github.com/captn3m0/nebula.git

author	Nemo <me@captnemo.in>	2019-01-13 4:15:12.0 +05:30:00
committer	Nemo <me@captnemo.in>	2019-01-27 2:49:55.0 +05:30:00
commit	524949c8e5ef1641ac73e87157888dfa674f8004 [patch]
tree	a68f72cadb7b7f2e3cbfd4b74f9a87fe4c60d37d
parent	7214355a89d4eadfd813579a53e6f119294b532e
download	524949c8e5ef1641ac73e87157888dfa674f8004.tar.gz

[k8s] Run etcd with bootkube generated certs

Diff

 modules/etcd/main.tf | 56 +++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 41 insertions(+), 15 deletions(-)

diff --git a/modules/etcd/main.tf b/modules/etcd/main.tf
index 26aa193..af677c2 100644
--- a/modules/etcd/main.tf
+++ a/modules/etcd/main.tf
@@ -8,12 +8,39 @@
    host   = ""
  }

  networks = ["${docker_network.etcd.id}"]

  volumes = [

    {
      host_path      = "${var.data_dir}"
      container_path = "/etcd-data"
    },
    {
      host_path      = "${var.bootkube_asset_dir}/tls/etcd-client.crt"
      container_path = "/etc/etcd-client.crt"
    },
    {
      host_path      = "${var.bootkube_asset_dir}/tls/etcd-client.key"
      container_path = "/etc/etcd-client.key"
    },
    {
      host_path      = "${var.bootkube_asset_dir}/tls/etcd-client-ca.crt"
      container_path = "/etc/etcd-client-ca.crt"
    },
    {
      host_path      = "${var.bootkube_asset_dir}/tls/etcd"
      container_path = "/etc/ssl/certs/etcd"
    },
  ]

  ports = [

    {
      internal = 2379
      external = 2379
      ip       = "${var.host_ip}"
    },
    {
      internal = 2380
      external = 2380
      ip       = "${var.host_ip}"
    },
  ]

@@ -21,18 +48,17 @@
    "/usr/local/bin/etcd",
    "--data-dir=/etcd-data",
    "--name=${var.node_name}",
    "--advertise-client-urls=http://${var.host_ip}:2379",
    "--initial-advertise-peer-urls=http://${var.host_ip}:2380",
    "--initial-cluster=${var.node_name}=http://${var.host_ip}:2380",
    "--advertise-client-urls=https://${var.host_ip}:2379",
    "--initial-advertise-peer-urls=https://${var.host_ip}:2380",
    "--initial-cluster=${var.node_name}=https://${var.host_ip}:2380",
    "--listen-client-urls=https://0.0.0.0:2379",
    "--listen-peer-urls=https://0.0.0.0:2380",
    "--trusted-ca-file=/etc/ssl/certs/etcd/server-ca.crt",
    "--cert-file=/etc/ssl/certs/etcd/server.crt",
    "--key-file=/etc/ssl/certs/etcd/server.key",
    "--client-cert-auth=true",
    "--peer-trusted-ca-file=/etc/ssl/certs/etcd/peer-ca.crt",
    "--peer-cert-file=/etc/ssl/certs/etcd/peer.crt",
    "--peer-key-file=/etc/ssl/certs/etcd/peer.key",
  ]
}

resource "docker_network" "etcd" {

  name   = "etcd"
  driver = "bridge"

  ipam_config {

    subnet  = "10.10.10.0/25"
    gateway = "10.10.10.1"
  }
}