-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathmain.tf
174 lines (155 loc) · 5.98 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
locals {
supported_regions = {
"ap-northeast-1" = "apne1"
"ap-northeast-2" = "apne2"
"ap-northeast-3" = "apne3"
"ap-southeast-1" = "apse1"
"ap-southeast-2" = "apse2"
"ap-southeast-3" = "apse3"
"ap-southeast-4" = "apse4"
"ca-central-1" = "cac1"
"eu-central-1" = "euc1"
"eu-central-2" = "euc2"
"eu-west-1" = "euw1"
"eu-west-2" = "euw2"
"us-east-1" = "use1"
"us-east-2" = "use2"
"us-west-2" = "usw2"
"ap-south-1" = "aps1"
"ap-south-2" = "aps2"
"af-south-1" = "afs1"
"eu-north-1" = "eun1"
"me-south-1" = "mes1"
"sa-east-1" = "sae1"
"ap-east-1" = "ape1"
"eu-south-1" = "eus1"
"eu-south-2" = "eus2"
"eu-west-3" = "euw3"
"me-central-1" = "mec1"
}
well_known_az_ids = {
us-east-1 = [2, 4, 6]
ap-northeast-1 = [1, 2, 4]
}
az_id_prefix = lookup(local.supported_regions, var.region, null) != null ? "${local.supported_regions[var.region]}-az" : "unknown-az"
azs = (
length(var.subnet_azs) > 0 ?
(var.single_az_only ? [var.subnet_azs[0]] : var.subnet_azs) :
(var.single_az_only ?
["${local.az_id_prefix}${lookup(local.well_known_az_ids, var.region, [1, 2, 3])[0]}"] :
[for id in lookup(local.well_known_az_ids, var.region, [1, 2, 3]) : "${local.az_id_prefix}${id}"]
)
)
# If an AZ has a single hyphen, it's an AZ ID
az_ids = [for az in local.azs : az if length(split("-", az)) == 2]
# If an AZ has a two hyphens, it's an AZ name
az_names = [for az in local.azs : az if length(split("-", az)) == 3]
vpc_cidr_prefix = tonumber(split("/", var.vpc_cidr)[1])
subnet_newbits = var.subnet_cidr_prefix - local.vpc_cidr_prefix
subnet_count = var.private_subnets_only ? length(local.azs) : length(local.azs) * 2
all_subnets = (
var.private_subnets_only ?
[
local.subnet_newbits == 0 ?
[var.vpc_cidr] :
cidrsubnets(var.vpc_cidr, [for i in range(length(local.azs)) : local.subnet_newbits]...), []
] :
[
for cidr_block in cidrsubnets(var.vpc_cidr, 1, 1) :
local.subnet_newbits == 1 ?
[cidr_block] :
cidrsubnets(cidr_block, [for i in range(length(local.azs)) : local.subnet_newbits - 1]...)
]
)
}
# Performing multi-input validations in null_resource block
# https://github.com/hashicorp/terraform/issues/25609
resource "null_resource" "validations" {
lifecycle {
precondition {
condition = lookup(local.supported_regions, var.region, null) != null
error_message = <<-EOT
ROSA with hosted control planes is currently only available in these regions:
${join(", ", keys(local.supported_regions))}.
EOT
}
precondition {
condition = local.vpc_cidr_prefix <= var.subnet_cidr_prefix
error_message = "Subnet CIDR prefix must be smaller prefix (larger number) than the VPC CIDR prefix."
}
precondition {
condition = !(var.single_az_only && length(var.subnet_azs) > 1)
error_message = <<-EOT
It's invalid to supply more than 1 `subnet_azs` while also specifying `single_az_only=true` (default).
To use more than 1 availability zone, set `-var single_az_only=false`.
Or set `-var 'subnet_azs=["${length(var.subnet_azs) > 0 ? var.subnet_azs[0] : "none"}"]'`
EOT
}
precondition {
condition = (length(local.az_ids) > 0 && length(local.az_names) == 0) || (length(local.az_ids) == 0 && length(local.az_names) > 0)
error_message = <<-EOT
Make sure to provide subnet_azs in either name format OR zone ID, do not mix and match.
E.g., us-east-1a,us-east-1b OR use1-az1,use1-az2
EOT
}
precondition {
condition = local.subnet_count <= pow(2, local.subnet_newbits)
error_message = <<-EOT
The size of available IP space is not enough to accomodate the expected number of subnets:
Try increasing the size of your VPC CIDR, e.g., 10.0.0.0/16 -> 10.0.0.0/14
Or try decreasing the size of your Subnet Prefix, e.g., 24 -> 28
EOT
}
precondition {
condition = alltrue([for name in local.az_names : contains(data.aws_availability_zones.available_azs.names, name)])
error_message = <<-EOT
ROSA with hosted control planes in region ${var.region} does not currently support availability zone name(s):
${join(", ", [for name in local.az_names : name if !contains(data.aws_availability_zones.available_azs.names, name)])}
EOT
}
precondition {
condition = alltrue([for id in local.az_ids : contains(data.aws_availability_zones.available_azs.zone_ids, id)])
error_message = <<-EOT
ROSA with hosted control planes in region ${var.region} does not currently support availability zone ID(s):
${join(", ", [for id in local.az_ids : id if !contains(data.aws_availability_zones.available_azs.zone_ids, id)])}
EOT
}
}
}
data "aws_availability_zones" "available_azs" {
state = "available"
filter {
name = "opt-in-status"
# Currently, no support for Local Zones, Wavelength, or Outpost
values = ["opt-in-not-required"]
}
}
module "vpc" {
depends_on = [resource.null_resource.validations]
source = "terraform-aws-modules/vpc/aws"
version = "~> 4.0.0"
name = "${var.cluster_name}-vpc"
cidr = var.vpc_cidr
azs = local.azs
private_subnets = local.all_subnets[0]
public_subnets = local.all_subnets[1]
# Tags defined per https://repost.aws/knowledge-center/eks-vpc-subnet-discovery
private_subnet_tags = merge(var.extra_tags ,
{
"kubernetes.io/role/internal-elb" = "1"
})
public_subnet_tags = merge(var.extra_tags ,
{
"kubernetes.io/role/elb" = "1"
})
enable_nat_gateway = true
enable_dns_hostnames = true
enable_dns_support = true
manage_default_security_group = false
tags = merge(var.extra_tags,
{
Terraform = "true"
service = "ROSA"
cluster_name = var.cluster_name
})
}