From a8c5a0afdc1049b410ee4c14c4d2de48c2935884 Mon Sep 17 00:00:00 2001 From: Hugo Blom Date: Mon, 7 Oct 2019 13:09:09 +0200 Subject: [PATCH] Make it possible to disable access_ip (openstack provider) (#5239) * Add a variable do disable access_ip * Document the use of use_access_ip --- contrib/terraform/openstack/README.md | 5 ++++- contrib/terraform/openstack/kubespray.tf | 1 + .../openstack/modules/compute/main.tf | 20 ++++++++++++++++++- .../openstack/modules/compute/variables.tf | 2 ++ .../openstack/modules/ips/variables.tf | 2 +- contrib/terraform/openstack/variables.tf | 4 ++++ contrib/terraform/terraform.py | 5 +++++ 7 files changed, 36 insertions(+), 3 deletions(-) diff --git a/contrib/terraform/openstack/README.md b/contrib/terraform/openstack/README.md index acd00648a..8aebbf52b 100644 --- a/contrib/terraform/openstack/README.md +++ b/contrib/terraform/openstack/README.md @@ -426,7 +426,10 @@ resolvconf_mode: host_resolvconf ``` node_volume_attach_limit: 26 ``` - +- Disable access_ip, this will make all innternal cluster traffic to be sent over local network when a floating IP is attached (default this value is set to 1) +``` +use_access_ip: 0 +``` ### Deploy Kubernetes diff --git a/contrib/terraform/openstack/kubespray.tf b/contrib/terraform/openstack/kubespray.tf index f7ffaba56..b26961d6f 100644 --- a/contrib/terraform/openstack/kubespray.tf +++ b/contrib/terraform/openstack/kubespray.tf @@ -70,6 +70,7 @@ module "compute" { supplementary_node_groups = "${var.supplementary_node_groups}" worker_allowed_ports = "${var.worker_allowed_ports}" wait_for_floatingip = "${var.wait_for_floatingip}" + use_access_ip = "${var.use_access_ip}" network_id = "${module.network.router_id}" } diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf index abca8ab72..c181ccfe6 100644 --- a/contrib/terraform/openstack/modules/compute/main.tf +++ b/contrib/terraform/openstack/modules/compute/main.tf @@ -114,6 +114,7 @@ resource "openstack_compute_instance_v2" "bastion" { ssh_user = "${var.ssh_user}" kubespray_groups = "bastion" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -149,6 +150,7 @@ resource "openstack_compute_instance_v2" "bastion_custom_volume_size" { ssh_user = "${var.ssh_user}" kubespray_groups = "bastion" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -176,6 +178,7 @@ resource "openstack_compute_instance_v2" "k8s_master" { ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -212,8 +215,9 @@ resource "openstack_compute_instance_v2" "k8s_master_custom_volume_size" { ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } - + provisioner "local-exec" { command = "sed s/USER/${var.ssh_user}/ ../../contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > group_vars/no-floating.yml" } @@ -239,6 +243,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" { ssh_user = "${var.ssh_user}" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -275,6 +280,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd_custom_volume_size" ssh_user = "${var.ssh_user}" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -300,6 +306,7 @@ resource "openstack_compute_instance_v2" "etcd" { ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -330,6 +337,7 @@ resource "openstack_compute_instance_v2" "etcd_custom_volume_size" { ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -353,6 +361,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" { ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -385,6 +394,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_custom_volum ssh_user = "${var.ssh_user}" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -408,6 +418,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" { ssh_user = "${var.ssh_user}" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -440,6 +451,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd_cust ssh_user = "${var.ssh_user}" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -463,6 +475,7 @@ resource "openstack_compute_instance_v2" "k8s_node" { ssh_user = "${var.ssh_user}" kubespray_groups = "kube-node,k8s-cluster,${var.supplementary_node_groups}" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -499,6 +512,7 @@ resource "openstack_compute_instance_v2" "k8s_node_custom_volume_size" { ssh_user = "${var.ssh_user}" kubespray_groups = "kube-node,k8s-cluster,${var.supplementary_node_groups}" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } provisioner "local-exec" { @@ -526,6 +540,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" { ssh_user = "${var.ssh_user}" kubespray_groups = "kube-node,k8s-cluster,no-floating,${var.supplementary_node_groups}" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -558,6 +573,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip_custom_volume_ ssh_user = "${var.ssh_user}" kubespray_groups = "kube-node,k8s-cluster,no-floating,${var.supplementary_node_groups}" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -647,6 +663,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" { ssh_user = "${var.ssh_user_gfs}" kubespray_groups = "gfs-cluster,network-storage,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } @@ -677,6 +694,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip_custom_v ssh_user = "${var.ssh_user_gfs}" kubespray_groups = "gfs-cluster,network-storage,no-floating" depends_on = "${var.network_id}" + use_access_ip = "${var.use_access_ip}" } } diff --git a/contrib/terraform/openstack/modules/compute/variables.tf b/contrib/terraform/openstack/modules/compute/variables.tf index 06d48aa5a..4a9680e6f 100644 --- a/contrib/terraform/openstack/modules/compute/variables.tf +++ b/contrib/terraform/openstack/modules/compute/variables.tf @@ -105,3 +105,5 @@ variable "supplementary_node_groups" { variable "worker_allowed_ports" { type = "list" } + +variable "use_access_ip" {} \ No newline at end of file diff --git a/contrib/terraform/openstack/modules/ips/variables.tf b/contrib/terraform/openstack/modules/ips/variables.tf index acc3ced38..a2cb54538 100644 --- a/contrib/terraform/openstack/modules/ips/variables.tf +++ b/contrib/terraform/openstack/modules/ips/variables.tf @@ -14,4 +14,4 @@ variable "network_name" {} variable "router_id" { default = "" -} +} \ No newline at end of file diff --git a/contrib/terraform/openstack/variables.tf b/contrib/terraform/openstack/variables.tf index b22ac5b14..218c82add 100644 --- a/contrib/terraform/openstack/variables.tf +++ b/contrib/terraform/openstack/variables.tf @@ -206,3 +206,7 @@ variable "worker_allowed_ports" { }, ] } + +variable "use_access_ip" { + default = 1 +} diff --git a/contrib/terraform/terraform.py b/contrib/terraform/terraform.py index f339539f2..fa490d816 100755 --- a/contrib/terraform/terraform.py +++ b/contrib/terraform/terraform.py @@ -339,14 +339,19 @@ def iter_host_ips(hosts, ips): '''Update hosts that have an entry in the floating IP list''' for host in hosts: host_id = host[1]['id'] + use_access_ip = host[1]['metadata']['use_access_ip'] if host_id in ips: ip = ips[host_id] + host[1].update({ 'access_ip_v4': ip, 'access_ip': ip, 'public_ipv4': ip, 'ansible_ssh_host': ip, }) + + if use_access_ip == "0": + host[1].pop('access_ip') yield host