From f9f7eb628e10c21f574667bc14773c3d836cabe8 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Thu, 10 May 2018 14:26:35 -0400 Subject: [PATCH] Create integration test for unmanaged networking --- .../update_cluster/unmanaged/id_rsa.pub | 1 + .../update_cluster/unmanaged/in-v1alpha2.yaml | 110 +++ .../update_cluster/unmanaged/kubernetes.tf | 770 ++++++++++++++++++ 3 files changed, 881 insertions(+) create mode 100755 tests/integration/update_cluster/unmanaged/id_rsa.pub create mode 100644 tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml create mode 100644 tests/integration/update_cluster/unmanaged/kubernetes.tf diff --git a/tests/integration/update_cluster/unmanaged/id_rsa.pub b/tests/integration/update_cluster/unmanaged/id_rsa.pub new file mode 100755 index 0000000000..81cb012783 --- /dev/null +++ b/tests/integration/update_cluster/unmanaged/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml new file mode 100644 index 0000000000..195d5e7aa2 --- /dev/null +++ b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml @@ -0,0 +1,110 @@ +apiVersion: kops/v1alpha2 +kind: Cluster +metadata: + creationTimestamp: "2016-12-12T04:13:14Z" + name: unmanaged.example.com +spec: + kubernetesApiAccess: + - 0.0.0.0/0 + channel: stable + cloudProvider: aws + configBase: memfs://clusters.example.com/unmanaged.example.com + etcdClusters: + - etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + name: main + - etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + name: events + kubernetesVersion: v1.8.2 + masterInternalName: api.internal.unmanaged.example.com + masterPublicName: api.unmanaged.example.com + networkCIDR: 172.20.0.0/16 + networking: + weave: {} + nonMasqueradeCIDR: 100.64.0.0/10 + sshAccess: + - 0.0.0.0/0 + topology: + masters: private + nodes: private + subnets: + - cidr: 172.20.32.0/19 + egress: nat-a2345678 + name: us-test-1a + type: Private + zone: us-test-1a + - cidr: 172.20.64.0/19 + egress: nat-b2345678 + name: us-test-1b + type: Private + zone: us-test-1b + - cidr: 172.20.4.0/22 + name: utility-us-test-1a + type: Utility + zone: us-test-1a + - cidr: 172.20.8.0/22 + name: utility-us-test-1b + type: Utility + zone: us-test-1b + +--- + +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-12T04:13:15Z" + name: master-us-test-1a + labels: + kops.k8s.io/cluster: unmanaged.example.com +spec: + associatePublicIp: true + image: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2017-01-09 + machineType: m3.medium + maxSize: 1 + minSize: 1 + role: Master + subnets: + - us-test-1a + +--- + +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-12T04:13:15Z" + name: nodes + labels: + kops.k8s.io/cluster: unmanaged.example.com +spec: + associatePublicIp: true + image: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2017-01-09 + machineType: t2.medium + maxSize: 2 + minSize: 2 + role: Node + subnets: + - us-test-1a + - us-test-1b + + +--- + +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-14T15:32:41Z" + name: bastion + labels: + kops.k8s.io/cluster: unmanaged.example.com +spec: + associatePublicIp: true + image: kope.io/k8s-1.5-debian-jessie-amd64-hvm-ebs-2017-01-09 + machineType: t2.micro + maxSize: 1 + minSize: 1 + role: Bastion + subnets: + - utility-us-test-1a diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf new file mode 100644 index 0000000000..bb9c7214db --- /dev/null +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -0,0 +1,770 @@ +output "bastion_security_group_ids" { + value = ["${aws_security_group.bastion-unmanaged-example-com.id}"] +} + +output "bastions_role_arn" { + value = "${aws_iam_role.bastions-unmanaged-example-com.arn}" +} + +output "bastions_role_name" { + value = "${aws_iam_role.bastions-unmanaged-example-com.name}" +} + +output "cluster_name" { + value = "unmanaged.example.com" +} + +output "master_security_group_ids" { + value = ["${aws_security_group.masters-unmanaged-example-com.id}"] +} + +output "masters_role_arn" { + value = "${aws_iam_role.masters-unmanaged-example-com.arn}" +} + +output "masters_role_name" { + value = "${aws_iam_role.masters-unmanaged-example-com.name}" +} + +output "node_security_group_ids" { + value = ["${aws_security_group.nodes-unmanaged-example-com.id}"] +} + +output "node_subnet_ids" { + value = ["${aws_subnet.us-test-1a-unmanaged-example-com.id}", "${aws_subnet.us-test-1b-unmanaged-example-com.id}"] +} + +output "nodes_role_arn" { + value = "${aws_iam_role.nodes-unmanaged-example-com.arn}" +} + +output "nodes_role_name" { + value = "${aws_iam_role.nodes-unmanaged-example-com.name}" +} + +output "region" { + value = "us-test-1" +} + +output "vpc_id" { + value = "${aws_vpc.unmanaged-example-com.id}" +} + +provider "aws" { + region = "us-test-1" +} + +resource "aws_autoscaling_attachment" "bastion-unmanaged-example-com" { + elb = "${aws_elb.bastion-unmanaged-example-com.id}" + autoscaling_group_name = "${aws_autoscaling_group.bastion-unmanaged-example-com.id}" +} + +resource "aws_autoscaling_attachment" "master-us-test-1a-masters-unmanaged-example-com" { + elb = "${aws_elb.api-unmanaged-example-com.id}" + autoscaling_group_name = "${aws_autoscaling_group.master-us-test-1a-masters-unmanaged-example-com.id}" +} + +resource "aws_autoscaling_group" "bastion-unmanaged-example-com" { + name = "bastion.unmanaged.example.com" + launch_configuration = "${aws_launch_configuration.bastion-unmanaged-example-com.id}" + max_size = 1 + min_size = 1 + vpc_zone_identifier = ["${aws_subnet.utility-us-test-1a-unmanaged-example-com.id}"] + + tag = { + key = "KubernetesCluster" + value = "unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "Name" + value = "bastion.unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "k8s.io/role/bastion" + value = "1" + propagate_at_launch = true + } + + metrics_granularity = "1Minute" + enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] +} + +resource "aws_autoscaling_group" "master-us-test-1a-masters-unmanaged-example-com" { + name = "master-us-test-1a.masters.unmanaged.example.com" + launch_configuration = "${aws_launch_configuration.master-us-test-1a-masters-unmanaged-example-com.id}" + max_size = 1 + min_size = 1 + vpc_zone_identifier = ["${aws_subnet.us-test-1a-unmanaged-example-com.id}"] + + tag = { + key = "KubernetesCluster" + value = "unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "Name" + value = "master-us-test-1a.masters.unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "k8s.io/role/master" + value = "1" + propagate_at_launch = true + } + + metrics_granularity = "1Minute" + enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] +} + +resource "aws_autoscaling_group" "nodes-unmanaged-example-com" { + name = "nodes.unmanaged.example.com" + launch_configuration = "${aws_launch_configuration.nodes-unmanaged-example-com.id}" + max_size = 2 + min_size = 2 + vpc_zone_identifier = ["${aws_subnet.us-test-1a-unmanaged-example-com.id}", "${aws_subnet.us-test-1b-unmanaged-example-com.id}"] + + tag = { + key = "KubernetesCluster" + value = "unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "Name" + value = "nodes.unmanaged.example.com" + propagate_at_launch = true + } + + tag = { + key = "k8s.io/role/node" + value = "1" + propagate_at_launch = true + } + + metrics_granularity = "1Minute" + enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] +} + +resource "aws_ebs_volume" "us-test-1a-etcd-events-unmanaged-example-com" { + availability_zone = "us-test-1a" + size = 20 + type = "gp2" + encrypted = false + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "us-test-1a.etcd-events.unmanaged.example.com" + "k8s.io/etcd/events" = "us-test-1a/us-test-1a" + "k8s.io/role/master" = "1" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_ebs_volume" "us-test-1a-etcd-main-unmanaged-example-com" { + availability_zone = "us-test-1a" + size = 20 + type = "gp2" + encrypted = false + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "us-test-1a.etcd-main.unmanaged.example.com" + "k8s.io/etcd/main" = "us-test-1a/us-test-1a" + "k8s.io/role/master" = "1" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_elb" "api-unmanaged-example-com" { + name = "api-unmanaged-example-com-t82m6f" + + listener = { + instance_port = 443 + instance_protocol = "TCP" + lb_port = 443 + lb_protocol = "TCP" + } + + security_groups = ["${aws_security_group.api-elb-unmanaged-example-com.id}"] + subnets = ["${aws_subnet.utility-us-test-1a-unmanaged-example-com.id}", "${aws_subnet.utility-us-test-1b-unmanaged-example-com.id}"] + + health_check = { + target = "SSL:443" + healthy_threshold = 2 + unhealthy_threshold = 2 + interval = 10 + timeout = 5 + } + + idle_timeout = 300 + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "api.unmanaged.example.com" + } +} + +resource "aws_elb" "bastion-unmanaged-example-com" { + name = "bastion-unmanaged-example-d7bn3d" + + listener = { + instance_port = 22 + instance_protocol = "TCP" + lb_port = 22 + lb_protocol = "TCP" + } + + security_groups = ["${aws_security_group.bastion-elb-unmanaged-example-com.id}"] + subnets = ["${aws_subnet.utility-us-test-1a-unmanaged-example-com.id}"] + + health_check = { + target = "TCP:22" + healthy_threshold = 2 + unhealthy_threshold = 2 + interval = 10 + timeout = 5 + } + + idle_timeout = 300 + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "bastion.unmanaged.example.com" + } +} + +resource "aws_iam_instance_profile" "bastions-unmanaged-example-com" { + name = "bastions.unmanaged.example.com" + role = "${aws_iam_role.bastions-unmanaged-example-com.name}" +} + +resource "aws_iam_instance_profile" "masters-unmanaged-example-com" { + name = "masters.unmanaged.example.com" + role = "${aws_iam_role.masters-unmanaged-example-com.name}" +} + +resource "aws_iam_instance_profile" "nodes-unmanaged-example-com" { + name = "nodes.unmanaged.example.com" + role = "${aws_iam_role.nodes-unmanaged-example-com.name}" +} + +resource "aws_iam_role" "bastions-unmanaged-example-com" { + name = "bastions.unmanaged.example.com" + assume_role_policy = "${file("${path.module}/data/aws_iam_role_bastions.unmanaged.example.com_policy")}" +} + +resource "aws_iam_role" "masters-unmanaged-example-com" { + name = "masters.unmanaged.example.com" + assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.unmanaged.example.com_policy")}" +} + +resource "aws_iam_role" "nodes-unmanaged-example-com" { + name = "nodes.unmanaged.example.com" + assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.unmanaged.example.com_policy")}" +} + +resource "aws_iam_role_policy" "bastions-unmanaged-example-com" { + name = "bastions.unmanaged.example.com" + role = "${aws_iam_role.bastions-unmanaged-example-com.name}" + policy = "${file("${path.module}/data/aws_iam_role_policy_bastions.unmanaged.example.com_policy")}" +} + +resource "aws_iam_role_policy" "masters-unmanaged-example-com" { + name = "masters.unmanaged.example.com" + role = "${aws_iam_role.masters-unmanaged-example-com.name}" + policy = "${file("${path.module}/data/aws_iam_role_policy_masters.unmanaged.example.com_policy")}" +} + +resource "aws_iam_role_policy" "nodes-unmanaged-example-com" { + name = "nodes.unmanaged.example.com" + role = "${aws_iam_role.nodes-unmanaged-example-com.name}" + policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy")}" +} + +resource "aws_internet_gateway" "unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_key_pair" "kubernetes-unmanaged-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { + key_name = "kubernetes.unmanaged.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" + public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.unmanaged.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}" +} + +resource "aws_launch_configuration" "bastion-unmanaged-example-com" { + name_prefix = "bastion.unmanaged.example.com-" + image_id = "ami-15000000" + instance_type = "t2.micro" + key_name = "${aws_key_pair.kubernetes-unmanaged-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.bastions-unmanaged-example-com.id}" + security_groups = ["${aws_security_group.bastion-unmanaged-example-com.id}"] + associate_public_ip_address = true + + root_block_device = { + volume_type = "gp2" + volume_size = 32 + delete_on_termination = true + } + + lifecycle = { + create_before_destroy = true + } + + enable_monitoring = false +} + +resource "aws_launch_configuration" "master-us-test-1a-masters-unmanaged-example-com" { + name_prefix = "master-us-test-1a.masters.unmanaged.example.com-" + image_id = "ami-15000000" + instance_type = "m3.medium" + key_name = "${aws_key_pair.kubernetes-unmanaged-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.masters-unmanaged-example-com.id}" + security_groups = ["${aws_security_group.masters-unmanaged-example-com.id}"] + associate_public_ip_address = false + user_data = "${file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.unmanaged.example.com_user_data")}" + + root_block_device = { + volume_type = "gp2" + volume_size = 64 + delete_on_termination = true + } + + ephemeral_block_device = { + device_name = "/dev/sdc" + virtual_name = "ephemeral0" + } + + lifecycle = { + create_before_destroy = true + } + + enable_monitoring = false +} + +resource "aws_launch_configuration" "nodes-unmanaged-example-com" { + name_prefix = "nodes.unmanaged.example.com-" + image_id = "ami-15000000" + instance_type = "t2.medium" + key_name = "${aws_key_pair.kubernetes-unmanaged-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" + iam_instance_profile = "${aws_iam_instance_profile.nodes-unmanaged-example-com.id}" + security_groups = ["${aws_security_group.nodes-unmanaged-example-com.id}"] + associate_public_ip_address = false + user_data = "${file("${path.module}/data/aws_launch_configuration_nodes.unmanaged.example.com_user_data")}" + + root_block_device = { + volume_type = "gp2" + volume_size = 128 + delete_on_termination = true + } + + lifecycle = { + create_before_destroy = true + } + + enable_monitoring = false +} + +resource "aws_route" "0-0-0-0--0" { + route_table_id = "${aws_route_table.unmanaged-example-com.id}" + destination_cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.unmanaged-example-com.id}" +} + +resource "aws_route" "private-us-test-1a-0-0-0-0--0" { + route_table_id = "${aws_route_table.private-us-test-1a-unmanaged-example-com.id}" + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = "nat-a2345678" +} + +resource "aws_route" "private-us-test-1b-0-0-0-0--0" { + route_table_id = "${aws_route_table.private-us-test-1b-unmanaged-example-com.id}" + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = "nat-b2345678" +} + +resource "aws_route53_record" "api-unmanaged-example-com" { + name = "api.unmanaged.example.com" + type = "A" + + alias = { + name = "${aws_elb.api-unmanaged-example-com.dns_name}" + zone_id = "${aws_elb.api-unmanaged-example-com.zone_id}" + evaluate_target_health = false + } + + zone_id = "/hostedzone/Z1AFAKE1ZON3YO" +} + +resource "aws_route_table" "private-us-test-1a-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "private-us-test-1a.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/kops/role" = "private-us-test-1a" + } +} + +resource "aws_route_table" "private-us-test-1b-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "private-us-test-1b.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/kops/role" = "private-us-test-1b" + } +} + +resource "aws_route_table" "unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/kops/role" = "public" + } +} + +resource "aws_route_table_association" "private-us-test-1a-unmanaged-example-com" { + subnet_id = "${aws_subnet.us-test-1a-unmanaged-example-com.id}" + route_table_id = "${aws_route_table.private-us-test-1a-unmanaged-example-com.id}" +} + +resource "aws_route_table_association" "private-us-test-1b-unmanaged-example-com" { + subnet_id = "${aws_subnet.us-test-1b-unmanaged-example-com.id}" + route_table_id = "${aws_route_table.private-us-test-1b-unmanaged-example-com.id}" +} + +resource "aws_route_table_association" "utility-us-test-1a-unmanaged-example-com" { + subnet_id = "${aws_subnet.utility-us-test-1a-unmanaged-example-com.id}" + route_table_id = "${aws_route_table.unmanaged-example-com.id}" +} + +resource "aws_route_table_association" "utility-us-test-1b-unmanaged-example-com" { + subnet_id = "${aws_subnet.utility-us-test-1b-unmanaged-example-com.id}" + route_table_id = "${aws_route_table.unmanaged-example-com.id}" +} + +resource "aws_security_group" "api-elb-unmanaged-example-com" { + name = "api-elb.unmanaged.example.com" + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + description = "Security group for api ELB" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "api-elb.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_security_group" "bastion-elb-unmanaged-example-com" { + name = "bastion-elb.unmanaged.example.com" + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + description = "Security group for bastion ELB" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "bastion-elb.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_security_group" "bastion-unmanaged-example-com" { + name = "bastion.unmanaged.example.com" + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + description = "Security group for bastion" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "bastion.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_security_group" "masters-unmanaged-example-com" { + name = "masters.unmanaged.example.com" + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + description = "Security group for masters" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "masters.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_security_group" "nodes-unmanaged-example-com" { + name = "nodes.unmanaged.example.com" + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + description = "Security group for nodes" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "nodes.unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_security_group_rule" "all-master-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-master-to-node" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "all-node-to-node" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" +} + +resource "aws_security_group_rule" "api-elb-egress" { + type = "egress" + security_group_id = "${aws_security_group.api-elb-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-egress" { + type = "egress" + security_group_id = "${aws_security_group.bastion-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-elb-egress" { + type = "egress" + security_group_id = "${aws_security_group.bastion-elb-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "bastion-to-master-ssh" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-unmanaged-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" +} + +resource "aws_security_group_rule" "bastion-to-node-ssh" { + type = "ingress" + security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-unmanaged-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" +} + +resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" { + type = "ingress" + security_group_id = "${aws_security_group.api-elb-unmanaged-example-com.id}" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "https-elb-to-master" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.api-elb-unmanaged-example-com.id}" + from_port = 443 + to_port = 443 + protocol = "tcp" +} + +resource "aws_security_group_rule" "master-egress" { + type = "egress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "node-egress" { + type = "egress" + security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 1 + to_port = 2379 + protocol = "tcp" +} + +resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 2382 + to_port = 4000 + protocol = "tcp" +} + +resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 4003 + to_port = 65535 + protocol = "tcp" +} + +resource "aws_security_group_rule" "node-to-master-udp-1-65535" { + type = "ingress" + security_group_id = "${aws_security_group.masters-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.nodes-unmanaged-example-com.id}" + from_port = 1 + to_port = 65535 + protocol = "udp" +} + +resource "aws_security_group_rule" "ssh-elb-to-bastion" { + type = "ingress" + security_group_id = "${aws_security_group.bastion-unmanaged-example-com.id}" + source_security_group_id = "${aws_security_group.bastion-elb-unmanaged-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" +} + +resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" { + type = "ingress" + security_group_id = "${aws_security_group.bastion-elb-unmanaged-example-com.id}" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_subnet" "us-test-1a-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + cidr_block = "172.20.32.0/19" + availability_zone = "us-test-1a" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "us-test-1a.unmanaged.example.com" + SubnetType = "Private" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/role/internal-elb" = "1" + } +} + +resource "aws_subnet" "us-test-1b-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + cidr_block = "172.20.64.0/19" + availability_zone = "us-test-1b" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "us-test-1b.unmanaged.example.com" + SubnetType = "Private" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/role/internal-elb" = "1" + } +} + +resource "aws_subnet" "utility-us-test-1a-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + cidr_block = "172.20.4.0/22" + availability_zone = "us-test-1a" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "utility-us-test-1a.unmanaged.example.com" + SubnetType = "Utility" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/role/elb" = "1" + } +} + +resource "aws_subnet" "utility-us-test-1b-unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + cidr_block = "172.20.8.0/22" + availability_zone = "us-test-1b" + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "utility-us-test-1b.unmanaged.example.com" + SubnetType = "Utility" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + "kubernetes.io/role/elb" = "1" + } +} + +resource "aws_vpc" "unmanaged-example-com" { + cidr_block = "172.20.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_vpc_dhcp_options" "unmanaged-example-com" { + domain_name = "us-test-1.compute.internal" + domain_name_servers = ["AmazonProvidedDNS"] + + tags = { + KubernetesCluster = "unmanaged.example.com" + Name = "unmanaged.example.com" + "kubernetes.io/cluster/unmanaged.example.com" = "owned" + } +} + +resource "aws_vpc_dhcp_options_association" "unmanaged-example-com" { + vpc_id = "${aws_vpc.unmanaged-example-com.id}" + dhcp_options_id = "${aws_vpc_dhcp_options.unmanaged-example-com.id}" +} + +terraform = { + required_version = ">= 0.9.3" +}