From 5aef290639b6c51203fd12d375adaf372621caa3 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 21 Oct 2024 15:09:34 +0200 Subject: [PATCH] Move and scale out DCO workers with new deployment method --- IaC-test/images.tf | 6 ++ IaC-test/k8snodes-dco.tf | 75 +++++++++++++++ IaC-test/network.tf | 5 + IaC-test/securitygroups-k8s-dco.tf | 141 +++++++++++++++++++++++----- IaC-test/securitygroups-k8s-sto3.tf | 44 +++++++-- IaC-test/securitygroups-k8s-sto4.tf | 52 +++++++--- IaC-test/servergroups-dco.tf | 11 +++ IaC-test/vars.tf | 2 +- 8 files changed, 289 insertions(+), 47 deletions(-) create mode 100644 IaC-test/k8snodes-dco.tf create mode 100644 IaC-test/servergroups-dco.tf diff --git a/IaC-test/images.tf b/IaC-test/images.tf index c0a39b9..415fc97 100644 --- a/IaC-test/images.tf +++ b/IaC-test/images.tf @@ -4,6 +4,12 @@ data "openstack_images_image_v2" "debian12image" { most_recent = true } +data "openstack_images_image_v2" "debian12image-dco" { + name = "debian-12" # Name of image to be used + most_recent = true + provider = openstack.dco +} + data "openstack_images_image_v2" "debian12image-sto4" { name = "debian-12" # Name of image to be used most_recent = true diff --git a/IaC-test/k8snodes-dco.tf b/IaC-test/k8snodes-dco.tf new file mode 100644 index 0000000..929592e --- /dev/null +++ b/IaC-test/k8snodes-dco.tf @@ -0,0 +1,75 @@ +# +# Controller node resources +# + +locals { + dcodc = "dco" + dconodenrbase = index(var.datacenters, "dco") + dcoindexjump = length(var.datacenters) +} + +resource "openstack_networking_port_v2" "kubewport-dco" { + name = "${var.worker_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-port" + # We create as many ports as there are instances created + count = var.workerdcreplicas + network_id = data.openstack_networking_network_v2.public-dco.id + # A list of security group ID + security_group_ids = [ + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id, + resource.openstack_networking_secgroup_v2.microk8s-dco.id + ] + admin_state_up = "true" + provider = openstack.dco +} + +# Boot volume for node +resource "openstack_blockstorage_volume_v3" "kubewvolumeboot-dco" { + count = var.workerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-vol" + description = "OS volume for kubernetes worker node ${count.index * local.dcoindexjump + 1 + local.dconodenrbase}" + size = 100 + image_id = data.openstack_images_image_v2.debian12image-dco.id + enable_online_resize = true # Allow us to resize volume while attached. + provider = openstack.dco +} + +resource "openstack_blockstorage_volume_v3" "kubewvolumerook-dco" { + count = var.workerdcreplicas # Replicas per datacenter + name = "${var.controller_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}-${replace(var.dns_suffix,".","-")}-${local.dcodc}-rook-vol" + description = "Rook storage volume for kubernetes worker node ${count.index * local.dcoindexjump + 1 + local.dconodenrbase}" + size = 100 + enable_online_resize = true # Allow us to resize volume while attached. + provider = openstack.dco +} + +resource "openstack_compute_instance_v2" "worker-nodes-dco" { + count = var.workerdcreplicas # Replicas per datacenter + name = "${var.worker_name}${count.index * local.dcoindexjump + 1 + local.dconodenrbase}.${var.dns_suffix}" + flavor_name = "${var.worker_instance_type}" + key_pair = "${var.keynameworkers}" + provider = openstack.dco + security_groups = [ + resource.openstack_networking_secgroup_v2.microk8s-dco.id, + resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name + ] + + block_device { + uuid = resource.openstack_blockstorage_volume_v3.kubewvolumeboot-dco[count.index].id + source_type = "volume" + destination_type = "volume" + boot_index = 0 + } + block_device { + uuid = resource.openstack_blockstorage_volume_v3.kubewvolumerook-dco[count.index].id + source_type = "volume" + destination_type = "volume" + boot_index = 1 + } + + scheduler_hints { + group = openstack_compute_servergroup_v2.workers-dco.id + } + network { + port = resource.openstack_networking_port_v2.kubewport-dco[count.index].id + } +} diff --git a/IaC-test/network.tf b/IaC-test/network.tf index f55effe..a4eeabc 100644 --- a/IaC-test/network.tf +++ b/IaC-test/network.tf @@ -2,6 +2,11 @@ data "openstack_networking_network_v2" "public" { name = "public" # Name of network to use. } +data "openstack_networking_network_v2" "public-dco" { + name = "public" # Name of network to use. + provider = openstack.dco +} + data "openstack_networking_network_v2" "public-sto4" { name = "public" # Name of network to use. provider = openstack.sto4 diff --git a/IaC-test/securitygroups-k8s-dco.tf b/IaC-test/securitygroups-k8s-dco.tf index eac5e20..5f9f774 100644 --- a/IaC-test/securitygroups-k8s-dco.tf +++ b/IaC-test/securitygroups-k8s-dco.tf @@ -1,29 +1,69 @@ -# -# From STO4 to DCO -# -resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4) - direction = "ingress" - ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] - provider = openstack.dco - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v4, "32" ]) - security_group_id = openstack_networking_secgroup_v2.microk8s.id +# Security groups sto3 +resource "openstack_networking_secgroup_v2" "microk8s-dco" { + name = "microk8s" + description = "Traffic to allow between microk8s hosts" + provider=openstack.dco } -resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto4_to_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4) +resource "openstack_networking_secgroup_v2" "ssh-from-jump-hosts-dco" { + name = "ssh-from-jumphosts" + description = "Allow ssh traffic from sunet jumphosts." + provider=openstack.dco +} + +# +# Security group rules for microk8s +# +resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v4_dco" { + count = length(var.k8sports) + direction = "ingress" + ethertype = "IPv4" + protocol = var.k8sports[count.index][keys(var.k8sports[count.index])[0]] + port_range_min = keys(var.k8sports[count.index])[0] + port_range_max = keys(var.k8sports[count.index])[0] + provider = openstack.dco + remote_group_id = openstack_networking_secgroup_v2.microk8s-dco.id + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v6_dco" { + count = length(var.k8sports) direction = "ingress" ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] + protocol = var.k8sports[count.index][keys(var.k8sports[count.index])[0]] + port_range_min = keys(var.k8sports[count.index])[0] + port_range_max = keys(var.k8sports[count.index])[0] provider = openstack.dco - remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v6, "/[\\[\\]']/",""), "128"]) - security_group_id = openstack_networking_secgroup_v2.microk8s.id + remote_group_id = openstack_networking_secgroup_v2.microk8s-dco.id + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +# +# From DCO controllers to dco workers +# +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + direction = "ingress" + ethertype = "IPv4" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + provider = openstack.dco + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v4, "32"]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) + direction = "ingress" + ethertype = "IPv6" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.controller-nodes))])[0] + provider = openstack.dco + remote_ip_prefix = join("/", [ replace(resource.openstack_compute_instance_v2.controller-nodes[count.index % length(resource.openstack_compute_instance_v2.controller-nodes)].access_ip_v6, "/[\\[\\]']/",""),"128"]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id } # @@ -39,7 +79,7 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto3_t port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto3))])[0] provider = openstack.dco remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto3)].access_ip_v4, "32" ]) - security_group_id = openstack_networking_secgroup_v2.microk8s.id + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto3_to_dco" { @@ -51,5 +91,62 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto3_t port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto3))])[0] provider = openstack.dco remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-sto3[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto3)].access_ip_v6, "/[\\[\\]']/",""), "128"]) - security_group_id = openstack_networking_secgroup_v2.microk8s.id + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +# +# From STO4 to STO3 +# + +resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_sto4_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4) + direction = "ingress" + ethertype = "IPv4" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] + provider = openstack.dco + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v4, "32" ]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_sto4_to_dco" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-sto4) + direction = "ingress" + ethertype = "IPv6" + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-sto4))])[0] + provider = openstack.dco + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-sto4[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-sto4)].access_ip_v6, "/[\\[\\]']/",""), "128"]) + security_group_id = openstack_networking_secgroup_v2.microk8s-dco.id +} + +# +# Security group rules for ssh-from-jump-hosts +# + + +resource "openstack_networking_secgroup_rule_v2" "ssh-from-jumphosts-v4rules-dco" { + count = length(var.jumphostv4-ips) + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = "22" + port_range_max = "22" + provider = openstack.dco + remote_ip_prefix = "${var.jumphostv4-ips[count.index]}/32" + security_group_id = openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-from-jumphosts-v6rules-dco" { + count = length(var.jumphostv6-ips) + direction = "ingress" + ethertype = "IPv6" + protocol = "tcp" + port_range_min = "22" + port_range_max = "22" + provider = openstack.dco + remote_ip_prefix = "${var.jumphostv6-ips[count.index]}/128" + security_group_id = openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id } diff --git a/IaC-test/securitygroups-k8s-sto3.tf b/IaC-test/securitygroups-k8s-sto3.tf index bcd8e3b..7f1d279 100644 --- a/IaC-test/securitygroups-k8s-sto3.tf +++ b/IaC-test/securitygroups-k8s-sto3.tf @@ -66,27 +66,51 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dc security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id } +#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto3" { +# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +# direction = "ingress" +# ethertype = "IPv4" +# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] +# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# provider = openstack.sto3 +# remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) +# security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id +#} +# +#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto3" { +# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +# direction = "ingress" +# ethertype = "IPv6" +# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] +# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# provider = openstack.sto3 +# remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) +# security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id +#} + resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto3" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] provider = openstack.sto3 - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-dco)].access_ip_v4, "32" ]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id } resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto3" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] provider = openstack.sto3 - remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-dco)].access_ip_v6, "/[\\[\\]']/",""), "128"]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto3.id } diff --git a/IaC-test/securitygroups-k8s-sto4.tf b/IaC-test/securitygroups-k8s-sto4.tf index e855e92..0e83a7c 100644 --- a/IaC-test/securitygroups-k8s-sto4.tf +++ b/IaC-test/securitygroups-k8s-sto4.tf @@ -39,7 +39,7 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_rule_v6_sto4" { security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } -resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco" { +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dco_to_sto4" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) direction = "ingress" ethertype = "IPv4" @@ -51,7 +51,7 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v4_dc security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } -resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco" { +resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dco_to_sto4" { count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.controller-nodes) direction = "ingress" ethertype = "IPv6" @@ -63,27 +63,51 @@ resource "openstack_networking_secgroup_rule_v2" "microk8s_controller_rule_v6_dc security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } -resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto4" { +# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +# direction = "ingress" +# ethertype = "IPv4" +# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] +# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# provider = openstack.sto4 +# remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) +# security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id +#} +# +#resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto4" { +# count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +# direction = "ingress" +# ethertype = "IPv6" +# protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] +# port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] +# provider = openstack.sto4 +# remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) +# security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id +#} + +resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v4_dco_to_sto4" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" ethertype = "IPv4" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] provider = openstack.sto4 - remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v4, "32" ]) + remote_ip_prefix = join("/", [ resource.openstack_compute_instance_v2.worker-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-dco)].access_ip_v4, "32" ]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } -resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco" { - count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes) +resource "openstack_networking_secgroup_rule_v2" "microk8s_worker_rule_v6_dco_to_sto4" { + count = length(var.k8sports) * length(resource.openstack_compute_instance_v2.worker-nodes-dco) direction = "ingress" ethertype = "IPv6" - protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0]] - port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] - port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes))])[0] + protocol = var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))][keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0]] + port_range_min = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] + port_range_max = keys(var.k8sports[floor(count.index/length(resource.openstack_compute_instance_v2.worker-nodes-dco))])[0] provider = openstack.sto4 - remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes[count.index % length(resource.openstack_compute_instance_v2.worker-nodes)].access_ip_v6, "/[\\[\\]']/",""), "128"]) + remote_ip_prefix = join("/",[ replace(resource.openstack_compute_instance_v2.worker-nodes-dco[count.index % length(resource.openstack_compute_instance_v2.worker-nodes-dco)].access_ip_v6, "/[\\[\\]']/",""), "128"]) security_group_id = openstack_networking_secgroup_v2.microk8s-sto4.id } diff --git a/IaC-test/servergroups-dco.tf b/IaC-test/servergroups-dco.tf new file mode 100644 index 0000000..92b3b68 --- /dev/null +++ b/IaC-test/servergroups-dco.tf @@ -0,0 +1,11 @@ +resource "openstack_compute_servergroup_v2" "workers-dco" { + name = "workers" + policies = ["anti-affinity"] + provider = openstack.dco +} +resource "openstack_compute_servergroup_v2" "controllers-dco" { + name = "controllers" + policies = ["anti-affinity"] + provider = openstack.dco +} + diff --git a/IaC-test/vars.tf b/IaC-test/vars.tf index abaa52f..fee64db 100644 --- a/IaC-test/vars.tf +++ b/IaC-test/vars.tf @@ -34,7 +34,7 @@ variable "keynameworkers" { } variable "worker_instance_count" { - default = "1" + default = "0" } # Replicas per datacenter