-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Equinix #194
Merged
Merged
Equinix #194
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
johnalotoski
force-pushed
the
equinix
branch
4 times, most recently
from
October 19, 2022 16:01
66e3417
to
2811d31
Compare
johnalotoski
force-pushed
the
equinix
branch
2 times, most recently
from
November 14, 2022 23:45
96151bf
to
e9f5200
Compare
johnalotoski
force-pushed
the
equinix
branch
from
November 20, 2022 20:54
4764ad1
to
37b8e60
Compare
johnalotoski
force-pushed
the
equinix
branch
2 times, most recently
from
December 1, 2022 19:45
6ebb7fc
to
26e1df3
Compare
dermetfan
force-pushed
the
equinix
branch
5 times, most recently
from
December 21, 2022 11:11
05bef06
to
b2c4968
Compare
johnalotoski
force-pushed
the
equinix
branch
2 times, most recently
from
January 18, 2023 17:59
c41a3e9
to
d99fdae
Compare
manveru
approved these changes
Jan 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improvements
Nomad is bumped to v1.4.3 -- see release notes here
Adds capability for an "AWS Extended" (awsExt) cluster -- so that the bitte cluster can add, as a first type, Equinix bare metal machines.
This PR provides TF Equinix integration and AWS extended machine cluster integration with Equinix bare metal resources.
Network communication between the two cloud networks for a unified cloud network would happen via a network overlay such as Ziti, wireguard, etc, which is outside the scope of this PR.
For clusters not interested in using this feature, this PR should have no impact on operations and no special migration is required (other than the Nomad version bump, notes below).
Migration
The bump to Nomad 1.4.3 in this PR will require a metal deployment to all bitte machines to update the Nomad version. See Nomad upgrade docs for further details.
If utilizing an AWS extended cluster type for bare metal provider integration from Equinix is not desired, no further migration is required.
Utilizing an AWS Extended cluster type
For those bitte clusters which are "aws" clusterType and wish to utilize additional Equinix prem machines in their bitte cluster, the following is an outline of migration steps:
Ensure that upon updating your cluster's bitte pin to this PRs' commit, that all migration steps from previous PRs have been completed successfully.
Make sure that all TF workspaces are up to date and applied and there is no diff remaining. This is because changing from "aws" to "awsExt" cluster type will cause a number of TF changes in the next plan/apply cycle and separating them from any diff which may already exist that you don't want applied will be tedious.
Modify the cluster type to "awsExt" for AWS extended. The declaration is typically found in
nix/metal/bitteProfile/default.nix
:Run
nix run .#clusters.$CLUSTER.tf.equinix.plan
and requirements for equinix TF resources will be printed; read them.Setup a sops encrypted equinix project json file per the requirement instructions seen above:
$relEncryptedFolder/equinix.json
with decrypted form of:secrets/equinix-secret.sh
which is NOT git committed and contains the project Equinix API metal tokenTF plan apply the core workspace for new and modified IAM resources
bitte deploy core-1
in order to execute a vault-setup systemd service modification to thebound_iam_principal_arn
of theauth/aws/role/$CLUSTER-client
roleVerify with an admin vault token that an
awsExt-bitte-system
bound principal now shows for the cluster:Declare equinix resources
Run a TF equinix workspace plan apply
Apply network overlays as needed
Testing