feat: add iac code

Author: devx

iac/README.md

@@ -0,0 +1,37 @@
+[bastion]
+${address_bastion}
+
+[masters]
+%{ for master in master_nodes ~}
+${master.access_ip_v4}
+%{endfor ~}
+
+[workers]
+%{ for worker in worker_nodes ~}
+${worker.access_ip_v4}
+%{endfor ~}
+
+%{if address_bastion == ""~}
+[masters:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no -o IdentityFile=./id_rsa -o UserKnownHostsFile=/dev/null'
+
+[workers:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no -o IdentityFile=./id_rsa -o UserKnownHostsFile=/dev/null'
+%{endif~}
+
+%{if address_bastion != ""~}
+[masters:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no -o IdentityFile=./id_rsa -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -o IdentityFile=./id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ${ssh_user}@${address_bastion}"'
+
+[workers:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no -o IdentityFile=./id_rsa -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -o IdentityFile=./id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ${ssh_user}@${address_bastion}"'
+%{endif~}
+
+
+
+
+[all:vars]
+ansible_user="${ssh_user}"
+ansible_python_interpreter=/usr/bin/python3
+ansible_ssh_private_key_file=./id_rsa
+ansible_ssh_extra_args='-o StrictHostKeyChecking=no'

iac/cloud/openstack/lib/ansible-inventory/inventory.tpl

@@ -0,0 +1,13 @@
+
+resource "local_file" "ansible_inventory" {
+  content = templatefile("${path.module}/inventory.tpl",
+    {
+      address_bastion = var.address_bastion
+      worker_nodes    = var.worker_nodes
+      master_nodes    = var.master_nodes
+      ssh_user        = var.ssh_user
+  })
+  filename   = "infra-inventory"
+
+    depends_on = [ var.master_nodes, var.worker_nodes ]
+}

iac/cloud/openstack/lib/ansible-inventory/main.tf

@@ -0,0 +1,27 @@
+variable "address_bastion" {
+  type = string
+  default = ""
+}
+
+variable "master_nodes" {
+  type = list(object({
+    id           = string
+    name         = string
+    access_ip_v4 = string
+  }))
+}
+
+variable "ssh_user" {
+  type    = string
+  default = "ubuntu"
+}
+
+variable "worker_nodes" {
+  type = list(object({
+    id           = string
+    name         = string
+    access_ip_v4 = string
+  }))
+}
+
+

iac/cloud/openstack/lib/ansible-inventory/variables.tf

@@ -0,0 +1,37 @@
+resource "local_file" "ca-certificate" {
+  filename        = "${path.root}/ca.crt"
+  content         = var.services_ca_crt != "" ? var.services_ca_crt : tls_self_signed_cert.ca[0].cert_pem
+  file_permission = "0644"
+}
+
+resource "local_file" "ca-certificate-key" {
+  filename        = "${path.root}/ca.key"
+  content         = var.services_ca_key != "" ? var.services_ca_key : tls_private_key.ca[0].private_key_pem
+  file_permission = "0600"
+}
+
+resource "tls_private_key" "ca" {
+  count     = var.services_ca_key != "" ? 0 : 1
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "ca" {
+  count = var.services_ca_crt != "" ? 0 : 1
+  #key_algorithm     = "RSA"
+  private_key_pem   = tls_private_key.ca[0].private_key_pem
+  is_ca_certificate = true
+
+  subject {
+    organization = "Rackspace Kubernetes Managed Services CA"
+  }
+
+  validity_period_hours = 87600
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+    "client_auth",
+    "cert_signing",
+  ]
+}

iac/cloud/openstack/lib/ca/main.tf

@@ -0,0 +1,3 @@
+output "certificate" {
+  value = local_file.ca-certificate.content
+}

iac/cloud/openstack/lib/ca/output.tf

@@ -0,0 +1,9 @@
+variable "services_ca_crt" {
+  type    = string
+  default = ""
+}
+
+variable "services_ca_key" {
+  type    = string
+  default = ""
+}

iac/cloud/openstack/lib/ca/variables.tf

@@ -0,0 +1,24 @@
+
+
+resource "openstack_networking_port_v2" "vrrp" {
+  name               = "${var.naming_prefix}vrrp"
+  network_id         = var.network_id
+  security_group_ids = var.security_group_ids
+  admin_state_up     = "true"
+  fixed_ip {
+    ip_address = var.vrrp_ip
+    subnet_id  = var.subnet_id
+  }
+}
+
+resource "openstack_compute_floatingip_v2" "k8s_api_ip" {
+  count = var.floatingip_pool == "" ? 0 : 1
+  pool  = var.floatingip_pool
+
+}
+
+resource "openstack_networking_floatingip_associate_v2" "fip_1" {
+  count       = var.floatingip_pool == "" ? 0 : 1
+  floating_ip = openstack_compute_floatingip_v2.k8s_api_ip[0].address
+  port_id     = openstack_networking_port_v2.vrrp.id
+}

iac/cloud/openstack/lib/floating-vip/main.tf

@@ -0,0 +1,3 @@
+output "ip" {
+ value = var.floatingip_pool == "" ? var.vrrp_ip : openstack_compute_floatingip_v2.k8s_api_ip[0].address
+}

iac/cloud/openstack/lib/floating-vip/output.tf

@@ -0,0 +1,32 @@
+variable "floatingip_pool" {
+  type    = string
+  default = ""
+}
+
+variable "naming_prefix" {
+  type = string
+}
+
+variable "network_id" {
+  type = string
+}
+variable "vrrp_ip" {
+  type = string
+}
+
+variable "subnet_id" {
+  type = string
+}
+
+variable "use_octavia" {
+  type = bool
+}
+variable "security_group_ids" {
+  type    = list(string)
+  default = []
+}
+
+variable "vlan_id" {
+  type    = string
+  default = ""
+}