Openstack workers

2025-11-02 11:18:35 +00:00 · 2021-11-14 18:48:53 +02:00
parent b766851961
commit c50cdf040b
7 changed files with 141 additions and 17 deletions
--- a/openstack/Makefile
+++ b/openstack/Makefile
@@ -13,15 +13,13 @@ create-templates:
 	@echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/112"'  >> _cfgs/tfstate.vars
 	@echo 'apiDomain: api.cluster.local'                       >> _cfgs/tfstate.vars
 	@yq eval '.cluster.network.dnsDomain' _cfgs/controlplane.yaml | awk '{ print "domain: "$$1}'       >> _cfgs/tfstate.vars
-	@yq eval '.cluster.clusterName' _cfgs/controlplane.yaml       | awk '{ print "cluster_name: "$$1}' >> _cfgs/tfstate.vars
-	@yq eval '.machine.token'  _cfgs/controlplane.yaml            | awk '{ print "tokenmachine: "$$1}' >> _cfgs/tfstate.vars
+	@yq eval '.cluster.clusterName' _cfgs/controlplane.yaml       | awk '{ print "clusterName: "$$1}'  >> _cfgs/tfstate.vars
+	@yq eval '.machine.token'  _cfgs/controlplane.yaml            | awk '{ print "tokenMachine: "$$1}' >> _cfgs/tfstate.vars
+	@yq eval '.machine.ca.crt' _cfgs/controlplane.yaml            | awk '{ print "caMachine: "$$1}'    >> _cfgs/tfstate.vars
 	@yq eval '.cluster.token'  _cfgs/controlplane.yaml            | awk '{ print "token: "$$1}'        >> _cfgs/tfstate.vars
 	@yq eval '.cluster.ca.crt' _cfgs/controlplane.yaml            | awk '{ print "ca: "$$1}'           >> _cfgs/tfstate.vars

 	@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json

-# create-controlplane: ## Bootstrap first controlplane node
-# 	terraform apply -target=hcloud_server.controlplane
-
 create-kubeconfig:
 	talosctl --talosconfig _cfgs/talosconfig --nodes 172.18.0.11 kubeconfig
--- a/openstack/instances-master.tf
+++ b/openstack/instances-master.tf
@@ -4,7 +4,7 @@ resource "openstack_networking_port_v2" "vip" {
  region         = element(var.regions, count.index)
  name           = "vip"
  network_id     = data.openstack_networking_network_v2.main[count.index].id
-  admin_state_up = "true"
+  admin_state_up = true

  fixed_ip {
    subnet_id  = openstack_networking_subnet_v2.core[count.index].id
@@ -13,11 +13,12 @@ resource "openstack_networking_port_v2" "vip" {
 }

 resource "openstack_networking_port_v2" "controlplane" {
-  count          = length(var.regions)
-  region         = element(var.regions, count.index)
-  name           = "master-${count.index + 1}"
-  network_id     = data.openstack_networking_network_v2.main[count.index].id
-  admin_state_up = "true"
+  count                 = length(var.regions)
+  region                = element(var.regions, count.index)
+  name                  = "controlplane-${count.index + 1}"
+  network_id            = data.openstack_networking_network_v2.main[count.index].id
+  admin_state_up        = true
+  port_security_enabled = false

  fixed_ip {
    subnet_id  = openstack_networking_subnet_v2.core[count.index].id
@@ -25,6 +26,22 @@ resource "openstack_networking_port_v2" "controlplane" {
  }
 }

+resource "openstack_networking_port_v2" "controlplane_public" {
+  count          = length(var.regions)
+  region         = element(var.regions, count.index)
+  name           = "controlplane-public-${count.index + 1}"
+  network_id     = data.openstack_networking_network_v2.external[count.index].id
+  admin_state_up = "true"
+}
+
+data "openstack_networking_subnet_v2" "controlplane_public" {
+  count      = length(var.regions)
+  region     = element(var.regions, count.index)
+  network_id = data.openstack_networking_network_v2.external[count.index].id
+  # address_scope_id = openstack_networking_port_v2.controlplane_public[count.index].id
+  ip_version = 6
+}
+
 resource "openstack_compute_instance_v2" "controlplane" {
  count       = 1
  name        = "master-${count.index + 1}"
@@ -39,13 +56,14 @@ resource "openstack_compute_instance_v2" "controlplane" {
      lbv4        = local.lbv4
      ipv4_local  = openstack_networking_port_v2.controlplane[count.index].fixed_ip[0].ip_address
      ipv4_vip    = local.ipv4_vip
+      ipv6        = [for k in openstack_networking_port_v2.controlplane_public[count.index].all_fixed_ips : k if length(regexall("[0-9a-z]+:[0-9a-z:]+", k)) > 0][0]
+      ipv6_gw     = data.openstack_networking_subnet_v2.controlplane_public[count.index].gateway_ip
      nodeSubnets = var.vpc_main_cidr
    })
  )

  network {
-    name           = data.openstack_networking_network_v2.external[count.index].name
-    access_network = true
+    port = openstack_networking_port_v2.controlplane_public[count.index].id
  }
  network {
    port = openstack_networking_port_v2.controlplane[count.index].id
@@ -65,6 +83,8 @@ resource "openstack_compute_instance_v2" "controlplane" {
 #       lbv4        = local.lbv4
 #       ipv4_local  = openstack_networking_port_v2.controlplane[count.index].fixed_ip[0].ip_address
 #       ipv4_vip    = local.ipv4_vip
+#       ipv6        = [for k in openstack_networking_port_v2.controlplane_public[count.index].all_fixed_ips : k if length(regexall("[0-9a-z]+:[0-9a-z:]+", k)) > 0][0]
+#       ipv6_gw     = data.openstack_networking_subnet_v2.controlplane_public[count.index].gateway_ip
 #       nodeSubnets = var.vpc_main_cidr
 #     })
 #   )
--- a/openstack/instances-workers.tf
+++ b/openstack/instances-workers.tf
@@ -0,0 +1,56 @@
+
+resource "openstack_networking_port_v2" "worker" {
+  count          = length(var.regions)
+  region         = element(var.regions, count.index)
+  name           = "worker-${count.index + 1}"
+  network_id     = data.openstack_networking_network_v2.main[count.index].id
+  admin_state_up = "true"
+
+  fixed_ip {
+    subnet_id  = openstack_networking_subnet_v2.private[count.index].id
+    ip_address = cidrhost(openstack_networking_subnet_v2.private[count.index].cidr, 40 + count.index)
+  }
+}
+
+locals {
+  worker_labels = "project.io/node-pool=worker"
+}
+
+resource "openstack_compute_instance_v2" "worker" {
+  count       = 1
+  name        = "worker-${count.index + 1}"
+  image_id    = openstack_images_image_v2.talos[count.index].id
+  flavor_name = "s1-2"
+  region      = element(var.regions, count.index)
+
+  user_data = templatefile("${path.module}/templates/worker.yaml.tpl",
+    merge(var.kubernetes, {
+      name        = "worker-${count.index + 1}"
+      lbv4        = local.lbv4
+      nodeSubnets = var.vpc_main_cidr
+      labels      = local.worker_labels
+    })
+  )
+
+  network {
+    port = openstack_networking_port_v2.worker[count.index].id
+  }
+
+  lifecycle {
+    ignore_changes = [user_data, image_id]
+  }
+}
+
+# resource "local_file" "worker" {
+#   count = 1
+#   content = templatefile("${path.module}/templates/worker.yaml.tpl",
+#     merge(var.kubernetes, {
+#       name        = "worker-${count.index + 1}"
+#       lbv4        = local.lbv4
+#       nodeSubnets = var.vpc_main_cidr
+#       labels      = local.worker_labels
+#     })
+#   )
+#   filename        = "_cfgs/worker-${count.index + 1}.yaml"
+#   file_permission = "0640"
+# }
--- a/openstack/network.tf
+++ b/openstack/network.tf
@@ -24,7 +24,8 @@ resource "openstack_networking_subnet_v2" "core" {
    start = cidrhost(cidrsubnet(var.vpc_main_cidr, 8, count.index * 4), 11)
    end   = cidrhost(cidrsubnet(var.vpc_main_cidr, 8, count.index * 4), -7)
  }
-  ip_version = 4
+  ip_version      = 4
+  dns_nameservers = ["1.1.1.1", "8.8.8.8"]
 }

 resource "openstack_networking_subnet_v2" "private" {
@@ -37,7 +38,8 @@ resource "openstack_networking_subnet_v2" "private" {
    start = cidrhost(cidrsubnet(var.vpc_main_cidr, 8, 1 + count.index * 4), 11)
    end   = cidrhost(cidrsubnet(var.vpc_main_cidr, 8, 1 + count.index * 4), -7)
  }
-  ip_version = 4
+  ip_version      = 4
+  dns_nameservers = ["1.1.1.1", "8.8.8.8"]
 }

 data "openstack_networking_network_v2" "external" {
--- a/openstack/templates/controlplane.yaml.tpl
+++ b/openstack/templates/controlplane.yaml.tpl
@@ -19,6 +19,11 @@ machine:
    interfaces:
      - interface: eth0
        dhcp: true
+        addresses:
+          - ${ipv6}/56
+        routes:
+          - network: ::/0
+            gateway: ${ipv6_gw}
      - interface: eth1
        dhcp: true
        vip:
--- a/openstack/templates/worker.yaml.tpl
+++ b/openstack/templates/worker.yaml.tpl
@@ -0,0 +1,41 @@
+version: v1alpha1
+debug: false
+persist: true
+machine:
+  type: worker
+  token: ${tokenMachine}
+  ca:
+    crt: ${caMachine}
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      rotate-server-certificates: true
+      node-labels: "${labels}"
+    nodeIP:
+      validSubnets: ${format("%#v",split(",",nodeSubnets))}
+    clusterDNS:
+      - 169.254.2.53
+  network:
+    hostname: "${name}"
+    interfaces:
+      - interface: dummy0
+        addresses:
+          - 169.254.2.53/32
+          - fd00::169:254:2:53/128
+  sysctls:
+    net.core.somaxconn: 65535
+    net.core.netdev_max_backlog: 4096
+  install:
+    wipe: false
+cluster:
+  controlPlane:
+    endpoint: https://${lbv4}:6443
+  clusterName: ${clusterName}
+  network:
+    dnsDomain: ${domain}
+    serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
+  proxy:
+    disabled: true
+  token: ${token}
+  ca:
+    crt: ${ca}
--- a/openstack/variables.tf
+++ b/openstack/variables.tf
@@ -23,11 +23,13 @@ variable "kubernetes" {
    serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
    domain         = "cluster.local"
    apiDomain      = "api.cluster.local"
-    cluster_name   = "talos-k8s-hezner"
-    tokenmachine   = ""
+    clusterName    = "talos-k8s-hezner"
+    tokenMachine   = ""
+    caMachine      = ""
    token          = ""
    ca             = ""
  }
+  sensitive = true
 }

 variable "controlplane" {