Skip to content

Commit

Permalink
Allow disabling HAProxy on VSHN-managed LBs on cloudscale.ch
Browse files Browse the repository at this point in the history
This feature is intended to be used when provisioning cloudscale.ch
managed LBs for the cluster.
  • Loading branch information
simu committed Aug 16, 2023
1 parent 0f1aabe commit bd2c0e5
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 11 deletions.
13 changes: 7 additions & 6 deletions modules/vshn-lbaas-cloudscale/hiera.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,22 @@ module "hiera" {

cloud_provider = "cloudscale"

api_backends = local.api_backends
router_backends = var.router_backends
bootstrap_node = var.bootstrap_node
api_backends = var.enable_haproxy ? local.api_backends : []
router_backends = var.enable_haproxy ? var.router_backends : []
bootstrap_node = var.enable_haproxy ? var.bootstrap_node : ""
node_name_suffix = var.node_name_suffix
cluster_id = var.cluster_id
distribution = var.distribution
ingress_controller = var.ingress_controller
lb_names = random_id.lb[*].hex
hieradata_repo_user = var.hieradata_repo_user
api_vip = cidrhost(cloudscale_floating_ip.api_vip[0].network, 0)
internal_vip = var.internal_vip
api_vip = var.enable_haproxy ? cidrhost(cloudscale_floating_ip.api_vip[0].network, 0) : ""
internal_vip = var.enable_haproxy ? var.internal_vip : ""
nat_vip = cidrhost(cloudscale_floating_ip.nat_vip[0].network, 0)
router_vip = cidrhost(cloudscale_floating_ip.router_vip[0].network, 0)
router_vip = var.enable_haproxy ? cidrhost(cloudscale_floating_ip.router_vip[0].network, 0) : ""
team = var.team
enable_proxy_protocol = var.enable_proxy_protocol
enable_haproxy = var.enable_haproxy

lb_api_credentials = {
cloudscale = {
Expand Down
7 changes: 2 additions & 5 deletions modules/vshn-lbaas-cloudscale/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
resource "cloudscale_floating_ip" "api_vip" {
count = var.lb_count != 0 ? 1 : 0
count = var.enable_haproxy && var.lb_count != 0 ? 1 : 0
ip_version = 4
region_slug = var.region
reverse_ptr = "api.${var.node_name_suffix}"
Expand All @@ -8,13 +8,12 @@ resource "cloudscale_floating_ip" "api_vip" {
ignore_changes = [
# Will be handled by Keepalived (Ursula)
server,
next_hop,
]
}
}

resource "cloudscale_floating_ip" "router_vip" {
count = var.lb_count != 0 ? 1 : 0
count = var.enable_haproxy && var.lb_count != 0 ? 1 : 0
ip_version = 4
region_slug = var.region
reverse_ptr = "ingress.${var.node_name_suffix}"
Expand All @@ -23,7 +22,6 @@ resource "cloudscale_floating_ip" "router_vip" {
ignore_changes = [
# Will be handled by Keepalived (Ursula)
server,
next_hop,
]
}
}
Expand All @@ -38,7 +36,6 @@ resource "cloudscale_floating_ip" "nat_vip" {
ignore_changes = [
# Will be handled by Keepalived (Ursula)
server,
next_hop,
]
}
}
Expand Down
6 changes: 6 additions & 0 deletions modules/vshn-lbaas-cloudscale/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -106,3 +106,9 @@ variable "enable_proxy_protocol" {
description = "Enable the PROXY protocol for the Router backends. WARNING: Connections will fail until you enable the same on the OpenShift router as well"
default = false
}

variable "enable_haproxy" {
type = bool
description = "Control whether the HAProxy LB is configured. Set this to true if you're using cloudscale.ch managed LBs"
default = true
}
1 change: 1 addition & 0 deletions modules/vshn-lbaas-hieradata/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ resource "local_file" "lb_hieradata" {
"router" = var.router_backends[*],
}
"enable_proxy_protocol" = var.enable_proxy_protocol
"enable_haproxy" = var.enable_haproxy
"bootstrap_node" = var.bootstrap_node
"team" = var.team
})
Expand Down
7 changes: 7 additions & 0 deletions modules/vshn-lbaas-hieradata/templates/hieradata.yaml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,15 @@ profile_openshift4_gateway::private_interfaces:
- ${if}
%{ endfor ~}
profile_openshift4_gateway::floating_addresses:
%{ if api_vip != "" ~}
api: ${api_vip}
%{ endif ~}
%{ if nat_vip != "" ~}
nat: ${nat_vip}
%{ endif ~}
%{ if router_vip != "" ~}
router: ${router_vip}
%{ endif ~}
profile_openshift4_gateway::floating_address_provider: ${cloud_provider}
%{ if internal_vip != "" ~}
profile_openshift4_gateway::internal_vip: ${internal_vip}
Expand All @@ -43,6 +47,9 @@ profile_openshift4_gateway::backends:
%{ if enable_proxy_protocol ~}
profile_openshift4_gateway::enable_proxy_protocol: true
%{ endif ~}
%{ if !enable_haproxy ~}
profile_openshift4_gateway::enable_haproxy: false
%{ endif ~}
%{ if team != "" ~}
profile_icinga2::host::hiera_vars:
team: ${team}
Expand Down
6 changes: 6 additions & 0 deletions modules/vshn-lbaas-hieradata/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -105,3 +105,9 @@ variable "enable_proxy_protocol" {
description = "Enable the PROXY protocol for the Router backends. WARNING: Connections will fail until you enable the same on the OpenShift router as well"
default = false
}

variable "enable_haproxy" {
type = bool
description = "Control whether the HAProxy LB is configured. Set this to true if you're using cloudscale.ch managed LBs"
default = false
}

0 comments on commit bd2c0e5

Please sign in to comment.