Provision loadbalancer with terraform and custom scripts

terraform/config.tf

@@ -0,0 +1,19 @@
+locals {
+  environment = terraform.workspace != "" ? terraform.workspace : "test"
+}
+
+terraform {
+  backend "s3" {
+    bucket                      = "banditlair-k8s-tfstate"
+    key                         = "banditlair.tfstate"
+    region                      = "nl-ams"
+    endpoint                    = "https://s3.nl-ams.scw.cloud"
+    profile                     = "default"
+    skip_credentials_validation = true
+    skip_region_validation      = true
+  }
+}
+
+provider "scaleway" {
+  region = var.region
+}

terraform/instances.tf

@@ -1,23 +1,3 @@
-locals {
-  environment = terraform.workspace != "" ? terraform.workspace : "test"
-}
-
-terraform {
-  backend "s3" {
-    bucket                      = "banditlair-k8s-tfstate"
-    key                         = "banditlair.tfstate"
-    region                      = "nl-ams"
-    endpoint                    = "https://s3.nl-ams.scw.cloud"
-    profile                     = "default"
-    skip_credentials_validation = true
-    skip_region_validation      = true
-  }
-}
-
-provider "scaleway" {
-  region = var.region
-}
-
 data "scaleway_image" "ubuntu" {
   architecture = var.architecture
   name         = var.image
@@ -45,12 +25,3 @@ resource "scaleway_server" "master" {
     "${local.environment}-etcd",
   ]
 }
-
-output "node_private_ips" {
-  value = [scaleway_server.node.*.private_ip]
-}
-
-output "master_private_ips" {
-  value = [scaleway_server.master.*.private_ip]
-}
-

terraform/lb.tf

@@ -0,0 +1,22 @@
+resource "null_resource" "load_balancer" {
+  provisioner "local-exec" {
+    command = "./scripts/create_lb.sh lb-k8s-${local.environment} ${var.lb_ip}"
+  }
+
+  provisioner "local-exec" {
+    when    = "destroy"
+    command = "./scripts/delete_lb.sh ${var.lb_ip}"
+  }
+}
+
+resource "null_resource" "update_load_balancer_rules" {
+  triggers = {
+    node_instance_ids = "${join(",", scaleway_server.node.*.private_ip)}"
+  }
+
+  provisioner "local-exec" {
+    command = "./scripts/update_lb_rules.sh ${var.lb_ip} '${jsonencode(scaleway_server.node.*.private_ip)}'"
+  }
+
+  depends_on = [null_resource.load_balancer]
+}

terraform/outputs.tf

@@ -0,0 +1,11 @@
+output "loadbalancer_ip" {
+  value = var.lb_ip
+}
+
+output "node_public_ips" {
+  value = [scaleway_server.node.*.public_ip]
+}
+
+output "master_public_ips" {
+  value = [scaleway_server.master.*.public_ip]
+}

terraform/scripts/create_lb.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+set -x
+
+export TOKEN=`jq '.token' -r ~/.scwrc`
+REGION="fr-par"
+ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
+
+LB_NAME=$1
+LB_IP=$2
+
+IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
+echo "IP_ID: $IP_ID"
+
+http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN name=$LB_NAME organization_id=$ORGANIZATION_ID ip_id=$IP_ID --ignore-stdin | jq -r '.id'

terraform/scripts/delete_lb.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+set -x
+
+export TOKEN=`jq '.token' -r ~/.scwrc`
+REGION="fr-par"
+ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
+
+LB_IP=$1
+
+IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
+echo "IP_ID: $IP_ID"
+
+LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id")
+
+http DELETE "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID" X-Auth-Token:$TOKEN

terraform/scripts/update_lb_rules.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+set -x
+
+export TOKEN=`jq '.token' -r ~/.scwrc`
+REGION="fr-par"
+ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
+
+LB_IP=$1
+LB_TARGET_IPS=$2
+
+function create_rules() {
+    LB_ID=$1
+    declare -A RULES
+    RULES[http]=80
+    RULES[https]=443
+
+    for PROTOCOL in "${!RULES[@]}"; do
+        PORT=${RULES[$PROTOCOL]}
+        BACKEND_ID=$(http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN name=lbb-$PROTOCOL forward_protocol=tcp forward_port=$PORT forward_port_algorithm=roundrobin sticky_sessions=none health_check:="{\"http_config\":{\"uri\":\"/\",\"method\":\"GET\",\"code\":404},\"check_delay\":1001,\"check_max_retries\":3,\"check_timeout\":3000,\"port\":$PORT}" server_ip:=$LB_TARGET_IPS --ignore-stdin | jq -r '.id')
+        http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/frontends" X-Auth-Token:$TOKEN backend_id=$BACKEND_ID inbound_port=$PORT name=lbf-$PROTOCOL --ignore-stdin
+    done
+}
+
+function update_rules() {
+    LB_ID=$1
+    BACKENDS_IDS$2
+
+    for BACKEND_ID in $BACKENDS_IDS
+    do
+        http PUT "https://api.scaleway.com/lb/v1/regions/$REGION/backends/$BACKEND_ID/servers" X-Auth-Token:$TOKEN server_ip:="$LB_TARGET_IPS" --ignore-stdin
+    done
+}
+
+IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
+echo "IP_ID: $IP_ID"
+
+LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id")
+
+BACKENDS_IDS=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN | jq -r ".backends[] | .id")
+
+if [ -n "$BACKENDS_IDS" ]
+then
+    update_rules $LB_ID $BACKENDS_IDS
+else
+    create_rules $LB_ID
+fi

terraform/variables.tf

@@ -26,3 +26,6 @@ variable "node_instance_count" {
   default = 2
 }
 
+variable "lb_ip" {
+  default = "51.159.26.139"
+}