Add IBM Power VS: tf data

data/data/powervs/cluster/bootstrap/main.tf

@@ -0,0 +1,77 @@
+# TODO(mjturek): network and image data blocks can be in main module
+#                as master and bootstrap will be using the same
+#                network and image. Once we add in master module, make
+#                the move.
+data "ibm_pi_network" "network" {
+  pi_network_name      = var.network_name
+  pi_cloud_instance_id = var.cloud_instance_id
+}
+
+data "ibm_resource_group" "cos_group" {
+  name = var.resource_group
+}
+
+resource "ibm_resource_instance" "cos_instance" {
+  name              = "${var.cluster_id}-cos"
+  resource_group_id = data.ibm_resource_group.cos_group.id
+  service           = "cloud-object-storage"
+  plan              = "standard"
+  location          = var.cos_instance_location
+  tags              = [var.cluster_id]
+}
+
+# Create an IBM COS Bucket to store ignition
+resource "ibm_cos_bucket" "ignition" {
+  bucket_name          = "${var.cluster_id}-bootstrap-ign"
+  resource_instance_id = ibm_resource_instance.cos_instance.id
+  region_location      = var.cos_bucket_location
+  storage_class        = var.cos_storage_class
+}
+
+resource "ibm_resource_key" "cos_service_cred" {
+  name                 = "${var.cluster_id}-cred"
+  role                 = "Reader"
+  resource_instance_id = ibm_resource_instance.cos_instance.id
+  parameters           = { HMAC = true }
+}
+
+# Place the bootstrap ignition file in the ignition COS bucket
+resource "ibm_cos_bucket_object" "ignition" {
+  bucket_crn      = ibm_cos_bucket.ignition.crn
+  bucket_location = ibm_cos_bucket.ignition.region_location
+  content         = var.ignition
+  key             = "bootstrap.ign"
+  etag            = md5(var.ignition)
+}
+
+data "ibm_iam_auth_token" "iam_token" {}
+
+# Create the bootstrap instance
+resource "ibm_pi_instance" "bootstrap" {
+  pi_memory            = var.memory
+  pi_processors        = var.processors
+  pi_instance_name     = "${var.cluster_id}-bootstrap"
+  pi_proc_type         = var.proc_type
+  pi_image_id          = var.image_id
+  pi_sys_type          = var.sys_type
+  pi_cloud_instance_id = var.cloud_instance_id
+  pi_network {
+    network_id = data.ibm_pi_network.network.id
+  }
+  pi_user_data = base64encode(templatefile("${path.module}/templates/bootstrap.ign", {
+    HOSTNAME    = ibm_cos_bucket.ignition.s3_endpoint_public
+    BUCKET_NAME = ibm_cos_bucket.ignition.bucket_name
+    OBJECT_NAME = ibm_cos_bucket_object.ignition.key
+    IAM_TOKEN   = data.ibm_iam_auth_token.iam_token.iam_access_token
+  }))
+  pi_key_pair_name = var.key_id
+  pi_health_status = "WARNING"
+}
+
+data "ibm_pi_instance_ip" "bootstrap_ip" {
+  depends_on = [ibm_pi_instance.bootstrap]
+
+  pi_instance_name     = ibm_pi_instance.bootstrap.pi_instance_name
+  pi_network_name      = data.ibm_pi_network.network.pi_network_name
+  pi_cloud_instance_id = var.cloud_instance_id
+}

data/data/powervs/cluster/bootstrap/outputs.tf

@@ -0,0 +1,3 @@
+output "bootstrap_private_ip" {
+  value = data.ibm_pi_instance_ip.bootstrap_ip.ip
+}

data/data/powervs/cluster/bootstrap/templates/bootstrap.ign

@@ -0,0 +1,16 @@
+{
+  "ignition": {
+    "version": "3.2.0",
+    "config": {
+      "replace": {
+        "source": "https://${HOSTNAME}/${BUCKET_NAME}/${OBJECT_NAME}",
+        "httpHeaders": [
+          {
+            "name": "Authorization",
+            "value": "${IAM_TOKEN}"
+          }
+        ]
+      }
+    }
+  }
+}

data/data/powervs/cluster/bootstrap/variables.tf

@@ -0,0 +1,69 @@
+variable "memory" {
+  type        = string
+  description = "The amount of memory to assign to each node in GB."
+}
+
+variable "processors" {
+  type        = string
+  description = "The processor count for each node."
+}
+
+variable "ignition" {
+  type        = string
+  description = "The contents of the ignition file."
+}
+
+variable "cloud_instance_id" {
+  type        = string
+  description = "The Power VS Service Instance (aka Cloud Instance) ID."
+}
+
+variable "resource_group" {
+  type        = string
+  description = "The name of the Power VS resource group to which the user belongs."
+}
+
+variable "image_id" {
+  type        = string
+  description = "The ID of the Power VS boot image for the nodes."
+}
+
+variable "network_name" {
+  type        = string
+  description = "The name of the Power VS network."
+}
+
+variable "proc_type" {
+  type        = string
+  description = "The type of processor to be assigned (e.g. capped, dedicated, shared) to the nodes."
+}
+
+variable "sys_type" {
+  type        = string
+  description = "The type of system on which to provision the nodes (e.g s922)."
+}
+
+variable "cluster_id" {
+  type        = string
+  description = "The ID created by the installer to uniquely identify the created cluster."
+}
+
+variable "key_id" {
+  type        = string
+  description = "The SSH Key ID."
+}
+
+variable "cos_instance_location" {
+  type        = string
+  description = "Specifies whether the Cloud Object Store instance is global or in a specific region. Used for the ignition file."
+}
+
+variable "cos_bucket_location" {
+  type        = string
+  description = "The region in which to create the Cloud Object Store bucket. Used for the igntion file."
+}
+
+variable "cos_storage_class" {
+  type        = string
+  description = "The storage class for the Cloud Object Store instance."
+}

data/data/powervs/cluster/bootstrap/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 0.14"
+  required_providers {
+    ibm = {
+      source = "openshift/local/ibm"
+    }
+    ignition = {
+      source = "openshift/local/ignition"
+    }
+  }
+}

data/data/powervs/cluster/dns/dns.tf

@@ -0,0 +1,22 @@
+data "ibm_cis_domain" "base_domain" {
+  cis_id = var.cis_id
+  domain = var.base_domain
+}
+
+resource "ibm_cis_dns_record" "kubernetes_api" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "CNAME"
+  name      = "api.${var.cluster_domain}"
+  content   = var.load_balancer_hostname
+  ttl       = 60
+}
+
+resource "ibm_cis_dns_record" "kubernetes_api_internal" {
+  cis_id    = var.cis_id
+  domain_id = data.ibm_cis_domain.base_domain.id
+  type      = "CNAME"
+  name      = "api-int.${var.cluster_domain}"
+  content   = var.load_balancer_int_hostname
+  ttl       = 60
+}

data/data/powervs/cluster/dns/variables.tf

@@ -0,0 +1,28 @@
+variable "cis_id" {
+  type        = string
+  description = "The ID of the IBM Cloud CIS instance that will be used for the DNS records."
+}
+
+variable "base_domain" {
+  type        = string
+  description = "The base domain for all DNS records."
+}
+
+variable "cluster_domain" {
+  type        = string
+  description = "The domain name for the created cluster."
+}
+
+variable "load_balancer_hostname" {
+  type        = string
+  description = "The hostname for the external load balancer."
+}
+
+variable "load_balancer_int_hostname" {
+  type        = string
+  description = "The hostname for the internal load balancer."
+}
+
+
+
+

data/data/powervs/cluster/dns/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_version = ">= 0.14"
+  required_providers {
+    ibm = {
+      source = "openshift/local/ibm"
+    }
+  }
+}

data/data/powervs/cluster/loadbalancer/alb.tf

@@ -0,0 +1,148 @@
+locals {
+  api_servers       = concat([var.bootstrap_ip], var.master_ips)
+  api_servers_count = length(var.master_ips) + 1 # bootstrap + master
+  app_servers       = var.master_ips
+  app_servers_count = length(var.master_ips)
+}
+
+data "ibm_resource_group" "resource_group" {
+  name = var.resource_group
+}
+
+resource "ibm_is_lb" "load_balancer" {
+  name            = "${var.cluster_id}-loadbalancer"
+  resource_group  = data.ibm_resource_group.resource_group.id
+  subnets         = [var.vpc_subnet_id]
+  security_groups = [ibm_is_security_group.ocp_security_group.id]
+  tags            = [var.cluster_id, "${var.cluster_id}-loadbalancer"]
+  type            = "public"
+}
+
+resource "ibm_is_lb" "load_balancer_int" {
+  name            = "${var.cluster_id}-loadbalancer-int"
+  resource_group  = data.ibm_resource_group.resource_group.id
+  subnets         = [var.vpc_subnet_id]
+  security_groups = [ibm_is_security_group.ocp_security_group.id]
+  tags            = [var.cluster_id, "${var.cluster_id}-loadbalancer-int"]
+  type            = "private"
+}
+
+# Using explicit depends_on as otherwise there are issues with updating and adding of pool members
+# Ref: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_lb_listener
+
+## TODO move this to internal/private LB
+# machine config listener and backend pool
+resource "ibm_is_lb_listener" "machine_config_listener" {
+  lb           = ibm_is_lb.load_balancer_int.id
+  port         = 22623
+  protocol     = "tcp"
+  default_pool = ibm_is_lb_pool.machine_config_pool.id
+}
+resource "ibm_is_lb_pool" "machine_config_pool" {
+  depends_on = [ibm_is_lb.load_balancer_int]
+
+  name           = "machine-config-server"
+  lb             = ibm_is_lb.load_balancer_int.id
+  algorithm      = "round_robin"
+  protocol       = "tcp"
+  health_delay   = 60
+  health_retries = 5
+  health_timeout = 30
+  health_type    = "tcp"
+}
+resource "ibm_is_lb_pool_member" "machine_config_member" {
+  depends_on = [ibm_is_lb_listener.machine_config_listener]
+  count      = local.api_servers_count
+
+  lb             = ibm_is_lb.load_balancer_int.id
+  pool           = ibm_is_lb_pool.machine_config_pool.id
+  port           = 22623
+  target_address = local.api_servers[count.index]
+}
+
+# api listener and backend pool (internal)
+resource "ibm_is_lb_listener" "api_listener_int" {
+  lb           = ibm_is_lb.load_balancer_int.id
+  port         = 6443
+  protocol     = "tcp"
+  default_pool = ibm_is_lb_pool.api_pool_int.id
+}
+resource "ibm_is_lb_pool" "api_pool_int" {
+  depends_on = [ibm_is_lb.load_balancer_int]
+
+  name           = "openshift-api-server"
+  lb             = ibm_is_lb.load_balancer_int.id
+  algorithm      = "round_robin"
+  protocol       = "tcp"
+  health_delay   = 60
+  health_retries = 5
+  health_timeout = 30
+  health_type    = "tcp"
+}
+resource "ibm_is_lb_pool_member" "api_member_int" {
+  depends_on = [ibm_is_lb_listener.api_listener_int, ibm_is_lb_pool_member.machine_config_member]
+  count      = local.api_servers_count
+
+  lb             = ibm_is_lb.load_balancer_int.id
+  pool           = ibm_is_lb_pool.api_pool_int.id
+  port           = 6443
+  target_address = local.api_servers[count.index]
+}
+
+# api listener and backend pool (external)
+resource "ibm_is_lb_listener" "api_listener" {
+  lb           = ibm_is_lb.load_balancer.id
+  port         = 6443
+  protocol     = "tcp"
+  default_pool = ibm_is_lb_pool.api_pool.id
+}
+resource "ibm_is_lb_pool" "api_pool" {
+  depends_on = [ibm_is_lb.load_balancer]
+
+  name           = "openshift-api-server"
+  lb             = ibm_is_lb.load_balancer.id
+  algorithm      = "round_robin"
+  protocol       = "tcp"
+  health_delay   = 60
+  health_retries = 5
+  health_timeout = 30
+  health_type    = "tcp"
+}
+resource "ibm_is_lb_pool_member" "api_member" {
+  depends_on = [ibm_is_lb_listener.api_listener, ibm_is_lb_pool_member.machine_config_member]
+  count      = local.api_servers_count
+
+  lb             = ibm_is_lb.load_balancer.id
+  pool           = ibm_is_lb_pool.api_pool.id
+  port           = 6443
+  target_address = local.api_servers[count.index]
+}
+
+# bootstrap listener and backend pool
+resource "ibm_is_lb_listener" "bootstrap_listener" {
+  lb           = ibm_is_lb.load_balancer.id
+  port         = 22
+  protocol     = "tcp"
+  default_pool = ibm_is_lb_pool.bootstrap_pool.id
+}
+resource "ibm_is_lb_pool" "bootstrap_pool" {
+  depends_on = [ibm_is_lb.load_balancer]
+
+  name           = "bootstrap-node"
+  lb             = ibm_is_lb.load_balancer.id
+  algorithm      = "round_robin"
+  protocol       = "tcp"
+  health_delay   = 5
+  health_retries = 2
+  health_timeout = 2
+  health_type    = "tcp"
+}
+resource "ibm_is_lb_pool_member" "bootstrap" {
+  depends_on = [ibm_is_lb_listener.bootstrap_listener]
+
+  lb             = ibm_is_lb.load_balancer.id
+  pool           = ibm_is_lb_pool.bootstrap_pool.id
+  port           = 22
+  target_address = var.bootstrap_ip
+}
+

data/data/powervs/cluster/loadbalancer/outputs.tf

@@ -0,0 +1,7 @@
+output "powervs_lb_hostname" {
+  value = ibm_is_lb.load_balancer.hostname
+}
+
+output "powervs_lb_int_hostname" {
+  value = ibm_is_lb.load_balancer_int.hostname
+}