add nlb, cloud-config extra

.gitignore

@@ -1,5 +1,6 @@
 # Local .terraform directories
-**/.terraform/*
+**/.terraform
+**.lock.hcl
 
 # .tfstate files
 *.tfstate
@@ -8,7 +9,9 @@
 # Crash log files
 crash.log
 
+# Ignore test examples directory
 examples/test
+
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
@@ -36,3 +39,5 @@ override.tf.json
 *.pem
 rke2.yaml
 admin.conf
+
+**.DS_Store

data.tf

@@ -21,6 +21,7 @@ data "cloudinit_config" "this" {
     content_type = "text/cloud-config"
     content = templatefile("${path.module}/modules/nodepool/files/cloud-config.yaml", {
       ssh_authorized_keys = var.ssh_authorized_keys
+      extra_cloud_config_config = var.extra_cloud_config_config
     })
   }
 

examples/quickstart/main.tf

@@ -4,12 +4,13 @@ provider "aws" {
 
 locals {
   cluster_name = "quickstart"
-  aws_region   = "us-gov-west-1"
+  aws_region   = "us-gov-east-1"
 
   tags = {
     "terraform" = "true",
     "env"       = "quickstart",
   }
+  server_iam_role      = "K8sUnrestrictedCloudProviderRole"
 }
 
 # Query for defaults
@@ -54,31 +55,30 @@ data "aws_ami" "rhel8" {
 #
 module "rke2" {
   source = "../.."
-
   cluster_name          = local.cluster_name
   vpc_id                = data.aws_vpc.default.id
   subnets               = [data.aws_subnet.default.id]
   ami                   = data.aws_ami.rhel8.image_id
   ssh_authorized_keys   = [tls_private_key.ssh.public_key_openssh]
+  iam_instance_profile        = local.server_iam_role
   controlplane_internal = false # Note this defaults to best practice of true, but is explicitly set to public for demo purposes
-
   tags = local.tags
+
 }
 
 #
 # Generic Agent Pool
 #
 module "agents" {
   source = "../../modules/agent-nodepool"
-
   name                = "generic"
   vpc_id              = data.aws_vpc.default.id
   subnets             = [data.aws_subnet.default.id]
   ami                 = data.aws_ami.rhel8.image_id
   ssh_authorized_keys = [tls_private_key.ssh.public_key_openssh]
   tags                = local.tags
-
   cluster_data = module.rke2.cluster_data
+
 }
 
 # For demonstration only, lock down ssh access in production

main.tf

@@ -16,6 +16,7 @@ locals {
     cluster_sg = aws_security_group.cluster.id
     token      = module.statestore.token
   }
+  target_group_arns = module.cp_lb.target_group_arns
 }
 
 resource "random_string" "uid" {
@@ -46,7 +47,7 @@ module "statestore" {
 # Controlplane Load Balancer
 #
 module "cp_lb" {
-  source  = "./modules/elb"
+  source  = "./modules/nlb"
   name    = local.uname
   vpc_id  = var.vpc_id
   subnets = var.subnets
@@ -187,7 +188,8 @@ module "servers" {
   extra_block_device_mappings = var.extra_block_device_mappings
   vpc_security_group_ids      = concat([aws_security_group.server.id, aws_security_group.cluster.id, module.cp_lb.security_group], var.extra_security_group_ids)
   spot                        = var.spot
-  load_balancers              = [module.cp_lb.name]
+  #load_balancers              = [module.cp_lb.name]
+  target_group_arns = local.target_group_arns
   wait_for_capacity_timeout   = var.wait_for_capacity_timeout
   metadata_options            = var.metadata_options
   associate_public_ip_address = var.associate_public_ip_address

modules/agent-nodepool/main.tf

@@ -77,8 +77,9 @@ data "cloudinit_config" "init" {
   part {
     filename     = "cloud-config.yaml"
     content_type = "text/cloud-config"
-    content = templatefile("${path.module}/../nodepool/files/cloud-config.yaml", {
-      ssh_authorized_keys = var.ssh_authorized_keys
+    content = templatefile("${path.module}/files/cloud-config.yaml", {
+      ssh_authorized_keys = var.ssh_authorized_keys,
+      extra_cloud_config_config = var.extra_cloud_config_config
     })
   }
 

modules/agent-nodepool/variables.tf

@@ -61,6 +61,12 @@ variable "block_device_mappings" {
   }
 }
 
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+
 variable "extra_block_device_mappings" {
   description = "Used to specify additional block device mapping configurations"
   type        = list(map(string))

modules/nodepool/files/cloud-config.yaml

@@ -9,3 +9,5 @@ users:
   - name: rke2
     homedir: /var/lib/rancher/rke2
     system: true
+
+${extra_cloud_config_config}

modules/nodepool/variables.tf

@@ -103,3 +103,9 @@ variable "metadata_options" {
   description = "Instance Metadata Options"
 }
 
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+

variables.tf

@@ -70,7 +70,7 @@ variable "extra_block_device_mappings" {
 variable "servers" {
   description = "Number of servers to create"
   type        = number
-  default     = 1
+  default     = 3
 }
 
 variable "spot" {
@@ -178,3 +178,10 @@ variable "associate_public_ip_address" {
   default = false
   type    = bool
 }
+
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+