Skip to content

Commit

Permalink
Merge pull request kubernetes#5699 from ameukam/kops-ci-vpc-cidr
Browse files Browse the repository at this point in the history
AWS: Add a VPC for kOps CI
  • Loading branch information
k8s-ci-robot authored Aug 8, 2023
2 parents b9cd8cf + 7bb0b42 commit 0e96fb2
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 1 deletion.
7 changes: 6 additions & 1 deletion infra/aws/terraform/kops-infra-ci/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,9 @@ locals {
kops-infra-ci-account-id = data.aws_organizations_organization.current.accounts[local.kops-infra-ci-index].id

prefix = "k8s-infra-kops"
}

partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.main.cidr, 2, 2, 2)
azs = slice(data.aws_availability_zones.available.names, 0, 3)
private_subnets = cidrsubnets(local.partition[0], 2, 2, 2)
public_subnets = cidrsubnets(local.partition[1], 2, 2, 2)
}
6 changes: 6 additions & 0 deletions infra/aws/terraform/kops-infra-ci/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,9 @@ variable "region" {
type = string
default = "us-east-2"
}

variable "vpc_cidr" {
type = string
description = "CIDR of the VPC"
default = "10.128.0.0/16"
}
56 changes: 56 additions & 0 deletions infra/aws/terraform/kops-infra-ci/vpc.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,59 @@ resource "aws_vpc_ipam_pool" "main" {
"region" = "${data.aws_region.current.name}"
})
}


resource "aws_vpc_ipam_pool_cidr" "main" {
provider = aws.kops-infra-ci
ipam_pool_id = aws_vpc_ipam_pool.main.id
cidr = var.vpc_cidr
}

resource "aws_vpc_ipam_preview_next_cidr" "main" {
provider = aws.kops-infra-ci
ipam_pool_id = aws_vpc_ipam_pool.main.id

netmask_length = 20 // a 18 netmask length is considered as too big for the CIDR pool
}

module "vpc" {
providers = {
aws = aws.kops-infra-ci
}

source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"

name = "${local.prefix}-vpc"
cidr = aws_vpc_ipam_preview_next_cidr.main.cidr

ipv4_ipam_pool_id = aws_vpc_ipam_pool.main.id

azs = local.azs
private_subnets = local.private_subnets
public_subnets = local.public_subnets

enable_nat_gateway = true
single_nat_gateway = false
one_nat_gateway_per_az = true

// TODO(ameukam): Remove this after https://github.com/kubernetes/k8s.io/issues/5127 is closed
enable_flow_log = true
create_flow_log_cloudwatch_iam_role = true
create_flow_log_cloudwatch_log_group = true
flow_log_cloudwatch_log_group_retention_in_days = 30

enable_dns_hostnames = true

public_subnet_tags = {
"kubernetes.io/role/elb" = 1
}

private_subnet_tags = {
"kubernetes.io/role/internal-elb" = 1
}

tags = merge(var.tags, {
"region" = "${data.aws_region.current.name}"
})
}

0 comments on commit 0e96fb2

Please sign in to comment.