Fix deployments

openstack/deployments/cilium.yaml

@@ -1,6 +1,6 @@
 ---
 
-k8sServiceHost: "172.16.0.10"
+k8sServiceHost: "172.16.132.11"
 k8sServicePort: "6443"
 
 operator:

openstack/deployments/cilium_result.yaml

@@ -538,7 +538,7 @@ spec:
               key: custom-cni-conf
               optional: true
         - name: KUBERNETES_SERVICE_HOST
-          value: "172.16.0.10"
+          value: "172.16.132.11"
         - name: KUBERNETES_SERVICE_PORT
           value: "6443"
         lifecycle:
@@ -616,7 +616,7 @@ spec:
               key: clean-cilium-bpf-state
               optional: true
         - name: KUBERNETES_SERVICE_HOST
-          value: "172.16.0.10"
+          value: "172.16.132.11"
         - name: KUBERNETES_SERVICE_PORT
           value: "6443"
         securityContext:
@@ -756,7 +756,7 @@ spec:
               name: cilium-config
               optional: true
         - name: KUBERNETES_SERVICE_HOST
-          value: "172.16.0.10"
+          value: "172.16.132.11"
         - name: KUBERNETES_SERVICE_PORT
           value: "6443"
         livenessProbe:

openstack/images/images.tf

@@ -1,7 +1,7 @@
 
 resource "openstack_images_image_v2" "talos" {
-  count            = length(var.regions)
-  region           = element(var.regions, count.index)
+  for_each         = { for idx, name in var.regions : name => idx }
+  region           = each.key
   name             = "talos"
   container_format = "bare"
   disk_format      = "raw"

openstack/modules/controlplane/main.tf

@@ -0,0 +1,70 @@
+
+resource "openstack_networking_port_v2" "controlplane" {
+  count                 = var.instance_count
+  region                = var.region
+  name                  = "controlplane-${lower(var.region)}-${count.index + 1}"
+  network_id            = var.network_internal.network_id
+  admin_state_up        = true
+  port_security_enabled = false
+
+  fixed_ip {
+    subnet_id  = var.network_internal.subnet_id
+    ip_address = cidrhost(var.network_internal.cidr, var.instance_ip_start + count.index)
+  }
+}
+
+resource "openstack_networking_port_v2" "controlplane_public" {
+  count          = var.instance_count
+  region         = var.region
+  name           = "controlplane-${lower(var.region)}-${count.index + 1}"
+  network_id     = var.network_external.id
+  admin_state_up = "true"
+}
+
+resource "openstack_compute_instance_v2" "controlplane" {
+  count       = var.instance_count
+  region      = var.region
+  name        = "controlplane-${lower(var.region)}-${count.index + 1}"
+  flavor_name = var.instance_flavor
+  image_id    = var.instance_image
+
+  network {
+    port = openstack_networking_port_v2.controlplane_public[count.index].id
+  }
+  network {
+    port = openstack_networking_port_v2.controlplane[count.index].id
+  }
+
+  lifecycle {
+    ignore_changes = [flavor_name, image_id, user_data]
+  }
+}
+
+locals {
+  ipv4_local     = var.instance_count > 0 ? [for k in try(openstack_networking_port_v2.controlplane_public[0].all_fixed_ips, []) : k if length(regexall("[0-9]+.[0-9.]+", k)) > 0][0] : ""
+  ipv4_local_vip = cidrhost(var.network_internal.cidr, 5)
+
+  controlplane_labels = ""
+}
+
+resource "local_file" "controlplane" {
+  count = var.instance_count
+
+  content = templatefile("${path.module}/../../templates/controlplane.yaml",
+    merge(var.instance_params, {
+      name   = "controlplane-${lower(var.region)}-${count.index + 1}"
+      type   = "controlplane"
+      labels = local.controlplane_labels
+
+      ipv4_local     = [for k in openstack_networking_port_v2.controlplane[count.index].all_fixed_ips : k if length(regexall("[0-9]+.[0-9.]+", k)) > 0][0]
+      ipv4_local_vip = local.ipv4_local_vip
+
+      ipv4 = [for k in openstack_networking_port_v2.controlplane_public[count.index].all_fixed_ips : k if length(regexall("[0-9]+.[0-9.]+", k)) > 0][0]
+      ipv6 = [for k in openstack_networking_port_v2.controlplane_public[count.index].all_fixed_ips : k if length(regexall("[0-9a-z]+:[0-9a-z:]+", k)) > 0][0]
+
+      nodeSubnets = var.network_internal.cidr
+    })
+  )
+  filename        = "_cfgs/controlplane-${lower(var.region)}-${count.index + 1}.yaml"
+  file_permission = "0600"
+}

openstack/modules/controlplane/outputs.tf

@@ -0,0 +1,12 @@
+
+output "controlplane_endpoints" {
+  description = "Kubernetes controlplane endpoint"
+  value       = [for ip in try(openstack_networking_port_v2.controlplane_public[*].all_fixed_ips, []) : ip]
+  depends_on  = [openstack_networking_port_v2.controlplane_public]
+}
+
+output "controlplane_bootstrap" {
+  description = "Kubernetes controlplane bootstrap command"
+  value       = local.ipv4_local == "" ? "" : "talosctl apply-config --insecure --nodes ${local.ipv4_local} --file _cfgs/controlplane-${lower(var.region)}-1.yaml"
+  depends_on  = [openstack_networking_port_v2.controlplane_public]
+}

openstack/modules/controlplane/variables.tf

@@ -0,0 +1,39 @@
+
+variable "region" {
+  description = "Region"
+  type        = string
+}
+
+variable "network_internal" {
+  description = "Internal network"
+}
+
+variable "network_external" {
+  description = "External network"
+}
+
+variable "instance_count" {
+  description = "Instances in region"
+  type        = number
+}
+
+variable "instance_flavor" {
+  description = "Instance type"
+  type        = string
+}
+
+variable "instance_image" {
+  description = "Instance image"
+  type        = string
+}
+
+variable "instance_params" {
+  description = "Instance template parameters"
+  type        = map(string)
+}
+
+variable "instance_ip_start" {
+  description = "Instances in region"
+  type        = number
+  default     = 11
+}

openstack/modules/controlplane/versions.tf

@@ -0,0 +1,10 @@
+
+terraform {
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.47.0"
+    }
+  }
+  required_version = ">= 1.0"
+}