terraform: always output node cidr (#2481)

* terraform: always output node cidr
2025-08-06 05:54:28 -04:00 · 2023-10-23 15:06:48 +02:00 · 2023-10-23 15:06:48 +02:00 · e053d1fa71
commit e053d1fa71
parent 5d640ff4f9
13 changed files with 74 additions and 46 deletions
--- a/cli/internal/terraform/terraform.go
+++ b/cli/internal/terraform/terraform.go
@ -239,6 +239,15 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		return state.Infrastructure{}, errors.New("invalid type in name output: not a string")
 	}

+	cidrNodesOutput, ok := tfState.Values.Outputs["ip_cidr_nodes"]
+	if !ok {
+		return state.Infrastructure{}, errors.New("no ip_cidr_nodes output found")
+	}
+	cidrNodes, ok := cidrNodesOutput.Value.(string)
+	if !ok {
+		return state.Infrastructure{}, errors.New("invalid type in ip_cidr_nodes output: not a string")
+	}
+
 	res := state.Infrastructure{
 		ClusterEndpoint:   outOfClusterEndpoint,
 		InClusterEndpoint: inClusterEndpoint,
@ -246,6 +255,7 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		InitSecret:        []byte(secret),
 		UID:               uid,
 		Name:              name,
+		IPCidrNode:        cidrNodes,
 	}

 	switch provider {
@ -259,15 +269,6 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 			return state.Infrastructure{}, errors.New("invalid type in project output: not a string")
 		}

-		cidrNodesOutput, ok := tfState.Values.Outputs["ip_cidr_nodes"]
-		if !ok {
-			return state.Infrastructure{}, errors.New("no ip_cidr_nodes output found")
-		}
-		cidrNodes, ok := cidrNodesOutput.Value.(string)
-		if !ok {
-			return state.Infrastructure{}, errors.New("invalid type in ip_cidr_nodes output: not a string")
-		}
-
 		cidrPodsOutput, ok := tfState.Values.Outputs["ip_cidr_pods"]
 		if !ok {
 			return state.Infrastructure{}, errors.New("no ip_cidr_pods output found")
@ -278,9 +279,8 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		}

 		res.GCP = &state.GCP{
-			ProjectID:  gcpProject,
-			IPCidrNode: cidrNodes,
-			IPCidrPod:  cidrPods,
+			ProjectID: gcpProject,
+			IPCidrPod: cidrPods,
 		}
 	case cloudprovider.Azure:
 		attestationURLOutput, ok := tfState.Values.Outputs["attestationURL"]
--- a/cli/internal/terraform/terraform/aws/main.tf
+++ b/cli/internal/terraform/terraform/aws/main.tf
@ -17,10 +17,11 @@ provider "aws" {
 }

 locals {
-  uid              = random_id.uid.hex
-  name             = "${var.name}-${local.uid}"
-  initSecretHash   = random_password.initSecret.bcrypt_hash
-  ports_node_range = "30000-32767"
+  uid                   = random_id.uid.hex
+  name                  = "${var.name}-${local.uid}"
+  initSecretHash        = random_password.initSecret.bcrypt_hash
+  cidr_vpc_subnet_nodes = "192.168.176.0/20"
+  ports_node_range      = "30000-32767"
  load_balancer_ports = flatten([
    { name = "kubernetes", port = "6443", health_check = "HTTPS" },
    { name = "bootstrapper", port = "9000", health_check = "TCP" },
@ -75,7 +76,7 @@ module "public_private_subnet" {
  source                   = "./modules/public_private_subnet"
  name                     = local.name
  vpc_id                   = aws_vpc.vpc.id
-  cidr_vpc_subnet_nodes    = "192.168.176.0/20"
+  cidr_vpc_subnet_nodes    = local.cidr_vpc_subnet_nodes
  cidr_vpc_subnet_internet = "192.168.0.0/20"
  zone                     = var.zone
  zones                    = local.zones
--- a/cli/internal/terraform/terraform/aws/outputs.tf
+++ b/cli/internal/terraform/terraform/aws/outputs.tf
@ -31,3 +31,7 @@ output "initSecret" {
 output "name" {
  value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
--- a/cli/internal/terraform/terraform/azure/main.tf
+++ b/cli/internal/terraform/terraform/azure/main.tf
@ -28,7 +28,6 @@ locals {
  }
  ports_node_range      = "30000-32767"
  cidr_vpc_subnet_nodes = "192.168.178.0/24"
-  cidr_vpc_subnet_pods  = "10.10.0.0/16"
  ports = flatten([
    { name = "kubernetes", port = "6443", health_check_protocol = "Https", path = "/readyz", priority = 100 },
    { name = "bootstrapper", port = "9000", health_check_protocol = "Tcp", path = null, priority = 101 },
--- a/cli/internal/terraform/terraform/azure/outputs.tf
+++ b/cli/internal/terraform/terraform/azure/outputs.tf
@ -58,3 +58,7 @@ output "subscription_id" {
 output "name" {
  value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
--- a/cli/internal/terraform/terraform/openstack/outputs.tf
+++ b/cli/internal/terraform/terraform/openstack/outputs.tf
@ -22,3 +22,7 @@ output "initSecret" {
 output "name" {
  value = local.name
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
--- a/cli/internal/terraform/terraform/qemu/main.tf
+++ b/cli/internal/terraform/terraform/qemu/main.tf
@ -19,6 +19,12 @@ provider "docker" {
  host = "unix:///var/run/docker.sock"
 }

+locals {
+  cidr_vpc_subnet_nodes          = "10.42.0.0/22"
+  cidr_vpc_subnet_control_planes = "10.42.1.0/24"
+  cidr_vpc_subnet_worker         = "10.42.2.0/24"
+}
+
 resource "random_password" "initSecret" {
  length           = 32
  special          = true
@ -61,7 +67,7 @@ module "node_group" {
  vcpus            = each.value.vcpus
  memory           = each.value.memory
  machine          = var.machine
-  cidr             = each.value.role == "control-plane" ? "10.42.1.0/24" : "10.42.2.0/24"
+  cidr             = each.value.role == "control-plane" ? local.cidr_vpc_subnet_control_planes : local.cidr_vpc_subnet_worker
  network_id       = libvirt_network.constellation.id
  pool             = libvirt_pool.cluster.name
  boot_mode        = var.constellation_boot_mode
--- a/cli/internal/terraform/terraform/qemu/outputs.tf
+++ b/cli/internal/terraform/terraform/qemu/outputs.tf
@ -46,3 +46,7 @@ output "validate_constellation_cmdline" {
 output "name" {
  value = "${var.name}-qemu" // placeholder, as per "uid" output
 }
+
+output "ip_cidr_nodes" {
+  value = local.cidr_vpc_subnet_nodes
+}
--- a/cli/internal/terraform/terraform_test.go
+++ b/cli/internal/terraform/terraform_test.go
@ -230,6 +230,9 @@ func TestCreateCluster(t *testing.T) {
 					"name": {
 						Value: "constell-12345abc",
 					},
+					"ip_cidr_nodes": {
+						Value: "192.0.2.103/32",
+					},
 				},
 			},
 		}
@ -275,6 +278,9 @@ func TestCreateCluster(t *testing.T) {
 					"name": {
 						Value: "constell-12345abc",
 					},
+					"ip_cidr_nodes": {
+						Value: "192.0.2.103/32",
+					},
 				},
 			},
 		}
@ -487,6 +493,7 @@ func TestCreateCluster(t *testing.T) {
 			assert.Equal(state.HexBytes("initSecret"), infraState.InitSecret)
 			assert.Equal("12345abc", infraState.UID)
 			assert.Equal("192.0.2.101", infraState.InClusterEndpoint)
+			assert.Equal("192.0.2.103/32", infraState.IPCidrNode)
 			if tc.provider == cloudprovider.Azure {
 				assert.Equal(tc.expectedAttestationURL, infraState.Azure.AttestationURL)
 			}