terraform: align infrastructure module attributes (#2703)

* all vars have snail_case * make iam schema consistent * infrastructure schema * terraform: update AWS infrastructure module * fix ci * terraform: update AWS infrastructure module * terraform: update AWS IAM module * terraform: update Azure Infrastructure module inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update Azure IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update GCP IAM module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update OpenStack Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: update QEMU Infrastructure module Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform-module: fix input name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: tidy * cli: ignore whitespace in Terraform variable tests * terraform-module: fix AWS output names * terraform-module: fix output references Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: rename `api_server_cert_sans` * Update terraform/infrastructure/aws/modules/public_private_subnet/variables.tf Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix self-managed * terraform: revert AWS modules output file renaming * terraform: remove duplicate varable declaration * terraform: rename Azure location field * ci: adjust output name in self-managed e2e test * e2e: continuously print output in upgrade test * e2e: write to output variables * cli: migrate IAM variable names * cli: make `location` field optional --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-12-10 05:31:11 -05:00 · 2023-12-15 10:36:58 +01:00 · 2023-12-15 10:36:58 +01:00 · 9667dfff58
commit 9667dfff58
parent 6f6f28b8cc
76 changed files with 745 additions and 767 deletions
--- a/terraform/infrastructure/gcp/main.tf
+++ b/terraform/infrastructure/gcp/main.tf
@ -30,9 +30,9 @@ provider "google-beta" {
 }

 locals {
-  uid            = random_id.uid.hex
-  name           = "${var.name}-${local.uid}"
-  initSecretHash = random_password.initSecret.bcrypt_hash
+  uid              = random_id.uid.hex
+  name             = "${var.name}-${local.uid}"
+  init_secret_hash = random_password.init_secret.bcrypt_hash
  labels = {
    constellation-uid = local.uid,
  }
@ -55,7 +55,7 @@ locals {
    for name, node_group in var.node_groups : node_group.role => name...
  }
  control_plane_instance_groups = [
-    for control_plane in local.node_groups_by_role["control-plane"] : module.instance_group[control_plane].instance_group
+    for control_plane in local.node_groups_by_role["control-plane"] : module.instance_group[control_plane].instance_group_url
  ]
  in_cluster_endpoint     = var.internal_load_balancer ? google_compute_address.loadbalancer_ip_internal[0].address : google_compute_global_address.loadbalancer_ip[0].address
  out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint
@ -65,7 +65,7 @@ resource "random_id" "uid" {
  byte_length = 4
 }

-resource "random_password" "initSecret" {
+resource "random_password" "init_secret" {
  length           = 32
  special          = true
  override_special = "_%@"
@ -187,7 +187,7 @@ module "instance_group" {
  debug               = var.debug
  named_ports         = each.value.role == "control-plane" ? local.control_plane_named_ports : []
  labels              = local.labels
-  init_secret_hash    = local.initSecretHash
+  init_secret_hash    = local.init_secret_hash
  custom_endpoint     = var.custom_endpoint
 }

--- a/terraform/infrastructure/gcp/modules/instance_group/outputs.tf
+++ b/terraform/infrastructure/gcp/modules/instance_group/outputs.tf
@ -1,3 +1,4 @@
-output "instance_group" {
-  value = google_compute_instance_group_manager.instance_group_manager.instance_group
+output "instance_group_url" {
+  value       = google_compute_instance_group_manager.instance_group_manager.instance_group
+  description = "Full URL of the instance group."
 }
--- a/terraform/infrastructure/gcp/modules/instance_group/variables.tf
+++ b/terraform/infrastructure/gcp/modules/instance_group/variables.tf
@ -10,7 +10,7 @@ variable "node_group_name" {

 variable "role" {
  type        = string
-  description = "The role of the instance group."
+  description = "Role of the instance group."
  validation {
    condition     = contains(["control-plane", "worker"], var.role)
    error_message = "The role has to be 'control-plane' or 'worker'."
@ -19,7 +19,7 @@ variable "role" {

 variable "uid" {
  type        = string
-  description = "UID of the cluster. This is used for tags."
+  description = "Unique Identifier (UID) of the cluster."
 }

 variable "labels" {
@ -35,22 +35,22 @@ variable "instance_type" {

 variable "initial_count" {
  type        = number
-  description = "Number of instances in the instance group."
+  description = "Number of instances in the group."
 }

 variable "image_id" {
  type        = string
-  description = "Image ID for the nodes."
+  description = "OS Image reference for the cluster's nodes."
 }

 variable "disk_size" {
  type        = number
-  description = "Disk size for the nodes, in GB."
+  description = "Disk size for the state disk of the nodes [GB]."
 }

 variable "disk_type" {
  type        = string
-  description = "Disk type for the nodes. Has to be 'pd-standard' or 'pd-ssd'."
+  description = "Disk type for the nodes. Has to be either 'pd-standard' or 'pd-ssd'."
 }

 variable "network" {
@ -65,12 +65,12 @@ variable "subnetwork" {

 variable "kube_env" {
  type        = string
-  description = "Kubernetes env."
+  description = "Value of the \"kube-env\" metadata key."
 }

 variable "init_secret_hash" {
  type        = string
-  description = "Hash of the init secret."
+  description = "BCrypt Hash of the initialization secret."
 }

 variable "named_ports" {
@ -82,7 +82,7 @@ variable "named_ports" {
 variable "debug" {
  type        = bool
  default     = false
-  description = "Enable debug mode. This will enable serial port access on the instances."
+  description = "DO NOT USE IN PRODUCTION. Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
 }

 variable "alias_ip_range_name" {
@ -97,5 +97,5 @@ variable "zone" {

 variable "custom_endpoint" {
  type        = string
-  description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used."
+  description = "Custom endpoint to use for the Kubernetes API server. If not set, the default endpoint will be used."
 }
--- a/terraform/infrastructure/gcp/modules/internal_load_balancer/variables.tf
+++ b/terraform/infrastructure/gcp/modules/internal_load_balancer/variables.tf
@ -5,22 +5,22 @@ variable "name" {

 variable "region" {
  type        = string
-  description = "The region where the load balancer will be created."
+  description = "Region to create the load balancer in."
 }

 variable "network" {
  type        = string
-  description = "The network to which all network resources will be attached."
+  description = "Network to which network resources will be attached."
 }

 variable "backend_subnet" {
  type        = string
-  description = "The subnet to which all backend network resources will be attached."
+  description = "Subnet to which backend network resources will be attached."
 }

 variable "health_check" {
  type        = string
-  description = "The type of the health check. 'HTTPS' or 'TCP'."
+  description = "Type of the health check. Can either be 'HTTPS' or 'TCP'."
  validation {
    condition     = contains(["HTTPS", "TCP"], var.health_check)
    error_message = "Health check must be either 'HTTPS' or 'TCP'."
@ -29,22 +29,22 @@ variable "health_check" {

 variable "port" {
  type        = string
-  description = "The port on which to listen for incoming traffic."
+  description = "Port to listen on for incoming traffic."
 }

 variable "backend_port_name" {
  type        = string
-  description = "Name of backend port. The same name should appear in the instance groups referenced by this service."
+  description = "Name of the load balancer's backend port. The same name should appear in the instance groups referenced by this service."
 }

 variable "backend_instance_group" {
  type        = string
-  description = "The URL of the instance group resource from which the load balancer will direct traffic."
+  description = "Full URL of the instance group resource from which the load balancer will direct traffic."
 }

 variable "ip_address" {
  type        = string
-  description = "The IP address that this forwarding rule serves."
+  description = "IP address that this forwarding rule serves."
 }

 variable "frontend_labels" {
--- a/terraform/infrastructure/gcp/modules/jump_host/main.tf
+++ b/terraform/infrastructure/gcp/modules/jump_host/main.tf
@ -12,7 +12,6 @@ terraform {
  }
 }

-
 data "google_compute_image" "image_ubuntu" {
  family  = "ubuntu-2204-lts"
  project = "ubuntu-os-cloud"
@ -47,7 +46,7 @@ resource "google_compute_instance" "vm_instance" {

  metadata_startup_script = <<EOF
 #!/bin/bash
-set -x 
+set -x

 # Uncomment to create user with password
 # useradd -m user
@ -69,5 +68,4 @@ iptables -t nat -A PREROUTING -p tcp --dport ${port} -j DNAT --to-destination ${
 iptables -t nat -A POSTROUTING -p tcp -d ${var.lb_internal_ip} --dport ${port} -j SNAT --to-source $${internal_ip}
 %{endfor~}
 EOF
-
 }
--- a/terraform/infrastructure/gcp/modules/jump_host/outputs.tf
+++ b/terraform/infrastructure/gcp/modules/jump_host/outputs.tf
@ -1,3 +1,4 @@
 output "ip" {
-  value = google_compute_instance.vm_instance.network_interface[0].access_config[0].nat_ip
+  value       = google_compute_instance.vm_instance.network_interface[0].access_config[0].nat_ip
+  description = "Public IP address of the jump host."
 }
--- a/terraform/infrastructure/gcp/modules/jump_host/variables.tf
+++ b/terraform/infrastructure/gcp/modules/jump_host/variables.tf
@ -1,22 +1,22 @@
 variable "base_name" {
  type        = string
-  description = "Base name of the instance group."
+  description = "Base name of the jump host."
 }

 variable "labels" {
  type        = map(string)
  default     = {}
-  description = "Labels to apply to the instance group."
+  description = "Labels to apply to the jump host."
 }

 variable "subnetwork" {
  type        = string
-  description = "Name of the subnetwork to use."
+  description = "Subnetwork to deplyo the jump host into."
 }

 variable "zone" {
  type        = string
-  description = "Zone to deploy the instance group in."
+  description = "Zone to deploy the jump host into."
 }

 variable "lb_internal_ip" {
--- a/terraform/infrastructure/gcp/modules/loadbalancer/variables.tf
+++ b/terraform/infrastructure/gcp/modules/loadbalancer/variables.tf
@ -1,35 +1,35 @@
 variable "name" {
  type        = string
-  description = "Base name of the load balancer."
+  description = "Name of the Constellation cluster."
 }

 variable "health_check" {
  type        = string
-  description = "The type of the health check. 'HTTPS' or 'TCP'."
+  description = "Type of the health check. Can either be 'HTTPS' or 'TCP'."
 }

 variable "backend_port_name" {
  type        = string
-  description = "Name of backend port. The same name should appear in the instance groups referenced by this service."
+  description = "Name of the load balancer's backend port. The same name should appear in the instance groups referenced by this service."
 }

 variable "backend_instance_groups" {
  type        = list(string)
-  description = "The URLs of the instance group resources from which the load balancer will direct traffic."
+  description = "URLs of the instance group resources from which the load balancer will direct traffic."
 }

 variable "ip_address" {
  type        = string
-  description = "The IP address that this forwarding rule serves. An address can be specified either by a literal IP address or a reference to an existing Address resource."
+  description = "IP address that this forwarding rule serves. An address can be specified either by a literal IP address or a reference to an existing Address resource."
 }

 variable "port" {
  type        = number
-  description = "The port on which to listen for incoming traffic."
+  description = "Port to listen on for incoming traffic."
 }

 variable "frontend_labels" {
  type        = map(string)
  default     = {}
-  description = "Labels to apply to the forwarding rule."
+  description = "Labels to apply to the load balancer's forwarding rule."
 }
--- a/terraform/infrastructure/gcp/outputs.tf
+++ b/terraform/infrastructure/gcp/outputs.tf
@ -1,9 +1,13 @@
+# Outputs common to all CSPs
+
 output "out_of_cluster_endpoint" {
-  value = local.out_of_cluster_endpoint
+  value       = local.out_of_cluster_endpoint
+  description = "External endpoint for the Kubernetes API server. Only varies from the `in_cluster_endpoint` when using an internal load balancer."
 }

 output "in_cluster_endpoint" {
-  value = local.in_cluster_endpoint
+  value       = local.in_cluster_endpoint
+  description = "Internal endpoint for the Kubernetes API server."
 }
 output "api_server_cert_sans" {
  value = sort(
@ -17,29 +21,38 @@ output "api_server_cert_sans" {
      )
    )
  )
+  description = "List of Subject Alternative Names (SANs) for the API server certificate."
 }

 output "uid" {
-  value = local.uid
+  value       = local.uid
+  description = "Unique Identifier (UID) of the cluster."
 }

-output "initSecret" {
-  value     = random_password.initSecret.result
-  sensitive = true
-}
-
-output "project" {
-  value = var.project
-}
-
-output "ip_cidr_nodes" {
-  value = local.cidr_vpc_subnet_nodes
-}
-
-output "ip_cidr_pods" {
-  value = local.cidr_vpc_subnet_pods
+output "init_secret" {
+  value       = random_password.init_secret.result
+  sensitive   = true
+  description = "Initialization secret to authenticate the bootstrapping node."
 }

 output "name" {
-  value = local.name
+  value       = local.name
+  description = "Unique name of the Constellation cluster, comprised by name and UID."
+}
+
+output "ip_cidr_node" {
+  value       = local.cidr_vpc_subnet_nodes
+  description = "CIDR block of the node network."
+}
+
+# GCP-specific outputs
+
+output "project" {
+  value       = var.project
+  description = "The GCP project the cluster is deployed in."
+}
+
+output "ip_cidr_pod" {
+  value       = local.cidr_vpc_subnet_pods
+  description = "CIDR block of the pod network."
 }
--- a/terraform/infrastructure/gcp/variables.tf
+++ b/terraform/infrastructure/gcp/variables.tf
@ -1,7 +1,8 @@
+# Variables common to all CSPs
+
 variable "name" {
  type        = string
-  default     = "constell"
-  description = "Base name of the cluster."
+  description = "Name of the Constellation cluster."
 }

 variable "node_groups" {
@ -20,40 +21,42 @@ variable "node_groups" {
  }
 }

-variable "project" {
-  type        = string
-  description = "The GCP project to deploy the cluster in."
-}
-
-variable "region" {
-  type        = string
-  description = "The GCP region to deploy the cluster in."
-}
-
-variable "zone" {
-  type        = string
-  description = "The GCP zone to deploy the cluster in."
-}
-
 variable "image_id" {
  type        = string
-  description = "The GCP image to use for the cluster nodes."
+  description = "OS image reference for the cluster's nodes."
 }

 variable "debug" {
  type        = bool
  default     = false
-  description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
+  description = "DO NOT USE IN PRODUCTION. Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
 }

 variable "custom_endpoint" {
  type        = string
  default     = ""
-  description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used."
+  description = "Custom endpoint to use for the Kubernetes API server. If not set, the default endpoint will be used."
 }

 variable "internal_load_balancer" {
  type        = bool
  default     = false
-  description = "Enable internal load balancer. This can only be enabled if the control-plane is deployed in one zone."
+  description = "Whether to use an internal load balancer for the cluster."
+}
+
+# GCP-specific variables
+
+variable "project" {
+  type        = string
+  description = "GCP project to deploy the cluster in."
+}
+
+variable "region" {
+  type        = string
+  description = "GCP region to deploy the cluster in."
+}
+
+variable "zone" {
+  type        = string
+  description = "GCP zone to deploy the cluster in."
 }