C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[Openstack] master foreach and fixes (#8709)

Browse source 
* [openstack] fix for new network modules

* [openstack] for-each master nodes
This commit is contained in:
Robin Wallace 2022-05-03 17:51:56 +02:00 committed by GitHub
parent 9605bbaa67
commit fe66121287
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 243 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
contrib/terraform/openstack/README.md
View file

@ -248,6 +248,7 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
|`cluster_name` | All OpenStack resources will use the Terraform variable`cluster_name` (default`example`) in their name to make it easier to track. For example the first compute resource will be named`example-kubernetes-1`. | |`cluster_name` | All OpenStack resources will use the Terraform variable`cluster_name` (default`example`) in their name to make it easier to track. For example the first compute resource will be named`example-kubernetes-1`. |
|`az_list` | List of Availability Zones available in your OpenStack cluster. | |`az_list` | List of Availability Zones available in your OpenStack cluster. |
|`network_name` | The name to be given to the internal network that will be generated | |`network_name` | The name to be given to the internal network that will be generated |
|`use_existing_network`| Use an existing network with the name of `network_name`. `false` by default |
|`network_dns_domain` | (Optional) The dns_domain for the internal network that will be generated | |`network_dns_domain` | (Optional) The dns_domain for the internal network that will be generated |
|`dns_nameservers`| An array of DNS name server names to be used by hosts in the internal subnet. | |`dns_nameservers`| An array of DNS name server names to be used by hosts in the internal subnet. |
|`floatingip_pool` | Name of the pool from which floating IPs will be allocated | |`floatingip_pool` | Name of the pool from which floating IPs will be allocated |
@ -284,7 +285,9 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
|`etcd_server_group_policy` | Enable and use openstack nova servergroups for etcd with set policy, default: "" (disabled) | |`etcd_server_group_policy` | Enable and use openstack nova servergroups for etcd with set policy, default: "" (disabled) |
|`use_access_ip` | If 1, nodes with floating IPs will transmit internal cluster traffic via floating IPs; if 0 private IPs will be used instead. Default value is 1. | |`use_access_ip` | If 1, nodes with floating IPs will transmit internal cluster traffic via floating IPs; if 0 private IPs will be used instead. Default value is 1. |
|`port_security_enabled` | Allow to disable port security by setting this to `false`. `true` by default | |`port_security_enabled` | Allow to disable port security by setting this to `false`. `true` by default |
|`force_null_port_security` | Set `null` instead of `true` or `false` for `port_security`. `false` by default |
|`k8s_nodes` | Map containing worker node definition, see explanation below | |`k8s_nodes` | Map containing worker node definition, see explanation below |
|`k8s_masters` | Map containing master node definition, see explanation for k8s_nodes and `sample-inventory/cluster.tfvars` |
##### k8s_nodes ##### k8s_nodes

9
contrib/terraform/openstack/kubespray.tf
View file

@ -24,6 +24,7 @@ module "ips" {
network_name = var.network_name network_name = var.network_name
router_id = module.network.router_id router_id = module.network.router_id
k8s_nodes = var.k8s_nodes k8s_nodes = var.k8s_nodes
k8s_masters = var.k8s_masters
k8s_master_fips = var.k8s_master_fips k8s_master_fips = var.k8s_master_fips
bastion_fips = var.bastion_fips bastion_fips = var.bastion_fips
router_internal_port_id = module.network.router_internal_port_id router_internal_port_id = module.network.router_internal_port_id
@ -44,6 +45,7 @@ module "compute" {
number_of_bastions = var.number_of_bastions number_of_bastions = var.number_of_bastions
number_of_k8s_nodes_no_floating_ip = var.number_of_k8s_nodes_no_floating_ip number_of_k8s_nodes_no_floating_ip = var.number_of_k8s_nodes_no_floating_ip
number_of_gfs_nodes_no_floating_ip = var.number_of_gfs_nodes_no_floating_ip number_of_gfs_nodes_no_floating_ip = var.number_of_gfs_nodes_no_floating_ip
k8s_masters = var.k8s_masters
k8s_nodes = var.k8s_nodes k8s_nodes = var.k8s_nodes
bastion_root_volume_size_in_gb = var.bastion_root_volume_size_in_gb bastion_root_volume_size_in_gb = var.bastion_root_volume_size_in_gb
etcd_root_volume_size_in_gb = var.etcd_root_volume_size_in_gb etcd_root_volume_size_in_gb = var.etcd_root_volume_size_in_gb
@ -70,6 +72,7 @@ module "compute" {
flavor_bastion = var.flavor_bastion flavor_bastion = var.flavor_bastion
k8s_master_fips = module.ips.k8s_master_fips k8s_master_fips = module.ips.k8s_master_fips
k8s_master_no_etcd_fips = module.ips.k8s_master_no_etcd_fips k8s_master_no_etcd_fips = module.ips.k8s_master_no_etcd_fips
k8s_masters_fips = module.ips.k8s_masters_fips
k8s_node_fips = module.ips.k8s_node_fips k8s_node_fips = module.ips.k8s_node_fips
k8s_nodes_fips = module.ips.k8s_nodes_fips k8s_nodes_fips = module.ips.k8s_nodes_fips
bastion_fips = module.ips.bastion_fips bastion_fips = module.ips.bastion_fips
@ -89,8 +92,10 @@ module "compute" {
extra_sec_groups_name = var.extra_sec_groups_name extra_sec_groups_name = var.extra_sec_groups_name
group_vars_path = var.group_vars_path group_vars_path = var.group_vars_path
port_security_enabled = var.port_security_enabled port_security_enabled = var.port_security_enabled
force_null_port_security = var.force_null_port_security
network_id = module.network.router_id network_router_id = module.network.router_id
network_id = module.network.network_id
use_existing_network = var.use_existing_network
} }
output "private_subnet_id" { output "private_subnet_id" {

185
contrib/terraform/openstack/modules/compute/main.tf
View file

@ -20,6 +20,7 @@ data "template_file" "cloudinit" {
} }
data "openstack_networking_network_v2" "k8s_network" { data "openstack_networking_network_v2" "k8s_network" {
count = var.use_existing_network ? 1 : 0
name = var.network_name name = var.network_name
} }
@ -158,25 +159,25 @@ resource "openstack_compute_servergroup_v2" "k8s_etcd" {
locals { locals {
# master groups # master groups
master_sec_groups = compact([ master_sec_groups = compact([
openstack_networking_secgroup_v2.k8s_master.name, openstack_networking_secgroup_v2.k8s_master.id,
openstack_networking_secgroup_v2.k8s.name, openstack_networking_secgroup_v2.k8s.id,
var.extra_sec_groups ?openstack_networking_secgroup_v2.k8s_master_extra[0].name : "", var.extra_sec_groups ?openstack_networking_secgroup_v2.k8s_master_extra[0].id : "",
]) ])
# worker groups # worker groups
worker_sec_groups = compact([ worker_sec_groups = compact([
openstack_networking_secgroup_v2.k8s.name, openstack_networking_secgroup_v2.k8s.id,
openstack_networking_secgroup_v2.worker.name, openstack_networking_secgroup_v2.worker.id,
var.extra_sec_groups ? openstack_networking_secgroup_v2.worker_extra[0].name : "", var.extra_sec_groups ? openstack_networking_secgroup_v2.worker_extra[0].id : "",
]) ])
# bastion groups # bastion groups
bastion_sec_groups = compact(concat([ bastion_sec_groups = compact(concat([
openstack_networking_secgroup_v2.k8s.name, openstack_networking_secgroup_v2.k8s.id,
openstack_networking_secgroup_v2.bastion[0].name, openstack_networking_secgroup_v2.bastion[0].id,
])) ]))
# etcd groups # etcd groups
etcd_sec_groups = compact([openstack_networking_secgroup_v2.k8s.name]) etcd_sec_groups = compact([openstack_networking_secgroup_v2.k8s.id])
# glusterfs groups # glusterfs groups
gfs_sec_groups = compact([openstack_networking_secgroup_v2.k8s.name]) gfs_sec_groups = compact([openstack_networking_secgroup_v2.k8s.id])
# Image uuid # Image uuid
image_to_use_node = var.image_uuid != "" ? var.image_uuid : data.openstack_images_image_v2.vm_image[0].id image_to_use_node = var.image_uuid != "" ? var.image_uuid : data.openstack_images_image_v2.vm_image[0].id
@ -189,11 +190,15 @@ locals {
resource "openstack_networking_port_v2" "bastion_port" { resource "openstack_networking_port_v2" "bastion_port" {
count = var.number_of_bastions count = var.number_of_bastions
name = "${var.cluster_name}-bastion-${count.index + 1}" name = "${var.cluster_name}-bastion-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.bastion_sec_groups : null security_group_ids = var.port_security_enabled ? local.bastion_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "bastion" { resource "openstack_compute_instance_v2" "bastion" {
@ -223,7 +228,7 @@ resource "openstack_compute_instance_v2" "bastion" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "bastion" kubespray_groups = "bastion"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
@ -235,11 +240,15 @@ resource "openstack_compute_instance_v2" "bastion" {
resource "openstack_networking_port_v2" "k8s_master_port" { resource "openstack_networking_port_v2" "k8s_master_port" {
count = var.number_of_k8s_masters count = var.number_of_k8s_masters
name = "${var.cluster_name}-k8s-master-${count.index + 1}" name = "${var.cluster_name}-k8s-master-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_master" { resource "openstack_compute_instance_v2" "k8s_master" {
@ -279,7 +288,7 @@ resource "openstack_compute_instance_v2" "k8s_master" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "etcd,kube_control_plane,${var.supplementary_master_groups},k8s_cluster" kubespray_groups = "etcd,kube_control_plane,${var.supplementary_master_groups},k8s_cluster"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
@ -288,14 +297,76 @@ resource "openstack_compute_instance_v2" "k8s_master" {
} }
} }
resource "openstack_networking_port_v2" "k8s_masters_port" {
for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 && var.number_of_k8s_masters_no_floating_ip == 0 && var.number_of_k8s_masters_no_floating_ip_no_etcd == 0 ? var.k8s_masters : {}
name = "${var.cluster_name}-k8s-${each.key}"
network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true"
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
}
resource "openstack_compute_instance_v2" "k8s_masters" {
for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 && var.number_of_k8s_masters_no_floating_ip == 0 && var.number_of_k8s_masters_no_floating_ip_no_etcd == 0 ? var.k8s_masters : {}
name = "${var.cluster_name}-k8s-${each.key}"
availability_zone = each.value.az
image_id = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
flavor_id = each.value.flavor
key_pair = openstack_compute_keypair_v2.k8s.name
dynamic "block_device" {
for_each = var.master_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
content {
uuid = local.image_to_use_master
source_type = "image"
volume_size = var.master_root_volume_size_in_gb
volume_type = var.master_volume_type
boot_index = 0
destination_type = "volume"
delete_on_termination = true
}
}
network {
port = openstack_networking_port_v2.k8s_masters_port[each.key].id
}
dynamic "scheduler_hints" {
for_each = var.master_server_group_policy != "" ? [openstack_compute_servergroup_v2.k8s_master[0]] : []
content {
group = openstack_compute_servergroup_v2.k8s_master[0].id
}
}
metadata = {
ssh_user = var.ssh_user
kubespray_groups = "%{if each.value.etcd == true}etcd,%{endif}kube_control_plane,${var.supplementary_master_groups},k8s_cluster%{if each.value.floating_ip == false},no_floating%{endif}"
depends_on = var.network_router_id
use_access_ip = var.use_access_ip
}
provisioner "local-exec" {
command = "%{if each.value.floating_ip}sed s/USER/${var.ssh_user}/ ${path.root}/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
}
}
resource "openstack_networking_port_v2" "k8s_master_no_etcd_port" { resource "openstack_networking_port_v2" "k8s_master_no_etcd_port" {
count = var.number_of_k8s_masters_no_etcd count = var.number_of_k8s_masters_no_etcd
name = "${var.cluster_name}-k8s-master-ne-${count.index + 1}" name = "${var.cluster_name}-k8s-master-ne-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_master_no_etcd" { resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
@ -335,7 +406,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "kube_control_plane,${var.supplementary_master_groups},k8s_cluster" kubespray_groups = "kube_control_plane,${var.supplementary_master_groups},k8s_cluster"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
@ -347,11 +418,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
resource "openstack_networking_port_v2" "etcd_port" { resource "openstack_networking_port_v2" "etcd_port" {
count = var.number_of_etcd count = var.number_of_etcd
name = "${var.cluster_name}-etcd-${count.index + 1}" name = "${var.cluster_name}-etcd-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.etcd_sec_groups : null security_group_ids = var.port_security_enabled ? local.etcd_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "etcd" { resource "openstack_compute_instance_v2" "etcd" {
@ -389,7 +464,7 @@ resource "openstack_compute_instance_v2" "etcd" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "etcd,no_floating" kubespray_groups = "etcd,no_floating"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
} }
@ -397,11 +472,15 @@ resource "openstack_compute_instance_v2" "etcd" {
resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_port" { resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_port" {
count = var.number_of_k8s_masters_no_floating_ip count = var.number_of_k8s_masters_no_floating_ip
name = "${var.cluster_name}-k8s-master-nf-${count.index + 1}" name = "${var.cluster_name}-k8s-master-nf-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" { resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
@ -439,7 +518,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "etcd,kube_control_plane,${var.supplementary_master_groups},k8s_cluster,no_floating" kubespray_groups = "etcd,kube_control_plane,${var.supplementary_master_groups},k8s_cluster,no_floating"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
} }
@ -447,11 +526,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_no_etcd_port" { resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_no_etcd_port" {
count = var.number_of_k8s_masters_no_floating_ip_no_etcd count = var.number_of_k8s_masters_no_floating_ip_no_etcd
name = "${var.cluster_name}-k8s-master-ne-nf-${count.index + 1}" name = "${var.cluster_name}-k8s-master-ne-nf-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" { resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
@ -490,7 +573,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "kube_control_plane,${var.supplementary_master_groups},k8s_cluster,no_floating" kubespray_groups = "kube_control_plane,${var.supplementary_master_groups},k8s_cluster,no_floating"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
} }
@ -498,11 +581,15 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
resource "openstack_networking_port_v2" "k8s_node_port" { resource "openstack_networking_port_v2" "k8s_node_port" {
count = var.number_of_k8s_nodes count = var.number_of_k8s_nodes
name = "${var.cluster_name}-k8s-node-${count.index + 1}" name = "${var.cluster_name}-k8s-node-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_node" { resource "openstack_compute_instance_v2" "k8s_node" {
@ -542,7 +629,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "kube_node,k8s_cluster,${var.supplementary_node_groups}" kubespray_groups = "kube_node,k8s_cluster,${var.supplementary_node_groups}"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
@ -554,11 +641,15 @@ resource "openstack_compute_instance_v2" "k8s_node" {
resource "openstack_networking_port_v2" "k8s_node_no_floating_ip_port" { resource "openstack_networking_port_v2" "k8s_node_no_floating_ip_port" {
count = var.number_of_k8s_nodes_no_floating_ip count = var.number_of_k8s_nodes_no_floating_ip
name = "${var.cluster_name}-k8s-node-nf-${count.index + 1}" name = "${var.cluster_name}-k8s-node-nf-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" { resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
@ -597,7 +688,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "kube_node,k8s_cluster,no_floating,${var.supplementary_node_groups}" kubespray_groups = "kube_node,k8s_cluster,no_floating,${var.supplementary_node_groups}"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
} }
@ -605,11 +696,15 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
resource "openstack_networking_port_v2" "k8s_nodes_port" { resource "openstack_networking_port_v2" "k8s_nodes_port" {
for_each = var.number_of_k8s_nodes == 0 && var.number_of_k8s_nodes_no_floating_ip == 0 ? var.k8s_nodes : {} for_each = var.number_of_k8s_nodes == 0 && var.number_of_k8s_nodes_no_floating_ip == 0 ? var.k8s_nodes : {}
name = "${var.cluster_name}-k8s-node-${each.key}" name = "${var.cluster_name}-k8s-node-${each.key}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "k8s_nodes" { resource "openstack_compute_instance_v2" "k8s_nodes" {
@ -648,7 +743,7 @@ resource "openstack_compute_instance_v2" "k8s_nodes" {
metadata = { metadata = {
ssh_user = var.ssh_user ssh_user = var.ssh_user
kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{endif}${var.supplementary_node_groups}" kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{endif}${var.supplementary_node_groups}"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
@ -660,11 +755,15 @@ resource "openstack_compute_instance_v2" "k8s_nodes" {
resource "openstack_networking_port_v2" "glusterfs_node_no_floating_ip_port" { resource "openstack_networking_port_v2" "glusterfs_node_no_floating_ip_port" {
count = var.number_of_gfs_nodes_no_floating_ip count = var.number_of_gfs_nodes_no_floating_ip
name = "${var.cluster_name}-gfs-node-nf-${count.index + 1}" name = "${var.cluster_name}-gfs-node-nf-${count.index + 1}"
network_id = "${data.openstack_networking_network_v2.k8s_network.id}" network_id = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
admin_state_up = "true" admin_state_up = "true"
port_security_enabled = var.port_security_enabled port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.gfs_sec_groups : null security_group_ids = var.port_security_enabled ? local.gfs_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false no_security_groups = var.port_security_enabled ? null : false
depends_on = [
var.network_router_id
]
} }
resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" { resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
@ -701,7 +800,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
metadata = { metadata = {
ssh_user = var.ssh_user_gfs ssh_user = var.ssh_user_gfs
kubespray_groups = "gfs-cluster,network-storage,no_floating" kubespray_groups = "gfs-cluster,network-storage,no_floating"
depends_on = var.network_id depends_on = var.network_router_id
use_access_ip = var.use_access_ip use_access_ip = var.use_access_ip
} }
} }
@ -719,6 +818,12 @@ resource "openstack_networking_floatingip_associate_v2" "k8s_master" {
port_id = element(openstack_networking_port_v2.k8s_master_port.*.id, count.index) port_id = element(openstack_networking_port_v2.k8s_master_port.*.id, count.index)
} }
resource "openstack_networking_floatingip_associate_v2" "k8s_masters" {
for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 && var.number_of_k8s_masters_no_floating_ip == 0 && var.number_of_k8s_masters_no_floating_ip_no_etcd == 0 ? { for key, value in var.k8s_masters : key => value if value.floating_ip } : {}
floating_ip = var.k8s_masters_fips[each.key].address
port_id = openstack_networking_port_v2.k8s_masters_port[each.key].id
}
resource "openstack_networking_floatingip_associate_v2" "k8s_master_no_etcd" { resource "openstack_networking_floatingip_associate_v2" "k8s_master_no_etcd" {
count = var.master_root_volume_size_in_gb == 0 ? var.number_of_k8s_masters_no_etcd : 0 count = var.master_root_volume_size_in_gb == 0 ? var.number_of_k8s_masters_no_etcd : 0
floating_ip = var.k8s_master_no_etcd_fips[count.index] floating_ip = var.k8s_master_no_etcd_fips[count.index]

18
contrib/terraform/openstack/modules/compute/variables.tf
View file

@ -68,6 +68,14 @@ variable "network_id" {
default = "" default = ""
} }
variable "use_existing_network" {
type = bool
}
variable "network_router_id" {
default = ""
}
variable "k8s_master_fips" { variable "k8s_master_fips" {
type = list type = list
} }
@ -80,6 +88,10 @@ variable "k8s_node_fips" {
type = list type = list
} }
variable "k8s_masters_fips" {
type = map
}
variable "k8s_nodes_fips" { variable "k8s_nodes_fips" {
type = map type = map
} }
@ -104,6 +116,8 @@ variable "k8s_allowed_egress_ips" {
type = list type = list
} }
variable "k8s_masters" {}
variable "k8s_nodes" {} variable "k8s_nodes" {}
variable "supplementary_master_groups" { variable "supplementary_master_groups" {
@ -167,3 +181,7 @@ variable "group_vars_path" {
variable "port_security_enabled" { variable "port_security_enabled" {
type = bool type = bool
} }
variable "force_null_port_security" {
type = bool
}

6
contrib/terraform/openstack/modules/ips/main.tf
View file

@ -14,6 +14,12 @@ resource "openstack_networking_floatingip_v2" "k8s_master" {
depends_on = [null_resource.dummy_dependency] depends_on = [null_resource.dummy_dependency]
} }
resource "openstack_networking_floatingip_v2" "k8s_masters" {
for_each = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 ? { for key, value in var.k8s_masters : key => value if value.floating_ip } : {}
pool = var.floatingip_pool
depends_on = [null_resource.dummy_dependency]
}
# If user specifies pre-existing IPs to use in k8s_master_fips, do not create new ones. # If user specifies pre-existing IPs to use in k8s_master_fips, do not create new ones.
resource "openstack_networking_floatingip_v2" "k8s_master_no_etcd" { resource "openstack_networking_floatingip_v2" "k8s_master_no_etcd" {
count = length(var.k8s_master_fips) > 0 ? 0 : var.number_of_k8s_masters_no_etcd count = length(var.k8s_master_fips) > 0 ? 0 : var.number_of_k8s_masters_no_etcd

4
contrib/terraform/openstack/modules/ips/outputs.tf
View file

@ -3,6 +3,10 @@ output "k8s_master_fips" {
value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master[*].address value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master[*].address
} }
output "k8s_masters_fips" {
value = openstack_networking_floatingip_v2.k8s_masters
}
# If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created. # If k8s_master_fips is already defined as input, keep the same value since new FIPs have not been created.
output "k8s_master_no_etcd_fips" { output "k8s_master_no_etcd_fips" {
value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master_no_etcd[*].address value = length(var.k8s_master_fips) > 0 ? var.k8s_master_fips : openstack_networking_floatingip_v2.k8s_master_no_etcd[*].address

2
contrib/terraform/openstack/modules/ips/variables.tf
View file

@ -16,6 +16,8 @@ variable "router_id" {
default = "" default = ""
} }
variable "k8s_masters" {}
variable "k8s_nodes" {} variable "k8s_nodes" {}
variable "k8s_master_fips" {} variable "k8s_master_fips" {}

4
contrib/terraform/openstack/modules/network/outputs.tf
View file

@ -2,6 +2,10 @@ output "router_id" {
value = "%{if var.use_neutron == 1} ${var.router_id == null ? element(concat(openstack_networking_router_v2.k8s.*.id, [""]), 0) : var.router_id} %{else} %{endif}" value = "%{if var.use_neutron == 1} ${var.router_id == null ? element(concat(openstack_networking_router_v2.k8s.*.id, [""]), 0) : var.router_id} %{else} %{endif}"
} }
output "network_id" {
value = element(concat(openstack_networking_network_v2.k8s.*.id, [""]),0)
}
output "router_internal_port_id" { output "router_internal_port_id" {
value = element(concat(openstack_networking_router_interface_v2.k8s.*.id, [""]), 0) value = element(concat(openstack_networking_router_interface_v2.k8s.*.id, [""]), 0)
} }

28
contrib/terraform/openstack/sample-inventory/cluster.tfvars
View file

@ -32,6 +32,28 @@ number_of_k8s_masters_no_floating_ip_no_etcd = 0
flavor_k8s_master = "<UUID>" flavor_k8s_master = "<UUID>"
k8s_masters = {
# "master-1" = {
# "az" = "nova"
# "flavor" = "<UUID>"
# "floating_ip" = true
# "etcd" = true
# },
# "master-2" = {
# "az" = "nova"
# "flavor" = "<UUID>"
# "floating_ip" = false
# "etcd" = true
# },
# "master-3" = {
# "az" = "nova"
# "flavor" = "<UUID>"
# "floating_ip" = true
# "etcd" = true
# },
}
# nodes # nodes
number_of_k8s_nodes = 2 number_of_k8s_nodes = 2
@ -52,6 +74,9 @@ number_of_k8s_nodes_no_floating_ip = 4
# networking # networking
network_name = "<network>" network_name = "<network>"
# Use a existing network with the name of network_name. Set to false to create a network with name of network_name.
# use_existing_network = true
external_net = "<UUID>" external_net = "<UUID>"
subnet_cidr = "<cidr>" subnet_cidr = "<cidr>"
@ -59,3 +84,6 @@ subnet_cidr = "<cidr>"
floatingip_pool = "<pool>" floatingip_pool = "<pool>"
bastion_allowed_remote_ips = ["0.0.0.0/0"] bastion_allowed_remote_ips = ["0.0.0.0/0"]
# Force port security to be null. Some cloud providers do not allow to set port security.
# force_null_port_security = false

16
contrib/terraform/openstack/variables.tf
View file

@ -137,6 +137,12 @@ variable "network_name" {
default = "internal" default = "internal"
} }
variable "use_existing_network" {
description = "Use an existing network"
type = bool
default = "false"
}
variable "network_dns_domain" { variable "network_dns_domain" {
description = "dns_domain for the internal network" description = "dns_domain for the internal network"
type = string type = string
@ -154,6 +160,12 @@ variable "port_security_enabled" {
default = "true" default = "true"
} }
variable "force_null_port_security" {
description = "Force port security to be null. Some providers does not allow setting port security"
type = bool
default = "false"
}
variable "subnet_cidr" { variable "subnet_cidr" {
description = "Subnet CIDR block." description = "Subnet CIDR block."
type = string type = string
@ -274,6 +286,10 @@ variable "router_internal_port_id" {
default = null default = null
} }
variable "k8s_masters" {
default = {}
}
variable "k8s_nodes" { variable "k8s_nodes" {
default = {} default = {}
} }

15
contrib/terraform/terraform.py
View file

@ -114,10 +114,10 @@ def iterhosts(resources):
def iterips(resources): def iterips(resources):
'''yield ip tuples of (instance_id, ip)''' '''yield ip tuples of (port_id, ip)'''
for module_name, key, resource in resources: for module_name, key, resource in resources:
resource_type, name = key.split('.', 1) resource_type, name = key.split('.', 1)
if resource_type == 'openstack_compute_floatingip_associate_v2': if resource_type == 'openstack_networking_floatingip_associate_v2':
yield openstack_floating_ips(resource) yield openstack_floating_ips(resource)
@ -243,13 +243,13 @@ def openstack_floating_ips(resource):
raw_attrs = resource['primary']['attributes'] raw_attrs = resource['primary']['attributes']
attrs = { attrs = {
'ip': raw_attrs['floating_ip'], 'ip': raw_attrs['floating_ip'],
'instance_id': raw_attrs['instance_id'], 'port_id': raw_attrs['port_id'],
} }
return attrs return attrs
def openstack_floating_ips(resource): def openstack_floating_ips(resource):
raw_attrs = resource['primary']['attributes'] raw_attrs = resource['primary']['attributes']
return raw_attrs['instance_id'], raw_attrs['floating_ip'] return raw_attrs['port_id'], raw_attrs['floating_ip']
@parses('openstack_compute_instance_v2') @parses('openstack_compute_instance_v2')
@calculate_mantl_vars @calculate_mantl_vars
@ -282,6 +282,7 @@ def openstack_host(resource, module_name):
# generic # generic
'public_ipv4': raw_attrs['access_ip_v4'], 'public_ipv4': raw_attrs['access_ip_v4'],
'private_ipv4': raw_attrs['access_ip_v4'], 'private_ipv4': raw_attrs['access_ip_v4'],
'port_id' : raw_attrs['network.0.port'],
'provider': 'openstack', 'provider': 'openstack',
} }
@ -339,10 +340,10 @@ def openstack_host(resource, module_name):
def iter_host_ips(hosts, ips): def iter_host_ips(hosts, ips):
'''Update hosts that have an entry in the floating IP list''' '''Update hosts that have an entry in the floating IP list'''
for host in hosts: for host in hosts:
host_id = host[1]['id'] port_id = host[1]['port_id']
if host_id in ips: if port_id in ips:
ip = ips[host_id] ip = ips[port_id]
host[1].update({ host[1].update({
'access_ip_v4': ip, 'access_ip_v4': ip,