From e828bd1fefa70e4ae1d66ca37da6e1fbe40ff9b8 Mon Sep 17 00:00:00 2001
From: Michael DAmato <michaeldamato@MDD-MacBook-Pro.local>
Date: Thu, 15 Dec 2022 07:04:32 -0500
Subject: [PATCH] add nlb, cloud-config extra

---
 .gitignore                               |  7 ++++++-
 data.tf                                  |  1 +
 examples/quickstart/main.tf              | 10 +++++-----
 main.tf                                  |  6 ++++--
 modules/agent-nodepool/main.tf           |  5 +++--
 modules/agent-nodepool/variables.tf      |  6 ++++++
 modules/nodepool/files/cloud-config.yaml |  2 ++
 modules/nodepool/variables.tf            |  6 ++++++
 variables.tf                             |  9 ++++++++-
 9 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 678bc80..0002a35 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # Local .terraform directories
-**/.terraform/*
+**/.terraform
+**.lock.hcl
 
 # .tfstate files
 *.tfstate
@@ -8,7 +9,9 @@
 # Crash log files
 crash.log
 
+# Ignore test examples directory
 examples/test
+
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
@@ -36,3 +39,5 @@ override.tf.json
 *.pem
 rke2.yaml
 admin.conf
+
+**.DS_Store
\ No newline at end of file
diff --git a/data.tf b/data.tf
index 51fb2c6..19ee30b 100644
--- a/data.tf
+++ b/data.tf
@@ -21,6 +21,7 @@ data "cloudinit_config" "this" {
     content_type = "text/cloud-config"
     content = templatefile("${path.module}/modules/nodepool/files/cloud-config.yaml", {
       ssh_authorized_keys = var.ssh_authorized_keys
+      extra_cloud_config_config = var.extra_cloud_config_config
     })
   }
 
diff --git a/examples/quickstart/main.tf b/examples/quickstart/main.tf
index bff80ec..f5ac626 100644
--- a/examples/quickstart/main.tf
+++ b/examples/quickstart/main.tf
@@ -4,12 +4,13 @@ provider "aws" {
 
 locals {
   cluster_name = "quickstart"
-  aws_region   = "us-gov-west-1"
+  aws_region   = "us-gov-east-1"
 
   tags = {
     "terraform" = "true",
     "env"       = "quickstart",
   }
+  server_iam_role      = "K8sUnrestrictedCloudProviderRole"
 }
 
 # Query for defaults
@@ -54,15 +55,15 @@ data "aws_ami" "rhel8" {
 #
 module "rke2" {
   source = "../.."
-
   cluster_name          = local.cluster_name
   vpc_id                = data.aws_vpc.default.id
   subnets               = [data.aws_subnet.default.id]
   ami                   = data.aws_ami.rhel8.image_id
   ssh_authorized_keys   = [tls_private_key.ssh.public_key_openssh]
+  iam_instance_profile        = local.server_iam_role
   controlplane_internal = false # Note this defaults to best practice of true, but is explicitly set to public for demo purposes
-
   tags = local.tags
+
 }
 
 #
@@ -70,15 +71,14 @@ module "rke2" {
 #
 module "agents" {
   source = "../../modules/agent-nodepool"
-
   name                = "generic"
   vpc_id              = data.aws_vpc.default.id
   subnets             = [data.aws_subnet.default.id]
   ami                 = data.aws_ami.rhel8.image_id
   ssh_authorized_keys = [tls_private_key.ssh.public_key_openssh]
   tags                = local.tags
-
   cluster_data = module.rke2.cluster_data
+
 }
 
 # For demonstration only, lock down ssh access in production
diff --git a/main.tf b/main.tf
index c3a7287..37e8f69 100644
--- a/main.tf
+++ b/main.tf
@@ -16,6 +16,7 @@ locals {
     cluster_sg = aws_security_group.cluster.id
     token      = module.statestore.token
   }
+  target_group_arns = module.cp_lb.target_group_arns
 }
 
 resource "random_string" "uid" {
@@ -46,7 +47,7 @@ module "statestore" {
 # Controlplane Load Balancer
 #
 module "cp_lb" {
-  source  = "./modules/elb"
+  source  = "./modules/nlb"
   name    = local.uname
   vpc_id  = var.vpc_id
   subnets = var.subnets
@@ -187,7 +188,8 @@ module "servers" {
   extra_block_device_mappings = var.extra_block_device_mappings
   vpc_security_group_ids      = concat([aws_security_group.server.id, aws_security_group.cluster.id, module.cp_lb.security_group], var.extra_security_group_ids)
   spot                        = var.spot
-  load_balancers              = [module.cp_lb.name]
+  #load_balancers              = [module.cp_lb.name]
+  target_group_arns = local.target_group_arns
   wait_for_capacity_timeout   = var.wait_for_capacity_timeout
   metadata_options            = var.metadata_options
   associate_public_ip_address = var.associate_public_ip_address
diff --git a/modules/agent-nodepool/main.tf b/modules/agent-nodepool/main.tf
index 84534ec..a1e58e7 100644
--- a/modules/agent-nodepool/main.tf
+++ b/modules/agent-nodepool/main.tf
@@ -77,8 +77,9 @@ data "cloudinit_config" "init" {
   part {
     filename     = "cloud-config.yaml"
     content_type = "text/cloud-config"
-    content = templatefile("${path.module}/../nodepool/files/cloud-config.yaml", {
-      ssh_authorized_keys = var.ssh_authorized_keys
+    content = templatefile("${path.module}/files/cloud-config.yaml", {
+      ssh_authorized_keys = var.ssh_authorized_keys,
+      extra_cloud_config_config = var.extra_cloud_config_config
     })
   }
 
diff --git a/modules/agent-nodepool/variables.tf b/modules/agent-nodepool/variables.tf
index 6f4af77..36ab516 100644
--- a/modules/agent-nodepool/variables.tf
+++ b/modules/agent-nodepool/variables.tf
@@ -61,6 +61,12 @@ variable "block_device_mappings" {
   }
 }
 
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+
 variable "extra_block_device_mappings" {
   description = "Used to specify additional block device mapping configurations"
   type        = list(map(string))
diff --git a/modules/nodepool/files/cloud-config.yaml b/modules/nodepool/files/cloud-config.yaml
index 984cbf6..8f1ebb7 100644
--- a/modules/nodepool/files/cloud-config.yaml
+++ b/modules/nodepool/files/cloud-config.yaml
@@ -9,3 +9,5 @@ users:
   - name: rke2
     homedir: /var/lib/rancher/rke2
     system: true
+
+${extra_cloud_config_config}
\ No newline at end of file
diff --git a/modules/nodepool/variables.tf b/modules/nodepool/variables.tf
index d6974f9..e088ef9 100644
--- a/modules/nodepool/variables.tf
+++ b/modules/nodepool/variables.tf
@@ -103,3 +103,9 @@ variable "metadata_options" {
   description = "Instance Metadata Options"
 }
 
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+
diff --git a/variables.tf b/variables.tf
index 1a52377..b0391b0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -70,7 +70,7 @@ variable "extra_block_device_mappings" {
 variable "servers" {
   description = "Number of servers to create"
   type        = number
-  default     = 1
+  default     = 3
 }
 
 variable "spot" {
@@ -178,3 +178,10 @@ variable "associate_public_ip_address" {
   default = false
   type    = bool
 }
+
+variable "extra_cloud_config_config" {
+  description = "extra config to append to cloud-config"
+  type        = string
+  default = ""
+}
+