Migrate to kayak
This commit is contained in:
parent
f85692da9e
commit
40b967edce
|
@ -0,0 +1,31 @@
|
||||||
|
// Points to the local working directory instead of
|
||||||
|
// the published version
|
||||||
|
module "kayak" {
|
||||||
|
source = "../terraform-digitalocean-kayak"
|
||||||
|
cert_path = "${path.root}/secrets/kayak"
|
||||||
|
domain = "kayak.${var.root-domain}"
|
||||||
|
ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
|
||||||
|
|
||||||
|
asset_dir = "${path.root}/k8s"
|
||||||
|
|
||||||
|
providers {
|
||||||
|
docker = "docker.kayak"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "docker" {
|
||||||
|
host = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
|
||||||
|
version = "~> 2.0.0"
|
||||||
|
alias = "kayak"
|
||||||
|
ca_material = "${module.kayak.docker_ca_cert}"
|
||||||
|
cert_material = "${module.kayak.docker_client_cert}"
|
||||||
|
key_material = "${module.kayak.docker_client_key}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "kayak-docker" {
|
||||||
|
name = "docker.kayak"
|
||||||
|
value = "${module.kayak.droplet_ipv4}"
|
||||||
|
domain = "${var.root-domain}"
|
||||||
|
type = "A"
|
||||||
|
ttl = 3600
|
||||||
|
}
|
|
@ -1,12 +0,0 @@
|
||||||
module "k8s" {
|
|
||||||
source = "modules/k8s"
|
|
||||||
cluster_name = "k8s.${var.root-domain}"
|
|
||||||
etcd_domain = "etcd.${var.root-domain}"
|
|
||||||
etcd_data_dir = "/mnt/disk/etcd"
|
|
||||||
asset_dir = "${path.root}/k8s2"
|
|
||||||
host_ip = "${var.ips["dovpn"]}"
|
|
||||||
|
|
||||||
providers = {
|
|
||||||
docker = "docker.sydney"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,221 +0,0 @@
|
||||||
resource "docker_container" "bootkube" {
|
|
||||||
image = "${docker_image.image.latest}"
|
|
||||||
name = "bootkube"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/kubernetes"
|
|
||||||
host_path = "/etc/kubernetes"
|
|
||||||
}
|
|
||||||
|
|
||||||
# bootstrap manifests
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-apiserver.yaml")}"
|
|
||||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-apiserver.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-controller-manager.yaml")}"
|
|
||||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-controller-manager.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-scheduler.yaml")}"
|
|
||||||
file = "/home/.bootkube/bootstrap-manifests/bootstrap-scheduler.yaml"
|
|
||||||
}
|
|
||||||
# etcd secrets
|
|
||||||
#
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/tls/etcd-client-ca.crt"
|
|
||||||
content = "${file("${var.asset-dir}/tls/etcd-client-ca.crt")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/tls/etcd-client.crt"
|
|
||||||
content = "${file("${var.asset-dir}/tls/etcd-client.crt")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/tls/etcd-client.key"
|
|
||||||
content = "${file("${var.asset-dir}/tls/etcd-client.key")}"
|
|
||||||
}
|
|
||||||
# Cluster Networking
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
|
|
||||||
file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
|
|
||||||
file = "/home/.bootkube/manifests/networking-cluster-role.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
|
|
||||||
file = "/home/.bootkube/manifests/networking-config.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
|
|
||||||
file = "/home/.bootkube/manifests/networking-daemonset.yaml"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
|
|
||||||
file = "/home/.bootkube/manifests/networking-service-account.yaml"
|
|
||||||
}
|
|
||||||
# TLS
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/tls/service-account.pub"
|
|
||||||
content = "${file("${var.asset-dir}/tls/service-account.pub")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/tls/service-account.key"
|
|
||||||
content = "${file("${var.asset-dir}/tls/service-account.key")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/tls/ca.key")}"
|
|
||||||
file = "/home/.bootkube/tls/ca.key"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/tls/ca.crt")}"
|
|
||||||
file = "/home/.bootkube/tls/ca.crt"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/tls/apiserver.key")}"
|
|
||||||
file = "/home/.bootkube/tls/apiserver.key"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/tls/apiserver.crt")}"
|
|
||||||
file = "/home/.bootkube/tls/apiserver.crt"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${var.assets["kubelet_cert"]}"
|
|
||||||
file = "/home/.bootkube/tls/kubelet.crt"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
content = "${var.assets["kubelet_key"]}"
|
|
||||||
file = "/home/.bootkube/tls/kubelet.key"
|
|
||||||
}
|
|
||||||
# auth/kubeconfig-kubelet
|
|
||||||
upload {
|
|
||||||
content = "${var.assets["kubeconfig-kubelet"]}"
|
|
||||||
file = "/home/.bootkube/auth/kubeconfig-kubelet"
|
|
||||||
}
|
|
||||||
# TODO: Move to a module read instead of file
|
|
||||||
# auth/kubeconfig
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/auth/kubeconfig"
|
|
||||||
content = "${file("${var.asset-dir}/auth/kubeconfig")}"
|
|
||||||
}
|
|
||||||
# Manifests Directory
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-apiserver-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-apiserver-sa.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-sa.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-apiserver-secret.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver-secret.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-apiserver.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-apiserver.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kubeconfig-in-cluster.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kubeconfig-in-cluster.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-controller-manager-disruption.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-disruption.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-controller-manager-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-controller-manager-sa.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-sa.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-controller-manager-secret.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager-secret.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-controller-manager.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-controller-manager.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kubelet-nodes-cluster-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kubelet-nodes-cluster-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-proxy-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-proxy-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-proxy-sa.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-proxy-sa.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-proxy.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-proxy.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-scheduler-disruption.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-disruption.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-scheduler-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-scheduler-sa.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-sa.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-scheduler-volume-scheduler-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler-volume-scheduler-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/kube-scheduler.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/kube-scheduler.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer-cluster-role.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-cluster-role.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer-role-binding.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role-binding.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer-role.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-role.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer-sa.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer-sa.yaml")}"
|
|
||||||
}
|
|
||||||
upload {
|
|
||||||
file = "/home/.bootkube/manifests/pod-checkpointer.yaml"
|
|
||||||
content = "${file("${var.asset-dir}/manifests/pod-checkpointer.yaml")}"
|
|
||||||
}
|
|
||||||
command = [
|
|
||||||
"/bootkube",
|
|
||||||
"start",
|
|
||||||
"--asset-dir=/home/.bootkube",
|
|
||||||
]
|
|
||||||
network_mode = "host"
|
|
||||||
restart = "on-failure"
|
|
||||||
max_retry_count = 5
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "image" {
|
|
||||||
name = "quay.io/coreos/bootkube:v${var.version}"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "image" {
|
|
||||||
name = "${data.docker_registry_image.image.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
output "image" {
|
|
||||||
value = "${docker_image.image.latest}"
|
|
||||||
}
|
|
|
@ -1,39 +0,0 @@
|
||||||
// Based on https://github.com/v1k0d3n/dockerfiles/tree/master/bootkube
|
|
||||||
|
|
||||||
variable "k8s_host" {
|
|
||||||
description = "kubenetes hostname"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "host_port" {
|
|
||||||
default = "8443"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "network_provider" {
|
|
||||||
default = "flannel"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "host_ip" {}
|
|
||||||
|
|
||||||
variable "pod_cidr" {
|
|
||||||
default = "10.25.0.0/16"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "service_cidr" {
|
|
||||||
default = "10.96.0.0/16"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "version" {
|
|
||||||
default = "0.14.0"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "depends_on" {
|
|
||||||
default = []
|
|
||||||
|
|
||||||
type = "list"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "assets" {
|
|
||||||
type = "map"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "asset-dir" {}
|
|
|
@ -1,79 +0,0 @@
|
||||||
resource "docker_container" "etcd" {
|
|
||||||
name = "etcd"
|
|
||||||
image = "${docker_image.image.latest}"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "${var.data_dir}"
|
|
||||||
container_path = "/etcd-data"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 2379
|
|
||||||
external = 2379
|
|
||||||
ip = "${var.host_bind_ip}"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 2380
|
|
||||||
external = 2380
|
|
||||||
ip = "${var.host_bind_ip}"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${var.pki["ca_cert"]}"
|
|
||||||
file = "/etc/ssl/ca_cert.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${var.pki["server_cert"]}"
|
|
||||||
file = "/etc/ssl/server_cert.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${var.pki["server_key"]}"
|
|
||||||
file = "/etc/ssl/server_key.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${var.pki["peer_cert"]}"
|
|
||||||
file = "/etc/ssl/peer_cert.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${var.pki["peer_key"]}"
|
|
||||||
file = "/etc/ssl/peer_key.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"ETCD_NAME=${var.node_name}",
|
|
||||||
"ETCD_DATA_DIR=/etcd-data",
|
|
||||||
"ETCD_ADVERTISE_CLIENT_URLS=https://${var.domain}:2379",
|
|
||||||
"ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${var.domain}:2380",
|
|
||||||
"ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379",
|
|
||||||
"ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380",
|
|
||||||
"ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381",
|
|
||||||
"ETCD_CLIENT_CERT_AUTH=true",
|
|
||||||
"ETCD_INITIAL_CLUSTER=${var.node_name}=https://${var.domain}:2380",
|
|
||||||
"ETCD_STRICT_RECONFIG_CHECK=true",
|
|
||||||
"ETCD_CERT_FILE=/etc/ssl/server_cert.pem",
|
|
||||||
"ETCD_KEY_FILE=/etc/ssl/server_key.pem",
|
|
||||||
"ETCD_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
|
|
||||||
"ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/ca_cert.pem",
|
|
||||||
"ETCD_PEER_CERT_FILE=/etc/ssl/peer_cert.pem",
|
|
||||||
"ETCD_PEER_KEY_FILE=/etc/ssl/peer_key.pem",
|
|
||||||
"ETCD_PEER_CLIENT_CERT_AUTH=true",
|
|
||||||
]
|
|
||||||
|
|
||||||
command = [
|
|
||||||
"/usr/local/bin/etcd",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "image" {
|
|
||||||
name = "quay.io/coreos/etcd:v${var.version}"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "image" {
|
|
||||||
name = "${data.docker_registry_image.image.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
variable "domain" {
|
|
||||||
description = "Host name to advertise"
|
|
||||||
type = "string"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "data_dir" {
|
|
||||||
description = "Directory on host to mount to /etcd-data"
|
|
||||||
type = "string"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "node_name" {
|
|
||||||
description = "name of the etcd node"
|
|
||||||
default = "controller"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "depends_on" {
|
|
||||||
default = []
|
|
||||||
|
|
||||||
type = "list"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "pki" {
|
|
||||||
type = "map"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "version" {
|
|
||||||
description = "etcd version"
|
|
||||||
default = "3.3.11"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "host_bind_ip" {
|
|
||||||
description = "IP address to expose the ports on host"
|
|
||||||
default = "0.0.0.0"
|
|
||||||
}
|
|
|
@ -1,143 +0,0 @@
|
||||||
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
|
|
||||||
resource "docker_container" "kubelet" {
|
|
||||||
image = "${docker_image.image.latest}"
|
|
||||||
name = "kubelet"
|
|
||||||
|
|
||||||
upload {
|
|
||||||
file = "/etc/kubeconfig"
|
|
||||||
content = "${var.assets["kubeconfig"]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
file = "/etc/kubeca.crt"
|
|
||||||
content = "${var.assets["ca_cert"]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/ssl/certs"
|
|
||||||
host_path = "/etc/ssl/certs"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/sys"
|
|
||||||
host_path = "/sys"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/dev"
|
|
||||||
host_path = "/dev"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/usr/share/ca-certificates"
|
|
||||||
host_path = "/usr/share/ca-certificates"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/var/lib/docker"
|
|
||||||
host_path = "/var/lib/docker"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/kubernetes"
|
|
||||||
host_path = "/etc/kubernetes"
|
|
||||||
}
|
|
||||||
|
|
||||||
// See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
|
|
||||||
volumes {
|
|
||||||
container_path = "/var/lib/kubelet"
|
|
||||||
host_path = "/var/lib/kubelet"
|
|
||||||
shared = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/var/log"
|
|
||||||
host_path = "/var/log"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/run"
|
|
||||||
host_path = "/run"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/var/run"
|
|
||||||
host_path = "/var/run"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/lib/modules"
|
|
||||||
host_path = "/lib/modules"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/os-release"
|
|
||||||
host_path = "/usr/lib/os-release"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/machine-id"
|
|
||||||
host_path = "/etc/machine-id"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deviates from kubelet-wrapper
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/opt/cni/bin"
|
|
||||||
host_path = "/opt/cni/bin"
|
|
||||||
}
|
|
||||||
volumes {
|
|
||||||
container_path = "/etc/cni/net.d"
|
|
||||||
host_path = "/etc/kubernetes/cni/net.d"
|
|
||||||
}
|
|
||||||
#
|
|
||||||
# "There is no war within the container. Here we are safe. Here we are free."
|
|
||||||
# - Docker Li agent brainwashing the author
|
|
||||||
#
|
|
||||||
command = [
|
|
||||||
"kubelet",
|
|
||||||
"--address=${var.host_ip}",
|
|
||||||
"--allow-privileged",
|
|
||||||
"--anonymous-auth=false",
|
|
||||||
"--authentication-token-webhook",
|
|
||||||
"--authorization-mode=Webhook",
|
|
||||||
"--client-ca-file=/etc/kubeca.crt",
|
|
||||||
"--cluster_dns=${var.dns_ip}",
|
|
||||||
"--cluster_domain=${var.k8s_host}",
|
|
||||||
"--exit-on-lock-contention=true",
|
|
||||||
"--hostname-override=${var.host_ip}",
|
|
||||||
"--kubeconfig=/etc/kubeconfig",
|
|
||||||
"--lock-file=/var/run/lock/kubelet.lock",
|
|
||||||
"--minimum-container-ttl-duration=10m0s",
|
|
||||||
"--network-plugin=cni",
|
|
||||||
"--node-labels=${var.node_label}",
|
|
||||||
"--pod-manifest-path=/etc/kubernetes/manifests",
|
|
||||||
"--read-only-port=0",
|
|
||||||
"--register-with-taints=${var.node_taints}",
|
|
||||||
"--rotate-certificates",
|
|
||||||
]
|
|
||||||
host {
|
|
||||||
host = "${var.k8s_host}"
|
|
||||||
ip = "${var.host_ip}"
|
|
||||||
}
|
|
||||||
network_mode = "host"
|
|
||||||
pid_mode = "host"
|
|
||||||
privileged = true
|
|
||||||
restart = "no"
|
|
||||||
must_run = false
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "image" {
|
|
||||||
name = "gcr.io/google_containers/hyperkube:v${var.version}"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "image" {
|
|
||||||
name = "${data.docker_registry_image.image.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
|
|
||||||
}
|
|
|
@ -1,38 +0,0 @@
|
||||||
variable "version" {
|
|
||||||
description = "kubelet version"
|
|
||||||
default = "1.13.2"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "node_label" {
|
|
||||||
description = "kubelet version"
|
|
||||||
default = "node-role.kubernetes.io/master"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "node_taints" {
|
|
||||||
description = "node taints"
|
|
||||||
default = "node-role.kubernetes.io/master=:NoSchedule"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "depends_on" {
|
|
||||||
default = []
|
|
||||||
|
|
||||||
type = "list"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "asset_dir_volume_name" {
|
|
||||||
default = "k8s-assets"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "host_ip" {}
|
|
||||||
|
|
||||||
variable "dns_ip" {
|
|
||||||
default = "10.25.0.10"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "k8s_host" {
|
|
||||||
description = "kubenetes hostname"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "assets" {
|
|
||||||
type = "map"
|
|
||||||
}
|
|
14
providers.tf
14
providers.tf
|
@ -4,20 +4,6 @@ provider "docker" {
|
||||||
version = "~> 2.0.0"
|
version = "~> 2.0.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "docker" {
|
|
||||||
host = "tcp://docker.dovpn.bb8.fun:2376"
|
|
||||||
cert_path = "./secrets/sydney"
|
|
||||||
alias = "sydney"
|
|
||||||
version = "~> 2.0.0"
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "docker" {
|
|
||||||
host = "tcp://docker.captnemo.in:4243"
|
|
||||||
cert_path = "./secrets/nautilus"
|
|
||||||
alias = "nautilus"
|
|
||||||
version = "~> 2.0.0"
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "kubernetes" {
|
provider "kubernetes" {
|
||||||
version = "1.3.0-custom"
|
version = "1.3.0-custom"
|
||||||
host = "https://k8s.bb8.fun:6443"
|
host = "https://k8s.bb8.fun:6443"
|
||||||
|
|
Loading…
Reference in New Issue