Small fixes for terraform aws (#646)

- fix hardcode chart version - fix unreachable bastion - adjust tidb-cluster no-wait to avoid scheduled backup pvc blocking - add version check - disable pd node public_ip Signed-off-by: Aylei <rayingecho@gmail.com>
pingcap · Jul 10, 2019 · 4001039 · 4001039
1 parent 7f62e27
commit 4001039
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 6 deletions.
diff --git a/deploy/aws/bastion.tf b/deploy/aws/bastion.tf
@@ -29,5 +29,8 @@ module "ec2" {
   monitoring                  = false
   user_data                   = file("bastion-userdata")
   vpc_security_group_ids      = [aws_security_group.ssh.id]
-  subnet_ids                  = local.default_subnets
+  subnet_ids = split(
+    ",",
+    var.create_vpc ? join(",", module.vpc.public_subnets) : join(",", var.subnets),
+  )
 }
diff --git a/deploy/aws/clusters.tf b/deploy/aws/clusters.tf
@@ -7,7 +7,7 @@ resource "local_file" "kubeconfig" {
 # The helm provider for TiDB clusters must be configured in the top level, otherwise removing clusters will failed due to
 # the helm provider configuration is removed too.
 provider "helm" {
-  alias = "eks"
+  alias    = "eks"
   insecure = true
   # service_account = "tiller"
   install_tiller = false # currently this doesn't work, so we install tiller in the local-exec provisioner. See https://github.com/terraform-providers/terraform-provider-helm/issues/148

diff --git a/deploy/aws/tidb-cluster/cluster.tf b/deploy/aws/tidb-cluster/cluster.tf
@@ -29,6 +29,7 @@ resource "helm_release" "tidb-cluster" {
   version = var.tidb_cluster_chart_version
   namespace = var.cluster_name
   name = var.cluster_name
+  wait = false
 
   values = [
     file("${path.module}/values/default.yaml"),

diff --git a/deploy/aws/tidb-cluster/local.tf b/deploy/aws/tidb-cluster/local.tf
@@ -41,7 +41,7 @@ locals {
       key_name             = var.ssh_key_name
       instance_type        = var.pd_instance_type
       root_volume_size     = "50"
-      public_ip            = true
+      public_ip            = false
       kubelet_extra_args   = "--register-with-taints=dedicated=${var.cluster_name}-pd:NoSchedule --node-labels=dedicated=${var.cluster_name}-pd,pingcap.com/aws-local-ssd=true"
       asg_desired_capacity = var.pd_count
       asg_max_size         = var.pd_count + 2

diff --git a/deploy/aws/tidb-operator/main.tf b/deploy/aws/tidb-operator/main.tf
@@ -33,7 +33,7 @@ resource "local_file" "kubeconfig" {
 }
 
 provider "helm" {
-  alias = "initial"
+  alias    = "initial"
   insecure = true
   # service_account = "tiller"
   install_tiller = false # currently this doesn't work, so we install tiller in the local-exec provisioner. See https://github.com/terraform-providers/terraform-provider-helm/issues/148
@@ -49,8 +49,8 @@ resource "null_resource" "setup-env" {
     working_dir = path.module
     command     = <<EOS
 echo "${local_file.kubeconfig.sensitive_content}" > kube_config.yaml
-kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.0-beta.3/manifests/crd.yaml
-kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.0-beta.3/manifests/tiller-rbac.yaml
+kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/${var.operator_version}/manifests/crd.yaml
+kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/${var.operator_version}/manifests/tiller-rbac.yaml
 kubectl apply -f manifests/local-volume-provisioner.yaml
 kubectl apply -f manifests/gp2-storageclass.yaml
 helm init --service-account tiller --upgrade --wait

diff --git a/deploy/aws/versions.tf b/deploy/aws/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}