Migrate to kayak
Diff
kayak.tf | 31 +++++++++++++++++++++++++++++++
kubernetes.tf | 12 ------------
providers.tf | 14 --------------
modules/bootkube/main.tf | 221 --------------------------------------------------------------------------------
modules/bootkube/outputs.tf | 3 ---
modules/bootkube/variables.tf | 39 ---------------------------------------
modules/etcd/main.tf | 79 -------------------------------------------------------------------------------
modules/etcd/variables.tf | 34 ----------------------------------
modules/kubelet/main.tf | 143 --------------------------------------------------------------------------------
modules/kubelet/variables.tf | 38 --------------------------------------
10 files changed, 31 insertions(+), 583 deletions(-)
@@ -1,0 +1,31 @@
module "kayak" {
source = "../terraform-digitalocean-kayak"
cert_path = "${path.root}/secrets/kayak"
domain = "kayak.${var.root-domain}"
ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
asset_dir = "${path.root}/k8s"
providers {
docker = "docker.kayak"
}
}
provider "docker" {
host = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
version = "~> 2.0.0"
alias = "kayak"
ca_material = "${module.kayak.docker_ca_cert}"
cert_material = "${module.kayak.docker_client_cert}"
key_material = "${module.kayak.docker_client_key}"
}
resource "cloudflare_record" "kayak-docker" {
name = "docker.kayak"
value = "${module.kayak.droplet_ipv4}"
domain = "${var.root-domain}"
type = "A"
ttl = 3600
}
@@ -1,12 +1,0 @@
module "k8s" {
source = "modules/k8s"
cluster_name = "k8s.${var.root-domain}"
etcd_domain = "etcd.${var.root-domain}"
etcd_data_dir = "/mnt/disk/etcd"
asset_dir = "${path.root}/k8s2"
host_ip = "${var.ips["dovpn"]}"
providers = {
docker = "docker.sydney"
}
}
@@ -1,23 +1,9 @@
provider "docker" {
host = "tcp://docker.vpn.bb8.fun:2376"
cert_path = "./secrets/tatooine"
version = "~> 2.0.0"
}
provider "docker" {
host = "tcp://docker.dovpn.bb8.fun:2376"
cert_path = "./secrets/sydney"
alias = "sydney"
version = "~> 2.0.0"
}
provider "docker" {
host = "tcp://docker.captnemo.in:4243"
cert_path = "./secrets/nautilus"
alias = "nautilus"
version = "~> 2.0.0"
}
provider "kubernetes" {
version = "1.3.0-custom"
host = "https://k8s.bb8.fun:6443"
@@ -1,221 +1,0 @@
resource "docker_container" "bootkube" {
image = "${docker_image.image.latest}"
name = "bootkube"
volumes {
container_path = "/etc/kubernetes"
host_path = "/etc/kubernetes"
}
upload {
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-apiserver.yaml")}"
file = "/home/.bootkube/bootstrap-manifests/bootstrap-apiserver.yaml"
}
upload {
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-controller-manager.yaml")}"
file = "/home/.bootkube/bootstrap-manifests/bootstrap-controller-manager.yaml"
}
upload {
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-scheduler.yaml")}"
file = "/home/.bootkube/bootstrap-manifests/bootstrap-scheduler.yaml"
}
upload {
file = "/home/.bootkube/tls/etcd-client-ca.crt"
content = "${file("${var.asset-dir}/tls/etcd-client-ca.crt")}"
}
upload {
file = "/home/.bootkube/tls/etcd-client.crt"
content = "${file("${var.asset-dir}/tls/etcd-client.crt")}"
}
upload {
file = "/home/.bootkube/tls/etcd-client.key"
content = "${file("${var.asset-dir}/tls/etcd-client.key")}"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
file = "/home/.bootkube/manifests/networking-cluster-role.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
file = "/home/.bootkube/manifests/networking-config.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
file = "/home/.bootkube/manifests/networking-daemonset.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
file = "/home/.bootkube/manifests/networking-service-account.yaml"
}
upload {
file = "/home/.bootkube/tls/service-account.pub"
content = "${file("${var.asset-dir}/tls/service-account.pub")}"
}
upload {
file = "/home/.bootkube/tls/service-account.key"
content = "${file("${var.asset-dir}/tls/service-account.key")}"
}
upload {
content = "${file("${var.asset-dir}/tls/ca.key")}"
file = "/home/.bootkube/tls/ca.key"
}
upload {
content = "${file("${var.asset-dir}/tls/ca.crt")}"
file = "/home/.bootkube/tls/ca.crt"
}
upload {
content = "${file("${var.asset-dir}/tls/apiserver.key")}"
file = "/home/.bootkube/tls/apiserver.key"
}
upload {
content = "${file("${var.asset-dir}/tls/apiserver.crt")}"
file = "/home/.bootkube/tls/apiserver.crt"
}
upload {
content = "${var.assets["kubelet_cert"]}"
file = "/home/.bootkube/tls/kubelet.crt"
}
upload {
content = "${var.assets["kubelet_key"]}"
file = "/home/.bootkube/tls/kubelet.key"
}
upload {
content = "${var.assets["kubeconfig-kubelet"]}"
file = "/home/.bootkube/auth/kubeconfig-kubelet"
}
upload {
file = "/home/.bootkube/auth/kubeconfig"
content = "${file("${var.asset-dir}/auth/kubeconfig")}"
}
upload {
file = "/home/.bootkube/manifests/kube-apiserver-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kube-apiserver-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-apiserver-sa.yaml"
content = "${file("${var.asset-dir}/manifests/kube-apiserver-sa.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-apiserver-secret.yaml"
content = "${file("${var.asset-dir}/manifests/kube-apiserver-secret.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-apiserver.yaml"
content = "${file("${var.asset-dir}/manifests/kube-apiserver.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kubeconfig-in-cluster.yaml"
content = "${file("${var.asset-dir}/manifests/kubeconfig-in-cluster.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-controller-manager-disruption.yaml"
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-disruption.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-controller-manager-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-controller-manager-sa.yaml"
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-sa.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-controller-manager-secret.yaml"
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-secret.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-controller-manager.yaml"
content = "${file("${var.asset-dir}/manifests/kube-controller-manager.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kubelet-nodes-cluster-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kubelet-nodes-cluster-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-proxy-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kube-proxy-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-proxy-sa.yaml"
content = "${file("${var.asset-dir}/manifests/kube-proxy-sa.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-proxy.yaml"
content = "${file("${var.asset-dir}/manifests/kube-proxy.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-scheduler-disruption.yaml"
content = "${file("${var.asset-dir}/manifests/kube-scheduler-disruption.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-scheduler-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kube-scheduler-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-scheduler-sa.yaml"
content = "${file("${var.asset-dir}/manifests/kube-scheduler-sa.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-scheduler-volume-scheduler-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/kube-scheduler-volume-scheduler-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/kube-scheduler.yaml"
content = "${file("${var.asset-dir}/manifests/kube-scheduler.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer-role-binding.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role-binding.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer-role.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer-sa.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-sa.yaml")}"
}
upload {
file = "/home/.bootkube/manifests/pod-checkpointer.yaml"
content = "${file("${var.asset-dir}/manifests/pod-checkpointer.yaml")}"
}
command = [
"/bootkube",
"start",
"--asset-dir=/home/.bootkube",
]
network_mode = "host"
restart = "on-failure"
max_retry_count = 5
}
data "docker_registry_image" "image" {
name = "quay.io/coreos/bootkube:v${var.version}"
}
resource "docker_image" "image" {
name = "${data.docker_registry_image.image.name}"
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
}
@@ -1,3 +1,0 @@
output "image" {
value = "${docker_image.image.latest}"
}
@@ -1,39 +1,0 @@
variable "k8s_host" {
description = "kubenetes hostname"
}
variable "host_port" {
default = "8443"
}
variable "network_provider" {
default = "flannel"
}
variable "host_ip" {}
variable "pod_cidr" {
default = "10.25.0.0/16"
}
variable "service_cidr" {
default = "10.96.0.0/16"
}
variable "version" {
default = "0.14.0"
}
variable "depends_on" {
default = []
type = "list"
}
variable "assets" {
type = "map"
}
variable "asset-dir" {}
@@ -1,79 +1,0 @@
resource "docker_container" "etcd" {
name = "etcd"
image = "${docker_image.image.latest}"
volumes {
host_path = "${var.data_dir}"
container_path = "/etcd-data"
}
ports {
internal = 2379
external = 2379
ip = "${var.host_bind_ip}"
}
ports {
internal = 2380
external = 2380
ip = "${var.host_bind_ip}"
}
upload {
content = "${var.pki["ca_cert"]}"
file = "/etc/ssl/ca_cert.pem"
}
upload {
content = "${var.pki["server_cert"]}"
file = "/etc/ssl/server_cert.pem"
}
upload {
content = "${var.pki["server_key"]}"
file = "/etc/ssl/server_key.pem"
}
upload {
content = "${var.pki["peer_cert"]}"
file = "/etc/ssl/peer_cert.pem"
}
upload {
content = "${var.pki["peer_key"]}"
file = "/etc/ssl/peer_key.pem"
}
env = [
"ETCD_NAME=${var.node_name}",
"ETCD_DATA_DIR=/etcd-data",
"ETCD_ADVERTISE_CLIENT_URLS=https://${var.domain}:2379",
"ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${var.domain}:2380",
"ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379",
"ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380",
"ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381",
"ETCD_CLIENT_CERT_AUTH=true",
"ETCD_INITIAL_CLUSTER=${var.node_name}=https://${var.domain}:2380",
"ETCD_STRICT_RECONFIG_CHECK=true",
"ETCD_CERT_FILE=/etc/ssl/server_cert.pem",
"ETCD_KEY_FILE=/etc/ssl/server_key.pem",
"ETCD_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
"ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
"ETCD_PEER_CERT_FILE=/etc/ssl/peer_cert.pem",
"ETCD_PEER_KEY_FILE=/etc/ssl/peer_key.pem",
"ETCD_PEER_CLIENT_CERT_AUTH=true",
]
command = [
"/usr/local/bin/etcd",
]
}
data "docker_registry_image" "image" {
name = "quay.io/coreos/etcd:v${var.version}"
}
resource "docker_image" "image" {
name = "${data.docker_registry_image.image.name}"
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
}
@@ -1,34 +1,0 @@
variable "domain" {
description = "Host name to advertise"
type = "string"
}
variable "data_dir" {
description = "Directory on host to mount to /etcd-data"
type = "string"
}
variable "node_name" {
description = "name of the etcd node"
default = "controller"
}
variable "depends_on" {
default = []
type = "list"
}
variable "pki" {
type = "map"
}
variable "version" {
description = "etcd version"
default = "3.3.11"
}
variable "host_bind_ip" {
description = "IP address to expose the ports on host"
default = "0.0.0.0"
}
@@ -1,143 +1,0 @@
resource "docker_container" "kubelet" {
image = "${docker_image.image.latest}"
name = "kubelet"
upload {
file = "/etc/kubeconfig"
content = "${var.assets["kubeconfig"]}"
}
upload {
file = "/etc/kubeca.crt"
content = "${var.assets["ca_cert"]}"
}
volumes {
container_path = "/etc/ssl/certs"
host_path = "/etc/ssl/certs"
read_only = true
}
volumes {
container_path = "/sys"
host_path = "/sys"
read_only = true
}
volumes {
container_path = "/dev"
host_path = "/dev"
}
volumes {
container_path = "/usr/share/ca-certificates"
host_path = "/usr/share/ca-certificates"
read_only = true
}
volumes {
container_path = "/var/lib/docker"
host_path = "/var/lib/docker"
}
volumes {
container_path = "/etc/kubernetes"
host_path = "/etc/kubernetes"
}
volumes {
container_path = "/var/lib/kubelet"
host_path = "/var/lib/kubelet"
shared = true
}
volumes {
container_path = "/var/log"
host_path = "/var/log"
}
volumes {
container_path = "/run"
host_path = "/run"
}
volumes {
container_path = "/var/run"
host_path = "/var/run"
}
volumes {
container_path = "/lib/modules"
host_path = "/lib/modules"
read_only = true
}
volumes {
container_path = "/etc/os-release"
host_path = "/usr/lib/os-release"
read_only = true
}
volumes {
container_path = "/etc/machine-id"
host_path = "/etc/machine-id"
read_only = true
}
volumes {
container_path = "/opt/cni/bin"
host_path = "/opt/cni/bin"
}
volumes {
container_path = "/etc/cni/net.d"
host_path = "/etc/kubernetes/cni/net.d"
}
command = [
"kubelet",
"--address=${var.host_ip}",
"--allow-privileged",
"--anonymous-auth=false",
"--authentication-token-webhook",
"--authorization-mode=Webhook",
"--client-ca-file=/etc/kubeca.crt",
"--cluster_dns=${var.dns_ip}",
"--cluster_domain=${var.k8s_host}",
"--exit-on-lock-contention=true",
"--hostname-override=${var.host_ip}",
"--kubeconfig=/etc/kubeconfig",
"--lock-file=/var/run/lock/kubelet.lock",
"--minimum-container-ttl-duration=10m0s",
"--network-plugin=cni",
"--node-labels=${var.node_label}",
"--pod-manifest-path=/etc/kubernetes/manifests",
"--read-only-port=0",
"--register-with-taints=${var.node_taints}",
"--rotate-certificates",
]
host {
host = "${var.k8s_host}"
ip = "${var.host_ip}"
}
network_mode = "host"
pid_mode = "host"
privileged = true
restart = "no"
must_run = false
}
data "docker_registry_image" "image" {
name = "gcr.io/google_containers/hyperkube:v${var.version}"
}
resource "docker_image" "image" {
name = "${data.docker_registry_image.image.name}"
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
}
@@ -1,38 +1,0 @@
variable "version" {
description = "kubelet version"
default = "1.13.2"
}
variable "node_label" {
description = "kubelet version"
default = "node-role.kubernetes.io/master"
}
variable "node_taints" {
description = "node taints"
default = "node-role.kubernetes.io/master=:NoSchedule"
}
variable "depends_on" {
default = []
type = "list"
}
variable "asset_dir_volume_name" {
default = "k8s-assets"
}
variable "host_ip" {}
variable "dns_ip" {
default = "10.25.0.10"
}
variable "k8s_host" {
description = "kubenetes hostname"
}
variable "assets" {
type = "map"
}