From 1c72cff364586c5599bce2b2da3959d4c4f8a0e1 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 7 Nov 2024 22:22:48 +0100 Subject: [PATCH] Remove old style cluster deployment --- IaC-prod/images.tf | 5 - IaC-prod/main.tf | 15 --- IaC-prod/network.tf | 3 - IaC-prod/nodes.tf | 111 --------------------- IaC-prod/securitygroups.tf | 194 ------------------------------------- IaC-prod/servergroups.tf | 9 -- IaC-prod/vars.tf | 40 -------- 7 files changed, 377 deletions(-) delete mode 100644 IaC-prod/images.tf delete mode 100644 IaC-prod/main.tf delete mode 100644 IaC-prod/network.tf delete mode 100644 IaC-prod/nodes.tf delete mode 100644 IaC-prod/securitygroups.tf delete mode 100644 IaC-prod/servergroups.tf delete mode 100644 IaC-prod/vars.tf diff --git a/IaC-prod/images.tf b/IaC-prod/images.tf deleted file mode 100644 index 421aec9..0000000 --- a/IaC-prod/images.tf +++ /dev/null @@ -1,5 +0,0 @@ -# Default os version -data "openstack_images_image_v2" "debian12image" { - name = "debian-12" # Name of image to be used - most_recent = true -} diff --git a/IaC-prod/main.tf b/IaC-prod/main.tf deleted file mode 100644 index 66db5b1..0000000 --- a/IaC-prod/main.tf +++ /dev/null @@ -1,15 +0,0 @@ -# Define required providers -terraform { -required_version = ">= 0.14.0" - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" - } - } -} - -# Configure the OpenStack Provider -provider "openstack" { - cloud = "${var.cloud_name}" -} diff --git a/IaC-prod/network.tf b/IaC-prod/network.tf deleted file mode 100644 index 30b4c0f..0000000 --- a/IaC-prod/network.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "openstack_networking_network_v2" "public" { - name = "public" # Name of network to use. -} diff --git a/IaC-prod/nodes.tf b/IaC-prod/nodes.tf deleted file mode 100644 index 36890d7..0000000 --- a/IaC-prod/nodes.tf +++ /dev/null @@ -1,111 +0,0 @@ - -# -# Controller node resources -# - -resource "openstack_networking_port_v2" "kubecport" { - name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" - # We create as many ports as there are instances created - count = var.controller_instance_count - network_id = data.openstack_networking_network_v2.public.id - # A list of security group ID - security_group_ids = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.id, - data.openstack_networking_secgroup_v2.allegress.id, - resource.openstack_networking_secgroup_v2.microk8s.id, - resource.openstack_networking_secgroup_v2.https.id - ] - admin_state_up = "true" -} - -resource "openstack_blockstorage_volume_v3" "kubecvolumeboot" { - count = var.controller_instance_count # size of cluster - name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" - description = "OS volume for kubernetes control node ${count.index + 1}" - size = 100 - image_id = data.openstack_images_image_v2.debian12image.id - enable_online_resize = true # Allow us to resize volume while attached. -} - -resource "openstack_compute_instance_v2" "controller-nodes" { - count = var.controller_instance_count - name = "${var.controller_name}${count.index+1}.${var.dns_suffix}" - flavor_name = "${var.controller_instance_type}" - key_pair = "${var.keyname}" - security_groups = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.name, - data.openstack_networking_secgroup_v2.allegress.name, - resource.openstack_networking_secgroup_v2.microk8s.name, - resource.openstack_networking_secgroup_v2.https.name - ] - block_device { - uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot[count.index].id - source_type = "volume" - destination_type = "volume" - boot_index = 0 - } - scheduler_hints { - group = openstack_compute_servergroup_v2.controllers.id - } - network { - port = resource.openstack_networking_port_v2.kubecport[count.index].id - } -} - -# -# Worker node resources -# - - -# -# Controller node resources -# - -resource "openstack_networking_port_v2" "kubewport" { - name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port" - # We create as many ports as there are instances created - count = var.controller_instance_count - network_id = data.openstack_networking_network_v2.public.id - # A list of security group ID - security_group_ids = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.id, - data.openstack_networking_secgroup_v2.allegress.id, - resource.openstack_networking_secgroup_v2.microk8s.id - ] - admin_state_up = "true" -} - -resource "openstack_blockstorage_volume_v3" "kubewvolumeboot" { - count = var.controller_instance_count # size of cluster - name = "${var.worker_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol" - description = "OS volume for kubernetes worker node ${count.index + 1}" - size = 100 - image_id = data.openstack_images_image_v2.debian12image.id - enable_online_resize = true # Allow us to resize volume while attached. -} - - -resource "openstack_compute_instance_v2" "worker-nodes" { - count = var.worker_instance_count - name = "${var.worker_name}${count.index+1}.${var.dns_suffix}" - flavor_name = "${var.worker_instance_type}" - key_pair = "${var.keyname}" - security_groups = [ - data.openstack_networking_secgroup_v2.sshfromjumphosts.name, - data.openstack_networking_secgroup_v2.allegress.name, - resource.openstack_networking_secgroup_v2.microk8s.name - ] - - block_device { - uuid = resource.openstack_blockstorage_volume_v3.kubewvolumeboot[count.index].id - source_type = "volume" - destination_type = "volume" - boot_index = 0 - } - scheduler_hints { - group = openstack_compute_servergroup_v2.workers.id - } - network { - port = resource.openstack_networking_port_v2.kubewport[count.index].id - } -} diff --git a/IaC-prod/securitygroups.tf b/IaC-prod/securitygroups.tf deleted file mode 100644 index 0cc6649..0000000 --- a/IaC-prod/securitygroups.tf +++ /dev/null @@ -1,194 +0,0 @@ -# Datasource of sunet ssh-from-jumphost security group. -data "openstack_networking_secgroup_v2" "sshfromjumphosts" { - name = "ssh-from-jumphost" -} - -data "openstack_networking_secgroup_v2" "allegress" { - name = "allegress" -} - -resource "openstack_networking_secgroup_v2" "microk8s" { - name = "microk8s" - description = "Traffic to allow between microk8s hosts" -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 16443 - port_range_max = 16443 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 16443 - port_range_max = 16443 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} - -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10255 - port_range_max = 10255 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10255 - port_range_max = 10255 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 25000 - port_range_max = 25000 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 25000 - port_range_max = 25000 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 12379 - port_range_max = 12379 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 12379 - port_range_max = 12379 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 19001 - port_range_max = 19001 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" { - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 19001 - port_range_max = 19001 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" { - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} -resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" { - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_group_id = openstack_networking_secgroup_v2.microk8s.id - security_group_id = openstack_networking_secgroup_v2.microk8s.id -} - -resource "openstack_networking_secgroup_v2" "https" { - name = "https" - description = "Allow https to ingress controller" -} - -resource "openstack_networking_secgroup_rule_v2" "https_rule1" { - # External traffic - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.https.id -} diff --git a/IaC-prod/servergroups.tf b/IaC-prod/servergroups.tf deleted file mode 100644 index 9f94d71..0000000 --- a/IaC-prod/servergroups.tf +++ /dev/null @@ -1,9 +0,0 @@ -resource "openstack_compute_servergroup_v2" "workers" { - name = "workers" - policies = ["anti-affinity"] -} -resource "openstack_compute_servergroup_v2" "controllers" { - name = "controllers" - policies = ["anti-affinity"] -} - diff --git a/IaC-prod/vars.tf b/IaC-prod/vars.tf deleted file mode 100644 index bc5f172..0000000 --- a/IaC-prod/vars.tf +++ /dev/null @@ -1,40 +0,0 @@ -variable "datacenter_name" { - type = string - default = "dco" -} - -variable "keyname" { - type = string - default = "manderssonpub" -} - -variable "worker_instance_count" { - default = "3" -} -variable "controller_instance_count" { - default = "3" -} - -variable "controller_instance_type" { - default = "b2.c2r4" -} - -variable "worker_instance_type" { - default = "b2.c4r16" -} - -variable "worker_name" { - default = "k8sw" -} - -variable "controller_name" { - default = "k8sc" -} - -variable "dns_suffix" { - default = "matrix.test.sunet.se" -} - -variable "cloud_name" { - default="dco-matrixtest" -}