Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
EM: Add node_private_cidrs as list of string
Browse files Browse the repository at this point in the history 
- Mark `node_private_cidr` as deprecated.
- This is added to support multi-facility worker pools. Different
  facility in an EM project can have different private node CIDR, hence
  allow user to provide multiple CIDRs.

Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>
  • Loading branch information
@surajssd
surajssd committed Feb 5, 2021
1 parent 1997199 commit c836197
Show file tree
Hide file tree
Showing 14 changed files with 76 additions and 37 deletions.
2 changes: 1 addition & 1 deletion assets/terraform-modules/packet/flatcar-linux/kubernetes/bootkube.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module "bootkube" {

# Select private Packet NIC by using the can-reach Calico autodetection option with the first
# host in our private CIDR.
network_ip_autodetection_method = "can-reach=${cidrhost(var.node_private_cidr, 1)}"
network_ip_autodetection_method = "can-reach=${cidrhost(var.node_private_cidrs[0], 1)}"

pod_cidr = var.pod_cidr
service_cidr = var.service_cidr
Expand Down
5 changes: 2 additions & 3 deletions assets/terraform-modules/packet/flatcar-linux/kubernetes/calico-host-protection.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,10 @@ resource "local_file" "calico_host_protection" {
}
],
management_cidrs = var.management_cidrs
cluster_cidrs = [
var.node_private_cidr,
cluster_cidrs = concat([
var.pod_cidr,
var.service_cidr
],
], var.node_private_cidrs),
})

filename = "${var.asset_dir}/charts/kube-system/calico-host-protection.yaml"
Expand Down
6 changes: 3 additions & 3 deletions assets/terraform-modules/packet/flatcar-linux/kubernetes/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,9 @@ variable "management_cidrs" {
type = list(string)
}

variable "node_private_cidr" {
description = "Private IPv4 CIDR of the nodes used to allow inter-node traffic"
type = string
variable "node_private_cidrs" {
description = "List of private IPv4 CIDRs of the nodes used to allow inter-node traffic"
type = list(string)
}

variable "enable_aggregation" {
Expand Down
2 changes: 1 addition & 1 deletion ci/packet/packet-cluster.lokocfg.envsubst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ EOF

ssh_pubkeys = ["$PUB_KEY"]
management_cidrs = ["0.0.0.0/0"]
node_private_cidr = "10.0.0.0/8"
node_private_cidrs = ["10.0.0.0/8"]

worker_pool "pool-1" {
count = 2
Expand Down
2 changes: 1 addition & 1 deletion ci/packet_arm/packet_arm-cluster.lokocfg.envsubst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ EOF

ssh_pubkeys = ["$PUB_KEY"]
management_cidrs = ["0.0.0.0/0"]
node_private_cidr = "10.0.0.0/8"
node_private_cidrs = ["10.0.0.0/8"]

worker_pool "pool-1" {
count = 1
Expand Down
2 changes: 1 addition & 1 deletion ci/packet_fluo/packet_fluo-cluster.lokocfg.envsubst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ EOF

ssh_pubkeys = ["$PUB_KEY"]
management_cidrs = ["0.0.0.0/0"]
node_private_cidr = "10.0.0.0/8"
node_private_cidrs = ["10.0.0.0/8"]

worker_pool "general" {
count = 1
Expand Down
6 changes: 3 additions & 3 deletions cli/cmd/cluster/utils_internal_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ func TestGetKubeconfigSourceFlag(t *testing.T) {
controller_count = 0
facility = ""
management_cidrs = []
node_private_cidr = ""
node_private_cidrs = []
project_id = ""
ssh_pubkeys = []
dns {
Expand Down Expand Up @@ -218,7 +218,7 @@ func TestGetKubeconfigSourceConfigFile(t *testing.T) {
controller_count = 0
facility = ""
management_cidrs = []
node_private_cidr = ""
node_private_cidrs = []
project_id = ""
ssh_pubkeys = []
dns {
Expand Down Expand Up @@ -281,7 +281,7 @@ func TestGetKubeconfigFromAssetsDir(t *testing.T) {
controller_count = 0
facility = ""
management_cidrs = []
node_private_cidr = ""
node_private_cidrs = []
project_id = ""
ssh_pubkeys = []
dns {
Expand Down
7 changes: 5 additions & 2 deletions docs/configuration-reference/platforms/packet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ variable "packet_project_id" {}
variable "ssh_public_keys" {}
variable "management_cidrs" {}
variable "node_private_cidr" {}
variable "node_private_cidrs" {}
variable "state_s3_bucket" {}
variable "lock_dynamodb_table" {}
variable "oidc_issuer_url" {}
Expand Down Expand Up @@ -90,7 +91,8 @@ cluster "packet" {
management_cidrs = var.management_cidrs
node_private_cidr = var.node_private_cidr
node_private_cidr = var.node_private_cidr
node_private_cidrs = var.node_private_cidrs
cluster_domain_suffix = "cluster.local"
Expand Down Expand Up @@ -222,7 +224,8 @@ node_type = var.custom_default_worker_type
| `os_version` | Flatcar Container Linux version to install. Version such as "2303.3.1" or "current". | "current" | string | false |
| `ipxe_script_url` | Boot via iPXE. Required for arm64. | - | string | false |
| `management_cidrs` | List of IPv4 CIDRs authorized to access or manage the cluster. Example ["0.0.0.0/0"] to allow all. | - | list(string) | true |
| `node_private_cidr` | Private IPv4 CIDR of the nodes used to allow inter-node traffic. Example "10.0.0.0/8" | - | string | true |
| `node_private_cidr` | (Deprecated) Private IPv4 CIDR of the nodes used to allow inter-node traffic. Example "10.0.0.0/8". | - | string | true |
| `node_private_cidrs` | List of Private IPv4 CIDRs of the nodes used to allow inter-node traffic. Example ["10.0.0.0/8"]. | - | list(string) | true |
| `enable_aggregation` | Enable the Kubernetes Aggregation Layer. | true | bool | false |
| `enable_tls_bootstrap` | Enable TLS bootstraping for Kubelet. | true | bool | false |
| `encrypt_pod_traffic` | Enable in-cluster pod traffic encryption. If true `network_mtu` is reduced by 60 to make room for the encryption header. | false | bool | false |
Expand Down
2 changes: 1 addition & 1 deletion docs/quickstarts/packet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ cluster "packet" {
ssh_pubkeys = ["ssh-rsa AAAA..."]
management_cidrs = ["0.0.0.0/0"]
node_private_cidr = "10.0.0.0/8"
node_private_cidrs = ["10.0.0.0/8"]
controller_count = 1
Expand Down
4 changes: 2 additions & 2 deletions examples/packet-production/cluster.lokocfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ variable "route53_zone_id" {}
variable "packet_project_id" {}
variable "ssh_public_keys" {}
variable "management_cidrs" {}
variable "node_private_cidr" {}
variable "node_private_cidrs" {}
variable "cert_manager_email" {}
variable "state_s3_bucket" {}
variable "lock_dynamodb_table" {}
Expand Down Expand Up @@ -78,7 +78,7 @@ cluster "packet" {

ssh_pubkeys = var.ssh_public_keys
management_cidrs = var.management_cidrs
node_private_cidr = var.node_private_cidr
node_private_cidrs = var.node_private_cidrs

worker_pool "pool-1" {
count = var.workers_count
Expand Down
6 changes: 3 additions & 3 deletions examples/packet-testing/cluster.lokocfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ variable "management_cidrs" {
default = "0.0.0.0/0"
}

variable "node_private_cidr" {
default = "10.0.0.0/8"
variable "node_private_cidrs" {
default = ["10.0.0.0/8"]
}

cluster "packet" {
Expand All @@ -56,7 +56,7 @@ cluster "packet" {

ssh_pubkeys = var.ssh_public_keys
management_cidrs = var.management_cidrs
node_private_cidr = var.node_private_cidr
node_private_cidrs = var.node_private_cidrs

worker_pool "pool-1" {
count = var.workers_count
Expand Down
Loading

0 comments on commit c836197

Please sign in to comment.