constellation/terraform/infrastructure/openstack/modules/instance_group/main.tf

79 lines
2.3 KiB
Terraform
Raw Normal View History

terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
2024-02-12 09:25:23 -05:00
version = "1.54.1"
}
}
}
locals {
tags = distinct(sort(concat(var.tags, ["constellation-role-${var.role}"], ["constellation-node-group-${var.node_group_name}"])))
group_uid = random_id.uid.hex
aws: use new LB controller to fix SecurityGroup cleanup on K8s service deletion (#2090) * add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
2023-07-24 04:30:53 -04:00
name = "${var.base_name}-${var.role}-${local.group_uid}"
}
resource "random_id" "uid" {
byte_length = 4
}
resource "openstack_networking_port_v2" "port" {
name = "${local.name}-${count.index}"
count = var.initial_count
admin_state_up = "true"
network_id = var.network_id
fixed_ip {
subnet_id = var.subnet_id
}
security_group_ids = var.security_groups
}
# TODO(malt3): get this API enabled in the test environment
# resource "openstack_compute_servergroup_v2" "instance_group" {
# name = local.name
# policies = ["soft-anti-affinity"]
# }
resource "openstack_compute_instance_v2" "instance_group_member" {
name = "${local.name}-${count.index}"
count = var.initial_count
image_id = var.image_id
flavor_id = var.flavor_id
tags = local.tags
# TODO(malt3): get this API enabled in the test environment
# scheduler_hints {
# group = openstack_compute_servergroup_v2.instance_group.id
# }
network {
port = openstack_networking_port_v2.port[count.index].id
}
block_device {
uuid = var.image_id
source_type = "image"
destination_type = "local"
boot_index = 0
delete_on_termination = true
}
block_device {
source_type = "blank"
destination_type = "volume"
volume_size = var.disk_size
volume_type = var.state_disk_type
boot_index = 1
delete_on_termination = true
}
metadata = {
constellation-role = var.role
constellation-uid = var.uid
constellation-init-secret-hash = var.init_secret_hash
openstack-auth-url = var.identity_internal_url
openstack-username = var.openstack_username
openstack-password = var.openstack_password
openstack-user-domain-name = var.openstack_user_domain_name
openstack-load-balancer-endpoint = var.openstack_load_balancer_endpoint
}
availability_zone_hints = var.availability_zone
}