diff --git a/cli/internal/terraform/terraform/aws/main.tf b/cli/internal/terraform/terraform/aws/main.tf index e0b6a4ecc..303410bd0 100644 --- a/cli/internal/terraform/terraform/aws/main.tf +++ b/cli/internal/terraform/terraform/aws/main.tf @@ -77,7 +77,11 @@ module "public_private_subnet" { } resource "aws_eip" "lb" { - for_each = toset(module.public_private_subnet.all_zones) + # TODO(malt3): use for_each = toset(module.public_private_subnet.all_zones) + # in a future version to support all availability zones in the chosen region + # This should only be done after we migrated to DNS-based addressing for the + # control-plane. + for_each = toset([var.zone]) domain = "vpc" tags = local.tags } @@ -92,9 +96,10 @@ resource "aws_lb" "front_end" { # TODO(malt3): use for_each = toset(module.public_private_subnet.all_zones) # in a future version to support all availability zones in the chosen region # without needing to constantly replace the loadbalancer. - # This has to wait until the bootstrapper that we upgrade from (source version) can handle multiple AZs + # This has to wait until the bootstrapper that we upgrade from (source version) use + # DNS-based addressing for the control-plane. # for_each = toset(module.public_private_subnet.all_zones) - for_each = toset(local.zones) + for_each = toset([var.zone]) content { subnet_id = module.public_private_subnet.public_subnet_id[subnet_mapping.key] allocation_id = aws_eip.lb[subnet_mapping.key].id @@ -267,6 +272,7 @@ module "instance_group" { local.tags, { Name = local.name }, { constellation-role = each.value.role }, + { constellation-node-group = each.key }, { constellation-uid = local.uid }, { constellation-init-secret-hash = local.initSecretHash }, { "kubernetes.io/cluster/${local.name}" = "owned" } diff --git a/cli/internal/terraform/terraform/aws/modules/public_private_subnet/main.tf b/cli/internal/terraform/terraform/aws/modules/public_private_subnet/main.tf index 46d3bd40f..98882b8ea 100644 --- a/cli/internal/terraform/terraform/aws/modules/public_private_subnet/main.tf +++ b/cli/internal/terraform/terraform/aws/modules/public_private_subnet/main.tf @@ -15,7 +15,7 @@ locals { # 0 => 192.168.176.0/24 (unused private subnet cidr) # 1 => 192.168.177.0/24 (unused private subnet cidr) legacy = 2 # => 192.168.178.0/24 (legacy private subnet) - a = 3 # => 192.168.178.1/24 (first newly created zonal private subnet) + a = 3 # => 192.168.179.0/24 (first newly created zonal private subnet) b = 4 c = 5 d = 6 diff --git a/internal/cloud/aws/aws.go b/internal/cloud/aws/aws.go index 0d322f2f9..706148b37 100644 --- a/internal/cloud/aws/aws.go +++ b/internal/cloud/aws/aws.go @@ -19,7 +19,6 @@ import ( "context" "errors" "fmt" - "math/rand" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" @@ -146,49 +145,27 @@ func (c *Cloud) GetLoadBalancerEndpoint(ctx context.Context) (string, error) { if err != nil { return "", fmt.Errorf("retrieving load balancer: %w", err) } - if len(output.LoadBalancers) < 1 { - return "", fmt.Errorf("%d load balancers found; expected at least 1", len(output.LoadBalancers)) + if len(output.LoadBalancers) != 1 { + return "", fmt.Errorf("%d load balancers found; expected 1", len(output.LoadBalancers)) } - nodeAZ, err := c.getAZ(ctx) - if err != nil { - return "", fmt.Errorf("retrieving availability zone: %w", err) + // TODO(malt3): Add support for multiple availability zones in the lb frontend. + // This can only be done after we have migrated to using DNS as the load balancer endpoint. + // At that point, we don't need to care about the number of availability zones anymore. + if len(output.LoadBalancers[0].AvailabilityZones) != 1 { + return "", fmt.Errorf("%d availability zones found; expected 1", len(output.LoadBalancers[0].AvailabilityZones)) } - var sameAZEndpoints []string - var endpoints []string - - for _, lb := range output.LoadBalancers { - for az := range lb.AvailabilityZones { - azName := lb.AvailabilityZones[az].ZoneName - for _, lbAddress := range lb.AvailabilityZones[az].LoadBalancerAddresses { - if lbAddress.IpAddress != nil { - endpoints = append(endpoints, *lbAddress.IpAddress) - if azName != nil && *azName == nodeAZ { - sameAZEndpoints = append(sameAZEndpoints, *lbAddress.IpAddress) - } - } - } - } + if len(output.LoadBalancers[0].AvailabilityZones[0].LoadBalancerAddresses) != 1 { + return "", fmt.Errorf("%d load balancer addresses found; expected 1", len(output.LoadBalancers[0].AvailabilityZones[0].LoadBalancerAddresses)) } - - if len(endpoints) < 1 { - return "", errors.New("no load balancer endpoints found") + if output.LoadBalancers[0].AvailabilityZones[0].LoadBalancerAddresses[0].IpAddress == nil { + return "", errors.New("load balancer address is nil") } // TODO(malt3): ideally, we would use DNS here instead of IP addresses. // Requires changes to the infrastructure. - - // for HA on AWS, there is one load balancer per AZ, so we can just return a random one - // prefer LBs in the same AZ as the instance - - if len(sameAZEndpoints) > 0 { - return sameAZEndpoints[rand.Intn(len(sameAZEndpoints))], nil - } - - // fall back to any LB. important for legacy clusters - - return endpoints[rand.Intn(len(endpoints))], nil + return *output.LoadBalancers[0].AvailabilityZones[0].LoadBalancerAddresses[0].IpAddress, nil } // getARNsByTag returns a list of ARNs that have the given tag. @@ -320,14 +297,6 @@ func (c *Cloud) readInstanceTag(ctx context.Context, tag string) (string, error) return findTag(out.Reservations[0].Instances[0].Tags, tag) } -func (c *Cloud) getAZ(ctx context.Context) (string, error) { - identity, err := c.imds.GetInstanceIdentityDocument(ctx, &imds.GetInstanceIdentityDocumentInput{}) - if err != nil { - return "", fmt.Errorf("retrieving instance identity: %w", err) - } - return identity.AvailabilityZone, nil -} - func findTag(tags []ec2Types.Tag, wantKey string) (string, error) { for _, tag := range tags { if tag.Key == nil || tag.Value == nil {