Migrate to kayak
This commit is contained in:
parent
f85692da9e
commit
40b967edce
|
|
@ -0,0 +1,31 @@
|
|||
// Points to the local working directory instead of
|
||||
// the published version
|
||||
module "kayak" {
|
||||
source = "../terraform-digitalocean-kayak"
|
||||
cert_path = "${path.root}/secrets/kayak"
|
||||
domain = "kayak.${var.root-domain}"
|
||||
ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
|
||||
|
||||
asset_dir = "${path.root}/k8s"
|
||||
|
||||
providers {
|
||||
docker = "docker.kayak"
|
||||
}
|
||||
}
|
||||
|
||||
provider "docker" {
|
||||
host = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
|
||||
version = "~> 2.0.0"
|
||||
alias = "kayak"
|
||||
ca_material = "${module.kayak.docker_ca_cert}"
|
||||
cert_material = "${module.kayak.docker_client_cert}"
|
||||
key_material = "${module.kayak.docker_client_key}"
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "kayak-docker" {
|
||||
name = "docker.kayak"
|
||||
value = "${module.kayak.droplet_ipv4}"
|
||||
domain = "${var.root-domain}"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
module "k8s" {
|
||||
source = "modules/k8s"
|
||||
cluster_name = "k8s.${var.root-domain}"
|
||||
etcd_domain = "etcd.${var.root-domain}"
|
||||
etcd_data_dir = "/mnt/disk/etcd"
|
||||
asset_dir = "${path.root}/k8s2"
|
||||
host_ip = "${var.ips["dovpn"]}"
|
||||
|
||||
providers = {
|
||||
docker = "docker.sydney"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,221 +0,0 @@
|
|||
resource "docker_container" "bootkube" {
|
||||
image = "${docker_image.image.latest}"
|
||||
name = "bootkube"
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/kubernetes"
|
||||
host_path = "/etc/kubernetes"
|
||||
}
|
||||
|
||||
# bootstrap manifests
|
||||
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-apiserver.yaml")}"
|
||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-apiserver.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-controller-manager.yaml")}"
|
||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-controller-manager.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-scheduler.yaml")}"
|
||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-scheduler.yaml"
|
||||
}
|
||||
# etcd secrets
|
||||
#
|
||||
upload {
|
||||
file = "/home/.bootkube/tls/etcd-client-ca.crt"
|
||||
content = "${file("${var.asset-dir}/tls/etcd-client-ca.crt")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/tls/etcd-client.crt"
|
||||
content = "${file("${var.asset-dir}/tls/etcd-client.crt")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/tls/etcd-client.key"
|
||||
content = "${file("${var.asset-dir}/tls/etcd-client.key")}"
|
||||
}
|
||||
# Cluster Networking
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
|
||||
file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
|
||||
file = "/home/.bootkube/manifests/networking-cluster-role.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
|
||||
file = "/home/.bootkube/manifests/networking-config.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
|
||||
file = "/home/.bootkube/manifests/networking-daemonset.yaml"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
|
||||
file = "/home/.bootkube/manifests/networking-service-account.yaml"
|
||||
}
|
||||
# TLS
|
||||
upload {
|
||||
file = "/home/.bootkube/tls/service-account.pub"
|
||||
content = "${file("${var.asset-dir}/tls/service-account.pub")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/tls/service-account.key"
|
||||
content = "${file("${var.asset-dir}/tls/service-account.key")}"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/tls/ca.key")}"
|
||||
file = "/home/.bootkube/tls/ca.key"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/tls/ca.crt")}"
|
||||
file = "/home/.bootkube/tls/ca.crt"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/tls/apiserver.key")}"
|
||||
file = "/home/.bootkube/tls/apiserver.key"
|
||||
}
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/tls/apiserver.crt")}"
|
||||
file = "/home/.bootkube/tls/apiserver.crt"
|
||||
}
|
||||
upload {
|
||||
content = "${var.assets["kubelet_cert"]}"
|
||||
file = "/home/.bootkube/tls/kubelet.crt"
|
||||
}
|
||||
upload {
|
||||
content = "${var.assets["kubelet_key"]}"
|
||||
file = "/home/.bootkube/tls/kubelet.key"
|
||||
}
|
||||
# auth/kubeconfig-kubelet
|
||||
upload {
|
||||
content = "${var.assets["kubeconfig-kubelet"]}"
|
||||
file = "/home/.bootkube/auth/kubeconfig-kubelet"
|
||||
}
|
||||
# TODO: Move to a module read instead of file
|
||||
# auth/kubeconfig
|
||||
upload {
|
||||
file = "/home/.bootkube/auth/kubeconfig"
|
||||
content = "${file("${var.asset-dir}/auth/kubeconfig")}"
|
||||
}
|
||||
# Manifests Directory
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-apiserver-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-apiserver-sa.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-sa.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-apiserver-secret.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-secret.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-apiserver.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kubeconfig-in-cluster.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kubeconfig-in-cluster.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-controller-manager-disruption.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-disruption.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-controller-manager-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-controller-manager-sa.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-sa.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-controller-manager-secret.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-secret.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-controller-manager.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kubelet-nodes-cluster-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kubelet-nodes-cluster-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-proxy-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-proxy-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-proxy-sa.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-proxy-sa.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-proxy.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-proxy.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-scheduler-disruption.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-disruption.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-scheduler-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-scheduler-sa.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-sa.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-scheduler-volume-scheduler-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-volume-scheduler-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/kube-scheduler.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer-role-binding.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role-binding.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer-role.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer-sa.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-sa.yaml")}"
|
||||
}
|
||||
upload {
|
||||
file = "/home/.bootkube/manifests/pod-checkpointer.yaml"
|
||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer.yaml")}"
|
||||
}
|
||||
command = [
|
||||
"/bootkube",
|
||||
"start",
|
||||
"--asset-dir=/home/.bootkube",
|
||||
]
|
||||
network_mode = "host"
|
||||
restart = "on-failure"
|
||||
max_retry_count = 5
|
||||
}
|
||||
|
||||
data "docker_registry_image" "image" {
|
||||
name = "quay.io/coreos/bootkube:v${var.version}"
|
||||
}
|
||||
|
||||
resource "docker_image" "image" {
|
||||
name = "${data.docker_registry_image.image.name}"
|
||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
output "image" {
|
||||
value = "${docker_image.image.latest}"
|
||||
}
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
// Based on https://github.com/v1k0d3n/dockerfiles/tree/master/bootkube
|
||||
|
||||
variable "k8s_host" {
|
||||
description = "kubenetes hostname"
|
||||
}
|
||||
|
||||
variable "host_port" {
|
||||
default = "8443"
|
||||
}
|
||||
|
||||
variable "network_provider" {
|
||||
default = "flannel"
|
||||
}
|
||||
|
||||
variable "host_ip" {}
|
||||
|
||||
variable "pod_cidr" {
|
||||
default = "10.25.0.0/16"
|
||||
}
|
||||
|
||||
variable "service_cidr" {
|
||||
default = "10.96.0.0/16"
|
||||
}
|
||||
|
||||
variable "version" {
|
||||
default = "0.14.0"
|
||||
}
|
||||
|
||||
variable "depends_on" {
|
||||
default = []
|
||||
|
||||
type = "list"
|
||||
}
|
||||
|
||||
variable "assets" {
|
||||
type = "map"
|
||||
}
|
||||
|
||||
variable "asset-dir" {}
|
||||
|
|
@ -1,79 +0,0 @@
|
|||
resource "docker_container" "etcd" {
|
||||
name = "etcd"
|
||||
image = "${docker_image.image.latest}"
|
||||
|
||||
volumes {
|
||||
host_path = "${var.data_dir}"
|
||||
container_path = "/etcd-data"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 2379
|
||||
external = 2379
|
||||
ip = "${var.host_bind_ip}"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 2380
|
||||
external = 2380
|
||||
ip = "${var.host_bind_ip}"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${var.pki["ca_cert"]}"
|
||||
file = "/etc/ssl/ca_cert.pem"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${var.pki["server_cert"]}"
|
||||
file = "/etc/ssl/server_cert.pem"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${var.pki["server_key"]}"
|
||||
file = "/etc/ssl/server_key.pem"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${var.pki["peer_cert"]}"
|
||||
file = "/etc/ssl/peer_cert.pem"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${var.pki["peer_key"]}"
|
||||
file = "/etc/ssl/peer_key.pem"
|
||||
}
|
||||
|
||||
env = [
|
||||
"ETCD_NAME=${var.node_name}",
|
||||
"ETCD_DATA_DIR=/etcd-data",
|
||||
"ETCD_ADVERTISE_CLIENT_URLS=https://${var.domain}:2379",
|
||||
"ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${var.domain}:2380",
|
||||
"ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379",
|
||||
"ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380",
|
||||
"ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381",
|
||||
"ETCD_CLIENT_CERT_AUTH=true",
|
||||
"ETCD_INITIAL_CLUSTER=${var.node_name}=https://${var.domain}:2380",
|
||||
"ETCD_STRICT_RECONFIG_CHECK=true",
|
||||
"ETCD_CERT_FILE=/etc/ssl/server_cert.pem",
|
||||
"ETCD_KEY_FILE=/etc/ssl/server_key.pem",
|
||||
"ETCD_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
|
||||
"ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
|
||||
"ETCD_PEER_CERT_FILE=/etc/ssl/peer_cert.pem",
|
||||
"ETCD_PEER_KEY_FILE=/etc/ssl/peer_key.pem",
|
||||
"ETCD_PEER_CLIENT_CERT_AUTH=true",
|
||||
]
|
||||
|
||||
command = [
|
||||
"/usr/local/bin/etcd",
|
||||
]
|
||||
}
|
||||
|
||||
data "docker_registry_image" "image" {
|
||||
name = "quay.io/coreos/etcd:v${var.version}"
|
||||
}
|
||||
|
||||
resource "docker_image" "image" {
|
||||
name = "${data.docker_registry_image.image.name}"
|
||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
variable "domain" {
|
||||
description = "Host name to advertise"
|
||||
type = "string"
|
||||
}
|
||||
|
||||
variable "data_dir" {
|
||||
description = "Directory on host to mount to /etcd-data"
|
||||
type = "string"
|
||||
}
|
||||
|
||||
variable "node_name" {
|
||||
description = "name of the etcd node"
|
||||
default = "controller"
|
||||
}
|
||||
|
||||
variable "depends_on" {
|
||||
default = []
|
||||
|
||||
type = "list"
|
||||
}
|
||||
|
||||
variable "pki" {
|
||||
type = "map"
|
||||
}
|
||||
|
||||
variable "version" {
|
||||
description = "etcd version"
|
||||
default = "3.3.11"
|
||||
}
|
||||
|
||||
variable "host_bind_ip" {
|
||||
description = "IP address to expose the ports on host"
|
||||
default = "0.0.0.0"
|
||||
}
|
||||
|
|
@ -1,143 +0,0 @@
|
|||
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
|
||||
resource "docker_container" "kubelet" {
|
||||
image = "${docker_image.image.latest}"
|
||||
name = "kubelet"
|
||||
|
||||
upload {
|
||||
file = "/etc/kubeconfig"
|
||||
content = "${var.assets["kubeconfig"]}"
|
||||
}
|
||||
|
||||
upload {
|
||||
file = "/etc/kubeca.crt"
|
||||
content = "${var.assets["ca_cert"]}"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/ssl/certs"
|
||||
host_path = "/etc/ssl/certs"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/sys"
|
||||
host_path = "/sys"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/dev"
|
||||
host_path = "/dev"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/usr/share/ca-certificates"
|
||||
host_path = "/usr/share/ca-certificates"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/lib/docker"
|
||||
host_path = "/var/lib/docker"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/kubernetes"
|
||||
host_path = "/etc/kubernetes"
|
||||
}
|
||||
|
||||
// See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
|
||||
volumes {
|
||||
container_path = "/var/lib/kubelet"
|
||||
host_path = "/var/lib/kubelet"
|
||||
shared = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/log"
|
||||
host_path = "/var/log"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/run"
|
||||
host_path = "/run"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/run"
|
||||
host_path = "/var/run"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/lib/modules"
|
||||
host_path = "/lib/modules"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/os-release"
|
||||
host_path = "/usr/lib/os-release"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/machine-id"
|
||||
host_path = "/etc/machine-id"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
// Deviates from kubelet-wrapper
|
||||
|
||||
volumes {
|
||||
container_path = "/opt/cni/bin"
|
||||
host_path = "/opt/cni/bin"
|
||||
}
|
||||
volumes {
|
||||
container_path = "/etc/cni/net.d"
|
||||
host_path = "/etc/kubernetes/cni/net.d"
|
||||
}
|
||||
#
|
||||
# "There is no war within the container. Here we are safe. Here we are free."
|
||||
# - Docker Li agent brainwashing the author
|
||||
#
|
||||
command = [
|
||||
"kubelet",
|
||||
"--address=${var.host_ip}",
|
||||
"--allow-privileged",
|
||||
"--anonymous-auth=false",
|
||||
"--authentication-token-webhook",
|
||||
"--authorization-mode=Webhook",
|
||||
"--client-ca-file=/etc/kubeca.crt",
|
||||
"--cluster_dns=${var.dns_ip}",
|
||||
"--cluster_domain=${var.k8s_host}",
|
||||
"--exit-on-lock-contention=true",
|
||||
"--hostname-override=${var.host_ip}",
|
||||
"--kubeconfig=/etc/kubeconfig",
|
||||
"--lock-file=/var/run/lock/kubelet.lock",
|
||||
"--minimum-container-ttl-duration=10m0s",
|
||||
"--network-plugin=cni",
|
||||
"--node-labels=${var.node_label}",
|
||||
"--pod-manifest-path=/etc/kubernetes/manifests",
|
||||
"--read-only-port=0",
|
||||
"--register-with-taints=${var.node_taints}",
|
||||
"--rotate-certificates",
|
||||
]
|
||||
host {
|
||||
host = "${var.k8s_host}"
|
||||
ip = "${var.host_ip}"
|
||||
}
|
||||
network_mode = "host"
|
||||
pid_mode = "host"
|
||||
privileged = true
|
||||
restart = "no"
|
||||
must_run = false
|
||||
}
|
||||
|
||||
data "docker_registry_image" "image" {
|
||||
name = "gcr.io/google_containers/hyperkube:v${var.version}"
|
||||
}
|
||||
|
||||
resource "docker_image" "image" {
|
||||
name = "${data.docker_registry_image.image.name}"
|
||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
||||
}
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
variable "version" {
|
||||
description = "kubelet version"
|
||||
default = "1.13.2"
|
||||
}
|
||||
|
||||
variable "node_label" {
|
||||
description = "kubelet version"
|
||||
default = "node-role.kubernetes.io/master"
|
||||
}
|
||||
|
||||
variable "node_taints" {
|
||||
description = "node taints"
|
||||
default = "node-role.kubernetes.io/master=:NoSchedule"
|
||||
}
|
||||
|
||||
variable "depends_on" {
|
||||
default = []
|
||||
|
||||
type = "list"
|
||||
}
|
||||
|
||||
variable "asset_dir_volume_name" {
|
||||
default = "k8s-assets"
|
||||
}
|
||||
|
||||
variable "host_ip" {}
|
||||
|
||||
variable "dns_ip" {
|
||||
default = "10.25.0.10"
|
||||
}
|
||||
|
||||
variable "k8s_host" {
|
||||
description = "kubenetes hostname"
|
||||
}
|
||||
|
||||
variable "assets" {
|
||||
type = "map"
|
||||
}
|
||||
14
providers.tf
14
providers.tf
|
|
@ -4,20 +4,6 @@ provider "docker" {
|
|||
version = "~> 2.0.0"
|
||||
}
|
||||
|
||||
provider "docker" {
|
||||
host = "tcp://docker.dovpn.bb8.fun:2376"
|
||||
cert_path = "./secrets/sydney"
|
||||
alias = "sydney"
|
||||
version = "~> 2.0.0"
|
||||
}
|
||||
|
||||
provider "docker" {
|
||||
host = "tcp://docker.captnemo.in:4243"
|
||||
cert_path = "./secrets/nautilus"
|
||||
alias = "nautilus"
|
||||
version = "~> 2.0.0"
|
||||
}
|
||||
|
||||
provider "kubernetes" {
|
||||
version = "1.3.0-custom"
|
||||
host = "https://k8s.bb8.fun:6443"
|
||||
|
|
|
|||
Loading…
Reference in New Issue