mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-19 11:51:41 -05:00
190 lines
4.4 KiB
HCL
190 lines
4.4 KiB
HCL
terraform {
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = "~> 4.0"
|
|
}
|
|
random = {
|
|
source = "hashicorp/random"
|
|
version = "3.4.3"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Configure the AWS Provider
|
|
provider "aws" {
|
|
region = var.region
|
|
}
|
|
|
|
locals {
|
|
uid = random_id.uid.hex
|
|
name = "${var.name}-${local.uid}"
|
|
tag = "constellation-${local.uid}"
|
|
ports_node_range = "30000-32767"
|
|
ports_ssh = "22"
|
|
|
|
ports_kubernetes = "6443"
|
|
ports_bootstrapper = "9000"
|
|
ports_konnectivity = "8132"
|
|
ports_verify = "30081"
|
|
ports_debugd = "4000"
|
|
|
|
cidr_vpc_subnet_nodes = "192.168.178.0/24"
|
|
}
|
|
|
|
resource "random_id" "uid" {
|
|
byte_length = 4
|
|
}
|
|
|
|
resource "aws_vpc" "vpc" {
|
|
cidr_block = "192.168.0.0/16"
|
|
tags = {
|
|
Name = "${local.name}-vpc"
|
|
}
|
|
}
|
|
|
|
resource "aws_subnet" "main" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
cidr_block = local.cidr_vpc_subnet_nodes
|
|
tags = {
|
|
Name = "${local.name}-subnet"
|
|
}
|
|
}
|
|
|
|
resource "aws_internet_gateway" "gw" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
|
|
tags = {
|
|
Name = "${local.name}-gateway"
|
|
}
|
|
}
|
|
|
|
resource "aws_security_group" "security_group" {
|
|
name = local.name
|
|
vpc_id = aws_vpc.vpc.id
|
|
description = "Security group for ${local.name}"
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "Allow all outbound traffic"
|
|
}
|
|
|
|
ingress {
|
|
from_port = split("-", local.ports_node_range)[0]
|
|
to_port = split("-", local.ports_node_range)[1]
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "K8s node ports"
|
|
}
|
|
|
|
ingress {
|
|
from_port = local.ports_bootstrapper
|
|
to_port = local.ports_bootstrapper
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "bootstrapper"
|
|
}
|
|
|
|
ingress {
|
|
from_port = local.ports_kubernetes
|
|
to_port = local.ports_kubernetes
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "kubernetes"
|
|
}
|
|
|
|
ingress {
|
|
from_port = local.ports_konnectivity
|
|
to_port = local.ports_konnectivity
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "konnectivity"
|
|
}
|
|
|
|
ingress {
|
|
from_port = local.ports_debugd
|
|
to_port = local.ports_debugd
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
description = "debugd"
|
|
}
|
|
|
|
}
|
|
|
|
module "load_balancer_bootstrapper" {
|
|
source = "./modules/load_balancer"
|
|
name = "${local.name}-bootstrapper"
|
|
vpc = aws_vpc.vpc.id
|
|
subnet = aws_subnet.main.id
|
|
port = local.ports_bootstrapper
|
|
}
|
|
|
|
module "load_balancer_kubernetes" {
|
|
source = "./modules/load_balancer"
|
|
name = "${local.name}-kubernetes"
|
|
vpc = aws_vpc.vpc.id
|
|
subnet = aws_subnet.main.id
|
|
port = local.ports_kubernetes
|
|
}
|
|
|
|
module "load_balancer_verify" {
|
|
source = "./modules/load_balancer"
|
|
name = "${local.name}-verify"
|
|
vpc = aws_vpc.vpc.id
|
|
subnet = aws_subnet.main.id
|
|
port = local.ports_verify
|
|
}
|
|
|
|
module "load_balancer_debugd" {
|
|
source = "./modules/load_balancer"
|
|
name = "${local.name}-debugd"
|
|
vpc = aws_vpc.vpc.id
|
|
subnet = aws_subnet.main.id
|
|
port = local.ports_debugd
|
|
}
|
|
|
|
module "load_balancer_konnectivity" {
|
|
source = "./modules/load_balancer"
|
|
name = "${local.name}-konnectivity"
|
|
vpc = aws_vpc.vpc.id
|
|
subnet = aws_subnet.main.id
|
|
port = local.ports_konnectivity
|
|
}
|
|
|
|
module "instance_group_control_plane" {
|
|
source = "./modules/instance_group"
|
|
name = local.name
|
|
role = "control-plane"
|
|
|
|
uid = local.uid
|
|
instance_type = var.instance_type
|
|
instance_count = var.count_control_plane
|
|
image_id = var.ami
|
|
disk_size = var.disk_size
|
|
target_group_arns = [
|
|
module.load_balancer_bootstrapper.target_group_arn,
|
|
module.load_balancer_kubernetes.target_group_arn,
|
|
module.load_balancer_verify.target_group_arn,
|
|
module.load_balancer_debugd.target_group_arn
|
|
]
|
|
subnetwork = aws_subnet.main.id
|
|
iam_instance_profile = var.control_plane_iam_instance_profile
|
|
}
|
|
|
|
module "instance_group_worker_nodes" {
|
|
source = "./modules/instance_group"
|
|
name = local.name
|
|
role = "worker"
|
|
uid = local.uid
|
|
instance_type = var.instance_type
|
|
instance_count = var.count_worker_nodes
|
|
image_id = var.ami
|
|
disk_size = var.disk_size
|
|
subnetwork = aws_subnet.main.id
|
|
target_group_arns = []
|
|
iam_instance_profile = var.worker_nodes_iam_instance_profile
|
|
}
|