diff --git a/cli/internal/helm/overrides.go b/cli/internal/helm/overrides.go index 2b0872ebd0c..c8687f7b735 100644 --- a/cli/internal/helm/overrides.go +++ b/cli/internal/helm/overrides.go @@ -42,7 +42,7 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou } } - extraVals["k8sServiceHost"] = output.ClusterEndpoint + extraVals["k8sServiceHost"] = output.InClusterEndpoint extraVals["k8sServicePort"] = constants.KubernetesPort if provider == cloudprovider.GCP { extraVals["ipv4NativeRoutingCIDR"] = output.GCP.IPCidrPod diff --git a/cli/internal/state/state.go b/cli/internal/state/state.go index 8d47b5b5dcd..c1ebb696673 100644 --- a/cli/internal/state/state.go +++ b/cli/internal/state/state.go @@ -30,6 +30,7 @@ func NewState(Infrastructure Infrastructure) State { type Infrastructure struct { UID string `yaml:"uid"` ClusterEndpoint string `yaml:"clusterEndpoint"` + InClusterEndpoint string `yaml:"inClusterEndpoint"` InitSecret string `yaml:"initSecret"` APIServerCertSANs []string `yaml:"apiServerCertSANs"` Azure *Azure `yaml:"azure,omitempty"` diff --git a/cli/internal/terraform/terraform.go b/cli/internal/terraform/terraform.go index 89c1fb32e4f..c9a3765f7ac 100644 --- a/cli/internal/terraform/terraform.go +++ b/cli/internal/terraform/terraform.go @@ -181,11 +181,20 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider. return state.Infrastructure{}, errors.New("terraform show: no values returned") } - ipOutput, ok := tfState.Values.Outputs["ip"] + outOfClusterEndpointOutput, ok := tfState.Values.Outputs["out_of_cluster_endpoint"] if !ok { - return state.Infrastructure{}, errors.New("no IP output found") + return state.Infrastructure{}, errors.New("no out_of_cluster_endpoint output found") } - ip, ok := ipOutput.Value.(string) + outOfClusterEndpoint, ok := outOfClusterEndpointOutput.Value.(string) + if !ok { + return state.Infrastructure{}, errors.New("invalid type in IP output: not a string") + } + + inClusterEndpointOutput, ok := tfState.Values.Outputs["in_cluster_endpoint"] + if !ok { + return state.Infrastructure{}, errors.New("no in_cluster_endpoint output found") + } + inClusterEndpoint, ok := inClusterEndpointOutput.Value.(string) if !ok { return state.Infrastructure{}, errors.New("invalid type in IP output: not a string") } @@ -222,7 +231,8 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider. } res := state.Infrastructure{ - ClusterEndpoint: ip, + ClusterEndpoint: outOfClusterEndpoint, + InClusterEndpoint: inClusterEndpoint, APIServerCertSANs: apiServerCertSANs, InitSecret: secret, UID: uid, diff --git a/cli/internal/terraform/terraform/aws/main.tf b/cli/internal/terraform/terraform/aws/main.tf index 4d3e4a7d860..0968eb14352 100644 --- a/cli/internal/terraform/terraform/aws/main.tf +++ b/cli/internal/terraform/terraform/aws/main.tf @@ -51,6 +51,9 @@ locals { tags = { constellation-uid = local.uid, } + + in_cluster_endpoint = aws_lb.front_end.dns_name + out_of_cluster_endpoint = var.internal_load_balancer && var.debug ? module.jump_host[0].ip : local.in_cluster_endpoint } resource "random_id" "uid" { diff --git a/cli/internal/terraform/terraform/aws/outputs.tf b/cli/internal/terraform/terraform/aws/outputs.tf index 340bb60488c..6c70c19df95 100644 --- a/cli/internal/terraform/terraform/aws/outputs.tf +++ b/cli/internal/terraform/terraform/aws/outputs.tf @@ -1,15 +1,22 @@ -output "ip" { - value = var.internal_load_balancer && var.debug ? module.jump_host[0].ip : aws_lb.front_end.dns_name +output "out_of_cluster_endpoint" { + value = local.out_of_cluster_endpoint } +output "in_cluster_endpoint" { + value = local.in_cluster_endpoint +} output "api_server_cert_sans" { value = sort( - concat( - [ - var.internal_load_balancer ? module.jump_host[0].ip : aws_eip.lb[var.zone].public_ip, - local.wildcard_lb_dns_name - ], - var.custom_endpoint == "" ? [] : [var.custom_endpoint])) + distinct( + concat( + [ + local.in_cluster_endpoint, + local.out_of_cluster_endpoint, + ], + var.custom_endpoint == "" ? [] : [var.custom_endpoint], + ) + ) + ) } output "uid" { diff --git a/cli/internal/terraform/terraform/azure/main.tf b/cli/internal/terraform/terraform/azure/main.tf index f74a40d5e80..6252396f999 100644 --- a/cli/internal/terraform/terraform/azure/main.tf +++ b/cli/internal/terraform/terraform/azure/main.tf @@ -47,8 +47,8 @@ locals { // deduce as above uai_name = element(split("/", var.user_assigned_identity), length(split("/", var.user_assigned_identity)) - 1) - internal_ip = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address - output_ip = var.internal_load_balancer ? local.internal_ip : azurerm_public_ip.loadbalancer_ip[0].ip_address + in_cluster_endpoint = var.internal_load_balancer ? azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address : azurerm_public_ip.loadbalancer_ip[0].ip_address + out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint } resource "random_id" "uid" { diff --git a/cli/internal/terraform/terraform/azure/outputs.tf b/cli/internal/terraform/terraform/azure/outputs.tf index 94faa56c8a3..cd90a8e2ddd 100644 --- a/cli/internal/terraform/terraform/azure/outputs.tf +++ b/cli/internal/terraform/terraform/azure/outputs.tf @@ -1,15 +1,23 @@ -output "ip" { - value = local.output_ip +output "out_of_cluster_endpoint" { + value = local.out_of_cluster_endpoint +} + +output "in_cluster_endpoint" { + value = local.in_cluster_endpoint } output "api_server_cert_sans" { value = sort( - concat( - [ - local.output_ip, - var.internal_load_balancer ? "" : local.wildcard_lb_dns_name - ], - var.custom_endpoint == "" ? [] : [var.custom_endpoint]) + distinct( + concat( + [ + local.in_cluster_endpoint, + local.out_of_cluster_endpoint, + ], + var.custom_endpoint == "" ? [] : [var.custom_endpoint], + var.internal_load_balancer ? [] : [local.wildcard_lb_dns_name], + ) + ) ) } diff --git a/cli/internal/terraform/terraform/gcp/main.tf b/cli/internal/terraform/terraform/gcp/main.tf index bbe525fcacf..b773cd5ec7b 100644 --- a/cli/internal/terraform/terraform/gcp/main.tf +++ b/cli/internal/terraform/terraform/gcp/main.tf @@ -57,8 +57,8 @@ locals { control_plane_instance_groups = [ for control_plane in local.node_groups_by_role["control-plane"] : module.instance_group[control_plane].instance_group ] - internal_ip = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : google_compute_address.loadbalancer_ip_internal[0].address - output_ip = var.internal_load_balancer ? local.internal_ip : google_compute_global_address.loadbalancer_ip[0].address + in_cluster_endpoint = var.internal_load_balancer ? google_compute_address.loadbalancer_ip_internal[0].address : google_compute_global_address.loadbalancer_ip[0].address + out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint } resource "random_id" "uid" { @@ -215,6 +215,7 @@ module "loadbalancer_public" { health_check = each.value.health_check backend_instance_groups = local.control_plane_instance_groups ip_address = google_compute_global_address.loadbalancer_ip[0].self_link + frontend_labels = merge(local.labels, { constellation-use = each.value.name }) } module "loadbalancer_internal" { diff --git a/cli/internal/terraform/terraform/gcp/outputs.tf b/cli/internal/terraform/terraform/gcp/outputs.tf index 9e6cad80bce..2427bd677ca 100644 --- a/cli/internal/terraform/terraform/gcp/outputs.tf +++ b/cli/internal/terraform/terraform/gcp/outputs.tf @@ -1,16 +1,22 @@ -output "ip" { - value = local.output_ip +output "out_of_cluster_endpoint" { + value = local.out_of_cluster_endpoint } -output "api_server_cert_sans" { - value = sort(concat([ - local.output_ip, - ], - var.custom_endpoint == "" ? [] : [var.custom_endpoint])) +output "in_cluster_endpoint" { + value = local.in_cluster_endpoint } - -output "fallback_endpoint" { - value = local.output_ip +output "api_server_cert_sans" { + value = sort( + distinct( + concat( + [ + local.in_cluster_endpoint, + local.out_of_cluster_endpoint, + ], + var.custom_endpoint == "" ? [] : [var.custom_endpoint], + ) + ) + ) } output "uid" {