Skip to content
Snippets Groups Projects
Unverified Commit 764a8511 authored by Florian Ruynat's avatar Florian Ruynat Committed by GitHub
Browse files

Terraform quoted references are now deprecated (#6203)

parent b98cb74f
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 425 additions and 425 deletions
contrib/terraform/aws/create-infrastructure.tf
+ 67
67
View file @ 764a8511
...@@ -3,9 +3,9 @@ terraform { ...@@ -3,9 +3,9 @@ terraform {
} }
provider "aws" { provider "aws" {
access_key = "${var.AWS_ACCESS_KEY_ID}" access_key = var.AWS_ACCESS_KEY_ID
secret_key = "${var.AWS_SECRET_ACCESS_KEY}" secret_key = var.AWS_SECRET_ACCESS_KEY
region = "${var.AWS_DEFAULT_REGION}" region = var.AWS_DEFAULT_REGION
} }
data "aws_availability_zones" "available" {} data "aws_availability_zones" "available" {}
...@@ -18,30 +18,30 @@ data "aws_availability_zones" "available" {} ...@@ -18,30 +18,30 @@ data "aws_availability_zones" "available" {}
module "aws-vpc" { module "aws-vpc" {
source = "./modules/vpc" source = "./modules/vpc"
aws_cluster_name = "${var.aws_cluster_name}" aws_cluster_name = var.aws_cluster_name
aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}" aws_vpc_cidr_block = var.aws_vpc_cidr_block
aws_avail_zones = "${slice(data.aws_availability_zones.available.names, 0, 2)}" aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, 2)
aws_cidr_subnets_private = "${var.aws_cidr_subnets_private}" aws_cidr_subnets_private = var.aws_cidr_subnets_private
aws_cidr_subnets_public = "${var.aws_cidr_subnets_public}" aws_cidr_subnets_public = var.aws_cidr_subnets_public
default_tags = "${var.default_tags}" default_tags = var.default_tags
} }
module "aws-elb" { module "aws-elb" {
source = "./modules/elb" source = "./modules/elb"
aws_cluster_name = "${var.aws_cluster_name}" aws_cluster_name = var.aws_cluster_name
aws_vpc_id = "${module.aws-vpc.aws_vpc_id}" aws_vpc_id = module.aws-vpc.aws_vpc_id
aws_avail_zones = "${slice(data.aws_availability_zones.available.names, 0, 2)}" aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, 2)
aws_subnet_ids_public = "${module.aws-vpc.aws_subnet_ids_public}" aws_subnet_ids_public = module.aws-vpc.aws_subnet_ids_public
aws_elb_api_port = "${var.aws_elb_api_port}" aws_elb_api_port = var.aws_elb_api_port
k8s_secure_api_port = "${var.k8s_secure_api_port}" k8s_secure_api_port = var.k8s_secure_api_port
default_tags = "${var.default_tags}" default_tags = var.default_tags
} }
module "aws-iam" { module "aws-iam" {
source = "./modules/iam" source = "./modules/iam"
aws_cluster_name = "${var.aws_cluster_name}" aws_cluster_name = var.aws_cluster_name
} }
/* /*
...@@ -50,22 +50,22 @@ module "aws-iam" { ...@@ -50,22 +50,22 @@ module "aws-iam" {
*/ */
resource "aws_instance" "bastion-server" { resource "aws_instance" "bastion-server" {
ami = "${data.aws_ami.distro.id}" ami = data.aws_ami.distro.id
instance_type = "${var.aws_bastion_size}" instance_type = var.aws_bastion_size
count = "${length(var.aws_cidr_subnets_public)}" count = length(var.aws_cidr_subnets_public)
associate_public_ip_address = true associate_public_ip_address = true
availability_zone = "${element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)}" availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public, count.index)}" subnet_id = element(module.aws-vpc.aws_subnet_ids_public, count.index)
vpc_security_group_ids = "${module.aws-vpc.aws_security_group}" vpc_security_group_ids = module.aws-vpc.aws_security_group
key_name = "${var.AWS_SSH_KEY_NAME}" key_name = var.AWS_SSH_KEY_NAME
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}",
"Cluster", "${var.aws_cluster_name}", "Cluster", "${var.aws_cluster_name}",
"Role", "bastion-${var.aws_cluster_name}-${count.index}" "Role", "bastion-${var.aws_cluster_name}-${count.index}"
))}" ))
} }
/* /*
...@@ -74,71 +74,71 @@ resource "aws_instance" "bastion-server" { ...@@ -74,71 +74,71 @@ resource "aws_instance" "bastion-server" {
*/ */
resource "aws_instance" "k8s-master" { resource "aws_instance" "k8s-master" {
ami = "${data.aws_ami.distro.id}" ami = data.aws_ami.distro.id
instance_type = "${var.aws_kube_master_size}" instance_type = var.aws_kube_master_size
count = "${var.aws_kube_master_num}" count = var.aws_kube_master_num
availability_zone = "${element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)}" availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private, count.index)}" subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = "${module.aws-vpc.aws_security_group}" vpc_security_group_ids = module.aws-vpc.aws_security_group
iam_instance_profile = "${module.aws-iam.kube-master-profile}" iam_instance_profile = module.aws-iam.kube-master-profile
key_name = "${var.AWS_SSH_KEY_NAME}" key_name = var.AWS_SSH_KEY_NAME
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-master${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-master${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "master" "Role", "master"
))}" ))
} }
resource "aws_elb_attachment" "attach_master_nodes" { resource "aws_elb_attachment" "attach_master_nodes" {
count = "${var.aws_kube_master_num}" count = var.aws_kube_master_num
elb = "${module.aws-elb.aws_elb_api_id}" elb = module.aws-elb.aws_elb_api_id
instance = "${element(aws_instance.k8s-master.*.id, count.index)}" instance = element(aws_instance.k8s-master.*.id, count.index)
} }
resource "aws_instance" "k8s-etcd" { resource "aws_instance" "k8s-etcd" {
ami = "${data.aws_ami.distro.id}" ami = data.aws_ami.distro.id
instance_type = "${var.aws_etcd_size}" instance_type = var.aws_etcd_size
count = "${var.aws_etcd_num}" count = var.aws_etcd_num
availability_zone = "${element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)}" availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private, count.index)}" subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = "${module.aws-vpc.aws_security_group}" vpc_security_group_ids = module.aws-vpc.aws_security_group
key_name = "${var.AWS_SSH_KEY_NAME}" key_name = var.AWS_SSH_KEY_NAME
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "etcd" "Role", "etcd"
))}" ))
} }
resource "aws_instance" "k8s-worker" { resource "aws_instance" "k8s-worker" {
ami = "${data.aws_ami.distro.id}" ami = data.aws_ami.distro.id
instance_type = "${var.aws_kube_worker_size}" instance_type = var.aws_kube_worker_size
count = "${var.aws_kube_worker_num}" count = var.aws_kube_worker_num
availability_zone = "${element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)}" availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private, count.index)}" subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = "${module.aws-vpc.aws_security_group}" vpc_security_group_ids = module.aws-vpc.aws_security_group
iam_instance_profile = "${module.aws-iam.kube-worker-profile}" iam_instance_profile = module.aws-iam.kube-worker-profile
key_name = "${var.AWS_SSH_KEY_NAME}" key_name = var.AWS_SSH_KEY_NAME
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "worker" "Role", "worker"
))}" ))
} }
/* /*
...@@ -146,16 +146,16 @@ resource "aws_instance" "k8s-worker" { ...@@ -146,16 +146,16 @@ resource "aws_instance" "k8s-worker" {
* *
*/ */
data "template_file" "inventory" { data "template_file" "inventory" {
template = "${file("${path.module}/templates/inventory.tpl")}" template = file("${path.module}/templates/inventory.tpl")
vars = { vars = {
public_ip_address_bastion = "${join("\n", formatlist("bastion ansible_host=%s", aws_instance.bastion-server.*.public_ip))}" public_ip_address_bastion = join("\n", formatlist("bastion ansible_host=%s", aws_instance.bastion-server.*.public_ip))
connection_strings_master = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-master.*.private_dns, aws_instance.k8s-master.*.private_ip))}" connection_strings_master = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-master.*.private_dns, aws_instance.k8s-master.*.private_ip))
connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.private_dns, aws_instance.k8s-worker.*.private_ip))}" connection_strings_node = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.private_dns, aws_instance.k8s-worker.*.private_ip))
connection_strings_etcd = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip))}" connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip))
list_master = "${join("\n", aws_instance.k8s-master.*.private_dns)}" list_master = join("\n", aws_instance.k8s-master.*.private_dns)
list_node = "${join("\n", aws_instance.k8s-worker.*.private_dns)}" list_node = join("\n", aws_instance.k8s-worker.*.private_dns)
list_etcd = "${join("\n", aws_instance.k8s-etcd.*.private_dns)}" list_etcd = join("\n", aws_instance.k8s-etcd.*.private_dns)
elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\"" elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
} }
} }
...@@ -166,6 +166,6 @@ resource "null_resource" "inventories" { ...@@ -166,6 +166,6 @@ resource "null_resource" "inventories" {
} }
triggers = { triggers = {
template = "${data.template_file.inventory.rendered}" template = data.template_file.inventory.rendered
} }
} }
contrib/terraform/aws/modules/elb/main.tf
+ 12
12
View file @ 764a8511
resource "aws_security_group" "aws-elb" { resource "aws_security_group" "aws-elb" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
vpc_id = "${var.aws_vpc_id}" vpc_id = var.aws_vpc_id
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb" "Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
))}" ))
} }
resource "aws_security_group_rule" "aws-allow-api-access" { resource "aws_security_group_rule" "aws-allow-api-access" {
type = "ingress" type = "ingress"
from_port = "${var.aws_elb_api_port}" from_port = var.aws_elb_api_port
to_port = "${var.k8s_secure_api_port}" to_port = var.k8s_secure_api_port
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.aws-elb.id}" security_group_id = aws_security_group.aws-elb.id
} }
resource "aws_security_group_rule" "aws-allow-api-egress" { resource "aws_security_group_rule" "aws-allow-api-egress" {
...@@ -22,19 +22,19 @@ resource "aws_security_group_rule" "aws-allow-api-egress" { ...@@ -22,19 +22,19 @@ resource "aws_security_group_rule" "aws-allow-api-egress" {
to_port = 65535 to_port = 65535
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.aws-elb.id}" security_group_id = aws_security_group.aws-elb.id
} }
# Create a new AWS ELB for K8S API # Create a new AWS ELB for K8S API
resource "aws_elb" "aws-elb-api" { resource "aws_elb" "aws-elb-api" {
name = "kubernetes-elb-${var.aws_cluster_name}" name = "kubernetes-elb-${var.aws_cluster_name}"
subnets = var.aws_subnet_ids_public subnets = var.aws_subnet_ids_public
security_groups = ["${aws_security_group.aws-elb.id}"] security_groups = [aws_security_group.aws-elb.id]
listener { listener {
instance_port = "${var.k8s_secure_api_port}" instance_port = var.k8s_secure_api_port
instance_protocol = "tcp" instance_protocol = "tcp"
lb_port = "${var.aws_elb_api_port}" lb_port = var.aws_elb_api_port
lb_protocol = "tcp" lb_protocol = "tcp"
} }
...@@ -51,7 +51,7 @@ resource "aws_elb" "aws-elb-api" { ...@@ -51,7 +51,7 @@ resource "aws_elb" "aws-elb-api" {
connection_draining = true connection_draining = true
connection_draining_timeout = 400 connection_draining_timeout = 400
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-elb-api" "Name", "kubernetes-${var.aws_cluster_name}-elb-api"
))}" ))
} }
contrib/terraform/aws/modules/elb/outputs.tf
+ 2
2
View file @ 764a8511
output "aws_elb_api_id" { output "aws_elb_api_id" {
value = "${aws_elb.aws-elb-api.id}" value = aws_elb.aws-elb-api.id
} }
output "aws_elb_api_fqdn" { output "aws_elb_api_fqdn" {
value = "${aws_elb.aws-elb-api.dns_name}" value = aws_elb.aws-elb-api.dns_name
} }
contrib/terraform/aws/modules/iam/main.tf
+ 4
4
View file @ 764a8511
...@@ -42,7 +42,7 @@ EOF ...@@ -42,7 +42,7 @@ EOF
resource "aws_iam_role_policy" "kube-master" { resource "aws_iam_role_policy" "kube-master" {
name = "kubernetes-${var.aws_cluster_name}-master" name = "kubernetes-${var.aws_cluster_name}-master"
role = "${aws_iam_role.kube-master.id}" role = aws_iam_role.kube-master.id
policy = <<EOF policy = <<EOF
{ {
...@@ -77,7 +77,7 @@ EOF ...@@ -77,7 +77,7 @@ EOF
resource "aws_iam_role_policy" "kube-worker" { resource "aws_iam_role_policy" "kube-worker" {
name = "kubernetes-${var.aws_cluster_name}-node" name = "kubernetes-${var.aws_cluster_name}-node"
role = "${aws_iam_role.kube-worker.id}" role = aws_iam_role.kube-worker.id
policy = <<EOF policy = <<EOF
{ {
...@@ -132,10 +132,10 @@ EOF ...@@ -132,10 +132,10 @@ EOF
resource "aws_iam_instance_profile" "kube-master" { resource "aws_iam_instance_profile" "kube-master" {
name = "kube_${var.aws_cluster_name}_master_profile" name = "kube_${var.aws_cluster_name}_master_profile"
role = "${aws_iam_role.kube-master.name}" role = aws_iam_role.kube-master.name
} }
resource "aws_iam_instance_profile" "kube-worker" { resource "aws_iam_instance_profile" "kube-worker" {
name = "kube_${var.aws_cluster_name}_node_profile" name = "kube_${var.aws_cluster_name}_node_profile"
role = "${aws_iam_role.kube-worker.name}" role = aws_iam_role.kube-worker.name
} }
contrib/terraform/aws/modules/iam/outputs.tf
+ 2
2
View file @ 764a8511
output "kube-master-profile" { output "kube-master-profile" {
value = "${aws_iam_instance_profile.kube-master.name}" value = aws_iam_instance_profile.kube-master.name
} }
output "kube-worker-profile" { output "kube-worker-profile" {
value = "${aws_iam_instance_profile.kube-worker.name}" value = aws_iam_instance_profile.kube-worker.name
} }
contrib/terraform/aws/modules/vpc/main.tf
+ 44
44
View file @ 764a8511
resource "aws_vpc" "cluster-vpc" { resource "aws_vpc" "cluster-vpc" {
cidr_block = "${var.aws_vpc_cidr_block}" cidr_block = var.aws_vpc_cidr_block
#DNS Related Entries #DNS Related Entries
enable_dns_support = true enable_dns_support = true
enable_dns_hostnames = true enable_dns_hostnames = true
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-vpc" "Name", "kubernetes-${var.aws_cluster_name}-vpc"
))}" ))
} }
resource "aws_eip" "cluster-nat-eip" { resource "aws_eip" "cluster-nat-eip" {
count = "${length(var.aws_cidr_subnets_public)}" count = length(var.aws_cidr_subnets_public)
vpc = true vpc = true
} }
resource "aws_internet_gateway" "cluster-vpc-internetgw" { resource "aws_internet_gateway" "cluster-vpc-internetgw" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-internetgw" "Name", "kubernetes-${var.aws_cluster_name}-internetgw"
))}" ))
} }
resource "aws_subnet" "cluster-vpc-subnets-public" { resource "aws_subnet" "cluster-vpc-subnets-public" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
count = "${length(var.aws_avail_zones)}" count = length(var.aws_avail_zones)
availability_zone = "${element(var.aws_avail_zones, count.index)}" availability_zone = element(var.aws_avail_zones, count.index)
cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}" cidr_block = element(var.aws_cidr_subnets_public, count.index)
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public", "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member" "kubernetes.io/cluster/${var.aws_cluster_name}", "member"
))}" ))
} }
resource "aws_nat_gateway" "cluster-nat-gateway" { resource "aws_nat_gateway" "cluster-nat-gateway" {
count = "${length(var.aws_cidr_subnets_public)}" count = length(var.aws_cidr_subnets_public)
allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}" allocation_id = element(aws_eip.cluster-nat-eip.*.id, count.index)
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}" subnet_id = element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)
} }
resource "aws_subnet" "cluster-vpc-subnets-private" { resource "aws_subnet" "cluster-vpc-subnets-private" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
count = "${length(var.aws_avail_zones)}" count = length(var.aws_avail_zones)
availability_zone = "${element(var.aws_avail_zones, count.index)}" availability_zone = element(var.aws_avail_zones, count.index)
cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}" cidr_block = element(var.aws_cidr_subnets_private, count.index)
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private" "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private"
))}" ))
} }
#Routing in VPC #Routing in VPC
...@@ -57,53 +57,53 @@ resource "aws_subnet" "cluster-vpc-subnets-private" { ...@@ -57,53 +57,53 @@ resource "aws_subnet" "cluster-vpc-subnets-private" {
#TODO: Do we need two routing tables for each subnet for redundancy or is one enough? #TODO: Do we need two routing tables for each subnet for redundancy or is one enough?
resource "aws_route_table" "kubernetes-public" { resource "aws_route_table" "kubernetes-public" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
route { route {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}" gateway_id = aws_internet_gateway.cluster-vpc-internetgw.id
} }
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-public" "Name", "kubernetes-${var.aws_cluster_name}-routetable-public"
))}" ))
} }
resource "aws_route_table" "kubernetes-private" { resource "aws_route_table" "kubernetes-private" {
count = "${length(var.aws_cidr_subnets_private)}" count = length(var.aws_cidr_subnets_private)
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
route { route {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}" nat_gateway_id = element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)
} }
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}" "Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}"
))}" ))
} }
resource "aws_route_table_association" "kubernetes-public" { resource "aws_route_table_association" "kubernetes-public" {
count = "${length(var.aws_cidr_subnets_public)}" count = length(var.aws_cidr_subnets_public)
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}" subnet_id = element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)
route_table_id = "${aws_route_table.kubernetes-public.id}" route_table_id = aws_route_table.kubernetes-public.id
} }
resource "aws_route_table_association" "kubernetes-private" { resource "aws_route_table_association" "kubernetes-private" {
count = "${length(var.aws_cidr_subnets_private)}" count = length(var.aws_cidr_subnets_private)
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id, count.index)}" subnet_id = element(aws_subnet.cluster-vpc-subnets-private.*.id, count.index)
route_table_id = "${element(aws_route_table.kubernetes-private.*.id, count.index)}" route_table_id = element(aws_route_table.kubernetes-private.*.id, count.index)
} }
#Kubernetes Security Groups #Kubernetes Security Groups
resource "aws_security_group" "kubernetes" { resource "aws_security_group" "kubernetes" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup" name = "kubernetes-${var.aws_cluster_name}-securitygroup"
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = aws_vpc.cluster-vpc.id
tags = "${merge(var.default_tags, map( tags = merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup" "Name", "kubernetes-${var.aws_cluster_name}-securitygroup"
))}" ))
} }
resource "aws_security_group_rule" "allow-all-ingress" { resource "aws_security_group_rule" "allow-all-ingress" {
...@@ -111,8 +111,8 @@ resource "aws_security_group_rule" "allow-all-ingress" { ...@@ -111,8 +111,8 @@ resource "aws_security_group_rule" "allow-all-ingress" {
from_port = 0 from_port = 0
to_port = 65535 to_port = 65535
protocol = "-1" protocol = "-1"
cidr_blocks = ["${var.aws_vpc_cidr_block}"] cidr_blocks = [var.aws_vpc_cidr_block]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = aws_security_group.kubernetes.id
} }
resource "aws_security_group_rule" "allow-all-egress" { resource "aws_security_group_rule" "allow-all-egress" {
...@@ -121,7 +121,7 @@ resource "aws_security_group_rule" "allow-all-egress" { ...@@ -121,7 +121,7 @@ resource "aws_security_group_rule" "allow-all-egress" {
to_port = 65535 to_port = 65535
protocol = "-1" protocol = "-1"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = aws_security_group.kubernetes.id
} }
resource "aws_security_group_rule" "allow-ssh-connections" { resource "aws_security_group_rule" "allow-ssh-connections" {
...@@ -130,5 +130,5 @@ resource "aws_security_group_rule" "allow-ssh-connections" { ...@@ -130,5 +130,5 @@ resource "aws_security_group_rule" "allow-ssh-connections" {
to_port = 22 to_port = 22
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = aws_security_group.kubernetes.id
} }
contrib/terraform/aws/modules/vpc/outputs.tf
+ 2
2
View file @ 764a8511
output "aws_vpc_id" { output "aws_vpc_id" {
value = "${aws_vpc.cluster-vpc.id}" value = aws_vpc.cluster-vpc.id
} }
output "aws_subnet_ids_private" { output "aws_subnet_ids_private" {
...@@ -15,5 +15,5 @@ output "aws_security_group" { ...@@ -15,5 +15,5 @@ output "aws_security_group" {
} }
output "default_tags" { output "default_tags" {
value = "${var.default_tags}" value = var.default_tags
} }
contrib/terraform/aws/output.tf
+ 6
6
View file @ 764a8511
output "bastion_ip" { output "bastion_ip" {
value = "${join("\n", aws_instance.bastion-server.*.public_ip)}" value = join("\n", aws_instance.bastion-server.*.public_ip)
} }
output "masters" { output "masters" {
value = "${join("\n", aws_instance.k8s-master.*.private_ip)}" value = join("\n", aws_instance.k8s-master.*.private_ip)
} }
output "workers" { output "workers" {
value = "${join("\n", aws_instance.k8s-worker.*.private_ip)}" value = join("\n", aws_instance.k8s-worker.*.private_ip)
} }
output "etcd" { output "etcd" {
value = "${join("\n", aws_instance.k8s-etcd.*.private_ip)}" value = join("\n", aws_instance.k8s-etcd.*.private_ip)
} }
output "aws_elb_api_fqdn" { output "aws_elb_api_fqdn" {
...@@ -19,9 +19,9 @@ output "aws_elb_api_fqdn" { ...@@ -19,9 +19,9 @@ output "aws_elb_api_fqdn" {
} }
output "inventory" { output "inventory" {
value = "${data.template_file.inventory.rendered}" value = data.template_file.inventory.rendered
} }
output "default_tags" { output "default_tags" {
value = "${var.default_tags}" value = var.default_tags
} }
contrib/terraform/openstack/kubespray.tf
+ 69
69
View file @ 764a8511
...@@ -5,102 +5,102 @@ provider "openstack" { ...@@ -5,102 +5,102 @@ provider "openstack" {
module "network" { module "network" {
source = "./modules/network" source = "./modules/network"
external_net = "${var.external_net}" external_net = var.external_net
network_name = "${var.network_name}" network_name = var.network_name
subnet_cidr = "${var.subnet_cidr}" subnet_cidr = var.subnet_cidr
cluster_name = "${var.cluster_name}" cluster_name = var.cluster_name
dns_nameservers = "${var.dns_nameservers}" dns_nameservers = var.dns_nameservers
network_dns_domain = "${var.network_dns_domain}" network_dns_domain = var.network_dns_domain
use_neutron = "${var.use_neutron}" use_neutron = var.use_neutron
router_id = "${var.router_id}" router_id = var.router_id
} }
module "ips" { module "ips" {
source = "./modules/ips" source = "./modules/ips"
number_of_k8s_masters = "${var.number_of_k8s_masters}" number_of_k8s_masters = var.number_of_k8s_masters
number_of_k8s_masters_no_etcd = "${var.number_of_k8s_masters_no_etcd}" number_of_k8s_masters_no_etcd = var.number_of_k8s_masters_no_etcd
number_of_k8s_nodes = "${var.number_of_k8s_nodes}" number_of_k8s_nodes = var.number_of_k8s_nodes
floatingip_pool = "${var.floatingip_pool}" floatingip_pool = var.floatingip_pool
number_of_bastions = "${var.number_of_bastions}" number_of_bastions = var.number_of_bastions
external_net = "${var.external_net}" external_net = var.external_net
network_name = "${var.network_name}" network_name = var.network_name
router_id = "${module.network.router_id}" router_id = module.network.router_id
k8s_nodes = "${var.k8s_nodes}" k8s_nodes = var.k8s_nodes
} }
module "compute" { module "compute" {
source = "./modules/compute" source = "./modules/compute"
cluster_name = "${var.cluster_name}" cluster_name = var.cluster_name
az_list = "${var.az_list}" az_list = var.az_list
az_list_node = "${var.az_list_node}" az_list_node = var.az_list_node
number_of_k8s_masters = "${var.number_of_k8s_masters}" number_of_k8s_masters = var.number_of_k8s_masters
number_of_k8s_masters_no_etcd = "${var.number_of_k8s_masters_no_etcd}" number_of_k8s_masters_no_etcd = var.number_of_k8s_masters_no_etcd
number_of_etcd = "${var.number_of_etcd}" number_of_etcd = var.number_of_etcd
number_of_k8s_masters_no_floating_ip = "${var.number_of_k8s_masters_no_floating_ip}" number_of_k8s_masters_no_floating_ip = var.number_of_k8s_masters_no_floating_ip
number_of_k8s_masters_no_floating_ip_no_etcd = "${var.number_of_k8s_masters_no_floating_ip_no_etcd}" number_of_k8s_masters_no_floating_ip_no_etcd = var.number_of_k8s_masters_no_floating_ip_no_etcd
number_of_k8s_nodes = "${var.number_of_k8s_nodes}" number_of_k8s_nodes = var.number_of_k8s_nodes
number_of_bastions = "${var.number_of_bastions}" number_of_bastions = var.number_of_bastions
number_of_k8s_nodes_no_floating_ip = "${var.number_of_k8s_nodes_no_floating_ip}" number_of_k8s_nodes_no_floating_ip = var.number_of_k8s_nodes_no_floating_ip
number_of_gfs_nodes_no_floating_ip = "${var.number_of_gfs_nodes_no_floating_ip}" number_of_gfs_nodes_no_floating_ip = var.number_of_gfs_nodes_no_floating_ip
k8s_nodes = "${var.k8s_nodes}" k8s_nodes = var.k8s_nodes
bastion_root_volume_size_in_gb = "${var.bastion_root_volume_size_in_gb}" bastion_root_volume_size_in_gb = var.bastion_root_volume_size_in_gb
etcd_root_volume_size_in_gb = "${var.etcd_root_volume_size_in_gb}" etcd_root_volume_size_in_gb = var.etcd_root_volume_size_in_gb
master_root_volume_size_in_gb = "${var.master_root_volume_size_in_gb}" master_root_volume_size_in_gb = var.master_root_volume_size_in_gb
node_root_volume_size_in_gb = "${var.node_root_volume_size_in_gb}" node_root_volume_size_in_gb = var.node_root_volume_size_in_gb
gfs_root_volume_size_in_gb = "${var.gfs_root_volume_size_in_gb}" gfs_root_volume_size_in_gb = var.gfs_root_volume_size_in_gb
gfs_volume_size_in_gb = "${var.gfs_volume_size_in_gb}" gfs_volume_size_in_gb = var.gfs_volume_size_in_gb
public_key_path = "${var.public_key_path}" public_key_path = var.public_key_path
image = "${var.image}" image = var.image
image_gfs = "${var.image_gfs}" image_gfs = var.image_gfs
ssh_user = "${var.ssh_user}" ssh_user = var.ssh_user
ssh_user_gfs = "${var.ssh_user_gfs}" ssh_user_gfs = var.ssh_user_gfs
flavor_k8s_master = "${var.flavor_k8s_master}" flavor_k8s_master = var.flavor_k8s_master
flavor_k8s_node = "${var.flavor_k8s_node}" flavor_k8s_node = var.flavor_k8s_node
flavor_etcd = "${var.flavor_etcd}" flavor_etcd = var.flavor_etcd
flavor_gfs_node = "${var.flavor_gfs_node}" flavor_gfs_node = var.flavor_gfs_node
network_name = "${var.network_name}" network_name = var.network_name
flavor_bastion = "${var.flavor_bastion}" flavor_bastion = var.flavor_bastion
k8s_master_fips = "${module.ips.k8s_master_fips}" k8s_master_fips = module.ips.k8s_master_fips
k8s_master_no_etcd_fips = "${module.ips.k8s_master_no_etcd_fips}" k8s_master_no_etcd_fips = module.ips.k8s_master_no_etcd_fips
k8s_node_fips = "${module.ips.k8s_node_fips}" k8s_node_fips = module.ips.k8s_node_fips
k8s_nodes_fips = "${module.ips.k8s_nodes_fips}" k8s_nodes_fips = module.ips.k8s_nodes_fips
bastion_fips = "${module.ips.bastion_fips}" bastion_fips = module.ips.bastion_fips
bastion_allowed_remote_ips = "${var.bastion_allowed_remote_ips}" bastion_allowed_remote_ips = var.bastion_allowed_remote_ips
master_allowed_remote_ips = "${var.master_allowed_remote_ips}" master_allowed_remote_ips = var.master_allowed_remote_ips
k8s_allowed_remote_ips = "${var.k8s_allowed_remote_ips}" k8s_allowed_remote_ips = var.k8s_allowed_remote_ips
k8s_allowed_egress_ips = "${var.k8s_allowed_egress_ips}" k8s_allowed_egress_ips = var.k8s_allowed_egress_ips
supplementary_master_groups = "${var.supplementary_master_groups}" supplementary_master_groups = var.supplementary_master_groups
supplementary_node_groups = "${var.supplementary_node_groups}" supplementary_node_groups = var.supplementary_node_groups
worker_allowed_ports = "${var.worker_allowed_ports}" worker_allowed_ports = var.worker_allowed_ports
wait_for_floatingip = "${var.wait_for_floatingip}" wait_for_floatingip = var.wait_for_floatingip
use_access_ip = "${var.use_access_ip}" use_access_ip = var.use_access_ip
use_server_groups = "${var.use_server_groups}" use_server_groups = var.use_server_groups
network_id = "${module.network.router_id}" network_id = module.network.router_id
} }
output "private_subnet_id" { output "private_subnet_id" {
value = "${module.network.subnet_id}" value = module.network.subnet_id
} }
output "floating_network_id" { output "floating_network_id" {
value = "${var.external_net}" value = var.external_net
} }
output "router_id" { output "router_id" {
value = "${module.network.router_id}" value = module.network.router_id
} }
output "k8s_master_fips" { output "k8s_master_fips" {
value = "${concat(module.ips.k8s_master_fips, module.ips.k8s_master_no_etcd_fips)}" value = concat(module.ips.k8s_master_fips, module.ips.k8s_master_no_etcd_fips)
} }
output "k8s_node_fips" { output "k8s_node_fips" {
value = "${var.number_of_k8s_nodes > 0 ? module.ips.k8s_node_fips : [for key, value in module.ips.k8s_nodes_fips : value.address]}" value = var.number_of_k8s_nodes > 0 ? module.ips.k8s_node_fips : [for key, value in module.ips.k8s_nodes_fips : value.address]
} }
output "bastion_fips" { output "bastion_fips" {
value = "${module.ips.bastion_fips}" value = module.ips.bastion_fips
} }
contrib/terraform/openstack/modules/compute/main.tf
+ 182
182
View file @ 764a8511
This diff is collapsed.
contrib/terraform/openstack/modules/ips/main.tf
+ 15
15
View file @ 764a8511
resource "null_resource" "dummy_dependency" { resource "null_resource" "dummy_dependency" {
triggers = { triggers = {
dependency_id = "${var.router_id}" dependency_id = var.router_id
} }
} }
resource "openstack_networking_floatingip_v2" "k8s_master" { resource "openstack_networking_floatingip_v2" "k8s_master" {
count = "${var.number_of_k8s_masters}" count = var.number_of_k8s_masters
pool = "${var.floatingip_pool}" pool = var.floatingip_pool
depends_on = ["null_resource.dummy_dependency"] depends_on = [null_resource.dummy_dependency]
} }
resource "openstack_networking_floatingip_v2" "k8s_master_no_etcd" { resource "openstack_networking_floatingip_v2" "k8s_master_no_etcd" {
count = "${var.number_of_k8s_masters_no_etcd}" count = var.number_of_k8s_masters_no_etcd
pool = "${var.floatingip_pool}" pool = var.floatingip_pool
depends_on = ["null_resource.dummy_dependency"] depends_on = [null_resource.dummy_dependency]
} }
resource "openstack_networking_floatingip_v2" "k8s_node" { resource "openstack_networking_floatingip_v2" "k8s_node" {
count = "${var.number_of_k8s_nodes}" count = var.number_of_k8s_nodes
pool = "${var.floatingip_pool}" pool = var.floatingip_pool
depends_on = ["null_resource.dummy_dependency"] depends_on = [null_resource.dummy_dependency]
} }
resource "openstack_networking_floatingip_v2" "bastion" { resource "openstack_networking_floatingip_v2" "bastion" {
count = "${var.number_of_bastions}" count = var.number_of_bastions
pool = "${var.floatingip_pool}" pool = var.floatingip_pool
depends_on = ["null_resource.dummy_dependency"] depends_on = [null_resource.dummy_dependency]
} }
resource "openstack_networking_floatingip_v2" "k8s_nodes" { resource "openstack_networking_floatingip_v2" "k8s_nodes" {
for_each = var.number_of_k8s_nodes == 0 ? { for key, value in var.k8s_nodes : key => value if value.floating_ip } : {} for_each = var.number_of_k8s_nodes == 0 ? { for key, value in var.k8s_nodes : key => value if value.floating_ip } : {}
pool = "${var.floatingip_pool}" pool = var.floatingip_pool
depends_on = ["null_resource.dummy_dependency"] depends_on = [null_resource.dummy_dependency]
} }
contrib/terraform/openstack/modules/ips/outputs.tf
+ 5
5
View file @ 764a8511
output "k8s_master_fips" { output "k8s_master_fips" {
value = "${openstack_networking_floatingip_v2.k8s_master[*].address}" value = openstack_networking_floatingip_v2.k8s_master[*].address
} }
output "k8s_master_no_etcd_fips" { output "k8s_master_no_etcd_fips" {
value = "${openstack_networking_floatingip_v2.k8s_master_no_etcd[*].address}" value = openstack_networking_floatingip_v2.k8s_master_no_etcd[*].address
} }
output "k8s_node_fips" { output "k8s_node_fips" {
value = "${openstack_networking_floatingip_v2.k8s_node[*].address}" value = openstack_networking_floatingip_v2.k8s_node[*].address
} }
output "k8s_nodes_fips" { output "k8s_nodes_fips" {
value = "${openstack_networking_floatingip_v2.k8s_nodes}" value = openstack_networking_floatingip_v2.k8s_nodes
} }
output "bastion_fips" { output "bastion_fips" {
value = "${openstack_networking_floatingip_v2.bastion[*].address}" value = openstack_networking_floatingip_v2.bastion[*].address
} }
contrib/terraform/openstack/modules/network/main.tf
+ 13
13
View file @ 764a8511
resource "openstack_networking_router_v2" "k8s" { resource "openstack_networking_router_v2" "k8s" {
name = "${var.cluster_name}-router" name = "${var.cluster_name}-router"
count = "${var.use_neutron}" == 1 && "${var.router_id}" == null ? 1 : 0 count = var.use_neutron == 1 && var.router_id == null ? 1 : 0
admin_state_up = "true" admin_state_up = "true"
external_network_id = "${var.external_net}" external_network_id = var.external_net
} }
data "openstack_networking_router_v2" "k8s" { data "openstack_networking_router_v2" "k8s" {
router_id = "${var.router_id}" router_id = var.router_id
count = "${var.use_neutron}" == 1 && "${var.router_id}" != null ? 1 : 0 count = var.use_neutron == 1 && var.router_id != null ? 1 : 0
} }
resource "openstack_networking_network_v2" "k8s" { resource "openstack_networking_network_v2" "k8s" {
name = "${var.network_name}" name = var.network_name
count = "${var.use_neutron}" count = var.use_neutron
dns_domain = var.network_dns_domain != null ? "${var.network_dns_domain}" : null dns_domain = var.network_dns_domain != null ? var.network_dns_domain : null
admin_state_up = "true" admin_state_up = "true"
} }
resource "openstack_networking_subnet_v2" "k8s" { resource "openstack_networking_subnet_v2" "k8s" {
name = "${var.cluster_name}-internal-network" name = "${var.cluster_name}-internal-network"
count = "${var.use_neutron}" count = var.use_neutron
network_id = "${openstack_networking_network_v2.k8s[count.index].id}" network_id = openstack_networking_network_v2.k8s[count.index].id
cidr = "${var.subnet_cidr}" cidr = var.subnet_cidr
ip_version = 4 ip_version = 4
dns_nameservers = "${var.dns_nameservers}" dns_nameservers = var.dns_nameservers
} }
resource "openstack_networking_router_interface_v2" "k8s" { resource "openstack_networking_router_interface_v2" "k8s" {
count = "${var.use_neutron}" count = var.use_neutron
router_id = "%{if openstack_networking_router_v2.k8s != []}${openstack_networking_router_v2.k8s[count.index].id}%{else}${var.router_id}%{endif}" router_id = "%{if openstack_networking_router_v2.k8s != []}${openstack_networking_router_v2.k8s[count.index].id}%{else}${var.router_id}%{endif}"
subnet_id = "${openstack_networking_subnet_v2.k8s[count.index].id}" subnet_id = openstack_networking_subnet_v2.k8s[count.index].id
} }
contrib/terraform/openstack/modules/network/outputs.tf
+ 2
2
View file @ 764a8511
...@@ -3,9 +3,9 @@ output "router_id" { ...@@ -3,9 +3,9 @@ output "router_id" {
} }
output "router_internal_port_id" { output "router_internal_port_id" {
value = "${element(concat(openstack_networking_router_interface_v2.k8s.*.id, [""]), 0)}" value = element(concat(openstack_networking_router_interface_v2.k8s.*.id, [""]), 0)
} }
output "subnet_id" { output "subnet_id" {
value = "${element(concat(openstack_networking_subnet_v2.k8s.*.id, [""]), 0)}" value = element(concat(openstack_networking_subnet_v2.k8s.*.id, [""]), 0)
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment