appuio · simu · Aug 16, 2023 · Aug 16, 2023 · Aug 16, 2023 · Aug 16, 2023
diff --git a/lb.tf b/lb.tf
@@ -1,5 +1,5 @@
 module "lb" {
-  source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-cloudscale?ref=v5.1.0"
+  source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-cloudscale?ref=feat/cloudscale-lb"
 
   node_name_suffix       = local.node_name_suffix
   cluster_id             = var.cluster_id
@@ -18,4 +18,94 @@ module "lb" {
   hieradata_repo_user      = var.hieradata_repo_user
   internal_vip             = cidrhost(var.privnet_cidr, 100)
   enable_proxy_protocol    = var.lb_enable_proxy_protocol
+  enable_haproxy           = false
+}
+
+module "lb_api" {
+  source = "./modules/cloudscale-lb"
+
+  role         = "api"
+  cluster_id   = var.cluster_id
+  lb_flavor    = var.lbaas_flavor
+  region       = var.region
+  protocol     = "tcp"
+  subnet_uuid  = local.subnet_uuid
+  members      = module.master.ip_addresses[*]
+  bootstrap_ip = var.bootstrap_count > 0 ? cidrhost(local.privnet_cidr, 10) : ""
+  ports        = [6443]
+
+  health_check = {
+    type = "https"
+    path = "/readyz"
+    host = "api.${local.node_name_suffix}"
+  }
+}
+
+resource "cloudscale_floating_ip" "api_v4" {
+  load_balancer = module.lb_api.lb_id
+  ip_version    = 4
+  reverse_ptr   = "api.${local.node_name_suffix}"
+}
+
+resource "cloudscale_floating_ip" "api_v6" {
+  load_balancer = module.lb_api.lb_id
+  ip_version    = 6
+  reverse_ptr   = "api.${local.node_name_suffix}"
+}
+
+module "lb_api_int" {
+  source = "./modules/cloudscale-lb"
+
+  role         = "api-int"
+  cluster_id   = var.cluster_id
+  lb_flavor    = var.lbaas_flavor
+  region       = var.region
+  protocol     = "tcp"
+  subnet_uuid  = local.subnet_uuid
+  members      = module.master.ip_addresses[*]
+  bootstrap_ip = var.bootstrap_count > 0 ? cidrhost(local.privnet_cidr, 10) : ""
+  ports        = [6443, 22623]
+  allowed_cidrs = {
+    22623 = [local.privnet_cidr]
+  }
+  internal_vip = cidrhost(var.privnet_cidr, 100)
+
+  health_check = {
+    type = "https"
+    path = "/readyz"
+    host = "api.${local.node_name_suffix}"
+    port = 6443
+  }
+}
+
+module "lb_ingress" {
+  source = "./modules/cloudscale-lb"
+
+  role        = "ingress"
+  cluster_id  = var.cluster_id
+  lb_flavor   = var.lbaas_flavor
+  region      = var.region
+  protocol    = var.lb_enable_proxy_protocol ? "proxyv2" : "tcp"
+  subnet_uuid = local.subnet_uuid
+  members     = module.infra.ip_addresses[*]
+  ports       = [80, 443]
+
+  health_check = {
+    type = "http"
+    path = "/healthz/ready"
+    host = "ingress.${local.node_name_suffix}"
+    port = 1936
+  }
+}
+
+resource "cloudscale_floating_ip" "ingress_v4" {
+  load_balancer = module.lb_ingress.lb_id
+  ip_version    = 4
+  reverse_ptr   = "ingress.${local.node_name_suffix}"
+}
+
+resource "cloudscale_floating_ip" "ingress_v6" {
+  load_balancer = module.lb_ingress.lb_id
+  ip_version    = 6
+  reverse_ptr   = "ingress.${local.node_name_suffix}"
 }
diff --git a/modules/cloudscale-lb/main.tf b/modules/cloudscale-lb/main.tf
@@ -0,0 +1,66 @@
+locals {
+  backend_count = length(var.members)
+  port_count    = length(var.ports)
+  internal_vips = var.internal_vip != "" ? [
+    var.internal_vip
+  ] : []
+
+}
+resource "cloudscale_load_balancer" "lb" {
+  name        = "${var.cluster_id}_${var.role}"
+  flavor_slug = var.lb_flavor
+  zone_slug   = "${var.region}1"
+
+  dynamic "vip_addresses" {
+    for_each = local.internal_vips
+    content {
+      subnet_uuid = var.subnet_uuid
+      address     = vip_addresses.value
+    }
+  }
+}
+
+resource "cloudscale_load_balancer_pool" "lb" {
+  count              = local.port_count
+  name               = "${var.cluster_id}_${var.role}_${var.ports[count.index]}"
+  algorithm          = "round_robin"
+  protocol           = var.protocol
+  load_balancer_uuid = cloudscale_load_balancer.lb.id
+}
+
+resource "cloudscale_load_balancer_pool_member" "lb" {
+  count         = local.backend_count * local.port_count
+  name          = "${var.cluster_id}_${var.role}-member_${count.index}"
+  pool_uuid     = cloudscale_load_balancer_pool.lb[count.index % local.port_count].id
+  protocol_port = var.ports[floor(count.index % local.port_count)]
+  address       = var.members[floor(count.index / local.port_count)]
+  subnet_uuid   = var.subnet_uuid
+  monitor_port  = var.health_check.port
+}
+
+resource "cloudscale_load_balancer_pool_member" "bootstrap" {
+  count         = var.bootstrap_ip != "" ? local.port_count : 0
+  name          = "${var.cluster_id}_${var.role}-bootstrap_${var.ports[count.index]}"
+  pool_uuid     = cloudscale_load_balancer_pool.lb[count.index % local.port_count].id
+  protocol_port = var.ports[count.index]
+  address       = var.bootstrap_ip
+  subnet_uuid   = var.subnet_uuid
+  monitor_port  = var.health_check.port
+}
+
+resource "cloudscale_load_balancer_listener" "lb" {
+  count         = local.port_count
+  name          = "${var.cluster_id}_${var.role}_${var.ports[count.index]}"
+  pool_uuid     = cloudscale_load_balancer_pool.lb[count.index].id
+  protocol      = "tcp"
+  protocol_port = var.ports[count.index]
+  allowed_cidrs = lookup(var.allowed_cidrs, var.ports[count.index], [])
+}
+
+resource "cloudscale_load_balancer_health_monitor" "lb" {
+  count         = local.port_count
+  pool_uuid     = cloudscale_load_balancer_pool.lb[count.index].id
+  type          = var.health_check.type
+  http_url_path = var.health_check.path
+  http_host     = var.health_check.host
+}
diff --git a/modules/cloudscale-lb/output.tf b/modules/cloudscale-lb/output.tf
@@ -0,0 +1,11 @@
+output "lb_id" {
+  value = cloudscale_load_balancer.lb.id
+}
+
+output "vip_v4" {
+  value = matchkeys(cloudscale_load_balancer.lb.vip_addresses[*].address, cloudscale_load_balancer.lb.vip_addresses[*].version, [4])
+}
+
+output "vip_v6" {
+  value = matchkeys(cloudscale_load_balancer.lb.vip_addresses[*].address, cloudscale_load_balancer.lb.vip_addresses[*].version, [6])
+}
diff --git a/modules/cloudscale-lb/providers.tf b/modules/cloudscale-lb/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    cloudscale = {
+      source  = "cloudscale-ch/cloudscale"
+      version = "4.2.2"
+    }
+  }
+}
diff --git a/modules/cloudscale-lb/variables.tf b/modules/cloudscale-lb/variables.tf
@@ -0,0 +1,51 @@
+variable "cluster_id" {
+  type = string
+}
+
+variable "lb_flavor" {
+  type    = string
+  default = "lb-standard"
+}
+
+variable "role" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "protocol" {
+  type = string
+}
+
+variable "subnet_uuid" {
+  type = string
+}
+
+variable "members" {
+  type = list(string)
+}
+
+variable "bootstrap_ip" {
+  type    = string
+  default = ""
+}
+
+variable "ports" {
+  type = list(number)
+}
+
+variable "health_check" {
+  type = object({ type = string, path = string, host = string, port = optional(number) })
+}
+
+variable "internal_vip" {
+  type    = string
+  default = ""
+}
+
+variable "allowed_cidrs" {
+  type    = map(list(string))
+  default = {}
+}
diff --git a/outputs.tf b/outputs.tf
@@ -1,10 +1,12 @@
 output "dns_entries" {
   value = templatefile("${path.module}/templates/dns.zone", {
     "node_name_suffix" = local.node_name_suffix,
-    "api_vip"          = var.lb_count != 0 ? split("/", module.lb.api_vip[0].network)[0] : ""
-    "router_vip"       = var.lb_count != 0 ? split("/", module.lb.router_vip[0].network)[0] : ""
+    "api_vip"          = cloudscale_floating_ip.api_v4.id
+    "api_vip_v6"       = cloudscale_floating_ip.api_v6.id
+    "router_vip"       = cloudscale_floating_ip.ingress_v4.id
+    "router_vip_v6"    = cloudscale_floating_ip.ingress_v6.id
     "egress_vip"       = var.lb_count != 0 ? split("/", module.lb.nat_vip[0].network)[0] : ""
-    "internal_vip"     = cidrhost(local.privnet_cidr, 100),
+    "internal_vip"     = module.lb_api_int.vip_v4[0]
     "masters"          = module.master.ip_addresses,
     "cluster_id"       = var.cluster_id,
     "lbs"              = module.lb.public_ipv4_addresses,

diff --git a/templates/dns.zone b/templates/dns.zone
@@ -2,8 +2,10 @@
 $ORIGIN ${node_name_suffix}.
 
 api       IN A     ${api_vip}
+api       IN AAAA  ${api_vip_v6}
 api-int   IN A     ${internal_vip}
 ingress   IN A     ${router_vip}
+ingress   IN AAAA  ${router_vip_v6}
 egress    IN A     ${egress_vip}
 
 *.apps    IN CNAME ingress.${node_name_suffix}.

diff --git a/variables.tf b/variables.tf
@@ -59,10 +59,16 @@ variable "lb_count" {
 
 variable "lb_flavor" {
   type        = string
-  default     = "plus-8-2"
+  default     = "flex-4-1"
   description = "Compute flavor to use for loadbalancers"
 }
 
+variable "lbaas_flavor" {
+  type        = string
+  default     = "lb-standard"
+  description = "Flavor to use for cloudscale.ch LBaaS instances"
+}
+
 variable "master_count" {
   type    = number
   default = 3