diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf index 72c0bea8b..b916470e7 100644 --- a/contrib/terraform/openstack/modules/compute/main.tf +++ b/contrib/terraform/openstack/modules/compute/main.tf @@ -9,12 +9,12 @@ resource "openstack_networking_secgroup_v2" "k8s_master" { } resource "openstack_networking_secgroup_rule_v2" "k8s_master" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = "6443" - port_range_max = "6443" - remote_ip_prefix = "0.0.0.0/0" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = "6443" + port_range_max = "6443" + remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.k8s_master.id}" } @@ -24,13 +24,13 @@ resource "openstack_networking_secgroup_v2" "bastion" { } resource "openstack_networking_secgroup_rule_v2" "bastion" { - count = "${length(var.bastion_allowed_remote_ips)}" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = "22" - port_range_max = "22" - remote_ip_prefix = "${var.bastion_allowed_remote_ips[count.index]}" + count = "${length(var.bastion_allowed_remote_ips)}" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = "22" + port_range_max = "22" + remote_ip_prefix = "${var.bastion_allowed_remote_ips[count.index]}" security_group_id = "${openstack_networking_secgroup_v2.bastion.id}" } @@ -40,9 +40,9 @@ resource "openstack_networking_secgroup_v2" "k8s" { } resource "openstack_networking_secgroup_rule_v2" "k8s" { - direction = "ingress" - ethertype = "IPv4" - remote_group_id = "${openstack_networking_secgroup_v2.k8s.id}" + direction = "ingress" + ethertype = "IPv4" + remote_group_id = "${openstack_networking_secgroup_v2.k8s.id}" security_group_id = "${openstack_networking_secgroup_v2.k8s.id}" } @@ -52,13 +52,13 @@ resource "openstack_networking_secgroup_v2" "worker" { } resource "openstack_networking_secgroup_rule_v2" "worker" { - count = "${length(var.worker_allowed_ports)}" - direction = "ingress" - ethertype = "IPv4" - protocol = "${lookup(var.worker_allowed_ports[count.index], "protocol", "tcp")}" - port_range_min = "${lookup(var.worker_allowed_ports[count.index], "port_range_min")}" - port_range_max = "${lookup(var.worker_allowed_ports[count.index], "port_range_max")}" - remote_ip_prefix = "${lookup(var.worker_allowed_ports[count.index], "remote_ip_prefix", "0.0.0.0/0")}" + count = "${length(var.worker_allowed_ports)}" + direction = "ingress" + ethertype = "IPv4" + protocol = "${lookup(var.worker_allowed_ports[count.index], "protocol", "tcp")}" + port_range_min = "${lookup(var.worker_allowed_ports[count.index], "port_range_min")}" + port_range_max = "${lookup(var.worker_allowed_ports[count.index], "port_range_max")}" + remote_ip_prefix = "${lookup(var.worker_allowed_ports[count.index], "remote_ip_prefix", "0.0.0.0/0")}" security_group_id = "${openstack_networking_secgroup_v2.worker.id}" } @@ -87,16 +87,15 @@ resource "openstack_compute_instance_v2" "bastion" { provisioner "local-exec" { command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${var.bastion_fips[0]}/ > contrib/terraform/group_vars/no-floating.yml" } - } resource "openstack_compute_instance_v2" "k8s_master" { - name = "${var.cluster_name}-k8s-master-${count.index+1}" - count = "${var.number_of_k8s_masters}" + name = "${var.cluster_name}-k8s-master-${count.index+1}" + count = "${var.number_of_k8s_masters}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_master}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_master}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -117,16 +116,15 @@ resource "openstack_compute_instance_v2" "k8s_master" { provisioner "local-exec" { command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml" } - } resource "openstack_compute_instance_v2" "k8s_master_no_etcd" { - name = "${var.cluster_name}-k8s-master-ne-${count.index+1}" - count = "${var.number_of_k8s_masters_no_etcd}" + name = "${var.cluster_name}-k8s-master-ne-${count.index+1}" + count = "${var.number_of_k8s_masters_no_etcd}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_master}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_master}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -146,16 +144,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" { provisioner "local-exec" { command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml" } - } resource "openstack_compute_instance_v2" "etcd" { - name = "${var.cluster_name}-etcd-${count.index+1}" - count = "${var.number_of_etcd}" + name = "${var.cluster_name}-etcd-${count.index+1}" + count = "${var.number_of_etcd}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_etcd}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_etcd}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -168,16 +165,15 @@ resource "openstack_compute_instance_v2" "etcd" { kubespray_groups = "etcd,vault,no-floating" depends_on = "${var.network_id}" } - } resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" { - name = "${var.cluster_name}-k8s-master-nf-${count.index+1}" - count = "${var.number_of_k8s_masters_no_floating_ip}" + name = "${var.cluster_name}-k8s-master-nf-${count.index+1}" + count = "${var.number_of_k8s_masters_no_floating_ip}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_master}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_master}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -193,16 +189,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" { kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" } - } resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" { - name = "${var.cluster_name}-k8s-master-ne-nf-${count.index+1}" - count = "${var.number_of_k8s_masters_no_floating_ip_no_etcd}" + name = "${var.cluster_name}-k8s-master-ne-nf-${count.index+1}" + count = "${var.number_of_k8s_masters_no_floating_ip_no_etcd}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_master}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_master}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -217,16 +212,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" { kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" } - } resource "openstack_compute_instance_v2" "k8s_node" { - name = "${var.cluster_name}-k8s-node-${count.index+1}" - count = "${var.number_of_k8s_nodes}" + name = "${var.cluster_name}-k8s-node-${count.index+1}" + count = "${var.number_of_k8s_nodes}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_node}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_node}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -247,16 +241,15 @@ resource "openstack_compute_instance_v2" "k8s_node" { provisioner "local-exec" { command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_node_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml" } - } resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" { - name = "${var.cluster_name}-k8s-node-nf-${count.index+1}" - count = "${var.number_of_k8s_nodes_no_floating_ip}" + name = "${var.cluster_name}-k8s-node-nf-${count.index+1}" + count = "${var.number_of_k8s_nodes_no_floating_ip}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image}" - flavor_id = "${var.flavor_k8s_node}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image}" + flavor_id = "${var.flavor_k8s_node}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -272,7 +265,6 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" { kubespray_groups = "kube-node,k8s-cluster,no-floating,${var.supplementary_node_groups}" depends_on = "${var.network_id}" } - } resource "openstack_compute_floatingip_associate_v2" "bastion" { @@ -301,12 +293,12 @@ resource "openstack_blockstorage_volume_v2" "glusterfs_volume" { } resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" { - name = "${var.cluster_name}-gfs-node-nf-${count.index+1}" - count = "${var.number_of_gfs_nodes_no_floating_ip}" + name = "${var.cluster_name}-gfs-node-nf-${count.index+1}" + count = "${var.number_of_gfs_nodes_no_floating_ip}" availability_zone = "${element(var.az_list, count.index)}" - image_name = "${var.image_gfs}" - flavor_id = "${var.flavor_gfs_node}" - key_pair = "${openstack_compute_keypair_v2.k8s.name}" + image_name = "${var.image_gfs}" + flavor_id = "${var.flavor_gfs_node}" + key_pair = "${openstack_compute_keypair_v2.k8s.name}" network { name = "${var.network_name}" @@ -321,7 +313,6 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" { kubespray_groups = "gfs-cluster,network-storage,no-floating" depends_on = "${var.network_id}" } - } resource "openstack_compute_volume_attach_v2" "glusterfs_volume" { diff --git a/contrib/terraform/openstack/modules/network/outputs.tf b/contrib/terraform/openstack/modules/network/outputs.tf index 8da4b6939..61aeef10d 100644 --- a/contrib/terraform/openstack/modules/network/outputs.tf +++ b/contrib/terraform/openstack/modules/network/outputs.tf @@ -4,7 +4,6 @@ output "router_id" { output "router_internal_port_id" { value = "${element(concat(openstack_networking_router_interface_v2.k8s.*.id, list("")), 0)}" - } output "subnet_id" { diff --git a/contrib/terraform/openstack/sample-inventory/cluster.tf b/contrib/terraform/openstack/sample-inventory/cluster.tf index 89d6ff6d8..1854e1fba 100644 --- a/contrib/terraform/openstack/sample-inventory/cluster.tf +++ b/contrib/terraform/openstack/sample-inventory/cluster.tf @@ -6,11 +6,13 @@ public_key_path = "~/.ssh/id_rsa.pub" # image to use for bastion, masters, standalone etcd instances, and nodes image = "" + # user on the node (ex. core on Container Linux, ubuntu on Ubuntu, etc.) ssh_user = "" # 0|1 bastion nodes number_of_bastions = 0 + #flavor_bastion = "" # standalone etcds @@ -18,14 +20,20 @@ number_of_etcd = 0 # masters number_of_k8s_masters = 1 + number_of_k8s_masters_no_etcd = 0 + number_of_k8s_masters_no_floating_ip = 0 + number_of_k8s_masters_no_floating_ip_no_etcd = 0 + flavor_k8s_master = "" # nodes number_of_k8s_nodes = 2 + number_of_k8s_nodes_no_floating_ip = 4 + #flavor_k8s_node = "" # GlusterFS @@ -40,7 +48,11 @@ number_of_k8s_nodes_no_floating_ip = 4 # networking network_name = "" + external_net = "" + subnet_cidr = "" + floatingip_pool = "" + bastion_allowed_remote_ips = ["0.0.0.0/0"] diff --git a/contrib/terraform/openstack/variables.tf b/contrib/terraform/openstack/variables.tf index c3758cf92..0cd7f0b18 100644 --- a/contrib/terraform/openstack/variables.tf +++ b/contrib/terraform/openstack/variables.tf @@ -4,8 +4,8 @@ variable "cluster_name" { variable "az_list" { description = "List of Availability Zones available in your OpenStack cluster" - type = "list" - default = ["nova"] + type = "list" + default = ["nova"] } variable "number_of_bastions" { @@ -110,8 +110,8 @@ variable "use_neutron" { variable "subnet_cidr" { description = "Subnet CIDR block." - type = "string" - default = "10.0.0.0/24" + type = "string" + default = "10.0.0.0/24" } variable "dns_nameservers" { @@ -131,28 +131,29 @@ variable "external_net" { variable "supplementary_master_groups" { description = "supplementary kubespray ansible groups for masters, such kube-node" - default = "" + default = "" } variable "supplementary_node_groups" { description = "supplementary kubespray ansible groups for worker nodes, such as kube-ingress" - default = "" + default = "" } variable "bastion_allowed_remote_ips" { description = "An array of CIDRs allowed to SSH to hosts" - type = "list" - default = ["0.0.0.0/0"] + type = "list" + default = ["0.0.0.0/0"] } variable "worker_allowed_ports" { type = "list" + default = [ { - "protocol" = "tcp" - "port_range_min" = 30000 - "port_range_max" = 32767 + "protocol" = "tcp" + "port_range_min" = 30000 + "port_range_max" = 32767 "remote_ip_prefix" = "0.0.0.0/0" - } + }, ] }