See #27446. K8S VMs at garr-ct1.

2024-06-28 19:29:05 +02:00 · 2024-06-28 19:29:05 +02:00 · e28b7ed747
parent 380a173632
commit e28b7ed747
8 changed files with 117 additions and 75 deletions
--- a/openstack-tf/garr-ct1/kubernetes-resources/kubernetes-variables.tf
+++ b/openstack-tf/garr-ct1/kubernetes-resources/kubernetes-variables.tf
@ -0,0 +1,28 @@
+variable "k8s_controllers_data" {
+  type = map(string)
+  default = {
+    count                   = 3
+    name                    = "k8s-controller"
+    flavor                  = "m1.large"
+    boot_disk_size          = 10
+    etcd_disk_size          = 4
+    docker_disk_size        = 20
+    image_type_name         = "Ubuntu 22.04 - GARR"
+    image_type_uuid         = "94618f26-de42-4b1a-80a0-a88b73391a0a"
+    availability_zone_hints = "nova"
+  }
+}
+
+variable "k8s_workers_data" {
+  type = map(string)
+  default = {
+    count                   = 9
+    name                    = "k8s-worker"
+    flavor                  = "m2.xlarge"
+    boot_disk_size          = 10
+    docker_disk_size        = 150
+    image_type_name         = "Ubuntu 22.04 - GARR"
+    image_type_uuid         = "94618f26-de42-4b1a-80a0-a88b73391a0a"
+    availability_zone_hints = "nova"
+  }
+}
--- a/openstack-tf/garr-ct1/kubernetes-resources/main.tf
+++ b/openstack-tf/garr-ct1/kubernetes-resources/main.tf
@ -3,8 +3,8 @@ terraform {
  required_version = ">= 0.16.0"
  required_providers {
    openstack = {
-      source = "terraform-provider-openstack/openstack"
-      version = ">= 1.53.0"
+      source  = "terraform-provider-openstack/openstack"
+      version = ">= 1.54.0"
    }
  }
 }
--- a/openstack-tf/garr-ct1/kubernetes-resources/outputs-kubernetes-resources.tf
+++ b/openstack-tf/garr-ct1/kubernetes-resources/outputs-kubernetes-resources.tf
@ -1,8 +1,9 @@
-output "scilake_instance" {
-  value = openstack_compute_instance_v2.scilake_intelcomp_server
+output "k8s_controllers" {
+  value     = openstack_compute_instance_v2.docker_k8s_controllers
  sensitive = true
 }

-output "scilake_floating_ip" {
-  value = openstack_networking_floatingip_v2.scilake_catalogue_server_ip
+output "k8s_workers" {
+  value = openstack_compute_instance_v2.docker_k8s_workers
+  sensitive = true
 }
--- a/openstack-tf/garr-ct1/kubernetes-resources/vm-resources.tf
+++ b/openstack-tf/garr-ct1/kubernetes-resources/vm-resources.tf
@ -40,7 +40,7 @@ resource "openstack_networking_secgroup_rule_v2" "igmp_ingress_between_k8s_nodes
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "igmp"
-  remote_ip_prefix  = "0.0.0.0/0"
+  remote_ip_prefix  = data.terraform_remote_state.privnet_dns_router.outputs.main_private_subnet.cidr
 }

 resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_k8s_nodes" {
@ -49,25 +49,25 @@ resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_k8s_nodes"
  direction         = "egress"
  ethertype         = "IPv4"
  protocol          = "igmp"
-  remote_ip_prefix  = "0.0.0.0/0"
+  remote_ip_prefix  = data.terraform_remote_state.privnet_dns_router.outputs.main_private_subnet.cidr
 }

 # Controllers VMs
 #
 resource "openstack_compute_instance_v2" "docker_k8s_controllers" {
-  count                   = var.docker_k8s_data.mgr_count
-  name                    = format("%s-%02d", var.docker_k8s_data.mgr_name, count.index + 1)
-  availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
-  flavor_name             = var.docker_k8s_data.mgr_flavor
+  count                   = var.k8s_controllers_data.count
+  name                    = format("%s-%02d", var.k8s_controllers_data.name, count.index + 1)
+  availability_zone_hints = data.terraform_remote_state.privnet_dns_router.outputs.availability_zone.name
+  flavor_name             = var.k8s_controllers_data.flavor
  key_pair                = module.ssh_settings.ssh_key_name
-  security_groups         = [openstack_networking_secgroup_v2.default.name, openstack_networking_secgroup_v2.k8s_internal_traffic.name,"default","nfs_share_no_ingress"]
+  security_groups         = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group.name, openstack_networking_secgroup_v2.k8s_internal_traffic.name]
  scheduler_hints {
-    group = openstack_compute_servergroup_v2.k8s_masters.id
+    group = openstack_compute_servergroup_v2.k8s_controllers.id
  }
  block_device {
-    uuid                  = var.ubuntu_2204.uuid
+    uuid                  = module.common_variables.ubuntu_2204.uuid
    source_type           = "image"
-    volume_size           = 10
+    volume_size           = var.k8s_controllers_data.boot_disk_size
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
@ -75,68 +75,65 @@ resource "openstack_compute_instance_v2" "docker_k8s_controllers" {

  block_device {
    source_type           = "blank"
-    volume_size           = var.docker_k8s_data.mgr_data_disk_size
+    volume_size           = var.k8s_controllers_data.docker_disk_size
    boot_index            = -1
    destination_type      = "volume"
    delete_on_termination = false
  }

-  network {
-    name        = var.main_private_network.name
-    fixed_ip_v4 = var.k8s_controllers_ip.* [count.index]
-  }
-  network {
-    name = var.k8s_nfs_private_network.network_name
-  }
-
-  user_data  = file("${var.ubuntu2204_data_file}")
-  depends_on = [openstack_networking_subnet_v2.k8s_nfs_subnet]
-  # Do not replace the instance when the ssh key changes
-  lifecycle {
-    ignore_changes = [
-      # Ignore changes to tags, e.g. because a management agent
-      # updates these based on some ruleset managed elsewhere.
-      key_pair, user_data, network
-    ]
-  }
-}
-
-# k8s worker nodes
-resource "openstack_compute_instance_v2" "docker_k8s_workers" {
-  count                   = var.docker_k8s_data.worker_count
-  name                    = format("%s-%02d", var.docker_k8s_data.worker_name, count.index + 1)
-  availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
-  flavor_name             = var.docker_k8s_data.worker_flavor
-  key_pair                = module.ssh_settings.ssh_key_name
-  security_groups         = ["default", var.default_security_group_name, openstack_networking_secgroup_v2.k8s_internal_traffic.name,"nfs_share_no_ingress"]
-  scheduler_hints {
-    group = openstack_compute_servergroup_v2.k8s_workers.id
-  }
-  block_device {
-    uuid                  = var.ubuntu_2204.uuid
-    source_type           = "image"
-    volume_size           = 10
-    boot_index            = 0
-    destination_type      = "volume"
-    delete_on_termination = false
-  }
-
  block_device {
    source_type           = "blank"
-    volume_size           = var.docker_k8s_data.worker_data_disk_size
+    volume_size           = var.k8s_controllers_data.etcd_disk_size
    boot_index            = -1
    destination_type      = "volume"
    delete_on_termination = false
  }

  network {
-    name = var.main_private_network.name
-  }
-  network {
-    name = var.k8s_nfs_private_network.network_name
-  }
-  network {
-    name = var.networks_list.shared_postgresql
+    name = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name
+  }
+
+  user_data = file("${module.common_variables.ubuntu2204_data_file}")
+  # Do not replace the instance when the ssh key changes
+  lifecycle {
+    ignore_changes = [
+      # Ignore changes to tags, e.g. because a management agent
+      # updates these based on some ruleset managed elsewhere.
+      key_pair, user_data, network
+    ]
+  }
+}
+
+# k8s worker nodes
+resource "openstack_compute_instance_v2" "docker_k8s_workers" {
+  count                   = var.k8s_workers_data.count
+  name                    = format("%s-%02d", var.k8s_workers_data.name, count.index + 1)
+  availability_zone_hints = data.terraform_remote_state.privnet_dns_router.outputs.availability_zone.name
+  flavor_name             = var.k8s_workers_data.flavor
+  key_pair                = module.ssh_settings.ssh_key_name
+  security_groups         = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group.name, openstack_networking_secgroup_v2.k8s_internal_traffic.name]
+  scheduler_hints {
+    group = openstack_compute_servergroup_v2.k8s_workers.id
+  }
+  block_device {
+    uuid                  = module.common_variables.ubuntu_2204.uuid
+    source_type           = "image"
+    volume_size           = var.k8s_workers_data.boot_disk_size
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+
+  block_device {
+    source_type           = "blank"
+    volume_size           = var.k8s_workers_data.docker_disk_size
+    boot_index            = -1
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+
+  network {
+    name = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name
  }

  user_data = file("${module.common_variables.ubuntu2204_data_file}")
--- a/openstack-tf/garr-ct1/project-setup/outputs-ct1.tf
+++ b/openstack-tf/garr-ct1/project-setup/outputs-ct1.tf
@ -10,6 +10,10 @@ output "default_security_group" {
  value = var.default_security_group
 }

+output "availability_zone" {
+  value = var.availability_zone
+}
+
 output "main_private_network" {
  value = var.main_private_network
 }
--- a/openstack-tf/garr-ct1/project-setup/terraform.tfstate
+++ b/openstack-tf/garr-ct1/project-setup/terraform.tfstate
@ -1,9 +1,18 @@
 {
  "version": 4,
  "terraform_version": "1.7.5",
-  "serial": 12,
+  "serial": 14,
  "lineage": "fbd4cad6-e66b-bb4c-d3e4-6440732201b7",
  "outputs": {
+    "availability_zone": {
+      "value": {
+        "name": "nova"
+      },
+      "type": [
+        "map",
+        "string"
+      ]
+    },
    "default_security_group": {
      "value": {
        "id": "c7499f6c-147c-4b61-9a29-1a6ca4a85a98",
@ -36,8 +45,10 @@
    },
    "jump_proxy_ssh_shell": {
      "value": {
+        "cidr": "192.168.100.4/24",
        "hostname": "shell.garr-ct1.d4science.net",
-        "private_ip": "192.168.100.4"
+        "private_ip": "192.168.100.4",
+        "public_ip": "90.147.166.130"
      },
      "type": [
        "map",
@ -196,7 +207,6 @@
                "subnet_id": "ea6832ed-a62d-41a1-83e9-09095bea9c7d"
              }
            ],
-            "external_gateway": "bf588091-e239-4fc8-8d35-eee2bd7d3cb0",
            "external_network_id": "bf588091-e239-4fc8-8d35-eee2bd7d3cb0",
            "external_subnet_ids": null,
            "id": "e621a18a-d8f8-4b5a-a9e7-d1ebc9f82a91",
@ -233,12 +243,6 @@
                "start": "192.168.100.2"
              }
            ],
-            "allocation_pools": [
-              {
-                "end": "192.168.100.253",
-                "start": "192.168.100.2"
-              }
-            ],
            "cidr": "192.168.100.0/24",
            "description": "GARR-CT1 main subnet",
            "dns_nameservers": [
@ -247,7 +251,6 @@
            ],
            "enable_dhcp": true,
            "gateway_ip": "192.168.100.1",
-            "host_routes": [],
            "id": "780bcac9-3835-436c-901a-339e38e7345f",
            "ip_version": 4,
            "ipv6_address_mode": "",
--- a/openstack-tf/garr-ct1/project-setup/variables-ct1.tf
+++ b/openstack-tf/garr-ct1/project-setup/variables-ct1.tf
@ -21,6 +21,12 @@ variable "default_security_group" {
  }
 }

+variable "availability_zone" {
+  type = map(string)
+  default = {
+    name = "nova"
+  }
+}

 variable "main_private_network" {
  type = map(string)
@ -74,6 +80,8 @@ variable "jump_proxy_ssh_shell" {
  default = {
    hostname   = "shell.garr-ct1.d4science.net"
    private_ip = "192.168.100.4"
+    cidr = "192.168.100.4/24"
+    public_ip = "90.147.166.130"
  }
 }

--- a/openstack-tf/modules/garr_common_variables/outputs.tf
+++ b/openstack-tf/modules/garr_common_variables/outputs.tf
@ -10,3 +10,4 @@ output "ubuntu2204_data_file" {
 output "ssh_sources" {
  value = var.ssh_sources
 }
+