Openshift changes (#241)
* set custom hostname in bootstrap and master * make the service DNS zone visible to the shared VPC network * remove unused vpc name attribute from service project variable
This commit is contained in:
Ludovico Magnocavallo
GitHub
parent
0a647df4dc
commit
744143d793
|
|
@ -135,8 +135,6 @@ Variable configuration is best done in a `.tfvars` file, but can also be done di
|
|||
<dd>The `machine` range should match addresses used for nodes.</dd>
|
||||
<dt><code>post_bootstrap_config</code></dt>
|
||||
<dd>Set to `null` until bootstrap completion, then refer to the post-bootstrap instructions below.</dd>
|
||||
<dt><code>service_project</code></dt>
|
||||
<dd>The <code>vpc_name</code> value is used for the placeholder VPC needed for the service project Cloud DNS zone used by the cluster. Set it to `null` to use an auto-generated name.</dd>
|
||||
</dl>
|
||||
|
||||
### Generating ignition files
|
||||
|
|
|
|||
|
|
@ -8,12 +8,12 @@ This example is a companion setup to the Python script in the parent folder, and
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| cluster_name | Name used for the cluster and DNS zone. | <code title="">string</code> | ✓ | |
|
||||
| disk_encryption_key | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({...})</code> | ✓ | |
|
||||
| domain | Domain name used to derive the DNS zone. | <code title="">string</code> | ✓ | |
|
||||
| fs_paths | Filesystem paths for commands and data, supports home path expansion. | <code title="object({ credentials = string config_dir = string openshift_install = string pull_secret = string ssh_key = string })">object({...})</code> | ✓ | |
|
||||
| host_project | Shared VPC project and network configuration. | <code title="object({ default_subnet_name = string masters_subnet_name = string project_id = string vpc_name = string workers_subnet_name = string })">object({...})</code> | ✓ | |
|
||||
| service_project | Service project configuration. | <code title="object({ project_id = string vpc_name = string })">object({...})</code> | ✓ | |
|
||||
| service_project | Service project configuration. | <code title="object({ project_id = string })">object({...})</code> | ✓ | |
|
||||
| *allowed_ranges* | Ranges that can SSH to the boostrap VM and API endpoint. | <code title="list(any)">list(any)</code> | | <code title="">["10.0.0.0/8"]</code> |
|
||||
| *disk_encryption_key* | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({...})</code> | | <code title="">null</code> |
|
||||
| *install_config_params* | OpenShift cluster configuration. | <code title="object({ disk_size = number network = object({ cluster = string host_prefix = number machine = string service = string }) proxy = object({ http = string https = string noproxy = string }) })">object({...})</code> | | <code title="{ disk_size = 16 network = { cluster = "10.128.0.0/14" host_prefix = 23 machine = "10.0.0.0/16" service = "172.30.0.0/16" } proxy = null }">...</code> |
|
||||
| *post_bootstrap_config* | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object({ machine_op_sa_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
||||
| *region* | Region where resources will be created. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ resource "google_compute_instance" "bootstrap" {
|
|||
count = local.bootstrapping ? 1 : 0
|
||||
project = var.service_project.project_id
|
||||
name = "${local.infra_id}-b"
|
||||
hostname = "${local.infra_id}-bootstrap.${local.subdomain}"
|
||||
machine_type = "n1-standard-4"
|
||||
zone = "${var.region}-${element(var.zones, 0)}"
|
||||
network_interface {
|
||||
|
|
|
|||
|
|
@ -14,24 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_dns_managed_zone" "peering" {
|
||||
project = var.host_project.project_id
|
||||
name = "${local.infra_id}-peering-zone"
|
||||
description = "Openshift peering zone for ${local.infra_id}."
|
||||
dns_name = "${local.subdomain}."
|
||||
visibility = "private"
|
||||
private_visibility_config {
|
||||
networks {
|
||||
network_url = data.google_compute_network.default.id
|
||||
}
|
||||
}
|
||||
peering_config {
|
||||
target_network {
|
||||
network_url = local.dummy_network
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_dns_managed_zone" "internal" {
|
||||
project = var.service_project.project_id
|
||||
name = "${local.infra_id}-private-zone"
|
||||
|
|
@ -40,7 +22,7 @@ resource "google_dns_managed_zone" "internal" {
|
|||
visibility = "private"
|
||||
private_visibility_config {
|
||||
networks {
|
||||
network_url = local.dummy_network
|
||||
network_url = data.google_compute_network.default.id
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -54,15 +36,3 @@ resource "google_dns_record_set" "dns" {
|
|||
ttl = 60
|
||||
rrdatas = [google_compute_address.api.address]
|
||||
}
|
||||
|
||||
/*
|
||||
resource "google_dns_record_set" "apps" {
|
||||
count = local.router_address == null ? 0 : 1
|
||||
project = var.service_project.project_id
|
||||
name = "*.apps.${var.cluster_name}.${var.domain}."
|
||||
managed_zone = google_dns_managed_zone.internal.name
|
||||
type = "A"
|
||||
ttl = 60
|
||||
rrdatas = [local.router_address]
|
||||
}
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -22,11 +22,6 @@ locals {
|
|||
? null
|
||||
: data.google_kms_crypto_key.default.0.id
|
||||
)
|
||||
dummy_network = (
|
||||
var.service_project.vpc_name != null
|
||||
? data.google_compute_network.dummy.0.id
|
||||
: google_compute_network.dummy.0.id
|
||||
)
|
||||
fs_paths = { for k, v in var.fs_paths : k => pathexpand(v) }
|
||||
infra_id = local.install_metadata["infraID"]
|
||||
install_metadata = jsondecode(file(
|
||||
|
|
@ -52,19 +47,6 @@ data "google_compute_subnetwork" "default" {
|
|||
name = var.host_project["${each.key}_subnet_name"]
|
||||
}
|
||||
|
||||
resource "google_compute_network" "dummy" {
|
||||
count = var.service_project.vpc_name == null ? 1 : 0
|
||||
project = var.service_project.project_id
|
||||
name = "${local.infra_id}-dns"
|
||||
auto_create_subnetworks = false
|
||||
}
|
||||
|
||||
data "google_compute_network" "dummy" {
|
||||
count = var.service_project.vpc_name == null ? 0 : 1
|
||||
project = var.service_project.project_id
|
||||
name = var.service_project.vpc_name
|
||||
}
|
||||
|
||||
data "google_kms_key_ring" "default" {
|
||||
count = var.disk_encryption_key == null ? 0 : 1
|
||||
project = var.disk_encryption_key.project_id
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@
|
|||
resource "google_compute_instance" "master" {
|
||||
for_each = toset(var.zones)
|
||||
project = var.service_project.project_id
|
||||
name = "${local.infra_id}-m-${each.key}"
|
||||
name = "${local.infra_id}-master-${each.key}"
|
||||
hostname = "${local.infra_id}-master-${each.key}.${local.subdomain}"
|
||||
machine_type = "n1-standard-4"
|
||||
zone = "${var.region}-${each.key}"
|
||||
network_interface {
|
||||
|
|
|
|||
|
|
@ -121,7 +121,6 @@ variable "service_project" {
|
|||
description = "Service project configuration."
|
||||
type = object({
|
||||
project_id = string
|
||||
vpc_name = string
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue