From 764cb459d84af99a1fa0b8b1eb5ba9b810b2ad5c Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 8 Oct 2024 17:58:47 +0200 Subject: [PATCH 1/5] feat(vpc): enhance network/subnet and ipv6 --- vpc.tf | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/vpc.tf b/vpc.tf index f6f2515..a60b847 100644 --- a/vpc.tf +++ b/vpc.tf @@ -11,7 +11,7 @@ module "vpc" { version = "5.13.0" name = "${local.cluster_name}-vpc" - cidr = "10.0.0.0/16" + cidr = "10.244.0.0/14" # dual stack https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/v5.13.0/examples/ipv6-dualstack/main.tf @@ -29,17 +29,21 @@ module "vpc" { # only private subnets for security (to control allowed outbound connections) private_subnets = [ # only one zone # first VM ci.jenkins.io - "10.0.0.0/24", # 10.0.0.1 -> 10.0.0.254 (254 ips) + "10.245.1.0/24", # 10.245.1.1 -> 10.245.1.254 (254 ips) # second for VM agent jenkins - "10.0.1.0/24", # 10.0.1.1 -> 10.0.1.254 (254 ips) + "10.245.2.0/23", # 10.245.2.1 -> 10.245.3.254 (510 ips) # next for eks agents - "10.0.2.0/24", # 10.0.2.1 -> 10.0.2.254 (254 ips) + "10.245.4.0/24", # 10.245.4.1 -> 10.245.4.254 (254 ips) ] public_subnets = [ # need at least one for the module (line 1085 : subnet_id = element(aws_subnet.public[*].id,var.single_nat_gateway ? 0 : count.index,)) #fake one - "10.0.254.0/24", # 100.0.254.1 -> 10.0.254.254 (254 ips) + "10.247.0.0/24", # 10.247.0.1 -> 10.247.0.254 (254 ips) ] + ## TODO analyse result + public_subnet_ipv6_prefixes = [0, 1, 2] + private_subnet_ipv6_prefixes = [3, 4, 5] + # One NAT gateway per subnet (default) # ref. https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#one-nat-gateway-per-subnet-default enable_nat_gateway = true From 04d92f86578493093e619c4c674c5aaeed0735cf Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 8 Oct 2024 18:04:42 +0200 Subject: [PATCH 2/5] extend 3rd network for eks --- vpc.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc.tf b/vpc.tf index a60b847..ce4abed 100644 --- a/vpc.tf +++ b/vpc.tf @@ -33,7 +33,7 @@ module "vpc" { # second for VM agent jenkins "10.245.2.0/23", # 10.245.2.1 -> 10.245.3.254 (510 ips) # next for eks agents - "10.245.4.0/24", # 10.245.4.1 -> 10.245.4.254 (254 ips) + "10.245.4.0/23", # 10.245.4.1 -> 10.245.5.254 (510 ips) ] public_subnets = [ # need at least one for the module (line 1085 : subnet_id = element(aws_subnet.public[*].id,var.single_nat_gateway ? 0 : count.index,)) #fake one From 226f5dee66a4978d44124cc59a44871322898342 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 8 Oct 2024 18:15:53 +0200 Subject: [PATCH 3/5] change for /16 --- vpc.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vpc.tf b/vpc.tf index ce4abed..02e6ee1 100644 --- a/vpc.tf +++ b/vpc.tf @@ -11,7 +11,7 @@ module "vpc" { version = "5.13.0" name = "${local.cluster_name}-vpc" - cidr = "10.244.0.0/14" + cidr = "10.0.0.0/16" # dual stack https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/v5.13.0/examples/ipv6-dualstack/main.tf @@ -29,15 +29,15 @@ module "vpc" { # only private subnets for security (to control allowed outbound connections) private_subnets = [ # only one zone # first VM ci.jenkins.io - "10.245.1.0/24", # 10.245.1.1 -> 10.245.1.254 (254 ips) + "10.0.1.0/24", # 10.0.1.1 -> 10.0.1.254 (254 ips) # second for VM agent jenkins - "10.245.2.0/23", # 10.245.2.1 -> 10.245.3.254 (510 ips) + "10.0.2.0/23", # 10.0.2.1 -> 10.0.3.254 (510 ips) # next for eks agents - "10.245.4.0/23", # 10.245.4.1 -> 10.245.5.254 (510 ips) + "10.0.4.0/23", # 10.0.4.1 -> 10.0.5.254 (510 ips) ] public_subnets = [ # need at least one for the module (line 1085 : subnet_id = element(aws_subnet.public[*].id,var.single_nat_gateway ? 0 : count.index,)) #fake one - "10.247.0.0/24", # 10.247.0.1 -> 10.247.0.254 (254 ips) + "10.0.255.0/24", # 10.0.255.1 -> 10.0.255.254 (254 ips) ] ## TODO analyse result From b825a75554e5cd6a1765653be0ec2883da0d3b0e Mon Sep 17 00:00:00 2001 From: smerle33 Date: Tue, 8 Oct 2024 18:17:16 +0200 Subject: [PATCH 4/5] terraform fmt -recursive --- providers.tf | 2 +- vpc.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providers.tf b/providers.tf index 7283b21..bf4fc99 100644 --- a/providers.tf +++ b/providers.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "us-east-1" + region = "us-east-1" # profile = var.aws_profile assume_role { role_arn = "arn:aws:iam::326712726440:role/infra-developer" diff --git a/vpc.tf b/vpc.tf index 02e6ee1..e6c30d7 100644 --- a/vpc.tf +++ b/vpc.tf @@ -11,7 +11,7 @@ module "vpc" { version = "5.13.0" name = "${local.cluster_name}-vpc" - cidr = "10.0.0.0/16" + cidr = "10.0.0.0/16" # cannot be less then /16 (more ips) # dual stack https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/v5.13.0/examples/ipv6-dualstack/main.tf @@ -41,8 +41,8 @@ module "vpc" { ] ## TODO analyse result - public_subnet_ipv6_prefixes = [0, 1, 2] - private_subnet_ipv6_prefixes = [3, 4, 5] + public_subnet_ipv6_prefixes = [0, 1, 2] + private_subnet_ipv6_prefixes = [3, 4, 5] # One NAT gateway per subnet (default) # ref. https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#one-nat-gateway-per-subnet-default From 7b5b4ac9bbab3ac8299864a143b50793da7e97f8 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Wed, 9 Oct 2024 08:43:00 +0200 Subject: [PATCH 5/5] 1 ipv6 public subnet --- vpc.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vpc.tf b/vpc.tf index e6c30d7..463de8d 100644 --- a/vpc.tf +++ b/vpc.tf @@ -41,7 +41,7 @@ module "vpc" { ] ## TODO analyse result - public_subnet_ipv6_prefixes = [0, 1, 2] + public_subnet_ipv6_prefixes = [0] private_subnet_ipv6_prefixes = [3, 4, 5] # One NAT gateway per subnet (default)