richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2466 Commits
29 Branches
81 Tags
149 MiB
Tree: bd1f0bcfd7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bd1f0bcfd7'
${ noResults }
kubespray/contrib/terraform/openstack/modules/compute/main.tf

280 lines
9.4 KiB
Raw Normal View History

Update OpenStack Terraform: Modules, Bastions, and New Floating IP config (#1958) * Adding bastion and private network provisioning for openstack terraform * Remove usage of floating-ip property * Combine openstack instances + floating ips * Fix relating floating IPs to hosts for openstack builds * Tighten up security groups Allow ssh into all instances with floating IP * Add the gluster hosts to the no-floating group * Break terraform into modules * Update README and var descriptions to match current config * Remove volume property in gluster compute def * Include cluster name in internal network and router names * Make dns_nameservers a variable
7 years ago
  3. variable user_data {
  4. type = "string"
  5. default = <<EOF
  6. #cloud-config
  7. manage_etc_hosts: localhost
  8. package_update: true
  9. package_upgrade: true
  10. EOF
  11. }
  12. resource "openstack_compute_keypair_v2" "k8s" {
  13. name = "kubernetes-${var.cluster_name}"
  14. public_key = "${chomp(file(var.public_key_path))}"
  15. }
  17. resource "openstack_compute_secgroup_v2" "k8s_master" {
  18. name = "${var.cluster_name}-k8s-master"
  19. description = "${var.cluster_name} - Kubernetes Master"
  20. rule {
  21. ip_protocol = "tcp"
  22. from_port = "6443"
  23. to_port = "6443"
  24. cidr = "0.0.0.0/0"
  25. }
  26. }
  28. resource "openstack_compute_secgroup_v2" "bastion" {
  29. name = "${var.cluster_name}-bastion"
  30. description = "${var.cluster_name} - Bastion Server"
  31. rule {
  32. ip_protocol = "tcp"
  33. from_port = "22"
  34. to_port = "22"
  35. cidr = "0.0.0.0/0"
  36. }
  37. }
  39. resource "openstack_compute_secgroup_v2" "k8s" {
  40. name = "${var.cluster_name}-k8s"
  41. description = "${var.cluster_name} - Kubernetes"
  42. rule {
  43. ip_protocol = "icmp"
  44. from_port = "-1"
  45. to_port = "-1"
  46. cidr = "0.0.0.0/0"
  47. }
  48. rule {
  49. ip_protocol = "tcp"
  50. from_port = "1"
  51. to_port = "65535"
  52. self = true
  53. }
  54. rule {
  55. ip_protocol = "udp"
  56. from_port = "1"
  57. to_port = "65535"
  58. self = true
  59. }
  60. rule {
  61. ip_protocol = "icmp"
  62. from_port = "-1"
  63. to_port = "-1"
  64. self = true
  65. }
  66. }
  68. resource "openstack_compute_instance_v2" "bastion" {
  69. name = "${var.cluster_name}-bastion-${count.index+1}"
  70. count = "${var.number_of_bastions}"
  71. image_name = "${var.image}"
  72. flavor_id = "${var.flavor_bastion}"
  73. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  74. network {
  75. name = "${var.network_name}"
  76. }
  77. security_groups = [ "${openstack_compute_secgroup_v2.k8s.name}",
  78. "${openstack_compute_secgroup_v2.bastion.name}",
  79. "default" ]
  80. metadata = {
  81. ssh_user = "${var.ssh_user}"
  82. kubespray_groups = "bastion"
  83. depends_on = "${var.network_id}"
  84. }
  86. provisioner "local-exec" {
  87. command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${var.bastion_fips[0]}/ > contrib/terraform/openstack/group_vars/no-floating.yml"
  88. }
  90. user_data = "${var.user_data}"
  91. }
  93. resource "openstack_compute_instance_v2" "k8s_master" {
  94. name = "${var.cluster_name}-k8s-master-${count.index+1}"
  95. count = "${var.number_of_k8s_masters}"
  96. image_name = "${var.image}"
  97. flavor_id = "${var.flavor_k8s_master}"
  98. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  99. network {
  100. name = "${var.network_name}"
  101. }
  102. security_groups = [ "${openstack_compute_secgroup_v2.k8s_master.name}",
  103. "${openstack_compute_secgroup_v2.bastion.name}",
  104. "${openstack_compute_secgroup_v2.k8s.name}",
  105. "default" ]
  106. metadata = {
  107. ssh_user = "${var.ssh_user}"
  108. kubespray_groups = "etcd,kube-master,kube-node,k8s-cluster,vault"
  109. depends_on = "${var.network_id}"
  110. }
  111. user_data = "${var.user_data}"
  112. }
  114. resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
  115. name = "${var.cluster_name}-k8s-master-ne-${count.index+1}"
  116. count = "${var.number_of_k8s_masters_no_etcd}"
  117. image_name = "${var.image}"
  118. flavor_id = "${var.flavor_k8s_master}"
  119. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  120. network {
  121. name = "${var.network_name}"
  122. }
  123. security_groups = [ "${openstack_compute_secgroup_v2.k8s_master.name}",
  124. "${openstack_compute_secgroup_v2.k8s.name}" ]
  125. metadata = {
  126. ssh_user = "${var.ssh_user}"
  127. kubespray_groups = "kube-master,kube-node,k8s-cluster,vault"
  128. depends_on = "${var.network_id}"
  129. }
  130. user_data = "${var.user_data}"
  131. }
  133. resource "openstack_compute_instance_v2" "etcd" {
  134. name = "${var.cluster_name}-etcd-${count.index+1}"
  135. count = "${var.number_of_etcd}"
  136. image_name = "${var.image}"
  137. flavor_id = "${var.flavor_etcd}"
  138. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  139. network {
  140. name = "${var.network_name}"
  141. }
  142. security_groups = [ "${openstack_compute_secgroup_v2.k8s.name}" ]
  143. metadata = {
  144. ssh_user = "${var.ssh_user}"
  145. kubespray_groups = "etcd,vault,no-floating"
  146. depends_on = "${var.network_id}"
  147. }
  148. user_data = "${var.user_data}"
  149. }
  152. resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
  153. name = "${var.cluster_name}-k8s-master-nf-${count.index+1}"
  154. count = "${var.number_of_k8s_masters_no_floating_ip}"
  155. image_name = "${var.image}"
  156. flavor_id = "${var.flavor_k8s_master}"
  157. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  158. network {
  159. name = "${var.network_name}"
  160. }
  161. security_groups = [ "${openstack_compute_secgroup_v2.k8s_master.name}",
  162. "${openstack_compute_secgroup_v2.k8s.name}",
  163. "default" ]
  164. metadata = {
  165. ssh_user = "${var.ssh_user}"
  166. kubespray_groups = "etcd,kube-master,kube-node,k8s-cluster,vault,no-floating"
  167. depends_on = "${var.network_id}"
  168. }
  169. user_data = "${var.user_data}"
  170. }
  172. resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
  173. name = "${var.cluster_name}-k8s-master-ne-nf-${count.index+1}"
  174. count = "${var.number_of_k8s_masters_no_floating_ip_no_etcd}"
  175. image_name = "${var.image}"
  176. flavor_id = "${var.flavor_k8s_master}"
  177. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  178. network {
  179. name = "${var.network_name}"
  180. }
  181. security_groups = [ "${openstack_compute_secgroup_v2.k8s_master.name}",
  182. "${openstack_compute_secgroup_v2.k8s.name}" ]
  183. metadata = {
  184. ssh_user = "${var.ssh_user}"
  185. kubespray_groups = "kube-master,kube-node,k8s-cluster,vault,no-floating"
  186. depends_on = "${var.network_id}"
  187. }
  188. user_data = "${var.user_data}"
  189. }
  192. resource "openstack_compute_instance_v2" "k8s_node" {
  193. name = "${var.cluster_name}-k8s-node-${count.index+1}"
  194. count = "${var.number_of_k8s_nodes}"
  195. image_name = "${var.image}"
  196. flavor_id = "${var.flavor_k8s_node}"
  197. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  198. network {
  199. name = "${var.network_name}"
  200. }
  201. security_groups = [ "${openstack_compute_secgroup_v2.k8s.name}",
  202. "${openstack_compute_secgroup_v2.bastion.name}",
  203. "default" ]
  204. metadata = {
  205. ssh_user = "${var.ssh_user}"
  206. kubespray_groups = "kube-node,k8s-cluster"
  207. depends_on = "${var.network_id}"
  208. }
  209. user_data = "${var.user_data}"
  210. }
  212. resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
  213. name = "${var.cluster_name}-k8s-node-nf-${count.index+1}"
  214. count = "${var.number_of_k8s_nodes_no_floating_ip}"
  215. image_name = "${var.image}"
  216. flavor_id = "${var.flavor_k8s_node}"
  217. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  218. network {
  219. name = "${var.network_name}"
  220. }
  221. security_groups = [ "${openstack_compute_secgroup_v2.k8s.name}",
  222. "default" ]
  223. metadata = {
  224. ssh_user = "${var.ssh_user}"
  225. kubespray_groups = "kube-node,k8s-cluster,no-floating"
  226. depends_on = "${var.network_id}"
  227. }
  228. user_data = "${var.user_data}"
  229. }
  231. resource "openstack_compute_floatingip_associate_v2" "bastion" {
  232. count = "${var.number_of_bastions}"
  233. floating_ip = "${var.bastion_fips[count.index]}"
  234. instance_id = "${element(openstack_compute_instance_v2.bastion.*.id, count.index)}"
  235. }
  237. resource "openstack_compute_floatingip_associate_v2" "k8s_master" {
  238. count = "${var.number_of_k8s_masters}"
  239. instance_id = "${element(openstack_compute_instance_v2.k8s_master.*.id, count.index)}"
  240. floating_ip = "${var.k8s_master_fips[count.index]}"
  241. }
  243. resource "openstack_compute_floatingip_associate_v2" "k8s_node" {
  244. count = "${var.number_of_k8s_nodes}"
  245. floating_ip = "${var.k8s_node_fips[count.index]}"
  246. instance_id = "${element(openstack_compute_instance_v2.k8s_node.*.id, count.index)}"
  247. }
  250. resource "openstack_blockstorage_volume_v2" "glusterfs_volume" {
  251. name = "${var.cluster_name}-glusterfs_volume-${count.index+1}"
  252. count = "${var.number_of_gfs_nodes_no_floating_ip}"
  253. description = "Non-ephemeral volume for GlusterFS"
  254. size = "${var.gfs_volume_size_in_gb}"
  255. }
  257. resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
  258. name = "${var.cluster_name}-gfs-node-nf-${count.index+1}"
  259. count = "${var.number_of_gfs_nodes_no_floating_ip}"
  260. image_name = "${var.image_gfs}"
  261. flavor_id = "${var.flavor_gfs_node}"
  262. key_pair = "${openstack_compute_keypair_v2.k8s.name}"
  263. network {
  264. name = "${var.network_name}"
  265. }
  266. security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
  267. "default" ]
  268. metadata = {
  269. ssh_user = "${var.ssh_user_gfs}"
  270. kubespray_groups = "gfs-cluster,network-storage,no-floating"
  271. depends_on = "${var.network_id}"
  272. }
  273. user_data = "#cloud-config\nmanage_etc_hosts: localhost\npackage_update: true\npackage_upgrade: true"
  274. }
  276. resource "openstack_compute_volume_attach_v2" "glusterfs_volume" {
  277. count = "${var.number_of_gfs_nodes_no_floating_ip}"
  278. instance_id = "${element(openstack_compute_instance_v2.glusterfs_node_no_floating_ip.*.id, count.index)}"
  279. volume_id = "${element(openstack_blockstorage_volume_v2.glusterfs_volume.*.id, count.index)}"
  280. }