From ff8669f8840e7d88f9613c8a71044950e35bf9be Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Thu, 6 Jul 2023 13:40:18 +0200 Subject: [PATCH] Switch back to user-provided Floaty IAM key Exoscale's new IAM API (v3) isn't yet supported by the Terraform module, so we switch back to a user-provided IAM key for Floaty This reverts #69 (commit c6938673f029a3cacebf57a555e05f10f385a38d), reversing changes made to 10e07d48fe8de339e2a6084b8e419763c1aeda49. --- README.md | 3 +++ lb.tf | 16 +++++++++------- variables.tf | 7 +++++++ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f8e636b..ba7c2be 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ The module provides variables to * configure additional Exoscale private networks to attach to the LBs. To avoid issues with network interfaces getting assigned arbitrarily, we recommend to only configure additional private networks after the LBs have been provisioned. * specify a bootstrap S3 bucket (required only to provision the boostrap node) +* specify an Exoscale API key and secret for Floaty * specify the username for the APPUiO hieradata Git repository (see next sections for details). * provide an API token for control.vshn.net (see next sections for details). * choose a dedicated deployment target @@ -99,6 +100,8 @@ module "cluster" { ## Required credentials * An unrestricted Exoscale API key in the organisation in which the cluster should be deployed +* An Exoscale API key for Floaty + * The minimum required permissions for the Floaty API key are the following "compute-legacy" operations: `addIpToNic`, `listNics`, `listResourceDetails`, `listVirtualMachines`, `queryAsyncJobResult` and `removeIpFromNic`. * An API token for the Servers API must be created on [control.vshn.net](https://control.vshn.net/tokens/_create/servers) * A project access token for the APPUiO hieradata repository must be created on [git.vshn.net](https://git.vshn.net/appuio/appuio_hieradata/-/settings/access_tokens) * The minimum required permissions for the project access token are `api` (to create MRs), `read_repository` (to clone the repo) and `write_repository` (to push to the repo). diff --git a/lb.tf b/lb.tf index 4b7f2d1..43448fa 100644 --- a/lb.tf +++ b/lb.tf @@ -1,5 +1,5 @@ module "lb" { - source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-exoscale?ref=v4.2.1" + source = "git::https://github.com/appuio/terraform-modules.git//modules/vshn-lbaas-exoscale?ref=v5.0.0" exoscale_domain_name = exoscale_domain.cluster.name cluster_network = { @@ -14,12 +14,14 @@ module "lb" { control_vshn_net_token = var.control_vshn_net_token team = var.team - api_backends = exoscale_domain_record.etcd[*].hostname - router_backends = module.infra.ip_address[*] - bootstrap_node = var.bootstrap_count > 0 ? module.bootstrap.ip_address[0] : "" - hieradata_repo_user = var.hieradata_repo_user - enable_proxy_protocol = var.lb_enable_proxy_protocol - additional_networks = var.additional_lb_networks + api_backends = exoscale_domain_record.etcd[*].hostname + router_backends = module.infra.ip_address[*] + bootstrap_node = var.bootstrap_count > 0 ? module.bootstrap.ip_address[0] : "" + lb_exoscale_api_key = var.lb_exoscale_api_key + lb_exoscale_api_secret = var.lb_exoscale_api_secret + hieradata_repo_user = var.hieradata_repo_user + enable_proxy_protocol = var.lb_enable_proxy_protocol + additional_networks = var.additional_lb_networks cluster_security_group_ids = [ exoscale_security_group.all_machines.id diff --git a/variables.tf b/variables.tf index 5d81253..8ed81ff 100644 --- a/variables.tf +++ b/variables.tf @@ -192,6 +192,13 @@ variable "ignition_ca" { type = string } +variable "lb_exoscale_api_key" { + type = string +} +variable "lb_exoscale_api_secret" { + type = string +} + variable "bootstrap_bucket" { type = string }