add openstack example

c183e174 · remche · 6c4d6006 · c183e174 · c183e174 · c183e174
Commit c183e174 authored 3 years ago by remche
--- a/openstack/.gitignore
+++ b/openstack/.gitignore
+.terraform/
+*.auto.tfvars
+terraform.tfstate
+terraform.tfstate.backup
--- a/openstack/README.md
+++ b/openstack/README.md
+Ce code Terraform deploit un cluster Kubernetes sur Openstack grâce à [RKE2](https://docs.rke2.io/).
+Le cluster comporte un nœud controlplane, un nœud edge pour le trafic applicatif et deux workers.
+
+nginx-ingess-controler tourne sur le nœud edge et est configuré pour rediriger les trafic des ports 8000 et 8001 vers les services `default/svc1` et `default/svc2`.
--- a/openstack/edge.yaml
+++ b/openstack/edge.yaml
+# Add edge role to edge node
+# Cant use node-role.kubernetes.io/edge because of https://github.com/kubernetes/kubernetes/issues/75457
+node-label:
+  - "node-role/edge=true"
+
--- a/openstack/main.tf
+++ b/openstack/main.tf
+module "controlplane" {
+  source           = "remche/rke2/openstack"
+  cluster_name     = var.cluster_name
+  write_kubeconfig = true
+  image_name       = "ubuntu-20.04-focal-x86_64"
+  flavor_name      = "cpuX2"
+  public_net_name  = "public"
+  rke2_config      = file("server.yaml")
+  manifests_path   = "./manifests"
+  secgroup_rules = [{ "source" = "152.77.119.207/32", "protocol" = "tcp", "port" = 22 },
+    { "source" = "152.77.119.207/32", "protocol" = "icmp", port = 0 },
+    { "source" = "147.171.168.176/32", "protocol" = "icmp", port = 0 },
+    { "source" = "152.77.119.207/32", "protocol" = "tcp", "port" = 6443 },
+    { "source" = "147.171.168.176/32", "protocol" = "tcp", "port" = 22 },
+    { "source" = "147.171.168.176/32", "protocol" = "tcp", "port" = 6443 },
+    { "source" = "0.0.0.0/0", "protocol" = "tcp", "port" = 80 },
+    { "source" = "0.0.0.0/0", "protocol" = "tcp", "port" = 443 },
+    { "source" = "0.0.0.0/0", "protocol" = "tcp", "port" = 8000 },
+    { "source" = "0.0.0.0/0", "protocol" = "tcp", "port" = 8001 }
+  ]
+}
+
+module "edge_node" {
+  source             = "remche/rke2/openstack//modules/agent"
+  image_name         = "ubuntu-20.04-focal-x86_64"
+  nodes_count        = 1
+  name_prefix        = "edge"
+  flavor_name        = "cpuX2"
+  assign_floating_ip = true
+  node_config        = module.controlplane.node_config
+  rke2_config        = file("edge.yaml")
+}
+
+module "worker_node" {
+  source      = "remche/rke2/openstack//modules/agent"
+  image_name  = "ubuntu-20.04-focal-x86_64"
+  nodes_count = 2
+  name_prefix = "worker"
+  flavor_name = "cpuX2"
+  node_config = module.controlplane.node_config
+}
+
+output "controlplane_floating_ip" {
+  value     = module.controlplane.floating_ip
+  sensitive = true
+}
+
+output "edge_floating_ip" {
+  value     = module.edge_node.floating_ip
+  sensitive = true
+}
--- a/openstack/manifests/rke2-ingress-config.yaml
+++ b/openstack/manifests/rke2-ingress-config.yaml
+# Use Daemonset on all nodes with edge role
+# Cant use node-role.kubernetes.io/edge because of https://github.com/kubernetes/kubernetes/issues/75457
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: rke2-ingress-nginx
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    controller:
+      kind: DaemonSet
+      nodeSelector:
+        node-role/edge: "true"
+      containerPort:
+        http: 80
+        https: 443
+    tcp:
+      8000: "default/svc1:8000"
+      8001: "default/svc2:8000"
--- a/openstack/outputs.tf
+++ b/openstack/outputs.tf
+output "server_ip" {
+  description = "Server floating IP"
+  value       = module.controlplane.floating_ip[0]
+  sensitive   = true
+}
--- a/openstack/rke2.yaml
+++ b/openstack/rke2.yaml
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIrZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWtNU0l3SUFZRFZRUUREQmx5YTJVeUxYTmwKY25abGNpMWpZVUF4TmpRek9UY3hPREF6TUI0WERUSXlNREl3TkRFd05UQXdNMW9YRFRNeU1ESXdNakV3TlRBdwpNMW93SkRFaU1DQUdBMVVFQXd3WmNtdGxNaTF6WlhKMlpYSXRZMkZBTVRZME16azNNVGd3TXpCWk1CTUdCeXFHClNNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJPUnYvNU9sTjNqSTNyRXlkV0VCbGhwMDlQWHhtbmFBSXpwWWlSRW4KUjd3NFNpV3JuUDRCMXhoM1lPWkdMUThmRk11cnpMQmlYcjV1SmJwbnJXVVZ2SU9qUWpCQU1BNEdBMVVkRHdFQgovd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUnl4WDdFTVdzaTVIS0ZRM3QrCllRb0x1QS9SUFRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlBVm9GTHBxVE1Jdnp2TDdMdW1tdk5QYjBoWWQ0dGUKSTlxb0hGSlRJdERRb0FJZ1g0VUNBRUkyYUoxck9abW1DT1VVdDVvRFRSOWc2QlRGQjhMNktEMUl0aDQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://129.88.204.167:6443
+  name: default
+contexts:
+- context:
+    cluster: default
+    user: default
+  name: edge-node
+current-context: edge-node
+kind: Config
+preferences: {}
+users:
+- name: default
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrekNDQVRpZ0F3SUJBZ0lJTG5xOWhCUGxZL1l3Q2dZSUtvWkl6ajBFQXdJd0pERWlNQ0FHQTFVRUF3d1oKY210bE1pMWpiR2xsYm5RdFkyRkFNVFkwTXprM01UZ3dNekFlRncweU1qQXlNRFF4TURVd01ETmFGdzB5TXpBeQpNRFF4TURVd01ETmFNREF4RnpBVkJnTlZCQW9URG5ONWMzUmxiVHB0WVhOMFpYSnpNUlV3RXdZRFZRUURFd3h6CmVYTjBaVzA2WVdSdGFXNHdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBVHl6VmVNdU5kWmQyeEQKTUxJZTUwYVhKeXJpTmNRb2pjeDdVM28zV0VxcTIwbUFLWXZUSEpZZ1UzYyt2V1MybTR2SEMrTndtTXNndnlVYQo1VEZyMnRoNW8wZ3dSakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0l3Ckh3WURWUjBqQkJnd0ZvQVVGV24wWnVncHRRR2xsUXdVMS90QUowYXFYTmN3Q2dZSUtvWkl6ajBFQXdJRFNRQXcKUmdJaEFJRFlQYmhIVnlkb0YyQjRGRTc0VHJJSHUrbUI5M0orZ0dGeWxJaUhqSXo1QWlFQXRvQ0JVWXVoejlzMApiRmdIMlhlS285NkxibkxtQ0xOaW8yY21ienFkREZvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZURDQ0FSK2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakFrTVNJd0lBWURWUVFEREJseWEyVXlMV05zCmFXVnVkQzFqWVVBeE5qUXpPVGN4T0RBek1CNFhEVEl5TURJd05ERXdOVEF3TTFvWERUTXlNREl3TWpFd05UQXcKTTFvd0pERWlNQ0FHQTFVRUF3d1pjbXRsTWkxamJHbGxiblF0WTJGQU1UWTBNemszTVRnd016QlpNQk1HQnlxRwpTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCTFlmNVNUQlhtZkJRcnY3YVZxN2FiS2FoK2l6RDYzSmRLK2kvZUQ0Ckl5UWgwVmR5akxVYk1NMVJrcUFrcFJINjlPWDhJV0xla2dQVVdFUkZkbUtLRUMralFqQkFNQTRHQTFVZER3RUIKL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFWYWZSbTZDbTFBYVdWREJUWAorMEFuUnFwYzF6QUtCZ2dxaGtqT1BRUURBZ05IQURCRUFpQUVjbldRa3hvL2tqM2kxVkFqekZhMDdwS0JlNlU0CktoUmxFdS9lSWx3MnBRSWdjVDNnY0NOY21hNmg3N1hKU3o1bHM5cHVCZkxmM1BiTU50SytRNDhhN3BNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtHYkU5V0d3OTRySEdYZ3AycEc0NTQvaXlPOFYyZ3RHeXV3d0V6L3ZPaXZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOHMxWGpMalhXWGRzUXpDeUh1ZEdseWNxNGpYRUtJM01lMU42TjFoS3F0dEpnQ21MMHh5VwpJRk4zUHIxa3RwdUx4d3ZqY0pqTElMOGxHdVV4YTlyWWVRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
--- a/openstack/server.yaml
+++ b/openstack/server.yaml
+# Control plane wont execute regular workloads
+node-taint:
+  - "CriticalAddonsOnly=true:NoExecute"
--- a/openstack/variables.tf
+++ b/openstack/variables.tf
+variable "cluster_name" {
+  type    = string
+  default = "edge-node"
+}