terraform: Terraform module for AWS (#2503)

terraform/infrastructure/azure/modules/scale_set/main.tf

@@ -0,0 +1,102 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.74.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.5.1"
+    }
+  }
+}
+
+locals {
+  tags = merge(
+    var.tags,
+    { constellation-role = var.role },
+    { constellation-node-group = var.node_group_name },
+  )
+  group_uid = random_id.uid.hex
+  name      = "${var.base_name}-${var.role}-${local.group_uid}"
+}
+
+resource "random_id" "uid" {
+  byte_length = 4
+}
+resource "random_password" "password" {
+  length      = 16
+  min_lower   = 1
+  min_upper   = 1
+  min_numeric = 1
+  min_special = 1
+}
+
+resource "azurerm_linux_virtual_machine_scale_set" "scale_set" {
+  name                            = local.name
+  resource_group_name             = var.resource_group
+  location                        = var.location
+  sku                             = var.instance_type
+  instances                       = var.initial_count
+  admin_username                  = "adminuser"
+  admin_password                  = random_password.password.result
+  overprovision                   = false
+  provision_vm_agent              = false
+  vtpm_enabled                    = true
+  disable_password_authentication = false
+  upgrade_mode                    = "Manual"
+  secure_boot_enabled             = var.secure_boot
+  source_image_id                 = var.image_id
+  tags                            = local.tags
+  zones                           = var.zones
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [var.user_assigned_identity]
+  }
+
+  boot_diagnostics {}
+
+  dynamic "os_disk" {
+    for_each = var.confidential_vm ? [1] : [] # if confidential_vm is true
+    content {
+      security_encryption_type = "VMGuestStateOnly"
+      caching                  = "ReadWrite"
+      storage_account_type     = "Premium_LRS"
+    }
+  }
+  dynamic "os_disk" {
+    for_each = var.confidential_vm ? [] : [1] # else
+    content {
+      caching              = "ReadWrite"
+      storage_account_type = "Premium_LRS"
+    }
+  }
+
+  data_disk {
+    storage_account_type = var.state_disk_type
+    disk_size_gb         = var.state_disk_size
+    caching              = "ReadWrite"
+    lun                  = 0
+  }
+
+  network_interface {
+    name                      = "node-network"
+    primary                   = true
+    network_security_group_id = var.network_security_group_id
+
+    ip_configuration {
+      name                                   = "node-network"
+      primary                                = true
+      subnet_id                              = var.subnet_id
+      load_balancer_backend_address_pool_ids = var.backend_address_pool_ids
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      name,            # required. Allow legacy scale sets to keep their old names
+      instances,       # required. autoscaling modifies the instance count externally
+      source_image_id, # required. update procedure modifies the image id externally
+    ]
+  }
+}

terraform/infrastructure/azure/modules/scale_set/variables.tf

@@ -0,0 +1,98 @@
+variable "base_name" {
+  type        = string
+  description = "Base name of the instance group."
+}
+
+variable "node_group_name" {
+  type        = string
+  description = "Constellation name for the node group (used for configuration and CSP-independent naming)."
+}
+
+variable "role" {
+  type        = string
+  description = "The role of the instance group."
+  validation {
+    condition     = contains(["control-plane", "worker"], var.role)
+    error_message = "The role has to be 'control-plane' or 'worker'."
+  }
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "Tags to include in the scale_set."
+}
+
+variable "zones" {
+  type        = list(string)
+  description = "List of availability zones."
+  default     = null
+}
+
+variable "initial_count" {
+  type        = number
+  description = "The number of instances in this scale set."
+}
+
+variable "instance_type" {
+  type        = string
+  description = "The Azure instance type to deploy."
+}
+
+variable "state_disk_size" {
+  type        = number
+  default     = 30
+  description = "The size of the state disk in GB."
+}
+
+variable "resource_group" {
+  type        = string
+  description = "The name of the Azure resource group to create the Constellation cluster in."
+}
+
+variable "location" {
+  type        = string
+  description = "The Azure location to deploy the cluster in."
+}
+
+variable "image_id" {
+  type        = string
+  description = "The image to use for the cluster nodes."
+}
+
+variable "user_assigned_identity" {
+  type        = string
+  description = "The name of the user assigned identity to attache to the nodes of the cluster."
+}
+
+variable "state_disk_type" {
+  type        = string
+  default     = "Premium_LRS"
+  description = "The type of the state disk."
+}
+
+variable "network_security_group_id" {
+  type        = string
+  description = "The ID of the network security group to use for the scale set."
+}
+
+variable "backend_address_pool_ids" {
+  type        = list(string)
+  description = "The IDs of the backend address pools to use for the scale set."
+}
+
+variable "subnet_id" {
+  type        = string
+  description = "The ID of the subnet to use for the scale set."
+}
+
+variable "confidential_vm" {
+  type        = bool
+  default     = true
+  description = "Whether to deploy the cluster nodes as confidential VMs."
+}
+
+variable "secure_boot" {
+  type        = bool
+  default     = false
+  description = "Whether to deploy the cluster nodes with secure boot."
+}