Openshift changes (#241)
* set custom hostname in bootstrap and master * make the service DNS zone visible to the shared VPC network * remove unused vpc name attribute from service project variable
This commit is contained in:
parent
0a647df4dc
commit
744143d793
|
@ -135,8 +135,6 @@ Variable configuration is best done in a `.tfvars` file, but can also be done di
|
||||||
<dd>The `machine` range should match addresses used for nodes.</dd>
|
<dd>The `machine` range should match addresses used for nodes.</dd>
|
||||||
<dt><code>post_bootstrap_config</code></dt>
|
<dt><code>post_bootstrap_config</code></dt>
|
||||||
<dd>Set to `null` until bootstrap completion, then refer to the post-bootstrap instructions below.</dd>
|
<dd>Set to `null` until bootstrap completion, then refer to the post-bootstrap instructions below.</dd>
|
||||||
<dt><code>service_project</code></dt>
|
|
||||||
<dd>The <code>vpc_name</code> value is used for the placeholder VPC needed for the service project Cloud DNS zone used by the cluster. Set it to `null` to use an auto-generated name.</dd>
|
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
### Generating ignition files
|
### Generating ignition files
|
||||||
|
|
|
@ -8,12 +8,12 @@ This example is a companion setup to the Python script in the parent folder, and
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---: |:---:|:---:|
|
|---|---|:---: |:---:|:---:|
|
||||||
| cluster_name | Name used for the cluster and DNS zone. | <code title="">string</code> | ✓ | |
|
| cluster_name | Name used for the cluster and DNS zone. | <code title="">string</code> | ✓ | |
|
||||||
| disk_encryption_key | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({...})</code> | ✓ | |
|
|
||||||
| domain | Domain name used to derive the DNS zone. | <code title="">string</code> | ✓ | |
|
| domain | Domain name used to derive the DNS zone. | <code title="">string</code> | ✓ | |
|
||||||
| fs_paths | Filesystem paths for commands and data, supports home path expansion. | <code title="object({ credentials = string config_dir = string openshift_install = string pull_secret = string ssh_key = string })">object({...})</code> | ✓ | |
|
| fs_paths | Filesystem paths for commands and data, supports home path expansion. | <code title="object({ credentials = string config_dir = string openshift_install = string pull_secret = string ssh_key = string })">object({...})</code> | ✓ | |
|
||||||
| host_project | Shared VPC project and network configuration. | <code title="object({ default_subnet_name = string masters_subnet_name = string project_id = string vpc_name = string workers_subnet_name = string })">object({...})</code> | ✓ | |
|
| host_project | Shared VPC project and network configuration. | <code title="object({ default_subnet_name = string masters_subnet_name = string project_id = string vpc_name = string workers_subnet_name = string })">object({...})</code> | ✓ | |
|
||||||
| service_project | Service project configuration. | <code title="object({ project_id = string vpc_name = string })">object({...})</code> | ✓ | |
|
| service_project | Service project configuration. | <code title="object({ project_id = string })">object({...})</code> | ✓ | |
|
||||||
| *allowed_ranges* | Ranges that can SSH to the boostrap VM and API endpoint. | <code title="list(any)">list(any)</code> | | <code title="">["10.0.0.0/8"]</code> |
|
| *allowed_ranges* | Ranges that can SSH to the boostrap VM and API endpoint. | <code title="list(any)">list(any)</code> | | <code title="">["10.0.0.0/8"]</code> |
|
||||||
|
| *disk_encryption_key* | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({...})</code> | | <code title="">null</code> |
|
||||||
| *install_config_params* | OpenShift cluster configuration. | <code title="object({ disk_size = number network = object({ cluster = string host_prefix = number machine = string service = string }) proxy = object({ http = string https = string noproxy = string }) })">object({...})</code> | | <code title="{ disk_size = 16 network = { cluster = "10.128.0.0/14" host_prefix = 23 machine = "10.0.0.0/16" service = "172.30.0.0/16" } proxy = null }">...</code> |
|
| *install_config_params* | OpenShift cluster configuration. | <code title="object({ disk_size = number network = object({ cluster = string host_prefix = number machine = string service = string }) proxy = object({ http = string https = string noproxy = string }) })">object({...})</code> | | <code title="{ disk_size = 16 network = { cluster = "10.128.0.0/14" host_prefix = 23 machine = "10.0.0.0/16" service = "172.30.0.0/16" } proxy = null }">...</code> |
|
||||||
| *post_bootstrap_config* | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object({ machine_op_sa_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
| *post_bootstrap_config* | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object({ machine_op_sa_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
||||||
| *region* | Region where resources will be created. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
| *region* | Region where resources will be created. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
||||||
|
|
|
@ -39,6 +39,7 @@ resource "google_compute_instance" "bootstrap" {
|
||||||
count = local.bootstrapping ? 1 : 0
|
count = local.bootstrapping ? 1 : 0
|
||||||
project = var.service_project.project_id
|
project = var.service_project.project_id
|
||||||
name = "${local.infra_id}-b"
|
name = "${local.infra_id}-b"
|
||||||
|
hostname = "${local.infra_id}-bootstrap.${local.subdomain}"
|
||||||
machine_type = "n1-standard-4"
|
machine_type = "n1-standard-4"
|
||||||
zone = "${var.region}-${element(var.zones, 0)}"
|
zone = "${var.region}-${element(var.zones, 0)}"
|
||||||
network_interface {
|
network_interface {
|
||||||
|
|
|
@ -14,24 +14,6 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
resource "google_dns_managed_zone" "peering" {
|
|
||||||
project = var.host_project.project_id
|
|
||||||
name = "${local.infra_id}-peering-zone"
|
|
||||||
description = "Openshift peering zone for ${local.infra_id}."
|
|
||||||
dns_name = "${local.subdomain}."
|
|
||||||
visibility = "private"
|
|
||||||
private_visibility_config {
|
|
||||||
networks {
|
|
||||||
network_url = data.google_compute_network.default.id
|
|
||||||
}
|
|
||||||
}
|
|
||||||
peering_config {
|
|
||||||
target_network {
|
|
||||||
network_url = local.dummy_network
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_dns_managed_zone" "internal" {
|
resource "google_dns_managed_zone" "internal" {
|
||||||
project = var.service_project.project_id
|
project = var.service_project.project_id
|
||||||
name = "${local.infra_id}-private-zone"
|
name = "${local.infra_id}-private-zone"
|
||||||
|
@ -40,7 +22,7 @@ resource "google_dns_managed_zone" "internal" {
|
||||||
visibility = "private"
|
visibility = "private"
|
||||||
private_visibility_config {
|
private_visibility_config {
|
||||||
networks {
|
networks {
|
||||||
network_url = local.dummy_network
|
network_url = data.google_compute_network.default.id
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -54,15 +36,3 @@ resource "google_dns_record_set" "dns" {
|
||||||
ttl = 60
|
ttl = 60
|
||||||
rrdatas = [google_compute_address.api.address]
|
rrdatas = [google_compute_address.api.address]
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
resource "google_dns_record_set" "apps" {
|
|
||||||
count = local.router_address == null ? 0 : 1
|
|
||||||
project = var.service_project.project_id
|
|
||||||
name = "*.apps.${var.cluster_name}.${var.domain}."
|
|
||||||
managed_zone = google_dns_managed_zone.internal.name
|
|
||||||
type = "A"
|
|
||||||
ttl = 60
|
|
||||||
rrdatas = [local.router_address]
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
|
@ -22,11 +22,6 @@ locals {
|
||||||
? null
|
? null
|
||||||
: data.google_kms_crypto_key.default.0.id
|
: data.google_kms_crypto_key.default.0.id
|
||||||
)
|
)
|
||||||
dummy_network = (
|
|
||||||
var.service_project.vpc_name != null
|
|
||||||
? data.google_compute_network.dummy.0.id
|
|
||||||
: google_compute_network.dummy.0.id
|
|
||||||
)
|
|
||||||
fs_paths = { for k, v in var.fs_paths : k => pathexpand(v) }
|
fs_paths = { for k, v in var.fs_paths : k => pathexpand(v) }
|
||||||
infra_id = local.install_metadata["infraID"]
|
infra_id = local.install_metadata["infraID"]
|
||||||
install_metadata = jsondecode(file(
|
install_metadata = jsondecode(file(
|
||||||
|
@ -52,19 +47,6 @@ data "google_compute_subnetwork" "default" {
|
||||||
name = var.host_project["${each.key}_subnet_name"]
|
name = var.host_project["${each.key}_subnet_name"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_network" "dummy" {
|
|
||||||
count = var.service_project.vpc_name == null ? 1 : 0
|
|
||||||
project = var.service_project.project_id
|
|
||||||
name = "${local.infra_id}-dns"
|
|
||||||
auto_create_subnetworks = false
|
|
||||||
}
|
|
||||||
|
|
||||||
data "google_compute_network" "dummy" {
|
|
||||||
count = var.service_project.vpc_name == null ? 0 : 1
|
|
||||||
project = var.service_project.project_id
|
|
||||||
name = var.service_project.vpc_name
|
|
||||||
}
|
|
||||||
|
|
||||||
data "google_kms_key_ring" "default" {
|
data "google_kms_key_ring" "default" {
|
||||||
count = var.disk_encryption_key == null ? 0 : 1
|
count = var.disk_encryption_key == null ? 0 : 1
|
||||||
project = var.disk_encryption_key.project_id
|
project = var.disk_encryption_key.project_id
|
||||||
|
|
|
@ -17,7 +17,8 @@
|
||||||
resource "google_compute_instance" "master" {
|
resource "google_compute_instance" "master" {
|
||||||
for_each = toset(var.zones)
|
for_each = toset(var.zones)
|
||||||
project = var.service_project.project_id
|
project = var.service_project.project_id
|
||||||
name = "${local.infra_id}-m-${each.key}"
|
name = "${local.infra_id}-master-${each.key}"
|
||||||
|
hostname = "${local.infra_id}-master-${each.key}.${local.subdomain}"
|
||||||
machine_type = "n1-standard-4"
|
machine_type = "n1-standard-4"
|
||||||
zone = "${var.region}-${each.key}"
|
zone = "${var.region}-${each.key}"
|
||||||
network_interface {
|
network_interface {
|
||||||
|
|
|
@ -121,7 +121,6 @@ variable "service_project" {
|
||||||
description = "Service project configuration."
|
description = "Service project configuration."
|
||||||
type = object({
|
type = object({
|
||||||
project_id = string
|
project_id = string
|
||||||
vpc_name = string
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue