🔓️ Disable port protection on AWS and OpenStack

This is required for the kubenet and kuberouter labs, for 'operating kubernetes' training classes.
2026-02-14 17:49:59 +00:00 · 2023-05-12 06:57:54 +02:00
parent 8f6c32e94a
commit fd0bc97a7a
8 changed files with 43 additions and 55 deletions
--- a/prepare-labs/settings/admin-dmuc.env
+++ b/prepare-labs/settings/admin-dmuc.env
@@ -17,6 +17,5 @@ STEPS="
  tailhist
  kubebins
  kubetools
-  cards
  ips
-"
+"
--- a/prepare-labs/settings/admin-kubenet.env
+++ b/prepare-labs/settings/admin-kubenet.env
@@ -7,7 +7,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training

 STEPS="
-  disableaddrchecks
  wait
  standardize
  clusterize
@@ -18,6 +17,5 @@ STEPS="
  tailhist
  kubebins
  kubetools
-  cards
  ips
-"
+"
--- a/prepare-labs/settings/admin-kuberouter.env
+++ b/prepare-labs/settings/admin-kuberouter.env
@@ -7,7 +7,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training

 STEPS="
-  disableaddrchecks
  wait
  standardize
  clusterize
@@ -18,6 +17,5 @@ STEPS="
  tailhist
  kubebins
  kubetools
-  cards
  ips
-"
+"
--- a/prepare-labs/settings/admin-oldversion.env
+++ b/prepare-labs/settings/admin-oldversion.env
@@ -7,7 +7,7 @@ USER_PASSWORD=training

 # For a list of old versions, check:
 # https://kubernetes.io/releases/patch-releases/#non-active-branch-history
-KUBEVERSION=1.20.15
+KUBEVERSION=1.22.1

 STEPS="
  wait
@@ -21,4 +21,4 @@ STEPS="
  kube
  kubetools
  kubetest
-"
+"
--- a/prepare-labs/setup-admin-clusters.sh
+++ b/prepare-labs/setup-admin-clusters.sh
@@ -1,52 +1,48 @@
 #!/bin/sh
 set -e

-export AWS_INSTANCE_TYPE=t3a.small
-
-INFRA=infra/aws-eu-north-1
-
-STUDENTS=2
-
 PREFIX=$(date +%Y-%m-%d-%H-%M)
+PROVIDER=openstack/enix # aws also works
+STUDENTS=2
+#export TF_VAR_location=eu-north-1
+export TF_VAR_node_size=S

 SETTINGS=admin-dmuc
 TAG=$PREFIX-$SETTINGS
-./workshopctl start \
+./labctl create \
 	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
 	--students $STUDENTS

 SETTINGS=admin-kubenet
 TAG=$PREFIX-$SETTINGS
-./workshopctl start \
+./labctl create \
 	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
 	--students $STUDENTS

 SETTINGS=admin-kuberouter
 TAG=$PREFIX-$SETTINGS
-./workshopctl start \
+./labctl create \
 	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
 	--students $STUDENTS

-INFRA=infra/enix
-
 SETTINGS=admin-oldversion
 TAG=$PREFIX-$SETTINGS
-./workshopctl start \
+./labctl create \
 	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
 	--students $STUDENTS

 SETTINGS=admin-test
 TAG=$PREFIX-$SETTINGS
-./workshopctl start \
+./labctl create \
 	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
 	--students $STUDENTS
--- a/prepare-labs/terraform/virtual-machines/aws/main.tf
+++ b/prepare-labs/terraform/virtual-machines/aws/main.tf
@@ -3,9 +3,10 @@ resource "aws_instance" "_" {
  tags = {
    Name = each.value.node_name
  }
-  instance_type = each.value.node_size
-  key_name      = aws_key_pair._.key_name
-  ami           = data.aws_ami._.id
+  instance_type     = each.value.node_size
+  key_name          = aws_key_pair._.key_name
+  ami               = data.aws_ami._.id
+  source_dest_check = false
 }

 resource "aws_key_pair" "_" {
--- a/prepare-labs/terraform/virtual-machines/openstack/main.tf
+++ b/prepare-labs/terraform/virtual-machines/openstack/main.tf
@@ -1,13 +1,20 @@
 resource "openstack_compute_instance_v2" "_" {
-  for_each        = local.nodes
-  name            = each.value.node_name
-  image_name      = var.image
-  flavor_name     = each.value.node_size
-  security_groups = [openstack_networking_secgroup_v2._.name]
-  key_pair        = openstack_compute_keypair_v2._.name
-
+  for_each    = local.nodes
+  name        = each.value.node_name
+  image_name  = var.image
+  flavor_name = each.value.node_size
+  key_pair = openstack_compute_keypair_v2._.name
  network {
-    name = openstack_networking_network_v2._.name
+    port = openstack_networking_port_v2._[each.key].id
+  }
+}
+
+resource "openstack_networking_port_v2" "_" {
+  for_each              = local.nodes
+  network_id            = openstack_networking_network_v2._.id
+  port_security_enabled = false
+  fixed_ip {
+    subnet_id = openstack_networking_subnet_v2._.id
  }
 }

--- a/prepare-labs/terraform/virtual-machines/openstack/secgroup.tf
+++ b/prepare-labs/terraform/virtual-machines/openstack/secgroup.tf
@@ -1,11 +0,0 @@
-resource "openstack_networking_secgroup_v2" "_" {
-  name = var.tag
-}
-
-resource "openstack_networking_secgroup_rule_v2" "_" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  protocol          = ""
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2._.id
-}