From 77a6ef36f3e8069c09714add0d5acbd28fe6c054 Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Sat, 17 Aug 2019 23:58:36 +0200 Subject: [PATCH] Provision loadbalancer with terraform and custom scripts --- terraform/config.tf | 19 +++++++++++ terraform/{main.tf => instances.tf} | 29 ----------------- terraform/lb.tf | 22 +++++++++++++ terraform/outputs.tf | 11 +++++++ terraform/scripts/create_lb.sh | 16 ++++++++++ terraform/scripts/delete_lb.sh | 17 ++++++++++ terraform/scripts/update_lb_rules.sh | 48 ++++++++++++++++++++++++++++ terraform/variables.tf | 3 ++ 8 files changed, 136 insertions(+), 29 deletions(-) create mode 100644 terraform/config.tf rename terraform/{main.tf => instances.tf} (55%) create mode 100644 terraform/lb.tf create mode 100644 terraform/outputs.tf create mode 100755 terraform/scripts/create_lb.sh create mode 100755 terraform/scripts/delete_lb.sh create mode 100755 terraform/scripts/update_lb_rules.sh diff --git a/terraform/config.tf b/terraform/config.tf new file mode 100644 index 0000000..342042a --- /dev/null +++ b/terraform/config.tf @@ -0,0 +1,19 @@ +locals { + environment = terraform.workspace != "" ? terraform.workspace : "test" +} + +terraform { + backend "s3" { + bucket = "banditlair-k8s-tfstate" + key = "banditlair.tfstate" + region = "nl-ams" + endpoint = "https://s3.nl-ams.scw.cloud" + profile = "default" + skip_credentials_validation = true + skip_region_validation = true + } +} + +provider "scaleway" { + region = var.region +} diff --git a/terraform/main.tf b/terraform/instances.tf similarity index 55% rename from terraform/main.tf rename to terraform/instances.tf index fb0ba83..531754e 100644 --- a/terraform/main.tf +++ b/terraform/instances.tf @@ -1,23 +1,3 @@ -locals { - environment = terraform.workspace != "" ? terraform.workspace : "test" -} - -terraform { - backend "s3" { - bucket = "banditlair-k8s-tfstate" - key = "banditlair.tfstate" - region = "nl-ams" - endpoint = "https://s3.nl-ams.scw.cloud" - profile = "default" - skip_credentials_validation = true - skip_region_validation = true - } -} - -provider "scaleway" { - region = var.region -} - data "scaleway_image" "ubuntu" { architecture = var.architecture name = var.image @@ -45,12 +25,3 @@ resource "scaleway_server" "master" { "${local.environment}-etcd", ] } - -output "node_private_ips" { - value = [scaleway_server.node.*.private_ip] -} - -output "master_private_ips" { - value = [scaleway_server.master.*.private_ip] -} - diff --git a/terraform/lb.tf b/terraform/lb.tf new file mode 100644 index 0000000..86d8438 --- /dev/null +++ b/terraform/lb.tf @@ -0,0 +1,22 @@ +resource "null_resource" "load_balancer" { + provisioner "local-exec" { + command = "./scripts/create_lb.sh lb-k8s-${local.environment} ${var.lb_ip}" + } + + provisioner "local-exec" { + when = "destroy" + command = "./scripts/delete_lb.sh ${var.lb_ip}" + } +} + +resource "null_resource" "update_load_balancer_rules" { + triggers = { + node_instance_ids = "${join(",", scaleway_server.node.*.private_ip)}" + } + + provisioner "local-exec" { + command = "./scripts/update_lb_rules.sh ${var.lb_ip} '${jsonencode(scaleway_server.node.*.private_ip)}'" + } + + depends_on = [null_resource.load_balancer] +} diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..e1c597b --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,11 @@ +output "loadbalancer_ip" { + value = var.lb_ip +} + +output "node_public_ips" { + value = [scaleway_server.node.*.public_ip] +} + +output "master_public_ips" { + value = [scaleway_server.master.*.public_ip] +} diff --git a/terraform/scripts/create_lb.sh b/terraform/scripts/create_lb.sh new file mode 100755 index 0000000..3ea0468 --- /dev/null +++ b/terraform/scripts/create_lb.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e +set -x + +export TOKEN=`jq '.token' -r ~/.scwrc` +REGION="fr-par" +ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc` + +LB_NAME=$1 +LB_IP=$2 + +IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id") +echo "IP_ID: $IP_ID" + +http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN name=$LB_NAME organization_id=$ORGANIZATION_ID ip_id=$IP_ID --ignore-stdin | jq -r '.id' diff --git a/terraform/scripts/delete_lb.sh b/terraform/scripts/delete_lb.sh new file mode 100755 index 0000000..77565ee --- /dev/null +++ b/terraform/scripts/delete_lb.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e +set -x + +export TOKEN=`jq '.token' -r ~/.scwrc` +REGION="fr-par" +ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc` + +LB_IP=$1 + +IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id") +echo "IP_ID: $IP_ID" + +LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id") + +http DELETE "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID" X-Auth-Token:$TOKEN diff --git a/terraform/scripts/update_lb_rules.sh b/terraform/scripts/update_lb_rules.sh new file mode 100755 index 0000000..fe7f02e --- /dev/null +++ b/terraform/scripts/update_lb_rules.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +set -e +set -x + +export TOKEN=`jq '.token' -r ~/.scwrc` +REGION="fr-par" +ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc` + +LB_IP=$1 +LB_TARGET_IPS=$2 + +function create_rules() { + LB_ID=$1 + declare -A RULES + RULES[http]=80 + RULES[https]=443 + + for PROTOCOL in "${!RULES[@]}"; do + PORT=${RULES[$PROTOCOL]} + BACKEND_ID=$(http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN name=lbb-$PROTOCOL forward_protocol=tcp forward_port=$PORT forward_port_algorithm=roundrobin sticky_sessions=none health_check:="{\"http_config\":{\"uri\":\"/\",\"method\":\"GET\",\"code\":404},\"check_delay\":1001,\"check_max_retries\":3,\"check_timeout\":3000,\"port\":$PORT}" server_ip:=$LB_TARGET_IPS --ignore-stdin | jq -r '.id') + http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/frontends" X-Auth-Token:$TOKEN backend_id=$BACKEND_ID inbound_port=$PORT name=lbf-$PROTOCOL --ignore-stdin + done +} + +function update_rules() { + LB_ID=$1 + BACKENDS_IDS$2 + + for BACKEND_ID in $BACKENDS_IDS + do + http PUT "https://api.scaleway.com/lb/v1/regions/$REGION/backends/$BACKEND_ID/servers" X-Auth-Token:$TOKEN server_ip:="$LB_TARGET_IPS" --ignore-stdin + done +} + +IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id") +echo "IP_ID: $IP_ID" + +LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id") + +BACKENDS_IDS=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN | jq -r ".backends[] | .id") + +if [ -n "$BACKENDS_IDS" ] +then + update_rules $LB_ID $BACKENDS_IDS +else + create_rules $LB_ID +fi diff --git a/terraform/variables.tf b/terraform/variables.tf index 56fbd3a..edde46b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -26,3 +26,6 @@ variable "node_instance_count" { default = 2 } +variable "lb_ip" { + default = "51.159.26.139" +}