From 6714a6b5b2990c09e9b34bc39de8cf526d9b1b21 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Wed, 16 Aug 2023 17:49:29 +0200 Subject: [PATCH] Allow disabling HAProxy on VSHN-managed LBs on cloudscale.ch This feature is intended to be used when provisioning cloudscale.ch managed LBs for the cluster. --- modules/vshn-lbaas-cloudscale/hiera.tf | 9 +++++---- modules/vshn-lbaas-cloudscale/main.tf | 7 ++----- modules/vshn-lbaas-cloudscale/variables.tf | 6 ++++++ modules/vshn-lbaas-hieradata/main.tf | 1 + .../vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl | 7 +++++++ modules/vshn-lbaas-hieradata/variables.tf | 6 ++++++ 6 files changed, 27 insertions(+), 9 deletions(-) diff --git a/modules/vshn-lbaas-cloudscale/hiera.tf b/modules/vshn-lbaas-cloudscale/hiera.tf index 5eb8ab8..874bac8 100644 --- a/modules/vshn-lbaas-cloudscale/hiera.tf +++ b/modules/vshn-lbaas-cloudscale/hiera.tf @@ -8,7 +8,7 @@ module "hiera" { cloud_provider = "cloudscale" - api_backends = local.api_backends + api_backends = var.enable_haproxy ? local.api_backends : [] router_backends = var.router_backends bootstrap_node = var.bootstrap_node node_name_suffix = var.node_name_suffix @@ -17,12 +17,13 @@ module "hiera" { ingress_controller = var.ingress_controller lb_names = random_id.lb[*].hex hieradata_repo_user = var.hieradata_repo_user - api_vip = cidrhost(cloudscale_floating_ip.api_vip[0].network, 0) - internal_vip = var.internal_vip + api_vip = var.enable_haproxy ? cidrhost(cloudscale_floating_ip.api_vip[0].network, 0) : "" + internal_vip = var.enable_haproxy ? var.internal_vip : "" nat_vip = cidrhost(cloudscale_floating_ip.nat_vip[0].network, 0) - router_vip = cidrhost(cloudscale_floating_ip.router_vip[0].network, 0) + router_vip = var.enable_haproxy ? cidrhost(cloudscale_floating_ip.router_vip[0].network, 0) : "" team = var.team enable_proxy_protocol = var.enable_proxy_protocol + enable_haproxy = var.enable_haproxy lb_api_credentials = { cloudscale = { diff --git a/modules/vshn-lbaas-cloudscale/main.tf b/modules/vshn-lbaas-cloudscale/main.tf index 18ebbde..16fb735 100644 --- a/modules/vshn-lbaas-cloudscale/main.tf +++ b/modules/vshn-lbaas-cloudscale/main.tf @@ -1,5 +1,5 @@ resource "cloudscale_floating_ip" "api_vip" { - count = var.lb_count != 0 ? 1 : 0 + count = var.enable_haproxy && var.lb_count != 0 ? 1 : 0 ip_version = 4 region_slug = var.region reverse_ptr = "api.${var.node_name_suffix}" @@ -8,13 +8,12 @@ resource "cloudscale_floating_ip" "api_vip" { ignore_changes = [ # Will be handled by Keepalived (Ursula) server, - next_hop, ] } } resource "cloudscale_floating_ip" "router_vip" { - count = var.lb_count != 0 ? 1 : 0 + count = var.enable_haproxy && var.lb_count != 0 ? 1 : 0 ip_version = 4 region_slug = var.region reverse_ptr = "ingress.${var.node_name_suffix}" @@ -23,7 +22,6 @@ resource "cloudscale_floating_ip" "router_vip" { ignore_changes = [ # Will be handled by Keepalived (Ursula) server, - next_hop, ] } } @@ -38,7 +36,6 @@ resource "cloudscale_floating_ip" "nat_vip" { ignore_changes = [ # Will be handled by Keepalived (Ursula) server, - next_hop, ] } } diff --git a/modules/vshn-lbaas-cloudscale/variables.tf b/modules/vshn-lbaas-cloudscale/variables.tf index 642a855..4c4965f 100644 --- a/modules/vshn-lbaas-cloudscale/variables.tf +++ b/modules/vshn-lbaas-cloudscale/variables.tf @@ -106,3 +106,9 @@ variable "enable_proxy_protocol" { description = "Enable the PROXY protocol for the Router backends. WARNING: Connections will fail until you enable the same on the OpenShift router as well" default = false } + +variable "enable_haproxy" { + type = bool + description = "Control whether the HAProxy LB is configured. Set this to true if you're using cloudscale.ch managed LBs" + default = true +} diff --git a/modules/vshn-lbaas-hieradata/main.tf b/modules/vshn-lbaas-hieradata/main.tf index b7e0332..ea4fe08 100644 --- a/modules/vshn-lbaas-hieradata/main.tf +++ b/modules/vshn-lbaas-hieradata/main.tf @@ -41,6 +41,7 @@ resource "local_file" "lb_hieradata" { "router" = var.router_backends[*], } "enable_proxy_protocol" = var.enable_proxy_protocol + "enable_haproxy" = var.enable_haproxy "bootstrap_node" = var.bootstrap_node "team" = var.team }) diff --git a/modules/vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl b/modules/vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl index 7356dca..b74e44e 100644 --- a/modules/vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl +++ b/modules/vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl @@ -15,11 +15,15 @@ profile_openshift4_gateway::private_interfaces: - ${if} %{ endfor ~} profile_openshift4_gateway::floating_addresses: +%{ if api_vip != "" ~} api: ${api_vip} +%{ endif ~} %{ if nat_vip != "" ~} nat: ${nat_vip} %{ endif ~} +%{ if router_vip != "" ~} router: ${router_vip} +%{ endif ~} profile_openshift4_gateway::floating_address_provider: ${cloud_provider} %{ if internal_vip != "" ~} profile_openshift4_gateway::internal_vip: ${internal_vip} @@ -43,6 +47,9 @@ profile_openshift4_gateway::backends: %{ if enable_proxy_protocol ~} profile_openshift4_gateway::enable_proxy_protocol: true %{ endif ~} +%{ if !enable_haproxy ~} +profile_openshift4_gateway::enable_haproxy: false +%{ endif ~} %{ if team != "" ~} profile_icinga2::host::hiera_vars: team: ${team} diff --git a/modules/vshn-lbaas-hieradata/variables.tf b/modules/vshn-lbaas-hieradata/variables.tf index fd260b9..decd0b2 100644 --- a/modules/vshn-lbaas-hieradata/variables.tf +++ b/modules/vshn-lbaas-hieradata/variables.tf @@ -105,3 +105,9 @@ variable "enable_proxy_protocol" { description = "Enable the PROXY protocol for the Router backends. WARNING: Connections will fail until you enable the same on the OpenShift router as well" default = false } + +variable "enable_haproxy" { + type = bool + description = "Control whether the HAProxy LB is configured. Set this to true if you're using cloudscale.ch managed LBs" + default = false +}