Merge pull request #654 from staebler/no_shared_aws_vpc

terraform/aws: remove option to use an existing vpc in aws
openshift · Dec 14, 2018 · 3b9d99b · 3b9d99b
2 parents e86e78b + 0471938
commit 3b9d99b
Show file tree

Hide file tree

Showing 20 changed files with 58 additions and 345 deletions.
diff --git a/data/data/aws/bootstrap/main.tf b/data/data/aws/bootstrap/main.tf
@@ -109,7 +109,7 @@ resource "aws_instance" "bootstrap" {
   subnet_id                   = "${var.subnet_id}"
   user_data                   = "${data.ignition_config.redirect.rendered}"
   vpc_security_group_ids      = ["${var.vpc_security_group_ids}"]
-  associate_public_ip_address = "${var.associate_public_ip_address}"
+  associate_public_ip_address = true
 
   lifecycle {
     # Ignore changes in the AMI which force recreation of the resource. This

diff --git a/data/data/aws/bootstrap/variables.tf b/data/data/aws/bootstrap/variables.tf
@@ -3,11 +3,6 @@ variable "ami" {
   description = "The AMI ID for the bootstrap node."
 }
 
-variable "associate_public_ip_address" {
-  default     = false
-  description = "If set to true, public-facing ingress resources are created."
-}
-
 variable "cluster_name" {
   type        = "string"
   description = "The name of the cluster."

diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf
@@ -1,31 +1,23 @@
 locals {
-  private_endpoints = "${var.aws_endpoints == "public" ? false : true}"
-  public_endpoints  = "${var.aws_endpoints == "private" ? false : true}"
-  private_zone_id   = "${var.aws_external_private_zone != "" ? var.aws_external_private_zone : join("", aws_route53_zone.int.*.zone_id)}"
+  private_zone_id = "${aws_route53_zone.int.zone_id}"
 }
 
 provider "aws" {
   region  = "${var.aws_region}"
   version = "1.39.0"
-
-  assume_role {
-    role_arn     = "${var.aws_installer_role == "" ? "" : "${var.aws_installer_role}"}"
-    session_name = "OPENSHIFT_INSTALLER_${var.cluster_name}"
-  }
 }
 
 module "bootstrap" {
   source = "./bootstrap"
 
-  ami                         = "${var.aws_ec2_ami_override}"
-  associate_public_ip_address = "${var.aws_endpoints != "private"}"
-  cluster_name                = "${var.cluster_name}"
-  iam_role                    = "${var.aws_master_iam_role_name}"
-  ignition                    = "${var.ignition_bootstrap}"
-  subnet_id                   = "${module.vpc.master_subnet_ids[0]}"
-  target_group_arns           = "${module.vpc.aws_lb_target_group_arns}"
-  target_group_arns_length    = "${module.vpc.aws_lb_target_group_arns_length}"
-  vpc_security_group_ids      = ["${concat(var.aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}"]
+  ami                      = "${var.aws_ec2_ami_override}"
+  cluster_name             = "${var.cluster_name}"
+  iam_role                 = "${var.aws_master_iam_role_name}"
+  ignition                 = "${var.ignition_bootstrap}"
+  subnet_id                = "${module.vpc.master_subnet_ids[0]}"
+  target_group_arns        = "${module.vpc.aws_lb_target_group_arns}"
+  target_group_arns_length = "${module.vpc.aws_lb_target_group_arns_length}"
+  vpc_security_group_ids   = "${list(module.vpc.master_sg_id)}"
 
   tags = "${merge(map(
       "Name", "${var.cluster_name}-bootstrap",
@@ -44,8 +36,7 @@ module "masters" {
   extra_tags               = "${var.aws_extra_tags}"
   instance_count           = "${var.master_count}"
   master_iam_role          = "${var.aws_master_iam_role_name}"
-  master_sg_ids            = "${concat(var.aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}"
-  public_endpoints         = "${local.public_endpoints}"
+  master_sg_ids            = "${list(module.vpc.master_sg_id)}"
   root_volume_iops         = "${var.aws_master_root_volume_iops}"
   root_volume_size         = "${var.aws_master_root_volume_size}"
   root_volume_type         = "${var.aws_master_root_volume_type}"
@@ -72,35 +63,21 @@ module "dns" {
   api_internal_lb_zone_id  = "${module.vpc.aws_lb_api_internal_zone_id}"
   base_domain              = "${var.base_domain}"
   cluster_name             = "${var.cluster_name}"
-  elb_alias_enabled        = true
   master_count             = "${var.master_count}"
   private_zone_id          = "${local.private_zone_id}"
-  external_vpc_id          = "${module.vpc.vpc_id}"
   extra_tags               = "${var.aws_extra_tags}"
-  private_endpoints        = "${local.private_endpoints}"
-  public_endpoints         = "${local.public_endpoints}"
 }
 
 module "vpc" {
   source = "./vpc"
 
-  base_domain     = "${var.base_domain}"
-  cidr_block      = "${var.aws_vpc_cidr_block}"
-  cluster_id      = "${var.cluster_id}"
-  cluster_name    = "${var.cluster_name}"
-  external_vpc_id = "${var.aws_external_vpc_id}"
-  region          = "${var.aws_region}"
-
-  external_master_subnet_ids = "${compact(var.aws_external_master_subnet_ids)}"
-  external_worker_subnet_ids = "${compact(var.aws_external_worker_subnet_ids)}"
-  extra_tags                 = "${var.aws_extra_tags}"
-
-  // empty map subnet_configs will have the vpc module creating subnets in all availabile AZs
-  new_master_subnet_configs = "${var.aws_master_custom_subnets}"
-  new_worker_subnet_configs = "${var.aws_worker_custom_subnets}"
+  base_domain  = "${var.base_domain}"
+  cidr_block   = "${var.aws_vpc_cidr_block}"
+  cluster_id   = "${var.cluster_id}"
+  cluster_name = "${var.cluster_name}"
+  region       = "${var.aws_region}"
 
-  private_master_endpoints = "${local.private_endpoints}"
-  public_master_endpoints  = "${local.public_endpoints}"
+  extra_tags = "${var.aws_extra_tags}"
 }
 
 resource "aws_route53_record" "etcd_a_nodes" {
@@ -121,7 +98,6 @@ resource "aws_route53_record" "etcd_cluster" {
 }
 
 resource "aws_route53_zone" "int" {
-  count         = "${local.private_endpoints ? "${var.aws_external_private_zone == "" ? 1 : 0 }" : 0}"
   vpc_id        = "${module.vpc.vpc_id}"
   name          = "${var.base_domain}"
   force_destroy = true

diff --git a/data/data/aws/master/main.tf b/data/data/aws/master/main.tf
@@ -84,7 +84,7 @@ resource "aws_instance" "master" {
   user_data            = "${var.user_data_ign}"
 
   vpc_security_group_ids      = ["${var.master_sg_ids}"]
-  associate_public_ip_address = "${var.public_endpoints}"
+  associate_public_ip_address = true
 
   lifecycle {
     # Ignore changes in the AMI which force recreation of the resource. This

diff --git a/data/data/aws/master/variables.tf b/data/data/aws/master/variables.tf
@@ -51,11 +51,6 @@ variable "master_sg_ids" {
   description = "The security group IDs to be applied to the master nodes."
 }
 
-variable "public_endpoints" {
-  description = "If set to true, public-facing ingress resources are created."
-  default     = true
-}
-
 variable "root_volume_iops" {
   type        = "string"
   default     = "100"

diff --git a/data/data/aws/route53/base.tf b/data/data/aws/route53/base.tf
@@ -1,21 +1,14 @@
-locals {
-  public_endpoints_count  = "${var.public_endpoints ? 1 : 0}"
-  private_endpoints_count = "${var.private_endpoints ? 1 : 0}"
-}
-
 data "aws_route53_zone" "base" {
   name = "${var.base_domain}"
 }
 
 locals {
-  public_zone_id = "${join("", data.aws_route53_zone.base.*.zone_id)}"
+  public_zone_id = "${data.aws_route53_zone.base.zone_id}"
 
-  zone_id = "${var.private_endpoints ? var.private_zone_id : local.public_zone_id}"
+  zone_id = "${var.private_zone_id}"
 }
 
 resource "aws_route53_record" "api_external" {
-  count = "${var.elb_alias_enabled ? local.public_endpoints_count : 0}"
-
   zone_id = "${local.public_zone_id}"
   name    = "${var.cluster_name}-api.${var.base_domain}"
   type    = "A"
@@ -28,8 +21,6 @@ resource "aws_route53_record" "api_external" {
 }
 
 resource "aws_route53_record" "api_internal" {
-  count = "${var.elb_alias_enabled ? local.private_endpoints_count : 0}"
-
   zone_id = "${var.private_zone_id}"
   name    = "${var.cluster_name}-api.${var.base_domain}"
   type    = "A"

diff --git a/data/data/aws/route53/master.tf b/data/data/aws/route53/master.tf
diff --git a/data/data/aws/route53/variables.tf b/data/data/aws/route53/variables.tf
@@ -50,41 +50,6 @@ variable "extra_tags" {
 
 // AWS specific internal zone variables
 
-variable "elb_alias_enabled" {
-  description = <<EOF
-(optional) Whether to create an aliased record set to ELB endpoints.
-Refer to http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
-for additional information.
-EOF
-
-  default = false
-}
-
-variable "external_vpc_id" {
-  type = "string"
-
-  description = <<EOF
-ID of an existing VPC to launch nodes into.
-If unset a new VPC is created.
-
-Example: `vpc-123456`
-EOF
-}
-
-variable "private_endpoints" {
-  description = <<EOF
-If set to true, create private-facing ingress resources (ELB, A-records).
-If set to false, no private-facing ingress resources will be provisioned and all DNS records will be created in the public Route53 zone.
-EOF
-}
-
-variable "public_endpoints" {
-  description = <<EOF
-If set to true, create public-facing ingress resources (ELB, A-records).
-If set to false, no public-facing ingress resources will be created.
-EOF
-}
-
 variable "private_zone_id" {
   description = "Route53 Private Zone ID"
   type        = "string"

diff --git a/data/data/aws/route53/worker.tf b/data/data/aws/route53/worker.tf
@@ -1,12 +1,3 @@
-resource "aws_route53_record" "worker_nodes" {
-  count   = "${var.elb_alias_enabled ? 0 : var.worker_count}"
-  zone_id = "${data.aws_route53_zone.base.zone_id}"
-  name    = "${var.cluster_name}-worker-${count.index}"
-  type    = "A"
-  ttl     = "60"
-  records = ["${var.worker_ip_addresses[count.index]}"]
-}
-
 resource "aws_route53_record" "worker_nodes_public" {
   // hack: worker_public_ips_enabled is a workaround for https://github.com/hashicorp/terraform/issues/10857
   count   = "${var.worker_public_ips_enabled ? var.worker_count : 0}"

diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf
@@ -21,17 +21,6 @@ variable "aws_ec2_ami_override" {
   default     = ""
 }
 
-variable "aws_master_extra_sg_ids" {
-  description = <<EOF
-(optional) List of additional security group IDs for master nodes.
-
-Example: `["sg-51530134", "sg-b253d7cc"]`
-EOF
-
-  type    = "list"
-  default = []
-}
-
 variable "aws_vpc_cidr_block" {
   type = "string"
 
@@ -41,65 +30,6 @@ This should not overlap with any other networks, such as a private datacenter co
 EOF
 }
 
-variable "aws_external_vpc_id" {
-  type = "string"
-
-  description = <<EOF
-(optional) ID of an existing VPC to launch nodes into.
-If unset a new VPC is created.
-
-Example: `vpc-123456`
-EOF
-
-  default = ""
-}
-
-variable "aws_endpoints" {
-  description = <<EOF
-(optional) If set to "all", the default, then both public and private ingress resources (ELB, A-records) will be created.
-If set to "private", then only create private-facing ingress resources (ELB, A-records). No public-facing ingress resources will be created.
-If set to "public", then only create public-facing ingress resources (ELB, A-records). No private-facing ingress resources will be provisioned and all DNS records will be created in the public Route53 zone.
-EOF
-}
-
-variable "aws_external_private_zone" {
-  default = ""
-
-  description = <<EOF
-(optional) If set, the given Route53 zone ID will be used as the internal (private) zone.
-This zone will be used to create etcd DNS records as well as internal API and internal Ingress records.
-If set, no additional private zone will be created.
-
-Example: `"Z1ILINNUJGTAO1"`
-EOF
-}
-
-variable "aws_external_master_subnet_ids" {
-  type = "list"
-
-  description = <<EOF
-(optional) List of subnet IDs within an existing VPC to deploy master nodes into.
-Required to use an existing VPC, not applicable otherwise.
-
-Example: `["subnet-111111", "subnet-222222", "subnet-333333"]`
-EOF
-
-  default = []
-}
-
-variable "aws_external_worker_subnet_ids" {
-  type = "list"
-
-  description = <<EOF
-(optional) List of subnet IDs within an existing VPC to deploy worker nodes into.
-Required to use an existing VPC, not applicable otherwise.
-
-Example: `["subnet-111111", "subnet-222222", "subnet-333333"]`
-EOF
-
-  default = []
-}
-
 variable "aws_extra_tags" {
   type = "map"
 
@@ -134,47 +64,11 @@ Ignored if the volume type is not io1.
 EOF
 }
 
-variable "aws_master_custom_subnets" {
-  type    = "map"
-  default = {}
-
-  description = <<EOF
-(optional) This configures master availability zones and their corresponding subnet CIDRs directly.
-
-Example:
-`{ eu-west-1a = "10.0.0.0/20", eu-west-1b = "10.0.16.0/20" }`
-EOF
-}
-
-variable "aws_worker_custom_subnets" {
-  type    = "map"
-  default = {}
-
-  description = <<EOF
-(optional) This configures worker availability zones and their corresponding subnet CIDRs directly.
-
-Example: `{ eu-west-1a = "10.0.64.0/20", eu-west-1b = "10.0.80.0/20" }`
-EOF
-}
-
 variable "aws_region" {
   type        = "string"
   description = "The target AWS region for the cluster."
 }
 
-variable "aws_installer_role" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) Name of IAM role to use to access AWS in order to deploy the OpenShift Cluster.
-The name is also the full role's ARN.
-
-Example:
- * Role ARN  = arn:aws:iam::123456789012:role/openshift-installer
-EOF
-}
-
 variable "aws_master_iam_role_name" {
   type    = "string"
   default = ""