feat(ci.jenkins.io) add a secondary (empty) VM to prepare moving cont…

…roller to secondary sponsored subscription (#583) Ref. jenkins-infra/helpdesk#3913 This PR adds a new ci.jenkins.io controller VM in the new subscription. Blocked by: - Subnet to add for the controller in the new subscription: jenkins-infra/azure-net#195 - Update the terraform module for azure vm controllers to support different AzureRM providers between resources and DNS records (Link to be added) Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
jenkins-infra · Jan 22, 2024 · e2982f3 · e2982f3
1 parent 6259da7
commit e2982f3
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 4 deletions.
diff --git a/.shared-tools b/.shared-tools
diff --git a/ci.jenkins.io.tf b/ci.jenkins.io.tf
@@ -43,6 +43,45 @@ module "ci_jenkins_io" {
   )
 }
 
+module "ci_jenkins_io_sponsorship" {
+  source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-controller"
+  providers = {
+    azurerm     = azurerm.jenkins-sponsorship
+    azurerm.dns = azurerm
+    azuread     = azuread
+  }
+
+  service_fqdn                 = "ci.jenkins.io"
+  location                     = data.azurerm_virtual_network.public_jenkins_sponsorship.location
+  admin_username               = local.admin_username
+  admin_ssh_publickey          = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKvZ23dkvhjSU0Gxl5+mKcBOwmR7gqJDYeA1/Xzl3otV4CtC5te5Vx7YnNEFDXD6BsNkFaliXa34yE37WMdWl+exIURBMhBLmOPxEP/cWA5ZbXP//78ejZsxawBpBJy27uQhdcR0zVoMJc8Q9ShYl5YT/Tq1UcPq2wTNFvnrBJL1FrpGT+6l46BTHI+Wpso8BK64LsfX3hKnJEGuHSM0GAcYQSpXAeGS9zObKyZpk3of/Qw/2sVilIOAgNODbwqyWgEBTjMUln71Mjlt1hsEkv3K/VdvpFNF8VNq5k94VX6Rvg5FQBRL5IrlkuNwGWcBbl8Ydqk4wrD3b/PrtuLBEUsqbNhLnlEvFcjak+u2kzCov73csN/oylR0Tkr2y9x2HfZgDJVtvKjkkc4QERo7AqlTuy1whGfDYsioeabVLjZ9ahPjakv9qwcBrEEF+pAya7Q3AgNFVSdPgLDEwEO8GUHaxAjtyXXv9+yPdoDGmG3Pfn3KqM6UZjHCxne3Dr5ZE="
+  controller_network_name      = data.azurerm_subnet.ci_jenkins_io_controller_sponsorship.virtual_network_name
+  controller_network_rg_name   = data.azurerm_subnet.ci_jenkins_io_controller_sponsorship.resource_group_name
+  controller_subnet_name       = data.azurerm_subnet.ci_jenkins_io_controller_sponsorship.name
+  controller_os_disk_size_gb   = 64
+  controller_data_disk_size_gb = 512
+  controller_vm_size           = "Standard_D8as_v5"
+  is_public                    = true
+  default_tags                 = local.default_tags
+  jenkins_infra_ips = {
+    ldap_ipv4         = azurerm_public_ip.ldap_jenkins_io_ipv4.ip_address
+    puppet_ipv4       = azurerm_public_ip.puppet_jenkins_io.ip_address
+    privatevpn_subnet = data.azurerm_subnet.private_vnet_data_tier.address_prefixes
+  }
+  controller_service_principal_ids = [
+    data.azuread_service_principal.terraform_production.id,
+  ]
+  controller_service_principal_end_date = "2024-04-30T00:00:00Z"
+  controller_packer_rg_ids = [
+    azurerm_resource_group.packer_images["prod"].id
+  ]
+
+  agent_ip_prefixes = concat(
+    [local.external_services["s390x.${data.azurerm_dns_zone.jenkinsio.name}"]],
+    data.azurerm_subnet.ci_jenkins_io_ephemeral_agents_jenkins_sponsorship.address_prefixes,
+  )
+}
+
 module "ci_jenkins_io_azurevm_agents" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-azurevm-agents"
 
@@ -68,6 +107,7 @@ resource "azurerm_resource_group" "controller_jenkins_sponsorship" {
   location = var.location
   tags     = local.default_tags
 }
+
 # Required to allow controller to check for subnets inside the sponsorship network
 resource "azurerm_role_definition" "controller_vnet_sponsorship_reader" {
   provider = azurerm.jenkins-sponsorship

diff --git a/publick8s.tf b/publick8s.tf
@@ -67,9 +67,9 @@ resource "azurerm_kubernetes_cluster" "publick8s" {
     outbound_type     = "loadBalancer"
     load_balancer_sku = "standard"
     load_balancer_profile {
-      outbound_ports_allocated  = "2560" # Max 25 Nodes, 64000 ports total per public IP
-      idle_timeout_in_minutes   = "4"
-      managed_outbound_ip_count = "3"
+      outbound_ports_allocated    = "2560" # Max 25 Nodes, 64000 ports total per public IP
+      idle_timeout_in_minutes     = "4"
+      managed_outbound_ip_count   = "3"
       managed_outbound_ipv6_count = "2"
     }
   }

diff --git a/vnets.tf b/vnets.tf
@@ -89,6 +89,12 @@ data "azurerm_subnet" "private_vnet_data_tier" {
   virtual_network_name = data.azurerm_virtual_network.private.name
   resource_group_name  = data.azurerm_resource_group.private.name
 }
+data "azurerm_subnet" "ci_jenkins_io_controller_sponsorship" {
+  provider             = azurerm.jenkins-sponsorship
+  name                 = "${data.azurerm_virtual_network.public_jenkins_sponsorship.name}-ci_jenkins_io_controller"
+  virtual_network_name = data.azurerm_virtual_network.public_jenkins_sponsorship.name
+  resource_group_name  = data.azurerm_virtual_network.public_jenkins_sponsorship.resource_group_name
+}
 data "azurerm_subnet" "ci_jenkins_io_ephemeral_agents" {
   name                 = "${data.azurerm_virtual_network.public.name}-ci_jenkins_io_agents"
   virtual_network_name = data.azurerm_virtual_network.public.name
+1 −2		terraform/README.adoc
+7 −2		terraform/modules/azure-jenkinsinfra-controller/main.tf
+2 −2		terraform/modules/azure-jenkinsinfra-controller/outputs.tf
+1 −1		terraform/modules/jenkins-infra-shared-data/outputs.tf