Skip to content
This repository was archived by the owner on Aug 12, 2024. It is now read-only.

Commit 1097a17

Browse files
author
Sean Sundberg
authored
Updates cluster to support private endpoints (#21)
* Allows access tp 30000-32767 from any source * Sets alb_type based on value of disable_public_endpoint variable * Moves in-cluster configuration to a different module to handle via VPN bootstrap for private cluster * Map kms_id to kms module guid output in metdata Signed-off-by: Sean Sundberg <[email protected]>
1 parent 09a957a commit 1097a17

File tree

11 files changed

+8
-284
lines changed

11 files changed

+8
-284
lines changed

chart/cloud-setup/.helmignore

Lines changed: 0 additions & 22 deletions
This file was deleted.

chart/cloud-setup/Chart.lock

Lines changed: 0 additions & 6 deletions
This file was deleted.

chart/cloud-setup/Chart.yaml

Lines changed: 0 additions & 26 deletions
This file was deleted.

chart/cloud-setup/charts/cloud-setup-0.3.1.tgz

-3.11 KB
Binary file not shown.

chart/cloud-setup/templates/.gitkeep

Whitespace-only changes.

chart/cloud-setup/values.yaml

Lines changed: 0 additions & 14 deletions
This file was deleted.

main-2-config.tf

Lines changed: 0 additions & 191 deletions
This file was deleted.

main.tf

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,11 @@ locals {
1818
}
1919
}
2020
cluster_config_dir = "${path.cwd}/.kube"
21-
cluster_config = data.ibm_container_cluster_config.cluster.config_file_path
2221
cluster_type_file = "${path.cwd}/.tmp/cluster_type.val"
2322
name_prefix = var.name_prefix != "" ? var.name_prefix : var.resource_group_name
2423
name_list = [local.name_prefix, "cluster"]
2524
cluster_name = var.name != "" ? var.name : join("-", local.name_list)
2625
tmp_dir = "${path.cwd}/.tmp"
27-
config_namespace = "default"
2826
server_url = data.ibm_container_vpc_cluster.config.public_service_endpoint_url
2927
ingress_hostname = data.ibm_container_vpc_cluster.config.ingress_hostname
3028
tls_secret = data.ibm_container_vpc_cluster.config.ingress_secret
@@ -39,7 +37,6 @@ locals {
3937
cluster_type_code = local.config_values[local.cluster_type_cleaned].type_code
4038
cluster_type_tag = local.cluster_type == "kubernetes" ? "iks" : "ocp"
4139
cluster_version = local.cluster_type == "openshift" ? local.openshift_versions[local.config_values[local.cluster_type_cleaned].version] : ""
42-
ibmcloud_release_name = "ibmcloud-config"
4340
vpc_subnet_count = var.vpc_subnet_count
4441
vpc_id = !var.exists ? data.ibm_is_vpc.vpc[0].id : ""
4542
vpc_subnets = !var.exists ? var.vpc_subnets : []
@@ -185,7 +182,6 @@ resource ibm_is_security_group_rule rule_tcp_k8s {
185182

186183
group = local.security_group_id
187184
direction = "inbound"
188-
remote = local.ipv4_cidr_blocks[count.index]
189185

190186
tcp {
191187
port_min = 30000
@@ -197,6 +193,6 @@ data ibm_container_vpc_cluster config {
197193
depends_on = [ibm_container_vpc_cluster.cluster, null_resource.create_dirs, ibm_is_security_group_rule.rule_tcp_k8s]
198194

199195
name = local.cluster_name
200-
alb_type = "public"
196+
alb_type = var.disable_public_endpoint ? "private" : "public"
201197
resource_group_id = data.ibm_resource_group.resource_group.id
202198
}

module.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ versions:
5757
- name: kms_id
5858
moduleRef:
5959
id: kms
60-
output: id
60+
output: guid
6161
optional: true
6262
- name: kms_key_id
6363
optional: true

outputs.tf

Lines changed: 6 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
output "id" {
2-
value = data.ibm_container_cluster_config.cluster.id
2+
value = data.ibm_container_vpc_cluster.config.id
33
description = "ID of the cluster."
4-
depends_on = [helm_release.cloud_setup]
54
}
65

76
output "name" {
@@ -12,31 +11,25 @@ output "name" {
1211
output "resource_group_name" {
1312
value = var.resource_group_name
1413
description = "Name of the resource group containing the cluster."
15-
depends_on = [helm_release.cloud_setup]
14+
depends_on = [data.ibm_container_vpc_cluster.config]
1615
}
1716

1817
output "region" {
1918
value = var.region
2019
description = "Region containing the cluster."
21-
depends_on = [helm_release.cloud_setup]
22-
}
23-
24-
output "config_file_path" {
25-
value = local.cluster_config
26-
description = "Path to the config file for the cluster."
27-
depends_on = [helm_release.cloud_setup]
20+
depends_on = [data.ibm_container_vpc_cluster.config]
2821
}
2922

3023
output "platform" {
3124
value = {
32-
id = data.ibm_container_cluster_config.cluster.id
33-
kubeconfig = local.cluster_config
25+
id = data.ibm_container_vpc_cluster.config.id
26+
server_url = local.server_url
3427
type = local.cluster_type
3528
type_code = local.cluster_type_code
3629
version = local.cluster_version
3730
ingress = local.ingress_hostname
3831
tls_secret = local.tls_secret
3932
}
4033
description = "Configuration values for the cluster platform"
41-
depends_on = [helm_release.cloud_setup]
34+
depends_on = [data.ibm_container_vpc_cluster.config]
4235
}

0 commit comments

Comments
 (0)