diff --git a/third-party-solutions/openshift/README.md b/third-party-solutions/openshift/README.md index 333fac45..d24ddfd4 100644 --- a/third-party-solutions/openshift/README.md +++ b/third-party-solutions/openshift/README.md @@ -135,8 +135,6 @@ Variable configuration is best done in a `.tfvars` file, but can also be done di
post_bootstrap_config
service_project
vpc_name
value is used for the placeholder VPC needed for the service project Cloud DNS zone used by the cluster. Set it to `null` to use an auto-generated name.string
| ✓ | |
-| disk_encryption_key | Optional CMEK for disk encryption. | object({...})
| ✓ | |
| domain | Domain name used to derive the DNS zone. | string
| ✓ | |
| fs_paths | Filesystem paths for commands and data, supports home path expansion. | object({...})
| ✓ | |
| host_project | Shared VPC project and network configuration. | object({...})
| ✓ | |
-| service_project | Service project configuration. | object({...})
| ✓ | |
+| service_project | Service project configuration. | object({...})
| ✓ | |
| *allowed_ranges* | Ranges that can SSH to the boostrap VM and API endpoint. | list(any)
| | ["10.0.0.0/8"]
|
+| *disk_encryption_key* | Optional CMEK for disk encryption. | object({...})
| | null
|
| *install_config_params* | OpenShift cluster configuration. | object({...})
| | ...
|
| *post_bootstrap_config* | Name of the service account for the machine operator. Removes bootstrap resources when set. | object({...})
| | null
|
| *region* | Region where resources will be created. | string
| | europe-west1
|
diff --git a/third-party-solutions/openshift/tf/bootstrap.tf b/third-party-solutions/openshift/tf/bootstrap.tf
index f9d4a576..70f0c3ce 100644
--- a/third-party-solutions/openshift/tf/bootstrap.tf
+++ b/third-party-solutions/openshift/tf/bootstrap.tf
@@ -39,6 +39,7 @@ resource "google_compute_instance" "bootstrap" {
count = local.bootstrapping ? 1 : 0
project = var.service_project.project_id
name = "${local.infra_id}-b"
+ hostname = "${local.infra_id}-bootstrap.${local.subdomain}"
machine_type = "n1-standard-4"
zone = "${var.region}-${element(var.zones, 0)}"
network_interface {
diff --git a/third-party-solutions/openshift/tf/dns.tf b/third-party-solutions/openshift/tf/dns.tf
index 42ac43c1..12b818bf 100644
--- a/third-party-solutions/openshift/tf/dns.tf
+++ b/third-party-solutions/openshift/tf/dns.tf
@@ -14,24 +14,6 @@
* limitations under the License.
*/
-resource "google_dns_managed_zone" "peering" {
- project = var.host_project.project_id
- name = "${local.infra_id}-peering-zone"
- description = "Openshift peering zone for ${local.infra_id}."
- dns_name = "${local.subdomain}."
- visibility = "private"
- private_visibility_config {
- networks {
- network_url = data.google_compute_network.default.id
- }
- }
- peering_config {
- target_network {
- network_url = local.dummy_network
- }
- }
-}
-
resource "google_dns_managed_zone" "internal" {
project = var.service_project.project_id
name = "${local.infra_id}-private-zone"
@@ -40,7 +22,7 @@ resource "google_dns_managed_zone" "internal" {
visibility = "private"
private_visibility_config {
networks {
- network_url = local.dummy_network
+ network_url = data.google_compute_network.default.id
}
}
}
@@ -54,15 +36,3 @@ resource "google_dns_record_set" "dns" {
ttl = 60
rrdatas = [google_compute_address.api.address]
}
-
-/*
-resource "google_dns_record_set" "apps" {
- count = local.router_address == null ? 0 : 1
- project = var.service_project.project_id
- name = "*.apps.${var.cluster_name}.${var.domain}."
- managed_zone = google_dns_managed_zone.internal.name
- type = "A"
- ttl = 60
- rrdatas = [local.router_address]
-}
-*/
diff --git a/third-party-solutions/openshift/tf/main.tf b/third-party-solutions/openshift/tf/main.tf
index 92cadb8a..7bfb8835 100644
--- a/third-party-solutions/openshift/tf/main.tf
+++ b/third-party-solutions/openshift/tf/main.tf
@@ -22,11 +22,6 @@ locals {
? null
: data.google_kms_crypto_key.default.0.id
)
- dummy_network = (
- var.service_project.vpc_name != null
- ? data.google_compute_network.dummy.0.id
- : google_compute_network.dummy.0.id
- )
fs_paths = { for k, v in var.fs_paths : k => pathexpand(v) }
infra_id = local.install_metadata["infraID"]
install_metadata = jsondecode(file(
@@ -52,19 +47,6 @@ data "google_compute_subnetwork" "default" {
name = var.host_project["${each.key}_subnet_name"]
}
-resource "google_compute_network" "dummy" {
- count = var.service_project.vpc_name == null ? 1 : 0
- project = var.service_project.project_id
- name = "${local.infra_id}-dns"
- auto_create_subnetworks = false
-}
-
-data "google_compute_network" "dummy" {
- count = var.service_project.vpc_name == null ? 0 : 1
- project = var.service_project.project_id
- name = var.service_project.vpc_name
-}
-
data "google_kms_key_ring" "default" {
count = var.disk_encryption_key == null ? 0 : 1
project = var.disk_encryption_key.project_id
diff --git a/third-party-solutions/openshift/tf/masters.tf b/third-party-solutions/openshift/tf/masters.tf
index 9533648d..7e0172e4 100644
--- a/third-party-solutions/openshift/tf/masters.tf
+++ b/third-party-solutions/openshift/tf/masters.tf
@@ -17,7 +17,8 @@
resource "google_compute_instance" "master" {
for_each = toset(var.zones)
project = var.service_project.project_id
- name = "${local.infra_id}-m-${each.key}"
+ name = "${local.infra_id}-master-${each.key}"
+ hostname = "${local.infra_id}-master-${each.key}.${local.subdomain}"
machine_type = "n1-standard-4"
zone = "${var.region}-${each.key}"
network_interface {
diff --git a/third-party-solutions/openshift/tf/variables.tf b/third-party-solutions/openshift/tf/variables.tf
index bcef7032..ce18ae3d 100644
--- a/third-party-solutions/openshift/tf/variables.tf
+++ b/third-party-solutions/openshift/tf/variables.tf
@@ -121,7 +121,6 @@ variable "service_project" {
description = "Service project configuration."
type = object({
project_id = string
- vpc_name = string
})
}