forked from petervansickel/terraform-icp-ibmcloud
-
Notifications
You must be signed in to change notification settings - Fork 2
/
icp-deploy.tf
128 lines (105 loc) · 6.11 KB
/
icp-deploy.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
##################################
### Deploy ICP to cluster
##################################
module "icpprovision" {
source = "github.com/ibm-cloud-architecture/terraform-module-icp-deploy.git?ref=3.1.1"
# Provide IP addresses for boot, master, mgmt, va, proxy and workers
boot-node = "${ibm_compute_vm_instance.icp-boot.ipv4_address_private}"
bastion_host = "${var.private_network_only ? ibm_compute_vm_instance.icp-boot.ipv4_address_private : ibm_compute_vm_instance.icp-boot.ipv4_address}"
icp-host-groups = {
master = ["${ibm_compute_vm_instance.icp-master.*.ipv4_address_private}"]
proxy = "${slice(concat(ibm_compute_vm_instance.icp-proxy.*.ipv4_address_private,
ibm_compute_vm_instance.icp-master.*.ipv4_address_private),
var.proxy["nodes"] > 0 ? 0 : length(ibm_compute_vm_instance.icp-proxy.*.ipv4_address_private),
var.proxy["nodes"] > 0 ? length(ibm_compute_vm_instance.icp-proxy.*.ipv4_address_private) :
length(ibm_compute_vm_instance.icp-proxy.*.ipv4_address_private) +
length(ibm_compute_vm_instance.icp-master.*.ipv4_address_private))}"
worker = ["${ibm_compute_vm_instance.icp-worker.*.ipv4_address_private}"]
// make the master nodes managements nodes if we don't have any specified
management = "${slice(concat(ibm_compute_vm_instance.icp-mgmt.*.ipv4_address_private,
ibm_compute_vm_instance.icp-master.*.ipv4_address_private),
var.mgmt["nodes"] > 0 ? 0 : length(ibm_compute_vm_instance.icp-mgmt.*.ipv4_address_private),
var.mgmt["nodes"] > 0 ? length(ibm_compute_vm_instance.icp-mgmt.*.ipv4_address_private) :
length(ibm_compute_vm_instance.icp-mgmt.*.ipv4_address_private) +
length(ibm_compute_vm_instance.icp-master.*.ipv4_address_private))}"
va = ["${ibm_compute_vm_instance.icp-va.*.ipv4_address_private}"]
}
icp-inception = "${local.icp-version}"
image_location = "${var.image_location}"
image_location_user = "${var.image_location_user}"
image_location_pass = "${var.image_location_password}"
/* Workaround for terraform issue #10857
When this is fixed, we can work this out automatically */
cluster_size = "${1 + var.master["nodes"] + var.worker["nodes"] + var.proxy["nodes"] + var.mgmt["nodes"] + var.va["nodes"]}"
###################################################################################################################################
## You can feed in arbitrary configuration items in the icp_configuration map.
## Available configuration items availble from https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.0/installing/config_yaml.html
icp_configuration = {
"network_cidr" = "${var.network_cidr}"
"service_cluster_ip_range" = "${var.service_network_cidr}"
"cluster_lb_address" = "${ibm_lbaas.master-lbaas.vip}"
"proxy_lb_address" = "${ibm_lbaas.proxy-lbaas.vip}"
"cluster_CA_domain" = "${var.cluster_cname != "" ? "${var.cluster_cname}" : "${ibm_lbaas.master-lbaas.vip}"}"
"cluster_name" = "${var.deployment}"
"calico_ip_autodetection_method" = "interface=eth0"
# An admin password will be generated if not supplied in terraform.tfvars
"default_admin_password" = "${local.icppassword}"
# This is the list of disabled management services
"management_services" = "${local.disabled_management_services}"
"private_registry_enabled" = "${local.registry_server != "" ? "true" : "false" }"
"private_registry_server" = "${local.registry_server}"
"image_repo" = "${local.image_repo}" # Will either be our private repo or external repo
"docker_username" = "${local.docker_username}" # Will either be username generated by us or supplied by user
"docker_password" = "${local.docker_password}" # Will either be username generated by us or supplied by user
}
# We will let terraform generate a new ssh keypair
# for boot master to communicate with worker and proxy nodes
# during ICP deployment
generate_key = true
# SSH user and key for terraform to connect to newly created VMs
# ssh_key is the private key corresponding to the public assumed to be included in the template
ssh_user = "icpdeploy"
ssh_key_base64 = "${base64encode(tls_private_key.installkey.private_key_pem)}"
ssh_agent = false
# Make sure to wait for image load to complete
# hooks = {
# "boot-preconfig" = [
# "while [ ! -f /opt/ibm/.imageload_complete ]; do sleep 5; done"
# ]
# }
## Alternative approach
# hooks = {
# "cluster-preconfig" = ["echo No hook"]
# "cluster-postconfig" = ["echo No hook"]
# "preinstall" = ["echo No hook"]
# "postinstall" = ["echo No hook"]
# "boot-preconfig" = [
# # "${var.image_location == "" ? "exit 0" : "echo Getting archives"}",
# "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 1; done",
# "sudo mv /tmp/load_image.sh /opt/ibm/scripts/",
# "sudo chmod a+x /opt/ibm/scripts/load_image.sh",
# "/opt/ibm/scripts/load_image.sh -p ${var.image_location} -r ${local.registry_server} -c ${local.docker_password}"
# ]
# }
}
output "icp_console_host" {
value = "${ibm_lbaas.master-lbaas.vip}"
}
output "icp_proxy_host" {
value = "${ibm_lbaas.proxy-lbaas.vip}"
}
output "icp_console_url" {
value = "https://${ibm_lbaas.master-lbaas.vip}:8443"
}
output "icp_registry_url" {
value = "${ibm_lbaas.master-lbaas.vip}:8500"
}
output "kubernetes_api_url" {
value = "https://${ibm_lbaas.master-lbaas.vip}:8001"
}
output "icp_admin_username" {
value = "admin"
}
output "icp_admin_password" {
value = "${local.icppassword}"
}