Merge pull request #2 from 3scale-ops/feat/configurable-api-certificate

Module improvements

Author: 3scale-robot

hosted-cluster.tf

@@ -27,14 +27,16 @@ data "template_file" "helm_values" {
     }
     "pullSecret" : "hypershift-pull-secret"
     "fipsEnabled" : var.fips_enabled
+    "oauthEndpointCertificateSecretName" : var.oauth_endpoint_certificate_secret
     "sshKey" : "hypershift-ssh-key"
     "releaseImage" : var.release_image
     "workers" : {
       "profile" : aws_iam_instance_profile.worker.name
       "instanceType" : var.workers_instance_type
       "securityGroup" : aws_security_group.worker.id
-      "number" : var.workers_number
     }
+    "worker_replicas" : var.worker_replicas
+    "worker_autoscaling" : var.worker_autoscaling
     "vault" : {
       "roleID" : vault_approle_auth_backend_role.this.role_id
       "secretID" : vault_approle_auth_backend_role_secret_id.this.secret_id

hosted-cluster/templates/hostedcluster.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   autoscaling: {}
   configuration:
-    {{- if .Values.github }}
+    {{- if not (eq .Values.github.clientID "") }}
     oauth:
       identityProviders:
       - github:
@@ -24,6 +24,15 @@ spec:
         name: github
         type: GitHub
     {{- end }}
+    {{- if not (eq .Values.oauthEndpointCertificateSecretName "") }}
+    apiServer:
+      servingCerts:
+        namedCertificates:
+        - names:
+          - "oauth-{{ .Values.name }}.{{ .Values.providerDomain }}"
+          servingCertificate:
+            name: {{ .Values.oauthEndpointCertificateSecretName }}
+    {{- end }}
   controllerAvailabilityPolicy: SingleReplica
   dns:
     baseDomain: {{ .Values.publicDomain }}

hosted-cluster/templates/nodepool.yaml

@@ -24,4 +24,10 @@ spec:
     type: AWS
   release:
     image: {{ .Values.releaseImage }}
-  replicas: {{ .Values.workers.number }}
+  {{- if .Values.worker_autoscaling.enabled }}
+  autoScaling:
+    min: {{ .Values.worker_autoscaling.min }}
+    max: {{ .Values.worker_autoscaling.max }}
+  {{- else }}
+  replicas: {{ .Values.worker_replicas }}
+  {{- end }}

hosted-cluster/values.yaml

@@ -15,6 +15,12 @@ pullSecret: "hypershift-pull-secret"
 sshKey: "hypershift-ssh-key"
 releaseImage: "quay.io/openshift-release-dev/ocp-release:4.14.10-multi-x86_64"
 fipsEnabled: false
+oauthEndpointCertificateSecretName: ""
+worker_replicas: 1
+worker_autoscaling:
+  enabled: false
+  max: 0
+  min: 0
 
 roles:
   controlPlaneOperator: ""

security_group.tf

@@ -1,3 +1,8 @@
+module "storage_sg_3scale_management_rules" {
+  source = "[email protected]:3scale-ops/tf-aws-sg-rules.git?ref=tags/0.3.0"
+  sg_id  = aws_security_group.worker.id
+}
+
 resource "aws_security_group" "worker" {
   name        = format("%s-worker-sg", local.name)
   description = "worker security group"

variables.tf

@@ -35,7 +35,20 @@ variable "workers_instance_type" {
   type    = string
   default = "t3a.2xlarge"
 }
-variable "workers_number" {
+variable "worker_autoscaling" {
+  type = object({
+    min     = number
+    max     = number
+    enabled = bool
+  })
+  default = {
+    min     = 0
+    max     = 0
+    enabled = false
+  }
+}
+
+variable "worker_replicas" {
   type    = number
   default = 1
 }
@@ -51,6 +64,11 @@ variable "fips_enabled" {
   type    = bool
   default = false
 }
+variable "oauth_endpoint_certificate_secret" {
+  type    = string
+  default = ""
+}
+
 variable "managedclusterset" {
   type    = string
   default = "hypershift"