mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
196 lines
6.3 KiB
Plaintext
196 lines
6.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
|
|
// * rosa_hcp/rosa-hcp-egress-zero-install.adoc
|
|
// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc
|
|
// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
|
|
|
|
ifeval::["{context}" == "rosa-hcp-egress-zero-install"]
|
|
:rosa-egress-lockdown:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="rosa-hcp-vpc-terraform_{context}"]
|
|
= Creating a Virtual Private Cloud using Terraform
|
|
|
|
Terraform is a tool that allows you to create various resources using an established template. The following process uses the default options as required to create a {product-title} cluster. For more information about using Terraform, see the additional resources.
|
|
|
|
ifdef::rosa-egress-lockdown[]
|
|
[NOTE]
|
|
====
|
|
The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script, it is in the same region that you intend to install your cluster. These examples use `us-east-2`.
|
|
====
|
|
endif::rosa-egress-lockdown[]
|
|
|
|
.Prerequisites
|
|
|
|
* You have installed Terraform version 1.4.0 or newer on your machine.
|
|
* You have installed Git on your machine.
|
|
|
|
.Procedure
|
|
|
|
. Open a shell prompt and clone the Terraform VPC repository by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ git clone https://github.com/openshift-cs/terraform-vpc-example
|
|
----
|
|
|
|
. Navigate to the created directory by running the following command:
|
|
ifndef::rosa-egress-lockdown[]
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cd terraform-vpc-example
|
|
----
|
|
endif::rosa-egress-lockdown[]
|
|
ifdef::rosa-egress-lockdown[]
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cd terraform-vpc-example/zero-egress
|
|
----
|
|
endif::rosa-egress-lockdown[]
|
|
|
|
. Initiate the Terraform file by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ terraform init
|
|
----
|
|
+
|
|
A message confirming the initialization appears when this process completes.
|
|
|
|
ifdef::rosa-egress-lockdown[]
|
|
. To build your VPC Terraform plan based on the existing Terraform template, run the `plan` command. You must include your AWS region, availability zones, CIDR blocks, and private subnets. You can choose to specify a cluster name. A `rosa-zero-egress.tfplan` file is added to the `hypershift-tf` directory after the `terraform plan` completes. For more detailed options, see the link:https://github.com/openshift-cs/terraform-vpc-example/blob/main/README.md[Terraform VPC repository's README file].
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ terraform plan -out rosa-zero-egress.tfplan -var region=<aws_region> \ <1>
|
|
-var 'availability_zones=["aws_region_1a","aws_region_1b","aws_region_1c"]'\ <2>
|
|
-var vpc_cidr_block=10.0.0.0/16 \ <3>
|
|
-var 'private_subnets=["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]' <4>
|
|
----
|
|
+
|
|
--
|
|
<1> Enter your AWS region.
|
|
<2> Enter the availability zones for the VPC. For example, for a VPC that uses `ap-southeast-1`, you would use the following as availability zones: `["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]`.
|
|
<3> Enter the CIDR block for your VPC.
|
|
<4> Enter each of the subnets that are created for the VPC.
|
|
--
|
|
endif::rosa-egress-lockdown[]
|
|
ifndef::rosa-egress-lockdown[]
|
|
. To build your VPC Terraform plan based on the existing Terraform template, run the `plan` command. You must include your AWS region. You can choose to specify a cluster name. A `rosa.tfplan` file is added to the `hypershift-tf` directory after the `terraform plan` completes. For more detailed options, see the link:https://github.com/openshift-cs/terraform-vpc-example/blob/main/README.md[Terraform VPC repository's README file].
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ terraform plan -out rosa.tfplan -var region=<region>
|
|
----
|
|
endif::rosa-egress-lockdown[]
|
|
|
|
. Apply this plan file to build your VPC by running the following command:
|
|
ifdef::rosa-egress-lockdown[]
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ terraform apply rosa-zero-egress.tfplan
|
|
----
|
|
endif::rosa-egress-lockdown[]
|
|
ifndef::rosa-egress-lockdown[]
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ terraform apply rosa.tfplan
|
|
----
|
|
+
|
|
.. Optional: You can capture the values of the Terraform-provisioned private, public, and machinepool subnet IDs as environment variables to use when creating your {product-title} cluster by running the following commands:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export SUBNET_IDS=$(terraform output -raw cluster-subnets-string)
|
|
----
|
|
+
|
|
.. Verify that the variables were correctly set with the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ echo $SUBNET_IDS
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ subnet-0a6a57e0f784171aa,subnet-078e84e5b10ecf5b0
|
|
----
|
|
|
|
endif::rosa-egress-lockdown[]
|
|
ifdef::rosa-egress-lockdown[]
|
|
[discrete]
|
|
[id="rosa-hcp-vpc-subnet-tagging-terraform_{context}"]
|
|
== Tagging your subnets
|
|
|
|
Before you can use your VPC to create a {product-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources:
|
|
|
|
[cols="3a,8a,8a", options="header"]
|
|
|===
|
|
| Resource
|
|
| Key
|
|
| Value
|
|
|
|
| Public subnet
|
|
| `kubernetes.io/role/elb`
|
|
| `1` or no value
|
|
|
|
| Private subnet
|
|
| `kubernetes.io/role/internal-elb`
|
|
| `1` or no value
|
|
|
|
|===
|
|
|
|
[NOTE]
|
|
====
|
|
You must tag at least one private subnet and one public subnet, if applicable.
|
|
====
|
|
|
|
. Tag your resources in your terminal:
|
|
.. For public subnets, run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ aws ec2 create-tags --resources <public_subnet_id> --region <aws_region> --tags Key=kubernetes.io/role/elb,Value=1
|
|
----
|
|
.. For private subnets, run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ aws ec2 create-tags --resources <private_subnet_id> --region <aws_region> --tags Key=kubernetes.io/role/internal-elb,Value=1
|
|
----
|
|
|
|
.Verification
|
|
|
|
* Verify that the tag is correct by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ aws ec2 describe-tags --filters "Name=resource-id,Values=<subnet_id>"
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,text]
|
|
----
|
|
TAGS Name <subnet_id> subnet <prefix>-subnet-public1-us-east-1a
|
|
TAGS kubernetes.io/role/elb <subnet_id> subnet 1
|
|
----
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_rosa-hcp-vpc-terraform-egress-lockdown"]
|
|
.Additional resources
|
|
|
|
* link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC example]
|
|
endif::rosa-egress-lockdown[]
|
|
|
|
ifeval::["{context}" == "rosa-hcp-egress-zero-install"]
|
|
:!rosa-egress-lockdown:
|
|
endif::[] |