ppc64le-cloud · prabhav-thali · Dec 31, 2024
diff --git a/data/unpack.go b/data/unpack.go
@@ -9,7 +9,7 @@ import (
 )
 
 var (
-	//go:embed k8s-ansible powervs config.tf
+	//go:embed k8s-ansible powervs vpc config.tf
 	dir embed.FS
 )
 

diff --git a/data/vpc/config.tf b/data/vpc/config.tf
@@ -0,0 +1 @@
+../config.tf
diff --git a/data/vpc/main.tf b/data/vpc/main.tf
@@ -0,0 +1,97 @@
+data "ibm_is_vpc" "vpc" {
+  count = var.vpc_name == "" ? 0 : 1
+  name  = var.vpc_name
+}
+
+data "ibm_is_subnet" "subnet" {
+  count = var.vpc_subnet_name == "" ? 0 : 1
+  name  = var.vpc_subnet_name
+}
+
+data "ibm_resource_group" "default_group" {
+  name = var.vpc_resource_group
+}
+
+module "vpc" {
+  # Create new vpc and subnet only if vpc_name is not set
+  count        = var.vpc_name == "" ? 1 : 0
+  source       = "./vpc"
+  cluster_name = var.cluster_name
+  zone         = var.vpc_zone
+  resource_group = data.ibm_resource_group.default_group.id
+}
+
+locals {
+  vpc_id            = var.vpc_name == "" ? module.vpc[0].vpc_id : data.ibm_is_vpc.vpc[0].id
+  subnet_id         = var.vpc_name == "" ? module.vpc[0].subnet_id : data.ibm_is_subnet.subnet[0].id
+  security_group_id = var.vpc_name == "" ? module.vpc[0].security_group_id : data.ibm_is_vpc.vpc[0].default_security_group
+}
+
+data "ibm_is_image" "node_image" {
+  name = var.node_image
+}
+
+data "ibm_is_ssh_key" "ssh_key" {
+  name       = var.vpc_ssh_key
+}
+
+resource "ibm_is_instance_template" "node_template" {
+  name    = "${var.cluster_name}-node-template"
+  image   = data.ibm_is_image.node_image.id
+  profile = var.node_profile
+  vpc     = local.vpc_id
+  zone    = var.vpc_zone
+  resource_group = data.ibm_resource_group.default_group.id
+  keys    = [data.ibm_is_ssh_key.ssh_key.id]
+
+  primary_network_interface {
+    subnet          = local.subnet_id
+    security_groups = [local.security_group_id]
+  }
+}
+
+module "master" {
+  source                    = "./node"
+  node_name                 = "${var.cluster_name}-master"
+  node_instance_template_id = ibm_is_instance_template.node_template.id
+  resource_group = data.ibm_resource_group.default_group.id
+}
+
+module "workers" {
+  source                    = "./node"
+  count                     = var.workers_count
+  node_name                 = "${var.cluster_name}-worker-${count.index}"
+  node_instance_template_id = ibm_is_instance_template.node_template.id
+  resource_group = data.ibm_resource_group.default_group.id
+}
+
+resource "null_resource" "wait-for-master-completes" {
+  connection {
+    type = "ssh"
+    user = "root"
+    host = module.master.public_ip
+    private_key = file(var.ssh_private_key)
+    timeout = "20m"
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "cloud-init status -w"
+    ]
+  }
+}
+
+resource "null_resource" "wait-for-workers-completes" {
+  count = var.workers_count
+  connection {
+    type = "ssh"
+    user = "root"
+    host = module.workers[count.index].public_ip
+    private_key = file(var.ssh_private_key)
+    timeout = "15m"
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "cloud-init status -w"
+    ]
+  }
+}
diff --git a/data/vpc/node/main.tf b/data/vpc/node/main.tf
@@ -0,0 +1,10 @@
+resource "ibm_is_instance" "node" {
+  name              = var.node_name
+  instance_template = var.node_instance_template_id
+}
+
+resource "ibm_is_floating_ip" "node" {
+  name   = "${var.node_name}-ip"
+  target = ibm_is_instance.node.primary_network_interface[0].id
+  resource_group = "${var.resource_group}"
+}
diff --git a/data/vpc/node/outputs.tf b/data/vpc/node/outputs.tf
@@ -0,0 +1,6 @@
+output "public_ip" {
+  value = ibm_is_floating_ip.node.address
+}
+output "private_ip" {
+  value = ibm_is_instance.node.primary_network_interface.0.primary_ip.0.address
+}
diff --git a/data/vpc/node/provider.tf b/data/vpc/node/provider.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      version = "~> 1.50.0"
+    }
+  }
+}
diff --git a/data/vpc/node/variables.tf b/data/vpc/node/variables.tf
@@ -0,0 +1,3 @@
+variable "node_instance_template_id" {}
+variable "node_name" {}
+variable "resource_group" {}
diff --git a/data/vpc/outputs.tf b/data/vpc/outputs.tf
@@ -0,0 +1,26 @@
+output "vpc_id" { value = local.vpc_id }
+output "ssh_key_id" { value = data.ibm_is_ssh_key.ssh_key.id }
+output "subnet_id" { value = local.subnet_id }
+output "security_group_id" { value = local.security_group_id }
+output "region" { value = var.vpc_region }
+output "zone" { value = var.vpc_zone }
+output "resource_group_id" { value = data.ibm_resource_group.default_group.id }
+output "masters" {
+  value = module.master[*].public_ip
+  description = "k8s master node IP addresses"
+}
+
+output "workers" {
+  value = module.workers[*].public_ip
+  description = "k8s worker node IP addresses"
+}
+
+output "masters_private" {
+  value = module.master[*].private_ip
+  description = "k8s master nodes private IP addresses"
+}
+
+output "workers_private" {
+  value = module.workers[*].private_ip
+  description = "k8s worker nodes private IP addresses"
+}
diff --git a/data/vpc/provider.tf b/data/vpc/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      version = "~> 1.50.0"
+    }
+  }
+}
+
+provider "ibm" {
+  ibmcloud_api_key = var.vpc_api_key
+  region           = var.vpc_region
+}
diff --git a/data/vpc/variables.tf b/data/vpc/variables.tf
@@ -0,0 +1,37 @@
+variable "vpc_api_key" {
+  sensitive = true
+}
+
+variable "vpc_resource_group" {
+  default = "default"
+}
+
+variable "vpc_ssh_key" {}
+
+variable "vpc_name" {
+  type        = string
+  description = "(optional) Specify existing VPC name. If none is provided, it will create a new VPC named {cluster_name}-vpc"
+  default     = ""
+}
+
+variable "vpc_subnet_name" {
+  type        = string
+  description = "(optional) Specify existing subnet name. If none is provided, it will create a new subnet named {cluster_name}-subnet. This must be provided if vpc_name has been set"
+  default     = ""
+}
+
+variable "node_image" {
+  default = "ibm-ubuntu-22-04-2-minimal-s390x-1"
+}
+
+variable "node_profile" {
+  default = "bz2-2x8"
+}
+
+variable "vpc_region" {
+  default = "eu-de"
+}
+
+variable "vpc_zone" {
+  default = "eu-de-1"
+}
diff --git a/data/vpc/vpc/main.tf b/data/vpc/vpc/main.tf
@@ -0,0 +1,86 @@
+resource "ibm_is_vpc" "vpc" {
+  name                        = "${var.cluster_name}-vpc"
+  default_security_group_name = "${var.cluster_name}-security-group"
+  resource_group = "${var.resource_group}"
+}
+
+resource "ibm_is_floating_ip" "gateway" {
+  name = "${var.cluster_name}-gateway-ip"
+  zone = var.zone
+  resource_group = "${var.resource_group}"
+}
+
+resource "ibm_is_public_gateway" "gateway" {
+  name = "${var.cluster_name}-gateway"
+  vpc  = ibm_is_vpc.vpc.id
+  zone = var.zone
+  resource_group = "${var.resource_group}"
+  floating_ip = {
+    id = ibm_is_floating_ip.gateway.id
+  }
+}
+
+resource "ibm_is_subnet" "primary" {
+  name                     = "${var.cluster_name}-subnet"
+  vpc                      = ibm_is_vpc.vpc.id
+  zone                     = var.zone
+  resource_group           = "${var.resource_group}"
+  total_ipv4_address_count = 256
+  public_gateway           = ibm_is_public_gateway.gateway.id
+}
+
+resource "ibm_is_security_group_rule" "primary_outbound" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "outbound"
+  remote    = "0.0.0.0/0"
+}
+
+resource "ibm_is_security_group_rule" "primary_inbound" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "inbound"
+  remote    = ibm_is_vpc.vpc.default_security_group
+}
+
+resource "ibm_is_security_group_rule" "primary_ssh" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "inbound"
+  remote    = "0.0.0.0/0"
+
+  tcp {
+    port_min = 22
+    port_max = 22
+  }
+}
+
+resource "ibm_is_security_group_rule" "primary_k8s" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "inbound"
+  remote    = "0.0.0.0/0"
+
+  tcp {
+    port_min = 80
+    port_max = 80
+  }
+}
+
+resource "ibm_is_security_group_rule" "primary_ping" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "inbound"
+  remote    = "0.0.0.0/0"
+
+  icmp {
+    code = 0
+    type = 8
+  }
+}
+
+resource "ibm_is_security_group_rule" "primary_api_server" {
+  group     = ibm_is_vpc.vpc.default_security_group
+  direction = "inbound"
+  remote    = "0.0.0.0/0"
+
+  tcp {
+    port_min = 992
+    port_max = 992
+  }
+}
diff --git a/data/vpc/vpc/outputs.tf b/data/vpc/vpc/outputs.tf
@@ -0,0 +1,11 @@
+output "vpc_id" {
+  value = ibm_is_vpc.vpc.id
+}
+
+output "subnet_id" {
+  value = ibm_is_subnet.primary.id
+}
+
+output "security_group_id" {
+  value = ibm_is_vpc.vpc.default_security_group
+}
diff --git a/data/vpc/vpc/provider.tf b/data/vpc/vpc/provider.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      version = "~> 1.50.0"
+    }
+  }
+}
diff --git a/data/vpc/vpc/variables.tf b/data/vpc/vpc/variables.tf
@@ -0,0 +1,3 @@
+variable "cluster_name" {}
+variable "zone" {}
+variable "resource_group" {}
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ import ( @@
     )
     var (
-    	//go:embed k8s-ansible powervs config.tf
+    	//go:embed k8s-ansible powervs vpc config.tf
     	dir embed.FS
     )
@@ Expand Down @@