🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2019-02-03 18:39:10.0 +05:30:00
committer Nemo <me@captnemo.in> 2019-02-03 18:39:10.0 +05:30:00
commit 
97300459fd9d4b06f578262716fdb79f18653430 [patch]
tree 
a71294954d915d46e2dd70ee66f2e80c75d62b00
parent 
80ce34d52f515d3730bb22735942122c8ee3a577
download 
97300459fd9d4b06f578262716fdb79f18653430.tar.gz

General Updates




Diff


 .gitignore                    |  1 +
 .terraform-version            |  2 +-
 kubernetes.tf                 | 79 ++++++++++---------------------------------------------------------------------
 providers.tf                  |  7 +++++++
 modules/bootkube/main.tf      |  6 ------
 modules/bootkube/outputs.tf   | 10 ----------
 modules/bootkube/variables.tf |  2 --
 modules/etcd/variables.tf     |  1 +
 modules/kubelet/main.tf       | 30 +++++++-----------------------
 modules/kubelet/variables.tf  |  3 ++-
 10 files changed, 25 insertions(+), 116 deletions(-)

diff --git a/.gitignore b/.gitignore
index d2ef326..e1e2930 100644
--- a/.gitignore
+++ a/.gitignore
@@ -7,3 +7,4 @@
*.backup
secrets
k8s/
k8s2/
diff --git a/.terraform-version b/.terraform-version
index 1ee43fc..e6adeaa 100644
--- a/.terraform-version
+++ a/.terraform-version
@@ -1,1 +1,1 @@
0.11.8
0.11.12-beta1
diff --git a/kubernetes.tf b/kubernetes.tf
index db86c00..1a7cf98 100644
--- a/kubernetes.tf
+++ a/kubernetes.tf
@@ -1,77 +1,12 @@
module "etcd" {

  source       = "modules/etcd"
  data_dir     = "/mnt/disk/etcd"
  host_bind_ip = "10.8.0.1"
  domain       = "etcd.bb8.fun"
module "k8s" {

  source        = "modules/k8s"
  cluster_name  = "k8s.${var.root-domain}"
  etcd_domain   = "etcd.${var.root-domain}"
  etcd_data_dir = "/mnt/disk/etcd"
  asset_dir     = "${path.root}/k8s2"
  host_ip       = "${var.ips["dovpn"]}"

  pki = {

    ca_cert     = "${module.bootkube.etcd_ca_cert}"
    server_cert = "${module.bootkube.etcd_server_cert}"
    server_key  = "${module.bootkube.etcd_server_key}"
    peer_cert   = "${module.bootkube.etcd_peer_cert}"
    peer_key    = "${module.bootkube.etcd_peer_key}"
  }

  providers = {

    docker = "docker.sydney"
  }

  depends_on = "${module.bootkube.id}"
}

module "kubelet-master" {

  source   = "modules/kubelet"
  host_ip  = "${var.ips["dovpn"]}"
  k8s_host = "k8s.${var.root-domain}"

  assets = {

    kubeconfig   = "${module.bootkube.kubeconfig-kubelet}"
    ca_cert      = "${base64decode(module.bootkube.ca_cert)}"
    kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
    kubelet_key  = "${base64decode(module.bootkube.kubelet_key)}"
  }

  depends_on = "${module.bootkube-start.image}"

  providers = {

    docker = "docker.sydney"
  }
}

module "bootkube-start" {

  source    = "modules/bootkube"
  mode      = "start"
  host_ip   = "${var.ips["dovpn"]}"
  k8s_host  = "k8s.${var.root-domain}"
  asset-dir = "${path.root}/k8s"

  assets = {

    kubeconfig         = "${module.bootkube.kubeconfig-kubelet}"
    ca_cert            = "${base64decode(module.bootkube.ca_cert)}"
    kubelet_cert       = "${base64decode(module.bootkube.kubelet_cert)}"
    kubelet_key        = "${base64decode(module.bootkube.kubelet_key)}"
    kubeconfig-kubelet = "${module.bootkube.kubeconfig-kubelet}"

    # etcd_ca_cert       = "${module.bootkube.etcd_ca_cert}"
    # etcd_client_cert   = "${module.bootkube.etcd_client_cert}"
    # etcd_client_key    = "${module.bootkube.etcd_client_key}"
    # etcd_server_cert   = "${module.bootkube.etcd_server_cert}"
    # etcd_server_key    = "${module.bootkube.etcd_server_key}"
    # etcd_peer_cert     = "${module.bootkube.etcd_peer_cert}"
    # etcd_peer_key      = "${module.bootkube.etcd_peer_key}"
  }

  providers = {

    docker = "docker.sydney"
  }
}

module "bootkube" {

  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"

  cluster_name          = "k8s.bb8.fun"
  api_servers           = ["k8s.bb8.fun"]
  cluster_domain_suffix = "k8s.bb8.fun"
  etcd_servers          = ["etcd.bb8.fun"]
  asset_dir             = "./k8s"
}
diff --git a/providers.tf b/providers.tf
index 7d4ce7b..e4d7417 100644
--- a/providers.tf
+++ a/providers.tf
@@ -11,6 +11,13 @@
  version   = "~> 2.0.0"
}

provider "docker" {

  host      = "tcp://docker.captnemo.in:4243"
  cert_path = "./secrets/nautilus"
  alias     = "nautilus"
  version   = "~> 2.0.0"
}

provider "kubernetes" {

  version = "1.3.0-custom"
  host    = "https://k8s.bb8.fun:6443"
diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf
index 654da70..188a0ec 100644
--- a/modules/bootkube/main.tf
+++ a/modules/bootkube/main.tf
@@ -89,12 +89,6 @@
    content = "${var.assets["kubelet_key"]}"
    file    = "/home/.bootkube/tls/kubelet.key"
  }
  # TODO: Generate Filenames Dynamically
  # TODO: Check if this is needed at all
  upload {

    content = "${file("${var.asset-dir}/auth/k8s.bb8.fun-config")}"
    file    = "/home/.bootkube/auth/k8s.bb8.fun-config"
  }
  # auth/kubeconfig-kubelet
  upload {

    content = "${var.assets["kubeconfig-kubelet"]}"
diff --git a/modules/bootkube/outputs.tf b/modules/bootkube/outputs.tf
index 29077f3..acc0ef3 100644
--- a/modules/bootkube/outputs.tf
+++ a/modules/bootkube/outputs.tf
@@ -1,13 +1,3 @@
# output "exit_code" {
#   # TODO: Pick correct exit code
#   # value = "${coalesce(formatlist("%s", docker_container.render.*.exit_code))}"
#   # See https://github.com/hashicorp/terraform/issues/15165
#   value = "${var.mode == "render" ?
#     "${element(concat(docker_container.render.*.exit_code, list("")), 0)}" :
#     "${element(concat(docker_container.start.*.exit_code, list("")), 0)}"
#   }"
# }

output "image" {

  value = "${docker_image.image.latest}"
}
diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf
index 1325b72..45f8246 100644
--- a/modules/bootkube/variables.tf
+++ a/modules/bootkube/variables.tf
@@ -22,8 +22,6 @@
  default = "10.96.0.0/16"
}

variable "mode" {}

variable "version" {

  default = "0.14.0"
}
diff --git a/modules/etcd/variables.tf b/modules/etcd/variables.tf
index d47db7e..6b8c90a 100644
--- a/modules/etcd/variables.tf
+++ a/modules/etcd/variables.tf
@@ -30,4 +30,5 @@

variable "host_bind_ip" {

  description = "IP address to expose the ports on host"
  default     = "0.0.0.0"
}
diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 86415ff..6903f4b 100644
--- a/modules/kubelet/main.tf
+++ a/modules/kubelet/main.tf
@@ -1,15 +1,15 @@
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
resource "docker_container" "kubelet" {

  image = "${docker_image.image.latest}"
  name  = "kubelet-static"
  name  = "kubelet"

  upload {

    file    = "/etc/kubernetes/kubeconfig"
    file    = "/etc/kubeconfig"
    content = "${var.assets["kubeconfig"]}"
  }

  upload {

    file    = "/etc/kubernetes/ca.crt"
    file    = "/etc/kubeca.crt"
    content = "${var.assets["ca_cert"]}"
  }

@@ -41,14 +41,6 @@
    host_path      = "/var/lib/docker"
  }

  // TODO: Test with this
  // It technically only needs the /etc/kubernetes/manifests
  // Make sure that the manifests directory exists
  upload {

    file    = "/etc/kubernetes/manifests/.empty"
    content = ""
  }

  volumes {

    container_path = "/etc/kubernetes"
    host_path      = "/etc/kubernetes"
@@ -91,14 +83,6 @@
  volumes {

    container_path = "/etc/machine-id"
    host_path      = "/etc/machine-id"
    read_only      = true
  }

  // Don't think this is needed anymore

  volumes {

    container_path = "/rootfs"
    host_path      = "/"
    read_only      = true
  }

@@ -123,21 +107,19 @@
    "--anonymous-auth=false",
    "--authentication-token-webhook",
    "--authorization-mode=Webhook",
    "--cert-dir=/var/lib/kubelet/pki",
    "--client-ca-file=/etc/kubernetes/ca.crt",
    "--client-ca-file=/etc/kubeca.crt",
    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",
    "--exit-on-lock-contention=true",
    "--hostname-override=${var.host_ip}",
    "--kubeconfig=/etc/kubernetes/kubeconfig",
    "--kubeconfig=/etc/kubeconfig",
    "--lock-file=/var/run/lock/kubelet.lock",
    "--minimum-container-ttl-duration=10m0s",
    "--network-plugin=cni",
    "--node-labels=node-role.kubernetes.io/master",
    "--node-labels=${var.node_label}",
    "--pod-manifest-path=/etc/kubernetes/manifests",
    "--read-only-port=0",
    "--register-with-taints=${var.node_taints}",
    "--node-labels=${var.node_label}",
    "--rotate-certificates",
  ]
  host {

diff --git a/modules/kubelet/variables.tf b/modules/kubelet/variables.tf
index 788f03f..24e643f 100644
--- a/modules/kubelet/variables.tf
+++ a/modules/kubelet/variables.tf
@@ -9,7 +9,8 @@
}

variable "node_taints" {

  default = "node-role.kubernetes.io/master=:NoSchedule"
  description = "node taints"
  default     = "node-role.kubernetes.io/master=:NoSchedule"
}

variable "depends_on" {