diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 01c267c..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,13 +0,0 @@ -# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference -version: 2.1 -# Use a package of configuration called an orb. -orbs: - # Declare a dependency on the welcome-orb - welcome: circleci/welcome-orb@0.4.1 -# Orchestrate or schedule a set of jobs -workflows: - # Name the workflow "welcome" - welcome: - # Run the welcome/run job in its own container - jobs: - - welcome/run \ No newline at end of file diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml new file mode 100644 index 0000000..6cd37d8 --- /dev/null +++ b/.github/workflows/documentation.yaml @@ -0,0 +1,57 @@ +name: generate-terraform-docs +# This workflow will generate terraform docs into README.md in the root, examples, and modules folders. +# Source: https://github.com/equinix-labs/terraform-equinix-kubernetes-addons/blob/main/.github/workflows/documentation.yaml + +on: + push: + branches: + - main + paths: + - "**/*.tpl" + - "**/*.tf" + +permissions: + contents: write # Workflow needs to push new branches to open PRs with docs changes + pull-requests: write # Workflow needs to open PRs with docs changes + +jobs: + tf-docs: + name: TF docs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + id: actions-checkout + with: + ref: main + + - name: Render terraform docs inside the main and the modules README.md files and push changes back to PR branch + id: terraform-docs + uses: terraform-docs/gh-actions@v1 + with: + find-dir: . + args: --sort-by required + indention: 2 + git-push: "false" + + # terraform-docs/gh-actions@v1.0.0 modifies .git files with owner root:root, and the following steps fail with + # insufficient permission for adding an object to repository database .git/objects + # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90 + - name: Fix .git owner + run: sudo chown runner:docker -R .git + + - name: Create Pull Request + if: steps.terraform-docs.outputs.num_changed != '0' + uses: peter-evans/create-pull-request@v6 + with: + commit-message: "generate-terraform-docs: automated action" + committer: GitHub + author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + title: "generate-terraform-docs: automated action" + body: | + Update terraform docs + branch-suffix: timestamp + base: main + signoff: true + delete-branch: true + + # TODO(ocobleseqx): https://github.com/peter-evans/enable-pull-request-automerge \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..551882b --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,28 @@ +name: generate-release +# This workflow will generate changelog and release notes. +# Source: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/.github/workflows/release.yml + +on: + workflow_dispatch: + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + fetch-depth: 0 + + - name: Release + uses: cycjimmy/semantic-release-action@v4 + with: + semantic_version: 19.0.5 + extra_plugins: | + @semantic-release/changelog@6.0.0 + @semantic-release/git@10.0.0 + conventional-changelog-conventionalcommits@4.6.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 7b69dc9..521a99b 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -1,38 +1,85 @@ -name: 'terraform' -# This workflow verifies that the Terraform configs are valid. -# https://learn.hashicorp.com/tutorials/terraform/automate-terraform +name: "run-pre-commit-hooks" +# This workflow runs the pre-commit hooks defined in .pre-commit-config.yaml on: - push: - branches: - - main pull_request: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: - test: - name: Test + pre-commit: runs-on: ${{ matrix.os }} env: - TF_IN_AUTOMATION: 1 - TF_VERSION: ${{ matrix.tf }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} strategy: matrix: os: [ubuntu-latest] - tf: [1.1.2] + tf: [1.5.7] + tflint: [v0.50.3] + tfsec: [v1.28.5] + shfmt: [v3.8.0] + shellcheck: [v0.10.0] + permissions: + pull-requests: write + id-token: write + contents: read steps: - - name: Checkout from Github - uses: actions/checkout@v2 - - name: Install Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ env.TF_VERSION }} - - name: Check Terraform formatting - id: fmt - run: terraform fmt - continue-on-error: true - - name: Initialize Terraform, Modules, and Plugins - id: init - run: terraform init -input=false - - name: Validate Terraform syntax - id: validate - run: terraform validate -no-color + - name: Checkout from Github + uses: actions/checkout@v4 + + - name: Install Python3 + uses: actions/setup-python@v5 + + - name: Install tflint + uses: terraform-linters/setup-tflint@v4 + with: + tflint_version: ${{ matrix.tflint }} + + - name: Cache tflint plugin dir + uses: actions/cache@v4 + with: + path: ~/.tflint.d/plugins + key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }} + + - name: Install Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ matrix.tf }} + + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + + - name: Cache Terraform + uses: actions/cache@v4 + with: + path: | + ~/.terraform.d/plugin-cache + key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} + restore-keys: | + ${{ runner.os }}-terraform- + + - name: Install tfsec + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: aquasecurity/tfsec + platform: linux + arch: amd64 + tag: ${{ matrix.tfsec }} + + - name: Install shfmt + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: mvdan/sh + platform: linux + arch: amd64 + tag: ${{ matrix.shfmt }} + extension-matching: disable + rename-to: shfmt + chmod: 0755 + + - uses: pre-commit/action@v3.0.1 \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..a6bc6ea --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,86 @@ +--- +fail_fast: false +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.88.4 + hooks: + - id: terraform_fmt + args: + - "--args=-recursive" + - id: terraform_validate + exclude: "^[^/]+$" + - id: terraform_tflint + args: + - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl" + - id: terraform_tfsec + args: + - "--args=--soft-fail" + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + # Git style + - id: check-added-large-files + - id: check-merge-conflict + - id: check-vcs-permalinks + - id: forbid-new-submodules + - id: no-commit-to-branch + args: ["--branch", "master"] + + # Common errors + - id: end-of-file-fixer + - id: trailing-whitespace + args: + - "--markdown-linebreak-ext=md" + exclude: CHANGELOG.md + - id: check-yaml + args: + - "--allow-multiple-documents" + exclude: | + (?x)^( + examples/| + \.*?.yaml$" + )$ + - id: check-json + - id: check-symlinks + - id: check-executables-have-shebangs + + # Cross platform + - id: check-case-conflict + - id: mixed-line-ending + args: + - "--fix=lf" + + # Security + - id: detect-private-key + + # Shell Script Formatter and Markdown Linter + - repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shfmt + exclude: | + (?x)^( + helpers/helper-script.sh| + scripts/template-script.sh + )$ + - id: shellcheck + args: + - "--severity=warning" + - "--source-path=SCRIPTDIR scripts/* helpers/*" + - "--shell=bash" + exclude: | + (?x)^( + helpers/helper-script.sh| + scripts/template-script.sh + )$ + - id: markdownlint + exclude: "CHANGELOG.md" + + # JSON5 and Yaml Prettyfier + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v3.1.0 + hooks: + - id: prettier + types: [json5, yaml] + exclude: "^examples/" \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 30e1376..0aadf6e 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -1,24 +1,25 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/equinix/metal" { - version = "3.2.1" - constraints = ">= 3.2.1" +provider "registry.terraform.io/equinix/equinix" { + version = "1.35.0" + constraints = ">= 1.30.0" hashes = [ - "h1:ZlFTM53deZU/b5I1CopmZEgmuhY7C8Z16Ko8/wF7E7g=", - "zh:001983330b8845ad07f1e7d8462cd2ba2f372d54523d64e382ae5bdd4fe690a5", - "zh:1ec8c9052c01acd43f10ac92998b715b693640bb1f53e4dad7b4f5b2a2b84574", - "zh:27785aec3fa7d4b1d4638a7eb36ae70d15fe457e3371365bc16a8fb1349d9649", - "zh:2a6b6cfb08a52f32e66142b21c3df72da3e66d5158a61e4fd1d56f29772b5460", - "zh:57309a5d762744588c4a9ff3592fa446e123e62bd1ec6e502671375075d35647", - "zh:636c16ef8acc57605a0dc011dc05ef00276980553b70a2b35ab09185434902f7", - "zh:6b31691a28f1e6877e5c48894acdcc463f0baa74ae254a2acf6e148971f87810", - "zh:84c82012f51f82977b27084e1d7410c020a5772645f3037c25f7e3df1a637611", - "zh:9ea35a527e95280f3440abf2670c449951c239f1ce5e8fd685e04af60b2d28ff", - "zh:a81ef5a2f29b928c23a83c86e157daa604e70c3ef9e2d49b494556103b58e9ad", - "zh:d2bc396da3a1b0110b64a305f09092136e3b10e4cdf99a4f1e013e01ffa6812d", - "zh:ed783f06adc8702ce6c171a23f918c998c89836a6fe8f4e4c7cd15b84b8708a5", - "zh:fde39924aa0de90b7d19da2dd4f561a7a8c92efb9e19ea1c319957ccd6019fdd", + "h1:E1MQ55ZeYf0CLpdOZLgkxyQK6l9X6NF3MVBDMa5Xcqk=", + "zh:13a56c9f98a3f6af82980aa534f234e74cc8170266136621739b1da99b778008", + "zh:19480be575b533b78806f91ffc0cad424de90ff4c7bc966b6028b2667b11ecc5", + "zh:206169852916ff8462468bc43a261950147887685aa1099f3f535b8bae99851e", + "zh:5e0062b018a20e88e0c79bd6381b8ff45ba309c7262ec161fe3ccd9fa6b49b23", + "zh:5fc559668c7b5e453c271ccf6a50a01cda309fb86233aeb627eb0d5224bf9195", + "zh:77200a2e04cef45c6327100c5faef5aebd18bd9a04ea90d923dd0e5d5e6f44e3", + "zh:7be58ab8016cc0265d8de5bb9e6c6793ed374c88c0df33713e160cfb69742e65", + "zh:7be65056e8c23cd45e77d49e8bc4ffa1adee5eb96f6bd5cd5422fdc3acd6527d", + "zh:872858dab91a3dde0906cac3f1616bfac2e2c151345099e94ba89ecfad5a1261", + "zh:926cbf96789d35318a84c6fe1f8721e99b6deb7705ce684a67f4c9d86b99cce0", + "zh:d2526f9b7090528c215439e9018dd2a1f14b16bc44a871eb6341ecfb6d6b1034", + "zh:d84da2bde26b352cf0f94eaf6659da32f835ac68501aac11e0746c5afd6bb68a", + "zh:f2712f7f924e7c5c8f8ff83f37c226fee2a37f633c983b921247d3814eb9addf", + "zh:fcc9dac1015b1ad439f2174d366e9346435e06ce3447bd37d8f1d4a3660b14c1", ] } @@ -26,6 +27,7 @@ provider "registry.terraform.io/hashicorp/external" { version = "2.2.0" hashes = [ "h1:V1XoXkVwM+Bg73BNtbMxScjTcty2jbRZzgSdHrYxQ+4=", + "h1:iU5OVMibHvIxbj2Dye1q3aYpjYXS3bKL9iZWZyh+xTg=", "zh:094c3cfae140fbb70fb0e272b1df833b4d7467c6c819fbf59a3e8ac0922f95b6", "zh:15c3906abbc1cd03a72afd02bda9caeeb5f6ca421292c32ddeb2acd7a3488669", "zh:388c14bceeb1593bb16cadedc8f5ad7d41d398197db049dc0871bc847aa61083", @@ -44,6 +46,7 @@ provider "registry.terraform.io/hashicorp/external" { provider "registry.terraform.io/hashicorp/local" { version = "2.1.0" hashes = [ + "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=", "h1:KfieWtVyGWwplSoLIB5usKAUnrIkDQBkWaR5TI+4WYg=", "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2", "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab", @@ -62,6 +65,7 @@ provider "registry.terraform.io/hashicorp/local" { provider "registry.terraform.io/hashicorp/null" { version = "3.1.0" hashes = [ + "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=", "h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=", "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2", "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515", @@ -77,27 +81,11 @@ provider "registry.terraform.io/hashicorp/null" { ] } -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - hashes = [ - "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", - ] -} - provider "registry.terraform.io/hashicorp/tls" { version = "3.1.0" hashes = [ "h1:XTU9f6sGMZHOT8r/+LWCz2BZOPH127FBTPjMMEAAu1U=", + "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=", "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6", "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2", "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e", diff --git a/OWNERS.md b/OWNERS.md index e4aa454..93f0419 100644 --- a/OWNERS.md +++ b/OWNERS.md @@ -1,7 +1,3 @@ # Owners -This project is governed by [Packet](https://packet.com) and benefits from a community of users that collaborate and contribute to its use in Kubernetes on Packet. - -Members of the Packet Github organization will strive to triage issues in a timely manner, see [SUPPORT.md](SUPPORT.md) for details. - -See the [packethost/standards glossary](https://github.com/packethost/standards/blob/master/glossary.md#ownersmd) for more details about this file. +This project is governed by [Equinix](https://deploy.equinix.com) and benefits from a community of users that collaborate and contribute to its use in Kubernetes on Equinix. diff --git a/README.md b/README.md index ce39ae6..f4a8514 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![](https://img.shields.io/badge/Stability-Experimental-red.svg) -This repository is [Experimental](https://github.com/packethost/standards/blob/master/experimental-statement.md) meaning that it's based on untested ideas or techniques and not yet established or finalized or involves a radically new and innovative style! This means that support is best effort (at best!) and we strongly encourage you to NOT use this in production. +This repository is [Experimental](https://github.com/equinix-labs/equinix-labs/blob/main/experimental-statement.md) meaning that it's based on untested ideas or techniques and not yet established or finalized or involves a radically new and innovative style! This means that support is best effort (at best!) and we strongly encourage you to NOT use this in production. Kubernetes on Equinix Metal ==================== @@ -311,7 +311,7 @@ EOF We will also need Calico to peer with each of our servers ToR Router which requires a per node config. You can get BGP peer info directly from the API: ``` -https://api.packet.net/devices/${INSTANCE_UUID}/bgp/neighbors +https://api.equinix.com/metal/v1/devices/${INSTANCE_UUID}/bgp/neighbors ``` Setup the BGP peers for each worker node. diff --git a/calico.tf b/calico.tf index 73c1367..5ce00d6 100644 --- a/calico.tf +++ b/calico.tf @@ -2,7 +2,7 @@ resource "null_resource" "setup_calico" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } @@ -17,5 +17,5 @@ resource "null_resource" "setup_calico" { ] } - depends_on = [metal_device.k8s_controller] + depends_on = [equinix_metal_device.k8s_controller] } diff --git a/controller.tf b/controller.tf index 871992e..ebb945e 100644 --- a/controller.tf +++ b/controller.tf @@ -3,8 +3,8 @@ variable "hostname" { } // Setup the kubernetes controller node -resource "metal_device" "k8s_controller" { - project_id = metal_project.kubenet.id +resource "equinix_metal_device" "k8s_controller" { + project_id = equinix_metal_project.kubenet.id metro = var.metro plan = var.controller_plan operating_system = var.metal_os @@ -15,7 +15,7 @@ resource "metal_device" "k8s_controller" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } @@ -25,17 +25,30 @@ resource "metal_device" "k8s_controller" { } provisioner "file" { - content = data.template_file.install_docker.rendered + content = templatefile("${path.module}/templates/install-docker.sh.tpl", { + docker_version = var.docker_version + }) destination = "/tmp/install-docker.sh" } provisioner "file" { - content = data.template_file.install_kubernetes.rendered + content = templatefile("${path.module}/templates/setup-kube.sh.tpl", { + kubernetes_version = var.kubernetes_version + kubernetes_apt_release = var.kubernetes_apt_release + }) destination = "/tmp/setup-kube.sh" } + provisioner "file" { - content = data.template_file.setup_kubeadm.rendered + content = templatefile("${path.module}/templates/setup-kubeadm.sh.tpl", { + kubernetes_version = var.kubernetes_version + kubernetes_port = var.kubernetes_port + kubernetes_dns_ip = var.kubernetes_dns_ip + kubernetes_dns_domain = var.kubernetes_dns_domain + kubernetes_cluster_cidr = var.kubernetes_cluster_cidr + kubernetes_service_cidr = var.kubernetes_service_cidr + }) destination = "/tmp/setup-kubeadm.sh" } @@ -60,22 +73,9 @@ data "external" "kubeadm_join" { program = ["${path.module}/scripts/kubeadm-token.sh"] query = { - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 } # Make sure to only run this after the controller is up and setup - depends_on = [metal_device.k8s_controller] -} - -data "template_file" "setup_kubeadm" { - template = file("${path.module}/templates/setup-kubeadm.sh.tpl") - - vars = { - kubernetes_version = var.kubernetes_version - kubernetes_port = var.kubernetes_port - kubernetes_dns_ip = var.kubernetes_dns_ip - kubernetes_dns_domain = var.kubernetes_dns_domain - kubernetes_cluster_cidr = var.kubernetes_cluster_cidr - kubernetes_service_cidr = var.kubernetes_service_cidr - } + depends_on = [equinix_metal_device.k8s_controller] } diff --git a/main.tf b/main.tf index f24bd26..c2a072e 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,8 @@ -provider "metal" { +provider "equinix" { auth_token = var.auth_token } -resource "metal_project" "kubenet" { +resource "equinix_metal_project" "kubenet" { organization_id = var.organization_id name = var.project_name @@ -13,25 +13,9 @@ resource "metal_project" "kubenet" { } } -resource "metal_ssh_key" "k8s-cluster-key" { +resource "equinix_metal_ssh_key" "k8s-cluster-key" { name = "k8s-bgp-cluster-access-key" public_key = tls_private_key.k8s_cluster_access_key.public_key_openssh } -// General template used to install docker on Ubuntu 16.04 -data "template_file" "install_docker" { - template = file("${path.module}/templates/install-docker.sh.tpl") - vars = { - docker_version = var.docker_version - } -} - -data "template_file" "install_kubernetes" { - template = file("${path.module}/templates/setup-kube.sh.tpl") - - vars = { - kubernetes_version = var.kubernetes_version - kubernetes_apt_release = var.kubernetes_apt_release - } -} diff --git a/metallb.tf b/metallb.tf index 50df665..c5bf1ba 100644 --- a/metallb.tf +++ b/metallb.tf @@ -1,14 +1,14 @@ # Get some public IPs to use for our load balancer -resource "metal_reserved_ip_block" "load_balancer_ips" { - project_id = metal_project.kubenet.id +resource "equinix_metal_reserved_ip_block" "load_balancer_ips" { + project_id = equinix_metal_project.kubenet.id metro = var.metro quantity = 2 } # Enable BGP on each worker node -resource "metal_bgp_session" "kube_bgp" { +resource "equinix_metal_bgp_session" "kube_bgp" { count = var.worker_count - device_id = metal_device.k8s_workers.*.id[count.index] + device_id = equinix_metal_device.k8s_workers.*.id[count.index] address_family = "ipv4" } @@ -17,12 +17,14 @@ resource "null_resource" "setup_calico_metallb" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } provisioner "file" { - content = data.template_file.calico_metallb.rendered + content = templatefile("${path.module}/templates/calico-metallb.yaml.tpl", { + cidr = equinix_metal_reserved_ip_block.load_balancer_ips.cidr_notation + }) destination = "/tmp/calico/metallb.yaml" } @@ -40,12 +42,14 @@ resource "null_resource" "setup_metallb" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } provisioner "file" { - content = data.template_file.metallb_config.rendered + content = templatefile("${path.module}/templates/metallb-config.yaml.tpl", { + cidr = equinix_metal_reserved_ip_block.load_balancer_ips.cidr_notation + }) destination = "/tmp/metallb-config.yaml" } @@ -68,7 +72,7 @@ resource "null_resource" "calico_node_peers" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } @@ -80,25 +84,9 @@ resource "null_resource" "calico_node_peers" { provisioner "remote-exec" { inline = [ "chmod +x /tmp/calico/bgppeer-${count.index}.sh", - "/tmp/calico/bgppeer-${count.index}.sh ${var.auth_token} ${element(metal_device.k8s_workers.*.id, count.index)} ${element(metal_device.k8s_workers.*.hostname, count.index)}", + "/tmp/calico/bgppeer-${count.index}.sh ${var.auth_token} ${element(equinix_metal_device.k8s_workers.*.id, count.index)} ${element(equinix_metal_device.k8s_workers.*.hostname, count.index)}", ] } depends_on = [null_resource.setup_calico_metallb] } - -data "template_file" "calico_metallb" { - template = file("${path.module}/templates/calico-metallb.yaml.tpl") - - vars = { - cidr = metal_reserved_ip_block.load_balancer_ips.cidr_notation - } -} - -data "template_file" "metallb_config" { - template = file("${path.module}/templates/metallb-config.yaml.tpl") - - vars = { - cidr = metal_reserved_ip_block.load_balancer_ips.cidr_notation - } -} diff --git a/nodes.tf b/nodes.tf index c031b15..34d1add 100644 --- a/nodes.tf +++ b/nodes.tf @@ -1,5 +1,5 @@ -resource "metal_device" "k8s_workers" { - project_id = metal_project.kubenet.id +resource "equinix_metal_device" "k8s_workers" { + project_id = equinix_metal_project.kubenet.id metro = var.metro count = var.worker_count plan = var.worker_plan @@ -9,14 +9,14 @@ resource "metal_device" "k8s_workers" { tags = ["kubernetes", "k8s", "worker"] } -# Using a null_resource so the metal_device doesn't not have to wait to be initially provisioned +# Using a null_resource so the equinix_metal_device doesn't not have to wait to be initially provisioned resource "null_resource" "setup_worker" { count = var.worker_count connection { type = "ssh" user = "root" - host = element(metal_device.k8s_workers.*.access_public_ipv4, count.index) + host = element(equinix_metal_device.k8s_workers.*.access_public_ipv4, count.index) private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } @@ -26,12 +26,17 @@ resource "null_resource" "setup_worker" { } provisioner "file" { - content = data.template_file.install_docker.rendered + content = templatefile("${path.module}/templates/install-docker.sh.tpl", { + docker_version = var.docker_version + }) destination = "/tmp/install-docker.sh" } provisioner "file" { - content = data.template_file.install_kubernetes.rendered + content = templatefile("${path.module}/templates/setup-kube.sh.tpl", { + kubernetes_version = var.kubernetes_version + kubernetes_apt_release = var.kubernetes_apt_release + }) destination = "/tmp/setup-kube.sh" } @@ -70,7 +75,7 @@ resource "null_resource" "setup_worker" { connection { type = "ssh" user = "root" - host = metal_device.k8s_controller.access_public_ipv4 + host = equinix_metal_device.k8s_controller.access_public_ipv4 private_key = tls_private_key.k8s_cluster_access_key.private_key_pem } } @@ -82,6 +87,6 @@ data "external" "private_ipv4_gateway" { program = ["${path.module}/scripts/gateway.sh"] query = { - host = element(metal_device.k8s_workers.*.access_public_ipv4, count.index) + host = element(equinix_metal_device.k8s_workers.*.access_public_ipv4, count.index) } } diff --git a/outputs.tf b/outputs.tf index c2c80d1..8eba9ff 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,5 @@ output "master_address" { - value = [metal_device.k8s_controller.access_public_ipv4] + value = [equinix_metal_device.k8s_controller.access_public_ipv4] } output "kubeadm_join_command" { @@ -7,9 +7,9 @@ output "kubeadm_join_command" { } output "worker_addresses" { - value = metal_device.k8s_workers.*.access_public_ipv4 + value = equinix_metal_device.k8s_workers.*.access_public_ipv4 } output "load_balancer_ips" { - value = [metal_reserved_ip_block.load_balancer_ips.cidr_notation] + value = [equinix_metal_reserved_ip_block.load_balancer_ips.cidr_notation] } diff --git a/versions.tf b/versions.tf index 40a0d40..74d80f1 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,13 @@ terraform { + provider_meta "equinix" { + module_name = "metal-kubernetes-bgp" + } + required_providers { - metal = { - source = "equinix/metal" - version = ">= 3.2.1" + equinix = { + source = "equinix/equinix" + version = ">= 1.30" } } - required_version = ">= 0.14" + required_version = ">= 1.0" }