diff --git a/contrib/terraform/aws/.gitignore b/contrib/terraform/aws/.gitignore
index 84fcb582197bef46cdb0e87098fb194856f97f52..373687b8014dd2754b0aa4152ceb94d12d30f073 100644
--- a/contrib/terraform/aws/.gitignore
+++ b/contrib/terraform/aws/.gitignore
@@ -1,2 +1,3 @@
*.tfstate*
+.terraform.lock.hcl
.terraform
diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf
index 4a12ecb7440fd479d45489f0e2b445dea77471eb..f5ac5617b3660385115446b8d24d0a9223c5d435 100644
--- a/contrib/terraform/aws/create-infrastructure.tf
+++ b/contrib/terraform/aws/create-infrastructure.tf
@@ -20,7 +20,7 @@ module "aws-vpc" {
aws_cluster_name = var.aws_cluster_name
aws_vpc_cidr_block = var.aws_vpc_cidr_block
- aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, 2)
+ aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names))
aws_cidr_subnets_private = var.aws_cidr_subnets_private
aws_cidr_subnets_public = var.aws_cidr_subnets_public
default_tags = var.default_tags
@@ -31,7 +31,7 @@ module "aws-elb" {
aws_cluster_name = var.aws_cluster_name
aws_vpc_id = module.aws-vpc.aws_vpc_id
- aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, 2)
+ aws_avail_zones = slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names))
aws_subnet_ids_public = module.aws-vpc.aws_subnet_ids_public
aws_elb_api_port = var.aws_elb_api_port
k8s_secure_api_port = var.k8s_secure_api_port
@@ -52,9 +52,9 @@ module "aws-iam" {
resource "aws_instance" "bastion-server" {
ami = data.aws_ami.distro.id
instance_type = var.aws_bastion_size
- count = length(var.aws_cidr_subnets_public)
+ count = var.aws_bastion_num
associate_public_ip_address = true
- availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
+ availability_zone = element(slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names)), count.index)
subnet_id = element(module.aws-vpc.aws_subnet_ids_public, count.index)
vpc_security_group_ids = module.aws-vpc.aws_security_group
@@ -79,11 +79,15 @@ resource "aws_instance" "k8s-master" {
count = var.aws_kube_master_num
- availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
+ availability_zone = element(slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names)), count.index)
subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = module.aws-vpc.aws_security_group
+ root_block_device {
+ volume_size = var.aws_kube_master_disk_size
+ }
+
iam_instance_profile = module.aws-iam.kube_control_plane-profile
key_name = var.AWS_SSH_KEY_NAME
@@ -106,11 +110,15 @@ resource "aws_instance" "k8s-etcd" {
count = var.aws_etcd_num
- availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
+ availability_zone = element(slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names)), count.index)
subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = module.aws-vpc.aws_security_group
+ root_block_device {
+ volume_size = var.aws_etcd_disk_size
+ }
+
key_name = var.AWS_SSH_KEY_NAME
tags = merge(var.default_tags, tomap({
@@ -126,11 +134,15 @@ resource "aws_instance" "k8s-worker" {
count = var.aws_kube_worker_num
- availability_zone = element(slice(data.aws_availability_zones.available.names, 0, 2), count.index)
+ availability_zone = element(slice(data.aws_availability_zones.available.names, 0, length(var.aws_cidr_subnets_public) <= length(data.aws_availability_zones.available.names) ? length(var.aws_cidr_subnets_public) : length(data.aws_availability_zones.available.names)), count.index)
subnet_id = element(module.aws-vpc.aws_subnet_ids_private, count.index)
vpc_security_group_ids = module.aws-vpc.aws_security_group
+ root_block_device {
+ volume_size = var.aws_kube_worker_disk_size
+ }
+
iam_instance_profile = module.aws-iam.kube-worker-profile
key_name = var.AWS_SSH_KEY_NAME
@@ -152,10 +164,10 @@ data "template_file" "inventory" {
public_ip_address_bastion = join("\n", formatlist("bastion ansible_host=%s", aws_instance.bastion-server.*.public_ip))
connection_strings_master = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-master.*.private_dns, aws_instance.k8s-master.*.private_ip))
connection_strings_node = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.private_dns, aws_instance.k8s-worker.*.private_ip))
- connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip))
list_master = join("\n", aws_instance.k8s-master.*.private_dns)
list_node = join("\n", aws_instance.k8s-worker.*.private_dns)
- list_etcd = join("\n", aws_instance.k8s-etcd.*.private_dns)
+ connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_dns) : (aws_instance.k8s-master.*.private_dns)), ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_ip) : (aws_instance.k8s-master.*.private_ip))))
+ list_etcd = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_dns) : (aws_instance.k8s-master.*.private_dns)))
elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
}
}
diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf
index 35e6e27a72f1514dd9fcecf461968dcf7d8da6be..8cac230af25e6706207db8f8ec67059713ef7c56 100644
--- a/contrib/terraform/aws/output.tf
+++ b/contrib/terraform/aws/output.tf
@@ -11,7 +11,7 @@ output "workers" {
}
output "etcd" {
- value = join("\n", aws_instance.k8s-etcd.*.private_ip)
+ value = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_ip) : (aws_instance.k8s-master.*.private_ip)))
}
output "aws_elb_api_fqdn" {
diff --git a/contrib/terraform/aws/sample-inventory/cluster.tfvars b/contrib/terraform/aws/sample-inventory/cluster.tfvars
index 1b0b76c9787b56458bedc894fd21bb18ea34fbe0..d731a0416522ee369455af568a0e86b782773b52 100644
--- a/contrib/terraform/aws/sample-inventory/cluster.tfvars
+++ b/contrib/terraform/aws/sample-inventory/cluster.tfvars
@@ -9,6 +9,8 @@ aws_cidr_subnets_private = ["10.250.192.0/20", "10.250.208.0/20"]
aws_cidr_subnets_public = ["10.250.224.0/20", "10.250.240.0/20"]
#Bastion Host
+aws_bastion_num = 1
+
aws_bastion_size = "t2.medium"
#Kubernetes Cluster
@@ -17,22 +19,26 @@ aws_kube_master_num = 3
aws_kube_master_size = "t2.medium"
+aws_kube_master_disk_size = 50
+
aws_etcd_num = 3
aws_etcd_size = "t2.medium"
+aws_etcd_disk_size = 50
+
aws_kube_worker_num = 4
aws_kube_worker_size = "t2.medium"
+aws_kube_worker_disk_size = 50
+
#Settings AWS ELB
aws_elb_api_port = 6443
k8s_secure_api_port = 6443
-kube_insecure_apiserver_address = "0.0.0.0"
-
default_tags = {
# Env = "devtest" # Product = "kubernetes"
}
diff --git a/contrib/terraform/aws/templates/inventory.tpl b/contrib/terraform/aws/templates/inventory.tpl
index baa9ea8545c22125f94f631bc368f23ba1916c8e..c0d0d10244c7105d0a2d6007eb87e68222e57123 100644
--- a/contrib/terraform/aws/templates/inventory.tpl
+++ b/contrib/terraform/aws/templates/inventory.tpl
@@ -10,19 +10,18 @@ ${public_ip_address_bastion}
[kube_control_plane]
${list_master}
-
[kube_node]
${list_node}
-
[etcd]
${list_etcd}
+[calico_rr]
[k8s_cluster:children]
kube_node
kube_control_plane
-
+calico_rr
[k8s_cluster:vars]
${elb_api_fqdn}
diff --git a/contrib/terraform/aws/terraform.tfvars b/contrib/terraform/aws/terraform.tfvars
index c8db6b424a23adada6585c53ab339ed852f9fe31..21089ebdd1aaac1bf6435cfab63922864ded0137 100644
--- a/contrib/terraform/aws/terraform.tfvars
+++ b/contrib/terraform/aws/terraform.tfvars
@@ -6,26 +6,34 @@ aws_vpc_cidr_block = "10.250.192.0/18"
aws_cidr_subnets_private = ["10.250.192.0/20", "10.250.208.0/20"]
aws_cidr_subnets_public = ["10.250.224.0/20", "10.250.240.0/20"]
-#Bastion Host
-aws_bastion_size = "t2.medium"
+# single AZ deployment
+#aws_cidr_subnets_private = ["10.250.192.0/20"]
+#aws_cidr_subnets_public = ["10.250.224.0/20"]
+# 3+ AZ deployment
+#aws_cidr_subnets_private = ["10.250.192.0/24","10.250.193.0/24","10.250.194.0/24","10.250.195.0/24"]
+#aws_cidr_subnets_public = ["10.250.224.0/24","10.250.225.0/24","10.250.226.0/24","10.250.227.0/24"]
-#Kubernetes Cluster
+#Bastion Host
+aws_bastion_num = 1
+aws_bastion_size = "t3.small"
-aws_kube_master_num = 3
-aws_kube_master_size = "t2.medium"
+#Kubernetes Cluster
+aws_kube_master_num = 3
+aws_kube_master_size = "t3.medium"
+aws_kube_master_disk_size = 50
-aws_etcd_num = 3
-aws_etcd_size = "t2.medium"
+aws_etcd_num = 0
+aws_etcd_size = "t3.medium"
+aws_etcd_disk_size = 50
-aws_kube_worker_num = 4
-aws_kube_worker_size = "t2.medium"
+aws_kube_worker_num = 4
+aws_kube_worker_size = "t3.medium"
+aws_kube_worker_disk_size = 50
#Settings AWS ELB
-
-aws_elb_api_port = 6443
-k8s_secure_api_port = 6443
-kube_insecure_apiserver_address = "0.0.0.0"
+aws_elb_api_port = 6443
+k8s_secure_api_port = 6443
default_tags = {
# Env = "devtest"
diff --git a/contrib/terraform/aws/terraform.tfvars.example b/contrib/terraform/aws/terraform.tfvars.example
index 666b21db2268d60c214a02db7ecd70e5c3393719..76684d831f10b2b583c2a2f3f1549064423ecc7e 100644
--- a/contrib/terraform/aws/terraform.tfvars.example
+++ b/contrib/terraform/aws/terraform.tfvars.example
@@ -8,25 +8,26 @@ aws_cidr_subnets_public = ["10.250.224.0/20","10.250.240.0/20"]
aws_avail_zones = ["eu-central-1a","eu-central-1b"]
#Bastion Host
-aws_bastion_ami = "ami-5900cc36"
-aws_bastion_size = "t2.small"
-
+aws_bastion_num = 1
+aws_bastion_size = "t3.small"
#Kubernetes Cluster
-
aws_kube_master_num = 3
-aws_kube_master_size = "t2.medium"
+aws_kube_master_size = "t3.medium"
+aws_kube_master_disk_size = 50
aws_etcd_num = 3
-aws_etcd_size = "t2.medium"
+aws_etcd_size = "t3.medium"
+aws_etcd_disk_size = 50
aws_kube_worker_num = 4
-aws_kube_worker_size = "t2.medium"
-
-aws_cluster_ami = "ami-903df7ff"
+aws_kube_worker_size = "t3.medium"
+aws_kube_worker_disk_size = 50
#Settings AWS ELB
-
aws_elb_api_port = 6443
k8s_secure_api_port = 6443
-kube_insecure_apiserver_address = 0.0.0.0
+
+default_tags = { }
+
+inventory_file = "../../../inventory/hosts"
diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf
index 19d165f04c305944308af0962498772dd123a7dc..92a5512c8381aa783708fb7431822ce7f4fce6f7 100644
--- a/contrib/terraform/aws/variables.tf
+++ b/contrib/terraform/aws/variables.tf
@@ -25,7 +25,7 @@ data "aws_ami" "distro" {
filter {
name = "name"
- values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+ values = ["debian-10-amd64-*"]
}
filter {
@@ -33,7 +33,7 @@ data "aws_ami" "distro" {
values = ["hvm"]
}
- owners = ["099720109477"] # Canonical
+ owners = ["136693071363"] # Debian-10
}
//AWS VPC Variables
@@ -63,10 +63,18 @@ variable "aws_bastion_size" {
* The number should be divisable by the number of used
* AWS Availability Zones without an remainder.
*/
+variable "aws_bastion_num" {
+ description = "Number of Bastion Nodes"
+}
+
variable "aws_kube_master_num" {
description = "Number of Kubernetes Master Nodes"
}
+variable "aws_kube_master_disk_size" {
+ description = "Disk size for Kubernetes Master Nodes (in GiB)"
+}
+
variable "aws_kube_master_size" {
description = "Instance size of Kube Master Nodes"
}
@@ -75,6 +83,10 @@ variable "aws_etcd_num" {
description = "Number of etcd Nodes"
}
+variable "aws_etcd_disk_size" {
+ description = "Disk size for etcd Nodes (in GiB)"
+}
+
variable "aws_etcd_size" {
description = "Instance size of etcd Nodes"
}
@@ -83,6 +95,10 @@ variable "aws_kube_worker_num" {
description = "Number of Kubernetes Worker Nodes"
}
+variable "aws_kube_worker_disk_size" {
+ description = "Disk size for Kubernetes Worker Nodes (in GiB)"
+}
+
variable "aws_kube_worker_size" {
description = "Instance size of Kubernetes Worker Nodes"
}