From a8c5a0afdc1049b410ee4c14c4d2de48c2935884 Mon Sep 17 00:00:00 2001
From: Hugo Blom <bl0m1@users.noreply.github.com>
Date: Mon, 7 Oct 2019 13:09:09 +0200
Subject: [PATCH] Make it possible to disable access_ip (openstack provider)
(#5239)
* Add a variable do disable access_ip
* Document the use of use_access_ip
---
contrib/terraform/openstack/README.md | 5 ++++-
contrib/terraform/openstack/kubespray.tf | 1 +
.../openstack/modules/compute/main.tf | 20 ++++++++++++++++++-
.../openstack/modules/compute/variables.tf | 2 ++
.../openstack/modules/ips/variables.tf | 2 +-
contrib/terraform/openstack/variables.tf | 4 ++++
contrib/terraform/terraform.py | 5 +++++
7 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/contrib/terraform/openstack/README.md b/contrib/terraform/openstack/README.md
index acd00648a..8aebbf52b 100644
--- a/contrib/terraform/openstack/README.md
+++ b/contrib/terraform/openstack/README.md
@@ -426,7 +426,10 @@ resolvconf_mode: host_resolvconf
```
node_volume_attach_limit: 26
```
-
+- Disable access_ip, this will make all innternal cluster traffic to be sent over local network when a floating IP is attached (default this value is set to 1)
+```
+use_access_ip: 0
+```
### Deploy Kubernetes
diff --git a/contrib/terraform/openstack/kubespray.tf b/contrib/terraform/openstack/kubespray.tf
index f7ffaba56..b26961d6f 100644
--- a/contrib/terraform/openstack/kubespray.tf
+++ b/contrib/terraform/openstack/kubespray.tf
@@ -70,6 +70,7 @@ module "compute" {
supplementary_node_groups = "${var.supplementary_node_groups}"
worker_allowed_ports = "${var.worker_allowed_ports}"
wait_for_floatingip = "${var.wait_for_floatingip}"
+ use_access_ip = "${var.use_access_ip}"
network_id = "${module.network.router_id}"
}
diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf
index abca8ab72..c181ccfe6 100644
--- a/contrib/terraform/openstack/modules/compute/main.tf
+++ b/contrib/terraform/openstack/modules/compute/main.tf
@@ -114,6 +114,7 @@ resource "openstack_compute_instance_v2" "bastion" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "bastion"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -149,6 +150,7 @@ resource "openstack_compute_instance_v2" "bastion_custom_volume_size" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "bastion"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -176,6 +178,7 @@ resource "openstack_compute_instance_v2" "k8s_master" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -212,8 +215,9 @@ resource "openstack_compute_instance_v2" "k8s_master_custom_volume_size" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
-
+
provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ ../../contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > group_vars/no-floating.yml"
}
@@ -239,6 +243,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -275,6 +280,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd_custom_volume_size"
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -300,6 +306,7 @@ resource "openstack_compute_instance_v2" "etcd" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -330,6 +337,7 @@ resource "openstack_compute_instance_v2" "etcd_custom_volume_size" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -353,6 +361,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -385,6 +394,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_custom_volum
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -408,6 +418,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -440,6 +451,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd_cust
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -463,6 +475,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-node,k8s-cluster,${var.supplementary_node_groups}"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -499,6 +512,7 @@ resource "openstack_compute_instance_v2" "k8s_node_custom_volume_size" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-node,k8s-cluster,${var.supplementary_node_groups}"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
provisioner "local-exec" {
@@ -526,6 +540,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-node,k8s-cluster,no-floating,${var.supplementary_node_groups}"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -558,6 +573,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip_custom_volume_
ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-node,k8s-cluster,no-floating,${var.supplementary_node_groups}"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -647,6 +663,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
ssh_user = "${var.ssh_user_gfs}"
kubespray_groups = "gfs-cluster,network-storage,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
@@ -677,6 +694,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip_custom_v
ssh_user = "${var.ssh_user_gfs}"
kubespray_groups = "gfs-cluster,network-storage,no-floating"
depends_on = "${var.network_id}"
+ use_access_ip = "${var.use_access_ip}"
}
}
diff --git a/contrib/terraform/openstack/modules/compute/variables.tf b/contrib/terraform/openstack/modules/compute/variables.tf
index 06d48aa5a..4a9680e6f 100644
--- a/contrib/terraform/openstack/modules/compute/variables.tf
+++ b/contrib/terraform/openstack/modules/compute/variables.tf
@@ -105,3 +105,5 @@ variable "supplementary_node_groups" {
variable "worker_allowed_ports" {
type = "list"
}
+
+variable "use_access_ip" {}
\ No newline at end of file
diff --git a/contrib/terraform/openstack/modules/ips/variables.tf b/contrib/terraform/openstack/modules/ips/variables.tf
index acc3ced38..a2cb54538 100644
--- a/contrib/terraform/openstack/modules/ips/variables.tf
+++ b/contrib/terraform/openstack/modules/ips/variables.tf
@@ -14,4 +14,4 @@ variable "network_name" {}
variable "router_id" {
default = ""
-}
+}
\ No newline at end of file
diff --git a/contrib/terraform/openstack/variables.tf b/contrib/terraform/openstack/variables.tf
index b22ac5b14..218c82add 100644
--- a/contrib/terraform/openstack/variables.tf
+++ b/contrib/terraform/openstack/variables.tf
@@ -206,3 +206,7 @@ variable "worker_allowed_ports" {
},
]
}
+
+variable "use_access_ip" {
+ default = 1
+}
diff --git a/contrib/terraform/terraform.py b/contrib/terraform/terraform.py
index f339539f2..fa490d816 100755
--- a/contrib/terraform/terraform.py
+++ b/contrib/terraform/terraform.py
@@ -339,14 +339,19 @@ def iter_host_ips(hosts, ips):
'''Update hosts that have an entry in the floating IP list'''
for host in hosts:
host_id = host[1]['id']
+ use_access_ip = host[1]['metadata']['use_access_ip']
if host_id in ips:
ip = ips[host_id]
+
host[1].update({
'access_ip_v4': ip,
'access_ip': ip,
'public_ipv4': ip,
'ansible_ssh_host': ip,
})
+
+ if use_access_ip == "0":
+ host[1].pop('access_ip')
yield host
--
GitLab