Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-22 15:00:38 -04:00
Code Issues Projects Releases Packages Wiki Activity

terraform: always use uniform role names (#1960)

Browse source
This commit is contained in:
Malte Poll 2023-06-23 12:08:30 +02:00 committed by GitHub
parent 114103c46b
commit 92cd9c1dac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 40 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cli/internal/terraform/terraform/aws/modules/instance_group/variables.tf
View file

@ -5,7 +5,11 @@ variable "name" {
variable "role" {
type = string
description = "The role of the instance group. Has to be 'ControlPlane' or 'Worker'."
description = "The role of the instance group."
validation {
condition = contains(["control-plane", "worker"], var.role)
error_message = "The role has to be 'control-plane' or 'worker'."
}
}
variable "uid" {

2
cli/internal/terraform/terraform/azure/modules/scale_set/main.tf
View file

@ -18,7 +18,7 @@ locals {
{ constellation-node-group = var.node_group_name },
)
group_uid = random_id.uid.hex
name = "${var.base_name}-${var.role}${local.group_uid}"
name = "${var.base_name}-${var.role}-${local.group_uid}"
}
resource "random_id" "uid" {

4
cli/internal/terraform/terraform/gcp/main.tf
View file

@ -56,7 +56,7 @@ locals {
for name, node_group in var.node_groups : node_group.role => name...
}
control_plane_instance_groups = [
for control_plane in local.node_groups_by_role["ControlPlane"] : module.instance_group[control_plane].instance_group
for control_plane in local.node_groups_by_role["control-plane"] : module.instance_group[control_plane].instance_group
]
}
@ -167,7 +167,7 @@ module "instance_group" {
alias_ip_range_name = google_compute_subnetwork.vpc_subnetwork.secondary_ip_range[0].range_name
kube_env = local.kube_env
debug = var.debug
named_ports = each.value.role == "ControlPlane" ? local.control_plane_named_ports : []
named_ports = each.value.role == "control-plane" ? local.control_plane_named_ports : []
labels = local.labels
init_secret_hash = local.initSecretHash
}

25
cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
View file

@ -13,18 +13,8 @@ terraform {
}
locals {
# migration: allow the old node group names to work since they were created without the uid
# and without multiple node groups in mind
# node_group: worker_default => name == "<base>-1-worker"
# node_group: control_plane_default => name: "<base>-control-plane"
# new names:
# node_group: foo, role: Worker => name == "<base>-worker-<uid>"
# node_group: bar, role: ControlPlane => name == "<base>-control-plane-<uid>"
role_dashed = var.role == "ControlPlane" ? "control-plane" : "worker"
group_uid = random_id.uid.hex
maybe_uid = (var.node_group_name == "control_plane_default" || var.node_group_name == "worker_default") ? "" : "-${local.group_uid}"
maybe_one = var.node_group_name == "worker_default" ? "-1" : ""
name = "${var.base_name}${local.maybe_one}-${local.role_dashed}${local.maybe_uid}"
name = "${var.base_name}-${var.role}-${local.group_uid}"
state_disk_name = "state-disk"
}
@ -37,7 +27,7 @@ resource "google_compute_instance_template" "template" {
machine_type = var.instance_type
tags = ["constellation-${var.uid}"] // Note that this is also applied as a label
labels = merge(var.labels, {
constellation-role = local.role_dashed,
constellation-role = var.role,
constellation-node-group = var.node_group_name,
})
@ -103,6 +93,7 @@ resource "google_compute_instance_template" "template" {
lifecycle {
ignore_changes = [
name, # required. legacy instance templates used different naming scheme
tags,
labels,
disk, # required. update procedure modifies the instance template externally
@ -124,7 +115,7 @@ resource "google_compute_instance_group_manager" "instance_group_manager" {
target_size = var.instance_count
dynamic "stateful_disk" {
for_each = var.role == "ControlPlane" ? [1] : []
for_each = var.role == "control-plane" ? [1] : []
content {
device_name = local.state_disk_name
delete_rule = "ON_PERMANENT_INSTANCE_DELETION"
@ -132,7 +123,7 @@ resource "google_compute_instance_group_manager" "instance_group_manager" {
}
dynamic "stateful_internal_ip" {
for_each = var.role == "ControlPlane" ? [1] : []
for_each = var.role == "control-plane" ? [1] : []
content {
interface_name = "nic0"
delete_rule = "ON_PERMANENT_INSTANCE_DELETION"
@ -153,8 +144,10 @@ resource "google_compute_instance_group_manager" "instance_group_manager" {
lifecycle {
ignore_changes = [
target_size, # required. autoscaling modifies the instance count externally
version, # required. update procedure modifies the instance template externally
name, # required. legacy instance templates used different naming scheme
base_instance_name, # required. legacy instance templates used different naming scheme
target_size, # required. autoscaling modifies the instance count externally
version, # required. update procedure modifies the instance template externally
]
}
}

4
cli/internal/terraform/terraform/gcp/modules/instance_group/variables.tf
View file

@ -12,8 +12,8 @@ variable "role" {
type = string
description = "The role of the instance group."
validation {
condition = contains(["ControlPlane", "Worker"], var.role)
error_message = "The role has to be 'ControlPlane' or 'Worker'."
condition = contains(["control-plane", "worker"], var.role)
error_message = "The role has to be 'control-plane' or 'worker'."
}
}

4
cli/internal/terraform/terraform/gcp/variables.tf
View file

@ -14,6 +14,10 @@ variable "node_groups" {
initial_count = number
}))
description = "A map of node group names to node group configurations."
validation {
condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"])
error_message = "The role has to be 'control-plane' or 'worker'."
}
}
variable "project" {

4
cli/internal/terraform/terraform/openstack/main.tf
View file

@ -161,7 +161,7 @@ resource "openstack_compute_secgroup_v2" "vpc_secgroup" {
module "instance_group_control_plane" {
source = "./modules/instance_group"
name = local.name
role = "ControlPlane"
role = "control-plane"
instance_count = var.control_plane_count
image_id = openstack_images_image_v2.constellation_os_image.image_id
flavor_id = var.flavor_id
@ -182,7 +182,7 @@ module "instance_group_control_plane" {
module "instance_group_worker" {
source = "./modules/instance_group"
name = local.name
role = "Worker"
role = "worker"
instance_count = var.worker_count
image_id = openstack_images_image_v2.constellation_os_image.image_id
flavor_id = var.flavor_id

7
cli/internal/terraform/terraform/openstack/modules/instance_group/main.tf
View file

@ -8,9 +8,8 @@ terraform {
}
locals {
role_dashed = var.role == "ControlPlane" ? "control-plane" : "worker"
name = "${var.name}-${local.role_dashed}"
tags = distinct(sort(concat(var.tags, ["constellation-role-${local.role_dashed}"])))
name = "${var.name}-${var.role}"
tags = distinct(sort(concat(var.tags, ["constellation-role-${var.role}"])))
}
# TODO(malt3): get this API enabled in the test environment
@ -49,7 +48,7 @@ resource "openstack_compute_instance_v2" "instance_group_member" {
delete_on_termination = true
}
metadata = {
constellation-role = local.role_dashed
constellation-role = var.role
constellation-uid = var.uid
constellation-init-secret-hash = var.init_secret_hash
openstack-auth-url = var.identity_internal_url

4
cli/internal/terraform/terraform/openstack/modules/instance_group/variables.tf
View file

@ -12,8 +12,8 @@ variable "role" {
type = string
description = "The role of the instance group."
validation {
condition = contains(["ControlPlane", "Worker"], var.role)
error_message = "The role has to be 'ControlPlane' or 'Worker'."
condition = contains(["control-plane", "worker"], var.role)
error_message = "The role has to be 'control-plane' or 'worker'."
}
}