Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added rancher-proxy package, proxy changes for custom clusters and rke2 packages #68

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/aws/rancher-custom-cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,8 @@ templates:
- rancher-custom-cluster
variables:
airgap_setup:
- false
- true
proxy_setup:
- false
- true
21 changes: 21 additions & 0 deletions packages/aws/rancher-proxy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
manifest:
name: rancher-proxy
description: rancher-proxy
variables:
server_count:
default: 1
templates:
- aws/registry_nodes
- aws/cluster_nodes
- proxy-standalone
- rke2
- rancher-proxy
variables:
cni:
- calico
proxy_setup:
- true
docker_compose_version:
- 2.15.1
cert_manager_version:
- 1.15.0
4 changes: 4 additions & 0 deletions templates/aws/cluster_nodes/manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ variables:
type: boolean
description: "Boolean that when set, will create rke setup rather regular cluster nodes."
default: false
proxy_setup:
type: boolean
description: "Boolean that when set, will create proxied nodes rather regular cluster nodes."
default: false
instance_type:
type: string
optional: false
Expand Down
1 change: 1 addition & 0 deletions templates/aws/cluster_nodes/terraform/pools/corral.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ variable "server_count" {}
variable "agent_count" {}
variable "airgap_setup" {}
variable "rke_setup" {}
variable "proxy_setup" {}
64 changes: 32 additions & 32 deletions templates/aws/cluster_nodes/terraform/pools/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "aws_instance" "server" {
key_name = aws_key_pair.corral_key.key_name
vpc_security_group_ids = [var.aws_security_group]
subnet_id = var.aws_subnet
associate_public_ip_address = var.airgap_setup ? false : true
associate_public_ip_address = var.airgap_setup || var.proxy_setup ? false : true

ebs_block_device {
device_name = "/dev/sda1"
Expand All @@ -47,7 +47,7 @@ resource "aws_instance" "server" {
}

provisioner "remote-exec" {
inline = var.airgap_setup || var.rke_setup ? [
inline = var.airgap_setup || var.rke_setup || var.proxy_setup ? [
"sudo su <<EOF",
"echo \"${var.corral_public_key} ${self.key_name}\" > /root/.ssh/authorized_keys",
"echo \"${var.corral_private_key}\"",
Expand All @@ -62,12 +62,12 @@ resource "aws_instance" "server" {
}
connection {
type = "ssh"
host = var.airgap_setup ? self.private_ip : self.public_ip
host = var.airgap_setup || var.proxy_setup ? self.private_ip : self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
bastion_host = var.airgap_setup ? var.registry_ip : null
bastion_user = var.airgap_setup ? var.aws_ssh_user : null
bastion_host = var.airgap_setup || var.proxy_setup ? var.registry_ip : null
bastion_user = var.airgap_setup || var.proxy_setup ? var.aws_ssh_user : null
}

tags = {
Expand All @@ -82,7 +82,7 @@ resource "aws_instance" "agent" {
key_name = aws_key_pair.corral_key.key_name
vpc_security_group_ids = [var.aws_security_group]
subnet_id = var.aws_subnet
associate_public_ip_address = var.airgap_setup ? false : true
associate_public_ip_address = var.airgap_setup || var.proxy_setup ? false : true

ebs_block_device {
device_name = "/dev/sda1"
Expand All @@ -93,7 +93,7 @@ resource "aws_instance" "agent" {
}

provisioner "remote-exec" {
inline = var.airgap_setup ? [
inline = var.airgap_setup || var.proxy_setup ? [
"sudo su <<EOF",
"echo \"${var.corral_public_key} ${self.key_name}\" > /root/.ssh/authorized_keys",
"echo \"${var.corral_private_key}\"",
Expand All @@ -108,12 +108,12 @@ resource "aws_instance" "agent" {
}
connection {
type = "ssh"
host = var.airgap_setup ? self.private_ip : self.public_ip
host = var.airgap_setup || var.proxy_setup ? self.private_ip : self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
bastion_host = var.airgap_setup ? var.registry_ip : null
bastion_user = var.airgap_setup ? var.aws_ssh_user : null
bastion_host = var.airgap_setup || var.proxy_setup ? var.registry_ip : null
bastion_user = var.airgap_setup || var.proxy_setup ? var.aws_ssh_user : null
}

tags = {
Expand Down Expand Up @@ -150,91 +150,91 @@ resource "aws_lb_target_group_attachment" "aws_tg_attachment_6443_server" {
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_80_server" {
count = var.airgap_setup ? var.server_count : 0
count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_80[0].arn
target_id = aws_instance.server[count.index].id
port = 80
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_443_server" {
count = var.airgap_setup ? var.server_count : 0
count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_443[0].arn
target_id = aws_instance.server[count.index].id
port = 443
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_6443_server" {
count = var.airgap_setup ? var.server_count : 0
count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_6443[0].arn
target_id = aws_instance.server[count.index].id
port = 6443
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_9345_server" {
count = var.airgap_setup ? var.server_count : 0
count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_9345[0].arn
target_id = aws_instance.server[count.index].id
port = 9345
}

resource "aws_lb_target_group_attachment" "aws_tg_attachment_80" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_tg_80.arn
target_id = aws_instance.agent[count.index].id
port = 80
}

resource "aws_lb_target_group_attachment" "aws_tg_attachment_443" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_tg_443.arn
target_id = aws_instance.agent[count.index].id
port = 443
}

resource "aws_lb_target_group_attachment" "aws_tg_attachment_6443" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_tg_6443.arn
target_id = aws_instance.agent[count.index].id
port = 6443
}

resource "aws_lb_target_group_attachment" "aws_tg_attachment_9345" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_tg_9345.arn
target_id = aws_instance.agent[count.index].id
port = 9345
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_80" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_80[0].arn
target_id = aws_instance.agent[count.index].id
port = 80
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_443" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_443[0].arn
target_id = aws_instance.agent[count.index].id
port = 443
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_6443" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_6443[0].arn
target_id = aws_instance.agent[count.index].id
port = 6443
}

resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_9345" {
count = var.airgap_setup ? var.agent_count : 0
count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
target_group_arn = aws_lb_target_group.aws_internal_tg_9345[0].arn
target_id = aws_instance.agent[count.index].id
port = 9345
}

resource "aws_lb" "aws_internal_nlb" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
internal = true
load_balancer_type = "network"
subnets = [var.aws_subnet]
Expand Down Expand Up @@ -317,7 +317,7 @@ resource "aws_lb_target_group" "aws_tg_9345" {
}

resource "aws_lb_target_group" "aws_internal_tg_80" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
port = 80
protocol = "TCP"
vpc_id = var.aws_vpc
Expand All @@ -335,7 +335,7 @@ resource "aws_lb_target_group" "aws_internal_tg_80" {
}

resource "aws_lb_target_group" "aws_internal_tg_443" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
port = 443
protocol = "TCP"
vpc_id = var.aws_vpc
Expand All @@ -353,7 +353,7 @@ resource "aws_lb_target_group" "aws_internal_tg_443" {
}

resource "aws_lb_target_group" "aws_internal_tg_6443" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
port = 6443
protocol = "TCP"
vpc_id = var.aws_vpc
Expand All @@ -371,7 +371,7 @@ resource "aws_lb_target_group" "aws_internal_tg_6443" {
}

resource "aws_lb_target_group" "aws_internal_tg_9345" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
port = 9345
protocol = "TCP"
vpc_id = var.aws_vpc
Expand Down Expand Up @@ -429,7 +429,7 @@ resource "aws_lb_listener" "aws_nlb_listener_9345" {
}

resource "aws_lb_listener" "aws_internal_nlb_listener_80" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
port = "80"
protocol = "TCP"
Expand All @@ -440,7 +440,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_80" {
}

resource "aws_lb_listener" "aws_internal_nlb_listener_443" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
port = "443"
protocol = "TCP"
Expand All @@ -451,7 +451,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_443" {
}

resource "aws_lb_listener" "aws_internal_nlb_listener_6443" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
port = "6443"
protocol = "TCP"
Expand All @@ -462,7 +462,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_6443" {
}

resource "aws_lb_listener" "aws_internal_nlb_listener_9345" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
port = "9345"
protocol = "TCP"
Expand All @@ -481,7 +481,7 @@ resource "aws_route53_record" "aws_route53" {
}

resource "aws_route53_record" "aws_route53_internal" {
count = var.airgap_setup ? 1 : 0
count = var.airgap_setup || var.proxy_setup ? 1 : 0
zone_id = data.aws_route53_zone.selected.zone_id
name = "${var.aws_hostname_prefix}-internal"
type = "CNAME"
Expand Down
18 changes: 11 additions & 7 deletions templates/aws/cluster_nodes/terraform/pools/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,38 +7,42 @@ output "internal_fqdn" {
}

output "kube_api_host" {
value = var.airgap_setup ? aws_instance.server[0].private_ip : aws_instance.server[0].public_ip
value = var.airgap_setup || var.proxy_setup ? aws_instance.server[0].private_ip : aws_instance.server[0].public_ip
}

output "airgap_setup" {
value = var.airgap_setup
}

output "proxy_setup" {
value = var.proxy_setup
}

output "corral_node_pools" {
value = {
bastion = [for instance in [aws_instance.server[0]] : {
name = instance.tags.Name // unique name of node
user = "root" // ssh username
ssh_user = var.aws_ssh_user
address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
internal_address = instance.private_ip
bastion_address = var.airgap_setup ? var.registry_ip : ""
bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
}]
server = [for instance in slice(aws_instance.server, 1, var.server_count) : {
name = instance.tags.Name // unique name of node
user = "root" // ssh username
ssh_user = var.aws_ssh_user
address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
internal_address = instance.private_ip
bastion_address = var.airgap_setup ? var.registry_ip : ""
bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
}]
agent = [for instance in aws_instance.agent : {
name = instance.tags.Name // unique name of node
user = "root" // ssh username
ssh_user = var.aws_ssh_user
address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
internal_address= instance.private_ip
bastion_address = var.airgap_setup ? var.registry_ip : ""
bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
}]
}
}
8 changes: 8 additions & 0 deletions templates/aws/nodes/manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,18 @@ variables:
type: string
optional: true
description: "Public IP address of the bastion node"
bastion_private_ip:
type: string
optional: true
description: "Private IP address of the bastion node"
airgap_setup:
type: boolean
default: false
description: "Boolean that when set, will create airgap nodes rather regular cluster nodes."
proxy_setup:
type: boolean
default: false
description: "Boolean that when set, will create proxied nodes rather regular cluster nodes."
commands:
- module: pools
- command: "echo \"$CORRAL_corral_user_public_key\" >> /$(whoami)/.ssh/authorized_keys"
Expand Down
2 changes: 2 additions & 0 deletions templates/aws/nodes/terraform/pools/corral.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,5 @@ variable "instance_type" {}
variable "node_count" {}
variable "airgap_setup" {}
variable "bastion_ip" {}
variable "bastion_private_ip" {}
variable "proxy_setup" {}
Loading