Cosmetic

azure/instances-web.tf

@@ -1,76 +1,4 @@
 
-resource "azurerm_public_ip" "web_v4" {
-  for_each            = { for idx, name in local.regions : name => idx }
-  location            = each.key
-  name                = "web-${lower(each.key)}-v4"
-  resource_group_name = local.resource_group
-  sku                 = local.network_public[each.key].sku
-  allocation_method   = local.network_public[each.key].sku == "Standard" ? "Static" : "Dynamic"
-
-  tags = merge(var.tags, { type = "web" })
-}
-
-resource "azurerm_lb" "web" {
-  for_each            = { for idx, name in local.regions : name => idx }
-  location            = each.key
-  name                = "web-${lower(each.key)}"
-  resource_group_name = local.resource_group
-  sku                 = local.network_public[each.key].sku
-
-  frontend_ip_configuration {
-    name                 = "web-lb-v4"
-    public_ip_address_id = azurerm_public_ip.web_v4[each.key].id
-  }
-
-  tags = merge(var.tags, { type = "web" })
-}
-
-resource "azurerm_lb_backend_address_pool" "web_v4" {
-  for_each        = { for idx, name in local.regions : name => idx }
-  loadbalancer_id = azurerm_lb.web[each.key].id
-  name            = "web-pool-v4"
-}
-
-resource "azurerm_lb_probe" "web" {
-  for_each            = { for idx, name in local.regions : name => idx }
-  name                = "web-http-probe"
-  loadbalancer_id     = azurerm_lb.web[each.key].id
-  interval_in_seconds = 30
-  protocol            = "Http"
-  request_path        = "/healthz"
-  port                = 80
-}
-
-resource "azurerm_lb_rule" "web_http_v4" {
-  for_each                       = { for idx, name in local.regions : name => idx }
-  name                           = "web_http-v4"
-  loadbalancer_id                = azurerm_lb.web[each.key].id
-  frontend_ip_configuration_name = "web-lb-v4"
-  probe_id                       = azurerm_lb_probe.web[each.key].id
-  backend_address_pool_ids       = [azurerm_lb_backend_address_pool.web_v4[each.key].id]
-  enable_floating_ip             = false
-  protocol                       = "Tcp"
-  frontend_port                  = 80
-  backend_port                   = 80
-  idle_timeout_in_minutes        = 30
-  enable_tcp_reset               = local.network_public[each.key].sku != "Basic"
-}
-
-resource "azurerm_lb_rule" "web_https_v4" {
-  for_each                       = { for idx, name in local.regions : name => idx }
-  name                           = "web-https-v4"
-  loadbalancer_id                = azurerm_lb.web[each.key].id
-  frontend_ip_configuration_name = "web-lb-v4"
-  probe_id                       = azurerm_lb_probe.web[each.key].id
-  backend_address_pool_ids       = [azurerm_lb_backend_address_pool.web_v4[each.key].id]
-  enable_floating_ip             = false
-  protocol                       = "Tcp"
-  frontend_port                  = 443
-  backend_port                   = 443
-  idle_timeout_in_minutes        = 30
-  enable_tcp_reset               = local.network_public[each.key].sku != "Basic"
-}
-
 locals {
   web_labels = "topology.kubernetes.io/zone=azure,project.io/node-pool=web"
 }
@@ -84,9 +12,8 @@ resource "azurerm_linux_virtual_machine_scale_set" "web" {
   computer_name_prefix = "web-${lower(each.key)}-"
   resource_group_name  = local.resource_group
   sku                  = lookup(try(var.instances[each.key], {}), "web_instance_type", "Standard_B2s")
-
-  extensions_time_budget = "PT30M"
   provision_vm_agent   = false
+  overprovision        = false
 
   # availability_set_id        = var.instance_availability_set
 

azure/instances-werker.tf

@@ -64,6 +64,11 @@
 
 #   tags = merge(var.tags, { type = "worker" })
 
+#   automatic_instance_repair {
+#       ~ enabled      = true
+#       ~ grace_period = "PT30M"
+#   }
+
 #   boot_diagnostics {}
 #   lifecycle {
 #     ignore_changes = [admin_username, admin_ssh_key, os_disk, source_image_id, tags]

azure/modules/controlplane/main.tf

@@ -58,6 +58,8 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlpl
   network_interface_id    = azurerm_network_interface.controlplane[count.index].id
   ip_configuration_name   = "controlplane-${count.index}-v4"
   backend_address_pool_id = var.network_internal.controlplane_pool_v4
+
+  depends_on = [azurerm_linux_virtual_machine.controlplane]
 }
 
 resource "azurerm_network_interface_backend_address_pool_association" "controlplane_v6" {
@@ -65,12 +67,11 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlpl
   network_interface_id    = azurerm_network_interface.controlplane[count.index].id
   ip_configuration_name   = "controlplane-${count.index}-v6"
   backend_address_pool_id = var.network_internal.controlplane_pool_v6
+
+  depends_on = [azurerm_linux_virtual_machine.controlplane]
 }
 
 locals {
-  ipv4_local  = var.instance_count > 0 ? azurerm_network_interface.controlplane[0].ip_configuration[0].private_ip_address : ""
-  ipv4_public = var.instance_count > 0 ? try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], []) : []
-
   controlplane_labels = "topology.kubernetes.io/region=${var.region},topology.kubernetes.io/zone=azure"
 }
 
@@ -87,22 +88,22 @@ resource "azurerm_linux_virtual_machine" "controlplane" {
   availability_set_id        = var.instance_availability_set
   network_interface_ids      = [azurerm_network_interface.controlplane[count.index].id]
 
-  custom_data = base64encode(templatefile("${path.module}/../../templates/controlplane.yaml",
-    merge(var.instance_params, {
-      name   = "controlplane-${lower(var.region)}-${1 + count.index}"
-      labels = local.controlplane_labels
+  # custom_data = base64encode(templatefile("${path.module}/../../templates/controlplane.yaml",
+  #   merge(var.instance_params, {
+  #     name        = "controlplane-${lower(var.region)}-${1 + count.index}"
+  #     labels      = local.controlplane_labels
+  #     nodeSubnets = [var.network_internal.cidr[0]]
 
-      certSANs = compact([
-        var.instance_params["apiDomain"],
-        var.instance_params["lbv4"],
-        var.instance_params["lbv6"],
-        azurerm_public_ip.controlplane_v4[count.index].ip_address,
-        try(azurerm_public_ip.controlplane_v6[count.index].ip_address, ""),
-      ])
-      ipAliases   = compact([var.instance_params["lbv4"], var.instance_params["lbv6"]])
-      nodeSubnets = [var.network_internal.cidr[0]]
-    })
-  ))
+  #     ipAliases = compact([var.instance_params["lbv4"], var.instance_params["lbv6"]])
+  #     certSANs = compact([
+  #       var.instance_params["apiDomain"],
+  #       var.instance_params["lbv4"],
+  #       var.instance_params["lbv6"],
+  #       azurerm_public_ip.controlplane_v4[count.index].ip_address,
+  #       try(azurerm_public_ip.controlplane_v6[count.index].ip_address, ""),
+  #     ])
+  #   })
+  # ))
 
   # vtpm_enabled               = false
   # encryption_at_host_enabled = true
@@ -159,4 +160,6 @@ resource "local_file" "controlplane" {
   )
   filename        = "_cfgs/controlplane-${lower(var.region)}-${1 + count.index}.yaml"
   file_permission = "0600"
+
+  depends_on = [azurerm_linux_virtual_machine.controlplane]
 }

azure/modules/controlplane/outputs.tf

@@ -1,12 +1,12 @@
 
 output "controlplane_endpoints" {
   description = "Kubernetes controlplane endpoint"
-  value       = local.ipv4_public
+  value       = var.instance_count > 0 ? try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], []) : []
   depends_on  = [azurerm_linux_virtual_machine.controlplane]
 }
 
 output "controlplane_bootstrap" {
   description = "Kubernetes controlplane bootstrap command"
-  value       = length(local.ipv4_public) > 0 ? "talosctl apply-config --insecure --nodes ${local.ipv4_public[0]} --file _cfgs/controlplane-${lower(var.region)}-1.yaml" : ""
+  value       = var.instance_count > 0 ? "talosctl apply-config --insecure --nodes ${try([for ip in azurerm_public_ip.controlplane_v4 : ip.ip_address if ip.ip_address != ""], [])[0]} --file _cfgs/controlplane-${lower(var.region)}-1.yaml" : ""
   depends_on  = [azurerm_linux_virtual_machine.controlplane]
 }

azure/network-lb.tf

@@ -0,0 +1,72 @@
+
+resource "azurerm_public_ip" "web_v4" {
+  for_each            = { for idx, name in local.regions : name => idx }
+  location            = each.key
+  name                = "web-${lower(each.key)}-v4"
+  resource_group_name = local.resource_group
+  sku                 = local.network_public[each.key].sku
+  allocation_method   = local.network_public[each.key].sku == "Standard" ? "Static" : "Dynamic"
+
+  tags = merge(var.tags, { type = "web" })
+}
+
+resource "azurerm_lb" "web" {
+  for_each            = { for idx, name in local.regions : name => idx }
+  location            = each.key
+  name                = "web-${lower(each.key)}"
+  resource_group_name = local.resource_group
+  sku                 = local.network_public[each.key].sku
+
+  frontend_ip_configuration {
+    name                 = "web-lb-v4"
+    public_ip_address_id = azurerm_public_ip.web_v4[each.key].id
+  }
+
+  tags = merge(var.tags, { type = "web" })
+}
+
+resource "azurerm_lb_backend_address_pool" "web_v4" {
+  for_each        = { for idx, name in local.regions : name => idx }
+  loadbalancer_id = azurerm_lb.web[each.key].id
+  name            = "web-pool-v4"
+}
+
+resource "azurerm_lb_probe" "web" {
+  for_each            = { for idx, name in local.regions : name => idx }
+  name                = "web-http-probe"
+  loadbalancer_id     = azurerm_lb.web[each.key].id
+  interval_in_seconds = 30
+  protocol            = "Http"
+  request_path        = "/healthz"
+  port                = 80
+}
+
+resource "azurerm_lb_rule" "web_http_v4" {
+  for_each                       = { for idx, name in local.regions : name => idx }
+  name                           = "web_http-v4"
+  loadbalancer_id                = azurerm_lb.web[each.key].id
+  frontend_ip_configuration_name = "web-lb-v4"
+  probe_id                       = azurerm_lb_probe.web[each.key].id
+  backend_address_pool_ids       = [azurerm_lb_backend_address_pool.web_v4[each.key].id]
+  enable_floating_ip             = false
+  protocol                       = "Tcp"
+  frontend_port                  = 80
+  backend_port                   = 80
+  idle_timeout_in_minutes        = 30
+  enable_tcp_reset               = local.network_public[each.key].sku != "Basic"
+}
+
+resource "azurerm_lb_rule" "web_https_v4" {
+  for_each                       = { for idx, name in local.regions : name => idx }
+  name                           = "web-https-v4"
+  loadbalancer_id                = azurerm_lb.web[each.key].id
+  frontend_ip_configuration_name = "web-lb-v4"
+  probe_id                       = azurerm_lb_probe.web[each.key].id
+  backend_address_pool_ids       = [azurerm_lb_backend_address_pool.web_v4[each.key].id]
+  enable_floating_ip             = false
+  protocol                       = "Tcp"
+  frontend_port                  = 443
+  backend_port                   = 443
+  idle_timeout_in_minutes        = 30
+  enable_tcp_reset               = local.network_public[each.key].sku != "Basic"
+}

azure/outputs.tf

@@ -9,11 +9,7 @@ output "controlplane_endpoint_public" {
   value       = local.endpoint
 }
 
-# output "ipv4_local" {
-#   value = local.ipv4_local
-# }
-
-# output "web_endpoint" {
-#   description = "Kubernetes controlplane endpoint"
-#   value       = module.web
-# }
+output "web_endpoint" {
+  description = "Kubernetes controlplane endpoint"
+  value       = compact([for lb in azurerm_public_ip.web_v4 : lb.ip_address])
+}