Setup resource and data sources and refactor controller setup
This commit is contained in:
parent
45d7f9b334
commit
be6e9b21ae
5
IaC/images.tf
Normal file
5
IaC/images.tf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Default os version
|
||||||
|
data "openstack_images_image_v2" "debian12image" {
|
||||||
|
name = "debian-12" # Name of image to be used
|
||||||
|
most_recent = true
|
||||||
|
}
|
3
IaC/network.tf
Normal file
3
IaC/network.tf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
data "openstack_networking_network_v2" "public" {
|
||||||
|
name = "public" # Name of network to use.
|
||||||
|
}
|
53
IaC/nodes.tf
53
IaC/nodes.tf
|
@ -1,26 +1,59 @@
|
||||||
|
|
||||||
|
#
|
||||||
|
# Controller node resources
|
||||||
|
#
|
||||||
|
|
||||||
|
resource "openstack_networking_port_v2" "kubeport" {
|
||||||
|
name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-port"
|
||||||
|
# We create as many ports as there are instances created
|
||||||
|
count = var.controller_instance_count
|
||||||
|
network_id = data.openstack_networking_network_v2.public.id
|
||||||
|
# A list of security group ID
|
||||||
|
security_group_ids = [
|
||||||
|
data.openstack_networking_secgroup_v2.sshfromjumphosts.id,
|
||||||
|
data.openstack_networking_secgroup_v2.allegress.id,
|
||||||
|
resource.openstack_networking_secgroup_v2.microk8s.id
|
||||||
|
]
|
||||||
|
admin_state_up = "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_blockstorage_volume_v3" "kubecvolumeboot" {
|
||||||
|
count = var.controller_instance_count # size of cluster
|
||||||
|
name = "${var.controller_name}${count.index+1}-${replace(var.dns_suffix,".","-")}-vol"
|
||||||
|
description = "OS volume for kubernetes control node ${count.index + 1}"
|
||||||
|
size = 100
|
||||||
|
image_id = data.openstack_images_image_v2.debian12image.id
|
||||||
|
enable_online_resize = true # Allow us to resize volume while attached.
|
||||||
|
}
|
||||||
|
|
||||||
resource "openstack_compute_instance_v2" "controller-nodes" {
|
resource "openstack_compute_instance_v2" "controller-nodes" {
|
||||||
count = var.controller_instance_count
|
count = var.controller_instance_count
|
||||||
name = "${var.controller_name}-${count.index}.${var.dns_suffix}"
|
name = "${var.controller_name}${count.index+1}.${var.dns_suffix}"
|
||||||
flavor_name = "${var.controller_instance_type}"
|
flavor_name = "${var.controller_instance_type}"
|
||||||
key_pair = "${var.keyname}"
|
key_pair = "${var.keyname}"
|
||||||
security_groups = ["https", "microk8s", "Allow SSH from SUNET jumphosts", "Allow ssh from the world"]
|
security_groups = [
|
||||||
|
data.openstack_networking_secgroup_v2.sshfromjumphosts.name,
|
||||||
|
data.openstack_networking_secgroup_v2.allegress.name,
|
||||||
|
resource.openstack_networking_secgroup_v2.microk8s.name
|
||||||
|
]
|
||||||
block_device {
|
block_device {
|
||||||
uuid = "5d24aca9-11be-4de1-9770-4a097d68f361"
|
uuid = resource.openstack_blockstorage_volume_v3.kubecvolumeboot[count.index].id
|
||||||
source_type = "image"
|
source_type = "volume"
|
||||||
volume_size = 20
|
|
||||||
boot_index = 0
|
|
||||||
destination_type = "volume"
|
destination_type = "volume"
|
||||||
delete_on_termination = true
|
boot_index = 0
|
||||||
}
|
}
|
||||||
scheduler_hints {
|
scheduler_hints {
|
||||||
group = openstack_compute_servergroup_v2.controllers.id
|
group = openstack_compute_servergroup_v2.controllers.id
|
||||||
}
|
}
|
||||||
network {
|
network {
|
||||||
name = "public"
|
port = resource.openstack_networking_port_v2.kubeport[count.index].id
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Worker node resources
|
||||||
|
#
|
||||||
|
|
||||||
resource "openstack_compute_instance_v2" "worker-nodes" {
|
resource "openstack_compute_instance_v2" "worker-nodes" {
|
||||||
count = var.worker_instance_count
|
count = var.worker_instance_count
|
||||||
name = "${var.worker_name}-${count.index}.${var.dns_suffix}"
|
name = "${var.worker_name}-${count.index}.${var.dns_suffix}"
|
||||||
|
|
|
@ -1,3 +1,17 @@
|
||||||
|
# Datasource of sunet ssh-from-jumphost security group.
|
||||||
|
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
|
||||||
|
name = "ssh-from-jumphost"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "openstack_networking_secgroup_v2" "allegress" {
|
||||||
|
name = "allegress"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_secgroup_v2" "microk8s" {
|
||||||
|
name = "microk8s"
|
||||||
|
description = "Traffic to allow between microk8s hosts"
|
||||||
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
|
resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
|
||||||
#We never know where Richard is, so allow from all of the known internet
|
#We never know where Richard is, so allow from all of the known internet
|
||||||
direction = "ingress"
|
direction = "ingress"
|
||||||
|
|
|
@ -7,7 +7,3 @@ resource "openstack_compute_servergroup_v2" "controllers" {
|
||||||
policies = ["anti-affinity"]
|
policies = ["anti-affinity"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_secgroup_v2" "microk8s" {
|
|
||||||
name = "microk8s"
|
|
||||||
description = "Traffic to allow between microk8s hosts"
|
|
||||||
}
|
|
||||||
|
|
13
IaC/vars.tf
13
IaC/vars.tf
|
@ -18,18 +18,19 @@ variable "controller_instance_count" {
|
||||||
variable "controller_instance_type" {
|
variable "controller_instance_type" {
|
||||||
default = "b2.c2r4"
|
default = "b2.c2r4"
|
||||||
}
|
}
|
||||||
variable "monitor_instance_type" {
|
|
||||||
default = "b2.c2r4"
|
|
||||||
}
|
|
||||||
variable "worker_instance_type" {
|
variable "worker_instance_type" {
|
||||||
default = "b2.c4r16"
|
default = "b2.c4r16"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "worker_name" {
|
variable "worker_name" {
|
||||||
default = "internal-sto4-test-k8sw"
|
default = "k8sw"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "controller_name" {
|
variable "controller_name" {
|
||||||
default = "internal-sto4-test-k8sc"
|
default = "k8sc"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "dns_suffix" {
|
variable "dns_suffix" {
|
||||||
default = "rut.sunet.se"
|
default = "matrix-test.sunet.se"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue