diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a671ca0f0..11eb67ec0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -769,6 +769,7 @@ tox-inventory-builder: stage: unit-tests script: - terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER + - terraform fmt -check -diff ../../contrib/terraform/$PROVIDER .terraform_apply: &terraform_apply <<: *terraform_install diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf index 1ff584f0c..ebfd99701 100644 --- a/contrib/terraform/aws/create-infrastructure.tf +++ b/contrib/terraform/aws/create-infrastructure.tf @@ -1,11 +1,11 @@ terraform { - required_version = ">= 0.8.7" + required_version = ">= 0.8.7" } provider "aws" { - access_key = "${var.AWS_ACCESS_KEY_ID}" - secret_key = "${var.AWS_SECRET_ACCESS_KEY}" - region = "${var.AWS_DEFAULT_REGION}" + access_key = "${var.AWS_ACCESS_KEY_ID}" + secret_key = "${var.AWS_SECRET_ACCESS_KEY}" + region = "${var.AWS_DEFAULT_REGION}" } data "aws_availability_zones" "available" {} @@ -18,33 +18,30 @@ data "aws_availability_zones" "available" {} module "aws-vpc" { source = "modules/vpc" - aws_cluster_name = "${var.aws_cluster_name}" - aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}" - aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}" - aws_cidr_subnets_private="${var.aws_cidr_subnets_private}" - aws_cidr_subnets_public="${var.aws_cidr_subnets_public}" - default_tags="${var.default_tags}" - + aws_cluster_name = "${var.aws_cluster_name}" + aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}" + aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}" + aws_cidr_subnets_private = "${var.aws_cidr_subnets_private}" + aws_cidr_subnets_public = "${var.aws_cidr_subnets_public}" + default_tags = "${var.default_tags}" } - module "aws-elb" { source = "modules/elb" - aws_cluster_name="${var.aws_cluster_name}" - aws_vpc_id="${module.aws-vpc.aws_vpc_id}" - aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}" - aws_subnet_ids_public="${module.aws-vpc.aws_subnet_ids_public}" - aws_elb_api_port = "${var.aws_elb_api_port}" - k8s_secure_api_port = "${var.k8s_secure_api_port}" - default_tags="${var.default_tags}" - + aws_cluster_name = "${var.aws_cluster_name}" + aws_vpc_id = "${module.aws-vpc.aws_vpc_id}" + aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}" + aws_subnet_ids_public = "${module.aws-vpc.aws_subnet_ids_public}" + aws_elb_api_port = "${var.aws_elb_api_port}" + k8s_secure_api_port = "${var.k8s_secure_api_port}" + default_tags = "${var.default_tags}" } module "aws-iam" { source = "modules/iam" - aws_cluster_name="${var.aws_cluster_name}" + aws_cluster_name = "${var.aws_cluster_name}" } /* @@ -53,50 +50,44 @@ module "aws-iam" { */ resource "aws_instance" "bastion-server" { - ami = "${data.aws_ami.distro.id}" - instance_type = "${var.aws_bastion_size}" - count = "${length(var.aws_cidr_subnets_public)}" - associate_public_ip_address = true - availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" - subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}" + ami = "${data.aws_ami.distro.id}" + instance_type = "${var.aws_bastion_size}" + count = "${length(var.aws_cidr_subnets_public)}" + associate_public_ip_address = true + availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" + subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}" + vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"] - vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] + key_name = "${var.AWS_SSH_KEY_NAME}" - key_name = "${var.AWS_SSH_KEY_NAME}" - - tags = "${merge(var.default_tags, map( + tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}", "Cluster", "${var.aws_cluster_name}", "Role", "bastion-${var.aws_cluster_name}-${count.index}" ))}" } - /* * Create K8s Master and worker nodes and etcd instances * */ resource "aws_instance" "k8s-master" { - ami = "${data.aws_ami.distro.id}" - instance_type = "${var.aws_kube_master_size}" + ami = "${data.aws_ami.distro.id}" + instance_type = "${var.aws_kube_master_size}" - count = "${var.aws_kube_master_num}" + count = "${var.aws_kube_master_num}" + availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" + subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" - availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" - subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" + vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"] + iam_instance_profile = "${module.aws-iam.kube-master-profile}" + key_name = "${var.AWS_SSH_KEY_NAME}" - vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] - - - iam_instance_profile = "${module.aws-iam.kube-master-profile}" - key_name = "${var.AWS_SSH_KEY_NAME}" - - - tags = "${merge(var.default_tags, map( + tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-master${count.index}", "kubernetes.io/cluster/${var.aws_cluster_name}", "member", "Role", "master" @@ -104,88 +95,77 @@ resource "aws_instance" "k8s-master" { } resource "aws_elb_attachment" "attach_master_nodes" { - count = "${var.aws_kube_master_num}" + count = "${var.aws_kube_master_num}" elb = "${module.aws-elb.aws_elb_api_id}" instance = "${element(aws_instance.k8s-master.*.id,count.index)}" } - resource "aws_instance" "k8s-etcd" { - ami = "${data.aws_ami.distro.id}" - instance_type = "${var.aws_etcd_size}" + ami = "${data.aws_ami.distro.id}" + instance_type = "${var.aws_etcd_size}" - count = "${var.aws_etcd_num}" + count = "${var.aws_etcd_num}" + availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" + subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" - availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" - subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" + vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"] + key_name = "${var.AWS_SSH_KEY_NAME}" - vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] - - key_name = "${var.AWS_SSH_KEY_NAME}" - - tags = "${merge(var.default_tags, map( + tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}", "kubernetes.io/cluster/${var.aws_cluster_name}", "member", "Role", "etcd" ))}" - } - resource "aws_instance" "k8s-worker" { - ami = "${data.aws_ami.distro.id}" - instance_type = "${var.aws_kube_worker_size}" + ami = "${data.aws_ami.distro.id}" + instance_type = "${var.aws_kube_worker_size}" - count = "${var.aws_kube_worker_num}" + count = "${var.aws_kube_worker_num}" - availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" - subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" + availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" + subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" - vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] + vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"] - iam_instance_profile = "${module.aws-iam.kube-worker-profile}" - key_name = "${var.AWS_SSH_KEY_NAME}" + iam_instance_profile = "${module.aws-iam.kube-worker-profile}" + key_name = "${var.AWS_SSH_KEY_NAME}" - - tags = "${merge(var.default_tags, map( + tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}", "kubernetes.io/cluster/${var.aws_cluster_name}", "member", "Role", "worker" ))}" - } - - /* * Create Kubespray Inventory File * */ data "template_file" "inventory" { - template = "${file("${path.module}/templates/inventory.tpl")}" - - vars { - public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}" - connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}" - connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}" - connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}" - list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}" - list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}" - list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}" - elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\"" - } + template = "${file("${path.module}/templates/inventory.tpl")}" + vars { + public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}" + connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}" + connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}" + connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}" + list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}" + list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}" + list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}" + elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\"" + } } resource "null_resource" "inventories" { provisioner "local-exec" { - command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}" + command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}" } triggers { - template = "${data.template_file.inventory.rendered}" + template = "${data.template_file.inventory.rendered}" } - } diff --git a/contrib/terraform/aws/modules/elb/main.tf b/contrib/terraform/aws/modules/elb/main.tf index a2a6f69a1..48b8e3df7 100644 --- a/contrib/terraform/aws/modules/elb/main.tf +++ b/contrib/terraform/aws/modules/elb/main.tf @@ -1,55 +1,54 @@ resource "aws_security_group" "aws-elb" { - name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" - vpc_id = "${var.aws_vpc_id}" + name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" + vpc_id = "${var.aws_vpc_id}" - tags = "${merge(var.default_tags, map( + tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb" ))}" } - resource "aws_security_group_rule" "aws-allow-api-access" { - type = "ingress" - from_port = "${var.aws_elb_api_port}" - to_port = "${var.k8s_secure_api_port}" - protocol = "TCP" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.aws-elb.id}" + type = "ingress" + from_port = "${var.aws_elb_api_port}" + to_port = "${var.k8s_secure_api_port}" + protocol = "TCP" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = "${aws_security_group.aws-elb.id}" } resource "aws_security_group_rule" "aws-allow-api-egress" { - type = "egress" - from_port = 0 - to_port = 65535 - protocol = "TCP" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.aws-elb.id}" + type = "egress" + from_port = 0 + to_port = 65535 + protocol = "TCP" + cidr_blocks = ["0.0.0.0/0"] + security_group_id = "${aws_security_group.aws-elb.id}" } # Create a new AWS ELB for K8S API resource "aws_elb" "aws-elb-api" { - name = "kubernetes-elb-${var.aws_cluster_name}" - subnets = ["${var.aws_subnet_ids_public}"] + name = "kubernetes-elb-${var.aws_cluster_name}" + subnets = ["${var.aws_subnet_ids_public}"] security_groups = ["${aws_security_group.aws-elb.id}"] listener { - instance_port = "${var.k8s_secure_api_port}" + instance_port = "${var.k8s_secure_api_port}" instance_protocol = "tcp" - lb_port = "${var.aws_elb_api_port}" - lb_protocol = "tcp" + lb_port = "${var.aws_elb_api_port}" + lb_protocol = "tcp" } health_check { - healthy_threshold = 2 + healthy_threshold = 2 unhealthy_threshold = 2 - timeout = 3 - target = "TCP:${var.k8s_secure_api_port}" - interval = 30 + timeout = 3 + target = "TCP:${var.k8s_secure_api_port}" + interval = 30 } - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true + cross_zone_load_balancing = true + idle_timeout = 400 + connection_draining = true connection_draining_timeout = 400 tags = "${merge(var.default_tags, map( diff --git a/contrib/terraform/aws/modules/elb/outputs.tf b/contrib/terraform/aws/modules/elb/outputs.tf index 075c751e4..3f3d790e3 100644 --- a/contrib/terraform/aws/modules/elb/outputs.tf +++ b/contrib/terraform/aws/modules/elb/outputs.tf @@ -1,7 +1,7 @@ output "aws_elb_api_id" { - value = "${aws_elb.aws-elb-api.id}" + value = "${aws_elb.aws-elb-api.id}" } output "aws_elb_api_fqdn" { - value = "${aws_elb.aws-elb-api.dns_name}" + value = "${aws_elb.aws-elb-api.dns_name}" } diff --git a/contrib/terraform/aws/modules/elb/variables.tf b/contrib/terraform/aws/modules/elb/variables.tf index 1ed9edd40..4395e7132 100644 --- a/contrib/terraform/aws/modules/elb/variables.tf +++ b/contrib/terraform/aws/modules/elb/variables.tf @@ -1,33 +1,30 @@ variable "aws_cluster_name" { - description = "Name of Cluster" + description = "Name of Cluster" } variable "aws_vpc_id" { - description = "AWS VPC ID" + description = "AWS VPC ID" } variable "aws_elb_api_port" { - description = "Port for AWS ELB" + description = "Port for AWS ELB" } variable "k8s_secure_api_port" { - description = "Secure Port of K8S API Server" + description = "Secure Port of K8S API Server" } - - variable "aws_avail_zones" { - description = "Availability Zones Used" - type = "list" + description = "Availability Zones Used" + type = "list" } - variable "aws_subnet_ids_public" { - description = "IDs of Public Subnets" - type = "list" + description = "IDs of Public Subnets" + type = "list" } variable "default_tags" { - description = "Tags for all resources" - type = "map" + description = "Tags for all resources" + type = "map" } diff --git a/contrib/terraform/aws/modules/iam/main.tf b/contrib/terraform/aws/modules/iam/main.tf index 7818d7b0f..6fa233e49 100644 --- a/contrib/terraform/aws/modules/iam/main.tf +++ b/contrib/terraform/aws/modules/iam/main.tf @@ -1,8 +1,9 @@ #Add AWS Roles for Kubernetes resource "aws_iam_role" "kube-master" { - name = "kubernetes-${var.aws_cluster_name}-master" - assume_role_policy = <