Switch back to user-provided Floaty IAM key

Exoscale's new IAM API (v3) isn't yet supported by the Terraform module, so we switch back to a user-provided IAM key for Floaty This reverts #69 (commit c693867), reversing changes made to 10e07d4.
appuio · Jul 6, 2023 · ff8669f · ff8669f
1 parent 0e1d587
commit ff8669f
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,7 @@ The module provides variables to
 * configure additional Exoscale private networks to attach to the LBs.
   To avoid issues with network interfaces getting assigned arbitrarily, we recommend to only configure additional private networks after the LBs have been provisioned.
 * specify a bootstrap S3 bucket (required only to provision the boostrap node)
+* specify an Exoscale API key and secret for Floaty
 * specify the username for the APPUiO hieradata Git repository (see next sections for details).
 * provide an API token for control.vshn.net (see next sections for details).
 * choose a dedicated deployment target
@@ -99,6 +100,8 @@ module "cluster" {
 ## Required credentials
 
 * An unrestricted Exoscale API key in the organisation in which the cluster should be deployed
+* An Exoscale API key for Floaty
+  * The minimum required permissions for the Floaty API key are the following "compute-legacy" operations: `addIpToNic`, `listNics`, `listResourceDetails`, `listVirtualMachines`, `queryAsyncJobResult` and `removeIpFromNic`.
 * An API token for the Servers API must be created on [control.vshn.net](https://control.vshn.net/tokens/_create/servers)
 * A project access token for the APPUiO hieradata repository must be created on [git.vshn.net](https://git.vshn.net/appuio/appuio_hieradata/-/settings/access_tokens)
   * The minimum required permissions for the project access token are `api` (to create MRs), `read_repository` (to clone the repo) and `write_repository` (to push to the repo).

diff --git a/lb.tf b/lb.tf
@@ -1,5 +1,5 @@
 module "lb" {
-  source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-exoscale?ref=v4.2.1"
+  source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-exoscale?ref=v5.0.0"
 
   exoscale_domain_name = exoscale_domain.cluster.name
   cluster_network = {
@@ -14,12 +14,14 @@ module "lb" {
   control_vshn_net_token = var.control_vshn_net_token
   team                   = var.team
 
-  api_backends          = exoscale_domain_record.etcd[*].hostname
-  router_backends       = module.infra.ip_address[*]
-  bootstrap_node        = var.bootstrap_count > 0 ? module.bootstrap.ip_address[0] : ""
-  hieradata_repo_user   = var.hieradata_repo_user
-  enable_proxy_protocol = var.lb_enable_proxy_protocol
-  additional_networks   = var.additional_lb_networks
+  api_backends           = exoscale_domain_record.etcd[*].hostname
+  router_backends        = module.infra.ip_address[*]
+  bootstrap_node         = var.bootstrap_count > 0 ? module.bootstrap.ip_address[0] : ""
+  lb_exoscale_api_key    = var.lb_exoscale_api_key
+  lb_exoscale_api_secret = var.lb_exoscale_api_secret
+  hieradata_repo_user    = var.hieradata_repo_user
+  enable_proxy_protocol  = var.lb_enable_proxy_protocol
+  additional_networks    = var.additional_lb_networks
 
   cluster_security_group_ids = [
     exoscale_security_group.all_machines.id

diff --git a/variables.tf b/variables.tf
@@ -192,6 +192,13 @@ variable "ignition_ca" {
   type = string
 }
 
+variable "lb_exoscale_api_key" {
+  type = string
+}
+variable "lb_exoscale_api_secret" {
+  type = string
+}
+
 variable "bootstrap_bucket" {
   type = string
 }