Adds etcd secrets to bootkube-start

2019-01-27 18:56:12 +05:30 · 2019-01-27 18:56:12 +05:30 · 6586244fa8
parent 0956877ac7
commit 6586244fa8
4 changed files with 26 additions and 8 deletions
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@ -124,10 +124,10 @@ resource "cloudflare_record" "mailgun-mxb" {
  priority = 20
 }

-resource "cloudflare_record" "k8s-talk" {
+resource "cloudflare_record" "k8s" {
  domain = "${var.domain}"
  name   = "k8s"
-  value  = "lightsaber.captnemo.in"
-  type   = "CNAME"
+  value  = "10.8.0.1"
+  type   = "A"
  ttl    = 3600
 }
--- a/kubernetes.tf
+++ b/kubernetes.tf
@ -70,7 +70,7 @@ module "bootkube" {
  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"

  cluster_name          = "k8s.bb8.fun"
-  api_servers           = ["10.8.0.1", "k8s.bb8.fun"]
+  api_servers           = ["k8s.bb8.fun"]
  cluster_domain_suffix = "k8s.bb8.fun"
  etcd_servers          = ["etcd.bb8.fun"]
  asset_dir             = "./k8s"
--- a/modules/bootkube/main.tf
+++ b/modules/bootkube/main.tf
@ -3,8 +3,8 @@ resource "docker_container" "bootkube" {
  name  = "bootkube"

  volumes {
-    container_path = "/etc/kubernetes/manifests"
-    host_path      = "/etc/kubernetes/manifests"
+    container_path = "/etc/kubernetes"
+    host_path      = "/etc/kubernetes"
  }

  # bootstrap manifests
@ -21,6 +21,20 @@ resource "docker_container" "bootkube" {
    content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-scheduler.yaml")}"
    file    = "/home/.bootkube/bootstrap-manifests/bootstrap-scheduler.yaml"
  }
+  # etcd secrets
+  #
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client-ca.crt"
+    content = "${file("${var.asset-dir}/tls/etcd-client-ca.crt")}"
+  }
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client.crt"
+    content = "${file("${var.asset-dir}/tls/etcd-client.crt")}"
+  }
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client.key"
+    content = "${file("${var.asset-dir}/tls/etcd-client.key")}"
+  }
  # Cluster Networking
  upload {
    content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
--- a/modules/kubelet/main.tf
+++ b/modules/kubelet/main.tf
@ -84,8 +84,12 @@ resource "docker_container" "kubelet" {
  // Deviates from kubelet-wrapper

  volumes {
-    container_path = "/var/lib/cni"
-    host_path      = "/var/lib/cni"
+    container_path = "/opt/cni/bin"
+    host_path      = "/opt/cni/bin"
+  }
+  volumes {
+    container_path = "/etc/cni/net.d"
+    host_path      = "/etc/cni/net.d"
  }
  #
  # "There is no war within the container. Here we are safe. Here we are free."