Skip to content

Commit

Permalink
Add IBM Power VS: tf data
Browse files Browse the repository at this point in the history
For more background on IPI on Power VS, refer to the enhancement
proposal here: openshift/enhancements#736

Older discussions on some of the code here can be found in openshift#5224

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
  • Loading branch information
clnperez committed Mar 25, 2022
1 parent ca8aacd commit 57d898f
Show file tree
Hide file tree
Showing 26 changed files with 815 additions and 0 deletions.
77 changes: 77 additions & 0 deletions data/data/powervs/cluster/bootstrap/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# TODO(mjturek): network and image data blocks can be in main module
# as master and bootstrap will be using the same
# network and image. Once we add in master module, make
# the move.
data "ibm_pi_network" "network" {
pi_network_name = var.network_name
pi_cloud_instance_id = var.cloud_instance_id
}

data "ibm_resource_group" "cos_group" {
name = var.resource_group
}

resource "ibm_resource_instance" "cos_instance" {
name = "${var.cluster_id}-cos"
resource_group_id = data.ibm_resource_group.cos_group.id
service = "cloud-object-storage"
plan = "standard"
location = var.cos_instance_location
tags = [var.cluster_id]
}

# Create an IBM COS Bucket to store ignition
resource "ibm_cos_bucket" "ignition" {
bucket_name = "${var.cluster_id}-bootstrap-ign"
resource_instance_id = ibm_resource_instance.cos_instance.id
region_location = var.cos_bucket_location
storage_class = var.cos_storage_class
}

resource "ibm_resource_key" "cos_service_cred" {
name = "${var.cluster_id}-cred"
role = "Reader"
resource_instance_id = ibm_resource_instance.cos_instance.id
parameters = { HMAC = true }
}

# Place the bootstrap ignition file in the ignition COS bucket
resource "ibm_cos_bucket_object" "ignition" {
bucket_crn = ibm_cos_bucket.ignition.crn
bucket_location = ibm_cos_bucket.ignition.region_location
content = var.ignition
key = "bootstrap.ign"
etag = md5(var.ignition)
}

data "ibm_iam_auth_token" "iam_token" {}

# Create the bootstrap instance
resource "ibm_pi_instance" "bootstrap" {
pi_memory = var.memory
pi_processors = var.processors
pi_instance_name = "${var.cluster_id}-bootstrap"
pi_proc_type = var.proc_type
pi_image_id = var.image_id
pi_sys_type = var.sys_type
pi_cloud_instance_id = var.cloud_instance_id
pi_network {
network_id = data.ibm_pi_network.network.id
}
pi_user_data = base64encode(templatefile("${path.module}/templates/bootstrap.ign", {
HOSTNAME = ibm_cos_bucket.ignition.s3_endpoint_public
BUCKET_NAME = ibm_cos_bucket.ignition.bucket_name
OBJECT_NAME = ibm_cos_bucket_object.ignition.key
IAM_TOKEN = data.ibm_iam_auth_token.iam_token.iam_access_token
}))
pi_key_pair_name = var.key_id
pi_health_status = "WARNING"
}

data "ibm_pi_instance_ip" "bootstrap_ip" {
depends_on = [ibm_pi_instance.bootstrap]

pi_instance_name = ibm_pi_instance.bootstrap.pi_instance_name
pi_network_name = data.ibm_pi_network.network.pi_network_name
pi_cloud_instance_id = var.cloud_instance_id
}
3 changes: 3 additions & 0 deletions data/data/powervs/cluster/bootstrap/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "bootstrap_private_ip" {
value = data.ibm_pi_instance_ip.bootstrap_ip.ip
}
16 changes: 16 additions & 0 deletions data/data/powervs/cluster/bootstrap/templates/bootstrap.ign
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"ignition": {
"version": "3.2.0",
"config": {
"replace": {
"source": "https://${HOSTNAME}/${BUCKET_NAME}/${OBJECT_NAME}",
"httpHeaders": [
{
"name": "Authorization",
"value": "${IAM_TOKEN}"
}
]
}
}
}
}
16 changes: 16 additions & 0 deletions data/data/powervs/cluster/bootstrap/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
variable "memory" {}
variable "processors" {}
variable "ignition" {}

variable "cloud_instance_id" {}
variable "resource_group" {}
variable "image_id" {}
variable "network_name" {}
variable "proc_type" {}
variable "sys_type" {}
variable "cluster_id" {}
variable "key_id" {}

variable "cos_instance_location" {}
variable "cos_bucket_location" {}
variable "cos_storage_class" {}
14 changes: 14 additions & 0 deletions data/data/powervs/cluster/bootstrap/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
terraform {
required_version = ">= 0.14"
required_providers {
ibm = {
source = "openshift/local/ibm"
}
ibms3presign = {
source = "openshift/local/ibms3presign"
}
ignition = {
source = "openshift/local/ignition"
}
}
}
22 changes: 22 additions & 0 deletions data/data/powervs/cluster/dns/dns.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
data "ibm_cis_domain" "base_domain" {
cis_id = var.cis_id
domain = var.base_domain
}

resource "ibm_cis_dns_record" "kubernetes_api" {
cis_id = var.cis_id
domain_id = data.ibm_cis_domain.base_domain.id
type = "CNAME"
name = "api.${var.cluster_domain}"
content = var.load_balancer_hostname
ttl = 60
}

resource "ibm_cis_dns_record" "kubernetes_api_internal" {
cis_id = var.cis_id
domain_id = data.ibm_cis_domain.base_domain.id
type = "CNAME"
name = "api-int.${var.cluster_domain}"
content = var.load_balancer_int_hostname
ttl = 60
}
13 changes: 13 additions & 0 deletions data/data/powervs/cluster/dns/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
variable "cis_id" {}

variable "base_domain" {}

variable "cluster_domain" {}

variable "load_balancer_hostname" {}

variable "load_balancer_int_hostname" {}




8 changes: 8 additions & 0 deletions data/data/powervs/cluster/dns/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.14"
required_providers {
ibm = {
source = "openshift/local/ibm"
}
}
}
148 changes: 148 additions & 0 deletions data/data/powervs/cluster/loadbalancer/alb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
locals {
api_servers = concat([var.bootstrap_ip], var.master_ips)
api_servers_count = length(var.master_ips) + 1 # bootstrap + master
app_servers = var.master_ips
app_servers_count = length(var.master_ips)
}

data "ibm_resource_group" "resource_group" {
name = var.resource_group
}

resource "ibm_is_lb" "load_balancer" {
name = "${var.cluster_id}-loadbalancer"
resource_group = data.ibm_resource_group.resource_group.id
subnets = [var.vpc_subnet_id]
security_groups = [ibm_is_security_group.ocp_security_group.id]
tags = [var.cluster_id, "${var.cluster_id}-loadbalancer"]
type = "public"
}

resource "ibm_is_lb" "load_balancer_int" {
name = "${var.cluster_id}-loadbalancer-int"
resource_group = data.ibm_resource_group.resource_group.id
subnets = [var.vpc_subnet_id]
security_groups = [ibm_is_security_group.ocp_security_group.id]
tags = [var.cluster_id, "${var.cluster_id}-loadbalancer-int"]
type = "private"
}

# Using explicit depends_on as otherwise there are issues with updating and adding of pool members
# Ref: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_lb_listener

## TODO move this to internal/private LB
# machine config listener and backend pool
resource "ibm_is_lb_listener" "machine_config_listener" {
lb = ibm_is_lb.load_balancer_int.id
port = 22623
protocol = "tcp"
default_pool = ibm_is_lb_pool.machine_config_pool.id
}
resource "ibm_is_lb_pool" "machine_config_pool" {
depends_on = [ibm_is_lb.load_balancer_int]

name = "machine-config-server"
lb = ibm_is_lb.load_balancer_int.id
algorithm = "round_robin"
protocol = "tcp"
health_delay = 60
health_retries = 5
health_timeout = 30
health_type = "tcp"
}
resource "ibm_is_lb_pool_member" "machine_config_member" {
depends_on = [ibm_is_lb_listener.machine_config_listener]
count = local.api_servers_count

lb = ibm_is_lb.load_balancer_int.id
pool = ibm_is_lb_pool.machine_config_pool.id
port = 22623
target_address = local.api_servers[count.index]
}

# api listener and backend pool (internal)
resource "ibm_is_lb_listener" "api_listener_int" {
lb = ibm_is_lb.load_balancer_int.id
port = 6443
protocol = "tcp"
default_pool = ibm_is_lb_pool.api_pool_int.id
}
resource "ibm_is_lb_pool" "api_pool_int" {
depends_on = [ibm_is_lb.load_balancer_int]

name = "openshift-api-server"
lb = ibm_is_lb.load_balancer_int.id
algorithm = "round_robin"
protocol = "tcp"
health_delay = 60
health_retries = 5
health_timeout = 30
health_type = "tcp"
}
resource "ibm_is_lb_pool_member" "api_member_int" {
depends_on = [ibm_is_lb_listener.api_listener_int, ibm_is_lb_pool_member.machine_config_member]
count = local.api_servers_count

lb = ibm_is_lb.load_balancer_int.id
pool = ibm_is_lb_pool.api_pool_int.id
port = 6443
target_address = local.api_servers[count.index]
}

# api listener and backend pool (external)
resource "ibm_is_lb_listener" "api_listener" {
lb = ibm_is_lb.load_balancer.id
port = 6443
protocol = "tcp"
default_pool = ibm_is_lb_pool.api_pool.id
}
resource "ibm_is_lb_pool" "api_pool" {
depends_on = [ibm_is_lb.load_balancer]

name = "openshift-api-server"
lb = ibm_is_lb.load_balancer.id
algorithm = "round_robin"
protocol = "tcp"
health_delay = 60
health_retries = 5
health_timeout = 30
health_type = "tcp"
}
resource "ibm_is_lb_pool_member" "api_member" {
depends_on = [ibm_is_lb_listener.api_listener, ibm_is_lb_pool_member.machine_config_member]
count = local.api_servers_count

lb = ibm_is_lb.load_balancer.id
pool = ibm_is_lb_pool.api_pool.id
port = 6443
target_address = local.api_servers[count.index]
}

# bootstrap listener and backend pool
resource "ibm_is_lb_listener" "bootstrap_listener" {
lb = ibm_is_lb.load_balancer.id
port = 22
protocol = "tcp"
default_pool = ibm_is_lb_pool.bootstrap_pool.id
}
resource "ibm_is_lb_pool" "bootstrap_pool" {
depends_on = [ibm_is_lb.load_balancer]

name = "bootstrap-node"
lb = ibm_is_lb.load_balancer.id
algorithm = "round_robin"
protocol = "tcp"
health_delay = 5
health_retries = 2
health_timeout = 2
health_type = "tcp"
}
resource "ibm_is_lb_pool_member" "bootstrap" {
depends_on = [ibm_is_lb_listener.bootstrap_listener]

lb = ibm_is_lb.load_balancer.id
pool = ibm_is_lb_pool.bootstrap_pool.id
port = 22
target_address = var.bootstrap_ip
}

7 changes: 7 additions & 0 deletions data/data/powervs/cluster/loadbalancer/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
output "powervs_lb_hostname" {
value = ibm_is_lb.load_balancer.hostname
}

output "powervs_lb_int_hostname" {
value = ibm_is_lb.load_balancer_int.hostname
}
28 changes: 28 additions & 0 deletions data/data/powervs/cluster/loadbalancer/sg.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
locals {
tcp_ports = [22623, 6443, 22]
}
data "ibm_is_vpc" "vpc" {
name = var.vpc_name
}

resource "ibm_is_security_group" "ocp_security_group" {
name = "${var.cluster_id}-ocp-sec-group"
resource_group = data.ibm_resource_group.resource_group.id
vpc = data.ibm_is_vpc.vpc.id
tags = [var.cluster_id]
}

resource "ibm_is_security_group_rule" "inbound_ports" {
count = length(local.tcp_ports)
group = ibm_is_security_group.ocp_security_group.id
direction = "inbound"
tcp {
port_min = local.tcp_ports[count.index]
port_max = local.tcp_ports[count.index]
}
}

resource "ibm_is_security_group_rule" "outbound_any" {
group = ibm_is_security_group.ocp_security_group.id
direction = "outbound"
}
9 changes: 9 additions & 0 deletions data/data/powervs/cluster/loadbalancer/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "cluster_id" {}

variable "vpc_name" {}
variable "vpc_subnet_id" {}

variable "bootstrap_ip" {}
variable "master_ips" {}

variable "resource_group" {}
8 changes: 8 additions & 0 deletions data/data/powervs/cluster/loadbalancer/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.14"
required_providers {
ibm = {
source = "openshift/local/ibm"
}
}
}
Loading

0 comments on commit 57d898f

Please sign in to comment.