feat: rework aws to support only worker groups

.drone.yaml

@@ -64,8 +64,8 @@ steps:
       - apk add --no-cache terraform
       - cp hack/backend.tf examples/terraform/${TYPE}/backend.tf
       - terraform -chdir=examples/terraform/${TYPE} init -backend-config="resource_group_name=General" -backend-config="storage_account_name=$${AZURE_STORAGE_ACCOUNT}" -backend-config="container_name=${BUCKET_PATH}" -backend-config="key=${TYPE}-terraform.tfstate"
-      # lets remove the talosconfig/kubeconfig data source so destroy is not blocked
-      - terraform -chdir=examples/terraform/${TYPE} state rm data.talos_client_configuration.this data.talos_cluster_kubeconfig.this
+      # lets attempt to remove the talosconfig/kubeconfig data source so destroy is not blocked
+      - terraform -chdir=examples/terraform/${TYPE} state rm data.talos_client_configuration.this data.talos_cluster_kubeconfig.this || true
       - terraform -chdir=examples/terraform/${TYPE} apply -destroy -auto-approve
     when:
       event:

examples/terraform/aws/README.md

@@ -23,7 +23,6 @@
 | <a name="module_kubernetes_api_sg"></a> [kubernetes\_api\_sg](#module\_kubernetes\_api\_sg) | terraform-aws-modules/security-group/aws//modules/https-443 | ~> 4.0 |
 | <a name="module_talos_control_plane_nodes"></a> [talos\_control\_plane\_nodes](#module\_talos\_control\_plane\_nodes) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
 | <a name="module_talos_worker_group"></a> [talos\_worker\_group](#module\_talos\_worker\_group) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
-| <a name="module_talos_worker_nodes"></a> [talos\_worker\_nodes](#module\_talos\_worker\_nodes) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
@@ -34,37 +33,29 @@
 | [aws_iam_policy.worker_ccm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [talos_machine_bootstrap.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/resources/machine_bootstrap) | resource |
 | [talos_machine_configuration_apply.controlplane](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/resources/machine_configuration_apply) | resource |
-| [talos_machine_configuration_apply.worker](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/resources/machine_configuration_apply) | resource |
 | [talos_machine_configuration_apply.worker_group](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/resources/machine_configuration_apply) | resource |
 | [talos_machine_secrets.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/resources/machine_secrets) | resource |
 | [aws_ami.talos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [talos_client_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/data-sources/client_configuration) | data source |
 | [talos_cluster_kubeconfig.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/data-sources/cluster_kubeconfig) | data source |
 | [talos_machine_configuration.controlplane](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/data-sources/machine_configuration) | data source |
-| [talos_machine_configuration.worker](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/data-sources/machine_configuration) | data source |
 | [talos_machine_configuration.worker_group](https://registry.terraform.io/providers/siderolabs/talos/0.3.1/docs/data-sources/machine_configuration) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_id"></a> [ami\_id](#input\_ami\_id) | AMI ID to use for talos nodes, if not set the latest talos release ami id will be looked up | `string` | `""` | no |
 | <a name="input_ccm"></a> [ccm](#input\_ccm) | Whether to deploy aws cloud controller manager | `bool` | `false` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of cluster | `string` | `"talos-aws-example"` | no |
 | <a name="input_config_patch_files"></a> [config\_patch\_files](#input\_config\_patch\_files) | Path to talos config path files that applies to all nodes | `list(string)` | `[]` | no |
-| <a name="input_config_patch_files_control_plane"></a> [config\_patch\_files\_control\_plane](#input\_config\_patch\_files\_control\_plane) | Path to talos config path files that applies to all control plane nodes | `list(string)` | `[]` | no |
-| <a name="input_config_patch_files_worker"></a> [config\_patch\_files\_worker](#input\_config\_patch\_files\_worker) | Path to talos config path files that applies to all worker nodes | `list(string)` | `[]` | no |
+| <a name="input_control_plane"></a> [control\_plane](#input\_control\_plane) | Info for control plane that will be created | <pre>object({<br>    instance_type      = optional(string, "c5.large")<br>    ami_id             = optional(string, null)<br>    num_instances      = optional(number, 3)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  })</pre> | `{}` | no |
 | <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) | Extra tags to add to the cluster cloud resources | `map(string)` | `{}` | no |
-| <a name="input_instance_type_control_plane"></a> [instance\_type\_control\_plane](#input\_instance\_type\_control\_plane) | Instance type to use for the control plane nodes | `string` | `"c5.large"` | no |
-| <a name="input_instance_type_worker"></a> [instance\_type\_worker](#input\_instance\_type\_worker) | Instance type to use for the worker nodes | `string` | `"c5.large"` | no |
 | <a name="input_kubernetes_api_allowed_cidr"></a> [kubernetes\_api\_allowed\_cidr](#input\_kubernetes\_api\_allowed\_cidr) | The CIDR from which to allow to access the Kubernetes API | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the cluster, if not set the k8s version shipped with the talos sdk version will be used | `string` | `null` | no |
-| <a name="input_num_control_planes"></a> [num\_control\_planes](#input\_num\_control\_planes) | Number of control plane nodes to create | `number` | `3` | no |
-| <a name="input_num_workers"></a> [num\_workers](#input\_num\_workers) | Number of worker nodes to create | `number` | `1` | no |
 | <a name="input_talos_api_allowed_cidr"></a> [talos\_api\_allowed\_cidr](#input\_talos\_api\_allowed\_cidr) | The CIDR from which to allow to access the Talos API | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"172.16.0.0/16"` | no |
-| <a name="input_worker_groups"></a> [worker\_groups](#input\_worker\_groups) | List of node worker node groups to create | <pre>list(object({<br>    name               = string<br>    instance_type      = string<br>    ami_id             = optional(string, null)<br>    num_instances      = optional(number, 1)<br>    kubernetes_version = optional(string, null)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  }))</pre> | `[]` | no |
+| <a name="input_worker_groups"></a> [worker\_groups](#input\_worker\_groups) | List of node worker node groups to create | <pre>list(object({<br>    name               = string<br>    instance_type      = optional(string, "c5.large")<br>    ami_id             = optional(string, null)<br>    num_instances      = optional(number, 1)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

examples/terraform/aws/main.tf

@@ -30,15 +30,9 @@ locals {
     for path in var.config_patch_files : file(path)
   ]
 
-  config_patches_controlplane = concat(
-    [for path in var.config_patch_files_control_plane : file(path)],
-    var.ccm ? [yamlencode(local.ccm_patch_cp)] : [],
-  )
+  config_patches_controlplane = var.ccm ? [yamlencode(local.ccm_patch_cp)] : []
 
-  config_patches_worker = concat(
-    [for path in var.config_patch_files_worker : file(path)],
-    var.ccm ? [yamlencode(local.ccm_patch_worker)] : [],
-  )
+  config_patches_worker = var.ccm ? [yamlencode(local.ccm_patch_worker)] : []
 
   cluster_required_tags = {
     "kubernetes.io/cluster/${var.cluster_name}" = "owned"
@@ -141,7 +135,7 @@ module "elb_k8s_elb" {
     timeout             = 5
   }
 
-  number_of_instances = var.num_control_planes
+  number_of_instances = var.control_plane.num_instances
   instances           = module.talos_control_plane_nodes.*.id
 }
 
@@ -261,12 +255,12 @@ module "talos_control_plane_nodes" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   version = "~> 4.0"
 
-  count = var.num_control_planes
+  count = var.control_plane.num_instances
 
   name                        = "${var.cluster_name}-control-plane-${count.index}"
-  ami                         = var.ami_id == "" ? data.aws_ami.talos.id : var.ami_id
+  ami                         = var.control_plane.ami_id == null ? data.aws_ami.talos.id : var.control_plane.ami_id
   monitoring                  = true
-  instance_type               = var.instance_type_control_plane
+  instance_type               = var.control_plane.instance_type
   subnet_id                   = element(module.vpc.public_subnets, count.index)
   iam_role_use_name_prefix    = false
   create_iam_instance_profile = var.ccm ? true : false
@@ -284,41 +278,14 @@ module "talos_control_plane_nodes" {
   ]
 }
 
-module "talos_worker_nodes" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 4.0"
-
-  count = var.num_workers
-
-  name                        = "${var.cluster_name}-worker-${count.index}"
-  ami                         = var.ami_id == "" ? data.aws_ami.talos.id : var.ami_id
-  monitoring                  = true
-  instance_type               = var.instance_type_worker
-  subnet_id                   = element(module.vpc.public_subnets, count.index)
-  iam_role_use_name_prefix    = false
-  create_iam_instance_profile = var.ccm ? true : false
-  iam_role_policies = var.ccm ? {
-    "${var.cluster_name}-worker-ccm-policy" : aws_iam_policy.worker_ccm_policy[0].arn,
-  } : {}
-  tags = merge(var.extra_tags, local.cluster_required_tags)
-
-  vpc_security_group_ids = [module.cluster_sg.security_group_id]
-
-  root_block_device = [
-    {
-      volume_size = 100
-    }
-  ]
-}
-
 module "talos_worker_group" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   version = "~> 4.0"
 
   for_each = merge([for info in var.worker_groups : { for index in range(0, info.num_instances) : "${info.name}.${index}" => info }]...)
 
   name                        = "${var.cluster_name}-worker-group-${each.value.name}-${trimprefix(each.key, "${each.value.name}.")}"
-  ami                         = each.value.ami_id == null ? (var.ami_id == "" ? data.aws_ami.talos.id : var.ami_id) : each.value.ami_id
+  ami                         = each.value.ami_id == null ? data.aws_ami.talos.id : each.value.ami_id
   monitoring                  = true
   instance_type               = each.value.instance_type
   subnet_id                   = element(module.vpc.public_subnets, tonumber(trimprefix(each.key, "${each.value.name}.")))
@@ -352,21 +319,7 @@ data "talos_machine_configuration" "controlplane" {
     local.config_patches_common,
     local.config_patches_controlplane,
     [yamlencode(local.common_machine_config_patch)],
-  )
-}
-
-data "talos_machine_configuration" "worker" {
-  cluster_name       = var.cluster_name
-  cluster_endpoint   = "https://${module.elb_k8s_elb.elb_dns_name}"
-  machine_type       = "worker"
-  machine_secrets    = talos_machine_secrets.this.machine_secrets
-  kubernetes_version = var.kubernetes_version
-  docs               = false
-  examples           = false
-  config_patches = concat(
-    local.config_patches_common,
-    local.config_patches_worker,
-    [yamlencode(local.common_machine_config_patch)]
+    [for path in var.control_plane.config_patch_files : file(path)]
   )
 }
 
@@ -377,7 +330,7 @@ data "talos_machine_configuration" "worker_group" {
   cluster_endpoint   = "https://${module.elb_k8s_elb.elb_dns_name}"
   machine_type       = "worker"
   machine_secrets    = talos_machine_secrets.this.machine_secrets
-  kubernetes_version = each.value.kubernetes_version == null ? var.kubernetes_version : each.value.kubernetes_version
+  kubernetes_version = var.kubernetes_version
   docs               = false
   examples           = false
   config_patches = concat(
@@ -389,23 +342,14 @@ data "talos_machine_configuration" "worker_group" {
 }
 
 resource "talos_machine_configuration_apply" "controlplane" {
-  count = var.num_control_planes
+  count = var.control_plane.num_instances
 
   client_configuration        = talos_machine_secrets.this.client_configuration
   machine_configuration_input = data.talos_machine_configuration.controlplane.machine_configuration
   endpoint                    = module.talos_control_plane_nodes[count.index].public_ip
   node                        = module.talos_control_plane_nodes[count.index].private_ip
 }
 
-resource "talos_machine_configuration_apply" "worker" {
-  count = var.num_workers
-
-  client_configuration        = talos_machine_secrets.this.client_configuration
-  machine_configuration_input = data.talos_machine_configuration.worker.machine_configuration
-  endpoint                    = module.talos_worker_nodes[count.index].public_ip
-  node                        = module.talos_worker_nodes[count.index].private_ip
-}
-
 resource "talos_machine_configuration_apply" "worker_group" {
   for_each = merge([for info in var.worker_groups : { for index in range(0, info.num_instances) : "${info.name}.${index}" => info }]...)
 
@@ -430,7 +374,6 @@ data "talos_client_configuration" "this" {
   nodes = flatten(
     [
       module.talos_control_plane_nodes.*.private_ip,
-      module.talos_worker_nodes.*.private_ip,
       [for node in module.talos_worker_group : node.private_ip],
     ]
   )

examples/terraform/aws/variables.tf

@@ -4,40 +4,6 @@ variable "cluster_name" {
   default     = "talos-aws-example"
 }
 
-variable "num_control_planes" {
-  description = "Number of control plane nodes to create"
-  type        = number
-  default     = 3
-}
-
-variable "num_workers" {
-  description = "Number of worker nodes to create"
-  type        = number
-  default     = 1
-}
-
-variable "ami_id" {
-  description = "AMI ID to use for talos nodes, if not set the latest talos release ami id will be looked up"
-  type        = string
-  default     = ""
-  validation {
-    condition     = length(var.ami_id) > 0 ? (length(var.ami_id) > 4 && substr(var.ami_id, 0, 4) == "ami-") : true
-    error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
-  }
-}
-
-variable "instance_type_control_plane" {
-  description = "Instance type to use for the control plane nodes"
-  type        = string
-  default     = "c5.large"
-}
-
-variable "instance_type_worker" {
-  description = "Instance type to use for the worker nodes"
-  type        = string
-  default     = "c5.large"
-}
-
 variable "ccm" {
   description = "Whether to deploy aws cloud controller manager"
   type        = bool
@@ -50,17 +16,45 @@ variable "kubernetes_version" {
   default     = null
 }
 
+variable "control_plane" {
+  description = "Info for control plane that will be created"
+  type = object({
+    instance_type      = optional(string, "c5.large")
+    ami_id             = optional(string, null)
+    num_instances      = optional(number, 3)
+    config_patch_files = optional(list(string), [])
+    tags               = optional(map(string), {})
+  })
+
+  validation {
+    condition     = var.control_plane.ami_id != null ? (length(var.control_plane.ami_id) > 4 && substr(var.control_plane.ami_id, 0, 4) == "ami-") : true
+    error_message = "The ami_id value must be a valid AMI id, starting with \"ami-\"."
+  }
+
+  default = {}
+}
+
 variable "worker_groups" {
   description = "List of node worker node groups to create"
   type = list(object({
     name               = string
-    instance_type      = string
+    instance_type      = optional(string, "c5.large")
     ami_id             = optional(string, null)
     num_instances      = optional(number, 1)
-    kubernetes_version = optional(string, null)
     config_patch_files = optional(list(string), [])
     tags               = optional(map(string), {})
   }))
+
+  validation {
+    condition = (
+      alltrue([
+        for wg in var.worker_groups : (
+          wg.ami_id != null ? (length(wg.ami_id) > 4 && substr(wg.ami_id, 0, 4) == "ami-") : true
+        )
+      ])
+    )
+    error_message = "The ami_id value must be a valid AMI id, starting with \"ami-\"."
+  }
   default = []
 }
 
@@ -93,15 +87,3 @@ variable "config_patch_files" {
   type        = list(string)
   default     = []
 }
-
-variable "config_patch_files_control_plane" {
-  description = "Path to talos config path files that applies to all control plane nodes"
-  type        = list(string)
-  default     = []
-}
-
-variable "config_patch_files_worker" {
-  description = "Path to talos config path files that applies to all worker nodes"
-  type        = list(string)
-  default     = []
-}