mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-08-07 06:22:17 -04:00
3u13r
GitHub
parent
a6d201b761
commit
130c61ffcf
10 changed files with 612 additions and 0 deletions
189
terraform/aws/main.tf
Normal file
189
terraform/aws/main.tf
Normal file
|
|
@ -0,0 +1,189 @@
|
|||
terraform {
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "~> 4.0"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "3.4.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Configure the AWS Provider
|
||||
provider "aws" {
|
||||
region = var.region
|
||||
}
|
||||
|
||||
locals {
|
||||
uid = random_id.uid.hex
|
||||
name = "${var.name}-${local.uid}"
|
||||
tag = "constellation-${local.uid}"
|
||||
ports_node_range = "30000-32767"
|
||||
ports_ssh = "22"
|
||||
|
||||
ports_kubernetes = "6443"
|
||||
ports_bootstrapper = "9000"
|
||||
ports_konnectivity = "8132"
|
||||
ports_verify = "30081"
|
||||
ports_debugd = "4000"
|
||||
|
||||
cidr_vpc_subnet_nodes = "192.168.178.0/24"
|
||||
}
|
||||
|
||||
resource "random_id" "uid" {
|
||||
byte_length = 4
|
||||
}
|
||||
|
||||
resource "aws_vpc" "vpc" {
|
||||
cidr_block = "192.168.0.0/16"
|
||||
tags = {
|
||||
Name = "${local.name}-vpc"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_subnet" "main" {
|
||||
vpc_id = aws_vpc.vpc.id
|
||||
cidr_block = local.cidr_vpc_subnet_nodes
|
||||
tags = {
|
||||
Name = "${local.name}-subnet"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_internet_gateway" "gw" {
|
||||
vpc_id = aws_vpc.vpc.id
|
||||
|
||||
tags = {
|
||||
Name = "${local.name}-gateway"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_security_group" "security_group" {
|
||||
name = local.name
|
||||
vpc_id = aws_vpc.vpc.id
|
||||
description = "Security group for ${local.name}"
|
||||
|
||||
egress {
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "Allow all outbound traffic"
|
||||
}
|
||||
|
||||
ingress {
|
||||
from_port = split("-", local.ports_node_range)[0]
|
||||
to_port = split("-", local.ports_node_range)[1]
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "K8s node ports"
|
||||
}
|
||||
|
||||
ingress {
|
||||
from_port = local.ports_bootstrapper
|
||||
to_port = local.ports_bootstrapper
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "bootstrapper"
|
||||
}
|
||||
|
||||
ingress {
|
||||
from_port = local.ports_kubernetes
|
||||
to_port = local.ports_kubernetes
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "kubernetes"
|
||||
}
|
||||
|
||||
ingress {
|
||||
from_port = local.ports_konnectivity
|
||||
to_port = local.ports_konnectivity
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "konnectivity"
|
||||
}
|
||||
|
||||
ingress {
|
||||
from_port = local.ports_debugd
|
||||
to_port = local.ports_debugd
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "debugd"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
module "load_balancer_bootstrapper" {
|
||||
source = "./modules/load_balancer"
|
||||
name = "${local.name}-bootstrapper"
|
||||
vpc = aws_vpc.vpc.id
|
||||
subnet = aws_subnet.main.id
|
||||
port = local.ports_bootstrapper
|
||||
}
|
||||
|
||||
module "load_balancer_kubernetes" {
|
||||
source = "./modules/load_balancer"
|
||||
name = "${local.name}-kubernetes"
|
||||
vpc = aws_vpc.vpc.id
|
||||
subnet = aws_subnet.main.id
|
||||
port = local.ports_kubernetes
|
||||
}
|
||||
|
||||
module "load_balancer_verify" {
|
||||
source = "./modules/load_balancer"
|
||||
name = "${local.name}-verify"
|
||||
vpc = aws_vpc.vpc.id
|
||||
subnet = aws_subnet.main.id
|
||||
port = local.ports_verify
|
||||
}
|
||||
|
||||
module "load_balancer_debugd" {
|
||||
source = "./modules/load_balancer"
|
||||
name = "${local.name}-debugd"
|
||||
vpc = aws_vpc.vpc.id
|
||||
subnet = aws_subnet.main.id
|
||||
port = local.ports_debugd
|
||||
}
|
||||
|
||||
module "load_balancer_konnectivity" {
|
||||
source = "./modules/load_balancer"
|
||||
name = "${local.name}-konnectivity"
|
||||
vpc = aws_vpc.vpc.id
|
||||
subnet = aws_subnet.main.id
|
||||
port = local.ports_konnectivity
|
||||
}
|
||||
|
||||
module "instance_group_control_plane" {
|
||||
source = "./modules/instance_group"
|
||||
name = local.name
|
||||
role = "control-plane"
|
||||
|
||||
uid = local.uid
|
||||
instance_type = var.instance_type
|
||||
instance_count = var.count_control_plane
|
||||
image_id = var.ami
|
||||
disk_size = var.disk_size
|
||||
target_group_arns = [
|
||||
module.load_balancer_bootstrapper.target_group_arn,
|
||||
module.load_balancer_kubernetes.target_group_arn,
|
||||
module.load_balancer_verify.target_group_arn,
|
||||
module.load_balancer_debugd.target_group_arn
|
||||
]
|
||||
subnetwork = aws_subnet.main.id
|
||||
iam_instance_profile = var.control_plane_iam_instance_profile
|
||||
}
|
||||
|
||||
module "instance_group_worker_nodes" {
|
||||
source = "./modules/instance_group"
|
||||
name = local.name
|
||||
role = "worker"
|
||||
uid = local.uid
|
||||
instance_type = var.instance_type
|
||||
instance_count = var.count_worker_nodes
|
||||
image_id = var.ami
|
||||
disk_size = var.disk_size
|
||||
subnetwork = aws_subnet.main.id
|
||||
target_group_arns = []
|
||||
iam_instance_profile = var.worker_nodes_iam_instance_profile
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue