upcloud: update terraform provider strict anti-affinity (#10474)
Robin Wallace
GitHub
parent
4846f33136
commit
5194d8306e
|
|
@ -140,4 +140,4 @@ terraform destroy --var-file cluster-settings.tfvars \
|
||||||
* `backend_servers`: List of servers that traffic to the port should be forwarded to.
|
* `backend_servers`: List of servers that traffic to the port should be forwarded to.
|
||||||
* `server_groups`: Group servers together
|
* `server_groups`: Group servers together
|
||||||
* `servers`: The servers that should be included in the group.
|
* `servers`: The servers that should be included in the group.
|
||||||
* `anti_affinity`: If anti-affinity should be enabled, try to spread the VMs out on separate nodes.
|
* `anti_affinity_policy`: Defines if a server group is an anti-affinity group. Setting this to "strict" or yes" will result in all servers in the group being placed on separate compute hosts. The value can be "strict", "yes" or "no". "strict" refers to strict policy doesn't allow servers in the same server group to be on the same host. "yes" refers to best-effort policy and tries to put servers on different hosts, but this is not guaranteed.
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ ssh_public_keys = [
|
||||||
|
|
||||||
# check list of available plan https://developers.upcloud.com/1.3/7-plans/
|
# check list of available plan https://developers.upcloud.com/1.3/7-plans/
|
||||||
machines = {
|
machines = {
|
||||||
"master-0" : {
|
"control-plane-0" : {
|
||||||
"node_type" : "master",
|
"node_type" : "master",
|
||||||
# plan to use instead of custom cpu/mem
|
# plan to use instead of custom cpu/mem
|
||||||
"plan" : null,
|
"plan" : null,
|
||||||
|
|
@ -133,9 +133,9 @@ loadbalancers = {
|
||||||
server_groups = {
|
server_groups = {
|
||||||
# "control-plane" = {
|
# "control-plane" = {
|
||||||
# servers = [
|
# servers = [
|
||||||
# "master-0"
|
# "control-plane-0"
|
||||||
# ]
|
# ]
|
||||||
# anti_affinity = true
|
# anti_affinity_policy = "strict"
|
||||||
# },
|
# },
|
||||||
# "workers" = {
|
# "workers" = {
|
||||||
# servers = [
|
# servers = [
|
||||||
|
|
@ -143,6 +143,6 @@ server_groups = {
|
||||||
# "worker-1",
|
# "worker-1",
|
||||||
# "worker-2"
|
# "worker-2"
|
||||||
# ]
|
# ]
|
||||||
# anti_affinity = true
|
# anti_affinity_policy = "yes"
|
||||||
# }
|
# }
|
||||||
}
|
}
|
||||||
|
|
@ -3,7 +3,7 @@ locals {
|
||||||
disks = flatten([
|
disks = flatten([
|
||||||
for node_name, machine in var.machines : [
|
for node_name, machine in var.machines : [
|
||||||
for disk_name, disk in machine.additional_disks : {
|
for disk_name, disk in machine.additional_disks : {
|
||||||
disk = disk
|
disk = disk
|
||||||
disk_name = disk_name
|
disk_name = disk_name
|
||||||
node_name = node_name
|
node_name = node_name
|
||||||
}
|
}
|
||||||
|
|
@ -13,8 +13,8 @@ locals {
|
||||||
lb_backend_servers = flatten([
|
lb_backend_servers = flatten([
|
||||||
for lb_name, loadbalancer in var.loadbalancers : [
|
for lb_name, loadbalancer in var.loadbalancers : [
|
||||||
for backend_server in loadbalancer.backend_servers : {
|
for backend_server in loadbalancer.backend_servers : {
|
||||||
port = loadbalancer.target_port
|
port = loadbalancer.target_port
|
||||||
lb_name = lb_name
|
lb_name = lb_name
|
||||||
server_name = backend_server
|
server_name = backend_server
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
@ -22,7 +22,7 @@ locals {
|
||||||
|
|
||||||
# If prefix is set, all resources will be prefixed with "${var.prefix}-"
|
# If prefix is set, all resources will be prefixed with "${var.prefix}-"
|
||||||
# Else don't prefix with anything
|
# Else don't prefix with anything
|
||||||
resource-prefix = "%{ if var.prefix != ""}${var.prefix}-%{ endif }"
|
resource-prefix = "%{if var.prefix != ""}${var.prefix}-%{endif}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "upcloud_network" "private" {
|
resource "upcloud_network" "private" {
|
||||||
|
|
@ -38,7 +38,7 @@ resource "upcloud_network" "private" {
|
||||||
|
|
||||||
resource "upcloud_storage" "additional_disks" {
|
resource "upcloud_storage" "additional_disks" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for disk in local.disks: "${disk.node_name}_${disk.disk_name}" => disk.disk
|
for disk in local.disks : "${disk.node_name}_${disk.disk_name}" => disk.disk
|
||||||
}
|
}
|
||||||
|
|
||||||
size = each.value.size
|
size = each.value.size
|
||||||
|
|
@ -61,8 +61,8 @@ resource "upcloud_server" "master" {
|
||||||
zone = var.zone
|
zone = var.zone
|
||||||
|
|
||||||
template {
|
template {
|
||||||
storage = var.template_name
|
storage = var.template_name
|
||||||
size = each.value.disk_size
|
size = each.value.disk_size
|
||||||
}
|
}
|
||||||
|
|
||||||
# Public network interface
|
# Public network interface
|
||||||
|
|
@ -81,14 +81,14 @@ resource "upcloud_server" "master" {
|
||||||
ignore_changes = [storage_devices]
|
ignore_changes = [storage_devices]
|
||||||
}
|
}
|
||||||
|
|
||||||
firewall = var.firewall_enabled
|
firewall = var.firewall_enabled
|
||||||
|
|
||||||
dynamic "storage_devices" {
|
dynamic "storage_devices" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for disk_key_name, disk in upcloud_storage.additional_disks :
|
for disk_key_name, disk in upcloud_storage.additional_disks :
|
||||||
disk_key_name => disk
|
disk_key_name => disk
|
||||||
# Only add the disk if it matches the node name in the start of its name
|
# Only add the disk if it matches the node name in the start of its name
|
||||||
if length(regexall("^${each.key}_.+", disk_key_name)) > 0
|
if length(regexall("^${each.key}_.+", disk_key_name)) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -138,14 +138,14 @@ resource "upcloud_server" "worker" {
|
||||||
ignore_changes = [storage_devices]
|
ignore_changes = [storage_devices]
|
||||||
}
|
}
|
||||||
|
|
||||||
firewall = var.firewall_enabled
|
firewall = var.firewall_enabled
|
||||||
|
|
||||||
dynamic "storage_devices" {
|
dynamic "storage_devices" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for disk_key_name, disk in upcloud_storage.additional_disks :
|
for disk_key_name, disk in upcloud_storage.additional_disks :
|
||||||
disk_key_name => disk
|
disk_key_name => disk
|
||||||
# Only add the disk if it matches the node name in the start of its name
|
# Only add the disk if it matches the node name in the start of its name
|
||||||
if length(regexall("^${each.key}_.+", disk_key_name)) > 0
|
if length(regexall("^${each.key}_.+", disk_key_name)) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -162,10 +162,10 @@ resource "upcloud_server" "worker" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "upcloud_firewall_rules" "master" {
|
resource "upcloud_firewall_rules" "master" {
|
||||||
for_each = upcloud_server.master
|
for_each = upcloud_server.master
|
||||||
server_id = each.value.id
|
server_id = each.value.id
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.master_allowed_remote_ips
|
for_each = var.master_allowed_remote_ips
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -181,7 +181,7 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = length(var.master_allowed_remote_ips) > 0 ? [1] : []
|
for_each = length(var.master_allowed_remote_ips) > 0 ? [1] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -197,7 +197,7 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.k8s_allowed_remote_ips
|
for_each = var.k8s_allowed_remote_ips
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -213,7 +213,7 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
|
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -229,7 +229,7 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.master_allowed_ports
|
for_each = var.master_allowed_ports
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -245,97 +245,97 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "94.237.40.9"
|
source_address_end = "94.237.40.9"
|
||||||
source_address_start = "94.237.40.9"
|
source_address_start = "94.237.40.9"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "94.237.127.9"
|
source_address_end = "94.237.127.9"
|
||||||
source_address_start = "94.237.127.9"
|
source_address_start = "94.237.127.9"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "2a04:3540:53::1"
|
source_address_end = "2a04:3540:53::1"
|
||||||
source_address_start = "2a04:3540:53::1"
|
source_address_start = "2a04:3540:53::1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "2a04:3544:53::1"
|
source_address_end = "2a04:3544:53::1"
|
||||||
source_address_start = "2a04:3544:53::1"
|
source_address_start = "2a04:3544:53::1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
source_port_end = "123"
|
source_port_end = "123"
|
||||||
source_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "255.255.255.255"
|
source_address_end = "255.255.255.255"
|
||||||
source_address_start = "0.0.0.0"
|
source_address_start = "0.0.0.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
source_port_end = "123"
|
source_port_end = "123"
|
||||||
source_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -351,10 +351,10 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "upcloud_firewall_rules" "k8s" {
|
resource "upcloud_firewall_rules" "k8s" {
|
||||||
for_each = upcloud_server.worker
|
for_each = upcloud_server.worker
|
||||||
server_id = each.value.id
|
server_id = each.value.id
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.k8s_allowed_remote_ips
|
for_each = var.k8s_allowed_remote_ips
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -370,7 +370,7 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
|
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -386,7 +386,7 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.worker_allowed_ports
|
for_each = var.worker_allowed_ports
|
||||||
|
|
||||||
content {
|
content {
|
||||||
|
|
@ -402,97 +402,97 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "94.237.40.9"
|
source_address_end = "94.237.40.9"
|
||||||
source_address_start = "94.237.40.9"
|
source_address_start = "94.237.40.9"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "94.237.127.9"
|
source_address_end = "94.237.127.9"
|
||||||
source_address_start = "94.237.127.9"
|
source_address_start = "94.237.127.9"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "2a04:3540:53::1"
|
source_address_end = "2a04:3540:53::1"
|
||||||
source_address_start = "2a04:3540:53::1"
|
source_address_start = "2a04:3540:53::1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
source_port_end = "53"
|
source_port_end = "53"
|
||||||
source_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "2a04:3544:53::1"
|
source_address_end = "2a04:3544:53::1"
|
||||||
source_address_start = "2a04:3544:53::1"
|
source_address_start = "2a04:3544:53::1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
source_port_end = "123"
|
source_port_end = "123"
|
||||||
source_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
source_address_end = "255.255.255.255"
|
source_address_end = "255.255.255.255"
|
||||||
source_address_start = "0.0.0.0"
|
source_address_start = "0.0.0.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic firewall_rule {
|
dynamic "firewall_rule" {
|
||||||
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
source_port_end = "123"
|
source_port_end = "123"
|
||||||
source_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -535,9 +535,9 @@ resource "upcloud_loadbalancer_frontend" "lb_frontend" {
|
||||||
|
|
||||||
resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
|
resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for be_server in local.lb_backend_servers:
|
for be_server in local.lb_backend_servers :
|
||||||
"${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server
|
"${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server
|
||||||
if var.loadbalancer_enabled
|
if var.loadbalancer_enabled
|
||||||
}
|
}
|
||||||
|
|
||||||
backend = upcloud_loadbalancer_backend.lb_backend[each.value.lb_name].id
|
backend = upcloud_loadbalancer_backend.lb_backend[each.value.lb_name].id
|
||||||
|
|
@ -550,9 +550,9 @@ resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "upcloud_server_group" "server_groups" {
|
resource "upcloud_server_group" "server_groups" {
|
||||||
for_each = var.server_groups
|
for_each = var.server_groups
|
||||||
title = each.key
|
title = each.key
|
||||||
anti_affinity = each.value.anti_affinity
|
anti_affinity_policy = each.value.anti_affinity_policy
|
||||||
labels = {}
|
labels = {}
|
||||||
members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
|
members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
|
||||||
}
|
}
|
||||||
|
|
@ -3,8 +3,8 @@ output "master_ip" {
|
||||||
value = {
|
value = {
|
||||||
for instance in upcloud_server.master :
|
for instance in upcloud_server.master :
|
||||||
instance.hostname => {
|
instance.hostname => {
|
||||||
"public_ip": instance.network_interface[0].ip_address
|
"public_ip" : instance.network_interface[0].ip_address
|
||||||
"private_ip": instance.network_interface[1].ip_address
|
"private_ip" : instance.network_interface[1].ip_address
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -13,8 +13,8 @@ output "worker_ip" {
|
||||||
value = {
|
value = {
|
||||||
for instance in upcloud_server.worker :
|
for instance in upcloud_server.worker :
|
||||||
instance.hostname => {
|
instance.hostname => {
|
||||||
"public_ip": instance.network_interface[0].ip_address
|
"public_ip" : instance.network_interface[0].ip_address
|
||||||
"private_ip": instance.network_interface[1].ip_address
|
"private_ip" : instance.network_interface[1].ip_address
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,11 +15,11 @@ variable "private_network_cidr" {}
|
||||||
variable "machines" {
|
variable "machines" {
|
||||||
description = "Cluster machines"
|
description = "Cluster machines"
|
||||||
type = map(object({
|
type = map(object({
|
||||||
node_type = string
|
node_type = string
|
||||||
plan = string
|
plan = string
|
||||||
cpu = string
|
cpu = string
|
||||||
mem = string
|
mem = string
|
||||||
disk_size = number
|
disk_size = number
|
||||||
additional_disks = map(object({
|
additional_disks = map(object({
|
||||||
size = number
|
size = number
|
||||||
tier = string
|
tier = string
|
||||||
|
|
@ -99,7 +99,7 @@ variable "server_groups" {
|
||||||
description = "Server groups"
|
description = "Server groups"
|
||||||
|
|
||||||
type = map(object({
|
type = map(object({
|
||||||
anti_affinity = bool
|
anti_affinity_policy = string
|
||||||
servers = list(string)
|
servers = list(string)
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
@ -2,8 +2,8 @@
|
||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
upcloud = {
|
upcloud = {
|
||||||
source = "UpCloudLtd/upcloud"
|
source = "UpCloudLtd/upcloud"
|
||||||
version = "~>2.7.1"
|
version = "~>2.12.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
required_version = ">= 0.13"
|
required_version = ">= 0.13"
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ ssh_public_keys = [
|
||||||
|
|
||||||
# check list of available plan https://developers.upcloud.com/1.3/7-plans/
|
# check list of available plan https://developers.upcloud.com/1.3/7-plans/
|
||||||
machines = {
|
machines = {
|
||||||
"master-0" : {
|
"control-plane-0" : {
|
||||||
"node_type" : "master",
|
"node_type" : "master",
|
||||||
# plan to use instead of custom cpu/mem
|
# plan to use instead of custom cpu/mem
|
||||||
"plan" : null,
|
"plan" : null,
|
||||||
|
|
@ -28,7 +28,7 @@ machines = {
|
||||||
"mem" : "4096"
|
"mem" : "4096"
|
||||||
# The size of the storage in GB
|
# The size of the storage in GB
|
||||||
"disk_size" : 250
|
"disk_size" : 250
|
||||||
"additional_disks": {}
|
"additional_disks" : {}
|
||||||
},
|
},
|
||||||
"worker-0" : {
|
"worker-0" : {
|
||||||
"node_type" : "worker",
|
"node_type" : "worker",
|
||||||
|
|
@ -40,7 +40,7 @@ machines = {
|
||||||
"mem" : "4096"
|
"mem" : "4096"
|
||||||
# The size of the storage in GB
|
# The size of the storage in GB
|
||||||
"disk_size" : 250
|
"disk_size" : 250
|
||||||
"additional_disks": {
|
"additional_disks" : {
|
||||||
# "some-disk-name-1": {
|
# "some-disk-name-1": {
|
||||||
# "size": 100,
|
# "size": 100,
|
||||||
# "tier": "maxiops",
|
# "tier": "maxiops",
|
||||||
|
|
@ -61,7 +61,7 @@ machines = {
|
||||||
"mem" : "4096"
|
"mem" : "4096"
|
||||||
# The size of the storage in GB
|
# The size of the storage in GB
|
||||||
"disk_size" : 250
|
"disk_size" : 250
|
||||||
"additional_disks": {
|
"additional_disks" : {
|
||||||
# "some-disk-name-1": {
|
# "some-disk-name-1": {
|
||||||
# "size": 100,
|
# "size": 100,
|
||||||
# "tier": "maxiops",
|
# "tier": "maxiops",
|
||||||
|
|
@ -82,7 +82,7 @@ machines = {
|
||||||
"mem" : "4096"
|
"mem" : "4096"
|
||||||
# The size of the storage in GB
|
# The size of the storage in GB
|
||||||
"disk_size" : 250
|
"disk_size" : 250
|
||||||
"additional_disks": {
|
"additional_disks" : {
|
||||||
# "some-disk-name-1": {
|
# "some-disk-name-1": {
|
||||||
# "size": 100,
|
# "size": 100,
|
||||||
# "tier": "maxiops",
|
# "tier": "maxiops",
|
||||||
|
|
@ -118,7 +118,7 @@ master_allowed_ports = []
|
||||||
worker_allowed_ports = []
|
worker_allowed_ports = []
|
||||||
|
|
||||||
loadbalancer_enabled = false
|
loadbalancer_enabled = false
|
||||||
loadbalancer_plan = "development"
|
loadbalancer_plan = "development"
|
||||||
loadbalancers = {
|
loadbalancers = {
|
||||||
# "http" : {
|
# "http" : {
|
||||||
# "port" : 80,
|
# "port" : 80,
|
||||||
|
|
@ -134,9 +134,9 @@ loadbalancers = {
|
||||||
server_groups = {
|
server_groups = {
|
||||||
# "control-plane" = {
|
# "control-plane" = {
|
||||||
# servers = [
|
# servers = [
|
||||||
# "master-0"
|
# "control-plane-0"
|
||||||
# ]
|
# ]
|
||||||
# anti_affinity = true
|
# anti_affinity_policy = "strict"
|
||||||
# },
|
# },
|
||||||
# "workers" = {
|
# "workers" = {
|
||||||
# servers = [
|
# servers = [
|
||||||
|
|
@ -144,6 +144,6 @@ server_groups = {
|
||||||
# "worker-1",
|
# "worker-1",
|
||||||
# "worker-2"
|
# "worker-2"
|
||||||
# ]
|
# ]
|
||||||
# anti_affinity = true
|
# anti_affinity_policy = "yes"
|
||||||
# }
|
# }
|
||||||
}
|
}
|
||||||
|
|
@ -136,8 +136,8 @@ variable "server_groups" {
|
||||||
description = "Server groups"
|
description = "Server groups"
|
||||||
|
|
||||||
type = map(object({
|
type = map(object({
|
||||||
anti_affinity = bool
|
anti_affinity_policy = string
|
||||||
servers = list(string)
|
servers = list(string)
|
||||||
}))
|
}))
|
||||||
|
|
||||||
default = {}
|
default = {}
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
upcloud = {
|
upcloud = {
|
||||||
source = "UpCloudLtd/upcloud"
|
source = "UpCloudLtd/upcloud"
|
||||||
version = "~>2.7.1"
|
version = "~>2.12.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
required_version = ">= 0.13"
|
required_version = ">= 0.13"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue