redevelop the VPC module upgrade to Terraform 0.12 #28
Conversation
…orm 0.12 constructs
|
+1 |
|
@brianmori I am sorry for late reply. Thanks for your contribution. I think this PR should be submitted into https://github.com/terraform-alicloud-modules/terraform-alicloud-network-with-nat. Please check it. |
Hi @xiaozhu36 the repository https://github.com/terraform-alicloud-modules/terraform-alicloud-network-with-nat actually calls different Alicloud modules. It is not an implementation like the PR I did. The goal of my PR is to have this repository/module to provision the Alicloud Network with different resources and different topologies.
Alicloud supports "Standalone/Standard" VPC and "Shared VPC". The Alicloud NAT Gateway is optional as companies may prefer a different solution to allow egress traffic to the internet. |
|
I removed the SNAT from this module as it would require to cover multiple use cases and not only the NAT Gateway. What do you think of my latest commit? |
main.tf
Outdated
|
|
||
| resource "alicloud_nat_gateway" "this" { | ||
| count = var.create_nat_gateway ? 1 : 0 | ||
| vpc_id = alicloud_vpc.this[0].id |
There was a problem hiding this comment.
Does this PR have a test?
I think there is a potential issue: if create_vpc = false, the alicloud_vpc.this will be null and there will throw an error.
In addition, this resource does not support the var.vpc_id.
There was a problem hiding this comment.
The NAT Gateway would be provisioned for this VPC as it is a 'VPC resource'. It is not going to be created for a different VPC, henceforth the only VPC ID will be the one of the VPC created in this module.
I have not found a test pipeline for this module, I only did local tests
I did the modification to support the var.vpc_id although the aim of this module is to provision a complete alibaba network
| output "this_vpc_id" { | ||
| description = "The VPC id" | ||
| value = local.this_vpc_id | ||
| output "vpc_cidr_block" { |
There was a problem hiding this comment.
I think this_vpc_id is ok and why change it to vpc_id?
There was a problem hiding this comment.
it is to be consistent with the other outputs of vpc
There was a problem hiding this comment.
The other outputs of vpc also have a prefix this_
There was a problem hiding this comment.
If not, I think them should be added.
There was a problem hiding this comment.
Please improve the outputs and set a prefix this_ for them.
There was a problem hiding this comment.
I am a bit lost on the advantage to use "this". When I saw other Terraform modules in GitHub, the maintainer omits the name of the resource, in this case "this" because it is unique.
You can take as example these other alibaba modules:
I propose I add the "this" and I keep also the other ones.
As for the description, the "The VPC id" is the actual description of today's module. How do you suggest to improve ?
"The VPC id created by the Terraform module" ?
There was a problem hiding this comment.
I think "The VPC id created by the Terraform module." is ok. But, I think there is no need to keep both. Other modules' outputs also need to be improved. The module https://github.com/terraform-alicloud-modules/terraform-alicloud-kubernetes/blob/master/outputs.tf has not improved yet. But most modules have had this prefix for each output.
There was a problem hiding this comment.
I have not worked on the alicloud kubernetes, no PRs from my side at the moment. I looked at other official terraform modules and "this" or other identifiers are not used when there is only one type of resource.
I think we should follow this current best practice as it is also easier to read
In any case, I removed the duplicates ,)
main.tf
Outdated
| resource "alicloud_nat_gateway" "this" { | ||
| count = var.create_nat_gateway ? 1 : 0 | ||
| vpc_id = local.vpc_id | ||
| name = var.vpc_name |
There was a problem hiding this comment.
why use vpc_name to name nat gateway?
There was a problem hiding this comment.
As there is one NAT Gateway per VPC, it could make sense to name it the same.
I am going to add a custom value decided by the user and as default value I propose to put the vpc_name. Does it work for you?
main.tf
Outdated
|
|
||
| # create one or more eips for NAT GW | ||
| resource "alicloud_eip" "nat" { | ||
| name = var.vpc_name |
There was a problem hiding this comment.
The goal of this module is to bootstrap the network, it is not meant to provision single resources. In any case, I add the option to customize the name
| output "this_vpc_id" { | ||
| description = "The VPC id" | ||
| value = local.this_vpc_id | ||
| output "vpc_cidr_block" { |
There was a problem hiding this comment.
The other outputs of vpc also have a prefix this_
| output "this_vpc_id" { | ||
| description = "The VPC id" | ||
| value = local.this_vpc_id | ||
| output "vpc_cidr_block" { |
There was a problem hiding this comment.
If not, I think them should be added.
| description = "List of vswitch tags." | ||
| value = alicloud_vswitch.vswitches.*.tags | ||
| output "nat_gateway_dnat_table_ids" { | ||
| description = "The DNAT table of the NAT Gateway" |
There was a problem hiding this comment.
One nat gateway only has one dnat table. Please use nat_gateway_dnat_table_id instead.
There was a problem hiding this comment.
I think it should be corrected also in the attributes of the resource because it returns forward_table_ids
| description = "The vswitch cidr block" | ||
| value = alicloud_vswitch.vswitches.*.cidr_block | ||
| output "nat_gateway_snat_table_ids" { | ||
| description = "The SNAT table of the NAT Gateway" |
There was a problem hiding this comment.
One nat gateway only has one snat table. Please usenat_gateway_snat_table_idinstead.
There was a problem hiding this comment.
I think it should be corrected also in the attributes of the resource because it returns snat_table_ids
| output "this_vpc_id" { | ||
| description = "The VPC id" | ||
| value = local.this_vpc_id | ||
| output "vpc_cidr_block" { |
There was a problem hiding this comment.
Please improve the outputs and set a prefix this_ for them.
| description = "List of vswitch tags." | ||
| value = alicloud_vswitch.vswitches.*.tags | ||
| output "nat_gateway_dnat_table_ids" { | ||
| description = "The DNAT table of the NAT Gateway" |
| output "this_vpc_id" { | ||
| description = "The VPC id" | ||
| value = local.this_vpc_id | ||
| output "vpc_cidr_block" { |
There was a problem hiding this comment.
I think "The VPC id created by the Terraform module." is ok. But, I think there is no need to keep both. Other modules' outputs also need to be improved. The module https://github.com/terraform-alicloud-modules/terraform-alicloud-kubernetes/blob/master/outputs.tf has not improved yet. But most modules have had this prefix for each output.
Hi @xiaozhu36
I redeveloped the VPC module to include different resources (NAT GW, CEN, ...) and the use of Terraform 0.12 constructs.
Local tests are fine and we will deploy the module on the final infrastructure in the coming days.
Please let me know your thoughts
P.S.: I need to readapt some part of the documentation