upcloud: update terraform provider strict anti-affinity (#10474)

pull/10508/head
Robin Wallace 2023-10-07 04:45:41 +02:00 committed by GitHub
parent 4846f33136
commit 5194d8306e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 179 additions and 179 deletions

View File

@ -140,4 +140,4 @@ terraform destroy --var-file cluster-settings.tfvars \
* `backend_servers`: List of servers that traffic to the port should be forwarded to. * `backend_servers`: List of servers that traffic to the port should be forwarded to.
* `server_groups`: Group servers together * `server_groups`: Group servers together
* `servers`: The servers that should be included in the group. * `servers`: The servers that should be included in the group.
* `anti_affinity`: If anti-affinity should be enabled, try to spread the VMs out on separate nodes. * `anti_affinity_policy`: Defines if a server group is an anti-affinity group. Setting this to "strict" or yes" will result in all servers in the group being placed on separate compute hosts. The value can be "strict", "yes" or "no". "strict" refers to strict policy doesn't allow servers in the same server group to be on the same host. "yes" refers to best-effort policy and tries to put servers on different hosts, but this is not guaranteed.

View File

@ -18,7 +18,7 @@ ssh_public_keys = [
# check list of available plan https://developers.upcloud.com/1.3/7-plans/ # check list of available plan https://developers.upcloud.com/1.3/7-plans/
machines = { machines = {
"master-0" : { "control-plane-0" : {
"node_type" : "master", "node_type" : "master",
# plan to use instead of custom cpu/mem # plan to use instead of custom cpu/mem
"plan" : null, "plan" : null,
@ -133,9 +133,9 @@ loadbalancers = {
server_groups = { server_groups = {
# "control-plane" = { # "control-plane" = {
# servers = [ # servers = [
# "master-0" # "control-plane-0"
# ] # ]
# anti_affinity = true # anti_affinity_policy = "strict"
# }, # },
# "workers" = { # "workers" = {
# servers = [ # servers = [
@ -143,6 +143,6 @@ server_groups = {
# "worker-1", # "worker-1",
# "worker-2" # "worker-2"
# ] # ]
# anti_affinity = true # anti_affinity_policy = "yes"
# } # }
} }

View File

@ -3,7 +3,7 @@ locals {
disks = flatten([ disks = flatten([
for node_name, machine in var.machines : [ for node_name, machine in var.machines : [
for disk_name, disk in machine.additional_disks : { for disk_name, disk in machine.additional_disks : {
disk = disk disk = disk
disk_name = disk_name disk_name = disk_name
node_name = node_name node_name = node_name
} }
@ -13,8 +13,8 @@ locals {
lb_backend_servers = flatten([ lb_backend_servers = flatten([
for lb_name, loadbalancer in var.loadbalancers : [ for lb_name, loadbalancer in var.loadbalancers : [
for backend_server in loadbalancer.backend_servers : { for backend_server in loadbalancer.backend_servers : {
port = loadbalancer.target_port port = loadbalancer.target_port
lb_name = lb_name lb_name = lb_name
server_name = backend_server server_name = backend_server
} }
] ]
@ -22,7 +22,7 @@ locals {
# If prefix is set, all resources will be prefixed with "${var.prefix}-" # If prefix is set, all resources will be prefixed with "${var.prefix}-"
# Else don't prefix with anything # Else don't prefix with anything
resource-prefix = "%{ if var.prefix != ""}${var.prefix}-%{ endif }" resource-prefix = "%{if var.prefix != ""}${var.prefix}-%{endif}"
} }
resource "upcloud_network" "private" { resource "upcloud_network" "private" {
@ -38,7 +38,7 @@ resource "upcloud_network" "private" {
resource "upcloud_storage" "additional_disks" { resource "upcloud_storage" "additional_disks" {
for_each = { for_each = {
for disk in local.disks: "${disk.node_name}_${disk.disk_name}" => disk.disk for disk in local.disks : "${disk.node_name}_${disk.disk_name}" => disk.disk
} }
size = each.value.size size = each.value.size
@ -61,8 +61,8 @@ resource "upcloud_server" "master" {
zone = var.zone zone = var.zone
template { template {
storage = var.template_name storage = var.template_name
size = each.value.disk_size size = each.value.disk_size
} }
# Public network interface # Public network interface
@ -81,14 +81,14 @@ resource "upcloud_server" "master" {
ignore_changes = [storage_devices] ignore_changes = [storage_devices]
} }
firewall = var.firewall_enabled firewall = var.firewall_enabled
dynamic "storage_devices" { dynamic "storage_devices" {
for_each = { for_each = {
for disk_key_name, disk in upcloud_storage.additional_disks : for disk_key_name, disk in upcloud_storage.additional_disks :
disk_key_name => disk disk_key_name => disk
# Only add the disk if it matches the node name in the start of its name # Only add the disk if it matches the node name in the start of its name
if length(regexall("^${each.key}_.+", disk_key_name)) > 0 if length(regexall("^${each.key}_.+", disk_key_name)) > 0
} }
content { content {
@ -138,14 +138,14 @@ resource "upcloud_server" "worker" {
ignore_changes = [storage_devices] ignore_changes = [storage_devices]
} }
firewall = var.firewall_enabled firewall = var.firewall_enabled
dynamic "storage_devices" { dynamic "storage_devices" {
for_each = { for_each = {
for disk_key_name, disk in upcloud_storage.additional_disks : for disk_key_name, disk in upcloud_storage.additional_disks :
disk_key_name => disk disk_key_name => disk
# Only add the disk if it matches the node name in the start of its name # Only add the disk if it matches the node name in the start of its name
if length(regexall("^${each.key}_.+", disk_key_name)) > 0 if length(regexall("^${each.key}_.+", disk_key_name)) > 0
} }
content { content {
@ -162,10 +162,10 @@ resource "upcloud_server" "worker" {
} }
resource "upcloud_firewall_rules" "master" { resource "upcloud_firewall_rules" "master" {
for_each = upcloud_server.master for_each = upcloud_server.master
server_id = each.value.id server_id = each.value.id
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.master_allowed_remote_ips for_each = var.master_allowed_remote_ips
content { content {
@ -181,7 +181,7 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = length(var.master_allowed_remote_ips) > 0 ? [1] : [] for_each = length(var.master_allowed_remote_ips) > 0 ? [1] : []
content { content {
@ -197,7 +197,7 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.k8s_allowed_remote_ips for_each = var.k8s_allowed_remote_ips
content { content {
@ -213,7 +213,7 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : [] for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
content { content {
@ -229,7 +229,7 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.master_allowed_ports for_each = var.master_allowed_ports
content { content {
@ -245,97 +245,97 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "94.237.40.9" source_address_end = "94.237.40.9"
source_address_start = "94.237.40.9" source_address_start = "94.237.40.9"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "94.237.127.9" source_address_end = "94.237.127.9"
source_address_start = "94.237.127.9" source_address_start = "94.237.127.9"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "2a04:3540:53::1" source_address_end = "2a04:3540:53::1"
source_address_start = "2a04:3540:53::1" source_address_start = "2a04:3540:53::1"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "2a04:3544:53::1" source_address_end = "2a04:3544:53::1"
source_address_start = "2a04:3544:53::1" source_address_start = "2a04:3544:53::1"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["udp"] : [] for_each = var.firewall_default_deny_in ? ["udp"] : []
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
source_port_end = "123" source_port_end = "123"
source_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "255.255.255.255" source_address_end = "255.255.255.255"
source_address_start = "0.0.0.0" source_address_start = "0.0.0.0"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["udp"] : [] for_each = var.firewall_default_deny_in ? ["udp"] : []
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
source_port_end = "123" source_port_end = "123"
source_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
} }
} }
@ -351,10 +351,10 @@ resource "upcloud_firewall_rules" "master" {
} }
resource "upcloud_firewall_rules" "k8s" { resource "upcloud_firewall_rules" "k8s" {
for_each = upcloud_server.worker for_each = upcloud_server.worker
server_id = each.value.id server_id = each.value.id
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.k8s_allowed_remote_ips for_each = var.k8s_allowed_remote_ips
content { content {
@ -370,7 +370,7 @@ resource "upcloud_firewall_rules" "k8s" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : [] for_each = length(var.k8s_allowed_remote_ips) > 0 ? [1] : []
content { content {
@ -386,7 +386,7 @@ resource "upcloud_firewall_rules" "k8s" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.worker_allowed_ports for_each = var.worker_allowed_ports
content { content {
@ -402,97 +402,97 @@ resource "upcloud_firewall_rules" "k8s" {
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "94.237.40.9" source_address_end = "94.237.40.9"
source_address_start = "94.237.40.9" source_address_start = "94.237.40.9"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "94.237.127.9" source_address_end = "94.237.127.9"
source_address_start = "94.237.127.9" source_address_start = "94.237.127.9"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "2a04:3540:53::1" source_address_end = "2a04:3540:53::1"
source_address_start = "2a04:3540:53::1" source_address_start = "2a04:3540:53::1"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : [] for_each = var.firewall_default_deny_in ? ["tcp", "udp"] : []
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
source_port_end = "53" source_port_end = "53"
source_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "2a04:3544:53::1" source_address_end = "2a04:3544:53::1"
source_address_start = "2a04:3544:53::1" source_address_start = "2a04:3544:53::1"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["udp"] : [] for_each = var.firewall_default_deny_in ? ["udp"] : []
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
source_port_end = "123" source_port_end = "123"
source_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
source_address_end = "255.255.255.255" source_address_end = "255.255.255.255"
source_address_start = "0.0.0.0" source_address_start = "0.0.0.0"
} }
} }
dynamic firewall_rule { dynamic "firewall_rule" {
for_each = var.firewall_default_deny_in ? ["udp"] : [] for_each = var.firewall_default_deny_in ? ["udp"] : []
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
source_port_end = "123" source_port_end = "123"
source_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
} }
} }
@ -535,9 +535,9 @@ resource "upcloud_loadbalancer_frontend" "lb_frontend" {
resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" { resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
for_each = { for_each = {
for be_server in local.lb_backend_servers: for be_server in local.lb_backend_servers :
"${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server "${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server
if var.loadbalancer_enabled if var.loadbalancer_enabled
} }
backend = upcloud_loadbalancer_backend.lb_backend[each.value.lb_name].id backend = upcloud_loadbalancer_backend.lb_backend[each.value.lb_name].id
@ -550,9 +550,9 @@ resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
} }
resource "upcloud_server_group" "server_groups" { resource "upcloud_server_group" "server_groups" {
for_each = var.server_groups for_each = var.server_groups
title = each.key title = each.key
anti_affinity = each.value.anti_affinity anti_affinity_policy = each.value.anti_affinity_policy
labels = {} labels = {}
members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id] members = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
} }

View File

@ -3,8 +3,8 @@ output "master_ip" {
value = { value = {
for instance in upcloud_server.master : for instance in upcloud_server.master :
instance.hostname => { instance.hostname => {
"public_ip": instance.network_interface[0].ip_address "public_ip" : instance.network_interface[0].ip_address
"private_ip": instance.network_interface[1].ip_address "private_ip" : instance.network_interface[1].ip_address
} }
} }
} }
@ -13,8 +13,8 @@ output "worker_ip" {
value = { value = {
for instance in upcloud_server.worker : for instance in upcloud_server.worker :
instance.hostname => { instance.hostname => {
"public_ip": instance.network_interface[0].ip_address "public_ip" : instance.network_interface[0].ip_address
"private_ip": instance.network_interface[1].ip_address "private_ip" : instance.network_interface[1].ip_address
} }
} }
} }

View File

@ -15,11 +15,11 @@ variable "private_network_cidr" {}
variable "machines" { variable "machines" {
description = "Cluster machines" description = "Cluster machines"
type = map(object({ type = map(object({
node_type = string node_type = string
plan = string plan = string
cpu = string cpu = string
mem = string mem = string
disk_size = number disk_size = number
additional_disks = map(object({ additional_disks = map(object({
size = number size = number
tier = string tier = string
@ -99,7 +99,7 @@ variable "server_groups" {
description = "Server groups" description = "Server groups"
type = map(object({ type = map(object({
anti_affinity = bool anti_affinity_policy = string
servers = list(string) servers = list(string)
})) }))
} }

View File

@ -2,8 +2,8 @@
terraform { terraform {
required_providers { required_providers {
upcloud = { upcloud = {
source = "UpCloudLtd/upcloud" source = "UpCloudLtd/upcloud"
version = "~>2.7.1" version = "~>2.12.0"
} }
} }
required_version = ">= 0.13" required_version = ">= 0.13"

View File

@ -18,7 +18,7 @@ ssh_public_keys = [
# check list of available plan https://developers.upcloud.com/1.3/7-plans/ # check list of available plan https://developers.upcloud.com/1.3/7-plans/
machines = { machines = {
"master-0" : { "control-plane-0" : {
"node_type" : "master", "node_type" : "master",
# plan to use instead of custom cpu/mem # plan to use instead of custom cpu/mem
"plan" : null, "plan" : null,
@ -28,7 +28,7 @@ machines = {
"mem" : "4096" "mem" : "4096"
# The size of the storage in GB # The size of the storage in GB
"disk_size" : 250 "disk_size" : 250
"additional_disks": {} "additional_disks" : {}
}, },
"worker-0" : { "worker-0" : {
"node_type" : "worker", "node_type" : "worker",
@ -40,7 +40,7 @@ machines = {
"mem" : "4096" "mem" : "4096"
# The size of the storage in GB # The size of the storage in GB
"disk_size" : 250 "disk_size" : 250
"additional_disks": { "additional_disks" : {
# "some-disk-name-1": { # "some-disk-name-1": {
# "size": 100, # "size": 100,
# "tier": "maxiops", # "tier": "maxiops",
@ -61,7 +61,7 @@ machines = {
"mem" : "4096" "mem" : "4096"
# The size of the storage in GB # The size of the storage in GB
"disk_size" : 250 "disk_size" : 250
"additional_disks": { "additional_disks" : {
# "some-disk-name-1": { # "some-disk-name-1": {
# "size": 100, # "size": 100,
# "tier": "maxiops", # "tier": "maxiops",
@ -82,7 +82,7 @@ machines = {
"mem" : "4096" "mem" : "4096"
# The size of the storage in GB # The size of the storage in GB
"disk_size" : 250 "disk_size" : 250
"additional_disks": { "additional_disks" : {
# "some-disk-name-1": { # "some-disk-name-1": {
# "size": 100, # "size": 100,
# "tier": "maxiops", # "tier": "maxiops",
@ -118,7 +118,7 @@ master_allowed_ports = []
worker_allowed_ports = [] worker_allowed_ports = []
loadbalancer_enabled = false loadbalancer_enabled = false
loadbalancer_plan = "development" loadbalancer_plan = "development"
loadbalancers = { loadbalancers = {
# "http" : { # "http" : {
# "port" : 80, # "port" : 80,
@ -134,9 +134,9 @@ loadbalancers = {
server_groups = { server_groups = {
# "control-plane" = { # "control-plane" = {
# servers = [ # servers = [
# "master-0" # "control-plane-0"
# ] # ]
# anti_affinity = true # anti_affinity_policy = "strict"
# }, # },
# "workers" = { # "workers" = {
# servers = [ # servers = [
@ -144,6 +144,6 @@ server_groups = {
# "worker-1", # "worker-1",
# "worker-2" # "worker-2"
# ] # ]
# anti_affinity = true # anti_affinity_policy = "yes"
# } # }
} }

View File

@ -136,8 +136,8 @@ variable "server_groups" {
description = "Server groups" description = "Server groups"
type = map(object({ type = map(object({
anti_affinity = bool anti_affinity_policy = string
servers = list(string) servers = list(string)
})) }))
default = {} default = {}

View File

@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
upcloud = { upcloud = {
source = "UpCloudLtd/upcloud" source = "UpCloudLtd/upcloud"
version = "~>2.7.1" version = "~>2.12.0"
} }
} }
required_version = ">= 0.13" required_version = ">= 0.13"