From 990286021a37985dcf079d4615e1deaa15575e17 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sun, 12 May 2024 16:03:00 -0700
Subject: [PATCH] Organize CoreDNS and kube-proxy manifests so they're optional

* Add a `coredns` variable to configure the CoreDNS manifests,
with an `enable` field to determine whether CoreDNS manifests
are applied to the cluster during provisioning (default true)
* Add a `kube-proxy` variable to configure kube-proxy manifests,
with an `enable` field to determine whether the kube-proxy
Daemonset is applied to the cluster during provisioning (default
true)
* These optional allow for provisioning clusters without CoreDNS
or kube-proxy, so these components can be customized or managed
through separate plan/apply processes or automation
---
 conditional.tf                                |  6 +--
 manifests.tf                                  | 47 +++++++++++++------
 .../coredns/cluster-role-binding.yaml         |  0
 .../{manifests => }/coredns/cluster-role.yaml |  0
 resources/{manifests => }/coredns/config.yaml |  0
 .../{manifests => }/coredns/deployment.yaml   |  0
 .../coredns/service-account.yaml              |  0
 .../{manifests => }/coredns/service.yaml      |  0
 .../kube-proxy-role-binding.yaml              |  0
 .../kube-proxy-sa.yaml                        |  0
 .../{manifests => kube-proxy}/kube-proxy.yaml |  0
 variables.tf                                  | 33 ++++++++++++-
 12 files changed, 67 insertions(+), 19 deletions(-)
 rename resources/{manifests => }/coredns/cluster-role-binding.yaml (100%)
 rename resources/{manifests => }/coredns/cluster-role.yaml (100%)
 rename resources/{manifests => }/coredns/config.yaml (100%)
 rename resources/{manifests => }/coredns/deployment.yaml (100%)
 rename resources/{manifests => }/coredns/service-account.yaml (100%)
 rename resources/{manifests => }/coredns/service.yaml (100%)
 rename resources/{manifests => kube-proxy}/kube-proxy-role-binding.yaml (100%)
 rename resources/{manifests => kube-proxy}/kube-proxy-sa.yaml (100%)
 rename resources/{manifests => kube-proxy}/kube-proxy.yaml (100%)

diff --git a/conditional.tf b/conditional.tf
index 9ccfad9..4c5eefa 100644
--- a/conditional.tf
+++ b/conditional.tf
@@ -5,7 +5,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   flannel_manifests = {
     for name in fileset("${path.module}/resources/flannel", "*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/flannel/${name}",
       {
         flannel_image         = var.container_images["flannel"]
@@ -21,7 +21,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   calico_manifests = {
     for name in fileset("${path.module}/resources/calico", "*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/calico/${name}",
       {
         calico_image                    = var.container_images["calico"]
@@ -44,7 +44,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   cilium_manifests = {
     for name in fileset("${path.module}/resources/cilium", "**/*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/cilium/${name}",
       {
         cilium_agent_image    = var.container_images["cilium_agent"]
diff --git a/manifests.tf b/manifests.tf
index acdb4dd..e4047cf 100644
--- a/manifests.tf
+++ b/manifests.tf
@@ -20,26 +20,45 @@ locals {
 
   # Kubernetes control plane manifests map
   # { manifests/manifest.yaml => content }
-  manifests = {
+  manifests = merge({
     for name in fileset("${path.module}/resources/manifests", "**/*.yaml") :
     "manifests/${name}" => templatefile(
       "${path.module}/resources/manifests/${name}",
       {
-        kube_proxy_image       = var.container_images["kube_proxy"]
-        coredns_image          = var.container_images["coredns"]
-        control_plane_replicas = max(2, length(var.etcd_servers))
-        pod_cidr               = var.pod_cidr
-        cluster_domain_suffix  = var.cluster_domain_suffix
-        cluster_dns_service_ip = cidrhost(var.service_cidr, 10)
-        server                 = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-        apiserver_host         = var.api_servers[0]
-        apiserver_port         = var.external_apiserver_port
-        daemonset_tolerations  = var.daemonset_tolerations
-        token_id               = random_password.bootstrap-token-id.result
-        token_secret           = random_password.bootstrap-token-secret.result
+        server         = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+        apiserver_host = var.api_servers[0]
+        apiserver_port = var.external_apiserver_port
+        token_id       = random_password.bootstrap-token-id.result
+        token_secret   = random_password.bootstrap-token-secret.result
       }
     )
-  }
+    },
+    # CoreDNS manifests (optional)
+    {
+      for name in fileset("${path.module}/resources/coredns", "*.yaml") :
+      "manifests/coredns/${name}" => templatefile(
+        "${path.module}/resources/coredns/${name}",
+        {
+          coredns_image          = var.container_images["coredns"]
+          control_plane_replicas = max(2, length(var.etcd_servers))
+          cluster_domain_suffix  = var.cluster_domain_suffix
+          cluster_dns_service_ip = cidrhost(var.service_cidr, 10)
+        }
+      ) if var.components.enable && var.components.coredns.enable
+    },
+    # kube-proxy manifests (optional)
+    {
+      for name in fileset("${path.module}/resources/kube-proxy", "*.yaml") :
+      "manifests/kube-proxy/${name}" => templatefile(
+        "${path.module}/resources/kube-proxy/${name}",
+        {
+          kube_proxy_image      = var.container_images["kube_proxy"]
+          pod_cidr              = var.pod_cidr
+          daemonset_tolerations = var.daemonset_tolerations
+        }
+      ) if var.components.enable && var.components.kube_proxy.enable
+    }
+  )
 }
 
 locals {
diff --git a/resources/manifests/coredns/cluster-role-binding.yaml b/resources/coredns/cluster-role-binding.yaml
similarity index 100%
rename from resources/manifests/coredns/cluster-role-binding.yaml
rename to resources/coredns/cluster-role-binding.yaml
diff --git a/resources/manifests/coredns/cluster-role.yaml b/resources/coredns/cluster-role.yaml
similarity index 100%
rename from resources/manifests/coredns/cluster-role.yaml
rename to resources/coredns/cluster-role.yaml
diff --git a/resources/manifests/coredns/config.yaml b/resources/coredns/config.yaml
similarity index 100%
rename from resources/manifests/coredns/config.yaml
rename to resources/coredns/config.yaml
diff --git a/resources/manifests/coredns/deployment.yaml b/resources/coredns/deployment.yaml
similarity index 100%
rename from resources/manifests/coredns/deployment.yaml
rename to resources/coredns/deployment.yaml
diff --git a/resources/manifests/coredns/service-account.yaml b/resources/coredns/service-account.yaml
similarity index 100%
rename from resources/manifests/coredns/service-account.yaml
rename to resources/coredns/service-account.yaml
diff --git a/resources/manifests/coredns/service.yaml b/resources/coredns/service.yaml
similarity index 100%
rename from resources/manifests/coredns/service.yaml
rename to resources/coredns/service.yaml
diff --git a/resources/manifests/kube-proxy-role-binding.yaml b/resources/kube-proxy/kube-proxy-role-binding.yaml
similarity index 100%
rename from resources/manifests/kube-proxy-role-binding.yaml
rename to resources/kube-proxy/kube-proxy-role-binding.yaml
diff --git a/resources/manifests/kube-proxy-sa.yaml b/resources/kube-proxy/kube-proxy-sa.yaml
similarity index 100%
rename from resources/manifests/kube-proxy-sa.yaml
rename to resources/kube-proxy/kube-proxy-sa.yaml
diff --git a/resources/manifests/kube-proxy.yaml b/resources/kube-proxy/kube-proxy.yaml
similarity index 100%
rename from resources/manifests/kube-proxy.yaml
rename to resources/kube-proxy/kube-proxy.yaml
diff --git a/variables.tf b/variables.tf
index 656e83e..ada66eb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -54,11 +54,9 @@ EOD
   default     = "10.3.0.0/24"
 }
 
-
 variable "container_images" {
   type        = map(string)
   description = "Container images to use"
-
   default = {
     calico                  = "quay.io/calico/node:v3.27.3"
     calico_cni              = "quay.io/calico/cni:v3.27.3"
@@ -105,3 +103,34 @@ variable "cluster_domain_suffix" {
   description = "Queries for domains with the suffix will be answered by kube-dns"
   default     = "cluster.local"
 }
+
+variable "components" {
+  description = "Configure pre-installed cluster components"
+  type = object({
+    enable = optional(bool, true)
+    coredns = optional(
+      object({
+        enable = optional(bool, true)
+      }),
+      {
+        enable = true
+      }
+    )
+    kube_proxy = optional(
+      object({
+        enable = optional(bool, true)
+      }),
+      {
+        enable = true
+      }
+    )
+  })
+  default = {
+    enable     = true
+    coredns    = null
+    kube_proxy = null
+  }
+  # Set the variable value to the default value when the caller
+  # sets it to null.
+  nullable = false
+}