mirror of
https://github.com/optim-enterprises-bv/terraform-talos.git
synced 2025-11-02 11:18:35 +00:00
use metadata source identity
This commit is contained in:
Serge Logvinov
23
azure/deployments/azure-as.json.tpl
Normal file
23
azure/deployments/azure-as.json.tpl
Normal file
@@ -0,0 +1,23 @@
|
||||
{
|
||||
"cloud": "AzurePublicCloud",
|
||||
"subscriptionId": "${subscriptionId}",
|
||||
"tenantId": "${tenantId}",
|
||||
"aadClientId": "${clientId}",
|
||||
"aadClientSecret": "${clientSecret}",
|
||||
"resourceGroup": "${resourceGroup}",
|
||||
"location": "${region}",
|
||||
"vmType": "vmss",
|
||||
"vnetName": "${vnetName}",
|
||||
"vnetResourceGroup": "${resourceGroup}",
|
||||
"loadBalancerSku": "standard",
|
||||
"cloudProviderBackoff": true,
|
||||
"cloudProviderBackoffRetries": 6,
|
||||
"cloudProviderBackoffExponent": 1.5,
|
||||
"cloudProviderBackoffDuration": 5,
|
||||
"cloudProviderBackoffJitter": 1,
|
||||
"cloudProviderRatelimit": true,
|
||||
"cloudProviderRateLimitQPS": 6,
|
||||
"cloudProviderRateLimitBucket": 20,
|
||||
"useManagedIdentityExtension": false,
|
||||
"useInstanceMetadata": false
|
||||
}
|
||||
@@ -161,7 +161,7 @@ spec:
|
||||
effect: NoSchedule
|
||||
containers:
|
||||
- name: azure-cloud-controller-manager
|
||||
image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.0
|
||||
image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.5
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["cloud-controller-manager"]
|
||||
args:
|
||||
|
||||
@@ -2,8 +2,6 @@
|
||||
"cloud": "AzurePublicCloud",
|
||||
"subscriptionId": "${subscriptionId}",
|
||||
"tenantId": "${tenantId}",
|
||||
"aadClientId": "${clientId}",
|
||||
"aadClientSecret": "${clientSecret}",
|
||||
"resourceGroup": "${resourceGroup}",
|
||||
"location": "${region}",
|
||||
"vmType": "vmss",
|
||||
@@ -18,6 +16,6 @@
|
||||
"cloudProviderRatelimit": true,
|
||||
"cloudProviderRateLimitQPS": 6,
|
||||
"cloudProviderRateLimitBucket": 20,
|
||||
"useManagedIdentityExtension": false,
|
||||
"useInstanceMetadata": false
|
||||
"useManagedIdentityExtension": true,
|
||||
"useInstanceMetadata": true
|
||||
}
|
||||
@@ -14,11 +14,19 @@ regions = ["uksouth", "ukwest", "westeurope"]
|
||||
## Init and upload images
|
||||
|
||||
```shell
|
||||
wget -q https://github.com/siderolabs/talos/releases/download/v1.3.2/azure-amd64.tar.gz
|
||||
wget -q https://github.com/siderolabs/talos/releases/download/v1.3.4/azure-amd64.tar.gz
|
||||
tar -xzf azure-amd64.tar.gz && mv disk.vhd disk-x64.vhd
|
||||
|
||||
wget -q https://github.com/siderolabs/talos/releases/download/v1.3.2/azure-arm64.tar.gz
|
||||
wget -q https://github.com/siderolabs/talos/releases/download/v1.3.4/azure-arm64.tar.gz
|
||||
tar -xzf azure-arm64.tar.gz && mv disk.vhd disk-arm64.vhd
|
||||
|
||||
terraform init && terraform apply
|
||||
```
|
||||
|
||||
## Upgrade images
|
||||
|
||||
```shell
|
||||
terraform taint 'azurerm_storage_blob.talos["x64"]'
|
||||
terraform taint 'azurerm_storage_blob.talos["Arm64"]'
|
||||
terraform apply
|
||||
```
|
||||
|
||||
@@ -100,7 +100,7 @@ resource "azurerm_image" "talos" {
|
||||
|
||||
resource "azurerm_shared_image_version" "talos" {
|
||||
for_each = { for name, k in azurerm_storage_blob.talos : name => k.url }
|
||||
name = "1.3.2"
|
||||
name = var.release
|
||||
location = var.regions[0]
|
||||
resource_group_name = data.azurerm_resource_group.kubernetes.name
|
||||
gallery_name = azurerm_shared_image.talos[each.key].gallery_name
|
||||
|
||||
@@ -21,6 +21,12 @@ variable "name" {
|
||||
default = "talos"
|
||||
}
|
||||
|
||||
variable "release" {
|
||||
description = "The image name"
|
||||
type = string
|
||||
default = "1.3.4"
|
||||
}
|
||||
|
||||
variable "arch" {
|
||||
description = "The Talos architecture list"
|
||||
type = list(string)
|
||||
|
||||
@@ -3,7 +3,7 @@ terraform {
|
||||
required_providers {
|
||||
azurerm = {
|
||||
source = "hashicorp/azurerm"
|
||||
version = "~> 3.36.0"
|
||||
version = "~> 3.43.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.2"
|
||||
|
||||
@@ -3,7 +3,7 @@ terraform {
|
||||
required_providers {
|
||||
azurerm = {
|
||||
source = "hashicorp/azurerm"
|
||||
version = "~> 3.19.0"
|
||||
version = "~> 3.43.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.2"
|
||||
|
||||
@@ -24,6 +24,7 @@ module "controlplane" {
|
||||
instance_image = data.azurerm_shared_image_version.talos.id
|
||||
instance_tags = merge(var.tags, { type = "infra" })
|
||||
instance_secgroup = local.network_secgroup[each.key].controlplane
|
||||
instance_role_definition = var.ccm_role_definition
|
||||
instance_params = merge(var.kubernetes, {
|
||||
lbv4 = local.network_controlplane[each.key].controlplane_lb[0]
|
||||
lbv6 = try(local.network_controlplane[each.key].controlplane_lb[1], "")
|
||||
@@ -32,8 +33,6 @@ module "controlplane" {
|
||||
ccm = templatefile("${path.module}/deployments/azure.json.tpl", {
|
||||
subscriptionId = local.subscription_id
|
||||
tenantId = data.azurerm_client_config.terraform.tenant_id
|
||||
clientId = var.ccm_username
|
||||
clientSecret = var.ccm_password
|
||||
region = each.key
|
||||
resourceGroup = local.resource_group
|
||||
vnetName = local.network[each.key].name
|
||||
|
||||
@@ -87,6 +87,10 @@ resource "azurerm_linux_virtual_machine" "controlplane" {
|
||||
availability_set_id = var.instance_availability_set
|
||||
network_interface_ids = [azurerm_network_interface.controlplane[count.index].id]
|
||||
|
||||
identity {
|
||||
type = "SystemAssigned"
|
||||
}
|
||||
|
||||
# custom_data = base64encode(templatefile("${path.module}/../../templates/controlplane.yaml",
|
||||
# merge(var.instance_params, {
|
||||
# name = "controlplane-${lower(var.region)}-${1 + count.index}"
|
||||
@@ -162,3 +166,10 @@ resource "local_file" "controlplane" {
|
||||
|
||||
depends_on = [azurerm_linux_virtual_machine.controlplane]
|
||||
}
|
||||
|
||||
resource "azurerm_role_assignment" "controlplane" {
|
||||
count = var.instance_count
|
||||
scope = "/subscriptions/${var.subscription_id}"
|
||||
role_definition_name = var.instance_role_definition
|
||||
principal_id = azurerm_linux_virtual_machine.controlplane[count.index].identity[0].principal_id
|
||||
}
|
||||
|
||||
@@ -19,6 +19,12 @@ variable "instance_resource_group" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "instance_role_definition" {
|
||||
description = "Role difinition name"
|
||||
type = string
|
||||
default = "Reader"
|
||||
}
|
||||
|
||||
variable "instance_availability_set" {
|
||||
description = "Server availability set"
|
||||
type = string
|
||||
|
||||
@@ -3,7 +3,7 @@ terraform {
|
||||
required_providers {
|
||||
azurerm = {
|
||||
source = "hashicorp/azurerm"
|
||||
version = "~> 3.25.0"
|
||||
version = "~> 3.43.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.2"
|
||||
|
||||
@@ -1,10 +1,6 @@
|
||||
|
||||
variable "ccm_username" {
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "ccm_password" {
|
||||
default = ""
|
||||
variable "ccm_role_definition" {
|
||||
default = "kubernetes-ccm"
|
||||
}
|
||||
|
||||
variable "gallery_name" {
|
||||
|
||||
@@ -3,7 +3,7 @@ terraform {
|
||||
required_providers {
|
||||
azurerm = {
|
||||
source = "hashicorp/azurerm"
|
||||
version = "~> 3.25.0"
|
||||
version = "~> 3.43.0"
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.2"
|
||||
|
||||
Reference in New Issue
Block a user