terraform: azure node groups (#1955)

* init * migration working * make tf variables with default value optional in go through ptr type * fix CI build * pr feedback * add azure targets tf * skip migration for empty targets * make instance_count optional * change role naming to dashed + add validation * make node_group.zones optional * Update cli/internal/terraform/terraform/azure/main.tf Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * malte feedback --------- Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2025-05-06 08:15:48 -04:00 · 2023-06-22 16:53:40 +02:00 · 2023-06-22 16:53:40 +02:00 · 487fa1e397
commit 487fa1e397
parent 224c74f883
11 changed files with 240 additions and 179 deletions
--- a/cli/internal/cloudcmd/create.go
+++ b/cli/internal/cloudcmd/create.go
@ -26,6 +26,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/imagefetcher"
+	"github.com/edgelesssys/constellation/v2/internal/role"
 )

 // Creator creates cloud resources.
@ -214,25 +215,35 @@ func (c *Creator) createGCP(ctx context.Context, cl terraformClient, opts Create

 func (c *Creator) createAzure(ctx context.Context, cl terraformClient, opts CreateOptions) (idFile clusterid.File, retErr error) {
 	vars := terraform.AzureClusterVariables{
-		CommonVariables: terraform.CommonVariables{
-			Name:               opts.Config.Name,
-			CountControlPlanes: opts.ControlPlaneCount,
-			CountWorkers:       opts.WorkerCount,
-			StateDiskSizeGB:    opts.Config.StateDiskSizeGB,
+		Name: opts.Config.Name,
+		NodeGroups: map[string]terraform.AzureNodeGroup{
+			"control_plane_default": {
+				Role:          role.ControlPlane.TFString(),
+				InstanceCount: toPtr(opts.ControlPlaneCount),
+				InstanceType:  opts.InsType,
+				DiskSizeGB:    opts.Config.StateDiskSizeGB,
+				DiskType:      opts.Config.Provider.Azure.StateDiskType,
+				Zones:         nil, // TODO(elchead): support zones AB#3225
+			},
+			"worker_default": {
+				Role:          role.Worker.TFString(),
+				InstanceCount: toPtr(opts.WorkerCount),
+				InstanceType:  opts.InsType,
+				DiskSizeGB:    opts.Config.StateDiskSizeGB,
+				DiskType:      opts.Config.Provider.Azure.StateDiskType,
+				Zones:         nil,
+			},
 		},
 		Location:             opts.Config.Provider.Azure.Location,
-		ResourceGroup:        opts.Config.Provider.Azure.ResourceGroup,
-		UserAssignedIdentity: opts.Config.Provider.Azure.UserAssignedIdentity,
-		InstanceType:         opts.InsType,
-		StateDiskType:        opts.Config.Provider.Azure.StateDiskType,
 		ImageID:              opts.image,
-		SecureBoot:           *opts.Config.Provider.Azure.SecureBoot,
-		CreateMAA:            opts.Config.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{}),
-		Debug:                opts.Config.IsDebugCluster(),
+		CreateMAA:            toPtr(opts.Config.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
+		Debug:                toPtr(opts.Config.IsDebugCluster()),
+		ConfidentialVM:       toPtr(opts.Config.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
+		SecureBoot:           opts.Config.Provider.Azure.SecureBoot,
+		UserAssignedIdentity: opts.Config.Provider.Azure.UserAssignedIdentity,
+		ResourceGroup:        opts.Config.Provider.Azure.ResourceGroup,
 	}

-	vars.ConfidentialVM = opts.Config.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})
-
 	vars = normalizeAzureURIs(vars)

 	if err := cl.PrepareWorkspace(path.Join("terraform", strings.ToLower(cloudprovider.Azure.String())), &vars); err != nil {
@ -245,7 +256,7 @@ func (c *Creator) createAzure(ctx context.Context, cl terraformClient, opts Crea
 		return clusterid.File{}, err
 	}

-	if vars.CreateMAA {
+	if vars.CreateMAA != nil && *vars.CreateMAA {
 		// Patch the attestation policy to allow the cluster to boot while having secure boot disabled.
 		if err := c.policyPatcher.Patch(ctx, tfOutput.AttestationURL); err != nil {
 			return clusterid.File{}, err
@ -442,3 +453,7 @@ func (c *Creator) createQEMU(ctx context.Context, cl terraformClient, lv libvirt
 		UID:           tfOutput.UID,
 	}, nil
 }
+
+func toPtr[T any](v T) *T {
+	return &v
+}