diff --git a/main.tf b/main.tf index f64e241..e0a7a6e 100644 --- a/main.tf +++ b/main.tf @@ -2,21 +2,20 @@ locals { old-k8s-subnets-ids = [ # module.aws-network-from-scratch.subnet.id, - module.aws-network-existing.subnet-by-name["subnet_1"].id, - module.aws-network-existing.subnet-by-name["subnet_3"].id, + module.aws-network-existing-managed.subnet-by-name["subnet_1"].id, + module.aws-network-existing-managed.subnet-by-name["subnet_3"].id, ] - # TODO Started to try to use the new vpc. However, we need to make sure we're - # getting the default security group for the new vpc as well. new-k8s-subnets-ids = [ - module.aws-network-existing.subnet-by-name["mssdev Subnet 1"].id, - module.aws-network-existing.subnet-by-name["mssdev Subnet 3"].id, + module.aws-network-existing-mss-dev.subnet-by-name["mssdev Subnet 1"].id, + module.aws-network-existing-mss-dev.subnet-by-name["mssdev Subnet 3"].id, ] nfs-subnets = [ # module.aws-network-from-scratch.subnet, - module.aws-network-existing.subnet-by-name["subnet_4"], + module.aws-network-existing-managed.subnet-by-name["subnet_4"], ] - aws-security-group-id = module.aws-network-existing.default-sg.id - # aws-security-group-id = module.aws-network-from-scratch.default-security-group.id + aws-managed-security-group-id = module.aws-network-existing-managed.default-sg.id + aws-mss-dev-security-group-id = module.aws-network-existing-mss-dev.default-sg.id + # aws-managed-security-group-id = module.aws-network-from-scratch.default-security-group.id # The names of these nodes is created by: # "{var.vm-name-prefix}-{name from nodes-config}-{number}" @@ -25,84 +24,97 @@ locals { # long, although it did not give the reason for the failure, the reason was # surmised because it looked like it was truncating the name when attempting # to join. + # + # NOTE: This naming restriction is only important if you plan on joining these + # VMs to Active Directory. nodes-config = { # TODO if the above comment about the name length is true, then this name is # too long. IMPORTANT! If you change this then you need to change the k8s # ansible role that assigns roles based on wether or not 'master' is in the # name. "k8s-master" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu - subnet-ids = local.old-k8s-subnets-ids - num = 1 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu + subnet-ids = local.old-k8s-subnets-ids + security-groups = [local.aws-managed-security-group-id] + num = 1 }, "k8s-wrkr" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - subnet-ids = local.old-k8s-subnets-ids - disk-size = 32 - num = 2 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + subnet-ids = local.old-k8s-subnets-ids + security-groups = [local.aws-managed-security-group-id] + disk-size = 32 + num = 2 }, "worker" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - subnet-ids = local.old-k8s-subnets-ids - disk-size = 64 - num = 3 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + subnet-ids = local.old-k8s-subnets-ids + security-groups = [local.aws-managed-security-group-id] + disk-size = 64 + num = 3 }, "tst-master" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu - subnet-ids = local.old-k8s-subnets-ids - num = 0 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu + subnet-ids = local.old-k8s-subnets-ids + security-groups = [local.aws-managed-security-group-id] + num = 0 }, "tst-wrkr" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - subnet-ids = local.old-k8s-subnets-ids - disk-size = 32 - num = 0 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + subnet-ids = local.old-k8s-subnets-ids + security-groups = [local.aws-managed-security-group-id] + disk-size = 32 + num = 0 }, "rancher-master" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - subnet-ids = local.old-k8s-subnets-ids - disk-size = 64 - num = 1 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + subnet-ids = local.new-k8s-subnets-ids + security-groups = [local.aws-mss-dev-security-group-id] + disk-size = 64 + num = 1 }, "rancher-worker" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - subnet-ids = local.old-k8s-subnets-ids - disk-size = 64 - num = 2 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + subnet-ids = local.new-k8s-subnets-ids + security-groups = [local.aws-mss-dev-security-group-id] + disk-size = 64 + num = 2 }, "dev" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu - # subnet-ids = [module.aws-network-from-scratch.subnet.id] - subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id] - disk-size = 32 - num = 2 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu + # subnet-ids = [module.aws-network-from-scratch.subnet.id] + subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id] + security-groups = [local.aws-managed-security-group-id] + disk-size = 32 + num = 2 }, "nfs" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.t3a-medium-amd-4gib-2vcpu - # subnet-ids = [module.aws-network-from-scratch.subnet.id] - subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id] - num = 1 - num-disks = 1 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.t3a-medium-amd-4gib-2vcpu + # subnet-ids = [module.aws-network-from-scratch.subnet.id] + subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id] + security-groups = [local.aws-managed-security-group-id] + num = 1 + num-disks = 1 # TODO Remove this, prefferred method is to use 'disks' and 'disk-mounts' # like shown below. - zfs-disk-size = 10 + zfs-disk-size = 10 }, "proxy" = { - base-image = module.aws-ami-constants.ubuntu-ami - aws-ec2-type = module.ec2-types.t2-micro-1gib-1vcpu - # subnet-ids = [module.aws-network-from-scratch.subnet.id] - subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id] - private-ips = [var.aws-proxy-private-ip] - num = 1 + base-image = module.aws-ami-constants.ubuntu-ami + aws-ec2-type = module.ec2-types.t2-micro-1gib-1vcpu + # subnet-ids = [module.aws-network-from-scratch.subnet.id] + subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id] + security-groups = [local.aws-managed-security-group-id] + private-ips = [var.aws-proxy-private-ip] + num = 1 }, } @@ -200,7 +212,7 @@ module "aws-ami-constants" { ################################################################################ # AWS Networking -# Use of the 2 modules below to create resources for the AWS network. +# Use the 2 modules below to create resources for the AWS network. # aws-network-from-scratch will build the AWS network from scratch. # aws-network-existing will query AWS for an existing VPC. ################################################################################ @@ -213,11 +225,18 @@ module "aws-ami-constants" { # admin-ips = var.admin-ips # } -module "aws-network-existing" { +module "aws-network-existing-managed" { source = "./modules/aws-network-existing" - default-vpc-name = var.aws-existing-vpc-name - default-security-group-name = var.aws-existing-sg-name - existing-subnet-names = var.aws-existing-subnet-names + default-vpc-name = var.aws-existing-managed-vpc-name + default-security-group-name = var.aws-existing-managed-sg-name + existing-subnet-names = var.aws-existing-managed-subnet-names +} + +module "aws-network-existing-mss-dev" { + source = "./modules/aws-network-existing" + default-vpc-name = var.aws-existing-mss-dev-vpc-name + default-security-group-name = var.aws-existing-mss-dev-sg-name + existing-subnet-names = var.aws-existing-mss-dev-subnet-names } ################################################################################ @@ -279,7 +298,7 @@ module "nodes" { ami = each.value.base-image subnet-ids = each.value.subnet-ids private-ips = try(each.value.private-ips, []) - security-group-ids = [local.aws-security-group-id] + security-group-ids = each.value.security-groups user-datas = lookup(module.cloud-init-config, each.key, null).user-datas disk-size = try(each.value.disk-size, null) num-nodes = each.value.num @@ -293,9 +312,9 @@ module "nodes" { # source = "./modules/aws-nodes" # ec2-instance-type = module.ec2-types.t2-small-2gib-1vcpu # ami = module.aws-ami-constants.win-srv-2019-ami -# subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_2"].id] +# subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_2"].id] # private-ips = [] -# security-group-ids = [local.aws-security-group-id] +# security-group-ids = [local.aws-managed-security-group-id] # # TODO REM need to figure out how to not pass a user data. # user-datas = [null] # num-nodes = 1 diff --git a/variables.tf b/variables.tf index 1bab61d..96feaf6 100644 --- a/variables.tf +++ b/variables.tf @@ -10,22 +10,52 @@ variable "aws-zfs-drive-letters" { type = list(string) } -variable "aws-existing-sg-name" { +################################################################################ +# Query existing infrastructure. +# Variables used to grab existing resources from AWS. +# +# We have 2 sets of three variables in this section. 1 section has 'managed' in +# the name and the other has 'mss-dev' in the name. There are not restrictions +# as to what we can put into these VPCs. The names of the variable simply match +# the names of the VPCs and have no meaning for what resources are allowed. +################################################################################ + +variable "aws-existing-managed-sg-name" { default = "change-me-if-using-aws-network-existing" description = "The name of the existing security group when using aws-network-existing." } -variable "aws-existing-vpc-name" { +variable "aws-existing-managed-vpc-name" { default = "change-me-if-using-aws-network-existing" description = "The name of the existing VPC when using aws-network-existing." } -variable "aws-existing-subnet-names" { - description = "A list of subnet names that already exist in aws-existing-vpc-name" +variable "aws-existing-managed-subnet-names" { + description = "A list of subnet names that already exist in aws-existing-managed-vpc-name" default = [] type = list(string) } +variable "aws-existing-mss-dev-sg-name" { + default = "change-me-if-using-aws-network-existing" + description = "The name of the existing security group when using aws-network-existing with the mss-dev VPC." +} + +variable "aws-existing-mss-dev-vpc-name" { + default = "change-me-if-using-aws-network-existing" + description = "The name of the existing VPC when using aws-network-existing with the mss-dev VPC." +} + +variable "aws-existing-mss-dev-subnet-names" { + description = "A list of subnet names that already exist in aws-existing-mss-dev-vpc-name" + default = [] + type = list(string) +} + +################################################################################ +# End query existing infrastructure. +################################################################################ + variable "aws-proxy-private-ip" { description = "The private IP to request for the proxy instance." type = string