shnee
/
k8s-terraform
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'new-vpc' into 'checkin'

Browse Source 
New VPC

See merge request ANDSAS/ops/terraform/nodes-terraform!1
oracle-vm
Curtis Wilson 4 years ago
parent 9fd4768289 2dc0121887
commit 36867e0ef2
2 changed files with 122 additions and 73 deletions
Show Stats Download Patch File Download Diff File

63
main.tf
Unescape Escape View File

@ -2,21 +2,20 @@
locals {
old-k8s-subnets-ids = [
# module.aws-network-from-scratch.subnet.id,
module.aws-network-existing.subnet-by-name["subnet_1"].id,
module.aws-network-existing.subnet-by-name["subnet_3"].id,
module.aws-network-existing-managed.subnet-by-name["subnet_1"].id,
module.aws-network-existing-managed.subnet-by-name["subnet_3"].id,
]
# TODO Started to try to use the new vpc. However, we need to make sure we're
# getting the default security group for the new vpc as well.
new-k8s-subnets-ids = [
module.aws-network-existing.subnet-by-name["mssdev Subnet 1"].id,
module.aws-network-existing.subnet-by-name["mssdev Subnet 3"].id,
module.aws-network-existing-mss-dev.subnet-by-name["mssdev Subnet 1"].id,
module.aws-network-existing-mss-dev.subnet-by-name["mssdev Subnet 3"].id,
]
nfs-subnets = [
# module.aws-network-from-scratch.subnet,
module.aws-network-existing.subnet-by-name["subnet_4"],
module.aws-network-existing-managed.subnet-by-name["subnet_4"],
]
aws-security-group-id = module.aws-network-existing.default-sg.id
# aws-security-group-id = module.aws-network-from-scratch.default-security-group.id
aws-managed-security-group-id = module.aws-network-existing-managed.default-sg.id
aws-mss-dev-security-group-id = module.aws-network-existing-mss-dev.default-sg.id
# aws-managed-security-group-id = module.aws-network-from-scratch.default-security-group.id
# The names of these nodes is created by:
# "{var.vm-name-prefix}-{name from nodes-config}-{number}"
@ -25,6 +24,9 @@ locals {
# long, although it did not give the reason for the failure, the reason was
# surmised because it looked like it was truncating the name when attempting
# to join.
#
# NOTE: This naming restriction is only important if you plan on joining these
# VMs to Active Directory.
nodes-config = {
# TODO if the above comment about the name length is true, then this name is
# too long. IMPORTANT! If you change this then you need to change the k8s
@ -34,12 +36,14 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu
subnet-ids = local.old-k8s-subnets-ids
security-groups = [local.aws-managed-security-group-id]
num = 1
},
"k8s-wrkr" = {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
subnet-ids = local.old-k8s-subnets-ids
security-groups = [local.aws-managed-security-group-id]
disk-size = 32
num = 2
},
@ -47,6 +51,7 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
subnet-ids = local.old-k8s-subnets-ids
security-groups = [local.aws-managed-security-group-id]
disk-size = 64
num = 3
},
@ -54,26 +59,30 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.t2-medium-4gib-2vcpu
subnet-ids = local.old-k8s-subnets-ids
security-groups = [local.aws-managed-security-group-id]
num = 0
},
"tst-wrkr" = {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
subnet-ids = local.old-k8s-subnets-ids
security-groups = [local.aws-managed-security-group-id]
disk-size = 32
num = 0
},
"rancher-master" = {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
subnet-ids = local.old-k8s-subnets-ids
subnet-ids = local.new-k8s-subnets-ids
security-groups = [local.aws-mss-dev-security-group-id]
disk-size = 64
num = 1
},
"rancher-worker" = {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
subnet-ids = local.old-k8s-subnets-ids
subnet-ids = local.new-k8s-subnets-ids
security-groups = [local.aws-mss-dev-security-group-id]
disk-size = 64
num = 2
},
@ -81,7 +90,8 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.c5a-xlarge-amd-8gib-4vcpu
# subnet-ids = [module.aws-network-from-scratch.subnet.id]
subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id]
subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id]
security-groups = [local.aws-managed-security-group-id]
disk-size = 32
num = 2
},
@ -89,7 +99,8 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.t3a-medium-amd-4gib-2vcpu
# subnet-ids = [module.aws-network-from-scratch.subnet.id]
subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id]
subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id]
security-groups = [local.aws-managed-security-group-id]
num = 1
num-disks = 1
# TODO Remove this, prefferred method is to use 'disks' and 'disk-mounts'
@ -100,7 +111,8 @@ locals {
base-image = module.aws-ami-constants.ubuntu-ami
aws-ec2-type = module.ec2-types.t2-micro-1gib-1vcpu
# subnet-ids = [module.aws-network-from-scratch.subnet.id]
subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_4"].id]
subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_4"].id]
security-groups = [local.aws-managed-security-group-id]
private-ips = [var.aws-proxy-private-ip]
num = 1
},
@ -200,7 +212,7 @@ module "aws-ami-constants" {
################################################################################
# AWS Networking
# Use of the 2 modules below to create resources for the AWS network.
# Use the 2 modules below to create resources for the AWS network.
# aws-network-from-scratch will build the AWS network from scratch.
# aws-network-existing will query AWS for an existing VPC.
################################################################################
@ -213,11 +225,18 @@ module "aws-ami-constants" {
# admin-ips = var.admin-ips
# }
module "aws-network-existing" {
module "aws-network-existing-managed" {
source = "./modules/aws-network-existing"
default-vpc-name = var.aws-existing-managed-vpc-name
default-security-group-name = var.aws-existing-managed-sg-name
existing-subnet-names = var.aws-existing-managed-subnet-names
}
module "aws-network-existing-mss-dev" {
source = "./modules/aws-network-existing"
default-vpc-name = var.aws-existing-vpc-name
default-security-group-name = var.aws-existing-sg-name
existing-subnet-names = var.aws-existing-subnet-names
default-vpc-name = var.aws-existing-mss-dev-vpc-name
default-security-group-name = var.aws-existing-mss-dev-sg-name
existing-subnet-names = var.aws-existing-mss-dev-subnet-names
}
################################################################################
@ -279,7 +298,7 @@ module "nodes" {
ami = each.value.base-image
subnet-ids = each.value.subnet-ids
private-ips = try(each.value.private-ips, [])
security-group-ids = [local.aws-security-group-id]
security-group-ids = each.value.security-groups
user-datas = lookup(module.cloud-init-config, each.key, null).user-datas
disk-size = try(each.value.disk-size, null)
num-nodes = each.value.num
@ -293,9 +312,9 @@ module "nodes" {
# source = "./modules/aws-nodes"
# ec2-instance-type = module.ec2-types.t2-small-2gib-1vcpu
# ami = module.aws-ami-constants.win-srv-2019-ami
# subnet-ids = [module.aws-network-existing.subnet-by-name["subnet_2"].id]
# subnet-ids = [module.aws-network-existing-managed.subnet-by-name["subnet_2"].id]
# private-ips = []
# security-group-ids = [local.aws-security-group-id]
# security-group-ids = [local.aws-managed-security-group-id]
# # TODO REM need to figure out how to not pass a user data.
# user-datas = [null]
# num-nodes = 1

38
variables.tf
Unescape Escape View File

@ -10,22 +10,52 @@ variable "aws-zfs-drive-letters" {
type = list(string)
}
variable "aws-existing-sg-name" {
################################################################################
# Query existing infrastructure.
# Variables used to grab existing resources from AWS.
#
# We have 2 sets of three variables in this section. 1 section has 'managed' in
# the name and the other has 'mss-dev' in the name. There are not restrictions
# as to what we can put into these VPCs. The names of the variable simply match
# the names of the VPCs and have no meaning for what resources are allowed.
################################################################################
variable "aws-existing-managed-sg-name" {
default = "change-me-if-using-aws-network-existing"
description = "The name of the existing security group when using aws-network-existing."
}
variable "aws-existing-vpc-name" {
variable "aws-existing-managed-vpc-name" {
default = "change-me-if-using-aws-network-existing"
description = "The name of the existing VPC when using aws-network-existing."
}
variable "aws-existing-subnet-names" {
description = "A list of subnet names that already exist in aws-existing-vpc-name"
variable "aws-existing-managed-subnet-names" {
description = "A list of subnet names that already exist in aws-existing-managed-vpc-name"
default = []
type = list(string)
}
variable "aws-existing-mss-dev-sg-name" {
default = "change-me-if-using-aws-network-existing"
description = "The name of the existing security group when using aws-network-existing with the mss-dev VPC."
}
variable "aws-existing-mss-dev-vpc-name" {
default = "change-me-if-using-aws-network-existing"
description = "The name of the existing VPC when using aws-network-existing with the mss-dev VPC."
}
variable "aws-existing-mss-dev-subnet-names" {
description = "A list of subnet names that already exist in aws-existing-mss-dev-vpc-name"
default = []
type = list(string)
}
################################################################################
# End query existing infrastructure.
################################################################################
variable "aws-proxy-private-ip" {
description = "The private IP to request for the proxy instance."
type = string

Write Preview
Loading…
Cancel
Save