terraform/aws: remove option to use an existing vpc in aws

For the limited scope of the installer, we do not want the user to
have the ability to share the VPC between clusters. A shared VPC
could potentially be deleted when destroying one of the clusters,
leaving the rest of the clusters using the shared VPC in an unusable
state.

Fixes https://jira.coreos.com/browse/CORS-873

Author: staebler

data/data/aws/main.tf

@@ -75,7 +75,6 @@ module "dns" {
   elb_alias_enabled        = true
   master_count             = "${var.master_count}"
   private_zone_id          = "${local.private_zone_id}"
-  external_vpc_id          = "${module.vpc.vpc_id}"
   extra_tags               = "${var.aws_extra_tags}"
   private_endpoints        = "${local.private_endpoints}"
   public_endpoints         = "${local.public_endpoints}"
@@ -84,12 +83,11 @@ module "dns" {
 module "vpc" {
   source = "./vpc"
 
-  base_domain     = "${var.base_domain}"
-  cidr_block      = "${var.aws_vpc_cidr_block}"
-  cluster_id      = "${var.cluster_id}"
-  cluster_name    = "${var.cluster_name}"
-  external_vpc_id = "${var.aws_external_vpc_id}"
-  region          = "${var.aws_region}"
+  base_domain  = "${var.base_domain}"
+  cidr_block   = "${var.aws_vpc_cidr_block}"
+  cluster_id   = "${var.cluster_id}"
+  cluster_name = "${var.cluster_name}"
+  region       = "${var.aws_region}"
 
   external_master_subnet_ids = "${compact(var.aws_external_master_subnet_ids)}"
   external_worker_subnet_ids = "${compact(var.aws_external_worker_subnet_ids)}"

data/data/aws/route53/variables.tf

@@ -60,17 +60,6 @@ EOF
   default = false
 }
 
-variable "external_vpc_id" {
-  type = "string"
-
-  description = <<EOF
-ID of an existing VPC to launch nodes into.
-If unset a new VPC is created.
-
-Example: `vpc-123456`
-EOF
-}
-
 variable "private_endpoints" {
   description = <<EOF
 If set to true, create private-facing ingress resources (ELB, A-records).

data/data/aws/variables-aws.tf

@@ -41,19 +41,6 @@ This should not overlap with any other networks, such as a private datacenter co
 EOF
 }
 
-variable "aws_external_vpc_id" {
-  type = "string"
-
-  description = <<EOF
-(optional) ID of an existing VPC to launch nodes into.
-If unset a new VPC is created.
-
-Example: `vpc-123456`
-EOF
-
-  default = ""
-}
-
 variable "aws_endpoints" {
   description = <<EOF
 (optional) If set to "all", the default, then both public and private ingress resources (ELB, A-records) will be created.

data/data/aws/vpc/common.tf

@@ -7,26 +7,22 @@ data "aws_availability_zones" "azs" {}
 
 // Only reference data sources which are gauranteed to exist at any time (above) in this locals{} block
 locals {
-  // Define canonical source of truth for this
-  external_vpc_mode = "${var.external_vpc_id != ""}"
-
   // List of possible AZs for each type of subnet
   new_worker_subnet_azs = ["${coalescelist(keys(var.new_worker_subnet_configs), data.aws_availability_zones.azs.names)}"]
   new_master_subnet_azs = ["${coalescelist(keys(var.new_master_subnet_configs), data.aws_availability_zones.azs.names)}"]
 
-  // How many AZs to create worker and master subnets in (always zero if external_vpc_mode)
-  new_worker_az_count = "${local.external_vpc_mode ? 0 : length(local.new_worker_subnet_azs)}"
-  new_master_az_count = "${local.external_vpc_mode ? 0 : length(local.new_master_subnet_azs)}"
+  // How many AZs to create worker and master subnets in
+  new_worker_az_count = "${length(local.new_worker_subnet_azs)}"
+  new_master_az_count = "${length(local.new_master_subnet_azs)}"
 
   // The base set of ids needs to build rest of vpc data sources
-  // This is crux of dealing with existing vpc / new vpc incongruity
-  vpc_id = "${local.external_vpc_mode ? var.external_vpc_id : element(concat(aws_vpc.new_vpc.*.id,list("")),0)}"
+  vpc_id = "${aws_vpc.new_vpc.id}"
 
   // When referencing the _ids arrays or data source arrays via count = , always use the *_count variable rather than taking the length of the list
   worker_subnet_ids   = ["${coalescelist(aws_subnet.worker_subnet.*.id,var.external_worker_subnet_ids)}"]
   master_subnet_ids   = ["${coalescelist(aws_subnet.master_subnet.*.id,var.external_master_subnet_ids)}"]
-  worker_subnet_count = "${local.external_vpc_mode ? length(var.external_worker_subnet_ids) : local.new_worker_az_count}"
-  master_subnet_count = "${local.external_vpc_mode ? length(var.external_master_subnet_ids) : local.new_master_az_count}"
+  worker_subnet_count = "${local.new_worker_az_count}"
+  master_subnet_count = "${local.new_master_az_count}"
 }
 
 # all data sources should be input variable-agnostic and used as canonical source for querying "state of resources" and building outputs

data/data/aws/vpc/variables.tf

@@ -14,10 +14,6 @@ variable "cluster_name" {
   type = "string"
 }
 
-variable "external_vpc_id" {
-  type = "string"
-}
-
 variable "external_master_subnet_ids" {
   type = "list"
 }

data/data/aws/vpc/vpc-public.tf

@@ -1,5 +1,4 @@
 resource "aws_internet_gateway" "igw" {
-  count  = "${local.external_vpc_mode ? 0 : 1}"
   vpc_id = "${data.aws_vpc.cluster_vpc.id}"
 
   tags = "${merge(map(
@@ -11,7 +10,6 @@ resource "aws_internet_gateway" "igw" {
 }
 
 resource "aws_route_table" "default" {
-  count  = "${var.external_vpc_id == "" ? 1 : 0}"
   vpc_id = "${data.aws_vpc.cluster_vpc.id}"
 
   tags = "${merge(map(
@@ -23,13 +21,11 @@ resource "aws_route_table" "default" {
 }
 
 resource "aws_main_route_table_association" "main_vpc_routes" {
-  count          = "${local.external_vpc_mode ? 0 : 1}"
   vpc_id         = "${data.aws_vpc.cluster_vpc.id}"
   route_table_id = "${aws_route_table.default.id}"
 }
 
 resource "aws_route" "igw_route" {
-  count                  = "${local.external_vpc_mode ? 0 : 1}"
   destination_cidr_block = "0.0.0.0/0"
   route_table_id         = "${aws_route_table.default.id}"
   gateway_id             = "${aws_internet_gateway.igw.id}"

data/data/aws/vpc/vpc.tf

@@ -4,7 +4,6 @@ locals {
 }
 
 resource "aws_vpc" "new_vpc" {
-  count                = "${var.external_vpc_id == "" ? 1 : 0}"
   cidr_block           = "${var.cidr_block}"
   enable_dns_hostnames = true
   enable_dns_support   = true

pkg/tfvars/aws/aws.go

@@ -21,15 +21,14 @@ type AWS struct {
 	InstallerRole  string            `json:"aws_installer_role,omitempty"`
 	Master         `json:",inline"`
 	Region         string `json:"aws_region,omitempty"`
-	VPCCIDRBlock   string `json:"aws_vpc_cidr_block,omitempty"`
+	VPCCIDRBlock   string `json:"aws_vpc_cidr_block"`
 	Worker         `json:",inline"`
 }
 
 // External converts external related config.
 type External struct {
 	MasterSubnetIDs []string `json:"aws_external_master_subnet_ids,omitempty"`
 	PrivateZone     string   `json:"aws_external_private_zone,omitempty"`
-	VPCID           string   `json:"aws_external_vpc_id,omitempty"`
 	WorkerSubnetIDs []string `json:"aws_external_worker_subnet_ids,omitempty"`
 }
 

pkg/tfvars/tfvars.go

@@ -82,12 +82,9 @@ func TFVars(cfg *types.InstallConfig, bootstrapIgn, masterIgn string) ([]byte, e
 		}
 
 		config.AWS = aws.AWS{
-			Endpoints: aws.EndpointsAll, // Default value for endpoints.
-			Region:    cfg.Platform.AWS.Region,
-			ExtraTags: cfg.Platform.AWS.UserTags,
-			External: aws.External{
-				VPCID: cfg.Platform.AWS.VPCID,
-			},
+			Endpoints:      aws.EndpointsAll, // Default value for endpoints.
+			Region:         cfg.Platform.AWS.Region,
+			ExtraTags:      cfg.Platform.AWS.UserTags,
 			VPCCIDRBlock:   cfg.Platform.AWS.VPCCIDRBlock,
 			EC2AMIOverride: ami,
 		}

pkg/types/aws/platform.go

@@ -14,12 +14,6 @@ type Platform struct {
 	// platform configuration.
 	DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"`
 
-	// VPCID specifies the vpc to associate with the cluster.
-	// If empty, new vpc will be created.
-	// +optional
-	VPCID string `json:"vpcID"`
-
 	// VPCCIDRBlock
-	// +optional
 	VPCCIDRBlock string `json:"vpcCIDRBlock"`
 }