├── .gitignore
├── AIRGAPPED.md
├── README.md
├── bootstrap
    ├── main.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf
├── dns
    ├── dns.tf
    ├── variables.tf
    └── versions.tf
├── ignition
    ├── ignition.tf
    ├── output.tf
    ├── scripts
    │   ├── download.sh.tmpl
    │   ├── ignition.sh.tmpl
    │   └── manifests.sh.tmpl
    ├── templates.tf
    ├── variables.tf
    └── versions.tf
├── main.tf
├── master
    ├── master.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf
├── media
    └── topology.svg
├── outputs.tf
├── variables-azure.tf
├── versions.tf
└── vnet
    ├── common.tf
    ├── internal-lb.tf
    ├── nsg.tf
    ├── outputs.tf
    ├── public-lb.tf
    ├── variables.tf
    ├── versions.tf
    └── vnet.tf


/.gitignore:
--------------------------------------------------------------------------------
 1 | #  Local .terraform directories
 2 | **/.terraform/*
 3 | 
 4 | 
 5 | 
 6 | # .tfstate files
 7 | *.tfstate
 8 | *.tfstate.*
 9 | .terraform.lock.hcl
10 | 
11 | # .tfvars files
12 | *.tfvars
13 | 
14 | # Mac stuff
15 | .DS_Store
16 | 
17 | # openshift pull-secret
18 | pull-secret
19 | 
20 | # local
21 | makefile
22 | **/artifacts/*
23 | **/terraform.state.d/*
24 | *.log
25 | 
26 | # installer-files
27 | **/installer-files/*
28 | 
29 | # optional files
30 | extras.tf
31 | vnet/nat-gateway.tf
32 | bastion.tf
33 | 


--------------------------------------------------------------------------------
/AIRGAPPED.md:
--------------------------------------------------------------------------------
  1 | # Configuration for an AirGapped environment in Azure
  2 | 
  3 | This repository allows for a completely private, AirGapped implementation.  To configure it, a couple of pre-reqs first need to be met:
  4 | 
  5 | 1. Create an image registry.  You can either create an image repository from scratch, or configure one using Azure's Container Registry.  The CoreOS VMs must be able to reach this repository.
  6 | 
  7 | ## Creating an internal image regisry
  8 | 
  9 |   Creating an image registry using RedHat's [documentation](https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html).
 10 |   Follow all steps up to Step 4 of [Mirroring the OpenShift Container Platform image repository](https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations)
 11 | 
 12 | 
 13 | ```bash
 14 | $ export OCP_RELEASE="4.6.32-x86_64"
 15 | $ export LOCAL_REGISTRY="openshiftrepo.example.com:443"
 16 | $ export LOCAL_REPOSITORY="ocp4/openshift4"
 17 | $ export PRODUCT_REPO='openshift-release-dev' 
 18 | $ export LOCAL_SECRET_JSON='<path_to_pull_secret>' 
 19 | $ export RELEASE_NAME="ocp-release" 
 20 | 
 21 | $ oc adm -a ${LOCAL_SECRET_JSON} release mirror \
 22 |      --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE} \
 23 |      --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
 24 |      --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}
 25 | info: Mirroring 103 images to openshiftrepo.example.com:443/ocp4/openshift4 ...
 26 | openshiftrepo.example.com:443/
 27 |   ocp4/openshift4
 28 |     blobs:
 29 | ...
 30 | 
 31 | sha256:1a69a2bf32e9c39c4395de6c7fbcfbe8f430eb23476a8b85036e67e60050ce53 openshiftrepo.example.com:443/ocp4/openshift4:4.3.26-cluster-authentication-operator
 32 | info: Mirroring completed in 1m27.76s (8.084MB/s)
 33 | 
 34 | Success
 35 | Update image:  openshiftrepo.example.com:443/ocp4/openshift4:4.3.26-x86_64
 36 | Mirror prefix: openshiftrepo.example.com:443/ocp4/openshift4
 37 | 
 38 | To use the new mirrored repository to install, add the following section to the install-config.yaml:
 39 | 
 40 | imageContentSources:
 41 | - mirrors:
 42 |   - openshiftrepo.example.com:443/ocp4/openshift4
 43 |   source: quay.io/openshift-release-dev/ocp-release
 44 | - mirrors:
 45 |   - openshiftrepo.example.com:443/ocp4/openshift4
 46 |   source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
 47 | 
 48 | 
 49 | To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:
 50 | 
 51 | apiVersion: operator.openshift.io/v1alpha1
 52 | kind: ImageContentSourcePolicy
 53 | metadata:
 54 |   name: example
 55 | spec:
 56 |   repositoryDigestMirrors:
 57 |   - mirrors:
 58 |     - openshiftrepo.example.com:443/ocp4/openshift4
 59 |     source: quay.io/openshift-release-dev/ocp-release
 60 |   - mirrors:
 61 |     - openshiftrepo.example.com:443/ocp4/openshift4
 62 |     source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
 63 | ```
 64 | 
 65 | ## Creating an [Azure Container Registry](https://azure.microsoft.com/en-us/services/container-registry/) Instance
 66 | 
 67 | On a separate resource group, [create an instance](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal) of the Azure Container Registry (ACR) service.  You can use the same resource group where the public DNZ Zone is hosted. When selecting the ACR SKU, select Premium if you wish to restrict network access to specific networks inside your subscription.  Otherwise select Standard which provides 100GB of storage.  Basic only provides 10GB of storage and should not be used.  Enable Admin User to quickly get an username and password that can be used to generate the OpenShift Pull Secret for this repository.  You can find these values in the `Access Keys` configuration of the ACR.
 68 | 
 69 | Once the registry is created, follow the RedHat Documentation from [Creating a pull secret for your mirror registry](https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html#installation-local-registry-pull-secret_installing-restricted-networks-preparations) up to Step 4 of [Mirroring the OpenShift Container Platform image repository](https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations)
 70 | 
 71 | 
 72 | # Airgapped Scenarios
 73 | 
 74 | ## Private Endpoints with Egress Provided by Azure Public LB
 75 | When `azure_private` is set to true, the `api` and `*.apps` domains are configured on Private LoadBalancers.  A public loadbalancer is created to provide egress access to the cluster, but no inbound access is allowed.  If you want to use a mirrored registry, you can also include the `airgapped` variable in your terraform.tfvars file
 76 | 
 77 | ```terraform
 78 | azure_private = true
 79 | airgapped     = {
 80 |   enabled     = true
 81 |   repository  = "example.azurecr.io/ocp4/openshift4"
 82 | }
 83 | ```
 84 | 
 85 | ## Private Endpoints with User Defined Routing
 86 | In addition to `azure_private` and `airgapped` variables, you can set other variables that ensure all communication to your cluster are handled via internal endpoints and no traffic goes thru the Azure public network.  You are responsible for configuring addecuate access to the internet in your VNET (via a ExpressRoute, Proxies, etc).  Set the `azure_outbound_user_defined_routing` and `azure_preexisting_network` variabes to `true` and provide your VNET Resource Group, VNET Name and Control Plane and Compute Subnets
 87 | 
 88 | ```terraform
 89 | azure_private = true
 90 | airgapped     = {
 91 |   enabled     = true
 92 |   repository  = "example.azurecr.io/ocp4/openshift4"
 93 | }
 94 | azure_outbound_user_defined_routing = true
 95 | azure_preexisting_network = true
 96 | azure_network_resource_group_name = "yourNetworkResourceGroup"
 97 | azure_virtual_network = "yourVNETName"
 98 | azure_control_plane_subnet = "yourControlPlaneSubnetName"
 99 | azure_compute_subnet = "yourComputeSubnetName"
100 | ```
101 | 
102 | This ensures that terraform generates the `installer-config.yaml` and `ImageContentSourcePolicy` templates for a private, disconnected installation.
103 | 
104 | ## Proxied Environments
105 | When `proxy_config` is set, the cluster wide proxy will be configured during install for your OCP cluster.  You can specify your http and https proxies, any addresses that are not to be proxied, as well as the certificate trust bundle for your proxy.  When `proxy_config.enabled` is set to true, your install-config.yaml will be auto-generated with the proper proxy configuration
106 | 
107 | ```terraform
108 | proxy_config = {
109 |   enabled               = true                                         # set to true to enable proxy configuration
110 |   httpProxy             = "http://user:password@proxy.example.com:80"  # only supports http proxies at this time
111 |   httpsProxy            = "http://user:password@proxy.example.com:80"  # only supports http proxies at this time
112 |   noProxy               = "ip1,ip2,ip3,.example.com,10.0.0.0/8"        # comma delimited values
113 |   additionalTrustBundle = "/path/to/trust/bundle.pem"                  # set to "" for no additionalTrustBundle
114 | }
115 | ```
116 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # OpenShift 4 UPI on Azure Cloud
  2 | 
  3 | This [terraform](terraform.io) implementation will deploy OpenShift 4.x into an Azure VNET, with two subnets for controlplane and worker nodes.  Traffic to the master nodes is handled via a pair of loadbalancers, one for internal traffic and another for external API traffic.  Application loadbalancing is handled by a third loadbalancer that talks to the router pods on the infra nodes.  Worker, Infra and Master nodes are deployed across 3 Availability Zones
  4 | 
  5 | ![Topology](./media/topology.svg)
  6 | 
  7 | ## Prerequisites
  8 | 
  9 | 1. [Configure DNS](https://github.com/openshift/installer/blob/d0f7654bc4a0cf73392371962aef68cd9552b5dd/docs/user/azure/dnszone.md)
 10 | 
 11 | 2. [Create a Service Principal](https://github.com/openshift/installer/blob/d0f7654bc4a0cf73392371962aef68cd9552b5dd/docs/user/azure/credentials.md) with proper IAM roles
 12 | 
 13 | 3. [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
 14 | 
 15 | ## Minimal TFVARS file
 16 | 
 17 | ```terraform
 18 | azure_region = "eastus2"
 19 | cluster_name = "ocp46"
 20 | 
 21 | # From Prereq. Step #1
 22 | base_domain                           = "azure.example.com"
 23 | azure_base_domain_resource_group_name = "openshift4-common-rg"
 24 | 
 25 | # From Prereq. Step #2
 26 | azure_subscription_id  = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
 27 | azure_tenant_id        = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
 28 | azure_client_id        = "ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ"
 29 | azure_client_secret    = "AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA"
 30 | ```
 31 | 
 32 | ## Customizable Variables
 33 | 
 34 | | Variable                              | Description                                                    | Default         | Type   |
 35 | | ------------------------------------- | -------------------------------------------------------------- | --------------- | ------ |
 36 | | azure_subscription_id                 | Subscription ID for Azure Account                              | -               | string |
 37 | | azure_tenant_id                       | Tenant ID for Azure Subscription                               | -               | string |
 38 | | azure_client_id                       | Application Client ID (from Prereq Step #2)                    | -               | string |
 39 | | azure_client_secret                   | Application Client Secret (from Prereq Step #2)                | -               | string |
 40 | | azure_region                          | Azure Region to deploy to                                      | -               | string |
 41 | | cluster_name                          | Cluster Identifier                                             | -               | string |
 42 | | master_count                          | Number of master nodes to deploy                               | 3               | string |
 43 | | worker_count                          | Number of worker nodes to deploy                               | 3               | string |
 44 | | infra_count                           | Number of infra nodes to deploy                                | 0               | string |
 45 | | machine_v4_cidrs                      | IPv4 CIDR for OpenShift VNET                                   | \[10.0.0.0/16\] | list   |
 46 | | machine_v6_cidrs                      | IPv6 CIDR for OpenShift VNET                                   | \[\]               | list   |
 47 | | base_domain                           | DNS name for your deployment                                   | -               | string |
 48 | | azure_base_domain_resource_group_name | Resource group where DNS is hosted.  Must be on zame region.   | -               | string |
 49 | | azure_bootstrap_vm_type               | Size of bootstrap VM                                           | Standard_D4s_v3 | string |
 50 | | azure_master_vm_type                  | Size of master node VMs                                        | Standard_D4s_v3 | string |
 51 | | azure_infra_vm_type                   | Size of infra node VMs                                         | Standard_D4s_v3 | string |
 52 | | azure_worker_vm_type                  | Sizs of worker node VMs                                        | Standard_D4s_v3 | string |
 53 | | openshift_cluster_network_cidr        | CIDR for Kubernetes pods                                       | 10.128.0.0/14   | string |
 54 | | openshift_cluster_network_host_prefix | Detemines the number of pods a node can host.  23 gives you 510 pods per node. | 23 | string |
 55 | | openshift_service_network_cidr        | CIDR for Kubernetes services                                   | 172.30.0.0/16   | string |
 56 | | openshift_pull_secret                 | Filename that holds your OpenShift [pull-secret](https://cloud.redhat.com/openshift/install/azure/installer-provisioned) | - | string |
 57 | | azure_master_root_volume_size         | Size of master node root volume                                | 512             | string |
 58 | | azure_worker_root_volume_size         | Size of worker node root volume                                | 128             | string |
 59 | | azure_infra_root_volume_size          | Size of infra node root volume                                 | 128             | string |
 60 | | azure_master_root_volume_type         | Storage type for master root volume                            | Premium_LRS     | string |
 61 | | openshift_version                     | Version of OpenShift to deploy.                                | 4.6.13          | strig |
 62 | | bootstrap_completed                   | Control variable to delete bootstrap node after initialization | false           | bool |
 63 | | azure_private                         | If set to `true` will deploy `api` and `*.apps` endpoints as private LoadBalancers | - | bool |
 64 | | azure_extra_tags                      | Extra Azure tags to be applied to created resources            | {}              | map |
 65 | | airgapped                             | Configuration for an AirGapped environment                     | [AirGapped](AIRGAPPED.md) | map |
 66 | | azure_environment                     | The target Azure cloud environment for the cluster             | public | string |
 67 | | azure_master_availability_zones       | The availability zones in which to create the masters. The length of this list must match `master_count`| ["1","2","3"]| list |
 68 | | azure_preexisting_network             | Specifies whether an existing network should be used or a new one created for installation. | false | bool |
 69 | | azure_resource_group_name             | The name of the resource group for the cluster. If this is set, the cluster is installed to that existing resource group otherwise a new resource group will be created using cluster id. | -               | string |
 70 | | azure_network_resource_group_name     | The name of the network resource group, either existing or to be created | `null` | string |
 71 | | azure_virtual_network                 | The name of the virtual network, either existing or to be created | `null` | string |
 72 | | azure_control_plane_subnet            | The name of the subnet for the control plane, either existing or to be created | `null` | string |
 73 | | azure_compute_subnet                  | The name of the subnet for worker nodes, either existing or to be created | `null` | string |
 74 | | azure_emulate_single_stack_ipv6       | This determines whether a dual-stack cluster is configured to emulate single-stack IPv6 | false | bool |
 75 | | azure_outbound_user_defined_routing   | This determined whether User defined routing will be used for egress to Internet. When `false`, Standard LB will be used for egress to the Internet. | false | bool |
 76 | | use_ipv4                              | This determines wether your cluster will use IPv4 networking | true | bool |
 77 | | use_ipv6                              | This determines wether your cluster will use IPv6 networking | false | bool |
 78 | | proxy_config                          | Configuration for Cluster wide proxy | [AirGapped](AIRGAPPED.md)| map |
 79 | | openshift_ssh_key | Path to your own SSH Public Key.  If none provided it will create one for you | - | string |
 80 | | openshift_additional_trust_bundle | Path to your trusted CA bundle in pem format | - | string |
 81 | | openshift_byo_dns | If set to true, we will not create Azure Public/Private DNS zones.  **You'll need to manually create `api`, `api-int` and `*.apps` DNS records** | false | bool |
 82 | 
 83 | ## Deploy with Terraform
 84 | 
 85 | 1. Clone github repository
 86 | 
 87 |     ```bash
 88 |     git clone git@github.com:ibm-cloud-architecture/terraform-openshift4-azure.git
 89 |     ```
 90 | 
 91 | 2. Create your `terraform.tfvars` file
 92 | 
 93 | 3. Deploy with terraform
 94 | 
 95 |     ```bash
 96 |     terraform init
 97 |     terraform plan
 98 |     terraform apply
 99 |     ```
100 | 
101 | 4. Destroy bootstrap node
102 | 
103 |     ```bash
104 |     TF_VAR_bootstrap_complete=true terraform apply
105 |     ```
106 | 
107 | 5. To access your cluster
108 | 
109 |     ```bash
110 |     $ export KUBECONFIG=$PWD/installer-files/auth/kubeconfig
111 |     $ oc get nodes
112 |     NAME                                 STATUS   ROLES          AGE   VERSION
113 |     fs2021-hv0eu-infra-eastus21-6kqlt    Ready    infra,worker   20m   v1.19.0+3b01205
114 |     fs2021-hv0eu-infra-eastus22-m826l    Ready    infra,worker   20m   v1.19.0+3b01205
115 |     fs2021-hv0eu-infra-eastus23-qf4kc    Ready    infra,worker   19m   v1.19.0+3b01205
116 |     fs2021-hv0eu-master-0                Ready    master         30m   v1.19.0+3b01205
117 |     fs2021-hv0eu-master-1                Ready    master         30m   v1.19.0+3b01205
118 |     fs2021-hv0eu-master-2                Ready    master         30m   v1.19.0+3b01205
119 |     fs2021-hv0eu-worker-eastus21-bw8nq   Ready    worker         19m   v1.19.0+3b01205
120 |     fs2021-hv0eu-worker-eastus22-rtwwh   Ready    worker         20m   v1.19.0+3b01205
121 |     fs2021-hv0eu-worker-eastus23-tsw44   Ready    worker         20m   v1.19.0+3b01205
122 |     ```
123 | 
124 | ## Infra and Worker Node Deployment
125 | 
126 | Deployment of Openshift Worker and Infra nodes is handled by the machine-operator-api cluster operator.
127 | 
128 | ```bash
129 | $ oc get machineset -n openshift-machine-api
130 | NAME                           DESIRED   CURRENT   READY   AVAILABLE   AGE
131 | fs2021-hv0eu-infra-eastus21    1         1         1       1           35m
132 | fs2021-hv0eu-infra-eastus22    1         1         1       1           35m
133 | fs2021-hv0eu-infra-eastus23    1         1         1       1           35m
134 | fs2021-hv0eu-worker-eastus21   1         1         1       1           35m
135 | fs2021-hv0eu-worker-eastus22   1         1         1       1           35m
136 | fs2021-hv0eu-worker-eastus23   1         1         1       1           35m
137 | 
138 | $ oc get machines -n openshift-machine-api
139 | NAME                                 PHASE     TYPE              REGION    ZONE   AGE
140 | fs2021-hv0eu-infra-eastus21-6kqlt    Running   Standard_D4s_v3   eastus2   1      31m
141 | fs2021-hv0eu-infra-eastus22-m826l    Running   Standard_D4s_v3   eastus2   2      31m
142 | fs2021-hv0eu-infra-eastus23-qf4kc    Running   Standard_D4s_v3   eastus2   3      31m
143 | fs2021-hv0eu-master-0                Running   Standard_D8s_v3   eastus2   1      37m
144 | fs2021-hv0eu-master-1                Running   Standard_D8s_v3   eastus2   2      37m
145 | fs2021-hv0eu-master-2                Running   Standard_D8s_v3   eastus2   3      37m
146 | fs2021-hv0eu-worker-eastus21-bw8nq   Running   Standard_D8s_v3   eastus2   1      31m
147 | fs2021-hv0eu-worker-eastus22-rtwwh   Running   Standard_D8s_v3   eastus2   2      31m
148 | fs2021-hv0eu-worker-eastus23-tsw44   Running   Standard_D8s_v3   eastus2   3      31m
149 | ```
150 | 
151 | The infra nodes host the router/ingress pods, all the monitoring infrastrucutre, and the image registry.
152 | 


--------------------------------------------------------------------------------
/bootstrap/main.tf:
--------------------------------------------------------------------------------
  1 | locals {
  2 |   bootstrap_nic_ip_v4_configuration_name = "bootstrap-nic-ip-v4"
  3 |   bootstrap_nic_ip_v6_configuration_name = "bootstrap-nic-ip-v6"
  4 | }
  5 | 
  6 | 
  7 | resource "azurerm_public_ip" "bootstrap_public_ip_v4" {
  8 |   count = var.private || ! var.use_ipv4 ? 0 : 1
  9 | 
 10 |   sku                 = "Standard"
 11 |   location            = var.region
 12 |   name                = "${var.cluster_id}-bootstrap-pip-v4"
 13 |   resource_group_name = var.resource_group_name
 14 |   allocation_method   = "Static"
 15 | }
 16 | 
 17 | data "azurerm_public_ip" "bootstrap_public_ip_v4" {
 18 |   count = var.private ? 0 : 1
 19 | 
 20 |   name                = azurerm_public_ip.bootstrap_public_ip_v4[0].name
 21 |   resource_group_name = var.resource_group_name
 22 | }
 23 | 
 24 | resource "azurerm_public_ip" "bootstrap_public_ip_v6" {
 25 |   count = var.private || ! var.use_ipv6 ? 0 : 1
 26 | 
 27 |   sku                 = "Standard"
 28 |   location            = var.region
 29 |   name                = "${var.cluster_id}-bootstrap-pip-v6"
 30 |   resource_group_name = var.resource_group_name
 31 |   allocation_method   = "Static"
 32 |   ip_version          = "IPv6"
 33 | }
 34 | 
 35 | data "azurerm_public_ip" "bootstrap_public_ip_v6" {
 36 |   count = var.private || ! var.use_ipv6 ? 0 : 1
 37 | 
 38 |   name                = azurerm_public_ip.bootstrap_public_ip_v6[0].name
 39 |   resource_group_name = var.resource_group_name
 40 | }
 41 | 
 42 | resource "azurerm_network_interface" "bootstrap" {
 43 |   name                = "${var.cluster_id}-bootstrap-nic"
 44 |   location            = var.region
 45 |   resource_group_name = var.resource_group_name
 46 | 
 47 |   dynamic "ip_configuration" {
 48 |     for_each = [for ip in [
 49 |       {
 50 |         // LIMITATION: azure does not allow an ipv6 address to be primary today
 51 |         primary : var.use_ipv4,
 52 |         name : local.bootstrap_nic_ip_v4_configuration_name,
 53 |         ip_address_version : "IPv4",
 54 |         public_ip_id : var.private ? null : azurerm_public_ip.bootstrap_public_ip_v4[0].id,
 55 |         include : var.use_ipv4 || var.use_ipv6,
 56 |       },
 57 |       {
 58 |         primary : ! var.use_ipv4,
 59 |         name : local.bootstrap_nic_ip_v6_configuration_name,
 60 |         ip_address_version : "IPv6",
 61 |         public_ip_id : var.private || ! var.use_ipv6 ? null : azurerm_public_ip.bootstrap_public_ip_v6[0].id,
 62 |         include : var.use_ipv6,
 63 |       },
 64 |       ] : {
 65 |       primary : ip.primary
 66 |       name : ip.name
 67 |       ip_address_version : ip.ip_address_version
 68 |       public_ip_id : ip.public_ip_id
 69 |       include : ip.include
 70 |       } if ip.include
 71 |     ]
 72 |     content {
 73 |       primary                       = ip_configuration.value.primary
 74 |       name                          = ip_configuration.value.name
 75 |       subnet_id                     = var.subnet_id
 76 |       private_ip_address_version    = ip_configuration.value.ip_address_version
 77 |       private_ip_address_allocation = "Dynamic"
 78 |       public_ip_address_id          = ip_configuration.value.public_ip_id
 79 |     }
 80 |   }
 81 | }
 82 | 
 83 | resource "azurerm_network_interface_backend_address_pool_association" "public_lb_bootstrap_v4" {
 84 |   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
 85 |   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
 86 |   count = (! var.private || ! var.outbound_udr) ? 1 : 0
 87 | 
 88 |   network_interface_id    = azurerm_network_interface.bootstrap.id
 89 |   backend_address_pool_id = var.elb_backend_pool_v4_id
 90 |   ip_configuration_name   = local.bootstrap_nic_ip_v4_configuration_name
 91 | }
 92 | 
 93 | resource "azurerm_network_interface_backend_address_pool_association" "public_lb_bootstrap_v6" {
 94 |   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
 95 |   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
 96 |   count = var.use_ipv6 && (! var.private || ! var.outbound_udr) ? 1 : 0
 97 | 
 98 |   network_interface_id    = azurerm_network_interface.bootstrap.id
 99 |   backend_address_pool_id = var.elb_backend_pool_v6_id
100 |   ip_configuration_name   = local.bootstrap_nic_ip_v6_configuration_name
101 | }
102 | 
103 | resource "azurerm_network_interface_backend_address_pool_association" "internal_lb_bootstrap_v4" {
104 |   count = var.use_ipv4 ? 1 : 0
105 | 
106 |   network_interface_id    = azurerm_network_interface.bootstrap.id
107 |   backend_address_pool_id = var.ilb_backend_pool_v4_id
108 |   ip_configuration_name   = local.bootstrap_nic_ip_v4_configuration_name
109 | }
110 | 
111 | resource "azurerm_network_interface_backend_address_pool_association" "internal_lb_bootstrap_v6" {
112 |   count = var.use_ipv6 ? 1 : 0
113 | 
114 |   network_interface_id    = azurerm_network_interface.bootstrap.id
115 |   backend_address_pool_id = var.ilb_backend_pool_v6_id
116 |   ip_configuration_name   = local.bootstrap_nic_ip_v6_configuration_name
117 | }
118 | 
119 | resource "azurerm_linux_virtual_machine" "bootstrap" {
120 |   name                  = "${var.cluster_id}-bootstrap"
121 |   location              = var.region
122 |   resource_group_name   = var.resource_group_name
123 |   network_interface_ids = [azurerm_network_interface.bootstrap.id]
124 |   size                  = var.vm_size
125 |   admin_username        = "core"
126 |   # The password is normally applied by WALA (the Azure agent), but this
127 |   # isn't installed in RHCOS. As a result, this password is never set. It is
128 |   # included here because it is required by the Azure ARM API.
129 |   admin_password                  = "NotActuallyApplied!"
130 |   disable_password_authentication = false
131 | 
132 |   identity {
133 |     type         = "UserAssigned"
134 |     identity_ids = [var.identity]
135 |   }
136 | 
137 |   os_disk {
138 |     name                 = "${var.cluster_id}-bootstrap_OSDisk" # os disk name needs to match cluster-api convention
139 |     caching              = "ReadWrite"
140 |     storage_account_type = "Premium_LRS"
141 |     disk_size_gb         = 100
142 |   }
143 | 
144 |   source_image_id = var.vm_image
145 | 
146 |   computer_name = "${var.cluster_id}-bootstrap-vm"
147 |   custom_data   = base64encode(var.ignition)
148 | 
149 |   boot_diagnostics {
150 |     storage_account_uri = var.storage_account.primary_blob_endpoint
151 |   }
152 | 
153 |   depends_on = [
154 |     azurerm_network_interface_backend_address_pool_association.public_lb_bootstrap_v4,
155 |     azurerm_network_interface_backend_address_pool_association.public_lb_bootstrap_v6,
156 |     azurerm_network_interface_backend_address_pool_association.internal_lb_bootstrap_v4,
157 |     azurerm_network_interface_backend_address_pool_association.internal_lb_bootstrap_v6
158 |   ]
159 | }
160 | 
161 | resource "azurerm_network_security_rule" "bootstrap_ssh_in" {
162 |   name                        = "bootstrap_ssh_in"
163 |   priority                    = 103
164 |   direction                   = "Inbound"
165 |   access                      = "Allow"
166 |   protocol                    = "Tcp"
167 |   source_port_range           = "*"
168 |   destination_port_range      = "22"
169 |   source_address_prefix       = "*"
170 |   destination_address_prefix  = "*"
171 |   resource_group_name         = var.resource_group_name
172 |   network_security_group_name = var.nsg_name
173 | }
174 | 


--------------------------------------------------------------------------------
/bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "bootstrap_public_ip" {
2 |   value = var.private ? null : azurerm_public_ip.bootstrap_public_ip_v4[0].ip_address
3 | }
4 | 


--------------------------------------------------------------------------------
/bootstrap/variables.tf:
--------------------------------------------------------------------------------
  1 | variable "vm_size" {
  2 |   type        = string
  3 |   description = "The SKU ID for the bootstrap node."
  4 | }
  5 | 
  6 | variable "vm_image" {
  7 |   type        = string
  8 |   description = "The resource id of the vm image used for bootstrap."
  9 | }
 10 | 
 11 | variable "region" {
 12 |   type        = string
 13 |   description = "The region for the deployment."
 14 | }
 15 | 
 16 | variable "resource_group_name" {
 17 |   type        = string
 18 |   description = "The resource group name for the deployment."
 19 | }
 20 | 
 21 | variable "cluster_id" {
 22 |   type        = string
 23 |   description = "The identifier for the cluster."
 24 | }
 25 | 
 26 | variable "identity" {
 27 |   type        = string
 28 |   description = "The user assigned identity id for the vm."
 29 | }
 30 | 
 31 | variable "ignition" {
 32 |   type        = string
 33 |   description = "The content of the bootstrap ignition file."
 34 | }
 35 | 
 36 | variable "subnet_id" {
 37 |   type        = string
 38 |   description = "The subnet ID for the bootstrap node."
 39 | }
 40 | 
 41 | variable "elb_backend_pool_v4_id" {
 42 |   type        = string
 43 |   description = "The external load balancer bakend pool id. used to attach the bootstrap NIC"
 44 | }
 45 | 
 46 | variable "elb_backend_pool_v6_id" {
 47 |   type        = string
 48 |   description = "The external load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
 49 | }
 50 | 
 51 | variable "ilb_backend_pool_v4_id" {
 52 |   type        = string
 53 |   description = "The internal load balancer bakend pool id. used to attach the bootstrap NIC"
 54 | }
 55 | 
 56 | variable "ilb_backend_pool_v6_id" {
 57 |   type        = string
 58 |   description = "The internal load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
 59 | }
 60 | 
 61 | variable "storage_account" {
 62 |   type        = any
 63 |   description = "the storage account for the cluster. It can be used for boot diagnostics."
 64 | }
 65 | 
 66 | variable "tags" {
 67 |   type        = map(string)
 68 |   default     = {}
 69 |   description = "tags to be applied to created resources."
 70 | }
 71 | 
 72 | variable "nsg_name" {
 73 |   type        = string
 74 |   description = "The network security group for the subnet."
 75 | }
 76 | 
 77 | variable "private" {
 78 |   type        = bool
 79 |   description = "This value determines if this is a private cluster or not."
 80 | }
 81 | 
 82 | variable "use_ipv4" {
 83 |   type        = bool
 84 |   description = "This value determines if this is cluster should use IPv4 networking."
 85 | }
 86 | 
 87 | variable "use_ipv6" {
 88 |   type        = bool
 89 |   description = "This value determines if this is cluster should use IPv6 networking."
 90 | }
 91 | 
 92 | variable "emulate_single_stack_ipv6" {
 93 |   type        = bool
 94 |   description = "This determines whether a dual-stack cluster is configured to emulate single-stack IPv6."
 95 | }
 96 | 
 97 | variable "outbound_udr" {
 98 |   type    = bool
 99 |   default = false
100 | 
101 |   description = <<EOF
102 | This determined whether User defined routing will be used for egress to Internet.
103 | When false, Standard LB will be used for egress to the Internet.
104 | 
105 | This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
106 | conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
107 | EOF
108 | }
109 | 


--------------------------------------------------------------------------------
/bootstrap/versions.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | terraform {
 3 |   required_version = ">= 0.13"
 4 |   required_providers {
 5 |     azurerm = {
 6 |       source = "hashicorp/azurerm"
 7 |     }
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/dns/dns.tf:
--------------------------------------------------------------------------------
 1 | locals {
 2 |   // extracting "api.<clustername>" from <clusterdomain>
 3 |   api_external_name = "api.${replace(var.cluster_domain, ".${var.base_domain}", "")}"
 4 | }
 5 | 
 6 | resource "azurerm_private_dns_zone" "private" {
 7 |   name                = var.cluster_domain
 8 |   resource_group_name = var.resource_group_name
 9 | 
10 |   depends_on = [azurerm_dns_cname_record.api_external_v4, azurerm_dns_cname_record.api_external_v6]
11 | }
12 | 
13 | resource "azurerm_private_dns_zone_virtual_network_link" "network" {
14 |   name                  = "${var.cluster_id}-network-link"
15 |   resource_group_name   = var.resource_group_name
16 |   private_dns_zone_name = azurerm_private_dns_zone.private.name
17 |   virtual_network_id    = var.virtual_network_id
18 | }
19 | 
20 | resource "azurerm_private_dns_a_record" "apiint_internal" {
21 |   // TODO: internal LB should block v4 for better single stack emulation (&& ! var.emulate_single_stack_ipv6)
22 |   //   but RHCoS initramfs can't do v6 and so fails to ignite. https://issues.redhat.com/browse/GRPA-1343 
23 |   count = var.use_ipv4 ? 1 : 0
24 | 
25 |   name                = "api-int"
26 |   zone_name           = azurerm_private_dns_zone.private.name
27 |   resource_group_name = var.resource_group_name
28 |   ttl                 = 300
29 |   records             = [var.internal_lb_ipaddress_v4]
30 | }
31 | 
32 | resource "azurerm_private_dns_aaaa_record" "apiint_internal_v6" {
33 |   count = var.use_ipv6 ? 1 : 0
34 | 
35 |   name                = "api-int"
36 |   zone_name           = azurerm_private_dns_zone.private.name
37 |   resource_group_name = var.resource_group_name
38 |   ttl                 = 300
39 |   records             = [var.internal_lb_ipaddress_v6]
40 | }
41 | 
42 | resource "azurerm_private_dns_a_record" "api_internal" {
43 |   // TODO: internal LB should block v4 for better single stack emulation (&& ! var.emulate_single_stack_ipv6)
44 |   //   but RHCoS initramfs can't do v6 and so fails to ignite. https://issues.redhat.com/browse/GRPA-1343 
45 |   count = var.use_ipv4 ? 1 : 0
46 | 
47 |   name                = "api"
48 |   zone_name           = azurerm_private_dns_zone.private.name
49 |   resource_group_name = var.resource_group_name
50 |   ttl                 = 300
51 |   records             = [var.internal_lb_ipaddress_v4]
52 | }
53 | 
54 | resource "azurerm_private_dns_aaaa_record" "api_internal_v6" {
55 |   count = var.use_ipv6 ? 1 : 0
56 | 
57 |   name                = "api"
58 |   zone_name           = azurerm_private_dns_zone.private.name
59 |   resource_group_name = var.resource_group_name
60 |   ttl                 = 300
61 |   records             = [var.internal_lb_ipaddress_v6]
62 | }
63 | 
64 | resource "azurerm_dns_cname_record" "api_external_v4" {
65 |   count = var.private || !var.use_ipv4 ? 0 : 1
66 | 
67 |   name                = local.api_external_name
68 |   zone_name           = var.base_domain
69 |   resource_group_name = var.base_domain_resource_group_name
70 |   ttl                 = 300
71 |   record              = var.external_lb_fqdn_v4
72 | }
73 | 
74 | resource "azurerm_dns_cname_record" "api_external_v6" {
75 |   count = var.private || !var.use_ipv6 ? 0 : 1
76 | 
77 |   name                = "v6-${local.api_external_name}"
78 |   zone_name           = var.base_domain
79 |   resource_group_name = var.base_domain_resource_group_name
80 |   ttl                 = 300
81 |   record              = var.external_lb_fqdn_v6
82 | }
83 | 


--------------------------------------------------------------------------------
/dns/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "tags" {
 2 |   type        = map(string)
 3 |   default     = {}
 4 |   description = "tags to be applied to created resources."
 5 | }
 6 | 
 7 | variable "cluster_id" {
 8 |   description = "The identifier for the cluster."
 9 |   type        = string
10 | }
11 | 
12 | variable "cluster_domain" {
13 |   description = "The domain for the cluster that all DNS records must belong"
14 |   type        = string
15 | }
16 | 
17 | variable "base_domain" {
18 |   description = "The base domain used for public records"
19 |   type        = string
20 | }
21 | 
22 | variable "base_domain_resource_group_name" {
23 |   description = "The resource group where the base domain is"
24 |   type        = string
25 | }
26 | 
27 | variable "external_lb_fqdn_v4" {
28 |   description = "External API's LB fqdn for IPv4"
29 |   type        = string
30 | }
31 | 
32 | variable "external_lb_fqdn_v6" {
33 |   description = "External API's LB fqdn for IPv6"
34 |   type        = string
35 | }
36 | 
37 | variable "internal_lb_ipaddress_v4" {
38 |   description = "External API's LB IP v4 address"
39 |   type        = string
40 | }
41 | 
42 | variable "internal_lb_ipaddress_v6" {
43 |   description = "External API's LB IP v6 address"
44 |   type        = string
45 | }
46 | 
47 | variable "virtual_network_id" {
48 |   description = "The ID for Virtual Network that will be linked to the Private DNS zone."
49 |   type        = string
50 | }
51 | 
52 | variable "resource_group_name" {
53 |   type        = string
54 |   description = "Resource group for the deployment"
55 | }
56 | 
57 | variable "private" {
58 |   type        = bool
59 |   description = "This value determines if this is a private cluster or not."
60 | }
61 | 
62 | variable "use_ipv4" {
63 |   type        = bool
64 |   description = "This value determines if this is cluster should use IPv4 networking."
65 | }
66 | 
67 | variable "use_ipv6" {
68 |   type        = bool
69 |   description = "This value determines if this is cluster should use IPv6 networking."
70 | }
71 | 
72 | variable "emulate_single_stack_ipv6" {
73 |   type        = bool
74 |   description = "This determines whether a dual-stack cluster is configured to emulate single-stack IPv6."
75 | }
76 | 


--------------------------------------------------------------------------------
/dns/versions.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | terraform {
 3 |   required_version = ">= 0.13"
 4 |   required_providers {
 5 |     azurerm = {
 6 |       source = "hashicorp/azurerm"
 7 |     }
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/ignition/ignition.tf:
--------------------------------------------------------------------------------
  1 | resource "azurerm_storage_account" "ignition" {
  2 |   name                     = "ignition${local.cluster_nr}"
  3 |   resource_group_name      = var.resource_group_name
  4 |   location                 = var.azure_region
  5 |   account_tier             = "Standard"
  6 |   account_replication_type = "LRS"
  7 | }
  8 | 
  9 | data "azurerm_storage_account_sas" "ignition" {
 10 |   connection_string = azurerm_storage_account.ignition.primary_connection_string
 11 |   https_only        = true
 12 | 
 13 |   resource_types {
 14 |     service   = false
 15 |     container = false
 16 |     object    = true
 17 |   }
 18 | 
 19 |   services {
 20 |     blob  = true
 21 |     queue = false
 22 |     table = false
 23 |     file  = false
 24 |   }
 25 | 
 26 |   start = timestamp()
 27 | 
 28 |   expiry = timeadd(timestamp(), "24h")
 29 | 
 30 |   permissions {
 31 |     read    = true
 32 |     list    = true
 33 |     create  = false
 34 |     add     = false
 35 |     delete  = false
 36 |     process = false
 37 |     write   = false
 38 |     update  = false
 39 |   }
 40 | }
 41 | 
 42 | resource "azurerm_storage_container" "ignition" {
 43 |   name                  = "ignition"
 44 |   storage_account_name  = azurerm_storage_account.ignition.name
 45 |   container_access_type = "private"
 46 | }
 47 | 
 48 | locals {
 49 |   installer_workspace     = "${path.root}/installer-files/"
 50 |   openshift_installer_url = "${var.openshift_installer_url}/${var.openshift_version}"
 51 |   cluster_nr              = join("", split("-", var.cluster_id))
 52 | }
 53 | 
 54 | resource "null_resource" "download_binaries" {
 55 |   provisioner "local-exec" {
 56 |     when = create
 57 |     command = templatefile("${path.module}/scripts/download.sh.tmpl", {
 58 |       installer_workspace  = local.installer_workspace
 59 |       installer_url        = local.openshift_installer_url
 60 |       airgapped_enabled    = var.airgapped["enabled"]
 61 |       airgapped_repository = var.airgapped["repository"]
 62 |       pull_secret          = var.openshift_pull_secret
 63 |       openshift_version    = var.openshift_version
 64 |       path_root            = path.root
 65 |     })
 66 |   }
 67 | 
 68 |   provisioner "local-exec" {
 69 |     when    = destroy
 70 |     command = "rm -rf ./installer-files"
 71 |   }
 72 | 
 73 | }
 74 | 
 75 | 
 76 | resource "null_resource" "generate_manifests" {
 77 |   triggers = {
 78 |     install_config = data.template_file.install_config_yaml.rendered
 79 |   }
 80 | 
 81 |   depends_on = [
 82 |     null_resource.download_binaries,
 83 |     local_file.install_config_yaml,
 84 |   ]
 85 | 
 86 |   provisioner "local-exec" {
 87 |     command = templatefile("${path.module}/scripts/manifests.sh.tmpl", {
 88 |       installer_workspace = local.installer_workspace
 89 |     })
 90 |   }
 91 | }
 92 | 
 93 | # see templates.tf for generation of yaml config files
 94 | 
 95 | resource "null_resource" "generate_ignition" {
 96 |   depends_on = [
 97 |     null_resource.download_binaries,
 98 |     local_file.install_config_yaml,
 99 |     null_resource.generate_manifests,
100 |     local_file.cluster-infrastructure-02-config,
101 |     local_file.cluster-dns-02-config,
102 |     local_file.cloud-provider-config,
103 |     local_file.openshift-cluster-api_master-machines,
104 |     local_file.openshift-cluster-api_worker-machineset,
105 |     local_file.openshift-cluster-api_infra-machineset,
106 |     #local_file.ingresscontroller-default,
107 |     local_file.cloud-creds-secret-kube-system,
108 |     #local_file.cluster-scheduler-02-config,
109 |     local_file.cluster-monitoring-configmap,
110 |     #local_file.private-cluster-outbound-service,
111 |   ]
112 | 
113 |   provisioner "local-exec" {
114 |     command = templatefile("${path.module}/scripts/ignition.sh.tmpl", {
115 |       installer_workspace = local.installer_workspace
116 |       cluster_id          = var.cluster_id
117 |     })
118 |   }
119 | }
120 | 
121 | resource "azurerm_storage_blob" "ignition-bootstrap" {
122 |   name                   = "bootstrap.ign"
123 |   source                 = "${local.installer_workspace}/bootstrap.ign"
124 |   storage_account_name   = azurerm_storage_account.ignition.name
125 |   storage_container_name = azurerm_storage_container.ignition.name
126 |   type                   = "Block"
127 |   depends_on = [
128 |     null_resource.generate_ignition
129 |   ]
130 | }
131 | 
132 | resource "azurerm_storage_blob" "ignition-master" {
133 |   name                   = "master.ign"
134 |   source                 = "${local.installer_workspace}/master.ign"
135 |   storage_account_name   = azurerm_storage_account.ignition.name
136 |   storage_container_name = azurerm_storage_container.ignition.name
137 |   type                   = "Block"
138 |   depends_on = [
139 |     null_resource.generate_ignition
140 |   ]
141 | }
142 | 
143 | resource "azurerm_storage_blob" "ignition-worker" {
144 |   name                   = "worker.ign"
145 |   source                 = "${local.installer_workspace}/worker.ign"
146 |   storage_account_name   = azurerm_storage_account.ignition.name
147 |   storage_container_name = azurerm_storage_container.ignition.name
148 |   type                   = "Block"
149 |   depends_on = [
150 |     null_resource.generate_ignition
151 |   ]
152 | }
153 | 
154 | data "ignition_config" "master_redirect" {
155 |   replace {
156 |     source = "${azurerm_storage_blob.ignition-master.url}${data.azurerm_storage_account_sas.ignition.sas}"
157 |   }
158 | }
159 | 
160 | data "ignition_config" "bootstrap_redirect" {
161 |   replace {
162 |     source = "${azurerm_storage_blob.ignition-bootstrap.url}${data.azurerm_storage_account_sas.ignition.sas}"
163 |   }
164 | }
165 | 
166 | data "ignition_config" "worker_redirect" {
167 |   replace {
168 |     source = "${azurerm_storage_blob.ignition-worker.url}${data.azurerm_storage_account_sas.ignition.sas}"
169 |   }
170 | }
171 | 


--------------------------------------------------------------------------------
/ignition/output.tf:
--------------------------------------------------------------------------------
1 | output "bootstrap_ignition" {
2 |   value = data.ignition_config.bootstrap_redirect.rendered
3 | }
4 | 
5 | output "master_ignition" {
6 |   value = data.ignition_config.master_redirect.rendered
7 | }
8 | 


--------------------------------------------------------------------------------
/ignition/scripts/download.sh.tmpl:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | test -e ${installer_workspace} || mkdir -p ${installer_workspace}
 4 | 
 5 | case $(uname -s) in
 6 |   Darwin)
 7 |     wget -r -l1 -np -nd -q ${installer_url} -P ${installer_workspace} -A 'openshift-install-mac-4*.tar.gz'
 8 |     tar zxvf ${installer_workspace}/openshift-install-mac-4*.tar.gz -C ${installer_workspace}
 9 |     wget -r -l1 -np -nd -q ${installer_url} -P ${installer_workspace} -A 'openshift-client-mac-4*.tar.gz'
10 |     tar zxvf ${installer_workspace}/openshift-client-mac-4*.tar.gz -C ${installer_workspace}
11 |     wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-osx-amd64 -O ${installer_workspace}/jq > /dev/null 2>&1
12 |     ;;
13 |   Linux)
14 |     wget -r -l1 -np -nd -q ${installer_url} -P ${installer_workspace} -A 'openshift-install-linux-4*.tar.gz'
15 |     tar zxvf ${installer_workspace}/openshift-install-linux-4*.tar.gz -C ${installer_workspace}
16 |     wget -r -l1 -np -nd -q ${installer_url} -P ${installer_workspace} -A 'openshift-client-linux-4*.tar.gz'
17 |     tar zxvf ${installer_workspace}/openshift-client-linux-4*.tar.gz -C ${installer_workspace}
18 |     wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O ${installer_workspace}/jq
19 |     ;;
20 |   *)
21 |     exit 1;;
22 | esac
23 | chmod u+x ${installer_workspace}/jq
24 | rm -f ${installer_workspace}/*.tar.gz ${installer_workspace}/robots*.txt* ${installer_workspace}/README.md
25 | if [[ "${airgapped_enabled}" == "true" ]]; then
26 |   ${installer_workspace}/oc adm release extract -a ${pull_secret} --command=openshift-install ${airgapped_repository}:${openshift_version}-x86_64
27 |   mv ${path_root}/openshift-install ${installer_workspace}
28 | fi
29 | 


--------------------------------------------------------------------------------
/ignition/scripts/ignition.sh.tmpl:
--------------------------------------------------------------------------------
1 | ${installer_workspace}/openshift-install --dir=${installer_workspace} create ignition-configs --log-level=debug
2 | ${installer_workspace}/jq '.infraID="${cluster_id}"' ${installer_workspace}/metadata.json > _metadata.json
3 | mv _metadata.json ${installer_workspace}/metadata.json
4 | 


--------------------------------------------------------------------------------
/ignition/scripts/manifests.sh.tmpl:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | ${installer_workspace}/openshift-install --dir=${installer_workspace} create manifests --log-level=debug
4 | rm ${installer_workspace}/openshift/99_openshift-cluster-api_worker-machineset-*
5 | rm ${installer_workspace}/openshift/99_openshift-cluster-api_master-machines-*
6 | 


--------------------------------------------------------------------------------
/ignition/templates.tf:
--------------------------------------------------------------------------------
  1 | data "template_file" "install_config_yaml" {
  2 |   template = <<EOF
  3 | apiVersion: v1
  4 | baseDomain: ${var.base_domain}
  5 | compute:
  6 | - hyperthreading: Enabled
  7 |   name: worker
  8 |   platform:
  9 |     azure:
 10 |       type: ${var.worker_vm_type}
 11 |       osDisk:
 12 |         diskSizeGB: ${var.worker_os_disk_size}
 13 |         diskType: Premium_LRS
 14 |   replicas: ${var.node_count}
 15 | controlPlane:
 16 |   hyperthreading: Enabled
 17 |   name: master
 18 |   platform:
 19 |     azure:
 20 |       type: ${var.master_vm_type}
 21 |       osDisk:
 22 |         diskSizeGB: ${var.master_os_disk_size}
 23 |         diskType: Premium_LRS
 24 |       zones:
 25 |       - "1"
 26 |       - "2"
 27 |       - "3"
 28 |   replicas: ${var.master_count}
 29 | metadata:
 30 |   creationTimestamp: null
 31 |   name: ${var.cluster_name}
 32 | networking:
 33 |   clusterNetwork:
 34 |   - cidr: ${var.cluster_network_cidr}
 35 |     hostPrefix: ${var.cluster_network_host_prefix}
 36 |   machineNetwork:
 37 |   - cidr: ${var.machine_cidr}
 38 |   networkType: OpenShiftSDN
 39 |   serviceNetwork:
 40 |   - ${var.service_network_cidr}
 41 | platform:
 42 |   azure:
 43 |     region: ${var.azure_region}
 44 |     baseDomainResourceGroupName: ${var.azure_dns_resource_group_name}
 45 |     networkResourceGroupName: ${var.network_resource_group_name}
 46 |     virtualNetwork: ${var.virtual_network_name}
 47 |     controlPlaneSubnet: ${var.control_plane_subnet}
 48 |     computeSubnet: ${var.compute_subnet}
 49 |     outboundType: ${var.outbound_udr ? "UserDefinedRouting" : "Loadbalancer"}
 50 |     osDisk:
 51 |       diskSizeGB: ${var.worker_os_disk_size}
 52 |       diskType: Premium_LRS
 53 | publish: ${var.private ? "Internal" : "External"}
 54 | pullSecret: '${chomp(file(var.openshift_pull_secret))}'
 55 | sshKey: '${var.public_ssh_key}'
 56 | %{if var.airgapped["enabled"]}imageContentSources:
 57 | - mirrors:
 58 |   - ${var.airgapped["repository"]}
 59 |   source: quay.io/openshift-release-dev/ocp-release
 60 | - mirrors:
 61 |   - ${var.airgapped["repository"]}
 62 |   source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
 63 | %{endif}
 64 | %{if var.proxy_config["enabled"]}proxy:
 65 |   httpProxy: ${var.proxy_config["httpProxy"]}
 66 |   httpsProxy: ${var.proxy_config["httpsProxy"]}
 67 |   noProxy: ${var.proxy_config["noProxy"]}
 68 | %{endif}
 69 | %{if var.trust_bundle != ""}
 70 | ${indent(2, "additionalTrustBundle: |\n${file(var.trust_bundle)}")}
 71 | %{endif}
 72 | EOF
 73 | }
 74 | 
 75 | resource "local_file" "install_config_yaml" {
 76 |   content  = data.template_file.install_config_yaml.rendered
 77 |   filename = "${local.installer_workspace}/install-config.yaml"
 78 |   depends_on = [
 79 |     null_resource.download_binaries,
 80 |   ]
 81 | }
 82 | 
 83 | data "template_file" "cluster-infrastructure-02-config" {
 84 |   template = <<EOF
 85 | apiVersion: config.openshift.io/v1
 86 | kind: Infrastructure
 87 | metadata:
 88 |   creationTimestamp: null
 89 |   name: cluster
 90 | spec:
 91 |   cloudConfig:
 92 |     key: config
 93 |     name: cloud-provider-config
 94 | status:
 95 |   apiServerInternalURI: https://api-int.${var.cluster_name}.${var.base_domain}:6443
 96 |   apiServerURL: https://api.${var.cluster_name}.${var.base_domain}:6443
 97 |   etcdDiscoveryDomain: ${var.cluster_name}.${var.base_domain}
 98 |   infrastructureName: ${var.cluster_id}
 99 |   platform: Azure
100 |   platformStatus:
101 |     azure:
102 |       resourceGroupName: ${var.resource_group_name}
103 |     type: Azure
104 | EOF
105 | }
106 | 
107 | resource "local_file" "cluster-infrastructure-02-config" {
108 |   content  = data.template_file.cluster-infrastructure-02-config.rendered
109 |   filename = "${local.installer_workspace}/manifests/cluster-infrastructure-02-config.yml"
110 |   depends_on = [
111 |     null_resource.download_binaries,
112 |     null_resource.generate_manifests,
113 |   ]
114 | }
115 | 
116 | data "template_file" "cluster-dns-02-config" {
117 |   template = <<EOF
118 | apiVersion: config.openshift.io/v1
119 | kind: DNS
120 | metadata:
121 |   creationTimestamp: null
122 |   name: cluster
123 | spec:
124 |   baseDomain: ${var.cluster_name}.${var.base_domain}
125 | %{if var.byo_dns == false}
126 |   privateZone:
127 |     id: /subscriptions/${var.azure_subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Network/privateDnsZones/${var.cluster_name}.${var.base_domain}
128 | %{if var.private == false}
129 |   publicZone:
130 |     id: /subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_dns_resource_group_name}/providers/Microsoft.Network/dnszones/${var.base_domain}
131 | %{endif}
132 | %{endif}
133 | status: {}
134 | EOF
135 | }
136 | 
137 | resource "local_file" "cluster-dns-02-config" {
138 |   content  = data.template_file.cluster-dns-02-config.rendered
139 |   filename = "${local.installer_workspace}/manifests/cluster-dns-02-config.yml"
140 |   depends_on = [
141 |     null_resource.download_binaries,
142 |     null_resource.generate_manifests,
143 |   ]
144 | }
145 | 
146 | data "template_file" "cloud-provider-config" {
147 |   template = <<EOF
148 | apiVersion: v1
149 | data:
150 |   config: "{\n\t\"cloud\": \"AzurePublicCloud\",\n\t\"tenantId\": \"${var.azure_tenant_id}\",\n\t\"aadClientId\":
151 |     \"\",\n\t\"aadClientSecret\": \"\",\n\t\"aadClientCertPath\": \"\",\n\t\"aadClientCertPassword\":
152 |     \"\",\n\t\"useManagedIdentityExtension\": true,\n\t\"userAssignedIdentityID\":
153 |     \"\",\n\t\"subscriptionId\": \"${var.azure_subscription_id}\",\n\t\"resourceGroup\":
154 |     \"${var.resource_group_name}\",\n\t\"location\": \"${var.azure_region}\",\n\t\"vnetName\": \"${var.virtual_network_name}\",\n\t\"vnetResourceGroup\":
155 |     \"${var.network_resource_group_name}\",\n\t\"subnetName\": \"${var.compute_subnet}\",\n\t\"securityGroupName\":
156 |     \"${var.cluster_id}-nsg\",\n\t\"routeTableName\": \"${var.cluster_id}-node-routetable\",\n\t\"primaryAvailabilitySetName\":
157 |     \"\",\n\t\"vmType\": \"\",\n\t\"primaryScaleSetName\": \"\",\n\t\"cloudProviderBackoff\":
158 |     true,\n\t\"cloudProviderBackoffRetries\": 0,\n\t\"cloudProviderBackoffExponent\":
159 |     0,\n\t\"cloudProviderBackoffDuration\": 6,\n\t\"cloudProviderBackoffJitter\":
160 |     0,\n\t\"cloudProviderRateLimit\": true,\n\t\"cloudProviderRateLimitQPS\": 12,\n\t\"cloudProviderRateLimitBucket\":
161 |     10,\n\t\"cloudProviderRateLimitQPSWrite\": 12,\n\t\"cloudProviderRateLimitBucketWrite\":
162 |     10,\n\t\"useInstanceMetadata\": true,\n\t\"loadBalancerSku\": \"standard\",\n\t\"excludeMasterFromStandardLB\":
163 |     null,\n\t\"disableOutboundSNAT\": null,\n\t\"maximumLoadBalancerRuleCount\": 0\n}\n"
164 | kind: ConfigMap
165 | metadata:
166 |   name: cloud-provider-config
167 |   namespace: openshift-config
168 | EOF
169 | }
170 | 
171 | resource "local_file" "cloud-provider-config" {
172 |   content  = data.template_file.cloud-provider-config.rendered
173 |   filename = "${local.installer_workspace}/manifests/cloud-provider-config.yaml"
174 |   depends_on = [
175 |     null_resource.download_binaries,
176 |     null_resource.generate_manifests,
177 |   ]
178 | }
179 | 
180 | data "template_file" "openshift-cluster-api_master-machines" {
181 |   count    = var.master_count
182 |   template = <<EOF
183 | apiVersion: machine.openshift.io/v1beta1
184 | kind: Machine
185 | metadata:
186 |   creationTimestamp: null
187 |   labels:
188 |     machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
189 |     machine.openshift.io/cluster-api-machine-role: master
190 |     machine.openshift.io/cluster-api-machine-type: master
191 |   name: ${var.cluster_id}-master-${count.index}
192 |   namespace: openshift-machine-api
193 | spec:
194 |   metadata:
195 |     creationTimestamp: null
196 |   providerSpec:
197 |     value:
198 |       apiVersion: azureproviderconfig.openshift.io/v1beta1
199 |       credentialsSecret:
200 |         name: azure-cloud-credentials
201 |         namespace: openshift-machine-api
202 |       image:
203 |         offer: ""
204 |         publisher: ""
205 |         resourceID: /resourceGroups/${var.resource_group_name}/providers/Microsoft.Compute/images/${var.cluster_id}
206 |         sku: ""
207 |         version: ""
208 |       internalLoadBalancer: ""
209 |       kind: AzureMachineProviderSpec
210 |       location: ${var.azure_region}
211 |       managedIdentity: ${var.cluster_id}-identity
212 |       metadata:
213 |         creationTimestamp: null
214 |       natRule: null
215 |       networkResourceGroup: ${var.network_resource_group_name}
216 |       osDisk:
217 |         diskSizeGB: ${var.master_os_disk_size}
218 |         managedDisk:
219 |           storageAccountType: Premium_LRS
220 |         osType: Linux
221 |       publicIP: false
222 |       publicLoadBalancer: ""
223 |       resourceGroup: ${var.resource_group_name}
224 |       sshPrivateKey: ""
225 |       sshPublicKey: ""
226 |       subnet: ${var.control_plane_subnet}
227 |       userDataSecret:
228 |         name: master-user-data
229 |       vmSize: ${var.master_vm_type}
230 |       vnet: ${var.virtual_network_name}
231 |       %{if length(var.availability_zones) > 1}zone: "${var.availability_zones[count.index]}"%{endif}
232 | EOF
233 | }
234 | 
235 | resource "local_file" "openshift-cluster-api_master-machines" {
236 |   count    = var.master_count
237 |   content  = element(data.template_file.openshift-cluster-api_master-machines.*.rendered, count.index)
238 |   filename = "${local.installer_workspace}/openshift/99_openshift-cluster-api_master-machines-${count.index}.yaml"
239 |   depends_on = [
240 |     null_resource.download_binaries,
241 |     null_resource.generate_manifests,
242 |   ]
243 | }
244 | locals {
245 |   zone_node_replicas  = [for idx in range(length(var.availability_zones)) : floor(var.node_count / length(var.availability_zones)) + (idx + 1 > (var.node_count % length(var.availability_zones)) ? 0 : 1)]
246 |   zone_infra_replicas = [for idx in range(length(var.availability_zones)) : floor(var.infra_count / length(var.availability_zones)) + (idx + 1 > (var.infra_count % length(var.availability_zones)) ? 0 : 1)]
247 | }
248 | 
249 | data "template_file" "openshift-cluster-api_worker-machineset" {
250 |   count    = length(var.availability_zones)
251 |   template = <<EOF
252 | apiVersion: machine.openshift.io/v1beta1
253 | kind: MachineSet
254 | metadata:
255 |   creationTimestamp: null
256 |   labels:
257 |     machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
258 |     machine.openshift.io/cluster-api-machine-role: worker
259 |     machine.openshift.io/cluster-api-machine-type: worker
260 |   name: ${var.cluster_id}-worker-${var.azure_region}${count.index + 1}
261 |   namespace: openshift-machine-api
262 | spec:
263 |   replicas: ${local.zone_node_replicas[count.index]}
264 |   selector:
265 |     matchLabels:
266 |       machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
267 |       machine.openshift.io/cluster-api-machineset: ${var.cluster_id}-worker-${var.azure_region}${count.index + 1}
268 |   template:
269 |     metadata:
270 |       creationTimestamp: null
271 |       labels:
272 |         machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
273 |         machine.openshift.io/cluster-api-machine-role: worker
274 |         machine.openshift.io/cluster-api-machine-type: worker
275 |         machine.openshift.io/cluster-api-machineset: ${var.cluster_id}-worker-${var.azure_region}${count.index + 1}
276 |     spec:
277 |       metadata:
278 |         creationTimestamp: null
279 |       providerSpec:
280 |         value:
281 |           apiVersion: azureproviderconfig.openshift.io/v1beta1
282 |           credentialsSecret:
283 |             name: azure-cloud-credentials
284 |             namespace: openshift-machine-api
285 |           image:
286 |             offer: ""
287 |             publisher: ""
288 |             resourceID: /resourceGroups/${var.resource_group_name}/providers/Microsoft.Compute/images/${var.cluster_id}
289 |             sku: ""
290 |             version: ""
291 |           internalLoadBalancer: ""
292 |           kind: AzureMachineProviderSpec
293 |           location: ${var.azure_region}
294 |           managedIdentity: ${var.cluster_id}-identity
295 |           metadata:
296 |             creationTimestamp: null
297 |           natRule: null
298 |           networkResourceGroup: ${var.network_resource_group_name}
299 |           osDisk:
300 |             diskSizeGB: ${var.worker_os_disk_size}
301 |             managedDisk:
302 |               storageAccountType: Premium_LRS
303 |             osType: Linux
304 |           publicIP: false
305 |           publicLoadBalancer: ""
306 |           resourceGroup: ${var.resource_group_name}
307 |           sshPrivateKey: ""
308 |           sshPublicKey: ""
309 |           subnet: ${var.compute_subnet}
310 |           userDataSecret:
311 |             name: worker-user-data
312 |           vmSize: ${var.worker_vm_type}
313 |           vnet: ${var.virtual_network_name}
314 |           %{if length(var.availability_zones) > 1}zone: "${var.availability_zones[count.index]}"%{endif}
315 | EOF
316 | }
317 | 
318 | resource "local_file" "openshift-cluster-api_worker-machineset" {
319 |   count    = length(var.availability_zones)
320 |   content  = element(data.template_file.openshift-cluster-api_worker-machineset.*.rendered, count.index)
321 |   filename = "${local.installer_workspace}/openshift/99_openshift-cluster-api_worker-machineset-${count.index}.yaml"
322 |   depends_on = [
323 |     null_resource.download_binaries,
324 |     null_resource.generate_manifests,
325 |   ]
326 | }
327 | 
328 | data "template_file" "openshift-cluster-api_infra-machineset" {
329 |   count    = var.infra_count > 0 ? length(var.availability_zones) : 0
330 |   template = <<EOF
331 | apiVersion: machine.openshift.io/v1beta1
332 | kind: MachineSet
333 | metadata:
334 |   creationTimestamp: null
335 |   labels:
336 |     machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
337 |     machine.openshift.io/cluster-api-machine-role: infra
338 |     machine.openshift.io/cluster-api-machine-type: infra
339 |   name: ${var.cluster_id}-infra-${var.azure_region}${count.index + 1}
340 |   namespace: openshift-machine-api
341 | spec:
342 |   replicas: ${local.zone_infra_replicas[count.index]}
343 |   selector:
344 |     matchLabels:
345 |       machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
346 |       machine.openshift.io/cluster-api-machineset: ${var.cluster_id}-infra-${var.azure_region}${count.index + 1}
347 |   template:
348 |     metadata:
349 |       creationTimestamp: null
350 |       labels:
351 |         machine.openshift.io/cluster-api-cluster: ${var.cluster_id}
352 |         machine.openshift.io/cluster-api-machine-role: infra
353 |         machine.openshift.io/cluster-api-machine-type: infra
354 |         machine.openshift.io/cluster-api-machineset: ${var.cluster_id}-infra-${var.azure_region}${count.index + 1}
355 |     spec:
356 |       metadata:
357 |         creationTimestamp: null
358 |         labels:
359 |           node-role.kubernetes.io/infra: ""
360 |       providerSpec:
361 |         value:
362 |           apiVersion: azureproviderconfig.openshift.io/v1beta1
363 |           credentialsSecret:
364 |             name: azure-cloud-credentials
365 |             namespace: openshift-machine-api
366 |           image:
367 |             offer: ""
368 |             publisher: ""
369 |             resourceID: /resourceGroups/${var.resource_group_name}/providers/Microsoft.Compute/images/${var.cluster_id}
370 |             sku: ""
371 |             version: ""
372 |           internalLoadBalancer: ""
373 |           kind: AzureMachineProviderSpec
374 |           location: ${var.azure_region}
375 |           managedIdentity: ${var.cluster_id}-identity
376 |           metadata:
377 |             creationTimestamp: null
378 |           natRule: null
379 |           networkResourceGroup: ${var.network_resource_group_name}
380 |           osDisk:
381 |             diskSizeGB: ${var.infra_os_disk_size}
382 |             managedDisk:
383 |               storageAccountType: Premium_LRS
384 |             osType: Linux
385 |           publicIP: false
386 |           publicLoadBalancer: ""
387 |           resourceGroup: ${var.resource_group_name}
388 |           sshPrivateKey: ""
389 |           sshPublicKey: ""
390 |           subnet: ${var.compute_subnet}
391 |           userDataSecret:
392 |             name: worker-user-data
393 |           vmSize: ${var.infra_vm_type}
394 |           vnet: ${var.virtual_network_name}
395 |           %{if length(var.availability_zones) > 1}zone: "${var.availability_zones[count.index]}"%{endif}
396 | EOF
397 | }
398 | 
399 | resource "local_file" "openshift-cluster-api_infra-machineset" {
400 |   count    = var.infra_count > 0 ? length(var.availability_zones) : 0
401 |   content  = element(data.template_file.openshift-cluster-api_infra-machineset.*.rendered, count.index)
402 |   filename = "${local.installer_workspace}/openshift/99_openshift-cluster-api_infra-machineset-${count.index}.yaml"
403 |   depends_on = [
404 |     null_resource.download_binaries,
405 |     null_resource.generate_manifests,
406 |   ]
407 | }
408 | 
409 | 
410 | data "template_file" "cloud-creds-secret-kube-system" {
411 |   template = <<EOF
412 | kind: Secret
413 | apiVersion: v1
414 | metadata:
415 |   namespace: kube-system
416 |   name: azure-credentials
417 | data:
418 |   azure_subscription_id: ${base64encode(var.azure_subscription_id)}
419 |   azure_client_id: ${base64encode(var.azure_client_id)}
420 |   azure_client_secret: ${base64encode(var.azure_client_secret)}
421 |   azure_tenant_id: ${base64encode(var.azure_tenant_id)}
422 |   azure_resource_prefix: ${base64encode(var.cluster_id)}
423 |   azure_resourcegroup: ${base64encode(var.resource_group_name)}
424 |   azure_region: ${base64encode(var.azure_region)}
425 | EOF
426 | }
427 | 
428 | resource "local_file" "cloud-creds-secret-kube-system" {
429 |   content  = data.template_file.cloud-creds-secret-kube-system.rendered
430 |   filename = "${local.installer_workspace}/openshift/99_cloud-creds-secret.yaml"
431 |   depends_on = [
432 |     null_resource.download_binaries,
433 |     null_resource.generate_manifests,
434 |   ]
435 | }
436 | 
437 | data "template_file" "cluster-monitoring-configmap" {
438 |   template = <<EOF
439 | apiVersion: v1
440 | kind: ConfigMap
441 | metadata:
442 |   name: cluster-monitoring-config
443 |   namespace: openshift-monitoring
444 | data:
445 |   config.yaml: |+
446 |     alertmanagerMain:
447 |       nodeSelector:
448 |         node-role.kubernetes.io/infra: ""
449 |     prometheusK8s:
450 |       nodeSelector:
451 |         node-role.kubernetes.io/infra: ""
452 |     prometheusOperator:
453 |       nodeSelector:
454 |         node-role.kubernetes.io/infra: ""
455 |     grafana:
456 |       nodeSelector:
457 |         node-role.kubernetes.io/infra: ""
458 |     k8sPrometheusAdapter:
459 |       nodeSelector:
460 |         node-role.kubernetes.io/infra: ""
461 |     kubeStateMetrics:
462 |       nodeSelector:
463 |         node-role.kubernetes.io/infra: ""
464 |     telemeterClient:
465 |       nodeSelector:
466 |         node-role.kubernetes.io/infra: ""
467 |     openshiftStateMetrics:
468 |       nodeSelector:
469 |         node-role.kubernetes.io/infra: ""
470 |     thanosQuerier:
471 |       nodeSelector:
472 |         node-role.kubernetes.io/infra: ""
473 | EOF
474 | }
475 | 
476 | resource "local_file" "cluster-monitoring-configmap" {
477 |   count    = var.infra_count > 0 ? 1 : 0
478 |   content  = data.template_file.cluster-monitoring-configmap.rendered
479 |   filename = "${local.installer_workspace}/openshift/99_cluster-monitoring-configmap.yml"
480 |   depends_on = [
481 |     null_resource.download_binaries,
482 |     null_resource.generate_manifests,
483 |   ]
484 | }
485 | 
486 | 
487 | data "template_file" "configure-image-registry-job-serviceaccount" {
488 |   template = <<EOF
489 | apiVersion: v1
490 | kind: ServiceAccount
491 | metadata:
492 |   name: infra
493 |   namespace: openshift-image-registry
494 | EOF
495 | }
496 | 
497 | resource "local_file" "configure-image-registry-job-serviceaccount" {
498 |   count    = var.infra_count > 0 ? 1 : 0
499 |   content  = data.template_file.configure-image-registry-job-serviceaccount.rendered
500 |   filename = "${local.installer_workspace}/openshift/99_configure-image-registry-job-serviceaccount.yml"
501 |   depends_on = [
502 |     null_resource.download_binaries,
503 |     null_resource.generate_manifests,
504 |   ]
505 | }
506 | 
507 | data "template_file" "configure-image-registry-job-clusterrole" {
508 |   template = <<EOF
509 | apiVersion: rbac.authorization.k8s.io/v1
510 | kind: ClusterRole
511 | metadata:
512 |   name: system:ibm-patch-cluster-storage
513 | rules:
514 | - apiGroups: ['imageregistry.operator.openshift.io']
515 |   resources: ['configs']
516 |   verbs:     ['get','patch']
517 |   resourceNames: ['cluster']
518 | EOF
519 | }
520 | 
521 | resource "local_file" "configure-image-registry-job-clusterrole" {
522 |   count    = var.infra_count > 0 ? 1 : 0
523 |   content  = data.template_file.configure-image-registry-job-clusterrole.rendered
524 |   filename = "${local.installer_workspace}/openshift/99_configure-image-registry-job-clusterrole.yml"
525 |   depends_on = [
526 |     null_resource.download_binaries,
527 |     null_resource.generate_manifests,
528 |   ]
529 | }
530 | 
531 | data "template_file" "configure-image-registry-job-clusterrolebinding" {
532 |   template = <<EOF
533 | apiVersion: rbac.authorization.k8s.io/v1
534 | kind: ClusterRoleBinding
535 | metadata:
536 |   name: system:ibm-patch-cluster-storage
537 | roleRef:
538 |   apiGroup: rbac.authorization.k8s.io
539 |   kind: ClusterRole
540 |   name: system:ibm-patch-cluster-storage
541 | subjects:
542 |   - kind: ServiceAccount
543 |     name: default
544 |     namespace: openshift-image-registry
545 | EOF
546 | }
547 | 
548 | resource "local_file" "configure-image-registry-job-clusterrolebinding" {
549 |   count    = var.infra_count > 0 ? 1 : 0
550 |   content  = data.template_file.configure-image-registry-job-clusterrolebinding.rendered
551 |   filename = "${local.installer_workspace}/openshift/99_configure-image-registry-job-clusterrolebinding.yml"
552 |   depends_on = [
553 |     null_resource.download_binaries,
554 |     null_resource.generate_manifests,
555 |   ]
556 | }
557 | 
558 | data "template_file" "configure-image-registry-job" {
559 |   template = <<EOF
560 | apiVersion: batch/v1
561 | kind: Job
562 | metadata:
563 |   name: ibm-configure-image-registry
564 |   namespace: openshift-image-registry
565 | spec:
566 |   parallelism: 1
567 |   completions: 1
568 |   template:
569 |     metadata:
570 |       name: configure-image-registry
571 |       labels:
572 |         app: configure-image-registry
573 |     serviceAccountName: infra
574 |     spec:
575 |       containers:
576 |       - name:  client
577 |         image: quay.io/openshift/origin-cli:latest
578 |         command: ["/bin/sh","-c"]
579 |         args: ["while ! /usr/bin/oc get configs.imageregistry.operator.openshift.io cluster >/dev/null 2>&1; do sleep 1;done;/usr/bin/oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{\"spec\": {\"nodeSelector\": {\"node-role.kubernetes.io/infra\": \"\"}}}'"]
580 |       restartPolicy: Never
581 | EOF
582 | }
583 | 
584 | resource "local_file" "configure-image-registry-job" {
585 |   count    = var.infra_count > 0 ? 1 : 0
586 |   content  = data.template_file.configure-image-registry-job.rendered
587 |   filename = "${local.installer_workspace}/openshift/99_configure-image-registry-job.yml"
588 |   depends_on = [
589 |     null_resource.download_binaries,
590 |     null_resource.generate_manifests,
591 |   ]
592 | }
593 | 
594 | data "template_file" "configure-ingress-job-serviceaccount" {
595 |   template = <<EOF
596 | apiVersion: v1
597 | kind: ServiceAccount
598 | metadata:
599 |   name: infra
600 |   namespace: openshift-ingress-operator
601 | EOF
602 | }
603 | 
604 | resource "local_file" "configure-ingress-job-serviceaccount" {
605 |   count    = var.infra_count > 0 ? 1 : 0
606 |   content  = data.template_file.configure-ingress-job-serviceaccount.rendered
607 |   filename = "${local.installer_workspace}/openshift/99_configure-ingress-job-serviceaccount.yml"
608 |   depends_on = [
609 |     null_resource.download_binaries,
610 |     null_resource.generate_manifests,
611 |   ]
612 | }
613 | 
614 | data "template_file" "configure-ingress-job-clusterrole" {
615 |   template = <<EOF
616 | apiVersion: rbac.authorization.k8s.io/v1
617 | kind: ClusterRole
618 | metadata:
619 |   name: system:ibm-patch-ingress
620 | rules:
621 | - apiGroups:     ['operator.openshift.io']
622 |   resources:     ['ingresscontrollers']
623 |   verbs:         ['get','patch']
624 |   resourceNames: ['default']
625 | EOF
626 | }
627 | 
628 | resource "local_file" "configure-ingress-job-clusterrole" {
629 |   count    = var.infra_count > 0 ? 1 : 0
630 |   content  = data.template_file.configure-ingress-job-clusterrole.rendered
631 |   filename = "${local.installer_workspace}/openshift/99_configure-ingress-job-clusterrole.yml"
632 |   depends_on = [
633 |     null_resource.download_binaries,
634 |     null_resource.generate_manifests,
635 |   ]
636 | }
637 | 
638 | data "template_file" "configure-ingress-job-clusterrolebinding" {
639 |   template = <<EOF
640 | apiVersion: rbac.authorization.k8s.io/v1
641 | kind: ClusterRoleBinding
642 | metadata:
643 |   name: system:ibm-patch-ingress
644 | roleRef:
645 |   apiGroup: rbac.authorization.k8s.io
646 |   kind: ClusterRole
647 |   name: system:ibm-patch-ingress
648 | subjects:
649 |   - kind: ServiceAccount
650 |     name: default
651 |     namespace: openshift-ingress-operator
652 | EOF
653 | }
654 | 
655 | resource "local_file" "configure-ingress-job-clusterrolebinding" {
656 |   count    = var.infra_count > 0 ? 1 : 0
657 |   content  = data.template_file.configure-ingress-job-clusterrolebinding.rendered
658 |   filename = "${local.installer_workspace}/openshift/99_configure-ingress-job-clusterrolebinding.yml"
659 |   depends_on = [
660 |     null_resource.download_binaries,
661 |     null_resource.generate_manifests,
662 |   ]
663 | }
664 | 
665 | data "template_file" "configure-ingress-job" {
666 |   template = <<EOF
667 | apiVersion: batch/v1
668 | kind: Job
669 | metadata:
670 |   name: ibm-configure-ingress
671 |   namespace: openshift-ingress-operator
672 | spec:
673 |   parallelism: 1
674 |   completions: 1
675 |   template:
676 |     metadata:
677 |       name: configure-ingress
678 |       labels:
679 |         app: configure-ingress
680 |     serviceAccountName: infra
681 |     spec:
682 |       containers:
683 |       - name:  client
684 |         image: quay.io/openshift/origin-cli:latest
685 |         command: ["/bin/sh","-c"]
686 |         args: ["while ! /usr/bin/oc get ingresscontrollers.operator.openshift.io default -n openshift-ingress-operator >/dev/null 2>&1; do sleep 1;done;/usr/bin/oc patch ingresscontrollers.operator.openshift.io default -n openshift-ingress-operator --type merge --patch '{\"spec\": {\"nodePlacement\": {\"nodeSelector\": {\"matchLabels\": {\"node-role.kubernetes.io/infra\": \"\"}}}}}'"]
687 |       restartPolicy: Never
688 | EOF
689 | }
690 | 
691 | resource "local_file" "configure-ingress-job" {
692 |   count    = var.infra_count > 0 ? 1 : 0
693 |   content  = data.template_file.configure-ingress-job.rendered
694 |   filename = "${local.installer_workspace}/openshift/99_configure-ingress-job.yml"
695 |   depends_on = [
696 |     null_resource.download_binaries,
697 |     null_resource.generate_manifests,
698 |   ]
699 | }
700 | 
701 | 
702 | data "template_file" "private-cluster-outbound-service" {
703 |   template = <<EOF
704 | ---
705 | apiVersion: v1	
706 | kind: Service	
707 | metadata:	
708 |   namespace: openshift-config-managed	
709 |   name: outbound-provider
710 | spec:	
711 |   type: LoadBalancer	
712 |   ports:	
713 |   - port: 27627	
714 | EOF	
715 | }
716 | 
717 | resource "local_file" "private-cluster-outbound-service" {
718 |   count    = var.private ? (var.outbound_udr ? 0 : 1) : 0
719 |   content  = data.template_file.private-cluster-outbound-service.rendered
720 |   filename = "${local.installer_workspace}/openshift/99_private-cluster-outbound-service.yaml"
721 |   depends_on = [
722 |     null_resource.download_binaries,
723 |     null_resource.generate_manifests,
724 |   ]
725 | }
726 | 
727 | 
728 | data "template_file" "airgapped_registry_upgrades" {
729 |   count    = var.airgapped["enabled"] ? 1 : 0
730 |   template = <<EOF
731 | apiVersion: operator.openshift.io/v1alpha1
732 | kind: ImageContentSourcePolicy
733 | metadata:
734 |   name: airgapped
735 | spec:
736 |   repositoryDigestMirrors:
737 |   - mirrors:
738 |     - ${var.airgapped["repository"]}
739 |     source: quay.io/openshift-release-dev/ocp-release
740 |   - mirrors:
741 |     - ${var.airgapped["repository"]}
742 |     source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
743 | EOF
744 | }
745 | 
746 | resource "local_file" "airgapped_registry_upgrades" {
747 |   count    = var.airgapped["enabled"] ? 1 : 0
748 |   content  = element(data.template_file.airgapped_registry_upgrades.*.rendered, count.index)
749 |   filename = "${local.installer_workspace}/openshift/99_airgapped_registry_upgrades.yaml"
750 |   depends_on = [
751 |     null_resource.download_binaries,
752 |     null_resource.generate_manifests,
753 |   ]
754 | }
755 | 


--------------------------------------------------------------------------------
/ignition/variables.tf:
--------------------------------------------------------------------------------
  1 | variable "base_domain" {
  2 |   type = string
  3 | }
  4 | 
  5 | variable "master_count" {
  6 |   type = string
  7 | }
  8 | 
  9 | variable "cluster_name" {
 10 |   type = string
 11 | }
 12 | 
 13 | variable "cluster_network_cidr" {
 14 |   type = string
 15 | }
 16 | 
 17 | variable "cluster_network_host_prefix" {
 18 |   type = string
 19 | }
 20 | 
 21 | variable "machine_cidr" {
 22 |   type = string
 23 | }
 24 | 
 25 | variable "service_network_cidr" {
 26 |   type = string
 27 | }
 28 | 
 29 | variable "azure_dns_resource_group_name" {
 30 |   type = string
 31 | }
 32 | 
 33 | variable "openshift_pull_secret" {
 34 |   type = string
 35 | }
 36 | 
 37 | variable "public_ssh_key" {
 38 |   type = string
 39 | }
 40 | 
 41 | variable "openshift_installer_url" {
 42 |   type    = string
 43 |   default = "https://mirror.openshift.com/pub/openshift-v4/clients/ocp"
 44 | }
 45 | 
 46 | variable "openshift_version" {
 47 |   type    = string
 48 |   default = "latest"
 49 | }
 50 | 
 51 | variable "cluster_id" {
 52 |   type = string
 53 | }
 54 | 
 55 | variable "resource_group_name" {
 56 |   type = string
 57 | }
 58 | 
 59 | variable "availability_zones" {
 60 |   type = list(string)
 61 | }
 62 | 
 63 | variable "node_count" {
 64 |   type = string
 65 | }
 66 | 
 67 | variable "infra_count" {
 68 |   type = string
 69 | }
 70 | 
 71 | variable "azure_region" {
 72 |   type = string
 73 | }
 74 | 
 75 | variable "master_vm_type" {
 76 |   type = string
 77 | }
 78 | 
 79 | variable "infra_vm_type" {
 80 |   type = string
 81 | }
 82 | 
 83 | variable "worker_vm_type" {
 84 |   type = string
 85 | }
 86 | 
 87 | variable "worker_os_disk_size" {
 88 |   type    = string
 89 |   default = 512
 90 | }
 91 | 
 92 | variable "infra_os_disk_size" {
 93 |   type    = string
 94 |   default = 512
 95 | }
 96 | 
 97 | variable "master_os_disk_size" {
 98 |   type    = string
 99 |   default = 512
100 | }
101 | 
102 | variable "azure_subscription_id" {
103 |   type = string
104 | }
105 | 
106 | variable "azure_client_id" {
107 |   type = string
108 | }
109 | 
110 | variable "azure_client_secret" {
111 |   type = string
112 | }
113 | 
114 | variable "azure_tenant_id" {
115 |   type = string
116 | }
117 | 
118 | variable "azure_rhcos_image_id" {
119 |   type = string
120 | }
121 | 
122 | variable "virtual_network_name" {
123 |   type = string
124 | }
125 | 
126 | variable "network_resource_group_name" {
127 |   type = string
128 | }
129 | 
130 | variable "control_plane_subnet" {
131 |   type = string
132 | }
133 | 
134 | variable "compute_subnet" {
135 |   type = string
136 | }
137 | 
138 | variable "private" {
139 |   type = bool
140 | }
141 | 
142 | variable "outbound_udr" {
143 |   type = bool
144 | }
145 | 
146 | variable "airgapped" {
147 |   type = map(string)
148 |   default = {
149 |     airgapped  = false
150 |     repository = ""
151 |   }
152 | }
153 | 
154 | variable "proxy_config" {
155 |   type = map(string)
156 |   default = {
157 |     enabled    = false
158 |     httpProxy  = ""
159 |     httpsProxy = ""
160 |     noProxy    = ""
161 |   }
162 | }
163 | 
164 | variable "trust_bundle" {
165 |   type    = string
166 |   default = ""
167 | }
168 | 
169 | variable "byo_dns" {
170 |   type    = bool
171 |   default = false
172 | }
173 | 


--------------------------------------------------------------------------------
/ignition/versions.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |     }
 6 |     ignition = {
 7 |       source = "community-terraform-providers/ignition"
 8 |     }
 9 |     local = {
10 |       source = "hashicorp/local"
11 |     }
12 |     null = {
13 |       source = "hashicorp/null"
14 |     }
15 |     template = {
16 |       source = "hashicorp/template"
17 |     }
18 |   }
19 |   required_version = ">= 0.13"
20 | }
21 | 


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
  1 | provider "azurerm" {
  2 |   features {}
  3 |   subscription_id = var.azure_subscription_id
  4 |   client_id       = var.azure_client_id
  5 |   client_secret   = var.azure_client_secret
  6 |   tenant_id       = var.azure_tenant_id
  7 |   environment     = var.azure_environment
  8 | }
  9 | 
 10 | resource "random_string" "cluster_id" {
 11 |   length  = 5
 12 |   special = false
 13 |   upper   = false
 14 | }
 15 | 
 16 | # SSH Key for VMs
 17 | resource "tls_private_key" "installkey" {
 18 |   count     = var.openshift_ssh_key == "" ? 1 : 0
 19 |   algorithm = "RSA"
 20 |   rsa_bits  = 4096
 21 | }
 22 | 
 23 | resource "local_file" "write_private_key" {
 24 |   count           = var.openshift_ssh_key == "" ? 1 : 0
 25 |   content         = tls_private_key.installkey[0].private_key_pem
 26 |   filename        = "${path.root}/installer-files/artifacts/openshift_rsa"
 27 |   file_permission = 0600
 28 | }
 29 | 
 30 | resource "local_file" "write_public_key" {
 31 |   content         = local.public_ssh_key
 32 |   filename        = "${path.root}/installer-files/artifacts/openshift_rsa.pub"
 33 |   file_permission = 0600
 34 | }
 35 | 
 36 | 
 37 | data "template_file" "azure_sp_json" {
 38 |   template = <<EOF
 39 | {
 40 |   "subscriptionId":"${var.azure_subscription_id}",
 41 |   "clientId":"${var.azure_client_id}",
 42 |   "clientSecret":"${var.azure_client_secret}",
 43 |   "tenantId":"${var.azure_tenant_id}"
 44 | }
 45 | EOF
 46 | }
 47 | 
 48 | resource "local_file" "azure_sp_json" {
 49 |   content  = data.template_file.azure_sp_json.rendered
 50 |   filename = pathexpand("~/.azure/osServicePrincipal.json")
 51 | }
 52 | 
 53 | data "http" "images" {
 54 |   url = "https://raw.githubusercontent.com/openshift/installer/release-${local.major_version}/data/data/rhcos.json"
 55 |   request_headers = {
 56 |     Accept = "application/json"
 57 |   }
 58 | }
 59 | 
 60 | locals {
 61 |   cluster_id = "${var.cluster_name}-${random_string.cluster_id.result}"
 62 |   tags = merge(
 63 |     {
 64 |       "kubernetes.io_cluster.${local.cluster_id}" = "owned"
 65 |     },
 66 |     var.azure_extra_tags,
 67 |   )
 68 |   azure_network_resource_group_name = (var.azure_preexisting_network && var.azure_network_resource_group_name != null) ? var.azure_network_resource_group_name : data.azurerm_resource_group.main.name
 69 |   azure_virtual_network             = (var.azure_preexisting_network && var.azure_virtual_network != null) ? var.azure_virtual_network : "${local.cluster_id}-vnet"
 70 |   azure_control_plane_subnet        = (var.azure_preexisting_network && var.azure_control_plane_subnet != null) ? var.azure_control_plane_subnet : "${local.cluster_id}-master-subnet"
 71 |   azure_compute_subnet              = (var.azure_preexisting_network && var.azure_compute_subnet != null) ? var.azure_compute_subnet : "${local.cluster_id}-worker-subnet"
 72 |   public_ssh_key                    = var.openshift_ssh_key == "" ? tls_private_key.installkey[0].public_key_openssh : file(var.openshift_ssh_key)
 73 |   major_version                     = join(".", slice(split(".", var.openshift_version), 0, 2))
 74 |   rhcos_image                       = lookup(lookup(jsondecode(data.http.images.body), "azure"), "url")
 75 | }
 76 | 
 77 | module "vnet" {
 78 |   source              = "./vnet"
 79 |   resource_group_name = data.azurerm_resource_group.main.name
 80 |   vnet_v4_cidrs       = var.machine_v4_cidrs
 81 |   vnet_v6_cidrs       = var.machine_v6_cidrs
 82 |   cluster_id          = local.cluster_id
 83 |   region              = var.azure_region
 84 |   dns_label           = local.cluster_id
 85 | 
 86 |   preexisting_network         = var.azure_preexisting_network
 87 |   network_resource_group_name = local.azure_network_resource_group_name
 88 |   virtual_network_name        = local.azure_virtual_network
 89 |   master_subnet               = local.azure_control_plane_subnet
 90 |   worker_subnet               = local.azure_compute_subnet
 91 |   private                     = var.azure_private
 92 |   outbound_udr                = var.azure_outbound_user_defined_routing
 93 | 
 94 |   use_ipv4                  = var.use_ipv4 || var.azure_emulate_single_stack_ipv6
 95 |   use_ipv6                  = var.use_ipv6
 96 |   emulate_single_stack_ipv6 = var.azure_emulate_single_stack_ipv6
 97 | }
 98 | 
 99 | module "ignition" {
100 |   source                        = "./ignition"
101 |   depends_on                    = [local_file.azure_sp_json]
102 |   base_domain                   = var.base_domain
103 |   openshift_version             = var.openshift_version
104 |   master_count                  = var.master_count
105 |   cluster_name                  = var.cluster_name
106 |   cluster_network_cidr          = var.openshift_cluster_network_cidr
107 |   cluster_network_host_prefix   = var.openshift_cluster_network_host_prefix
108 |   machine_cidr                  = var.machine_v4_cidrs[0]
109 |   service_network_cidr          = var.openshift_service_network_cidr
110 |   azure_dns_resource_group_name = var.azure_base_domain_resource_group_name
111 |   openshift_pull_secret         = var.openshift_pull_secret
112 |   public_ssh_key                = chomp(local.public_ssh_key)
113 |   cluster_id                    = local.cluster_id
114 |   resource_group_name           = data.azurerm_resource_group.main.name
115 |   availability_zones            = var.azure_master_availability_zones
116 |   node_count                    = var.worker_count
117 |   infra_count                   = var.infra_count
118 |   azure_region                  = var.azure_region
119 |   worker_vm_type                = var.azure_worker_vm_type
120 |   infra_vm_type                 = var.azure_infra_vm_type
121 |   master_vm_type                = var.azure_master_vm_type
122 |   worker_os_disk_size           = var.azure_worker_root_volume_size
123 |   infra_os_disk_size            = var.azure_infra_root_volume_size
124 |   master_os_disk_size           = var.azure_master_root_volume_size
125 |   azure_subscription_id         = var.azure_subscription_id
126 |   azure_client_id               = var.azure_client_id
127 |   azure_client_secret           = var.azure_client_secret
128 |   azure_tenant_id               = var.azure_tenant_id
129 |   azure_rhcos_image_id          = azurerm_image.cluster.id
130 |   virtual_network_name          = local.azure_virtual_network
131 |   network_resource_group_name   = local.azure_network_resource_group_name
132 |   control_plane_subnet          = local.azure_control_plane_subnet
133 |   compute_subnet                = local.azure_compute_subnet
134 |   private                       = module.vnet.private
135 |   outbound_udr                  = var.azure_outbound_user_defined_routing
136 |   airgapped                     = var.airgapped
137 |   proxy_config                  = var.proxy_config
138 |   trust_bundle                  = var.openshift_additional_trust_bundle
139 |   byo_dns                       = var.openshift_byo_dns
140 | }
141 | 
142 | module "bootstrap" {
143 |   source                 = "./bootstrap"
144 |   resource_group_name    = data.azurerm_resource_group.main.name
145 |   region                 = var.azure_region
146 |   vm_size                = var.azure_bootstrap_vm_type
147 |   vm_image               = azurerm_image.cluster.id
148 |   identity               = azurerm_user_assigned_identity.main.id
149 |   cluster_id             = local.cluster_id
150 |   ignition               = module.ignition.bootstrap_ignition
151 |   subnet_id              = module.vnet.master_subnet_id
152 |   elb_backend_pool_v4_id = module.vnet.public_lb_backend_pool_v4_id
153 |   elb_backend_pool_v6_id = module.vnet.public_lb_backend_pool_v6_id
154 |   ilb_backend_pool_v4_id = module.vnet.internal_lb_backend_pool_v4_id
155 |   ilb_backend_pool_v6_id = module.vnet.internal_lb_backend_pool_v6_id
156 |   tags                   = local.tags
157 |   storage_account        = azurerm_storage_account.cluster
158 |   nsg_name               = module.vnet.cluster_nsg_name
159 |   private                = module.vnet.private
160 |   outbound_udr           = var.azure_outbound_user_defined_routing
161 | 
162 |   use_ipv4                  = var.use_ipv4 || var.azure_emulate_single_stack_ipv6
163 |   use_ipv6                  = var.use_ipv6
164 |   emulate_single_stack_ipv6 = var.azure_emulate_single_stack_ipv6
165 | }
166 | 
167 | module "master" {
168 |   source                 = "./master"
169 |   resource_group_name    = data.azurerm_resource_group.main.name
170 |   cluster_id             = local.cluster_id
171 |   region                 = var.azure_region
172 |   availability_zones     = var.azure_master_availability_zones
173 |   vm_size                = var.azure_master_vm_type
174 |   vm_image               = azurerm_image.cluster.id
175 |   identity               = azurerm_user_assigned_identity.main.id
176 |   ignition               = module.ignition.master_ignition
177 |   elb_backend_pool_v4_id = module.vnet.public_lb_backend_pool_v4_id
178 |   elb_backend_pool_v6_id = module.vnet.public_lb_backend_pool_v6_id
179 |   ilb_backend_pool_v4_id = module.vnet.internal_lb_backend_pool_v4_id
180 |   ilb_backend_pool_v6_id = module.vnet.internal_lb_backend_pool_v6_id
181 |   subnet_id              = module.vnet.master_subnet_id
182 |   instance_count         = var.master_count
183 |   storage_account        = azurerm_storage_account.cluster
184 |   os_volume_type         = var.azure_master_root_volume_type
185 |   os_volume_size         = var.azure_master_root_volume_size
186 |   private                = module.vnet.private
187 |   outbound_udr           = var.azure_outbound_user_defined_routing
188 | 
189 |   use_ipv4                  = var.use_ipv4 || var.azure_emulate_single_stack_ipv6
190 |   use_ipv6                  = var.use_ipv6
191 |   emulate_single_stack_ipv6 = var.azure_emulate_single_stack_ipv6
192 | }
193 | 
194 | module "dns" {
195 |   count                           = var.openshift_byo_dns ? 0 : 1
196 |   source                          = "./dns"
197 |   cluster_domain                  = "${var.cluster_name}.${var.base_domain}"
198 |   cluster_id                      = local.cluster_id
199 |   base_domain                     = var.base_domain
200 |   virtual_network_id              = module.vnet.virtual_network_id
201 |   external_lb_fqdn_v4             = module.vnet.public_lb_pip_v4_fqdn
202 |   external_lb_fqdn_v6             = module.vnet.public_lb_pip_v6_fqdn
203 |   internal_lb_ipaddress_v4        = module.vnet.internal_lb_ip_v4_address
204 |   internal_lb_ipaddress_v6        = module.vnet.internal_lb_ip_v6_address
205 |   resource_group_name             = data.azurerm_resource_group.main.name
206 |   base_domain_resource_group_name = var.azure_base_domain_resource_group_name
207 |   private                         = module.vnet.private
208 | 
209 |   use_ipv4                  = var.use_ipv4 || var.azure_emulate_single_stack_ipv6
210 |   use_ipv6                  = var.use_ipv6
211 |   emulate_single_stack_ipv6 = var.azure_emulate_single_stack_ipv6
212 | }
213 | 
214 | resource "azurerm_resource_group" "main" {
215 |   count = var.azure_resource_group_name == "" ? 1 : 0
216 | 
217 |   name     = "${local.cluster_id}-rg"
218 |   location = var.azure_region
219 |   tags     = local.tags
220 | }
221 | 
222 | data "azurerm_resource_group" "main" {
223 |   name = var.azure_resource_group_name == "" ? "${local.cluster_id}-rg" : var.azure_resource_group_name
224 | 
225 |   depends_on = [azurerm_resource_group.main]
226 | }
227 | 
228 | data "azurerm_resource_group" "network" {
229 |   count = var.azure_preexisting_network ? 1 : 0
230 | 
231 |   name = var.azure_network_resource_group_name
232 | }
233 | 
234 | resource "azurerm_storage_account" "cluster" {
235 |   name                     = "cluster${var.cluster_name}${random_string.cluster_id.result}"
236 |   resource_group_name      = data.azurerm_resource_group.main.name
237 |   location                 = var.azure_region
238 |   account_tier             = "Standard"
239 |   account_replication_type = "LRS"
240 | }
241 | 
242 | resource "azurerm_user_assigned_identity" "main" {
243 |   resource_group_name = data.azurerm_resource_group.main.name
244 |   location            = data.azurerm_resource_group.main.location
245 | 
246 |   name = "${local.cluster_id}-identity"
247 | }
248 | 
249 | resource "azurerm_role_assignment" "main" {
250 |   scope                = data.azurerm_resource_group.main.id
251 |   role_definition_name = "Contributor"
252 |   principal_id         = azurerm_user_assigned_identity.main.principal_id
253 | }
254 | 
255 | resource "azurerm_role_assignment" "network" {
256 |   count = var.azure_preexisting_network ? 1 : 0
257 | 
258 |   scope                = data.azurerm_resource_group.network[0].id
259 |   role_definition_name = "Contributor"
260 |   principal_id         = azurerm_user_assigned_identity.main.principal_id
261 | }
262 | 
263 | # copy over the vhd to cluster resource group and create an image using that
264 | resource "azurerm_storage_container" "vhd" {
265 |   name                 = "vhd"
266 |   storage_account_name = azurerm_storage_account.cluster.name
267 | }
268 | 
269 | resource "azurerm_storage_blob" "rhcos_image" {
270 |   name                   = "rhcos${random_string.cluster_id.result}.vhd"
271 |   storage_account_name   = azurerm_storage_account.cluster.name
272 |   storage_container_name = azurerm_storage_container.vhd.name
273 |   type                   = "Page"
274 |   source_uri             = local.rhcos_image
275 |   metadata               = tomap({ "source_uri" = local.rhcos_image })
276 | }
277 | 
278 | resource "azurerm_image" "cluster" {
279 |   name                = local.cluster_id
280 |   resource_group_name = data.azurerm_resource_group.main.name
281 |   location            = var.azure_region
282 | 
283 |   os_disk {
284 |     os_type  = "Linux"
285 |     os_state = "Generalized"
286 |     blob_uri = azurerm_storage_blob.rhcos_image.url
287 |   }
288 | }
289 | 
290 | resource "null_resource" "delete_bootstrap" {
291 |   depends_on = [
292 |     module.master
293 |   ]
294 | 
295 |   provisioner "local-exec" {
296 |     command = <<EOF
297 | ./installer-files/openshift-install --dir=./installer-files wait-for bootstrap-complete --log-level=debug
298 | az vm delete -g ${data.azurerm_resource_group.main.name} -n ${local.cluster_id}-bootstrap -y
299 | az disk delete -g ${data.azurerm_resource_group.main.name} -n ${local.cluster_id}-bootstrap_OSDisk -y
300 | if [[ "${var.azure_private}" == "false" ]]; then
301 |   az network nic ip-config update -g ${data.azurerm_resource_group.main.name} -n bootstrap-nic-ip-v4 --nic-name ${local.cluster_id}-bootstrap-nic --remove PublicIpAddress
302 |   az network public-ip delete -g ${data.azurerm_resource_group.main.name} -n ${local.cluster_id}-bootstrap-pip-v4
303 | fi
304 | az network nic delete -g ${data.azurerm_resource_group.main.name} -n ${local.cluster_id}-bootstrap-nic
305 | EOF    
306 |   }
307 | }
308 | 


--------------------------------------------------------------------------------
/master/master.tf:
--------------------------------------------------------------------------------
  1 | locals {
  2 |   // The name of the masters' ipconfiguration is hardcoded to "pipconfig". It needs to match cluster-api
  3 |   // https://github.com/openshift/cluster-api-provider-azure/blob/master/pkg/cloud/azure/services/networkinterfaces/networkinterfaces.go#L131
  4 |   ip_v4_configuration_name = "pipConfig"
  5 |   // TODO: Azure machine provider probably needs to look for pipConfig-v6 as well (or a different name like pipConfig-secondary)
  6 |   ip_v6_configuration_name = "pipConfig-v6"
  7 | }
  8 | 
  9 | resource "azurerm_network_interface" "master" {
 10 |   count = var.instance_count
 11 | 
 12 |   name                = "${var.cluster_id}-master${count.index}-nic"
 13 |   location            = var.region
 14 |   resource_group_name = var.resource_group_name
 15 | 
 16 |   dynamic "ip_configuration" {
 17 |     for_each = [for ip in [
 18 |       {
 19 |         // LIMITATION: azure does not allow an ipv6 address to be primary today
 20 |         primary : var.use_ipv4,
 21 |         name : local.ip_v4_configuration_name,
 22 |         ip_address_version : "IPv4",
 23 |         include : var.use_ipv4 || var.use_ipv6
 24 |       },
 25 |       {
 26 |         primary : ! var.use_ipv4,
 27 |         name : local.ip_v6_configuration_name,
 28 |         ip_address_version : "IPv6",
 29 |         include : var.use_ipv6
 30 |       },
 31 |       ] : {
 32 |       primary : ip.primary
 33 |       name : ip.name
 34 |       ip_address_version : ip.ip_address_version
 35 |       include : ip.include
 36 |       } if ip.include
 37 |     ]
 38 |     content {
 39 |       primary                       = ip_configuration.value.primary
 40 |       name                          = ip_configuration.value.name
 41 |       subnet_id                     = var.subnet_id
 42 |       private_ip_address_version    = ip_configuration.value.ip_address_version
 43 |       private_ip_address_allocation = "Dynamic"
 44 |     }
 45 |   }
 46 | }
 47 | 
 48 | resource "azurerm_network_interface_backend_address_pool_association" "master_v4" {
 49 |   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
 50 |   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
 51 |   count = (! var.private || ! var.outbound_udr) ? var.instance_count : 0
 52 | 
 53 |   network_interface_id    = element(azurerm_network_interface.master.*.id, count.index)
 54 |   backend_address_pool_id = var.elb_backend_pool_v4_id
 55 |   ip_configuration_name   = local.ip_v4_configuration_name
 56 | }
 57 | 
 58 | resource "azurerm_network_interface_backend_address_pool_association" "master_v6" {
 59 |   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
 60 |   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
 61 |   count = var.use_ipv6 && (! var.private || ! var.outbound_udr) ? var.instance_count : 0
 62 | 
 63 |   network_interface_id    = element(azurerm_network_interface.master.*.id, count.index)
 64 |   backend_address_pool_id = var.elb_backend_pool_v6_id
 65 |   ip_configuration_name   = local.ip_v6_configuration_name
 66 | }
 67 | 
 68 | resource "azurerm_network_interface_backend_address_pool_association" "master_internal_v4" {
 69 |   count = var.use_ipv4 ? var.instance_count : 0
 70 | 
 71 |   network_interface_id    = element(azurerm_network_interface.master.*.id, count.index)
 72 |   backend_address_pool_id = var.ilb_backend_pool_v4_id
 73 |   ip_configuration_name   = local.ip_v4_configuration_name
 74 | }
 75 | 
 76 | resource "azurerm_network_interface_backend_address_pool_association" "master_internal_v6" {
 77 |   count = var.use_ipv6 ? var.instance_count : 0
 78 | 
 79 |   network_interface_id    = element(azurerm_network_interface.master.*.id, count.index)
 80 |   backend_address_pool_id = var.ilb_backend_pool_v6_id
 81 |   ip_configuration_name   = local.ip_v6_configuration_name
 82 | }
 83 | 
 84 | resource "azurerm_linux_virtual_machine" "master" {
 85 |   count = var.instance_count
 86 | 
 87 |   name                  = "${var.cluster_id}-master-${count.index}"
 88 |   location              = var.region
 89 |   zone                  = length(var.availability_zones) > 1 ? var.availability_zones[count.index] : var.availability_zones[0]
 90 |   resource_group_name   = var.resource_group_name
 91 |   network_interface_ids = [element(azurerm_network_interface.master.*.id, count.index)]
 92 |   size                  = var.vm_size
 93 |   admin_username        = "core"
 94 |   # The password is normally applied by WALA (the Azure agent), but this
 95 |   # isn't installed in RHCOS. As a result, this password is never set. It is
 96 |   # included here because it is required by the Azure ARM API.
 97 |   admin_password                  = "NotActuallyApplied!"
 98 |   disable_password_authentication = false
 99 | 
100 |   identity {
101 |     type         = "UserAssigned"
102 |     identity_ids = [var.identity]
103 |   }
104 | 
105 |   os_disk {
106 |     name                 = "${var.cluster_id}-master-${count.index}_OSDisk" # os disk name needs to match cluster-api convention
107 |     caching              = "ReadOnly"
108 |     storage_account_type = var.os_volume_type
109 |     disk_size_gb         = var.os_volume_size
110 |   }
111 | 
112 |   source_image_id = var.vm_image
113 | 
114 |   //we don't provide a ssh key, because it is set with ignition. 
115 |   //it is required to provide at least 1 auth method to deploy a linux vm
116 |   computer_name = "${var.cluster_id}-master-${count.index}"
117 |   custom_data   = base64encode(var.ignition)
118 | 
119 |   boot_diagnostics {
120 |     storage_account_uri = var.storage_account.primary_blob_endpoint
121 |   }
122 | }
123 | 
124 | 


--------------------------------------------------------------------------------
/master/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ip_addresses" {
2 |   value = azurerm_network_interface.master.*.private_ip_address
3 | }
4 | 


--------------------------------------------------------------------------------
/master/variables.tf:
--------------------------------------------------------------------------------
  1 | variable "region" {
  2 |   type        = string
  3 |   description = "The region for the deployment."
  4 | }
  5 | 
  6 | variable "resource_group_name" {
  7 |   type        = string
  8 |   description = "The resource group name for the deployment."
  9 | }
 10 | 
 11 | variable "cluster_id" {
 12 |   type = string
 13 | }
 14 | 
 15 | variable "vm_size" {
 16 |   type = string
 17 | }
 18 | 
 19 | variable "vm_image" {
 20 |   type        = string
 21 |   description = "The resource id of the vm image used for masters."
 22 | }
 23 | 
 24 | variable "identity" {
 25 |   type        = string
 26 |   description = "The user assigned identity id for the vm."
 27 | }
 28 | 
 29 | variable "instance_count" {
 30 |   type = string
 31 | }
 32 | 
 33 | variable "elb_backend_pool_v4_id" {
 34 |   type = string
 35 | }
 36 | 
 37 | variable "elb_backend_pool_v6_id" {
 38 |   type = string
 39 | }
 40 | 
 41 | variable "ilb_backend_pool_v4_id" {
 42 |   type = string
 43 | }
 44 | 
 45 | variable "ilb_backend_pool_v6_id" {
 46 |   type = string
 47 | }
 48 | 
 49 | variable "ignition_master" {
 50 |   type    = string
 51 |   default = ""
 52 | }
 53 | 
 54 | variable "kubeconfig_content" {
 55 |   type    = string
 56 |   default = ""
 57 | }
 58 | 
 59 | variable "subnet_id" {
 60 |   type        = string
 61 |   description = "The subnet to attach the masters to."
 62 | }
 63 | 
 64 | variable "os_volume_type" {
 65 |   type        = string
 66 |   description = "The type of the volume for the root block device."
 67 | }
 68 | 
 69 | variable "os_volume_size" {
 70 |   type        = string
 71 |   description = "The size of the volume in gigabytes for the root block device."
 72 | }
 73 | 
 74 | variable "tags" {
 75 |   type        = map(string)
 76 |   default     = {}
 77 |   description = "tags to be applied to created resources."
 78 | }
 79 | 
 80 | variable "storage_account" {
 81 |   type        = any
 82 |   description = "the storage account for the cluster. It can be used for boot diagnostics."
 83 | }
 84 | 
 85 | variable "ignition" {
 86 |   type = string
 87 | }
 88 | 
 89 | variable "availability_zones" {
 90 |   type        = list(string)
 91 |   description = "List of the availability zones in which to create the masters. The length of this list must match instance_count."
 92 | }
 93 | 
 94 | variable "private" {
 95 |   type        = bool
 96 |   description = "This value determines if this is a private cluster or not."
 97 | }
 98 | 
 99 | variable "use_ipv4" {
100 |   type        = bool
101 |   description = "This value determines if this is cluster should use IPv4 networking."
102 | }
103 | 
104 | variable "use_ipv6" {
105 |   type        = bool
106 |   description = "This value determines if this is cluster should use IPv6 networking."
107 | }
108 | 
109 | variable "emulate_single_stack_ipv6" {
110 |   type        = bool
111 |   description = "This determines whether a dual-stack cluster is configured to emulate single-stack IPv6."
112 | }
113 | 
114 | variable "outbound_udr" {
115 |   type    = bool
116 |   default = false
117 | 
118 |   description = <<EOF
119 | This determined whether User defined routing will be used for egress to Internet.
120 | When false, Standard LB will be used for egress to the Internet.
121 | 
122 | This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
123 | conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
124 | EOF
125 | }
126 | 


--------------------------------------------------------------------------------
/master/versions.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | terraform {
 3 |   required_version = ">= 0.13"
 4 |   required_providers {
 5 |     azurerm = {
 6 |       source = "hashicorp/azurerm"
 7 |     }
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/media/topology.svg:
--------------------------------------------------------------------------------
 1 | <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="overflow: hidden; display: block; width: 1456px; height: 580px;" width="1456px" height="580px" viewBox="0 0 1456 580"><defs/><g style="pointer-events:visiblePainted" transform="translate(17.722096190786544 0)" image-rendering="auto" shape-rendering="auto"><g><path fill="none" stroke="rgb(169,169,169)" d="M 172.5,250 L 172.5,260 L 35,260 L 35,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 443.3333333333333,480 L 443.3333333333333,490 L 318.3333333333333,490 L 318.3333333333333,520" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 468.3333333333333,480 L 468.3333333333333,520" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 485,390 L 485,400 L 455.8333333333333,400 L 455.8333333333333,420" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 197.5,250 L 197.5,300 L 466.25,300 L 466.25,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 618.3333333333334,480 L 618.3333333333334,520" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 635,480 L 635,500 L 768.3333333333334,500 L 768.3333333333334,520" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 651.6666666666666,480 L 651.6666666666666,490 L 918.3333333333334,490 L 918.3333333333334,520" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 635,390 L 635,420" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 210,250 L 210,290 L 616.25,290 L 616.25,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 185,250 L 185,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 615,150 L 615,160 L 191.25,160 L 191.25,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 468.3333333333333,250 L 468.3333333333333,260 L 335,260 L 335,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 485,250 L 485,260 L 478.75,260 L 478.75,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 501.6666666666667,250 L 501.6666666666667,280 L 628.75,280 L 628.75,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 625,150 L 625,170 L 485,170 L 485,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 651.6666666666666,250 L 651.6666666666666,260 L 785,260 L 785,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 618.3333333333334,250 L 618.3333333333334,270 L 491.25,270 L 491.25,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 635,250 L 635,260 L 641.25,260 L 641.25,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 635,150 L 635,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 801.6666666666666,250 L 801.6666666666666,260 L 935,260 L 935,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 768.3333333333334,250 L 768.3333333333334,300 L 503.75,300 L 503.75,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 785,250 L 785,310 L 653.75,310 L 653.75,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 645,150 L 645,170 L 785,170 L 785,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 655,150 L 655,160 L 922.5,160 L 922.5,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 635,60 L 635,90" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1085,250 L 1085,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1085,150 L 1085,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1235,250 L 1235,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1097.5,150 L 1097.5,170 L 1235,170 L 1235,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1385,250 L 1385,330" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1110,150 L 1110,160 L 1385,160 L 1385,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 1072.5,150 L 1072.5,160 L 947.5,160 L 947.5,190" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g><path fill="none" stroke="rgb(169,169,169)" d="M 660,60 L 660,70 L 1091.25,70 L 1091.25,90" stroke-opacity="1" stroke-width="1" stroke-linecap="butt" stroke-linejoin="miter" stroke-miterlimit="10"/></g><g transform="translate(622.5 0)"><g transform="scale(2.78)">
 2 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_0" x1="9.88" y1="8.59" x2="11.52" y2="10.23" gradientTransform="rotate(-.08 -285.464 -1454.08)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#86d633"/><stop offset=".24" stop-color="#83d232"/><stop offset=".5" stop-color="#7cc52f"/><stop offset=".76" stop-color="#6fb02a"/><stop offset="1" stop-color="#5e9624"/></linearGradient><linearGradient id="ygc8_1" x1="6.18" y1="8.59" x2="7.81" y2="10.23"/><linearGradient id="ygc8_2" x1="2.48" y1="8.59" x2="4.11" y2="10.23"/></defs><title>Icon-networking-61</title><circle cx="12.74" cy="8.99" r="1.16" fill="url(#ygc8_0)"/><circle cx="9.04" cy="9" r="1.16" fill="url(#ygc8_1)"/><circle cx="5.34" cy="9" r="1.16" fill="url(#ygc8_2)"/><path d="M6.182 13.638l-.664.665a.3.3 0 0 1-.424 0L.18 9.404a.6.6 0 0 1-.001-.848l.663-.666 5.34 5.324a.3.3 0 0 1 0 .425z" fill="#50e6ff"/><path d="M5.418 3.708l.666.664a.3.3 0 0 1 0 .424L.838 10.057l-.666-.663a.6.6 0 0 1-.001-.849L4.994 3.71a.3.3 0 0 1 .424 0z" fill="#1490df"/><path d="M17.157 7.88l.663.666a.6.6 0 0 1 0 .848l-4.915 4.9a.3.3 0 0 1-.424 0l-.664-.666a.3.3 0 0 1 0-.424l5.34-5.324z" fill="#50e6ff"/><path d="M17.818 9.387l-.665.664-5.247-5.261a.3.3 0 0 1 0-.425l.674-.67a.3.3 0 0 1 .424 0l4.823 4.836a.6.6 0 0 1-.002.849z" fill="#1490df"/></g></svg>
 3 |         </g></g><g transform="translate(610 90)"><g transform="scale(1.0)">
 4 |             <svg svgBox="0 0 50 50" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><path d="M49.7 25.7c.5-.5.4-1.3 0-1.8l-2.4-2.4L36.5 11c-.5-.5-1.2-.5-1.7 0s-.6 1.3 0 1.8l11.3 11.1c.5.5.5 1.3 0 1.8L34.6 37.2c-.5.5-.5 1.3 0 1.8s1.3.4 1.7 0L47 28.4l.1-.1 2.6-2.6zm-49.4 0c-.5-.5-.4-1.3 0-1.8l2.4-2.4L13.5 11c.5-.5 1.2-.5 1.7 0s.6 1.3 0 1.8L4.1 23.9c-.5.5-.5 1.3 0 1.8l11.3 11.5c.5.5.5 1.3 0 1.8s-1.3.4-1.7 0L2.8 28.5l-.1-.1-2.4-2.7z" fill="#3999C6"/><path d="M28.4 24.8c0 1.9-1.6 3.3-3.3 3.3-1.7 0-3.5-1.6-3.5-3.3s1.4-3.3 3.5-3.3c2 0 3.3 1.6 3.3 3.3z" fill="#7fba00"/></g></svg>
 5 |         </g></g><g transform="translate(166.25 190)"><g transform="scale(2.78)">
 6 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_3" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_3)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
 7 |         </g></g><g transform="translate(10 330)"><g transform="scale(2.78)">
 8 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_4" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_5" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_4)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_5)"/></g></svg>
 9 |         </g></g><g transform="translate(460 330)"><g transform="scale(2.78)">
10 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_6" x1="10.31" y1="12.7" x2="10.31" y2="6.83" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_7" x1="10.31" y1="14.97" x2="10.31" y2="12.7" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-25</title><path fill="#0078d4" d="M2.12.5h1.97v.57H2.12zm14.51.57h.32v.31h.55V.5h-.87v.57zM1.41 16.89h-.28v-.32H.5v.93h.91v-.61zm15.54-.29v.29h-.32v.61h.87v-.9h-.55zM1.13 1.36v-.29h.28V.5H.5v.86h.63z"/><rect x="3.37" y="3.55" width="8.79" height="5.88" rx=".29" fill="#0078d4"/><path fill="#50e6ff" d="M9.23 5.64v1.71l-1.46.86V6.49l1.46-.85z"/><path fill="#c3f1ff" d="M9.23 5.64l-1.46.86-1.47-.86 1.47-.86 1.46.86z"/><path fill="#9cebff" d="M7.77 6.5v1.71L6.3 7.35V5.64l1.47.86z"/><rect x="5.91" y="6.83" width="8.79" height="5.88" rx=".29" fill="url(#ygc8_6)"/><path fill="#50e6ff" d="M11.77 8.91v1.71l-1.46.86V9.77l1.46-.86z"/><path fill="#c3f1ff" d="M11.77 8.91l-1.46.86-1.47-.86 1.47-.86 1.46.86z"/><path fill="#9cebff" d="M10.31 9.77v1.71l-1.47-.86V8.91l1.47.86z"/><path fill="#c3f1ff" d="M8.84 10.62l1.47-.85v1.71l-1.47-.86z"/><path fill="#9cebff" d="M11.77 10.62l-1.46-.85v1.71l1.46-.86z"/><path d="M12.07 14.48c-.87-.14-.9-.77-.9-1.78H9.44c0 1 0 1.64-.9 1.78a.51.51 0 0 0-.43.49h4.4a.51.51 0 0 0-.44-.49z" fill="url(#ygc8_7)"/><path fill="#0078d4" d="M5.07.5h1.97v.57H5.07zm2.94 0h1.97v.57H8.01zm2.95 0h1.97v.57h-1.97zm2.95 0h1.97v.57h-1.97zM2.14 16.89h1.97v.57H2.14zm2.94 0h1.97v.57H5.08zm2.95 0H10v.57H8.03zm2.95 0h1.97v.57h-1.97zm2.94 0h1.97v.57h-1.97zm3.01-14.84h.57v1.97h-.57zm0 2.94h.57v1.97h-.57zm0 2.95h.57v1.97h-.57zm0 2.94h.57v1.97h-.57zm0 2.95h.57v1.97h-.57zM.5 2.03h.57V4H.5zm0 2.95h.57v1.97H.5zm0 2.94h.57v1.97H.5zm0 2.95h.57v1.97H.5zm0 2.94h.57v1.97H.5z"/></g></svg>
11 |         </g></g><g transform="translate(430.8333333333333 420)"><g transform="scale(2.78)">
12 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_8" x1="9" y1="19.85" x2="9" y2="-1.02" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9624"/><stop offset=".02" stop-color="#5f9724"/><stop offset="1" stop-color="#76bc2d"/></linearGradient></defs><title>Icon-networking-62</title><path d="M.18 8.57L8.57.18a.6.6 0 0 1 .86 0l8.39 8.39a.6.6 0 0 1 0 .86l-8.4 8.4a.6.6 0 0 1-.84 0l-8.4-8.4a.6.6 0 0 1 0-.86z" fill="url(#ygc8_8)"/><path d="M11.2 4L9.08 1.89a.12.12 0 0 0-.16 0L6.8 4a.1.1 0 0 0 .08.18h1.24a.11.11 0 0 1 .11.11v2a.11.11 0 0 0 .11.11h1.32a.11.11 0 0 0 .11-.11v-2a.11.11 0 0 1 .11-.11h1.24A.1.1 0 0 0 11.2 4zM4 6.61L1.9 8.74a.11.11 0 0 0 0 .15L4 11a.11.11 0 0 0 .19-.08V9.69a.11.11 0 0 1 .11-.11h2a.1.1 0 0 0 .1-.11V8.15A.1.1 0 0 0 6.33 8h-2a.1.1 0 0 1-.11-.1V6.69A.11.11 0 0 0 4 6.61zM14.08 11l2.13-2.12a.11.11 0 0 0 0-.15l-2.13-2.12a.11.11 0 0 0-.18.08v1.25a.1.1 0 0 1-.11.1h-2a.1.1 0 0 0-.1.11v1.32a.1.1 0 0 0 .1.11h2a.11.11 0 0 1 .11.11v1.24a.11.11 0 0 0 .18.07z" fill="#b4ec36"/><path d="M11.79 9a2.79 2.79 0 1 0-3.54 2.67v.95a1.71 1.71 0 1 0 1.57 0v-1A2.77 2.77 0 0 0 11.79 9z" fill="#fff"/><circle cx="9.01" cy="8.99" r="1.62" fill="#5ea0ef"/></g></svg>
13 |         </g></g><g transform="translate(293.3333333333333 520)"><g transform="scale(1.0)">
14 |             <svg svgBox="0 0 50 50" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><polygon points="27.1,21.8 22.9,21.8 19.7,50 30.3,50" fill="#59b4d9"/><path d="M40.3 22.5C40.3 14 33.5 7.1 25 7.1S9.7 14 9.7 22.5c0 5.6 3 10.5 7.6 13.2.5-.8.9-1.6 1.3-2.3-3.7-2.2-6.2-6.2-6.2-10.9 0-7 5.7-12.7 12.7-12.7 7 0 12.7 5.7 12.7 12.7 0 4.6-2.5 8.7-6.2 10.9.4.7.9 1.5 1.3 2.3 4.4-2.7 7.4-7.6 7.4-13.2" opacity=".5" fill="#3e3e3e"/><path d="M13.7 41.9c.4-.8.9-1.6 1.3-2.4-5.9-3.4-9.8-9.8-9.8-17.1C5.2 11.6 14.1 2.7 25 2.7s19.8 8.9 19.8 19.8c0 7.3-4 13.6-9.8 17.1.4.8.9 1.6 1.3 2.4 6.7-3.9 11.2-11.1 11.2-19.4C47.5 10.1 37.4 0 25 0S2.5 10.1 2.5 22.5c0 8.2 4.6 15.5 11.2 19.4" opacity=".2" fill="#3e3e3e"/><circle cx="25" cy="22.6" r="6.8" fill="#0072c6"/></g></svg>
15 |         </g></g><g transform="translate(443.3333333333333 520)"><g transform="scale(2.78)">
16 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_9" x1="9" y1="15.83" x2="9" y2="5.79" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#32bedd"/><stop offset=".18" stop-color="#32caea"/><stop offset=".41" stop-color="#32d2f2"/><stop offset=".78" stop-color="#32d4f5"/></linearGradient></defs><title>Icon-networking-69</title><path d="M.5 5.79h17v9.48a.57.57 0 0 1-.57.57H1.07a.57.57 0 0 1-.57-.57V5.79z" fill="url(#ygc8_9)"/><path d="M1.07 2.17h15.86a.57.57 0 0 1 .57.57v3.05H.5V2.73a.57.57 0 0 1 .57-.56z" fill="#767676"/><circle cx="12.82" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="9.06" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="5.18" cy="10.19" r="1.38" fill="#f2f2f2"/><rect x="2.79" y="3.25" width="12.43" height="1.46" rx=".28" fill="#f2f2f2"/></g></svg>
17 |         </g></g><g transform="translate(610 330)"><g transform="scale(2.78)">
18 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_10" x1="10.31" y1="12.7" x2="10.31" y2="6.83" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_11" x1="10.31" y1="14.97" x2="10.31" y2="12.7" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-25</title><path fill="#0078d4" d="M2.12.5h1.97v.57H2.12zm14.51.57h.32v.31h.55V.5h-.87v.57zM1.41 16.89h-.28v-.32H.5v.93h.91v-.61zm15.54-.29v.29h-.32v.61h.87v-.9h-.55zM1.13 1.36v-.29h.28V.5H.5v.86h.63z"/><rect x="3.37" y="3.55" width="8.79" height="5.88" rx=".29" fill="#0078d4"/><path fill="#50e6ff" d="M9.23 5.64v1.71l-1.46.86V6.49l1.46-.85z"/><path fill="#c3f1ff" d="M9.23 5.64l-1.46.86-1.47-.86 1.47-.86 1.46.86z"/><path fill="#9cebff" d="M7.77 6.5v1.71L6.3 7.35V5.64l1.47.86z"/><rect x="5.91" y="6.83" width="8.79" height="5.88" rx=".29" fill="url(#ygc8_10)"/><path fill="#50e6ff" d="M11.77 8.91v1.71l-1.46.86V9.77l1.46-.86z"/><path fill="#c3f1ff" d="M11.77 8.91l-1.46.86-1.47-.86 1.47-.86 1.46.86z"/><path fill="#9cebff" d="M10.31 9.77v1.71l-1.47-.86V8.91l1.47.86z"/><path fill="#c3f1ff" d="M8.84 10.62l1.47-.85v1.71l-1.47-.86z"/><path fill="#9cebff" d="M11.77 10.62l-1.46-.85v1.71l1.46-.86z"/><path d="M12.07 14.48c-.87-.14-.9-.77-.9-1.78H9.44c0 1 0 1.64-.9 1.78a.51.51 0 0 0-.43.49h4.4a.51.51 0 0 0-.44-.49z" fill="url(#ygc8_11)"/><path fill="#0078d4" d="M5.07.5h1.97v.57H5.07zm2.94 0h1.97v.57H8.01zm2.95 0h1.97v.57h-1.97zm2.95 0h1.97v.57h-1.97zM2.14 16.89h1.97v.57H2.14zm2.94 0h1.97v.57H5.08zm2.95 0H10v.57H8.03zm2.95 0h1.97v.57h-1.97zm2.94 0h1.97v.57h-1.97zm3.01-14.84h.57v1.97h-.57zm0 2.94h.57v1.97h-.57zm0 2.95h.57v1.97h-.57zm0 2.94h.57v1.97h-.57zm0 2.95h.57v1.97h-.57zM.5 2.03h.57V4H.5zm0 2.95h.57v1.97H.5zm0 2.94h.57v1.97H.5zm0 2.95h.57v1.97H.5zm0 2.94h.57v1.97H.5z"/></g></svg>
19 |         </g></g><g transform="translate(610 420)"><g transform="scale(2.78)">
20 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_12" x1="9" y1="19.85" x2="9" y2="-1.02" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9624"/><stop offset=".02" stop-color="#5f9724"/><stop offset="1" stop-color="#76bc2d"/></linearGradient></defs><title>Icon-networking-62</title><path d="M.18 8.57L8.57.18a.6.6 0 0 1 .86 0l8.39 8.39a.6.6 0 0 1 0 .86l-8.4 8.4a.6.6 0 0 1-.84 0l-8.4-8.4a.6.6 0 0 1 0-.86z" fill="url(#ygc8_12)"/><path d="M11.2 4L9.08 1.89a.12.12 0 0 0-.16 0L6.8 4a.1.1 0 0 0 .08.18h1.24a.11.11 0 0 1 .11.11v2a.11.11 0 0 0 .11.11h1.32a.11.11 0 0 0 .11-.11v-2a.11.11 0 0 1 .11-.11h1.24A.1.1 0 0 0 11.2 4zM4 6.61L1.9 8.74a.11.11 0 0 0 0 .15L4 11a.11.11 0 0 0 .19-.08V9.69a.11.11 0 0 1 .11-.11h2a.1.1 0 0 0 .1-.11V8.15A.1.1 0 0 0 6.33 8h-2a.1.1 0 0 1-.11-.1V6.69A.11.11 0 0 0 4 6.61zM14.08 11l2.13-2.12a.11.11 0 0 0 0-.15l-2.13-2.12a.11.11 0 0 0-.18.08v1.25a.1.1 0 0 1-.11.1h-2a.1.1 0 0 0-.1.11v1.32a.1.1 0 0 0 .1.11h2a.11.11 0 0 1 .11.11v1.24a.11.11 0 0 0 .18.07z" fill="#b4ec36"/><path d="M11.79 9a2.79 2.79 0 1 0-3.54 2.67v.95a1.71 1.71 0 1 0 1.57 0v-1A2.77 2.77 0 0 0 11.79 9z" fill="#fff"/><circle cx="9.01" cy="8.99" r="1.62" fill="#5ea0ef"/></g></svg>
21 |         </g></g><g transform="translate(593.3333333333334 520)"><g transform="scale(1.0)">
22 |             <svg svgBox="0 0 50 50" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><polygon points="27.1,21.8 22.9,21.8 19.7,50 30.3,50" fill="#59b4d9"/><path d="M40.3 22.5C40.3 14 33.5 7.1 25 7.1S9.7 14 9.7 22.5c0 5.6 3 10.5 7.6 13.2.5-.8.9-1.6 1.3-2.3-3.7-2.2-6.2-6.2-6.2-10.9 0-7 5.7-12.7 12.7-12.7 7 0 12.7 5.7 12.7 12.7 0 4.6-2.5 8.7-6.2 10.9.4.7.9 1.5 1.3 2.3 4.4-2.7 7.4-7.6 7.4-13.2" opacity=".5" fill="#3e3e3e"/><path d="M13.7 41.9c.4-.8.9-1.6 1.3-2.4-5.9-3.4-9.8-9.8-9.8-17.1C5.2 11.6 14.1 2.7 25 2.7s19.8 8.9 19.8 19.8c0 7.3-4 13.6-9.8 17.1.4.8.9 1.6 1.3 2.4 6.7-3.9 11.2-11.1 11.2-19.4C47.5 10.1 37.4 0 25 0S2.5 10.1 2.5 22.5c0 8.2 4.6 15.5 11.2 19.4" opacity=".2" fill="#3e3e3e"/><circle cx="25" cy="22.6" r="6.8" fill="#0072c6"/></g></svg>
23 |         </g></g><g transform="translate(743.3333333333334 520)"><g transform="scale(1.0)">
24 |             <svg svgBox="0 0 50 50" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><polygon points="27.1,21.8 22.9,21.8 19.7,50 30.3,50" fill="#59b4d9"/><path d="M40.3 22.5C40.3 14 33.5 7.1 25 7.1S9.7 14 9.7 22.5c0 5.6 3 10.5 7.6 13.2.5-.8.9-1.6 1.3-2.3-3.7-2.2-6.2-6.2-6.2-10.9 0-7 5.7-12.7 12.7-12.7 7 0 12.7 5.7 12.7 12.7 0 4.6-2.5 8.7-6.2 10.9.4.7.9 1.5 1.3 2.3 4.4-2.7 7.4-7.6 7.4-13.2" opacity=".5" fill="#3e3e3e"/><path d="M13.7 41.9c.4-.8.9-1.6 1.3-2.4-5.9-3.4-9.8-9.8-9.8-17.1C5.2 11.6 14.1 2.7 25 2.7s19.8 8.9 19.8 19.8c0 7.3-4 13.6-9.8 17.1.4.8.9 1.6 1.3 2.4 6.7-3.9 11.2-11.1 11.2-19.4C47.5 10.1 37.4 0 25 0S2.5 10.1 2.5 22.5c0 8.2 4.6 15.5 11.2 19.4" opacity=".2" fill="#3e3e3e"/><circle cx="25" cy="22.6" r="6.8" fill="#0072c6"/></g></svg>
25 |         </g></g><g transform="translate(893.3333333333334 520)"><g transform="scale(2.78)">
26 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_13" x1="9" y1="15.83" x2="9" y2="5.79" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#32bedd"/><stop offset=".18" stop-color="#32caea"/><stop offset=".41" stop-color="#32d2f2"/><stop offset=".78" stop-color="#32d4f5"/></linearGradient></defs><title>Icon-networking-69</title><path d="M.5 5.79h17v9.48a.57.57 0 0 1-.57.57H1.07a.57.57 0 0 1-.57-.57V5.79z" fill="url(#ygc8_13)"/><path d="M1.07 2.17h15.86a.57.57 0 0 1 .57.57v3.05H.5V2.73a.57.57 0 0 1 .57-.56z" fill="#767676"/><circle cx="12.82" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="9.06" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="5.18" cy="10.19" r="1.38" fill="#f2f2f2"/><rect x="2.79" y="3.25" width="12.43" height="1.46" rx=".28" fill="#f2f2f2"/></g></svg>
27 |         </g></g><g transform="translate(160 330)"><g transform="scale(2.78)">
28 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_14" x1="9" y1="15.83" x2="9" y2="5.79" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#32bedd"/><stop offset=".18" stop-color="#32caea"/><stop offset=".41" stop-color="#32d2f2"/><stop offset=".78" stop-color="#32d4f5"/></linearGradient></defs><title>Icon-networking-69</title><path d="M.5 5.79h17v9.48a.57.57 0 0 1-.57.57H1.07a.57.57 0 0 1-.57-.57V5.79z" fill="url(#ygc8_14)"/><path d="M1.07 2.17h15.86a.57.57 0 0 1 .57.57v3.05H.5V2.73a.57.57 0 0 1 .57-.56z" fill="#767676"/><circle cx="12.82" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="9.06" cy="10.19" r="1.38" fill="#f2f2f2"/><circle cx="5.18" cy="10.19" r="1.38" fill="#f2f2f2"/><rect x="2.79" y="3.25" width="12.43" height="1.46" rx=".28" fill="#f2f2f2"/></g></svg>
29 |         </g></g><g transform="translate(460 190)"><g transform="scale(2.78)">
30 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_15" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_15)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
31 |         </g></g><g transform="translate(310 330)"><g transform="scale(2.78)">
32 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_16" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_17" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_16)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_17)"/></g></svg>
33 |         </g></g><g transform="translate(610 190)"><g transform="scale(2.78)">
34 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_18" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_18)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
35 |         </g></g><g transform="translate(760 330)"><g transform="scale(2.78)">
36 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_19" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_20" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_19)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_20)"/></g></svg>
37 |         </g></g><g transform="translate(760 190)"><g transform="scale(2.78)">
38 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_21" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_21)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
39 |         </g></g><g transform="translate(910 330)"><g transform="scale(2.78)">
40 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_22" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_23" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_22)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_23)"/></g></svg>
41 |         </g></g><g transform="translate(910 190)"><g transform="scale(2.78)">
42 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_24" x1="9.01" y1=".75" x2="9.01" y2="17.25" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5ea0ef"/><stop offset=".18" stop-color="#559cec"/><stop offset=".47" stop-color="#3c91e5"/><stop offset=".84" stop-color="#1380da"/><stop offset="1" stop-color="#0078d4"/></linearGradient></defs><title>Icon-networking-67</title><path d="M16.36 8.4c0 4.84-5.85 8.74-7.12 9.53a.46.46 0 0 1-.48 0c-1.27-.79-7.12-4.69-7.12-9.53V2.58a.46.46 0 0 1 .45-.46C6.64 2 5.59 0 9 0s2.36 2 6.91 2.12a.46.46 0 0 1 .45.46z" fill="#0078d4"/><path d="M15.75 8.45c0 4.44-5.36 8-6.53 8.74a.43.43 0 0 1-.44 0c-1.17-.72-6.53-4.3-6.53-8.74V3.11a.42.42 0 0 1 .41-.42C6.83 2.58 5.87.75 9 .75s2.17 1.83 6.34 1.94a.42.42 0 0 1 .41.42z" fill="#6bb9f2"/><path d="M9 9V.75c3.13 0 2.17 1.83 6.34 1.94a.43.43 0 0 1 .41.43v5.34a4.89 4.89 0 0 1 0 .54zm0 0H2.28c.4 4.18 5.38 7.5 6.5 8.19a.39.39 0 0 0 .18.06H9z" fill="url(#ygc8_24)"/><path d="M2.66 2.69C6.83 2.58 5.87.75 9 .75V9H2.28a4.89 4.89 0 0 1 0-.54V3.12a.43.43 0 0 1 .38-.43zM15.72 9H9v8.25a.39.39 0 0 0 .18-.06c1.16-.69 6.14-4.01 6.54-8.19z" fill="#50e6ff"/></g></svg>
43 |         </g></g><g transform="translate(1066.25 90)"><g transform="scale(1.0)">
44 |             <svg svgBox="0 0 50 50" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><path d="M49.7 25.7c.5-.5.4-1.3 0-1.8l-2.4-2.4L36.5 11c-.5-.5-1.2-.5-1.7 0s-.6 1.3 0 1.8l11.3 11.1c.5.5.5 1.3 0 1.8L34.6 37.2c-.5.5-.5 1.3 0 1.8s1.3.4 1.7 0L47 28.4l.1-.1 2.6-2.6zm-49.4 0c-.5-.5-.4-1.3 0-1.8l2.4-2.4L13.5 11c.5-.5 1.2-.5 1.7 0s.6 1.3 0 1.8L4.1 23.9c-.5.5-.5 1.3 0 1.8l11.3 11.5c.5.5.5 1.3 0 1.8s-1.3.4-1.7 0L2.8 28.5l-.1-.1-2.4-2.7z" fill="#3999C6"/><path d="M28.4 24.8c0 1.9-1.6 3.3-3.3 3.3-1.7 0-3.5-1.6-3.5-3.3s1.4-3.3 3.5-3.3c2 0 3.3 1.6 3.3 3.3z" fill="#7fba00"/></g></svg>
45 |         </g></g><g transform="translate(1060 190)"><g transform="scale(2.78)">
46 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_25" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_25)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
47 |         </g></g><g transform="translate(1060 330)"><g transform="scale(2.78)">
48 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_26" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_27" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_26)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_27)"/></g></svg>
49 |         </g></g><g transform="translate(1210 190)"><g transform="scale(2.78)">
50 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_28" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_28)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
51 |         </g></g><g transform="translate(1210 330)"><g transform="scale(2.78)">
52 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_29" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_30" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_29)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_30)"/></g></svg>
53 |         </g></g><g transform="translate(1360 190)"><g transform="scale(2.78)">
54 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_31" x1="9.01" y1="16.5" x2="9.01" y2="1.5" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5e9641"/><stop offset=".34" stop-color="#6baa42"/><stop offset=".67" stop-color="#73b743"/><stop offset="1" stop-color="#76bb43"/></linearGradient></defs><title>Icon-networking-80</title><path d="M15.89 2.91h1.27a.34.34 0 0 1 .34.34v3.5a.34.34 0 0 1-.34.34h-1.27V2.91zm0 6.09h1.27a.34.34 0 0 1 .34.34v5.86a.34.34 0 0 1-.34.34h-1.27V9z" fill="#ffca00"/><rect x="2.13" y="1.5" width="13.76" height="15" rx=".69" fill="url(#ygc8_31)"/><path d="M5.9 12.9h-.71a.2.2 0 0 1-.19-.21V4.34a.19.19 0 0 1 .19-.2h1.93a.19.19 0 0 1 .19.2.2.2 0 0 1-.19.21H5.38v7.93h.52a.2.2 0 0 1 .19.21.21.21 0 0 1-.19.21z" fill="#b4ec36"/><path d="M6 13.92H4.4a.2.2 0 0 1-.19-.21L4.08 3.38a.2.2 0 0 1 .06-.15.16.16 0 0 1 .13-.06h2.85v.41H4.47l.12 9.92H6zm6-.92h-1.59a.19.19 0 0 1-.14-.07.18.18 0 0 1-.06-.14V7.9a.19.19 0 0 1 .19-.2h.91V5.45h.38v2.44a.2.2 0 0 1-.18.21h-.91v4.42H12z" fill="#b4ec36"/><rect x="7.07" y="2.29" width="6.14" height="3.11" rx=".26" fill="#365615"/><rect x="5.86" y="12.69" width="4.9" height="1.09" rx=".26" transform="rotate(90 8.305 13.235)" fill="#365615"/><rect x="3.99" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 6.44 13.26)" fill="#365615"/><rect x="9.98" y="12.71" width="4.9" height="1.09" rx=".26" transform="rotate(90 12.425 13.255)" fill="#f2f2f2"/><ellipse cx="8.11" cy="8.06" rx="1.04" ry="1.12" fill="#f2f2f2"/><path d="M2.11 12.25H.84a.34.34 0 0 1-.34-.3V6.09a.34.34 0 0 1 .34-.34h1.27v6.5z" fill="#3b3b3b"/></g></svg>
55 |         </g></g><g transform="translate(1360 330)"><g transform="scale(2.78)">
56 |             <svg svgBox="0 0 18 18" fill="msportalfx-svg-placeholder" role="presentation" focusable="false"><g><title/><defs><linearGradient id="ygc8_32" x1="8.88" y1="12.21" x2="8.88" y2=".21" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#0078d4"/><stop offset=".82" stop-color="#5ea0ef"/></linearGradient><linearGradient id="ygc8_33" x1="8.88" y1="16.84" x2="8.88" y2="12.21" gradientUnits="userSpaceOnUse"><stop offset=".15" stop-color="#ccc"/><stop offset="1" stop-color="#707070"/></linearGradient></defs><title>Icon-compute-21</title><rect x="-.12" y=".21" width="18" height="12" rx=".6" fill="url(#ygc8_32)"/><path fill="#50e6ff" d="M11.88 4.46v3.49l-3 1.76v-3.5l3-1.75z"/><path fill="#c3f1ff" d="M11.88 4.46l-3 1.76-3-1.76 3-1.75 3 1.75z"/><path fill="#9cebff" d="M8.88 6.22v3.49l-3-1.76V4.46l3 1.76z"/><path fill="#c3f1ff" d="M5.88 7.95l3-1.74v3.5l-3-1.76z"/><path fill="#9cebff" d="M11.88 7.95l-3-1.74v3.5l3-1.76z"/><path d="M12.49 15.84c-1.78-.28-1.85-1.56-1.85-3.63H7.11c0 2.07-.06 3.35-1.84 3.63a1 1 0 0 0-.89 1h9a1 1 0 0 0-.89-1z" fill="url(#ygc8_33)"/></g></svg>
57 |         </g></g><g transform="translate(600.1184085770799 46.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-vnet</text></g><g transform="translate(580.9530365451764 136.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(138.52790380921346 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-boot...</text></g><g transform="translate(-17.722096190786544 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-boot...</text></g><g transform="translate(450.96380825221473 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu</text></g><g transform="translate(421.79714158554805 466.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu</text></g><g transform="translate(271.28295872642246 566.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">api-internal-probe</text></g><g transform="translate(430.96738669186186 566.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">public-lb-ip-v4</text></g><g transform="translate(600.9638082522148 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu</text></g><g transform="translate(584.2827914388625 466.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-inte...</text></g><g transform="translate(571.2829587264225 566.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">api-internal-probe</text></g><g transform="translate(741.639602860798 566.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">sint-probe</text></g><g transform="translate(876.963473677095 566.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">internal-lb-ip-v4</text></g><g transform="translate(132.27790380921346 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-boot...</text></g><g transform="translate(430.95303654517636 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(280.95303654517636 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(580.9530365451764 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(730.9530365451764 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(730.9530365451764 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(880.9530365451764 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-mast...</text></g><g transform="translate(889.2862171461885 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-nsg</text></g><g transform="translate(1037.5371844834513 136.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1031.2871844834513 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1031.2871844834513 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1181.2871844834513 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1181.2871844834513 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1331.2871844834513 236.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g><g transform="translate(1331.2871844834513 376.578125)"><text font-family="Arial" font-size="12px" font-style="normal" font-weight="normal" text-anchor="start" fill="rgb(0,0,0)" fill-opacity="1" dy="1em" transform="translate(0 0)">fs2021-yqizu-work...</text></g></g></svg>


--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "cluster_id" {
 2 |   value = local.cluster_id
 3 | }
 4 | 
 5 | output "resource_group" {
 6 |   value = data.azurerm_resource_group.main.name
 7 | }
 8 | 
 9 | output "bootstrap_public_ip" {
10 |   value = module.bootstrap.bootstrap_public_ip
11 | }
12 | 
13 | output "api-int-ipaddress" {
14 |   value = var.openshift_byo_dns ? module.vnet.internal_lb_ip_v4_address : null
15 | }
16 | 
17 | output "api-ipaddress" {
18 |   value = var.openshift_byo_dns ? module.vnet.public_lb_ip_v4_address : null
19 | }
20 | 


--------------------------------------------------------------------------------
/variables-azure.tf:
--------------------------------------------------------------------------------
  1 | variable "azure_config_version" {
  2 |   description = <<EOF
  3 | (internal) This declares the version of the Azure configuration variables.
  4 | It has no impact on generated assets but declares the version contract of the configuration.
  5 | EOF
  6 | 
  7 | 
  8 |   default = "0.1"
  9 | }
 10 | 
 11 | variable "azure_environment" {
 12 |   type        = string
 13 |   description = "The target Azure cloud environment for the cluster."
 14 |   default     = "public"
 15 | }
 16 | 
 17 | variable "azure_region" {
 18 |   type        = string
 19 |   description = "The target Azure region for the cluster."
 20 | }
 21 | 
 22 | variable "azure_bootstrap_vm_type" {
 23 |   type        = string
 24 |   description = "Instance type for the bootstrap node. Example: `Standard_DS4_v3`."
 25 |   default     = "Standard_D4s_v3"
 26 | }
 27 | 
 28 | variable "azure_master_vm_type" {
 29 |   type        = string
 30 |   description = "Instance type for the master node(s). Example: `Standard_D8s_v3`."
 31 |   default     = "Standard_D8s_v3"
 32 | }
 33 | 
 34 | variable "azure_extra_tags" {
 35 |   type = map(string)
 36 | 
 37 |   description = <<EOF
 38 | (optional) Extra Azure tags to be applied to created resources.
 39 | 
 40 | Example: `{ "key" = "value", "foo" = "bar" }`
 41 | EOF
 42 | 
 43 | 
 44 |   default = {}
 45 | }
 46 | 
 47 | variable "azure_master_root_volume_type" {
 48 |   type        = string
 49 |   description = "The type of the volume the root block device of master nodes."
 50 |   default     = "Premium_LRS"
 51 | }
 52 | 
 53 | variable "azure_master_root_volume_size" {
 54 |   type        = string
 55 |   description = "The size of the volume in gigabytes for the root block device of master nodes."
 56 |   default     = 512
 57 | }
 58 | 
 59 | variable "azure_base_domain_resource_group_name" {
 60 |   type        = string
 61 |   description = "The resource group that contains the dns zone used as base domain for the cluster."
 62 | }
 63 | 
 64 | variable "azure_subscription_id" {
 65 |   type        = string
 66 |   description = "The subscription that should be used to interact with Azure API"
 67 | }
 68 | 
 69 | variable "azure_client_id" {
 70 |   type        = string
 71 |   description = "The app ID that should be used to interact with Azure API"
 72 | }
 73 | 
 74 | variable "azure_client_secret" {
 75 |   type        = string
 76 |   description = "The password that should be used to interact with Azure API"
 77 | }
 78 | 
 79 | variable "azure_tenant_id" {
 80 |   type        = string
 81 |   description = "The tenant ID that should be used to interact with Azure API"
 82 | }
 83 | 
 84 | variable "azure_master_availability_zones" {
 85 |   type        = list(string)
 86 |   description = "The availability zones in which to create the masters. The length of this list must match master_count."
 87 |   default = [
 88 |     "1",
 89 |     "2",
 90 |     "3",
 91 |   ]
 92 |   validation {
 93 |     condition     = length(var.azure_master_availability_zones) == 1 || length(var.azure_master_availability_zones) == 3
 94 |     error_message = "The azure_master_availability_zones variable must be set to either [1] or [1, 2, 3] zones."
 95 |   }
 96 | }
 97 | 
 98 | variable "azure_preexisting_network" {
 99 |   type        = bool
100 |   default     = false
101 |   description = "Specifies whether an existing network should be used or a new one created for installation."
102 | }
103 | 
104 | variable "azure_resource_group_name" {
105 |   type        = string
106 |   default     = ""
107 |   description = <<EOF
108 | The name of the resource group for the cluster. If this is set, the cluster is installed to that existing resource group
109 | otherwise a new resource group will be created using cluster id.
110 | EOF
111 | }
112 | 
113 | variable "azure_network_resource_group_name" {
114 |   type        = string
115 |   description = "The name of the network resource group, either existing or to be created."
116 |   default     = null
117 | }
118 | 
119 | variable "azure_virtual_network" {
120 |   type        = string
121 |   description = "The name of the virtual network, either existing or to be created."
122 |   default     = null
123 | }
124 | 
125 | variable "azure_control_plane_subnet" {
126 |   type        = string
127 |   description = "The name of the subnet for the control plane, either existing or to be created."
128 |   default     = null
129 | }
130 | 
131 | variable "azure_compute_subnet" {
132 |   type        = string
133 |   description = "The name of the subnet for worker nodes, either existing or to be created"
134 |   default     = null
135 | }
136 | 
137 | variable "azure_private" {
138 |   type        = bool
139 |   description = "This determines if this is a private cluster or not."
140 |   default     = false
141 | }
142 | 
143 | variable "azure_emulate_single_stack_ipv6" {
144 |   type        = bool
145 |   description = "This determines whether a dual-stack cluster is configured to emulate single-stack IPv6."
146 |   default     = false
147 | }
148 | 
149 | variable "azure_outbound_user_defined_routing" {
150 |   type    = bool
151 |   default = false
152 | 
153 |   description = <<EOF
154 | This determined whether User defined routing will be used for egress to Internet.
155 | When false, Standard LB will be used for egress to the Internet.
156 | EOF
157 | }
158 | 
159 | ##############
160 | 
161 | variable "cluster_name" {
162 |   type = string
163 | }
164 | 
165 | variable "base_domain" {
166 |   type = string
167 | }
168 | 
169 | variable "machine_v4_cidrs" {
170 |   type = list(string)
171 |   default = [
172 |     "10.0.0.0/16"
173 |   ]
174 | }
175 | 
176 | variable "machine_v6_cidrs" {
177 |   type    = list(string)
178 |   default = []
179 | }
180 | 
181 | variable "openshift_cluster_network_cidr" {
182 |   type    = string
183 |   default = "10.128.0.0/14"
184 | }
185 | 
186 | variable "openshift_cluster_network_host_prefix" {
187 |   type    = string
188 |   default = 23
189 | }
190 | 
191 | variable "openshift_service_network_cidr" {
192 |   type    = string
193 |   default = "172.30.0.0/16"
194 | }
195 | 
196 | variable "use_ipv4" {
197 |   type    = bool
198 |   default = true
199 | }
200 | 
201 | variable "use_ipv6" {
202 |   type    = bool
203 |   default = false
204 | }
205 | 
206 | variable "openshift_version" {
207 |   type    = string
208 |   default = "4.6.31"
209 | }
210 | 
211 | variable "openshift_pull_secret" {
212 |   type    = string
213 |   default = "pull-secret"
214 | }
215 | 
216 | variable "azure_infra_root_volume_size" {
217 |   type    = string
218 |   default = 128
219 | }
220 | 
221 | variable "azure_worker_root_volume_size" {
222 |   type    = string
223 |   default = 128
224 | }
225 | 
226 | variable "master_count" {
227 |   type    = string
228 |   default = 3
229 |   validation {
230 |     condition     = var.master_count == "3"
231 |     error_message = "The master_count value must be set to 3."
232 |   }
233 | }
234 | 
235 | variable "worker_count" {
236 |   type    = string
237 |   default = 3
238 |   validation {
239 |     condition     = var.worker_count > 1
240 |     error_message = "The worker_count value must be greater than 1."
241 |   }
242 | }
243 | 
244 | variable "infra_count" {
245 |   type    = string
246 |   default = 0
247 | }
248 | 
249 | variable "azure_infra_vm_type" {
250 |   type    = string
251 |   default = "Standard_D4s_v3"
252 | }
253 | 
254 | variable "azure_worker_vm_type" {
255 |   type    = string
256 |   default = "Standard_D8s_v3"
257 | }
258 | 
259 | variable "airgapped" {
260 |   type = map(string)
261 |   default = {
262 |     enabled    = false
263 |     repository = ""
264 |   }
265 | }
266 | 
267 | variable "proxy_config" {
268 |   type = map(string)
269 |   default = {
270 |     enabled    = false
271 |     httpProxy  = "http://user:password@ip:port"
272 |     httpsProxy = "http://user:password@ip:port"
273 |     noProxy    = "ip1,ip2,ip3,.example.com,cidr/mask"
274 |   }
275 | }
276 | 
277 | variable "openshift_additional_trust_bundle" {
278 |   description = "path to a file with all your additional ca certificates"
279 |   type        = string
280 |   default     = ""
281 | }
282 | 
283 | variable "openshift_ssh_key" {
284 |   description = "SSH Public Key to use for OpenShift Installation"
285 |   type        = string
286 |   default     = ""
287 | }
288 | 
289 | variable "openshift_byo_dns" {
290 |   description = "Do not deploy any public or private DNS zone into Azure"
291 |   type        = bool
292 |   default     = false
293 | }
294 | 


--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | terraform {
 3 |   required_version = ">= 0.13"
 4 |   required_providers {
 5 |     azurerm = {
 6 |       source = "hashicorp/azurerm"
 7 |     }
 8 |     local = {
 9 |       source = "hashicorp/local"
10 |     }
11 |     random = {
12 |       source = "hashicorp/random"
13 |     }
14 |     tls = {
15 |       source = "hashicorp/tls"
16 |     }
17 |     template = {
18 |       source = "hashicorp/template"
19 |     }
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/vnet/common.tf:
--------------------------------------------------------------------------------
 1 | # Canonical internal state definitions for this module.
 2 | # read only: only locals and data source definitions allowed. No resources or module blocks in this file
 3 | 
 4 | data "azurerm_subnet" "preexisting_master_subnet" {
 5 |   count = var.preexisting_network ? 1 : 0
 6 | 
 7 |   resource_group_name  = var.network_resource_group_name
 8 |   virtual_network_name = var.virtual_network_name
 9 |   name                 = var.master_subnet
10 | }
11 | 
12 | data "azurerm_subnet" "preexisting_worker_subnet" {
13 |   count = var.preexisting_network ? 1 : 0
14 | 
15 |   resource_group_name  = var.network_resource_group_name
16 |   virtual_network_name = var.virtual_network_name
17 |   name                 = var.worker_subnet
18 | }
19 | 
20 | data "azurerm_virtual_network" "preexisting_virtual_network" {
21 |   count = var.preexisting_network ? 1 : 0
22 | 
23 |   resource_group_name = var.network_resource_group_name
24 |   name                = var.virtual_network_name
25 | }
26 | 
27 | // Only reference data sources which are guaranteed to exist at any time (above) in this locals{} block
28 | locals {
29 |   master_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.vnet_v4_cidrs[0], 3, 0) : null  #master subnet is a smaller subnet within the vnet. i.e from /21 to /24
30 |   master_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.vnet_v6_cidrs[0], 16, 0) : null #master subnet is a smaller subnet within the vnet. i.e from /48 to /64
31 | 
32 |   worker_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.vnet_v4_cidrs[0], 3, 1) : null  #node subnet is a smaller subnet within the vnet. i.e from /21 to /24
33 |   worker_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.vnet_v6_cidrs[0], 16, 1) : null #node subnet is a smaller subnet within the vnet. i.e from /48 to /64
34 | 
35 |   master_subnet_id = var.preexisting_network ? data.azurerm_subnet.preexisting_master_subnet[0].id : azurerm_subnet.master_subnet[0].id
36 |   worker_subnet_id = var.preexisting_network ? data.azurerm_subnet.preexisting_worker_subnet[0].id : azurerm_subnet.worker_subnet[0].id
37 | 
38 |   virtual_network    = var.preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].name : azurerm_virtual_network.cluster_vnet[0].name
39 |   virtual_network_id = var.preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].id : azurerm_virtual_network.cluster_vnet[0].id
40 | }
41 | 


--------------------------------------------------------------------------------
/vnet/internal-lb.tf:
--------------------------------------------------------------------------------
  1 | locals {
  2 |   internal_lb_frontend_ip_v4_configuration_name = "internal-lb-ip-v4"
  3 |   internal_lb_frontend_ip_v6_configuration_name = "internal-lb-ip-v6"
  4 | }
  5 | 
  6 | resource "azurerm_lb" "internal" {
  7 |   sku                 = "Standard"
  8 |   name                = "${var.cluster_id}-internal"
  9 |   resource_group_name = var.resource_group_name
 10 |   location            = var.region
 11 | 
 12 |   dynamic "frontend_ip_configuration" {
 13 |     for_each = [for ip in [
 14 |       // TODO: internal LB should block v4 for better single stack emulation (&& ! var.emulate_single_stack_ipv6)
 15 |       //   but RHCoS initramfs can't do v6 and so fails to ignite. https://issues.redhat.com/browse/GRPA-1343 
 16 |       { name : local.internal_lb_frontend_ip_v4_configuration_name, ipv6 : false, include : var.use_ipv4 },
 17 |       { name : local.internal_lb_frontend_ip_v6_configuration_name, ipv6 : true, include : var.use_ipv6 },
 18 |       ] : {
 19 |       name : ip.name
 20 |       ipv6 : ip.ipv6
 21 |       include : ip.include
 22 |       } if ip.include
 23 |     ]
 24 | 
 25 |     content {
 26 |       name                       = frontend_ip_configuration.value.name
 27 |       subnet_id                  = local.master_subnet_id
 28 |       private_ip_address_version = frontend_ip_configuration.value.ipv6 ? "IPv6" : "IPv4"
 29 |       # WORKAROUND: Allocate a high ipv6 internal LB address to avoid the race with NIC allocation (a master and the LB
 30 |       #   were being assigned the same IP dynamically). Issue is being tracked as a support ticket to Azure.
 31 |       private_ip_address_allocation = frontend_ip_configuration.value.ipv6 ? "Static" : "Dynamic"
 32 |       private_ip_address            = frontend_ip_configuration.value.ipv6 ? cidrhost(local.master_subnet_cidr_v6, -2) : null
 33 |     }
 34 |   }
 35 | }
 36 | 
 37 | resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v4" {
 38 |   count = var.use_ipv4 ? 1 : 0
 39 | 
 40 |   resource_group_name = var.resource_group_name
 41 |   loadbalancer_id     = azurerm_lb.internal.id
 42 |   name                = var.cluster_id
 43 | }
 44 | 
 45 | resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v6" {
 46 |   count = var.use_ipv6 ? 1 : 0
 47 | 
 48 |   resource_group_name = var.resource_group_name
 49 |   loadbalancer_id     = azurerm_lb.internal.id
 50 |   name                = "${var.cluster_id}-IPv6"
 51 | }
 52 | 
 53 | resource "azurerm_lb_rule" "internal_lb_rule_api_internal_v4" {
 54 |   count = var.use_ipv4 ? 1 : 0
 55 | 
 56 |   name                           = "api-internal-v4"
 57 |   resource_group_name            = var.resource_group_name
 58 |   protocol                       = "Tcp"
 59 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id
 60 |   loadbalancer_id                = azurerm_lb.internal.id
 61 |   frontend_port                  = 6443
 62 |   backend_port                   = 6443
 63 |   frontend_ip_configuration_name = local.internal_lb_frontend_ip_v4_configuration_name
 64 |   enable_floating_ip             = false
 65 |   idle_timeout_in_minutes        = 30
 66 |   load_distribution              = "Default"
 67 |   probe_id                       = azurerm_lb_probe.internal_lb_probe_api_internal.id
 68 | }
 69 | 
 70 | resource "azurerm_lb_rule" "internal_lb_rule_api_internal_v6" {
 71 |   count = var.use_ipv6 ? 1 : 0
 72 | 
 73 |   name                           = "api-internal-v6"
 74 |   resource_group_name            = var.resource_group_name
 75 |   protocol                       = "Tcp"
 76 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id
 77 |   loadbalancer_id                = azurerm_lb.internal.id
 78 |   frontend_port                  = 6443
 79 |   backend_port                   = 6443
 80 |   frontend_ip_configuration_name = local.internal_lb_frontend_ip_v6_configuration_name
 81 |   enable_floating_ip             = false
 82 |   idle_timeout_in_minutes        = 30
 83 |   load_distribution              = "Default"
 84 |   probe_id                       = azurerm_lb_probe.internal_lb_probe_api_internal.id
 85 | }
 86 | 
 87 | resource "azurerm_lb_rule" "internal_lb_rule_sint_v4" {
 88 |   count = var.use_ipv4 ? 1 : 0
 89 | 
 90 |   name                           = "sint-v4"
 91 |   resource_group_name            = var.resource_group_name
 92 |   protocol                       = "Tcp"
 93 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id
 94 |   loadbalancer_id                = azurerm_lb.internal.id
 95 |   frontend_port                  = 22623
 96 |   backend_port                   = 22623
 97 |   frontend_ip_configuration_name = local.internal_lb_frontend_ip_v4_configuration_name
 98 |   enable_floating_ip             = false
 99 |   idle_timeout_in_minutes        = 30
100 |   load_distribution              = "Default"
101 |   probe_id                       = azurerm_lb_probe.internal_lb_probe_sint.id
102 | }
103 | 
104 | resource "azurerm_lb_rule" "internal_lb_rule_sint_v6" {
105 |   count = var.use_ipv6 ? 1 : 0
106 | 
107 |   name                           = "sint-v6"
108 |   resource_group_name            = var.resource_group_name
109 |   protocol                       = "Tcp"
110 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id
111 |   loadbalancer_id                = azurerm_lb.internal.id
112 |   frontend_port                  = 22623
113 |   backend_port                   = 22623
114 |   frontend_ip_configuration_name = local.internal_lb_frontend_ip_v6_configuration_name
115 |   enable_floating_ip             = false
116 |   idle_timeout_in_minutes        = 30
117 |   load_distribution              = "Default"
118 |   probe_id                       = azurerm_lb_probe.internal_lb_probe_sint.id
119 | }
120 | 
121 | resource "azurerm_lb_probe" "internal_lb_probe_sint" {
122 |   name                = "sint-probe"
123 |   resource_group_name = var.resource_group_name
124 |   interval_in_seconds = 5
125 |   number_of_probes    = 2
126 |   loadbalancer_id     = azurerm_lb.internal.id
127 |   port                = 22623
128 |   protocol            = "HTTPS"
129 |   request_path        = "/healthz"
130 | }
131 | 
132 | resource "azurerm_lb_probe" "internal_lb_probe_api_internal" {
133 |   name                = "api-internal-probe"
134 |   resource_group_name = var.resource_group_name
135 |   interval_in_seconds = 5
136 |   number_of_probes    = 2
137 |   loadbalancer_id     = azurerm_lb.internal.id
138 |   port                = 6443
139 |   protocol            = "HTTPS"
140 |   request_path        = "/readyz"
141 | }
142 | 


--------------------------------------------------------------------------------
/vnet/nsg.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_network_security_group" "cluster" {
 2 |   name                = "${var.cluster_id}-nsg"
 3 |   location            = var.region
 4 |   resource_group_name = var.resource_group_name
 5 | }
 6 | 
 7 | resource "azurerm_subnet_network_security_group_association" "master" {
 8 |   count = var.preexisting_network ? 0 : 1
 9 | 
10 |   subnet_id                 = azurerm_subnet.master_subnet[0].id
11 |   network_security_group_id = azurerm_network_security_group.cluster.id
12 | }
13 | 
14 | resource "azurerm_subnet_network_security_group_association" "worker" {
15 |   count = var.preexisting_network ? 0 : 1
16 | 
17 |   subnet_id                 = azurerm_subnet.worker_subnet[0].id
18 |   network_security_group_id = azurerm_network_security_group.cluster.id
19 | }
20 | 
21 | resource "azurerm_network_security_rule" "apiserver_in" {
22 |   name                        = "apiserver_in"
23 |   priority                    = 101
24 |   direction                   = "Inbound"
25 |   access                      = "Allow"
26 |   protocol                    = "Tcp"
27 |   source_port_range           = "*"
28 |   destination_port_range      = "6443"
29 |   source_address_prefix       = "*"
30 |   destination_address_prefix  = "*"
31 |   resource_group_name         = var.resource_group_name
32 |   network_security_group_name = azurerm_network_security_group.cluster.name
33 | }
34 | 


--------------------------------------------------------------------------------
/vnet/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "public_lb_backend_pool_v4_id" {
 2 |   value = local.need_public_ipv4 ? azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id : null
 3 | }
 4 | 
 5 | output "public_lb_backend_pool_v6_id" {
 6 |   value = local.need_public_ipv6 ? azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id : null
 7 | }
 8 | 
 9 | output "internal_lb_backend_pool_v4_id" {
10 |   value = var.use_ipv4 ? azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id : null
11 | }
12 | 
13 | output "internal_lb_backend_pool_v6_id" {
14 |   value = var.use_ipv6 ? azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id : null
15 | }
16 | 
17 | output "public_lb_id" {
18 |   value = var.private ? null : azurerm_lb.public.id
19 | }
20 | 
21 | output "public_lb_pip_v4_fqdn" {
22 |   value = local.need_public_ipv4 ? data.azurerm_public_ip.cluster_public_ip_v4[0].fqdn : null
23 | }
24 | 
25 | output "public_lb_pip_v6_fqdn" {
26 |   value = local.need_public_ipv6 ? data.azurerm_public_ip.cluster_public_ip_v6[0].fqdn : null
27 | }
28 | 
29 | output "public_lb_ip_v4_address" {
30 |   value = local.need_public_ipv4 ? data.azurerm_public_ip.cluster_public_ip_v4[0].ip_address : null
31 | }
32 | 
33 | output "public_lb_ip_v6_address" {
34 |   value = local.need_public_ipv6 ? data.azurerm_public_ip.cluster_public_ip_v6[0].ip_address : null
35 | }
36 | 
37 | output "internal_lb_ip_v4_address" {
38 |   value = var.use_ipv4 ? azurerm_lb.internal.private_ip_addresses[0] : null
39 | }
40 | 
41 | output "internal_lb_ip_v6_address" {
42 |   // TODO: internal LB should block v4 for better single stack emulation (&& ! var.emulate_single_stack_ipv6)
43 |   //   but RHCoS initramfs can't do v6 and so fails to ignite. https://issues.redhat.com/browse/GRPA-1343 
44 |   value = var.use_ipv6 ? azurerm_lb.internal.private_ip_addresses[1] : null
45 | }
46 | 
47 | output "cluster_nsg_name" {
48 |   value = azurerm_network_security_group.cluster.name
49 | }
50 | 
51 | output "virtual_network_id" {
52 |   value = local.virtual_network_id
53 | }
54 | 
55 | output "master_subnet_id" {
56 |   value = local.master_subnet_id
57 | }
58 | 
59 | output "worker_subnet_id" {
60 |   value = local.worker_subnet_id
61 | }
62 | 
63 | output "private" {
64 |   value = var.private
65 | }
66 | 


--------------------------------------------------------------------------------
/vnet/public-lb.tf:
--------------------------------------------------------------------------------
  1 | locals {
  2 |   public_lb_frontend_ip_v4_configuration_name = "public-lb-ip-v4"
  3 |   public_lb_frontend_ip_v6_configuration_name = "public-lb-ip-v6"
  4 | }
  5 | 
  6 | locals {
  7 |   // DEBUG: Azure apparently requires dual stack LB for v6
  8 |   need_public_ipv4 = ! var.private || ! var.outbound_udr
  9 | 
 10 |   need_public_ipv6 = var.use_ipv6 && (! var.private || ! var.outbound_udr)
 11 | }
 12 | 
 13 | 
 14 | resource "azurerm_public_ip" "cluster_public_ip_v4" {
 15 |   count = local.need_public_ipv4 ? 1 : 0
 16 | 
 17 |   sku                 = "Standard"
 18 |   location            = var.region
 19 |   name                = "${var.cluster_id}-pip-v4"
 20 |   resource_group_name = var.resource_group_name
 21 |   allocation_method   = "Static"
 22 |   domain_name_label   = var.dns_label
 23 | }
 24 | 
 25 | data "azurerm_public_ip" "cluster_public_ip_v4" {
 26 |   // DEBUG: Azure apparently requires dual stack LB for v6
 27 |   count = local.need_public_ipv4 ? 1 : 0
 28 | 
 29 |   name                = azurerm_public_ip.cluster_public_ip_v4[0].name
 30 |   resource_group_name = var.resource_group_name
 31 | }
 32 | 
 33 | 
 34 | resource "azurerm_public_ip" "cluster_public_ip_v6" {
 35 |   count = local.need_public_ipv6 ? 1 : 0
 36 | 
 37 |   ip_version          = "IPv6"
 38 |   sku                 = "Standard"
 39 |   location            = var.region
 40 |   name                = "${var.cluster_id}-pip-v6"
 41 |   resource_group_name = var.resource_group_name
 42 |   allocation_method   = "Static"
 43 |   domain_name_label   = var.dns_label
 44 | }
 45 | 
 46 | data "azurerm_public_ip" "cluster_public_ip_v6" {
 47 |   count = local.need_public_ipv6 ? 1 : 0
 48 | 
 49 |   name                = azurerm_public_ip.cluster_public_ip_v6[0].name
 50 |   resource_group_name = var.resource_group_name
 51 | }
 52 | 
 53 | resource "azurerm_lb" "public" {
 54 |   sku                 = "Standard"
 55 |   name                = var.cluster_id
 56 |   resource_group_name = var.resource_group_name
 57 |   location            = var.region
 58 | 
 59 |   dynamic "frontend_ip_configuration" {
 60 |     for_each = [for ip in [
 61 |       // DEBUG: Azure apparently requires dual stack LB for external load balancers v6
 62 |       {
 63 |         name : local.public_lb_frontend_ip_v4_configuration_name,
 64 |         value : local.need_public_ipv4 ? azurerm_public_ip.cluster_public_ip_v4[0].id : null,
 65 |         include : local.need_public_ipv4,
 66 |         ipv6 : false,
 67 |       },
 68 |       {
 69 |         name : local.public_lb_frontend_ip_v6_configuration_name,
 70 |         value : local.need_public_ipv6 ? azurerm_public_ip.cluster_public_ip_v6[0].id : null,
 71 |         include : local.need_public_ipv6,
 72 |         ipv6 : true,
 73 |       },
 74 |       ] : {
 75 |       name : ip.name
 76 |       value : ip.value
 77 |       ipv6 : ip.ipv6
 78 |       include : ip.include
 79 |       } if ip.include
 80 |     ]
 81 | 
 82 |     content {
 83 |       name                          = frontend_ip_configuration.value.name
 84 |       public_ip_address_id          = frontend_ip_configuration.value.value
 85 |       private_ip_address_version    = frontend_ip_configuration.value.ipv6 ? "IPv6" : "IPv4"
 86 |       private_ip_address_allocation = "Dynamic"
 87 |     }
 88 |   }
 89 | }
 90 | 
 91 | // The backends are only created when frontend configuration exists, because of the following error from Azure API;
 92 | // ```
 93 | // Load Balancer /subscriptions/xx/resourceGroups/xx/providers/Microsoft.Network/loadBalancers/xx-public-lb does not have Frontend IP Configuration, 
 94 | // but it has other child resources. This setup is not supported.
 95 | // ```
 96 | resource "azurerm_lb_backend_address_pool" "public_lb_pool_v4" {
 97 |   count = local.need_public_ipv4 ? 1 : 0
 98 | 
 99 |   resource_group_name = var.resource_group_name
100 |   loadbalancer_id     = azurerm_lb.public.id
101 |   name                = var.cluster_id
102 | }
103 | 
104 | resource "azurerm_lb_backend_address_pool" "public_lb_pool_v6" {
105 |   count = local.need_public_ipv6 ? 1 : 0
106 | 
107 |   resource_group_name = var.resource_group_name
108 |   loadbalancer_id     = azurerm_lb.public.id
109 |   name                = "${var.cluster_id}-IPv6"
110 | }
111 | 
112 | resource "azurerm_lb_rule" "public_lb_rule_api_internal_v4" {
113 |   count = var.use_ipv4 && ! var.private ? 1 : 0
114 | 
115 |   name                           = "api-internal-v4"
116 |   resource_group_name            = var.resource_group_name
117 |   protocol                       = "Tcp"
118 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
119 |   loadbalancer_id                = azurerm_lb.public.id
120 |   frontend_port                  = 6443
121 |   backend_port                   = 6443
122 |   frontend_ip_configuration_name = local.public_lb_frontend_ip_v4_configuration_name
123 |   enable_floating_ip             = false
124 |   idle_timeout_in_minutes        = 30
125 |   load_distribution              = "Default"
126 |   probe_id                       = azurerm_lb_probe.public_lb_probe_api_internal[0].id
127 | }
128 | 
129 | resource "azurerm_lb_rule" "public_lb_rule_api_internal_v6" {
130 |   count = var.use_ipv6 && ! var.private ? 1 : 0
131 | 
132 |   name                           = "api-internal-v6"
133 |   resource_group_name            = var.resource_group_name
134 |   protocol                       = "Tcp"
135 |   backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
136 |   loadbalancer_id                = azurerm_lb.public.id
137 |   frontend_port                  = 6443
138 |   backend_port                   = 6443
139 |   frontend_ip_configuration_name = local.public_lb_frontend_ip_v6_configuration_name
140 |   enable_floating_ip             = false
141 |   idle_timeout_in_minutes        = 30
142 |   load_distribution              = "Default"
143 |   probe_id                       = azurerm_lb_probe.public_lb_probe_api_internal[0].id
144 | }
145 | 
146 | resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v4" {
147 |   count = var.use_ipv4 && var.private && ! var.outbound_udr ? 1 : 0
148 | 
149 |   name                    = "outbound-rule-v4"
150 |   resource_group_name     = var.resource_group_name
151 |   loadbalancer_id         = azurerm_lb.public.id
152 |   backend_address_pool_id = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
153 |   protocol                = "All"
154 | 
155 |   frontend_ip_configuration {
156 |     name = local.public_lb_frontend_ip_v4_configuration_name
157 |   }
158 | }
159 | 
160 | resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v6" {
161 |   count = var.use_ipv6 && var.private && ! var.outbound_udr ? 1 : 0
162 | 
163 |   name                    = "outbound-rule-v6"
164 |   resource_group_name     = var.resource_group_name
165 |   loadbalancer_id         = azurerm_lb.public.id
166 |   backend_address_pool_id = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
167 |   protocol                = "All"
168 | 
169 |   frontend_ip_configuration {
170 |     name = local.public_lb_frontend_ip_v6_configuration_name
171 |   }
172 | }
173 | 
174 | resource "azurerm_lb_probe" "public_lb_probe_api_internal" {
175 |   count = var.private ? 0 : 1
176 | 
177 |   name                = "api-internal-probe"
178 |   resource_group_name = var.resource_group_name
179 |   interval_in_seconds = 5
180 |   number_of_probes    = 2
181 |   loadbalancer_id     = azurerm_lb.public.id
182 |   port                = 6443
183 |   protocol            = "HTTPS"
184 |   request_path        = "/readyz"
185 | }
186 | 


--------------------------------------------------------------------------------
/vnet/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vnet_v4_cidrs" {
 2 |   type = list(string)
 3 | }
 4 | 
 5 | variable "vnet_v6_cidrs" {
 6 |   type = list(string)
 7 | }
 8 | 
 9 | variable "resource_group_name" {
10 |   type        = string
11 |   description = "Resource group for the deployment"
12 | }
13 | 
14 | variable "cluster_id" {
15 |   type = string
16 | }
17 | 
18 | variable "region" {
19 |   type        = string
20 |   description = "The target Azure region for the cluster."
21 | }
22 | 
23 | variable "tags" {
24 |   type        = map(string)
25 |   default     = {}
26 |   description = "Azure tags to be applied to created resources."
27 | }
28 | 
29 | variable "dns_label" {
30 |   type        = string
31 |   description = "The label used to build the dns name. i.e. <label>.<region>.cloudapp.azure.com"
32 | }
33 | 
34 | variable "preexisting_network" {
35 |   type        = bool
36 |   description = "This value determines if a vnet already exists or not. If true, then will not create a new vnet, subnet, or nsg's"
37 |   default     = false
38 | }
39 | 
40 | variable "network_resource_group_name" {
41 |   type        = string
42 |   description = "This is the name of the network resource group for new or existing network resources"
43 | }
44 | 
45 | variable "virtual_network_name" {
46 |   type        = string
47 |   description = "This is the name of the virtual network, new or existing"
48 | }
49 | 
50 | variable "master_subnet" {
51 |   type        = string
52 |   description = "This is the name of the subnet used for the control plane, new or existing"
53 | }
54 | 
55 | variable "worker_subnet" {
56 |   type        = string
57 |   description = "This is the name of the subnet used for the compute nodes, new or existing"
58 | }
59 | 
60 | variable "private" {
61 |   type        = bool
62 |   description = "The determines if this is a private/internal cluster or not."
63 | }
64 | 
65 | variable "use_ipv4" {
66 |   type        = bool
67 |   description = "This value determines if this is cluster should use IPv4 networking."
68 | }
69 | 
70 | variable "use_ipv6" {
71 |   type        = bool
72 |   description = "This value determines if this is cluster should use IPv6 networking."
73 | }
74 | 
75 | variable "emulate_single_stack_ipv6" {
76 |   type        = bool
77 |   description = "This determines whether a dual-stack cluster is configured to emulate single-stack IPv6."
78 | }
79 | 
80 | variable "outbound_udr" {
81 |   type    = bool
82 |   default = false
83 | 
84 |   description = <<EOF
85 | This determined whether User defined routing will be used for egress to Internet.
86 | When false, Standard LB will be used for egress to the Internet.
87 | EOF
88 | }
89 | 


--------------------------------------------------------------------------------
/vnet/versions.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | terraform {
 3 |   required_version = ">= 0.13"
 4 |   required_providers {
 5 |     azurerm = {
 6 |       source = "hashicorp/azurerm"
 7 |     }
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/vnet/vnet.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_virtual_network" "cluster_vnet" {
 2 |   count = var.preexisting_network ? 0 : 1
 3 | 
 4 |   name                = var.virtual_network_name
 5 |   resource_group_name = var.resource_group_name
 6 |   location            = var.region
 7 |   address_space       = concat(var.vnet_v4_cidrs, var.vnet_v6_cidrs)
 8 | }
 9 | 
10 | resource "azurerm_subnet" "master_subnet" {
11 |   count = var.preexisting_network ? 0 : 1
12 | 
13 |   resource_group_name = var.resource_group_name
14 |   address_prefixes = [for cidr in [
15 |     { value : local.master_subnet_cidr_v4, include : var.use_ipv4 },
16 |     { value : local.master_subnet_cidr_v6, include : var.use_ipv6 }
17 |   ] : cidr.value if cidr.include]
18 |   virtual_network_name = local.virtual_network
19 |   name                 = var.master_subnet
20 | }
21 | 
22 | resource "azurerm_subnet" "worker_subnet" {
23 |   count = var.preexisting_network ? 0 : 1
24 | 
25 |   resource_group_name = var.resource_group_name
26 |   address_prefixes = [for cidr in [
27 |     { value : local.worker_subnet_cidr_v4, include : var.use_ipv4 },
28 |     { value : local.worker_subnet_cidr_v6, include : var.use_ipv6 }
29 |   ] : cidr.value if cidr.include]
30 |   virtual_network_name = local.virtual_network
31 |   name                 = var.worker_subnet
32 | }
33 | 


--------------------------------------------------------------------------------