From d583d331b5e50057acb601c0fa41802bee20c4ef Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Fri, 24 Nov 2023 17:22:55 +0100
Subject: [PATCH] Convert exoscale tf provider to new version (#10646)
This is untested. It passes terraform validate to un-broke the CI.
---
contrib/terraform/exoscale/default.tfvars | 8 +-
.../modules/kubernetes-cluster/main.tf | 202 +++++++++---------
.../modules/kubernetes-cluster/output.tf | 16 +-
.../modules/kubernetes-cluster/versions.tf | 2 +-
4 files changed, 113 insertions(+), 115 deletions(-)
diff --git a/contrib/terraform/exoscale/default.tfvars b/contrib/terraform/exoscale/default.tfvars
index 2bcbef54b..8388d586a 100644
--- a/contrib/terraform/exoscale/default.tfvars
+++ b/contrib/terraform/exoscale/default.tfvars
@@ -12,7 +12,7 @@ ssh_public_keys = [
machines = {
"master-0" : {
"node_type" : "master",
- "size" : "Medium",
+ "size" : "standard.medium",
"boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50,
@@ -22,7 +22,7 @@ machines = {
},
"worker-0" : {
"node_type" : "worker",
- "size" : "Large",
+ "size" : "standard.large",
"boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50,
@@ -32,7 +32,7 @@ machines = {
},
"worker-1" : {
"node_type" : "worker",
- "size" : "Large",
+ "size" : "standard.large",
"boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50,
@@ -42,7 +42,7 @@ machines = {
},
"worker-2" : {
"node_type" : "worker",
- "size" : "Large",
+ "size" : "standard.large",
"boot_disk" : {
"image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
"root_partition_size" : 50,
diff --git a/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf b/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
index 3171b00ba..3ea4f4f2c 100644
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
@@ -1,29 +1,25 @@
-data "exoscale_compute_template" "os_image" {
+data "exoscale_template" "os_image" {
for_each = var.machines
zone = var.zone
name = each.value.boot_disk.image_name
}
-data "exoscale_compute" "master_nodes" {
- for_each = exoscale_compute.master
+data "exoscale_compute_instance" "master_nodes" {
+ for_each = exoscale_compute_instance.master
- id = each.value.id
-
- # Since private IP address is not assigned until the nics are created we need this
- depends_on = [exoscale_nic.master_private_network_nic]
+ id = each.value.id
+ zone = var.zone
}
-data "exoscale_compute" "worker_nodes" {
- for_each = exoscale_compute.worker
+data "exoscale_compute_instance" "worker_nodes" {
+ for_each = exoscale_compute_instance.worker
- id = each.value.id
-
- # Since private IP address is not assigned until the nics are created we need this
- depends_on = [exoscale_nic.worker_private_network_nic]
+ id = each.value.id
+ zone = var.zone
}
-resource "exoscale_network" "private_network" {
+resource "exoscale_private_network" "private_network" {
zone = var.zone
name = "${var.prefix}-network"
@@ -34,25 +30,29 @@ resource "exoscale_network" "private_network" {
netmask = cidrnetmask(var.private_network_cidr)
}
-resource "exoscale_compute" "master" {
+resource "exoscale_compute_instance" "master" {
for_each = {
for name, machine in var.machines :
name => machine
if machine.node_type == "master"
}
- display_name = "${var.prefix}-${each.key}"
- template_id = data.exoscale_compute_template.os_image[each.key].id
- size = each.value.size
- disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
- state = "Running"
- zone = var.zone
- security_groups = [exoscale_security_group.master_sg.name]
+ name = "${var.prefix}-${each.key}"
+ template_id = data.exoscale_template.os_image[each.key].id
+ type = each.value.size
+ disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
+ state = "Running"
+ zone = var.zone
+ security_group_ids = [exoscale_security_group.master_sg.id]
+ network_interface {
+ network_id = exoscale_private_network.private_network.id
+ }
+ elastic_ip_ids = [exoscale_elastic_ip.control_plane_lb.id]
user_data = templatefile(
"${path.module}/templates/cloud-init.tmpl",
{
- eip_ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address
+ eip_ip_address = exoscale_elastic_ip.ingress_controller_lb.ip_address
node_local_partition_size = each.value.boot_disk.node_local_partition_size
ceph_partition_size = each.value.boot_disk.ceph_partition_size
root_partition_size = each.value.boot_disk.root_partition_size
@@ -62,25 +62,29 @@ resource "exoscale_compute" "master" {
)
}
-resource "exoscale_compute" "worker" {
+resource "exoscale_compute_instance" "worker" {
for_each = {
for name, machine in var.machines :
name => machine
if machine.node_type == "worker"
}
- display_name = "${var.prefix}-${each.key}"
- template_id = data.exoscale_compute_template.os_image[each.key].id
- size = each.value.size
- disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
- state = "Running"
- zone = var.zone
- security_groups = [exoscale_security_group.worker_sg.name]
+ name = "${var.prefix}-${each.key}"
+ template_id = data.exoscale_template.os_image[each.key].id
+ type = each.value.size
+ disk_size = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
+ state = "Running"
+ zone = var.zone
+ security_group_ids = [exoscale_security_group.worker_sg.id]
+ network_interface {
+ network_id = exoscale_private_network.private_network.id
+ }
+ elastic_ip_ids = [exoscale_elastic_ip.ingress_controller_lb.id]
user_data = templatefile(
"${path.module}/templates/cloud-init.tmpl",
{
- eip_ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address
+ eip_ip_address = exoscale_elastic_ip.ingress_controller_lb.ip_address
node_local_partition_size = each.value.boot_disk.node_local_partition_size
ceph_partition_size = each.value.boot_disk.ceph_partition_size
root_partition_size = each.value.boot_disk.root_partition_size
@@ -90,41 +94,33 @@ resource "exoscale_compute" "worker" {
)
}
-resource "exoscale_nic" "master_private_network_nic" {
- for_each = exoscale_compute.master
-
- compute_id = each.value.id
- network_id = exoscale_network.private_network.id
-}
-
-resource "exoscale_nic" "worker_private_network_nic" {
- for_each = exoscale_compute.worker
-
- compute_id = each.value.id
- network_id = exoscale_network.private_network.id
-}
-
resource "exoscale_security_group" "master_sg" {
name = "${var.prefix}-master-sg"
description = "Security group for Kubernetes masters"
}
-resource "exoscale_security_group_rules" "master_sg_rules" {
+resource "exoscale_security_group_rule" "master_sg_rule_ssh" {
security_group_id = exoscale_security_group.master_sg.id
+ for_each = toset(var.ssh_whitelist)
# SSH
- ingress {
- protocol = "TCP"
- cidr_list = var.ssh_whitelist
- ports = ["22"]
- }
+ type = "INGRESS"
+ start_port = 22
+ end_port = 22
+ protocol = "TCP"
+ cidr = each.value
+}
+
+resource "exoscale_security_group_rule" "master_sg_rule_k8s_api" {
+ security_group_id = exoscale_security_group.master_sg.id
+ for_each = toset(var.api_server_whitelist)
# Kubernetes API
- ingress {
- protocol = "TCP"
- cidr_list = var.api_server_whitelist
- ports = ["6443"]
- }
+ type = "INGRESS"
+ start_port = 6443
+ end_port = 6443
+ protocol = "TCP"
+ cidr = each.value
}
resource "exoscale_security_group" "worker_sg" {
@@ -132,62 +128,64 @@ resource "exoscale_security_group" "worker_sg" {
description = "security group for kubernetes worker nodes"
}
-resource "exoscale_security_group_rules" "worker_sg_rules" {
+resource "exoscale_security_group_rule" "worker_sg_rule_ssh" {
security_group_id = exoscale_security_group.worker_sg.id
# SSH
- ingress {
- protocol = "TCP"
- cidr_list = var.ssh_whitelist
- ports = ["22"]
- }
+ for_each = toset(var.ssh_whitelist)
+ type = "INGRESS"
+ start_port = 22
+ end_port = 22
+ protocol = "TCP"
+ cidr = each.value
+}
- # HTTP(S)
- ingress {
- protocol = "TCP"
- cidr_list = ["0.0.0.0/0"]
- ports = ["80", "443"]
- }
+resource "exoscale_security_group_rule" "worker_sg_rule_http" {
+ security_group_id = exoscale_security_group.worker_sg.id
- # Kubernetes Nodeport
- ingress {
- protocol = "TCP"
- cidr_list = var.nodeport_whitelist
- ports = ["30000-32767"]
- }
+ # HTTP(S)
+ for_each = toset(["80", "443"])
+ type = "INGRESS"
+ start_port = each.value
+ end_port = each.value
+ protocol = "TCP"
+ cidr = "0.0.0.0/0"
}
-resource "exoscale_ipaddress" "ingress_controller_lb" {
- zone = var.zone
- healthcheck_mode = "http"
- healthcheck_port = 80
- healthcheck_path = "/healthz"
- healthcheck_interval = 10
- healthcheck_timeout = 2
- healthcheck_strikes_ok = 2
- healthcheck_strikes_fail = 3
-}
-resource "exoscale_secondary_ipaddress" "ingress_controller_lb" {
- for_each = exoscale_compute.worker
+resource "exoscale_security_group_rule" "worker_sg_rule_nodeport" {
+ security_group_id = exoscale_security_group.worker_sg.id
- compute_id = each.value.id
- ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address
+ # HTTP(S)
+ for_each = toset(var.nodeport_whitelist)
+ type = "INGRESS"
+ start_port = 30000
+ end_port = 32767
+ protocol = "TCP"
+ cidr = each.value
}
-resource "exoscale_ipaddress" "control_plane_lb" {
- zone = var.zone
- healthcheck_mode = "tcp"
- healthcheck_port = 6443
- healthcheck_interval = 10
- healthcheck_timeout = 2
- healthcheck_strikes_ok = 2
- healthcheck_strikes_fail = 3
+resource "exoscale_elastic_ip" "ingress_controller_lb" {
+ zone = var.zone
+ healthcheck {
+ mode = "http"
+ port = 80
+ uri = "/healthz"
+ interval = 10
+ timeout = 2
+ strikes_ok = 2
+ strikes_fail = 3
+ }
}
-resource "exoscale_secondary_ipaddress" "control_plane_lb" {
- for_each = exoscale_compute.master
-
- compute_id = each.value.id
- ip_address = exoscale_ipaddress.control_plane_lb.ip_address
+resource "exoscale_elastic_ip" "control_plane_lb" {
+ zone = var.zone
+ healthcheck {
+ mode = "tcp"
+ port = 6443
+ interval = 10
+ timeout = 2
+ strikes_ok = 2
+ strikes_fail = 3
+ }
}
diff --git a/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf b/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
index bb80b5b54..b288bdb49 100644
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
@@ -1,19 +1,19 @@
output "master_ip_addresses" {
value = {
- for key, instance in exoscale_compute.master :
+ for key, instance in exoscale_compute_instance.master :
instance.name => {
- "private_ip" = contains(keys(data.exoscale_compute.master_nodes), key) ? data.exoscale_compute.master_nodes[key].private_network_ip_addresses[0] : ""
- "public_ip" = exoscale_compute.master[key].ip_address
+ "private_ip" = contains(keys(data.exoscale_compute_instance.master_nodes), key) ? data.exoscale_compute_instance.master_nodes[key].private_network_ip_addresses[0] : ""
+ "public_ip" = exoscale_compute_instance.master[key].ip_address
}
}
}
output "worker_ip_addresses" {
value = {
- for key, instance in exoscale_compute.worker :
+ for key, instance in exoscale_compute_instance.worker :
instance.name => {
- "private_ip" = contains(keys(data.exoscale_compute.worker_nodes), key) ? data.exoscale_compute.worker_nodes[key].private_network_ip_addresses[0] : ""
- "public_ip" = exoscale_compute.worker[key].ip_address
+ "private_ip" = contains(keys(data.exoscale_compute_instance.worker_nodes), key) ? data.exoscale_compute_instance.worker_nodes[key].private_network_ip_addresses[0] : ""
+ "public_ip" = exoscale_compute_instance.worker[key].ip_address
}
}
}
@@ -23,9 +23,9 @@ output "cluster_private_network_cidr" {
}
output "ingress_controller_lb_ip_address" {
- value = exoscale_ipaddress.ingress_controller_lb.ip_address
+ value = exoscale_elastic_ip.ingress_controller_lb.ip_address
}
output "control_plane_lb_ip_address" {
- value = exoscale_ipaddress.control_plane_lb.ip_address
+ value = exoscale_elastic_ip.control_plane_lb.ip_address
}
diff --git a/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf b/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
index 6f60994c2..047420aec 100644
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
@@ -1,7 +1,7 @@
terraform {
required_providers {
exoscale = {
- source = "exoscale/exoscale"
+ source = "exoscale/exoscale"
version = ">= 0.21"
}
}
--
GitLab