Add support to use exisitng fips with terraform openstack (#11558)

pull/11695/head
anders-elastisys 2024-11-07 04:13:29 +01:00 committed by GitHub
parent 4e58413140
commit d23753e9f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 42 additions and 12 deletions

View File

@ -302,7 +302,7 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
|`k8s_masters` | Map containing master node definition, see explanation for k8s_nodes and `sample-inventory/cluster.tfvars` | |`k8s_masters` | Map containing master node definition, see explanation for k8s_nodes and `sample-inventory/cluster.tfvars` |
|`k8s_master_loadbalancer_enabled` | Enable and use an Octavia load balancer for the K8s master nodes | |`k8s_master_loadbalancer_enabled` | Enable and use an Octavia load balancer for the K8s master nodes |
|`k8s_master_loadbalancer_listener_port` | Define via which port the K8s Api should be exposed. `6443` by default | |`k8s_master_loadbalancer_listener_port` | Define via which port the K8s Api should be exposed. `6443` by default |
| `k8s_master_loadbalancer_server_port` | Define via which port the K8S api is available on the mas. `6443` by default | |`k8s_master_loadbalancer_server_port` | Define via which port the K8S api is available on the master nodes. `6443` by default |
|`k8s_master_loadbalancer_public_ip` | Specify if an existing floating IP should be used for the load balancer. A new floating IP is assigned by default | |`k8s_master_loadbalancer_public_ip` | Specify if an existing floating IP should be used for the load balancer. A new floating IP is assigned by default |
##### k8s_nodes ##### k8s_nodes
@ -318,7 +318,8 @@ k8s_nodes:
node-name: node-name:
az: string # Name of the AZ az: string # Name of the AZ
flavor: string # Flavor ID to use flavor: string # Flavor ID to use
floating_ip: bool # If floating IPs should be created or not floating_ip: bool # If floating IPs should be used or not
reserved_floating_ip: string # If floating_ip is true use existing floating IP, if reserved_floating_ip is an empty string and floating_ip is true, a new floating IP will be created
extra_groups: string # (optional) Additional groups to add for kubespray, defaults to no groups extra_groups: string # (optional) Additional groups to add for kubespray, defaults to no groups
image_id: string # (optional) Image ID to use, defaults to var.image_id or var.image image_id: string # (optional) Image ID to use, defaults to var.image_id or var.image
root_volume_size_in_gb: number # (optional) Size of the block storage to use as root disk, defaults to var.node_root_volume_size_in_gb or to use volume from flavor otherwise root_volume_size_in_gb: number # (optional) Size of the block storage to use as root disk, defaults to var.node_root_volume_size_in_gb or to use volume from flavor otherwise

View File

@ -89,11 +89,15 @@ variable "k8s_node_fips" {
} }
variable "k8s_masters_fips" { variable "k8s_masters_fips" {
type = map type = map(object({
address = string
}))
} }
variable "k8s_nodes_fips" { variable "k8s_nodes_fips" {
type = map type = map(object({
address = string
}))
} }
variable "bastion_fips" { variable "bastion_fips" {
@ -136,8 +140,9 @@ variable "k8s_masters" {
type = map(object({ type = map(object({
az = string az = string
flavor = string flavor = string
floating_ip = bool
etcd = bool etcd = bool
floating_ip = bool
reserved_floating_ip = optional(string)
image_id = optional(string) image_id = optional(string)
root_volume_size_in_gb = optional(number) root_volume_size_in_gb = optional(number)
volume_type = optional(string) volume_type = optional(string)
@ -150,6 +155,7 @@ variable "k8s_nodes" {
az = string az = string
flavor = string flavor = string
floating_ip = bool floating_ip = bool
reserved_floating_ip = optional(string)
extra_groups = optional(string) extra_groups = optional(string)
image_id = optional(string) image_id = optional(string)
root_volume_size_in_gb = optional(number) root_volume_size_in_gb = optional(number)

View File

@ -15,7 +15,7 @@ resource "openstack_networking_floatingip_v2" "k8s_master" {
} }
resource "openstack_networking_floatingip_v2" "k8s_masters" { resource "openstack_networking_floatingip_v2" "k8s_masters" {
for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 ? { for key, value in var.k8s_masters : key => value if value.floating_ip } : {} for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 ? { for key, value in var.k8s_masters : key => value if value.floating_ip && (lookup(value, "reserved_floating_ip", "") == "") } : {}
pool = var.floatingip_pool pool = var.floatingip_pool
depends_on = [null_resource.dummy_dependency] depends_on = [null_resource.dummy_dependency]
} }
@ -40,7 +40,7 @@ resource "openstack_networking_floatingip_v2" "bastion" {
} }
resource "openstack_networking_floatingip_v2" "k8s_nodes" { resource "openstack_networking_floatingip_v2" "k8s_nodes" {
for_each = var.number_of_k8s_nodes == 0 ? { for key, value in var.k8s_nodes : key => value if value.floating_ip } : {} for_each = var.number_of_k8s_nodes == 0 ? { for key, value in var.k8s_nodes : key => value if value.floating_ip && (lookup(value, "reserved_floating_ip", "") == "") } : {}
pool = var.floatingip_pool pool = var.floatingip_pool
depends_on = [null_resource.dummy_dependency] depends_on = [null_resource.dummy_dependency]
} }

View File

@ -1,10 +1,33 @@
locals {
k8s_masters_reserved_fips = {
for key, value in var.k8s_masters : key => {
address = value.reserved_floating_ip
} if value.floating_ip && (lookup(value, "reserved_floating_ip", "") != "")
}
k8s_masters_create_fips = {
for key, value in openstack_networking_floatingip_v2.k8s_masters : key => {
address = value.address
}
}
k8s_nodes_reserved_fips = {
for key, value in var.k8s_nodes : key => {
address = value.reserved_floating_ip
} if value.floating_ip && (lookup(value, "reserved_floating_ip", "") != "")
}
k8s_nodes_create_fips = {
for key, value in openstack_networking_floatingip_v2.k8s_nodes : key => {
address = value.address
}
}
}
# If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created. # If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created.
output "k8s_master_fips" { output "k8s_master_fips" {
value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master[*].address value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master[*].address
} }
output "k8s_masters_fips" { output "k8s_masters_fips" {
value = openstack_networking_floatingip_v2.k8s_masters value = merge(local.k8s_masters_create_fips, local.k8s_masters_reserved_fips)
} }
# If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created. # If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created.
@ -17,7 +40,7 @@ output "k8s_node_fips" {
} }
output "k8s_nodes_fips" { output "k8s_nodes_fips" {
value = openstack_networking_floatingip_v2.k8s_nodes value = merge(local.k8s_nodes_create_fips, local.k8s_nodes_reserved_fips)
} }
output "bastion_fips" { output "bastion_fips" {