forked from outscale/exercising-k8s-the-hardway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
control-planes.tf
136 lines (117 loc) · 3.88 KB
/
control-planes.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
resource "outscale_subnet" "control-planes" {
net_id = outscale_net.net.net_id
ip_range = "10.0.0.0/24"
subregion_name = "${var.region}a"
tags {
key = "OscK8sClusterID/${var.cluster_name}"
value = "owned"
}
}
resource "outscale_route_table" "control-planes" {
net_id = outscale_net.net.net_id
tags {
key = "OscK8sClusterID/${var.cluster_name}"
value = "owned"
}
}
resource "outscale_route" "control-planes-default" {
destination_ip_range = "0.0.0.0/0"
gateway_id = outscale_internet_service.internet_service.internet_service_id
route_table_id = outscale_route_table.control-planes.route_table_id
}
resource "outscale_route_table_link" "control-planes" {
subnet_id = outscale_subnet.control-planes.subnet_id
route_table_id = outscale_route_table.control-planes.route_table_id
}
resource "outscale_public_ip" "control-planes" {
count = var.control_plane_count
}
resource "outscale_public_ip_link" "control-planes" {
count = var.control_plane_count
vm_id = outscale_vm.control-planes[count.index].vm_id
public_ip = outscale_public_ip.control-planes[count.index].public_ip
}
resource "tls_private_key" "control-planes" {
count = var.control_plane_count
algorithm = "RSA"
rsa_bits = "2048"
}
resource "local_file" "control-planes-pem" {
count = var.control_plane_count
filename = "${path.module}/control-planes/control-plane-${count.index}.pem"
content = tls_private_key.control-planes[count.index].private_key_pem
file_permission = "0600"
}
resource "outscale_keypair" "control-planes" {
count = var.control_plane_count
public_key = tls_private_key.control-planes[count.index].public_key_openssh
}
resource "outscale_security_group" "control-plane" {
description = "Kubernetes control-planes (${var.cluster_name})"
net_id = outscale_net.net.net_id
}
resource "outscale_security_group_rule" "control-plane-ssh" {
flow = "Inbound"
security_group_id = outscale_security_group.control-plane.id
rules {
from_port_range = "22"
to_port_range = "22"
ip_protocol = "tcp"
ip_ranges = ["0.0.0.0/0"]
}
# etcd
rules {
from_port_range = "2379"
to_port_range = "2380"
ip_protocol = "tcp"
ip_ranges = ["10.0.0.0/24"]
}
# service node port range
rules {
from_port_range = "30000"
to_port_range = "32767"
ip_protocol = "tcp"
ip_ranges = ["0.0.0.0/0"]
}
# kube-apiserver
rules {
from_port_range = "6443"
to_port_range = "6443"
ip_protocol = "tcp"
ip_ranges = ["0.0.0.0/0"]
}
}
resource "outscale_vm" "control-planes" {
count = var.control_plane_count
image_id = var.image_id
vm_type = var.control_plane_vm_type
keypair_name = outscale_keypair.control-planes[count.index].keypair_name
security_group_ids = [outscale_security_group.control-plane.security_group_id]
subnet_id = outscale_subnet.control-planes.subnet_id
private_ips = [format("10.0.0.%d", 10 + count.index)]
tags {
key = "osc.fcu.eip.auto-attach"
value = outscale_public_ip.control-planes[count.index].public_ip
}
tags {
key = "name"
value = "${var.cluster_name}-control-plane-${count.index}"
}
}
resource "shell_script" "control-planes-playbook" {
lifecycle_commands {
create = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook control-planes/playbook.yaml
EOF
update = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook control-planes/playbook.yaml
EOF
read = <<-EOF
echo "{\"file\": \"$(cat control-planes/playbook.yaml|base64)\",
\"check\": \"$(ANSIBLE_CONFIG=ansible.cfg ansible-playbook --check control-planes/playbook.yaml|base64)\"
}"
EOF
delete = ""
}
depends_on = [outscale_public_ip_link.control-planes]
}