c19643cee2
allow masters, nodes and gluster nodes (within each group) to be scheduled on differents AZ.
340 lines
10 KiB
HCL
340 lines
10 KiB
HCL
resource "openstack_compute_keypair_v2" "k8s" {
|
|
name = "kubernetes-${var.cluster_name}"
|
|
public_key = "${chomp(file(var.public_key_path))}"
|
|
}
|
|
|
|
resource "openstack_compute_secgroup_v2" "k8s_master" {
|
|
name = "${var.cluster_name}-k8s-master"
|
|
description = "${var.cluster_name} - Kubernetes Master"
|
|
|
|
rule {
|
|
ip_protocol = "tcp"
|
|
from_port = "6443"
|
|
to_port = "6443"
|
|
cidr = "0.0.0.0/0"
|
|
}
|
|
}
|
|
|
|
resource "openstack_compute_secgroup_v2" "bastion" {
|
|
name = "${var.cluster_name}-bastion"
|
|
description = "${var.cluster_name} - Bastion Server"
|
|
|
|
rule {
|
|
ip_protocol = "tcp"
|
|
from_port = "22"
|
|
to_port = "22"
|
|
cidr = "0.0.0.0/0"
|
|
}
|
|
}
|
|
|
|
resource "openstack_compute_secgroup_v2" "k8s" {
|
|
name = "${var.cluster_name}-k8s"
|
|
description = "${var.cluster_name} - Kubernetes"
|
|
|
|
rule {
|
|
ip_protocol = "icmp"
|
|
from_port = "-1"
|
|
to_port = "-1"
|
|
cidr = "0.0.0.0/0"
|
|
}
|
|
|
|
rule {
|
|
ip_protocol = "tcp"
|
|
from_port = "1"
|
|
to_port = "65535"
|
|
self = true
|
|
}
|
|
|
|
rule {
|
|
ip_protocol = "udp"
|
|
from_port = "1"
|
|
to_port = "65535"
|
|
self = true
|
|
}
|
|
|
|
rule {
|
|
ip_protocol = "icmp"
|
|
from_port = "-1"
|
|
to_port = "-1"
|
|
self = true
|
|
}
|
|
}
|
|
resource "openstack_compute_secgroup_v2" "worker" {
|
|
name = "${var.cluster_name}-k8s-worker"
|
|
description = "${var.cluster_name} - Kubernetes worker nodes"
|
|
|
|
rule {
|
|
ip_protocol = "tcp"
|
|
from_port = "30000"
|
|
to_port = "32767"
|
|
cidr = "0.0.0.0/0"
|
|
}
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "bastion" {
|
|
name = "${var.cluster_name}-bastion-${count.index+1}"
|
|
count = "${var.number_of_bastions}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_bastion}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
|
"${openstack_compute_secgroup_v2.bastion.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "bastion"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${var.bastion_fips[0]}/ > contrib/terraform/group_vars/no-floating.yml"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_master" {
|
|
name = "${var.cluster_name}-k8s-master-${count.index+1}"
|
|
count = "${var.number_of_k8s_masters}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_master}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}",
|
|
"${openstack_compute_secgroup_v2.bastion.name}",
|
|
"${openstack_compute_secgroup_v2.k8s.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
|
|
name = "${var.cluster_name}-k8s-master-ne-${count.index+1}"
|
|
count = "${var.number_of_k8s_masters_no_etcd}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_master}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}",
|
|
"${openstack_compute_secgroup_v2.bastion.name}",
|
|
"${openstack_compute_secgroup_v2.k8s.name}",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "etcd" {
|
|
name = "${var.cluster_name}-etcd-${count.index+1}"
|
|
count = "${var.number_of_etcd}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_etcd}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}"]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "etcd,vault,no-floating"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
|
|
name = "${var.cluster_name}-k8s-master-nf-${count.index+1}"
|
|
count = "${var.number_of_k8s_masters_no_floating_ip}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_master}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}",
|
|
"${openstack_compute_secgroup_v2.k8s.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
|
|
name = "${var.cluster_name}-k8s-master-ne-nf-${count.index+1}"
|
|
count = "${var.number_of_k8s_masters_no_floating_ip_no_etcd}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_master}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}",
|
|
"${openstack_compute_secgroup_v2.k8s.name}",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_node" {
|
|
name = "${var.cluster_name}-k8s-node-${count.index+1}"
|
|
count = "${var.number_of_k8s_nodes}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_node}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
|
"${openstack_compute_secgroup_v2.bastion.name}",
|
|
"${openstack_compute_secgroup_v2.worker.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "kube-node,k8s-cluster"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_node_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
|
|
name = "${var.cluster_name}-k8s-node-nf-${count.index+1}"
|
|
count = "${var.number_of_k8s_nodes_no_floating_ip}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image}"
|
|
flavor_id = "${var.flavor_k8s_node}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
|
"${openstack_compute_secgroup_v2.worker.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user}"
|
|
kubespray_groups = "kube-node,k8s-cluster,no-floating"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_floatingip_associate_v2" "bastion" {
|
|
count = "${var.number_of_bastions}"
|
|
floating_ip = "${var.bastion_fips[count.index]}"
|
|
instance_id = "${element(openstack_compute_instance_v2.bastion.*.id, count.index)}"
|
|
}
|
|
|
|
resource "openstack_compute_floatingip_associate_v2" "k8s_master" {
|
|
count = "${var.number_of_k8s_masters}"
|
|
instance_id = "${element(openstack_compute_instance_v2.k8s_master.*.id, count.index)}"
|
|
floating_ip = "${var.k8s_master_fips[count.index]}"
|
|
}
|
|
|
|
resource "openstack_compute_floatingip_associate_v2" "k8s_node" {
|
|
count = "${var.number_of_k8s_nodes}"
|
|
floating_ip = "${var.k8s_node_fips[count.index]}"
|
|
instance_id = "${element(openstack_compute_instance_v2.k8s_node.*.id, count.index)}"
|
|
}
|
|
|
|
resource "openstack_blockstorage_volume_v2" "glusterfs_volume" {
|
|
name = "${var.cluster_name}-glusterfs_volume-${count.index+1}"
|
|
count = "${var.number_of_gfs_nodes_no_floating_ip}"
|
|
description = "Non-ephemeral volume for GlusterFS"
|
|
size = "${var.gfs_volume_size_in_gb}"
|
|
}
|
|
|
|
resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
|
|
name = "${var.cluster_name}-gfs-node-nf-${count.index+1}"
|
|
count = "${var.number_of_gfs_nodes_no_floating_ip}"
|
|
availability_zone = "${element(var.az_list, count.index)}"
|
|
image_name = "${var.image_gfs}"
|
|
flavor_id = "${var.flavor_gfs_node}"
|
|
key_pair = "${openstack_compute_keypair_v2.k8s.name}"
|
|
|
|
network {
|
|
name = "${var.network_name}"
|
|
}
|
|
|
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
|
"default",
|
|
]
|
|
|
|
metadata = {
|
|
ssh_user = "${var.ssh_user_gfs}"
|
|
kubespray_groups = "gfs-cluster,network-storage,no-floating"
|
|
depends_on = "${var.network_id}"
|
|
}
|
|
|
|
}
|
|
|
|
resource "openstack_compute_volume_attach_v2" "glusterfs_volume" {
|
|
count = "${var.number_of_gfs_nodes_no_floating_ip}"
|
|
instance_id = "${element(openstack_compute_instance_v2.glusterfs_node_no_floating_ip.*.id, count.index)}"
|
|
volume_id = "${element(openstack_blockstorage_volume_v2.glusterfs_volume.*.id, count.index)}"
|
|
}
|