From 3339d0cd533ca180204a1289ee8b78dc40988890 Mon Sep 17 00:00:00 2001 From: Arnaud Meukam Date: Tue, 8 Aug 2023 19:06:43 +0200 Subject: [PATCH] AWS: Add a VPC for kOps CI Related to: - https://github.com/kubernetes/k8s.io/issues/5127 Create a VPC that will be used to create the EKS cluster for kOps CI. The CIDR 10.128.0.0/16 is used and splitted different the different azs of us-east-2 region. Signed-off-by: Arnaud Meukam --- infra/aws/terraform/kops-infra-ci/locals.tf | 7 ++- .../aws/terraform/kops-infra-ci/variables.tf | 6 ++ infra/aws/terraform/kops-infra-ci/vpc.tf | 55 +++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) diff --git a/infra/aws/terraform/kops-infra-ci/locals.tf b/infra/aws/terraform/kops-infra-ci/locals.tf index 57bd17401e7d..6277c76b79e9 100644 --- a/infra/aws/terraform/kops-infra-ci/locals.tf +++ b/infra/aws/terraform/kops-infra-ci/locals.tf @@ -21,4 +21,9 @@ locals { kops-infra-ci-account-id = data.aws_organizations_organization.current.accounts[local.kops-infra-ci-index].id prefix = "k8s-infra-kops" -} \ No newline at end of file + + partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.main.cidr, 2, 2, 2) + azs = slice(data.aws_availability_zones.available.names, 0, 3) + private_subnets = cidrsubnets(local.partition[0], 2, 2, 2) + public_subnets = cidrsubnets(local.partition[1], 2, 2, 2) +} diff --git a/infra/aws/terraform/kops-infra-ci/variables.tf b/infra/aws/terraform/kops-infra-ci/variables.tf index bfe04a6a0b09..9f446e8861ba 100644 --- a/infra/aws/terraform/kops-infra-ci/variables.tf +++ b/infra/aws/terraform/kops-infra-ci/variables.tf @@ -27,3 +27,9 @@ variable "region" { type = string default = "us-east-2" } + +variable "vpc_cidr" { + type = string + description = "CIDR of the VPC" + default = "10.128.0.0/16" +} diff --git a/infra/aws/terraform/kops-infra-ci/vpc.tf b/infra/aws/terraform/kops-infra-ci/vpc.tf index e58209f587ed..48cef07e679c 100644 --- a/infra/aws/terraform/kops-infra-ci/vpc.tf +++ b/infra/aws/terraform/kops-infra-ci/vpc.tf @@ -45,3 +45,58 @@ resource "aws_vpc_ipam_pool" "main" { "region" = "${data.aws_region.current.name}" }) } + + +resource "aws_vpc_ipam_pool_cidr" "main" { + provider = aws.kops-infra-ci + ipam_pool_id = aws_vpc_ipam_pool.main.id + cidr = var.vpc_cidr +} + +resource "aws_vpc_ipam_preview_next_cidr" "main" { + provider = aws.kops-infra-ci + ipam_pool_id = aws_vpc_ipam_pool.main.id + + netmask_length = 20 // a 18 netmask length is considered as too big for the CIDR pool +} + +module "vpc" { + providers = { + aws = aws.kops-infra-ci + } + + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = "${local.prefix}-vpc" + cidr = aws_vpc_ipam_preview_next_cidr.main.cidr + + ipv4_ipam_pool_id = aws_vpc_ipam_pool.main.id + + azs = local.azs + private_subnets = local.private_subnets + public_subnets = local.public_subnets + + enable_nat_gateway = true + single_nat_gateway = false + one_nat_gateway_per_az = true + + enable_flow_log = true + create_flow_log_cloudwatch_iam_role = true + create_flow_log_cloudwatch_log_group = true + flow_log_cloudwatch_log_group_retention_in_days = 30 + + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } + + tags = merge(var.tags, { + "region" = "${data.aws_region.current.name}" + }) +}