|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * rosa_install_access_delete_clusters/rosa-classic-creating-a-cluster-quickly-terraform.adoc |
| 4 | +// |
| 5 | + |
| 6 | +:_content-type: PROCEDURE |
| 7 | + |
| 8 | +[id="rosa-classic-cluster-terraform-file-creation_{context}"] |
| 9 | += Creating your Terraform files locally |
| 10 | + |
| 11 | +After you set up your link:https://console.redhat.com/openshift/token/rosa[offline {cluster-manager-first} token], you need to create the Terraform files locally to build your cluster. You can create these files by using the following code templates. |
| 12 | + |
| 13 | +.Procedure |
| 14 | + |
| 15 | +. Create the `main.tf` file by running the following command: |
| 16 | ++ |
| 17 | +[source,terminal] |
| 18 | +---- |
| 19 | +$ cat<<-EOF>main.tf |
| 20 | +# |
| 21 | +# Copyright (c) 2023 Red Hat, Inc. |
| 22 | +# |
| 23 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 24 | +# you may not use this file except in compliance with the License. |
| 25 | +# You may obtain a copy of the License at |
| 26 | +# |
| 27 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 28 | +# |
| 29 | +# Unless required by applicable law or agreed to in writing, software |
| 30 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 31 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 32 | +# See the License for the specific language governing permissions and |
| 33 | +# limitations under the License. |
| 34 | +# |
| 35 | +
|
| 36 | +terraform { |
| 37 | + required_providers { |
| 38 | + aws = { |
| 39 | + source = "hashicorp/aws" |
| 40 | + version = ">= 4.20.0" |
| 41 | + } |
| 42 | + rhcs = { |
| 43 | + version = ">= 1.6.2" |
| 44 | + source = "terraform-redhat/rhcs" |
| 45 | + } |
| 46 | + } |
| 47 | +} |
| 48 | +
|
| 49 | +# Export token using the RHCS_TOKEN environment variable |
| 50 | +provider "rhcs" {} |
| 51 | +
|
| 52 | +provider "aws" { |
| 53 | + region = var.aws_region |
| 54 | + ignore_tags { |
| 55 | + key_prefixes = ["kubernetes.io/"] |
| 56 | + } |
| 57 | + default_tags { |
| 58 | + tags = var.default_aws_tags |
| 59 | + } |
| 60 | +} |
| 61 | +
|
| 62 | +data "aws_availability_zones" "available" {} |
| 63 | +
|
| 64 | +locals { |
| 65 | + # The default setting creates 3 availability zones. Set to "false" to create a single availability zones. |
| 66 | + region_azs = var.multi_az ? slice([for zone in data.aws_availability_zones.available.names : format("%s", zone)], 0, 3) : slice([for zone in data.aws_availability_zones.available.names : format("%s", zone)], 0, 1) |
| 67 | +} |
| 68 | +
|
| 69 | +resource "random_string" "random_name" { |
| 70 | + length = 6 |
| 71 | + special = false |
| 72 | + upper = false |
| 73 | +} |
| 74 | +
|
| 75 | +locals { |
| 76 | + path = coalesce(var.path, "/") |
| 77 | + worker_node_replicas = try(var.worker_node_replicas, var.multi_az ? 3 : 2) |
| 78 | + # If cluster_name is not null, use that, otherwise generate a random cluster name |
| 79 | + cluster_name = coalesce(var.cluster_name, "rosa-\${random_string.random_name.result}") |
| 80 | +} |
| 81 | +
|
| 82 | +# The network validator requires an additional 60 seconds to validate Terraform clusters. |
| 83 | +resource "time_sleep" "wait_60_seconds" { |
| 84 | + count = var.create_vpc ? 1 : 0 |
| 85 | + depends_on = [module.vpc] |
| 86 | + create_duration = "60s" |
| 87 | +} |
| 88 | +
|
| 89 | +module "rosa-classic" { |
| 90 | + source = "terraform-redhat/rosa-classic/rhcs" |
| 91 | + version = "1.5.0" |
| 92 | + cluster_name = local.cluster_name |
| 93 | + openshift_version = var.openshift_version |
| 94 | + account_role_prefix = local.cluster_name |
| 95 | + operator_role_prefix = local.cluster_name |
| 96 | + replicas = local.worker_node_replicas |
| 97 | + aws_availability_zones = local.region_azs |
| 98 | + create_oidc = true |
| 99 | + private = var.private_cluster |
| 100 | + aws_private_link = var.private_cluster |
| 101 | + aws_subnet_ids = var.create_vpc ? var.private_cluster ? module.vpc[0].private_subnets : concat(module.vpc[0].public_subnets, module.vpc[0].private_subnets) : var.aws_subnet_ids |
| 102 | + multi_az = var.multi_az |
| 103 | + create_account_roles = true |
| 104 | + create_operator_roles = true |
| 105 | +
|
| 106 | + depends_on = [time_sleep.wait_60_seconds] |
| 107 | +} |
| 108 | +EOF |
| 109 | +---- |
| 110 | + |
| 111 | +. Create the `variables.tf` file by running the following command: |
| 112 | ++ |
| 113 | +[NOTE] |
| 114 | +==== |
| 115 | +Copy and edit this file _before_ running the command to build your cluster. |
| 116 | +==== |
| 117 | ++ |
| 118 | +[source,terminal] |
| 119 | +---- |
| 120 | +$ cat<<-EOF>variables.tf |
| 121 | +# |
| 122 | +# Copyright (c) 2023 Red Hat, Inc. |
| 123 | +# |
| 124 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 125 | +# you may not use this file except in compliance with the License. |
| 126 | +# You may obtain a copy of the License at |
| 127 | +# |
| 128 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 129 | +# |
| 130 | +# Unless required by applicable law or agreed to in writing, software |
| 131 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 132 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 133 | +# See the License for the specific language governing permissions and |
| 134 | +# limitations under the License. |
| 135 | +# |
| 136 | +variable "openshift_version" { |
| 137 | + type = string |
| 138 | + default = "4.14.20" |
| 139 | + description = "Desired version of OpenShift for the cluster, for example '4.14.20'. If version is greater than the currently running version, an upgrade will be scheduled." |
| 140 | +} |
| 141 | +
|
| 142 | +variable "create_vpc" { |
| 143 | + type = bool |
| 144 | + description = "If you would like to create a new VPC, set this value to 'true'. If you do not want to create a new VPC, set this value to 'false'." |
| 145 | +} |
| 146 | +
|
| 147 | +# ROSA Cluster info |
| 148 | +variable "cluster_name" { |
| 149 | + default = null |
| 150 | + type = string |
| 151 | + description = "The name of the ROSA cluster to create" |
| 152 | +} |
| 153 | +
|
| 154 | +variable "additional_tags" { |
| 155 | + default = { |
| 156 | + Terraform = "true" |
| 157 | + Environment = "dev" |
| 158 | + } |
| 159 | + description = "Additional AWS resource tags" |
| 160 | + type = map(string) |
| 161 | +} |
| 162 | +
|
| 163 | +variable "path" { |
| 164 | + description = "(Optional) The arn path for the account/operator roles as well as their policies." |
| 165 | + type = string |
| 166 | + default = null |
| 167 | +} |
| 168 | +
|
| 169 | +variable "multi_az" { |
| 170 | + type = bool |
| 171 | + description = "Multi AZ Cluster for High Availability" |
| 172 | + default = true |
| 173 | +} |
| 174 | +
|
| 175 | +variable "worker_node_replicas" { |
| 176 | + default = 3 |
| 177 | + description = "Number of worker nodes to provision. Single zone clusters need at least 2 nodes, multizone clusters need at least 3 nodes" |
| 178 | + type = number |
| 179 | +} |
| 180 | +
|
| 181 | +variable "aws_subnet_ids" { |
| 182 | + type = list(any) |
| 183 | + description = "A list of either the public or public + private subnet IDs to use for the cluster blocks to use for the cluster" |
| 184 | + default = ["subnet-01234567890abcdef", "subnet-01234567890abcdef", "subnet-01234567890abcdef"] |
| 185 | +} |
| 186 | +
|
| 187 | +variable "private_cluster" { |
| 188 | + type = bool |
| 189 | + description = "If you want to create a private cluster, set this value to 'true'. If you want a publicly available cluster, set this value to 'false'." |
| 190 | +} |
| 191 | +
|
| 192 | +#VPC Info |
| 193 | +variable "vpc_name" { |
| 194 | + type = string |
| 195 | + description = "VPC Name" |
| 196 | + default = "tf-qs-vpc" |
| 197 | +} |
| 198 | +
|
| 199 | +variable "vpc_cidr_block" { |
| 200 | + type = string |
| 201 | + description = "value of the CIDR block to use for the VPC" |
| 202 | + default = "10.0.0.0/16" |
| 203 | +} |
| 204 | +
|
| 205 | +variable "private_subnet_cidrs" { |
| 206 | + type = list(any) |
| 207 | + description = "The CIDR blocks to use for the private subnets" |
| 208 | + default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] |
| 209 | +} |
| 210 | +
|
| 211 | +variable "public_subnet_cidrs" { |
| 212 | + type = list(any) |
| 213 | + description = "The CIDR blocks to use for the public subnets" |
| 214 | + default = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] |
| 215 | +} |
| 216 | +
|
| 217 | +variable "single_nat_gateway" { |
| 218 | + type = bool |
| 219 | + description = "Single NAT or per NAT for subnet" |
| 220 | + default = false |
| 221 | +} |
| 222 | +
|
| 223 | +#AWS Info |
| 224 | +variable "aws_region" { |
| 225 | + type = string |
| 226 | + default = "us-east-2" |
| 227 | +} |
| 228 | +
|
| 229 | +variable "default_aws_tags" { |
| 230 | + type = map(string) |
| 231 | + description = "Default tags for AWS" |
| 232 | + default = {} |
| 233 | +} |
| 234 | +EOF |
| 235 | +---- |
| 236 | + |
| 237 | +. Create the `vpc.tf` file by running the following command: |
| 238 | ++ |
| 239 | +[source,terminal] |
| 240 | +---- |
| 241 | +$ cat<<-EOF>vpc.tf |
| 242 | +# |
| 243 | +# Copyright (c) 2023 Red Hat, Inc. |
| 244 | +# |
| 245 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 246 | +# you may not use this file except in compliance with the License. |
| 247 | +# You may obtain a copy of the License at |
| 248 | +# |
| 249 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 250 | +# |
| 251 | +# Unless required by applicable law or agreed to in writing, software |
| 252 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 253 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 254 | +# See the License for the specific language governing permissions and |
| 255 | +# limitations under the License. |
| 256 | +# |
| 257 | +module "vpc" { |
| 258 | + source = "terraform-aws-modules/vpc/aws" |
| 259 | + version = "5.1.2" |
| 260 | +
|
| 261 | + count = var.create_vpc ? 1 : 0 |
| 262 | + name = var.vpc_name |
| 263 | + cidr = var.vpc_cidr_block |
| 264 | +
|
| 265 | + azs = local.region_azs |
| 266 | + private_subnets = var.private_subnet_cidrs |
| 267 | + public_subnets = var.public_subnet_cidrs |
| 268 | +
|
| 269 | + enable_nat_gateway = true |
| 270 | + single_nat_gateway = var.single_nat_gateway |
| 271 | + enable_dns_hostnames = true |
| 272 | + enable_dns_support = true |
| 273 | +
|
| 274 | + tags = var.additional_tags |
| 275 | +} |
| 276 | +EOF |
| 277 | +---- |
| 278 | ++ |
| 279 | +You are ready to initiate Terraform. |
0 commit comments