Ibm cluster creation

data/data/ibmcloud/bootstrap/ignition.tf

@@ -0,0 +1,56 @@
+############################################
+# COS bucket
+############################################
+
+resource "ibm_cos_bucket" "bootstrap_ignition" {
+  bucket_name          = "${local.prefix}-bootstrap-ignition"
+  resource_instance_id = var.cos_resource_instance_id
+  region_location      = var.cos_bucket_region
+  storage_class        = "smart"
+}
+
+############################################
+# COS object
+############################################
+
+resource "ibm_cos_bucket_object" "bootstrap_ignition" {
+  bucket_crn      = ibm_cos_bucket.bootstrap_ignition.crn
+  bucket_location = ibm_cos_bucket.bootstrap_ignition.region_location
+  key             = "bootstrap.ign"
+  content_file    = var.ignition_file
+  etag            = filemd5(var.ignition_file)
+}
+
+############################################
+# IAM service credentials
+############################################
+
+# NOTE/TODO: Get IAM token for created Service ID, not supported in provider
+data "ibm_iam_auth_token" "iam_token" {}
+
+# NOTE: Not used at the moment
+# resource "ibm_iam_service_id" "cos" {
+#   name = "${local.prefix}-cos-service-id"
+# }
+
+# NOTE: Not used at the moment
+# resource "ibm_resource_key" "cos_reader" {
+#   name                 = "${local.prefix}-cos-reader"
+#   role                 = "Reader"
+#   resource_instance_id = ibm_resource_instance.cos.id
+#   parameters           = {
+#     HMAC          = true
+#     serviceid_crn = ibm_iam_service_id.cos.crn
+#   }
+# }
+
+# NOTE: Not used at the moment
+# resource "ibm_resource_key" "cos_writer" {
+#   name                 = "${local.prefix}-cos-writer"
+#   role                 = "Writer"
+#   resource_instance_id = ibm_resource_instance.cos.id
+#   parameters           = {
+#     HMAC          = true
+#     serviceid_crn = ibm_iam_service_id.cos.crn
+#   }
+# }

data/data/ibmcloud/bootstrap/main.tf

@@ -0,0 +1,78 @@
+locals {
+  prefix              = var.cluster_id
+  port_kubernetes_api = 6443
+  port_machine_config = 22623
+}
+
+############################################
+# Bootstrap node
+############################################
+
+resource "ibm_is_instance" "bootstrap_node" {
+  name           = "${local.prefix}-bootstrap"
+  image          = var.vsi_image_id
+  profile        = var.vsi_profile
+  resource_group = var.resource_group_id
+  tags           = var.tags
+
+  primary_network_interface {
+    name            = "eth0"
+    subnet          = var.subnet_id
+    security_groups = [var.security_group_id]
+  }
+
+  vpc  = var.vpc_id
+  zone = var.zone
+  keys = []
+
+  # Use custom ignition config that pulls content from COS bucket
+  # TODO: Once support for the httpHeaders field is added to
+  # terraform-provider-ignition, we should use it instead of this template.
+  # https://github.com/community-terraform-providers/terraform-provider-ignition/issues/16
+  user_data = templatefile("${path.module}/templates/bootstrap.ign", {
+    HOSTNAME    = ibm_cos_bucket.bootstrap_ignition.s3_endpoint_public
+    BUCKET_NAME = ibm_cos_bucket.bootstrap_ignition.bucket_name
+    OBJECT_NAME = ibm_cos_bucket_object.bootstrap_ignition.key
+    IAM_TOKEN   = data.ibm_iam_auth_token.iam_token.iam_access_token
+  })
+}
+
+############################################
+# Floating IP
+############################################
+
+resource "ibm_is_floating_ip" "bootstrap_floatingip" {
+  count = var.public_endpoints ? 1 : 0
+
+  name           = "${local.prefix}-bootstrap-node-ip"
+  resource_group = var.resource_group_id
+  target         = ibm_is_instance.bootstrap_node.primary_network_interface.0.id
+  tags           = var.tags
+}
+
+############################################
+# Load balancer backend pool members
+############################################
+
+resource "ibm_is_lb_pool_member" "kubernetes_api_public" {
+  count = var.public_endpoints ? 1 : 0
+
+  lb             = var.lb_kubernetes_api_public_id
+  pool           = var.lb_pool_kubernetes_api_public_id
+  port           = local.port_kubernetes_api
+  target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address
+}
+
+resource "ibm_is_lb_pool_member" "kubernetes_api_private" {
+  lb             = var.lb_kubernetes_api_private_id
+  pool           = var.lb_pool_kubernetes_api_private_id
+  port           = local.port_kubernetes_api
+  target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address
+}
+
+resource "ibm_is_lb_pool_member" "machine_config" {
+  lb             = var.lb_kubernetes_api_private_id
+  pool           = var.lb_pool_machine_config_id
+  port           = local.port_machine_config
+  target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address
+}

data/data/ibmcloud/bootstrap/outputs.tf

@@ -0,0 +1,11 @@
+#######################################
+# Bootstrap module outputs
+#######################################
+
+output "name" {
+  value = ibm_is_instance.bootstrap_node.name
+}
+
+output "primary_ipv4_address" {
+  value = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address
+}

data/data/ibmcloud/bootstrap/templates/bootstrap.ign

@@ -0,0 +1,16 @@
+{
+  "ignition": {
+    "version": "3.2.0",
+    "config": {
+      "replace": {
+        "source": "https://${HOSTNAME}/${BUCKET_NAME}/${OBJECT_NAME}",
+        "httpHeaders": [
+          {
+            "name": "Authorization",
+            "value": "${IAM_TOKEN}"
+          }
+        ]
+      }
+    }
+  }
+}

data/data/ibmcloud/bootstrap/variables.tf

@@ -0,0 +1,75 @@
+#######################################
+# Bootstrap module variables
+#######################################
+
+variable "cluster_id" {
+  type = string
+}
+
+variable "cos_resource_instance_id" {
+  type = string
+}
+
+variable "cos_bucket_region" {
+  type = string
+}
+
+variable "ignition_file" {
+  type = string
+}
+
+variable "lb_kubernetes_api_public_id" {
+  type = string
+}
+
+variable "lb_kubernetes_api_private_id" {
+  type = string
+}
+
+variable "lb_pool_kubernetes_api_public_id" {
+  type = string
+}
+
+variable "lb_pool_kubernetes_api_private_id" {
+  type = string
+}
+
+variable "lb_pool_machine_config_id" {
+  type = string
+}
+
+variable "public_endpoints" {
+  type = bool
+}
+
+variable "resource_group_id" {
+  type = string
+}
+
+variable "security_group_id" {
+  type = string
+}
+
+variable "subnet_id" {
+  type = string
+}
+
+variable "tags" {
+  type = list(string)
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "vsi_image_id" {
+  type = string
+}
+
+variable "vsi_profile" {
+  type = string
+}
+
+variable "zone" {
+  type = string
+}

data/data/ibmcloud/cis/main.tf

@@ -0,0 +1,78 @@
+############################################
+# Datasources
+############################################
+
+data "ibm_cis_domain" "base_domain" {
+  cis_id = var.cis_id
+  domain = var.base_domain
+}
+
+############################################
+# CIS DNS records (CNAME)
+############################################
+
+resource "ibm_cis_dns_record" "kubernetes_api" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "CNAME"
+  name      = "api.${var.cluster_domain}"
+  content   = var.lb_kubernetes_api_public_hostname != "" ? var.lb_kubernetes_api_public_hostname : var.lb_kubernetes_api_private_hostname
+  ttl       = 60
+}
+
+resource "ibm_cis_dns_record" "kubernetes_api_internal" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "CNAME"
+  name      = "api-int.${var.cluster_domain}"
+  content   = var.lb_kubernetes_api_private_hostname
+  ttl       = 60
+}
+
+############################################
+# CIS DNS records (A)
+############################################
+
+resource "ibm_cis_dns_record" "bootstrap_node" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "A"
+  name      = "${var.bootstrap_name}.${var.cluster_domain}"
+  content   = var.bootstrap_ipv4_address
+  ttl       = 60
+}
+
+resource "ibm_cis_dns_record" "master_node" {
+  count = var.master_count
+
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "A"
+  name      = "${var.master_name_list[count.index]}.${var.cluster_domain}"
+  content   = var.master_ipv4_address_list[count.index]
+  ttl       = 60
+}
+
+############################################
+# CIS DNS records (PTR)
+############################################
+
+resource "ibm_cis_dns_record" "bootstrap_node_ptr" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "PTR"
+  name      = var.bootstrap_ipv4_address
+  content   = "${var.bootstrap_name}.${var.cluster_domain}"
+  ttl       = 60
+}
+
+resource "ibm_cis_dns_record" "master_node_ptr" {
+  count = var.master_count
+
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "PTR"
+  name      = var.master_ipv4_address_list[count.index]
+  content   = "${var.master_name_list[count.index]}.${var.cluster_domain}"
+  ttl       = 60
+}

data/data/ibmcloud/cis/variables.tf

@@ -0,0 +1,43 @@
+############################################
+# CIS module variables
+############################################
+
+variable "cis_id" {
+  type = string
+}
+
+variable "base_domain" {
+  type = string
+}
+
+variable "cluster_domain" {
+  type = string
+}
+
+variable "bootstrap_name" {
+  type = string
+}
+
+variable "bootstrap_ipv4_address" {
+  type = string
+}
+
+variable "master_count" {
+  type = string
+}
+
+variable "master_name_list" {
+  type = list(string)
+}
+
+variable "master_ipv4_address_list" {
+  type = list(string)
+}
+
+variable "lb_kubernetes_api_public_hostname" {
+  type = string
+}
+
+variable "lb_kubernetes_api_private_hostname" {
+  type = string
+}