kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Convert exoscale tf provider to new version (#10646) 

This is untested. It passes terraform validate to un-broke the CI.
pull/10650/head
Max Gautier 2023-11-24 17:22:55 +01:00 committed by GitHub
parent b321ca3e64
commit d583d331b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 117 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/terraform/exoscale/default.tfvars
View File

@ -12,7 +12,7 @@ ssh_public_keys = [
machines = { machines = {
"master-0" : { "master-0" : {
"node_type" : "master", "node_type" : "master",
"size" : "Medium", "size" : "standard.medium",
"boot_disk" : { "boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit", "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50, "root_partition_size" : 50,
@ -22,7 +22,7 @@ machines = {
}, },
"worker-0" : { "worker-0" : {
"node_type" : "worker", "node_type" : "worker",
"size" : "Large", "size" : "standard.large",
"boot_disk" : { "boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit", "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50, "root_partition_size" : 50,
@ -32,7 +32,7 @@ machines = {
}, },
"worker-1" : { "worker-1" : {
"node_type" : "worker", "node_type" : "worker",
"size" : "Large", "size" : "standard.large",
"boot_disk" : { "boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit", "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50, "root_partition_size" : 50,
@ -42,7 +42,7 @@ machines = {
}, },
"worker-2" : { "worker-2" : {
"node_type" : "worker", "node_type" : "worker",
"size" : "Large", "size" : "standard.large",
"boot_disk" : { "boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit", "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50, "root_partition_size" : 50,

210
contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
View File

@ -1,29 +1,25 @@
data "exoscale_compute_template" "os_image" { data "exoscale_template" "os_image" {
for_each = var.machines for_each = var.machines
zone = var.zone zone = var.zone
name = each.value.boot_disk.image_name name = each.value.boot_disk.image_name
} }
data "exoscale_compute" "master_nodes" { data "exoscale_compute_instance" "master_nodes" {
for_each = exoscale_compute.master for_each = exoscale_compute_instance.master
id = each.value.id id = each.value.id
zone = var.zone
# Since private IP address is not assigned until the nics are created we need this
depends_on = [exoscale_nic.master_private_network_nic]
} }
data "exoscale_compute" "worker_nodes" { data "exoscale_compute_instance" "worker_nodes" {
for_each = exoscale_compute.worker for_each = exoscale_compute_instance.worker
id = each.value.id id = each.value.id
zone = var.zone
# Since private IP address is not assigned until the nics are created we need this
depends_on = [exoscale_nic.worker_private_network_nic]
} }
resource "exoscale_network" "private_network" { resource "exoscale_private_network" "private_network" {
zone = var.zone zone = var.zone
name = "${var.prefix}-network" name = "${var.prefix}-network"
@ -34,25 +30,29 @@ resource "exoscale_network" "private_network" {
netmask = cidrnetmask(var.private_network_cidr) netmask = cidrnetmask(var.private_network_cidr)
} }
resource "exoscale_compute" "master" { resource "exoscale_compute_instance" "master" {
for_each = { for_each = {
for name, machine in var.machines : for name, machine in var.machines :
name => machine name => machine
if machine.node_type == "master" if machine.node_type == "master"
} }
display_name = "${var.prefix}-${each.key}" name = "${var.prefix}-${each.key}"
template_id = data.exoscale_compute_template.os_image[each.key].id template_id = data.exoscale_template.os_image[each.key].id
size = each.value.size type = each.value.size
disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
state = "Running" state = "Running"
zone = var.zone zone = var.zone
security_groups = [exoscale_security_group.master_sg.name] security_group_ids = [exoscale_security_group.master_sg.id]
network_interface {
network_id = exoscale_private_network.private_network.id
}
elastic_ip_ids = [exoscale_elastic_ip.control_plane_lb.id]
user_data = templatefile( user_data = templatefile(
"${path.module}/templates/cloud-init.tmpl", "${path.module}/templates/cloud-init.tmpl",
{ {
eip_ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address eip_ip_address = exoscale_elastic_ip.ingress_controller_lb.ip_address
node_local_partition_size = each.value.boot_disk.node_local_partition_size node_local_partition_size = each.value.boot_disk.node_local_partition_size
ceph_partition_size = each.value.boot_disk.ceph_partition_size ceph_partition_size = each.value.boot_disk.ceph_partition_size
root_partition_size = each.value.boot_disk.root_partition_size root_partition_size = each.value.boot_disk.root_partition_size
@ -62,25 +62,29 @@ resource "exoscale_compute" "master" {
) )
} }
resource "exoscale_compute" "worker" { resource "exoscale_compute_instance" "worker" {
for_each = { for_each = {
for name, machine in var.machines : for name, machine in var.machines :
name => machine name => machine
if machine.node_type == "worker" if machine.node_type == "worker"
} }
display_name = "${var.prefix}-${each.key}" name = "${var.prefix}-${each.key}"
template_id = data.exoscale_compute_template.os_image[each.key].id template_id = data.exoscale_template.os_image[each.key].id
size = each.value.size type = each.value.size
disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
state = "Running" state = "Running"
zone = var.zone zone = var.zone
security_groups = [exoscale_security_group.worker_sg.name] security_group_ids = [exoscale_security_group.worker_sg.id]
network_interface {
network_id = exoscale_private_network.private_network.id
}
elastic_ip_ids = [exoscale_elastic_ip.ingress_controller_lb.id]
user_data = templatefile( user_data = templatefile(
"${path.module}/templates/cloud-init.tmpl", "${path.module}/templates/cloud-init.tmpl",
{ {
eip_ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address eip_ip_address = exoscale_elastic_ip.ingress_controller_lb.ip_address
node_local_partition_size = each.value.boot_disk.node_local_partition_size node_local_partition_size = each.value.boot_disk.node_local_partition_size
ceph_partition_size = each.value.boot_disk.ceph_partition_size ceph_partition_size = each.value.boot_disk.ceph_partition_size
root_partition_size = each.value.boot_disk.root_partition_size root_partition_size = each.value.boot_disk.root_partition_size
@ -90,41 +94,33 @@ resource "exoscale_compute" "worker" {
) )
} }
resource "exoscale_nic" "master_private_network_nic" {
for_each = exoscale_compute.master
compute_id = each.value.id
network_id = exoscale_network.private_network.id
}
resource "exoscale_nic" "worker_private_network_nic" {
for_each = exoscale_compute.worker
compute_id = each.value.id
network_id = exoscale_network.private_network.id
}
resource "exoscale_security_group" "master_sg" { resource "exoscale_security_group" "master_sg" {
name = "${var.prefix}-master-sg" name = "${var.prefix}-master-sg"
description = "Security group for Kubernetes masters" description = "Security group for Kubernetes masters"
} }
resource "exoscale_security_group_rules" "master_sg_rules" { resource "exoscale_security_group_rule" "master_sg_rule_ssh" {
security_group_id = exoscale_security_group.master_sg.id security_group_id = exoscale_security_group.master_sg.id
for_each = toset(var.ssh_whitelist)
# SSH # SSH
ingress { type = "INGRESS"
protocol = "TCP" start_port = 22
cidr_list = var.ssh_whitelist end_port = 22
ports = ["22"] protocol = "TCP"
} cidr = each.value
}
resource "exoscale_security_group_rule" "master_sg_rule_k8s_api" {
security_group_id = exoscale_security_group.master_sg.id
for_each = toset(var.api_server_whitelist)
# Kubernetes API # Kubernetes API
ingress { type = "INGRESS"
protocol = "TCP" start_port = 6443
cidr_list = var.api_server_whitelist end_port = 6443
ports = ["6443"] protocol = "TCP"
} cidr = each.value
} }
resource "exoscale_security_group" "worker_sg" { resource "exoscale_security_group" "worker_sg" {
@ -132,62 +128,64 @@ resource "exoscale_security_group" "worker_sg" {
description = "security group for kubernetes worker nodes" description = "security group for kubernetes worker nodes"
} }
resource "exoscale_security_group_rules" "worker_sg_rules" { resource "exoscale_security_group_rule" "worker_sg_rule_ssh" {
security_group_id = exoscale_security_group.worker_sg.id security_group_id = exoscale_security_group.worker_sg.id
# SSH # SSH
ingress { for_each = toset(var.ssh_whitelist)
protocol = "TCP" type = "INGRESS"
cidr_list = var.ssh_whitelist start_port = 22
ports = ["22"] end_port = 22
} protocol = "TCP"
cidr = each.value
}
resource "exoscale_security_group_rule" "worker_sg_rule_http" {
security_group_id = exoscale_security_group.worker_sg.id
# HTTP(S) # HTTP(S)
ingress { for_each = toset(["80", "443"])
protocol = "TCP" type = "INGRESS"
cidr_list = ["0.0.0.0/0"] start_port = each.value
ports = ["80", "443"] end_port = each.value
} protocol = "TCP"
cidr = "0.0.0.0/0"
}
# Kubernetes Nodeport
ingress { resource "exoscale_security_group_rule" "worker_sg_rule_nodeport" {
protocol = "TCP" security_group_id = exoscale_security_group.worker_sg.id
cidr_list = var.nodeport_whitelist
ports = ["30000-32767"] # HTTP(S)
for_each = toset(var.nodeport_whitelist)
type = "INGRESS"
start_port = 30000
end_port = 32767
protocol = "TCP"
cidr = each.value
}
resource "exoscale_elastic_ip" "ingress_controller_lb" {
zone = var.zone
healthcheck {
mode = "http"
port = 80
uri = "/healthz"
interval = 10
timeout = 2
strikes_ok = 2
strikes_fail = 3
} }
} }
resource "exoscale_ipaddress" "ingress_controller_lb" { resource "exoscale_elastic_ip" "control_plane_lb" {
zone = var.zone zone = var.zone
healthcheck_mode = "http" healthcheck {
healthcheck_port = 80 mode = "tcp"
healthcheck_path = "/healthz" port = 6443
healthcheck_interval = 10 interval = 10
healthcheck_timeout = 2 timeout = 2
healthcheck_strikes_ok = 2 strikes_ok = 2
healthcheck_strikes_fail = 3 strikes_fail = 3
} }
resource "exoscale_secondary_ipaddress" "ingress_controller_lb" {
for_each = exoscale_compute.worker
compute_id = each.value.id
ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address
}
resource "exoscale_ipaddress" "control_plane_lb" {
zone = var.zone
healthcheck_mode = "tcp"
healthcheck_port = 6443
healthcheck_interval = 10
healthcheck_timeout = 2
healthcheck_strikes_ok = 2
healthcheck_strikes_fail = 3
}
resource "exoscale_secondary_ipaddress" "control_plane_lb" {
for_each = exoscale_compute.master
compute_id = each.value.id
ip_address = exoscale_ipaddress.control_plane_lb.ip_address
} }

16
contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
View File

@ -1,19 +1,19 @@
output "master_ip_addresses" { output "master_ip_addresses" {
value = { value = {
for key, instance in exoscale_compute.master : for key, instance in exoscale_compute_instance.master :
instance.name => { instance.name => {
"private_ip" = contains(keys(data.exoscale_compute.master_nodes), key) ? data.exoscale_compute.master_nodes[key].private_network_ip_addresses[0] : "" "private_ip" = contains(keys(data.exoscale_compute_instance.master_nodes), key) ? data.exoscale_compute_instance.master_nodes[key].private_network_ip_addresses[0] : ""
"public_ip" = exoscale_compute.master[key].ip_address "public_ip" = exoscale_compute_instance.master[key].ip_address
} }
} }
} }
output "worker_ip_addresses" { output "worker_ip_addresses" {
value = { value = {
for key, instance in exoscale_compute.worker : for key, instance in exoscale_compute_instance.worker :
instance.name => { instance.name => {
"private_ip" = contains(keys(data.exoscale_compute.worker_nodes), key) ? data.exoscale_compute.worker_nodes[key].private_network_ip_addresses[0] : "" "private_ip" = contains(keys(data.exoscale_compute_instance.worker_nodes), key) ? data.exoscale_compute_instance.worker_nodes[key].private_network_ip_addresses[0] : ""
"public_ip" = exoscale_compute.worker[key].ip_address "public_ip" = exoscale_compute_instance.worker[key].ip_address
} }
} }
} }
@ -23,9 +23,9 @@ output "cluster_private_network_cidr" {
} }
output "ingress_controller_lb_ip_address" { output "ingress_controller_lb_ip_address" {
value = exoscale_ipaddress.ingress_controller_lb.ip_address value = exoscale_elastic_ip.ingress_controller_lb.ip_address
} }
output "control_plane_lb_ip_address" { output "control_plane_lb_ip_address" {
value = exoscale_ipaddress.control_plane_lb.ip_address value = exoscale_elastic_ip.control_plane_lb.ip_address
} }

2
contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
View File

@ -1,7 +1,7 @@
terraform { terraform {
required_providers { required_providers {
exoscale = { exoscale = {
source = "exoscale/exoscale" source = "exoscale/exoscale"
version = ">= 0.21" version = ">= 0.21"
} }
} }