diff --git a/azure/instances-web.tf b/azure/instances-web.tf index 7ed34a3..5b6c823 100644 --- a/azure/instances-web.tf +++ b/azure/instances-web.tf @@ -1,76 +1,4 @@ -resource "azurerm_public_ip" "web_v4" { - for_each = { for idx, name in local.regions : name => idx } - location = each.key - name = "web-${lower(each.key)}-v4" - resource_group_name = local.resource_group - sku = local.network_public[each.key].sku - allocation_method = local.network_public[each.key].sku == "Standard" ? "Static" : "Dynamic" - - tags = merge(var.tags, { type = "web" }) -} - -resource "azurerm_lb" "web" { - for_each = { for idx, name in local.regions : name => idx } - location = each.key - name = "web-${lower(each.key)}" - resource_group_name = local.resource_group - sku = local.network_public[each.key].sku - - frontend_ip_configuration { - name = "web-lb-v4" - public_ip_address_id = azurerm_public_ip.web_v4[each.key].id - } - - tags = merge(var.tags, { type = "web" }) -} - -resource "azurerm_lb_backend_address_pool" "web_v4" { - for_each = { for idx, name in local.regions : name => idx } - loadbalancer_id = azurerm_lb.web[each.key].id - name = "web-pool-v4" -} - -resource "azurerm_lb_probe" "web" { - for_each = { for idx, name in local.regions : name => idx } - name = "web-http-probe" - loadbalancer_id = azurerm_lb.web[each.key].id - interval_in_seconds = 30 - protocol = "Http" - request_path = "/healthz" - port = 80 -} - -resource "azurerm_lb_rule" "web_http_v4" { - for_each = { for idx, name in local.regions : name => idx } - name = "web_http-v4" - loadbalancer_id = azurerm_lb.web[each.key].id - frontend_ip_configuration_name = "web-lb-v4" - probe_id = azurerm_lb_probe.web[each.key].id - backend_address_pool_ids = [azurerm_lb_backend_address_pool.web_v4[each.key].id] - enable_floating_ip = false - protocol = "Tcp" - frontend_port = 80 - backend_port = 80 - idle_timeout_in_minutes = 30 - enable_tcp_reset = local.network_public[each.key].sku != "Basic" -} - -resource "azurerm_lb_rule" "web_https_v4" { - for_each = { for idx, name in local.regions : name => idx } - name = "web-https-v4" - loadbalancer_id = azurerm_lb.web[each.key].id - frontend_ip_configuration_name = "web-lb-v4" - probe_id = azurerm_lb_probe.web[each.key].id - backend_address_pool_ids = [azurerm_lb_backend_address_pool.web_v4[each.key].id] - enable_floating_ip = false - protocol = "Tcp" - frontend_port = 443 - backend_port = 443 - idle_timeout_in_minutes = 30 - enable_tcp_reset = local.network_public[each.key].sku != "Basic" -} - locals { web_labels = "topology.kubernetes.io/zone=azure,project.io/node-pool=web" } @@ -84,9 +12,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "web" { computer_name_prefix = "web-${lower(each.key)}-" resource_group_name = local.resource_group sku = lookup(try(var.instances[each.key], {}), "web_instance_type", "Standard_B2s") - - extensions_time_budget = "PT30M" - provision_vm_agent = false + provision_vm_agent = false + overprovision = false # availability_set_id = var.instance_availability_set diff --git a/azure/instances-werker.tf b/azure/instances-werker.tf index 0ab6f47..ae936f8 100644 --- a/azure/instances-werker.tf +++ b/azure/instances-werker.tf @@ -64,6 +64,11 @@ # tags = merge(var.tags, { type = "worker" }) +# automatic_instance_repair { +# ~ enabled = true +# ~ grace_period = "PT30M" +# } + # boot_diagnostics {} # lifecycle { # ignore_changes = [admin_username, admin_ssh_key, os_disk, source_image_id, tags] diff --git a/azure/modules/controlplane/main.tf b/azure/modules/controlplane/main.tf index 5d8cec2..869fec8 100644 --- a/azure/modules/controlplane/main.tf +++ b/azure/modules/controlplane/main.tf @@ -58,6 +58,8 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlpl network_interface_id = azurerm_network_interface.controlplane[count.index].id ip_configuration_name = "controlplane-${count.index}-v4" backend_address_pool_id = var.network_internal.controlplane_pool_v4 + + depends_on = [azurerm_linux_virtual_machine.controlplane] } resource "azurerm_network_interface_backend_address_pool_association" "controlplane_v6" { @@ -65,12 +67,11 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlpl network_interface_id = azurerm_network_interface.controlplane[count.index].id ip_configuration_name = "controlplane-${count.index}-v6" backend_address_pool_id = var.network_internal.controlplane_pool_v6 + + depends_on = [azurerm_linux_virtual_machine.controlplane] } locals { - ipv4_local = var.instance_count > 0 ? azurerm_network_interface.controlplane[0].ip_configuration[0].private_ip_address : "" - ipv4_public = var.instance_count > 0 ? try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], []) : [] - controlplane_labels = "topology.kubernetes.io/region=${var.region},topology.kubernetes.io/zone=azure" } @@ -87,22 +88,22 @@ resource "azurerm_linux_virtual_machine" "controlplane" { availability_set_id = var.instance_availability_set network_interface_ids = [azurerm_network_interface.controlplane[count.index].id] - custom_data = base64encode(templatefile("${path.module}/../../templates/controlplane.yaml", - merge(var.instance_params, { - name = "controlplane-${lower(var.region)}-${1 + count.index}" - labels = local.controlplane_labels + # custom_data = base64encode(templatefile("${path.module}/../../templates/controlplane.yaml", + # merge(var.instance_params, { + # name = "controlplane-${lower(var.region)}-${1 + count.index}" + # labels = local.controlplane_labels + # nodeSubnets = [var.network_internal.cidr[0]] - certSANs = compact([ - var.instance_params["apiDomain"], - var.instance_params["lbv4"], - var.instance_params["lbv6"], - azurerm_public_ip.controlplane_v4[count.index].ip_address, - try(azurerm_public_ip.controlplane_v6[count.index].ip_address, ""), - ]) - ipAliases = compact([var.instance_params["lbv4"], var.instance_params["lbv6"]]) - nodeSubnets = [var.network_internal.cidr[0]] - }) - )) + # ipAliases = compact([var.instance_params["lbv4"], var.instance_params["lbv6"]]) + # certSANs = compact([ + # var.instance_params["apiDomain"], + # var.instance_params["lbv4"], + # var.instance_params["lbv6"], + # azurerm_public_ip.controlplane_v4[count.index].ip_address, + # try(azurerm_public_ip.controlplane_v6[count.index].ip_address, ""), + # ]) + # }) + # )) # vtpm_enabled = false # encryption_at_host_enabled = true @@ -159,4 +160,6 @@ resource "local_file" "controlplane" { ) filename = "_cfgs/controlplane-${lower(var.region)}-${1 + count.index}.yaml" file_permission = "0600" + + depends_on = [azurerm_linux_virtual_machine.controlplane] } diff --git a/azure/modules/controlplane/outputs.tf b/azure/modules/controlplane/outputs.tf index 9613383..38300df 100644 --- a/azure/modules/controlplane/outputs.tf +++ b/azure/modules/controlplane/outputs.tf @@ -1,12 +1,12 @@ output "controlplane_endpoints" { description = "Kubernetes controlplane endpoint" - value = local.ipv4_public + value = var.instance_count > 0 ? try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], []) : [] depends_on = [azurerm_linux_virtual_machine.controlplane] } output "controlplane_bootstrap" { description = "Kubernetes controlplane bootstrap command" - value = length(local.ipv4_public) > 0 ? "talosctl apply-config --insecure --nodes ${local.ipv4_public[0]} --file _cfgs/controlplane-${lower(var.region)}-1.yaml" : "" + value = var.instance_count > 0 ? "talosctl apply-config --insecure --nodes ${try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], [])[0]} --file _cfgs/controlplane-${lower(var.region)}-1.yaml" : "" depends_on = [azurerm_linux_virtual_machine.controlplane] } diff --git a/azure/network-lb.tf b/azure/network-lb.tf new file mode 100644 index 0000000..60f8fd4 --- /dev/null +++ b/azure/network-lb.tf @@ -0,0 +1,72 @@ + +resource "azurerm_public_ip" "web_v4" { + for_each = { for idx, name in local.regions : name => idx } + location = each.key + name = "web-${lower(each.key)}-v4" + resource_group_name = local.resource_group + sku = local.network_public[each.key].sku + allocation_method = local.network_public[each.key].sku == "Standard" ? "Static" : "Dynamic" + + tags = merge(var.tags, { type = "web" }) +} + +resource "azurerm_lb" "web" { + for_each = { for idx, name in local.regions : name => idx } + location = each.key + name = "web-${lower(each.key)}" + resource_group_name = local.resource_group + sku = local.network_public[each.key].sku + + frontend_ip_configuration { + name = "web-lb-v4" + public_ip_address_id = azurerm_public_ip.web_v4[each.key].id + } + + tags = merge(var.tags, { type = "web" }) +} + +resource "azurerm_lb_backend_address_pool" "web_v4" { + for_each = { for idx, name in local.regions : name => idx } + loadbalancer_id = azurerm_lb.web[each.key].id + name = "web-pool-v4" +} + +resource "azurerm_lb_probe" "web" { + for_each = { for idx, name in local.regions : name => idx } + name = "web-http-probe" + loadbalancer_id = azurerm_lb.web[each.key].id + interval_in_seconds = 30 + protocol = "Http" + request_path = "/healthz" + port = 80 +} + +resource "azurerm_lb_rule" "web_http_v4" { + for_each = { for idx, name in local.regions : name => idx } + name = "web_http-v4" + loadbalancer_id = azurerm_lb.web[each.key].id + frontend_ip_configuration_name = "web-lb-v4" + probe_id = azurerm_lb_probe.web[each.key].id + backend_address_pool_ids = [azurerm_lb_backend_address_pool.web_v4[each.key].id] + enable_floating_ip = false + protocol = "Tcp" + frontend_port = 80 + backend_port = 80 + idle_timeout_in_minutes = 30 + enable_tcp_reset = local.network_public[each.key].sku != "Basic" +} + +resource "azurerm_lb_rule" "web_https_v4" { + for_each = { for idx, name in local.regions : name => idx } + name = "web-https-v4" + loadbalancer_id = azurerm_lb.web[each.key].id + frontend_ip_configuration_name = "web-lb-v4" + probe_id = azurerm_lb_probe.web[each.key].id + backend_address_pool_ids = [azurerm_lb_backend_address_pool.web_v4[each.key].id] + enable_floating_ip = false + protocol = "Tcp" + frontend_port = 443 + backend_port = 443 + idle_timeout_in_minutes = 30 + enable_tcp_reset = local.network_public[each.key].sku != "Basic" +} diff --git a/azure/outputs.tf b/azure/outputs.tf index 859fa6a..ccb74b6 100644 --- a/azure/outputs.tf +++ b/azure/outputs.tf @@ -9,11 +9,7 @@ output "controlplane_endpoint_public" { value = local.endpoint } -# output "ipv4_local" { -# value = local.ipv4_local -# } - -# output "web_endpoint" { -# description = "Kubernetes controlplane endpoint" -# value = module.web -# } +output "web_endpoint" { + description = "Kubernetes controlplane endpoint" + value = compact([for lb in azurerm_public_ip.web_v4 : lb.ip_address]) +}