From 27e7784e00d7be2b490834d8ab0b4f822f983a1b Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Mon, 26 Feb 2024 19:53:57 +0100 Subject: [PATCH 1/2] feat: Add elastic ip for Grafana Signed-off-by: Ross Fairbanks --- infrastructure/equinix-metal/main.tf | 17 ++++++++++++++++- infrastructure/equinix-metal/variables.tf | 9 +++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/infrastructure/equinix-metal/main.tf b/infrastructure/equinix-metal/main.tf index 947e589..dde5fd6 100644 --- a/infrastructure/equinix-metal/main.tf +++ b/infrastructure/equinix-metal/main.tf @@ -28,6 +28,15 @@ resource "equinix_metal_project_ssh_key" "ssh_key" { public_key = var.ssh_public_key } +resource "equinix_metal_reserved_ip_block" "elastic_ip" { + for_each = toset(var.elastic_ips) + project_id = var.equinix_project_id + type = "public_ipv4" + metro = var.device_metro + quantity = 1 + description = each.value +} + resource "equinix_metal_device" "control_plane" { hostname = "${var.cluster_name}-control-plane" plan = var.device_plan @@ -71,8 +80,9 @@ resource "equinix_metal_device" "worker" { depends_on = [equinix_metal_device.control_plane] user_data = < /etc/netplan/01-netcfg.yaml\nnetplan apply\n" : ""} curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL="${var.k3s_version}" sh -s - agent \ ---token "${var.k3s_token}" \ +${each.value.elastic_ip != "" ? "--node-external-ip ${cidrhost(equinix_metal_reserved_ip_block.elastic_ip[each.value.elastic_ip].cidr_notation, 0)}" : ""} --token "${var.k3s_token}" \ --server "https://${equinix_metal_device.control_plane.access_private_ipv4}:6443" \ ${join(" \\\n", [for k, v in each.value.labels : "--node-label ${k}=${v}"])} EOF @@ -85,6 +95,11 @@ EOF } } +resource "equinix_metal_ip_attachment" "monitoring" { + device_id = equinix_metal_device.worker["internal-1"].id + cidr_notation = join("/", [cidrhost(equinix_metal_reserved_ip_block.elastic_ip["monitoring"].cidr_notation, 0), "32"]) +} + resource "null_resource" "install_cilium_cni" { depends_on = [equinix_metal_device.control_plane] triggers = { diff --git a/infrastructure/equinix-metal/variables.tf b/infrastructure/equinix-metal/variables.tf index 3517f41..d760216 100644 --- a/infrastructure/equinix-metal/variables.tf +++ b/infrastructure/equinix-metal/variables.tf @@ -34,6 +34,12 @@ variable "device_plan" { default = "m3.small.x86" } +variable "elastic_ips" { + description = "List of Equinix Metal elastic ip names" + type = list(string) + default = ["monitoring"] +} + variable "equinix_auth_token" { description = "Authentication token for Equinix Metal" type = string @@ -103,11 +109,13 @@ variable "ssh_private_key_path" { variable "worker_nodes" { description = "Map of worker nodes and config" type = map(object({ + elastic_ip = string labels = map(string) plan = string })) default = { internal-1 = { + elastic_ip = "monitoring" labels = { cncf-project = "wg-green-reviews" cncf-project-sub = "internal" @@ -115,6 +123,7 @@ variable "worker_nodes" { plan = "m3.small.x86" }, falco-a = { + elastic_ip = "" labels = { cncf-project = "falco" cncf-project-sub = "falco-driver-modern-ebpf" From 0a847c88083a8bd1cfe24f4eb6383cd8655b9082 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Wed, 28 Feb 2024 12:08:35 +0100 Subject: [PATCH 2/2] Use global ip for elastic ip Signed-off-by: Ross Fairbanks --- infrastructure/equinix-metal/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/infrastructure/equinix-metal/main.tf b/infrastructure/equinix-metal/main.tf index dde5fd6..5c16b90 100644 --- a/infrastructure/equinix-metal/main.tf +++ b/infrastructure/equinix-metal/main.tf @@ -31,8 +31,7 @@ resource "equinix_metal_project_ssh_key" "ssh_key" { resource "equinix_metal_reserved_ip_block" "elastic_ip" { for_each = toset(var.elastic_ips) project_id = var.equinix_project_id - type = "public_ipv4" - metro = var.device_metro + type = "global_ipv4" quantity = 1 description = each.value }