Pulumi: Reorganization of the code - Part 3

 

Until now we have been creating resources little by little, starting with the security groups to later focus on the creation of the instance. Currently we have all the infrastructure configuration in a single index.ts. As we add new security groups, new rules, new instances, the code index.ts will end up becoming unmanageable. Currently, the file index.js looks like this.

Example: index.ts with all the resources together

import * as os from "@pulumi/openstack";
import * as sg from './security-groups'

const cidr = '192.168.129.0/24'
const floatingIP = '192.168.129.1'
const fs = require('fs')

// Create security group
const etcdSecGroup = new os.networking.SecGroup("etcd", {
    description: "Kubernetes security group"
})

// Create security rule and assing to a security group
const etcd2379 = new os.networking.SecGroupRule("etcd2379", {
    description: "etcd",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 2379,
    portRangeMin: 2379,
    protocol: "tcp",
    remoteIpPrefix: cidr,
    securityGroupId: etcdSecGroup.id,
});

// Create security rule and assing to a security group
const etcd2380 = new os.networking.SecGroupRule("etcd2380", {
    description: "etcd",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 2380,
    portRangeMin: 2380,
    protocol: "tcp",
    remoteIpPrefix: cidr,
    securityGroupId: etcdSecGroup.id,
});

// Create web security group
const webSecGroup = new os.networking.SecGroup("web", {
    description: "Web security group"
})

// Create security rule and assing to a security group
const web80 = new os.networking.SecGroupRule("web80", {
    description: "HTTP",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 80,
    portRangeMin: 80,
    protocol: "tcp",
    remoteIpPrefix: '0.0.0.0/0',
    securityGroupId: webSecGroup.id,
});

// Create security rule and assing to a security group
const web443 = new os.networking.SecGroupRule("web443", {
    description: "HTTPS",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 443,
    portRangeMin: 443,
    protocol: "tcp",
    remoteIpPrefix: '0.0.0.0/0',
    securityGroupId: webSecGroup.id,
});

// Create an OpenStack resource (Compute Instance)
const rancherInstance = new os.compute.Instance("rancher-sistemas-prod", {
    availabilityZone: "stic-prod",
    imageName: "Ubuntu 18.04 LTS",
    flavorName: "large",
    networks: [
        {
            name: "Sistemas-prod-net",
        }
    ],
    keyPair: "os-sistemas",
    userData: fs.readFileSync('./rancher-setup.sh', 'utf8'),
    securityGroups: [etcdSecGroup.name, webSecGroup.name]
});

// Associate a floating IP to the instance
const fipFloatingIpAssociate = new os.compute.FloatingIpAssociate("fip", {
    floatingIp: floatingIP,
    instanceId: rancherInstance.id,
});
The proposed refactoring consists of:

  • Create a variables file ( values.ts) in which the values ​​of the variables to be used are configured. In this example we will configure, on the one hand, the CIDR to allow access from remote IP addresses and, on the other hand, the floating IP address that we have reserved for Rancher.
  • Separate the configuration of groups and security rules in a separate file ( security-groups.ts)
  • Keep in index.ts only the configuration of the Rancher instance and the assignment to the floating IP.

Below is the code for each of these files after refactoring.
Example: values.ts with deployment configuration values

const cidr = '192.168.129.0/24'
const floatingIP = '192.168.129.1'

export {cidr, floatingIP} #1

  1. Constants exported to be reused

Example: security-groups.ts with the configuration of the groups and security rules of the deployment

import * as os from "@pulumi/openstack";
import * as values from './values' //1

// Create security group
const etcdSecGroup = new os.networking.SecGroup("etcd", {
    description: "Kubernetes security group"
})

// Create security rule and assing to a security group
const etcd2379 = new os.networking.SecGroupRule("etcd2379", {
    description: "etcd",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 2379,
    portRangeMin: 2379,
    protocol: "tcp",
    remoteIpPrefix: values.cidr, //2
    securityGroupId: etcdSecGroup.id,
});

// Create security rule and assing to a security group
const etcd2380 = new os.networking.SecGroupRule("etcd2380", {
    description: "etcd",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 2380,
    portRangeMin: 2380,
    protocol: "tcp",
    remoteIpPrefix: values.cidr,
    securityGroupId: etcdSecGroup.id,
});

// Create web security group
const webSecGroup = new os.networking.SecGroup("web", {
    description: "Web security group"
})

// Create security rule and assing to a security group
const web80 = new os.networking.SecGroupRule("web80", {
    description: "HTTP",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 80,
    portRangeMin: 80,
    protocol: "tcp",
    remoteIpPrefix: '0.0.0.0/0',
    securityGroupId: webSecGroup.id,
});

// Create security rule and assing to a security group
const web443 = new os.networking.SecGroupRule("web443", {
    description: "HTTPS",
    direction: "ingress",
    ethertype: "IPv4",
    portRangeMax: 443,
    portRangeMin: 443,
    protocol: "tcp",
    remoteIpPrefix: '0.0.0.0/0',
    securityGroupId: webSecGroup.id,
});

export {webSecGroup, etcdSecGroup} //3

  1. Importing the parameter file and setting the prefix valuesto use the objects you have exported
  2. Using the constants defined in the parameter file
  3. Security groups are exported so they can be reused

Example: index.ts With the configuration of the deployment instance and the assignment of a floating IP previously assigned to the project

import * as os from "@pulumi/openstack";
import * as values from './values' //1
import * as sg from './security-groups' //2

const fs = require('fs')

// Create an OpenStack resource (Compute Instance)
const rancherInstance = new os.compute.Instance("rancher-sistemas-prod", {
    availabilityZone: "stic-prod",
    imageName: "Ubuntu 18.04 LTS",
    flavorName: "large",
    networks: [
        {
            name: "Sistemas-prod-net",
        }
    ],
    keyPair: "os-sistemas",
    userData: fs.readFileSync('./rancher-setup.sh', 'utf8'),
    securityGroups: [sg.etcdSecGroup.name, sg.webSecGroup.name] //3
});

// Associate a floating IP to the instance
const fipFloatingIpAssociate = new os.compute.FloatingIpAssociate("fip", {
    floatingIp: values.floatingIP, //4
    instanceId: rancherInstance.id,
});

  1. Importing the parameter file and setting the prefix valuesto use the objects you have exported
  2. Importing the security groups file and setting the prefix sg (security-groups)to use the objects you exported
  3. Using security groups from the security groups file
  4. Using parameters from the parameter file

No comments

Powered by Blogger.