From 97300459fd9d4b06f578262716fdb79f18653430 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 03 Feb 2019 18:39:10 +0530
Subject: [PATCH] General Updates
---
.gitignore | 1 +
.terraform-version | 2 +-
kubernetes.tf | 79 ++++++++++---------------------------------------------------------------------
providers.tf | 7 +++++++
modules/bootkube/main.tf | 6 ------
modules/bootkube/outputs.tf | 10 ----------
modules/bootkube/variables.tf | 2 --
modules/etcd/variables.tf | 1 +
modules/kubelet/main.tf | 30 +++++++-----------------------
modules/kubelet/variables.tf | 3 ++-
10 files changed, 25 insertions(+), 116 deletions(-)
diff --git a/.gitignore b/.gitignore
index d2ef326..e1e2930 100644
--- a/.gitignore
+++ a/.gitignore
@@ -7,3 +7,4 @@
*.backup
secrets
k8s/
+k8s2/
diff --git a/.terraform-version b/.terraform-version
index 1ee43fc..e6adeaa 100644
--- a/.terraform-version
+++ a/.terraform-version
@@ -1,1 +1,1 @@
-0.11.8
+0.11.12-beta1
diff --git a/kubernetes.tf b/kubernetes.tf
index db86c00..1a7cf98 100644
--- a/kubernetes.tf
+++ a/kubernetes.tf
@@ -1,77 +1,12 @@
-module "etcd" {
- source = "modules/etcd"
- data_dir = "/mnt/disk/etcd"
- host_bind_ip = "10.8.0.1"
- domain = "etcd.bb8.fun"
+module "k8s" {
+ source = "modules/k8s"
+ cluster_name = "k8s.${var.root-domain}"
+ etcd_domain = "etcd.${var.root-domain}"
+ etcd_data_dir = "/mnt/disk/etcd"
+ asset_dir = "${path.root}/k8s2"
+ host_ip = "${var.ips["dovpn"]}"
- pki = {
- ca_cert = "${module.bootkube.etcd_ca_cert}"
- server_cert = "${module.bootkube.etcd_server_cert}"
- server_key = "${module.bootkube.etcd_server_key}"
- peer_cert = "${module.bootkube.etcd_peer_cert}"
- peer_key = "${module.bootkube.etcd_peer_key}"
- }
-
- providers = {
- docker = "docker.sydney"
- }
-
- depends_on = "${module.bootkube.id}"
-}
-
-module "kubelet-master" {
- source = "modules/kubelet"
- host_ip = "${var.ips["dovpn"]}"
- k8s_host = "k8s.${var.root-domain}"
-
- assets = {
- kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
- ca_cert = "${base64decode(module.bootkube.ca_cert)}"
- kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
- kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
- }
-
- depends_on = "${module.bootkube-start.image}"
-
- providers = {
- docker = "docker.sydney"
- }
-}
-
-module "bootkube-start" {
- source = "modules/bootkube"
- mode = "start"
- host_ip = "${var.ips["dovpn"]}"
- k8s_host = "k8s.${var.root-domain}"
- asset-dir = "${path.root}/k8s"
-
- assets = {
- kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
- ca_cert = "${base64decode(module.bootkube.ca_cert)}"
- kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
- kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
- kubeconfig-kubelet = "${module.bootkube.kubeconfig-kubelet}"
-
- # etcd_ca_cert = "${module.bootkube.etcd_ca_cert}"
- # etcd_client_cert = "${module.bootkube.etcd_client_cert}"
- # etcd_client_key = "${module.bootkube.etcd_client_key}"
- # etcd_server_cert = "${module.bootkube.etcd_server_cert}"
- # etcd_server_key = "${module.bootkube.etcd_server_key}"
- # etcd_peer_cert = "${module.bootkube.etcd_peer_cert}"
- # etcd_peer_key = "${module.bootkube.etcd_peer_key}"
- }
-
providers = {
docker = "docker.sydney"
}
-}
-
-module "bootkube" {
- source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"
-
- cluster_name = "k8s.bb8.fun"
- api_servers = ["k8s.bb8.fun"]
- cluster_domain_suffix = "k8s.bb8.fun"
- etcd_servers = ["etcd.bb8.fun"]
- asset_dir = "./k8s"
}
diff --git a/providers.tf b/providers.tf
index 7d4ce7b..e4d7417 100644
--- a/providers.tf
+++ a/providers.tf
@@ -11,6 +11,13 @@
version = "~> 2.0.0"
}
+provider "docker" {
+ host = "tcp://docker.captnemo.in:4243"
+ cert_path = "./secrets/nautilus"
+ alias = "nautilus"
+ version = "~> 2.0.0"
+}
+
provider "kubernetes" {
version = "1.3.0-custom"
host = "https://k8s.bb8.fun:6443"
diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf
index 654da70..188a0ec 100644
--- a/modules/bootkube/main.tf
+++ a/modules/bootkube/main.tf
@@ -89,12 +89,6 @@
content = "${var.assets["kubelet_key"]}"
file = "/home/.bootkube/tls/kubelet.key"
}
- # TODO: Generate Filenames Dynamically
- # TODO: Check if this is needed at all
- upload {
- content = "${file("${var.asset-dir}/auth/k8s.bb8.fun-config")}"
- file = "/home/.bootkube/auth/k8s.bb8.fun-config"
- }
# auth/kubeconfig-kubelet
upload {
content = "${var.assets["kubeconfig-kubelet"]}"
diff --git a/modules/bootkube/outputs.tf b/modules/bootkube/outputs.tf
index 29077f3..acc0ef3 100644
--- a/modules/bootkube/outputs.tf
+++ a/modules/bootkube/outputs.tf
@@ -1,13 +1,3 @@
-# output "exit_code" {
-# # TODO: Pick correct exit code
-# # value = "${coalesce(formatlist("%s", docker_container.render.*.exit_code))}"
-# # See https://github.com/hashicorp/terraform/issues/15165
-# value = "${var.mode == "render" ?
-# "${element(concat(docker_container.render.*.exit_code, list("")), 0)}" :
-# "${element(concat(docker_container.start.*.exit_code, list("")), 0)}"
-# }"
-# }
-
output "image" {
value = "${docker_image.image.latest}"
}
diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf
index 1325b72..45f8246 100644
--- a/modules/bootkube/variables.tf
+++ a/modules/bootkube/variables.tf
@@ -22,8 +22,6 @@
default = "10.96.0.0/16"
}
-variable "mode" {}
-
variable "version" {
default = "0.14.0"
}
diff --git a/modules/etcd/variables.tf b/modules/etcd/variables.tf
index d47db7e..6b8c90a 100644
--- a/modules/etcd/variables.tf
+++ a/modules/etcd/variables.tf
@@ -30,4 +30,5 @@
variable "host_bind_ip" {
description = "IP address to expose the ports on host"
+ default = "0.0.0.0"
}
diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 86415ff..6903f4b 100644
--- a/modules/kubelet/main.tf
+++ a/modules/kubelet/main.tf
@@ -1,15 +1,15 @@
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
resource "docker_container" "kubelet" {
image = "${docker_image.image.latest}"
- name = "kubelet-static"
+ name = "kubelet"
upload {
- file = "/etc/kubernetes/kubeconfig"
+ file = "/etc/kubeconfig"
content = "${var.assets["kubeconfig"]}"
}
upload {
- file = "/etc/kubernetes/ca.crt"
+ file = "/etc/kubeca.crt"
content = "${var.assets["ca_cert"]}"
}
@@ -41,14 +41,6 @@
host_path = "/var/lib/docker"
}
- // TODO: Test with this
- // It technically only needs the /etc/kubernetes/manifests
- // Make sure that the manifests directory exists
- upload {
- file = "/etc/kubernetes/manifests/.empty"
- content = ""
- }
-
volumes {
container_path = "/etc/kubernetes"
host_path = "/etc/kubernetes"
@@ -91,14 +83,6 @@
volumes {
container_path = "/etc/machine-id"
host_path = "/etc/machine-id"
- read_only = true
- }
-
- // Don't think this is needed anymore
-
- volumes {
- container_path = "/rootfs"
- host_path = "/"
read_only = true
}
@@ -123,21 +107,19 @@
"--anonymous-auth=false",
"--authentication-token-webhook",
"--authorization-mode=Webhook",
- "--cert-dir=/var/lib/kubelet/pki",
- "--client-ca-file=/etc/kubernetes/ca.crt",
+ "--client-ca-file=/etc/kubeca.crt",
"--cluster_dns=${var.dns_ip}",
"--cluster_domain=${var.k8s_host}",
"--exit-on-lock-contention=true",
"--hostname-override=${var.host_ip}",
- "--kubeconfig=/etc/kubernetes/kubeconfig",
+ "--kubeconfig=/etc/kubeconfig",
"--lock-file=/var/run/lock/kubelet.lock",
"--minimum-container-ttl-duration=10m0s",
"--network-plugin=cni",
- "--node-labels=node-role.kubernetes.io/master",
+ "--node-labels=${var.node_label}",
"--pod-manifest-path=/etc/kubernetes/manifests",
"--read-only-port=0",
"--register-with-taints=${var.node_taints}",
- "--node-labels=${var.node_label}",
"--rotate-certificates",
]
host {
diff --git a/modules/kubelet/variables.tf b/modules/kubelet/variables.tf
index 788f03f..24e643f 100644
--- a/modules/kubelet/variables.tf
+++ a/modules/kubelet/variables.tf
@@ -9,7 +9,8 @@
}
variable "node_taints" {
- default = "node-role.kubernetes.io/master=:NoSchedule"
+ description = "node taints"
+ default = "node-role.kubernetes.io/master=:NoSchedule"
}
variable "depends_on" {
--
rgit 0.1.5