🏡 index : github.com/captn3m0/nebula.git

📄 .editorconfig
📄 .gitignore
📄 .terraform-version
📄 README.md
📁 _scripts
📄 ubooquity.php
📁 abstruse
📄 main.tf
📄 variables.tf
📁 cloudflare
📄 main.tf
📄 variables.tf
📄 data.tf
📁 db
📄 mongorocks.tf
📄 network.tf
📄 outputs.tf
📄 postgres.tf
📄 variables.tf
📄 volumes.tf
📁 digitalocean
📄 droplets.tf
📄 firewall.tf
📄 networking.tf
📁 docker
📁 conf
📄 humans.txt
📄 lychee.php.ini
📄 traefik.toml
📄 ubooquity.json
📄 wiki.yml
📄 data.tf
📄 got.tf
📄 images.tf
📄 locals.tf
📄 lychee.tf
📄 main.tf
📄 network.tf
📄 outputs.tf
📄 traefik.tf
📄 ubooquity.tf
📄 variables.tf
📄 volumes.tf
📄 wiki.tf
📄 echoserver.tf
📄 firefox-sync.tf
📁 gitea
📁 conf
📄 conf.ini.tpl
📄 extra_links.tmpl
📄 home.tmpl
📁 public
📁 img
📄 gitea-lg.png
📄 gitea-sm.png
📄 data.tf
📄 main.tf
📄 mysql.tf
📄 network.tf
📄 redis.tf
📄 variables.tf
📄 volume.tf
📄 heimdall.tf
📄 kubernetes.tf
📄 main.tf
📁 media
📄 airsonic.tf
📁 conf
📄 airsonic.properties.tpl
📄 airsonic.sound.properties
📄 transmission.json
📄 emby.tf
📄 jackett.tf
📄 lidarr.tf
📄 network.tf
📄 outputs.tf
📄 radarr.tf
📄 sonarr.tf
📄 transmission.tf
📄 variables.tf
📄 miniflux.tf
📁 modules
📁 bootkube
📄 main.tf
📄 outputs.tf
📄 variables.tf
📁 container
📄 locals.tf
📄 main.tf
📄 vars.tf
📁 etcd
📄 main.tf
📄 variables.tf
📁 image
📄 main.tf
📁 kubelet
📄 main.tf
📄 variables.tf
📁 outline
📄 config.tf
📄 data.tf
📄 database.tf
📄 main.tf
📄 network.tf
📄 redis.tf
📄 s3.tf
📄 variables.tf
📁 postgres
📄 main.tf
📄 vars.tf
📄 monicahq.tf
📁 monitoring
📄 act.tf
📄 cadvisor.tf
📁 config
📄 alert.rules
📄 alertmanager.template.yml
📄 prometheus.yml
📄 data.tf
📄 grafana.tf
📄 images.tf
📄 main.tf
📄 network.tf
📄 nodeexporter.tf
📄 prometheus.tf
📄 speedtest.tf
📄 variables.tf
📁 opml
📄 main.tf
📄 network.tf
📄 redis.tf
📄 variables.tf
📄 outline.tf
📄 providers.tf
📄 pulse.tf
📁 radicale
📄 config
📄 logging.conf
📄 main.tf
📄 users
📄 variables.tf
📄 requestbin.tf
📁 resilio
📄 main.tf
📄 variables.tf
📄 rss-bridge.tf
📁 timemachine
📄 entrypoint.sh.tpl
📄 main.tf
📄 variables.tf
📄 variables.tf
📄 znc.tf 
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
resource "docker_container" "kubelet" {
  image = "${docker_image.image.latest}"
  name  = "kubelet-static"

  upload {
    file    = "/etc/kubernetes/kubeconfig"
    content = "${var.assets["kubeconfig"]}"
  }

  upload {
    file    = "/etc/kubernetes/ca.crt"
    content = "${var.assets["ca_cert"]}"
  }

  # Make sure that the manifests directory exists
  upload {
    file    = "/etc/kubernetes/manifests/.empty"
    content = ""
  }

  volumes {
    container_path = "/etc/ssl/certs"
    host_path      = "/etc/ssl/certs"
    read_only      = true
  }

  volumes {
    container_path = "/sys"
    host_path      = "/sys"
    read_only      = true
  }

  volumes {
    container_path = "/dev"
    host_path      = "/dev"
  }

  # volumes {
  #   container_path = "/usr"
  #   host_path      = "/usr"
  # }

  # volumes {
  #   container_path = "/lib64"
  #   host_path      = "/lib64"
  # }
  volumes {
    container_path = "/usr/share/ca-certificates"
    host_path      = "/usr/share/ca-certificates"
    read_only      = true
  }
  volumes {
    container_path = "/var/lib/docker"
    host_path      = "/var/lib/docker"
  }
  volumes {
    container_path = "/etc/kubernetes"
    host_path      = "/etc/kubernetes"
  }
  volumes {
    container_path = "/var/lib/kubelet"
    host_path      = "/var/lib/kubelet"
  }
  volumes {
    container_path = "/var/log"
    host_path      = "/var/log"
  }
  volumes {
    container_path = "/run"
    host_path      = "/run"
  }
  volumes {
    container_path = "/lib/modules"
    host_path      = "/lib/modules"
    read_only      = true
  }
  volumes {
    container_path = "/etc/os-release"
    host_path      = "/usr/lib/os-release"
    read_only      = true
  }
  volumes {
    container_path = "/etc/machine-id"
    host_path      = "/etc/machine-id"
    read_only      = true
  }
  volumes {
    container_path = "/rootfs"
    host_path      = "/"
    read_only      = true
  }

  // Deviates from kubelet-wrapper

  volumes {
    container_path = "/opt/cni/bin"
    host_path      = "/opt/cni/bin"
  }
  volumes {
    container_path = "/etc/cni/net.d"
    host_path      = "/etc/kubernetes/cni/net.d"
  }
  #
  # "There is no war within the container. Here we are safe. Here we are free."
  # - Docker Li agent brainwashing Nemo
  #
  command = [
    "kubelet",
    "--allow-privileged",
    "--anonymous-auth=false",
    "--authentication-token-webhook",
    "--authorization-mode=Webhook",
    "--cert-dir=/var/lib/kubelet/pki",
    "--client-ca-file=/etc/kubernetes/ca.crt",
    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",

    # "--containerized",
    "--exit-on-lock-contention=true",

    "--hostname-override=${var.host_ip}",
    "--kubeconfig=/etc/kubernetes/kubeconfig",
    "--lock-file=/var/run/lock/kubelet.lock",
    "--minimum-container-ttl-duration=10m0s",
    "--network-plugin=cni",
    "--node-labels=node-role.kubernetes.io/master",
    "--pod-manifest-path=/etc/kubernetes/manifests",
    "--read-only-port=0",
    "--register-with-taints=${var.node_taints}",
    "--node-labels=${var.node_label}",
    "--rotate-certificates",
  ]
  host {
    host = "${var.k8s_host}"
    ip   = "${var.host_ip}"
  }

  # TODO

  network_mode = "host"
  privileged   = true
  restart      = "no"
  must_run     = false

  # max_retry_count = 1
}

data "docker_registry_image" "image" {
  name = "gcr.io/google_containers/hyperkube:v${var.version}"
}

resource "docker_image" "image" {
  name          = "${data.docker_registry_image.image.name}"
  pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
}