upcloud/README.md | 2 +- .../terraform/upcloud/cluster-settings.tfvars | 8 +- .../modules/kubernetes-cluster/main.tf | 298 +++++++++--------- .../modules/kubernetes-cluster/output.tf | 8 +- .../modules/kubernetes-cluster/variables.tf | 14 +- .../modules/kubernetes-cluster/versions.tf | 4 +- .../upcloud/sample-inventory/cluster.tfvars | 18 +- contrib/terraform/upcloud/variables.tf | 4 +- contrib/terraform/upcloud/versions.tf | 2 +- 9 files changed, 179 insertions(+), 179 deletions(-) diff --git a/contrib/terraform/upcloud/README.md b/contrib/terraform/upcloud/README.md index c893c34ac..6d35a4268 100644 --- a/contrib/terraform/upcloud/README.md +++ b/contrib/terraform/upcloud/README.md @@ -140,4 +140,4 @@ terraform destroy --var-file cluster-settings.tfvars \ * `backend_servers`: List of servers that traffic to the port should be forwarded to. * `server_groups`: Group servers together * `servers`: The servers that should be included in the group. - * `anti_affinity`: If anti-affinity should be enabled, try to spread the VMs out on separate nodes. + * `anti_affinity_policy`: Defines if a server group is an anti-affinity group. Setting this to "strict" or yes" will result in all servers in the group being placed on separate compute hosts. The value can be "strict", "yes" or "no". "strict" refers to strict policy doesn't allow servers in the same server group to be on the same host. "yes" refers to best-effort policy and tries to put servers on different hosts, but this is not guaranteed. diff --git a/contrib/terraform/upcloud/cluster-settings.tfvars b/contrib/terraform/upcloud/cluster-settings.tfvars index d88945f65..199661e6b 100644 --- a/contrib/terraform/upcloud/cluster-settings.tfvars +++ b/contrib/terraform/upcloud/cluster-settings.tfvars @@ -18,7 +18,7 @@ ssh_public_keys = [ # check list of available plan https://developers.upcloud.com/1.3/7-plans/ machines = { - "master-0" : { + "control-plane-0" : { "node_type" : "master", # plan to use instead of custom cpu/mem "plan" : null, @@ -133,9 +133,9 @@ loadbalancers = { server_groups = { # "control-plane" = { # servers = [ - # "master-0" + # "control-plane-0" # ] - # anti_affinity = true + # anti_affinity_policy = "strict" # }, # "workers" = { # servers = [ @@ -143,6 +143,6 @@ server_groups = { # "worker-1", # "worker-2" # ] - # anti_affinity = true + # anti_affinity_policy = "yes" # } } \ No newline at end of file diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf index c2d43a3ac..72c441087 100644 --- a/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf +++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf @@ -3,7 +3,7 @@ locals { disks = flatten([ for node_name, machine in var.machines : [ for disk_name, disk in machine.additional_disks : { - disk = disk + disk = disk disk_name = disk_name node_name = node_name } @@ -13,8 +13,8 @@ locals { lb_backend_servers = flatten([ for lb_name, loadbalancer in var.loadbalancers : [ for backend_server in loadbalancer.backend_servers : { - port = loadbalancer.target_port - lb_name = lb_name + port = loadbalancer.target_port + lb_name = lb_name server_name = backend_server } ] @@ -22,7 +22,7 @@ locals { # If prefix is set, all resources will be prefixed with "${var.prefix}-" # Else don't prefix with anything - resource-prefix = "%{ if var.prefix != ""}${var.prefix}-%{ endif }" + resource-prefix = "%{if var.prefix != ""}${var.prefix}-%{endif}" } resource "upcloud_network" "private" { @@ -38,7 +38,7 @@ resource "upcloud_network" "private" { resource "upcloud_storage" "additional_disks" { for_each = { - for disk in local.disks: "${disk.node_name}_${disk.disk_name}" => disk.disk + for disk in local.disks : "${disk.node_name}_${disk.disk_name}" => disk.disk } size = each.value.size @@ -61,8 +61,8 @@ resource "upcloud_server" "master" { zone = var.zone template { - storage = var.template_name - size = each.value.disk_size + storage = var.template_name + size = each.value.disk_size } # Public network interface @@ -81,14 +81,14 @@ resource "upcloud_server" "master" { ignore_changes = [storage_devices] } - firewall = var.firewall_enabled + firewall = var.firewall_enabled dynamic "storage_devices" { for_each = { for disk_key_name, disk in upcloud_storage.additional_disks : - disk_key_name => disk - # Only add the disk if it matches the node name in the start of its name - if length(regexall("^${each.key}_.+", disk_key_name)) > 0 + disk_key_name => disk + # Only add the disk if it matches the node name in the start of its name + if length(regexall("^${each.key}_.+", disk_key_name)) > 0 } content { @@ -138,14 +138,14 @@ resource "upcloud_server" "worker" { ignore_changes = [storage_devices] } - firewall = var.firewall_enabled + firewall = var.firewall_enabled dynamic "storage_devices" { for_each = { for disk_key_name, disk in upcloud_storage.additional_disks : - disk_key_name => disk - # Only add the disk if it matches the node name in the start of its name - if length(regexall("^${each.key}_.+", disk_key_name)) > 0 + disk_key_name => disk + # Only add the disk if it matches the node name in the start of its name + if length(regexall("^${each.key}_.+", disk_key_name)) > 0 } content { @@ -162,10 +162,10 @@ resource "upcloud_server" "worker" { } resource "upcloud_firewall_rules" "master" { - for_each = upcloud_server.master + for_each = upcloud_server.master server_id = each.value.id - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.master_allowed_remote_ips content { @@ -181,7 +181,7 @@ resource "upcloud_firewall_rules" "master" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = length(var.master_allowed_remote_ips) > 0 ? [1] : [] content { @@ -197,7 +197,7 @@ resource "upcloud_firewall_rules" "master" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.k8s_allowed_remote_ips content { @@ -213,7 +213,7 @@ resource "upcloud_firewall_rules" "master" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : [] content { @@ -229,7 +229,7 @@ resource "upcloud_firewall_rules" "master" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.master_allowed_ports content { @@ -245,97 +245,97 @@ resource "upcloud_firewall_rules" "master" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "94.237.40.9" - source_address_start = "94.237.40.9" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "94.237.40.9" + source_address_start = "94.237.40.9" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "94.237.127.9" - source_address_start = "94.237.127.9" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "94.237.127.9" + source_address_start = "94.237.127.9" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value - source_address_end = "2a04:3540:53::1" - source_address_start = "2a04:3540:53::1" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value + source_address_end = "2a04:3540:53::1" + source_address_start = "2a04:3540:53::1" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value - source_address_end = "2a04:3544:53::1" - source_address_start = "2a04:3544:53::1" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value + source_address_end = "2a04:3544:53::1" + source_address_start = "2a04:3544:53::1" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["udp"] : [] content { - action = "accept" - comment = "NTP Port" - source_port_end = "123" - source_port_start = "123" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "255.255.255.255" - source_address_start = "0.0.0.0" + action = "accept" + comment = "NTP Port" + source_port_end = "123" + source_port_start = "123" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "255.255.255.255" + source_address_start = "0.0.0.0" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["udp"] : [] content { - action = "accept" - comment = "NTP Port" - source_port_end = "123" - source_port_start = "123" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value + action = "accept" + comment = "NTP Port" + source_port_end = "123" + source_port_start = "123" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value } } @@ -351,10 +351,10 @@ resource "upcloud_firewall_rules" "master" { } resource "upcloud_firewall_rules" "k8s" { - for_each = upcloud_server.worker + for_each = upcloud_server.worker server_id = each.value.id - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.k8s_allowed_remote_ips content { @@ -370,7 +370,7 @@ resource "upcloud_firewall_rules" "k8s" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : [] content { @@ -386,7 +386,7 @@ resource "upcloud_firewall_rules" "k8s" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.worker_allowed_ports content { @@ -402,97 +402,97 @@ resource "upcloud_firewall_rules" "k8s" { } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "94.237.40.9" - source_address_start = "94.237.40.9" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "94.237.40.9" + source_address_start = "94.237.40.9" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "94.237.127.9" - source_address_start = "94.237.127.9" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "94.237.127.9" + source_address_start = "94.237.127.9" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value - source_address_end = "2a04:3540:53::1" - source_address_start = "2a04:3540:53::1" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value + source_address_end = "2a04:3540:53::1" + source_address_start = "2a04:3540:53::1" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] content { - action = "accept" - comment = "UpCloud DNS" - source_port_end = "53" - source_port_start = "53" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value - source_address_end = "2a04:3544:53::1" - source_address_start = "2a04:3544:53::1" + action = "accept" + comment = "UpCloud DNS" + source_port_end = "53" + source_port_start = "53" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value + source_address_end = "2a04:3544:53::1" + source_address_start = "2a04:3544:53::1" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["udp"] : [] content { - action = "accept" - comment = "NTP Port" - source_port_end = "123" - source_port_start = "123" - direction = "in" - family = "IPv4" - protocol = firewall_rule.value - source_address_end = "255.255.255.255" - source_address_start = "0.0.0.0" + action = "accept" + comment = "NTP Port" + source_port_end = "123" + source_port_start = "123" + direction = "in" + family = "IPv4" + protocol = firewall_rule.value + source_address_end = "255.255.255.255" + source_address_start = "0.0.0.0" } } - dynamic firewall_rule { + dynamic "firewall_rule" { for_each = var.firewall_default_deny_in ? ["udp"] : [] content { - action = "accept" - comment = "NTP Port" - source_port_end = "123" - source_port_start = "123" - direction = "in" - family = "IPv6" - protocol = firewall_rule.value + action = "accept" + comment = "NTP Port" + source_port_end = "123" + source_port_start = "123" + direction = "in" + family = "IPv6" + protocol = firewall_rule.value } } @@ -535,9 +535,9 @@ resource "upcloud_loadbalancer_frontend" "lb_frontend" { resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" { for_each = { - for be_server in local.lb_backend_servers: - "${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server - if var.loadbalancer_enabled + for be_server in local.lb_backend_servers : + "${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server + if var.loadbalancer_enabled } backend = upcloud_loadbalancer_backend.lb_backend[each.value.lb_name].id @@ -550,9 +550,9 @@ resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" { } resource "upcloud_server_group" "server_groups" { - for_each = var.server_groups - title = each.key - anti_affinity = each.value.anti_affinity - labels = {} - members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id] + for_each = var.server_groups + title = each.key + anti_affinity_policy = each.value.anti_affinity_policy + labels = {} + members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id] } \ No newline at end of file diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/output.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/output.tf index c1f8c7c9c..084f02348 100644 --- a/contrib/terraform/upcloud/modules/kubernetes-cluster/output.tf +++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/output.tf @@ -3,8 +3,8 @@ output "master_ip" { value = { for instance in upcloud_server.master : instance.hostname => { - "public_ip": instance.network_interface[0].ip_address - "private_ip": instance.network_interface[1].ip_address + "public_ip" : instance.network_interface[0].ip_address + "private_ip" : instance.network_interface[1].ip_address } } } @@ -13,8 +13,8 @@ output "worker_ip" { value = { for instance in upcloud_server.worker : instance.hostname => { - "public_ip": instance.network_interface[0].ip_address - "private_ip": instance.network_interface[1].ip_address + "public_ip" : instance.network_interface[0].ip_address + "private_ip" : instance.network_interface[1].ip_address } } } diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf index 8c492ae2a..a99d2d848 100644 --- a/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf +++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf @@ -15,11 +15,11 @@ variable "private_network_cidr" {} variable "machines" { description = "Cluster machines" type = map(object({ - node_type = string - plan = string - cpu = string - mem = string - disk_size = number + node_type = string + plan = string + cpu = string + mem = string + disk_size = number additional_disks = map(object({ size = number tier = string @@ -99,7 +99,7 @@ variable "server_groups" { description = "Server groups" type = map(object({ - anti_affinity = bool - servers = list(string) + anti_affinity_policy = string + servers = list(string) })) } \ No newline at end of file diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf index 75230b949..3138453be 100644 --- a/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf +++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf @@ -2,8 +2,8 @@ terraform { required_providers { upcloud = { - source = "UpCloudLtd/upcloud" - version = "~>2.7.1" + source = "UpCloudLtd/upcloud" + version = "~>2.12.0" } } required_version = ">= 0.13" diff --git a/contrib/terraform/upcloud/sample-inventory/cluster.tfvars b/contrib/terraform/upcloud/sample-inventory/cluster.tfvars index 4e8ade831..58536674f 100644 --- a/contrib/terraform/upcloud/sample-inventory/cluster.tfvars +++ b/contrib/terraform/upcloud/sample-inventory/cluster.tfvars @@ -18,7 +18,7 @@ ssh_public_keys = [ # check list of available plan https://developers.upcloud.com/1.3/7-plans/ machines = { - "master-0" : { + "control-plane-0" : { "node_type" : "master", # plan to use instead of custom cpu/mem "plan" : null, @@ -28,7 +28,7 @@ machines = { "mem" : "4096" # The size of the storage in GB "disk_size" : 250 - "additional_disks": {} + "additional_disks" : {} }, "worker-0" : { "node_type" : "worker", @@ -40,7 +40,7 @@ machines = { "mem" : "4096" # The size of the storage in GB "disk_size" : 250 - "additional_disks": { + "additional_disks" : { # "some-disk-name-1": { # "size": 100, # "tier": "maxiops", @@ -61,7 +61,7 @@ machines = { "mem" : "4096" # The size of the storage in GB "disk_size" : 250 - "additional_disks": { + "additional_disks" : { # "some-disk-name-1": { # "size": 100, # "tier": "maxiops", @@ -82,7 +82,7 @@ machines = { "mem" : "4096" # The size of the storage in GB "disk_size" : 250 - "additional_disks": { + "additional_disks" : { # "some-disk-name-1": { # "size": 100, # "tier": "maxiops", @@ -118,7 +118,7 @@ master_allowed_ports = [] worker_allowed_ports = [] loadbalancer_enabled = false -loadbalancer_plan = "development" +loadbalancer_plan = "development" loadbalancers = { # "http" : { # "port" : 80, @@ -134,9 +134,9 @@ loadbalancers = { server_groups = { # "control-plane" = { # servers = [ - # "master-0" + # "control-plane-0" # ] - # anti_affinity = true + # anti_affinity_policy = "strict" # }, # "workers" = { # servers = [ @@ -144,6 +144,6 @@ server_groups = { # "worker-1", # "worker-2" # ] - # anti_affinity = true + # anti_affinity_policy = "yes" # } } \ No newline at end of file diff --git a/contrib/terraform/upcloud/variables.tf b/contrib/terraform/upcloud/variables.tf index 3b2c55804..880dc4157 100644 --- a/contrib/terraform/upcloud/variables.tf +++ b/contrib/terraform/upcloud/variables.tf @@ -136,8 +136,8 @@ variable "server_groups" { description = "Server groups" type = map(object({ - anti_affinity = bool - servers = list(string) + anti_affinity_policy = string + servers = list(string) })) default = {} diff --git a/contrib/terraform/upcloud/versions.tf b/contrib/terraform/upcloud/versions.tf index 99507471c..3138453be 100644 --- a/contrib/terraform/upcloud/versions.tf +++ b/contrib/terraform/upcloud/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { upcloud = { source = "UpCloudLtd/upcloud" - version = "~>2.7.1" + version = "~>2.12.0" } } required_version = ">= 0.13"