Merge pull request #169 from kubenow/feature/aws-optional-vpc-subnet

Restructure amazon vpc module into submodules
kubenow · May 4, 2017 · 9e796b7 · 9e796b7
2 parents 43c8600 + 7d043b4
commit 9e796b7
Show file tree

Hide file tree

Showing 7 changed files with 163 additions and 118 deletions.
diff --git a/aws/main.tf b/aws/main.tf
@@ -1,6 +1,6 @@
 # Cluster settings
 variable cluster_prefix {}
-variable kubenow_image_id {}
+variable kubenow_image {}
 variable kubeadm_token {}
 
 variable aws_access_key_id {}
@@ -11,6 +11,11 @@ variable availability_zone {}
 variable ssh_user { default = "ubuntu" }
 variable ssh_key {}
 
+# Networking
+variable vpc_id {default = ""}
+variable subnet_id {default = ""}
+variable additional_sec_group_ids {type="list" default = []}
+
 # Master settings
 variable master_count { default = 1 }
 variable master_instance_type {}
@@ -40,11 +45,40 @@ module "keypair" {
   name_prefix = "${var.cluster_prefix}"
 }
 
-# Network (here would be nice with condition)
+# Networking - VPC
 module "vpc" {
+  vpc_id = "${var.vpc_id}"
+  name_prefix = "${var.cluster_prefix}"
   source = "./vpc"
+}
+
+# Networking - subnet
+module "subnet" {
+  subnet_id = "${var.subnet_id}"
+  vpc_id = "${module.vpc.id}"
   name_prefix = "${var.cluster_prefix}"
   availability_zone = "${var.availability_zone}"
+  source = "./subnet"
+}
+
+# Networking - sec-group
+module "security_group" {
+  name_prefix = "${var.cluster_prefix}"
+  vpc_id = "${module.vpc.id}"
+  source = "./security_group"
+}
+
+# Lookup image-id of kubenow-image
+data "aws_ami" "kubenow" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["${var.kubenow_image}"]
+  } 
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
 }
 
 module "master" {
@@ -53,14 +87,14 @@ module "master" {
   count = "${var.master_count}"
   name_prefix = "${var.cluster_prefix}-master"
   instance_type = "${var.master_instance_type}"
-  image_id = "${var.kubenow_image_id}"
+  image_id = "${data.aws_ami.kubenow.id}"
   availability_zone = "${var.availability_zone}"
   # SSH settings
   ssh_user = "${var.ssh_user}"
   ssh_keypair_name = "${module.keypair.keypair_name}"
   # Network settings
-  subnet_id = "${module.vpc.subnet_id}"
-  security_group_id = "${module.vpc.security_group_id}"
+  subnet_id = "${module.subnet.id}"
+  security_group_ids = "${concat(module.security_group.id, var.additional_sec_group_ids)}"
   # Disk settings
   disk_size = "${var.master_disk_size}"
   extra_disk_size = "0"
@@ -78,14 +112,14 @@ module "node" {
   count = "${var.node_count}"
   name_prefix = "${var.cluster_prefix}-node"
   instance_type = "${var.node_instance_type}"
-  image_id = "${var.kubenow_image_id}"
+  image_id = "${data.aws_ami.kubenow.id}"
   availability_zone = "${var.availability_zone}"
   # SSH settings
   ssh_user = "${var.ssh_user}"
   ssh_keypair_name = "${module.keypair.keypair_name}"
   # Network settings
-  subnet_id = "${module.vpc.subnet_id}"
-  security_group_id = "${module.vpc.security_group_id}"
+  subnet_id = "${module.subnet.id}"
+  security_group_ids = "${concat(module.security_group.id, var.additional_sec_group_ids)}"
   # Disk settings
   disk_size = "${var.node_disk_size}"
   extra_disk_size = "0"
@@ -103,14 +137,14 @@ module "edge" {
   count = "${var.edge_count}"
   name_prefix = "${var.cluster_prefix}-edge"
   instance_type = "${var.edge_instance_type}"
-  image_id = "${var.kubenow_image_id}"
+  image_id = "${data.aws_ami.kubenow.id}"
   availability_zone = "${var.availability_zone}"
   # SSH settings
   ssh_user = "${var.ssh_user}"
   ssh_keypair_name = "${module.keypair.keypair_name}"
   # Network settings
-  subnet_id = "${module.vpc.subnet_id}"
-  security_group_id = "${module.vpc.security_group_id}"
+  subnet_id = "${module.subnet.id}"
+  security_group_ids = "${concat(module.security_group.id, var.additional_sec_group_ids)}"
   # Disk settings
   disk_size = "${var.edge_disk_size}"
   extra_disk_size = "0"

diff --git a/aws/node/main.tf b/aws/node/main.tf
@@ -11,7 +11,7 @@ variable ssh_keypair_name {}
 
 # Network settings
 variable subnet_id {}
-variable security_group_id {}
+variable security_group_ids { type = "list" }
 
 # Disk settings
 variable disk_size {}
@@ -44,7 +44,7 @@ resource "aws_instance" "instance" {
   instance_type = "${var.instance_type}"
   associate_public_ip_address = true
   key_name = "${var.ssh_keypair_name}"
-  vpc_security_group_ids = ["${var.security_group_id}"]
+  vpc_security_group_ids = ["${var.security_group_ids}"]
   subnet_id = "${var.subnet_id}"
   user_data = "${data.template_file.instance_bootstrap.rendered}"
 

diff --git a/aws/security_group/main.tf b/aws/security_group/main.tf
@@ -0,0 +1,47 @@
+variable name_prefix {}
+variable vpc_id {}
+
+resource "aws_security_group" "main" {
+  name = "${var.name_prefix}"
+  description = "kubenow default security group"
+  vpc_id = "${var.vpc_id}"
+
+  ingress { # SSH
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress { # HTTP
+    from_port = 80
+    to_port = 80
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress { # HTTPS
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress { # Allow ALL internal (self)
+    from_port = 0
+    to_port = 0
+    protocol = -1
+    self = true
+  }
+
+  egress { # Allow ALL outbound
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+output "id" {
+  value = ["${aws_security_group.main.id}"]
+}
diff --git a/aws/subnet/main.tf b/aws/subnet/main.tf
@@ -0,0 +1,59 @@
+variable vpc_id {}
+variable subnet_id {}
+variable subnet_cidr { default = "10.0.0.0/16"}
+variable availability_zone {}
+variable name_prefix {}
+
+resource "aws_subnet" "created" {
+  # create subnet only if not specified in var.subnet_id
+  count = "${var.subnet_id == "" ? 1 : 0}"
+  vpc_id = "${var.vpc_id}"
+  cidr_block = "${var.subnet_cidr}"
+  availability_zone = "${var.availability_zone}"
+  tags {
+    Name = "${var.name_prefix}"
+  }
+}
+
+resource "aws_internet_gateway" "main" {
+  # create subnet only if not specified in var.subnet_id
+  count = "${var.subnet_id == "" ? 1 : 0}"
+  vpc_id = "${var.vpc_id}"
+  tags {
+    Name = "${var.name_prefix}"
+  }
+}
+
+resource "aws_route_table" "main" {
+  # create subnet only if not specified in var.subnet_id
+  count = "${var.subnet_id == "" ? 1 : 0}"
+  vpc_id = "${var.vpc_id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.main.id}"
+  }
+
+  tags {
+    Name = "${var.name_prefix}"
+  }
+}
+
+resource "aws_main_route_table_association" "main" {
+  # create subnet only if not specified in var.subnet_id
+  count = "${var.subnet_id == "" ? 1 : 0}"
+  vpc_id = "${var.vpc_id}"
+  route_table_id = "${aws_route_table.main.id}"
+}
+
+resource "aws_route_table_association" "main" {
+  # create subnet only if not specified in var.subnet_id
+  count = "${var.subnet_id == "" ? 1 : 0}"
+  subnet_id = "${var.subnet_id != "" ? var.subnet_id : aws_subnet.created.id }"
+  route_table_id = "${aws_route_table.main.id}"
+}
+
+output "id" {
+  value = "${ var.subnet_id != "" ? var.subnet_id : aws_subnet.created.id }"
+}
+
diff --git a/aws/vpc/main.tf b/aws/vpc/main.tf
@@ -1,113 +1,18 @@
+variable vpc_id {}
+variable vpc_cidr { default = "10.0.0.0/16"}
 variable name_prefix {}
-variable availability_zone {}
-variable subnet_id { default = "" }
 
-
-resource "aws_vpc" "main" {
-  cidr_block = "10.0.0.0/16"
+resource "aws_vpc" "created" {
+  # create vpc only if not specified in var.vpc_id
+  count = "${var.vpc_id == "" ? 1 : 0}"
+  cidr_block = "${var.vpc_cidr}"
   enable_dns_support = true
   enable_dns_hostnames = true
   tags {
     Name = "${var.name_prefix}"
   }
 }
 
-resource "aws_subnet" "main" {
-  # create subnet only if not specified in var.subnet_id
-  count = "${ var.subnet_id == "" ? 1 : 0 }"
-  vpc_id = "${aws_vpc.main.id}"
-  cidr_block = "${aws_vpc.main.cidr_block}"
-  availability_zone = "${var.availability_zone}"
-  tags {
-    Name = "${var.name_prefix}"
-  }
-}
-
-resource "aws_internet_gateway" "main" {
-  # create only if subnet is being created
-  count = "${ var.subnet_id == "" ? 1 : 0 }"
-  vpc_id = "${aws_vpc.main.id}"
-  tags {
-    Name = "${var.name_prefix}"
-  }
-}
-
-resource "aws_route_table" "main" {
-  # create only if subnet is being created
-  count = "${ var.subnet_id == "" ? 1 : 0 }"
-  vpc_id = "${aws_vpc.main.id}"
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = "${aws_internet_gateway.main.id}"
-  }
-
-  tags {
-    Name = "${var.name_prefix}"
-  }
-}
-
-resource "aws_main_route_table_association" "main" {
-  # create only if subnet is being created
-  count = "${ var.subnet_id == "" ? 1 : 0 }"
-  vpc_id = "${aws_vpc.main.id}"
-  route_table_id = "${aws_route_table.main.id}"
-}
-
-resource "aws_route_table_association" "main" {
-  # create only if subnet is being created
-  count = "${ var.subnet_id == "" ? 1 : 0 }"
-  subnet_id = "${ var.subnet_id == "" ? aws_subnet.main.id : var.subnet_id}"
-  route_table_id = "${aws_route_table.main.id}"
-}
-
-resource "aws_security_group" "main" {
-  name = "${var.name_prefix}"
-  description = "kubenow default security group"
-  vpc_id = "${aws_vpc.main.id}"
-
-
-  ingress { # SSH
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress { # HTTP
-    from_port = 80
-    to_port = 80
-    protocol = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress { # HTTPS
-    from_port = 443
-    to_port = 443
-    protocol = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress { # Allow ALL internal (self)
-    from_port = 0
-    to_port = 0
-    protocol = -1
-    self = true
-  }
-
-  egress { # Allow ALL outbound
-    from_port = 0
-    to_port = 0
-    protocol = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-}
-
-output "subnet_id" {
-  value = "${ var.subnet_id == "" ? aws_subnet.main.id : var.subnet_id }"
-}
-
-output "security_group_id" {
-  value = "${aws_security_group.main.id}"
+output "id" {
+  value = "${ var.vpc_id != "" ? var.vpc_id : aws_vpc.created.id }"
 }
diff --git a/terraform.tfvars.aws-template b/terraform.tfvars.aws-template
@@ -1,6 +1,6 @@
 # Cluster configuration
 cluster_prefix = "kubenow" # Your cluster prefix
-kubenow_image_id = "ami-XXXX" # ID of the AMI previously created with Packer
+kubenow_image = "kubenow-v020" # Name of the image created with Packer
 kubeadm_token = "your-kubeadm-token" # You can run generate_kubetoken.sh to create a valid token
 ssh_key = "~/.ssh/id_rsa.pub" # Path to your public SSH key (for ssh node access)
 aws_region = "eu-west-1" # Some region

diff --git a/test/secrets-kubenow b/test/secrets-kubenow