Updates to interface (#6)

Sean Sundberg · web-flow · commit b62c72efe360 · 2021-04-13T13:31:59.000-05:00
* Updates ocp-vpc module to use the output of the subnet module
* Adds security group rule for kube

Signed-off-by: Sean Sundberg &lt;seansund@us.ibm.com&gt;
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
@@ -17,8 +17,8 @@ jobs:
 
     strategy:
       matrix:
-        platform: [ocp4vpc_latest]
-      #      max-parallel: 1
+        platform:
+          - vpc_count
       fail-fast: false
 
     env:
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .idea/
+*.iml
diff --git a/main-2-config.tf b/main-2-config.tf
@@ -1,10 +1,3 @@
-provider "helm" {
-  version = ">= 1.1.1"
-
-  kubernetes {
-    config_path = local.cluster_config
-  }
-}
 
 locals {
   gitops_dir   = var.gitops_dir != "" ? var.gitops_dir : "${path.cwd}/gitops"
@@ -51,7 +44,7 @@ resource "null_resource" "list_tmp" {
 }
 
 data ibm_container_cluster_config cluster_admin {
-  depends_on        = [ibm_container_vpc_cluster.cluster, null_resource.list_tmp]
+  depends_on        = [data.ibm_container_vpc_cluster.config, null_resource.list_tmp]
 
   cluster_name_id   = local.cluster_name
   admin             = true
@@ -61,7 +54,7 @@ data ibm_container_cluster_config cluster_admin {
 
 data ibm_container_cluster_config cluster {
   depends_on        = [
-    ibm_container_vpc_cluster.cluster,
+    data.ibm_container_vpc_cluster.config,
     null_resource.list_tmp,
     data.ibm_container_cluster_config.cluster_admin
   ]
@@ -72,7 +65,7 @@ data ibm_container_cluster_config cluster {
 }
 
 resource null_resource setup_kube_config {
-  depends_on = [null_resource.create_dirs]
+  depends_on = [null_resource.create_dirs, data.ibm_container_cluster_config.cluster]
 
   provisioner "local-exec" {
     command = "rm -f ${local.cluster_config} && ln -s ${data.ibm_container_cluster_config.cluster.config_file_path} ${local.cluster_config}"
diff --git a/main.tf b/main.tf
@@ -1,8 +1,3 @@
-provider "ibm" {
-  region           = var.region
-  generation       = 2
-  ibmcloud_api_key = var.ibmcloud_api_key
-}
 
 locals {
   config_values = {
@@ -45,9 +40,11 @@ locals {
   cluster_type_tag      = local.cluster_type == "kubernetes" ? "iks" : "ocp"
   cluster_version       = local.cluster_type == "openshift" ? local.openshift_versions[local.config_values[local.cluster_type_cleaned].version] : ""
   ibmcloud_release_name = "ibmcloud-config"
-  cos_location          = "global"
+  vpc_subnet_count      = var.vpc_subnet_count
   vpc_id                = !var.exists ? data.ibm_is_vpc.vpc[0].id : ""
-  vpc_subnets           = !var.exists ? data.ibm_is_vpc.vpc[0].subnets : []
+  vpc_subnets           = !var.exists ? var.vpc_subnets : []
+  security_group_id     = !var.exists ? data.ibm_is_vpc.vpc[0].default_security_group : ""
+  ipv4_cidr_blocks      = !var.exists ? data.ibm_is_subnet.vpc_subnet[*].ipv4_cidr_block : []
 }
 
 resource null_resource create_dirs {
@@ -67,7 +64,30 @@ resource null_resource create_dirs {
   }
 }
 
+resource null_resource print_resources {
+  provisioner "local-exec" {
+    command = "echo 'Resource group: ${var.resource_group_name}'"
+  }
+  provisioner "local-exec" {
+    command = "echo 'Cos id: ${var.cos_id}'"
+  }
+  provisioner "local-exec" {
+    command = "echo 'VPC name: ${var.vpc_name}'"
+  }
+}
+
+resource null_resource print_subnets {
+  provisioner "local-exec" {
+    command = "echo 'VPC subnet count: ${local.vpc_subnet_count}'"
+  }
+  provisioner "local-exec" {
+    command = "echo 'VPC subnets: ${jsonencode(local.vpc_subnets)}'"
+  }
+}
+
 data ibm_resource_group resource_group {
+  depends_on = [null_resource.print_resources]
+
   name = var.resource_group_name
 }
 
@@ -77,23 +97,22 @@ data ibm_container_cluster_versions cluster_versions {
   resource_group_id = data.ibm_resource_group.resource_group.id
 }
 
-resource null_resource print-vpc_name {
-  depends_on = [null_resource.create_dirs]
-
-  provisioner "local-exec" {
-    command = "echo 'VPC name: ${var.vpc_name}'"
-  }
-}
-
 data ibm_is_vpc vpc {
   count = !var.exists ? 1 : 0
-  depends_on = [null_resource.print-vpc_name]
+  depends_on = [null_resource.print_resources]
 
   name  = var.vpc_name
 }
 
+data ibm_is_subnet vpc_subnet {
+  count = !var.exists ? var.vpc_subnet_count : 0
+
+  identifier = local.vpc_subnets[count.index].id
+}
+
 resource ibm_container_vpc_cluster cluster {
   count = !var.exists ? 1 : 0
+  depends_on = [null_resource.print_resources]
 
   name              = local.cluster_name
   vpc_id            = local.vpc_id
@@ -113,7 +132,7 @@ resource ibm_container_vpc_cluster cluster {
 }
 
 resource ibm_container_vpc_worker_pool cluster_pool {
-  count             = !var.exists ? var.vpc_subnet_count - 1 : 0
+  count             = !var.exists ? local.vpc_subnet_count - 1 : 0
 
   cluster           = ibm_container_vpc_cluster.cluster[0].id
   worker_pool_name  = "${local.cluster_name}-wp-${format("%02s", count.index + 1)}"
@@ -128,8 +147,21 @@ resource ibm_container_vpc_worker_pool cluster_pool {
   }
 }
 
+resource ibm_is_security_group_rule rule_tcp_k8s {
+  count     = !var.exists ? local.vpc_subnet_count : 0
+
+  group     = local.security_group_id
+  direction = "inbound"
+  remote    = local.ipv4_cidr_blocks[count.index]
+
+  tcp {
+    port_min = 30000
+    port_max = 32767
+  }
+}
+
 data ibm_container_vpc_cluster config {
-  depends_on = [ibm_container_vpc_cluster.cluster, null_resource.create_dirs]
+  depends_on = [ibm_container_vpc_cluster.cluster, null_resource.create_dirs, ibm_is_security_group_rule.rule_tcp_k8s]
 
   name              = local.cluster_name
   alb_type          = "public"
diff --git a/module.yaml b/module.yaml
@@ -5,10 +5,15 @@ description: Provisions an IBM Cloud OCP cluster
 tags:
     - ocp
     - cluster
+    - vpc
 versions:
 - platforms:
     - ocp4
   dependencies:
+    - id: resource-group
+      refs:
+        - source: github.com/cloud-native-toolkit/terraform-ibm-resource-group
+          version: ">= 1.0.0"
     - id: cos
       refs:
         - source: github.com/cloud-native-toolkit/terraform-ibm-object-storage
@@ -17,23 +22,33 @@ versions:
       refs:
         - source: github.com/cloud-native-toolkit/terraform-ibm-vpc
           version: ">= 1.0.0"
+    - id: subnets
+      refs:
+        - source: github.com/cloud-native-toolkit/terraform-ibm-vpc-subnets
+          version: ">= 1.0.0"
   variables:
+    - name: resource_group_name
+      moduleRef:
+        id: resource-group
+        output: name
     - name: vpc_name
       moduleRef:
         id: vpc
         output: name
     - name: vpc_subnet_count
       moduleRef:
         id: vpc
-        output: subnet_count
+        output: count
+    - name: vpc_subnets
+      moduleRef:
+        id: subnets
+        output: subnets
     - name: cos_id
       moduleRef:
         id: cos
         output: id
     - name: name_prefix
       scope: global
-    - name: resource_group_name
-      scope: global
     - name: region
       scope: global
     - name: ibmcloud_api_key
diff --git a/provider.tf b/provider.tf
@@ -0,0 +1,13 @@
+provider "ibm" {
+  region           = var.region
+  generation       = 2
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
+
+provider "helm" {
+  version = ">= 1.1.1"
+
+  kubernetes {
+    config_path = local.cluster_config
+  }
+}
diff --git a/test/stages/stage1-cos.tf b/test/stages/stage1-cos.tf
@@ -2,6 +2,6 @@ module "cos" {
   source = "github.com/cloud-native-toolkit/terraform-ibm-object-storage"
 
   provision = true
-  resource_group_name = var.resource_group_name
+  resource_group_name = module.resource_group.name
   name_prefix = var.name_prefix
 }
diff --git a/test/stages/stage1-gateways.tf b/test/stages/stage1-gateways.tf
@@ -0,0 +1,9 @@
+module "gateways" {
+  source = "github.com/cloud-native-toolkit/terraform-ibm-vpc-gateways.git"
+
+  resource_group_id = module.resource_group.id
+  region            = var.region
+  ibmcloud_api_key  = var.ibmcloud_api_key
+  vpc_name          = module.vpc.name
+  subnet_count      = var.vpc_subnet_count
+}
diff --git a/test/stages/stage1-resource-group.tf b/test/stages/stage1-resource-group.tf
@@ -0,0 +1,6 @@
+module "resource_group" {
+  source = "github.com/cloud-native-toolkit/terraform-ibm-resource-group.git"
+
+  resource_group_name = var.resource_group_name
+  provision           = false
+}
diff --git a/test/stages/stage1-subnets.tf b/test/stages/stage1-subnets.tf
@@ -0,0 +1,12 @@
+module "subnets" {
+  source = "github.com/cloud-native-toolkit/terraform-ibm-vpc-subnets.git"
+
+  resource_group_id = module.resource_group.id
+  region            = var.region
+  ibmcloud_api_key  = var.ibmcloud_api_key
+  vpc_name          = module.vpc.name
+  acl_id            = module.vpc.acl_id
+  gateways          = module.gateways.gateways
+  _count            = 2
+  label             = "bastion"
+}
diff --git a/test/stages/stage1-vpc.tf b/test/stages/stage1-vpc.tf
@@ -1,10 +1,9 @@
 module "vpc" {
   source = "github.com/cloud-native-toolkit/terraform-ibm-vpc.git"
 
-  resource_group_name = var.resource_group_name
+  resource_group_id   = module.resource_group.id
+  resource_group_name = module.resource_group.name
   region              = var.region
   name_prefix         = var.name_prefix
   ibmcloud_api_key    = var.ibmcloud_api_key
-  subnet_count        = var.subnet_count
-  public_gateway      = var.vpc_public_gateway == "true"
 }
diff --git a/test/stages/stage2-cluster.tf b/test/stages/stage2-cluster.tf
@@ -1,7 +1,7 @@
 module "cluster" {
   source = "./module"
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = module.resource_group.name
   region              = var.region
   ibmcloud_api_key    = var.ibmcloud_api_key
   name                = var.cluster_name
@@ -10,6 +10,7 @@ module "cluster" {
   exists              = var.cluster_exists
   name_prefix         = var.name_prefix
   vpc_name            = module.vpc.name
-  vpc_subnet_count    = module.vpc.subnet_count
+  vpc_subnets         = module.subnets.subnets
+  vpc_subnet_count    = module.subnets.count
   cos_id              = module.cos.id
 }
diff --git a/test/stages/variables.tf b/test/stages/variables.tf
@@ -26,15 +26,10 @@ variable "cluster_name" {
   default     = ""
 }
 
-variable "cluster_type" {
-  type        = string
-  description = "The type of cluster that should be created (openshift or kubernetes)"
-}
-
 variable "cluster_exists" {
   type        = string
   description = "Flag indicating if the cluster already exists (true or false)"
-  default     = "true"
+  default     = "false"
 }
 
 variable "name_prefix" {
@@ -55,9 +50,16 @@ variable "vpc_public_gateway" {
   default     = "true"
 }
 
-variable "subnet_count" {
+variable "vpc_subnet_count" {
   type        = number
-  default     = 2
+  description = "The number of subnets to create for the VPC instance"
+  default     = 0
+}
+
+variable "vpc_subnets" {
+  type        = string
+  description = "JSON representation of list of object, e.g. [{\"label\"=\"default\"}]"
+  default     = "[]"
 }
 
 variable "worker_count" {
@@ -69,3 +71,8 @@ variable "ocp_version" {
   type        = string
   default     = "4.6"
 }
+
+variable "vpc_subnet_label" {
+  type        = string
+  default     = "cluster"
+}
diff --git a/variables.tf b/variables.tf
@@ -77,7 +77,16 @@ variable "vpc_name" {
 
 variable "vpc_subnet_count" {
   type        = number
-  description = "Number of vpc zones"
+  description = "Number of vpc subnets"
+}
+
+variable "vpc_subnets" {
+  type        = list(object({
+    label = string
+    id    = string
+    zone  = string
+  }))
+  description = "List of subnets with labels"
 }
 
 # COS Variables

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,6 @@ module "cos" {`
`2`	`2`	`source = "github.com/cloud-native-toolkit/terraform-ibm-object-storage"`
`3`	`3`
`4`	`4`	`provision = true`
`5`		`- resource_group_name = var.resource_group_name`
	`5`	`+ resource_group_name = module.resource_group.name`
`6`	`6`	`name_prefix = var.name_prefix`
`7`	`7`	`}`