General Updates
This commit is contained in:
parent
80ce34d52f
commit
97300459fd
|
@ -7,3 +7,4 @@
|
|||
*.backup
|
||||
secrets
|
||||
k8s/
|
||||
k8s2/
|
||||
|
|
|
@ -1 +1 @@
|
|||
0.11.8
|
||||
0.11.12-beta1
|
||||
|
|
|
@ -1,77 +1,12 @@
|
|||
module "etcd" {
|
||||
source = "modules/etcd"
|
||||
data_dir = "/mnt/disk/etcd"
|
||||
host_bind_ip = "10.8.0.1"
|
||||
domain = "etcd.bb8.fun"
|
||||
|
||||
pki = {
|
||||
ca_cert = "${module.bootkube.etcd_ca_cert}"
|
||||
server_cert = "${module.bootkube.etcd_server_cert}"
|
||||
server_key = "${module.bootkube.etcd_server_key}"
|
||||
peer_cert = "${module.bootkube.etcd_peer_cert}"
|
||||
peer_key = "${module.bootkube.etcd_peer_key}"
|
||||
}
|
||||
|
||||
providers = {
|
||||
docker = "docker.sydney"
|
||||
}
|
||||
|
||||
depends_on = "${module.bootkube.id}"
|
||||
}
|
||||
|
||||
module "kubelet-master" {
|
||||
source = "modules/kubelet"
|
||||
host_ip = "${var.ips["dovpn"]}"
|
||||
k8s_host = "k8s.${var.root-domain}"
|
||||
|
||||
assets = {
|
||||
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||
ca_cert = "${base64decode(module.bootkube.ca_cert)}"
|
||||
kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
|
||||
kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
|
||||
}
|
||||
|
||||
depends_on = "${module.bootkube-start.image}"
|
||||
module "k8s" {
|
||||
source = "modules/k8s"
|
||||
cluster_name = "k8s.${var.root-domain}"
|
||||
etcd_domain = "etcd.${var.root-domain}"
|
||||
etcd_data_dir = "/mnt/disk/etcd"
|
||||
asset_dir = "${path.root}/k8s2"
|
||||
host_ip = "${var.ips["dovpn"]}"
|
||||
|
||||
providers = {
|
||||
docker = "docker.sydney"
|
||||
}
|
||||
}
|
||||
|
||||
module "bootkube-start" {
|
||||
source = "modules/bootkube"
|
||||
mode = "start"
|
||||
host_ip = "${var.ips["dovpn"]}"
|
||||
k8s_host = "k8s.${var.root-domain}"
|
||||
asset-dir = "${path.root}/k8s"
|
||||
|
||||
assets = {
|
||||
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||
ca_cert = "${base64decode(module.bootkube.ca_cert)}"
|
||||
kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
|
||||
kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
|
||||
kubeconfig-kubelet = "${module.bootkube.kubeconfig-kubelet}"
|
||||
|
||||
# etcd_ca_cert = "${module.bootkube.etcd_ca_cert}"
|
||||
# etcd_client_cert = "${module.bootkube.etcd_client_cert}"
|
||||
# etcd_client_key = "${module.bootkube.etcd_client_key}"
|
||||
# etcd_server_cert = "${module.bootkube.etcd_server_cert}"
|
||||
# etcd_server_key = "${module.bootkube.etcd_server_key}"
|
||||
# etcd_peer_cert = "${module.bootkube.etcd_peer_cert}"
|
||||
# etcd_peer_key = "${module.bootkube.etcd_peer_key}"
|
||||
}
|
||||
|
||||
providers = {
|
||||
docker = "docker.sydney"
|
||||
}
|
||||
}
|
||||
|
||||
module "bootkube" {
|
||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"
|
||||
|
||||
cluster_name = "k8s.bb8.fun"
|
||||
api_servers = ["k8s.bb8.fun"]
|
||||
cluster_domain_suffix = "k8s.bb8.fun"
|
||||
etcd_servers = ["etcd.bb8.fun"]
|
||||
asset_dir = "./k8s"
|
||||
}
|
||||
|
|
|
@ -89,12 +89,6 @@ resource "docker_container" "bootkube" {
|
|||
content = "${var.assets["kubelet_key"]}"
|
||||
file = "/home/.bootkube/tls/kubelet.key"
|
||||
}
|
||||
# TODO: Generate Filenames Dynamically
|
||||
# TODO: Check if this is needed at all
|
||||
upload {
|
||||
content = "${file("${var.asset-dir}/auth/k8s.bb8.fun-config")}"
|
||||
file = "/home/.bootkube/auth/k8s.bb8.fun-config"
|
||||
}
|
||||
# auth/kubeconfig-kubelet
|
||||
upload {
|
||||
content = "${var.assets["kubeconfig-kubelet"]}"
|
||||
|
|
|
@ -1,13 +1,3 @@
|
|||
# output "exit_code" {
|
||||
# # TODO: Pick correct exit code
|
||||
# # value = "${coalesce(formatlist("%s", docker_container.render.*.exit_code))}"
|
||||
# # See https://github.com/hashicorp/terraform/issues/15165
|
||||
# value = "${var.mode == "render" ?
|
||||
# "${element(concat(docker_container.render.*.exit_code, list("")), 0)}" :
|
||||
# "${element(concat(docker_container.start.*.exit_code, list("")), 0)}"
|
||||
# }"
|
||||
# }
|
||||
|
||||
output "image" {
|
||||
value = "${docker_image.image.latest}"
|
||||
}
|
||||
|
|
|
@ -22,8 +22,6 @@ variable "service_cidr" {
|
|||
default = "10.96.0.0/16"
|
||||
}
|
||||
|
||||
variable "mode" {}
|
||||
|
||||
variable "version" {
|
||||
default = "0.14.0"
|
||||
}
|
||||
|
|
|
@ -30,4 +30,5 @@ variable "version" {
|
|||
|
||||
variable "host_bind_ip" {
|
||||
description = "IP address to expose the ports on host"
|
||||
default = "0.0.0.0"
|
||||
}
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
|
||||
resource "docker_container" "kubelet" {
|
||||
image = "${docker_image.image.latest}"
|
||||
name = "kubelet-static"
|
||||
name = "kubelet"
|
||||
|
||||
upload {
|
||||
file = "/etc/kubernetes/kubeconfig"
|
||||
file = "/etc/kubeconfig"
|
||||
content = "${var.assets["kubeconfig"]}"
|
||||
}
|
||||
|
||||
upload {
|
||||
file = "/etc/kubernetes/ca.crt"
|
||||
file = "/etc/kubeca.crt"
|
||||
content = "${var.assets["ca_cert"]}"
|
||||
}
|
||||
|
||||
|
@ -41,14 +41,6 @@ resource "docker_container" "kubelet" {
|
|||
host_path = "/var/lib/docker"
|
||||
}
|
||||
|
||||
// TODO: Test with this
|
||||
// It technically only needs the /etc/kubernetes/manifests
|
||||
// Make sure that the manifests directory exists
|
||||
upload {
|
||||
file = "/etc/kubernetes/manifests/.empty"
|
||||
content = ""
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/kubernetes"
|
||||
host_path = "/etc/kubernetes"
|
||||
|
@ -94,14 +86,6 @@ resource "docker_container" "kubelet" {
|
|||
read_only = true
|
||||
}
|
||||
|
||||
// Don't think this is needed anymore
|
||||
|
||||
volumes {
|
||||
container_path = "/rootfs"
|
||||
host_path = "/"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
// Deviates from kubelet-wrapper
|
||||
|
||||
volumes {
|
||||
|
@ -123,21 +107,19 @@ resource "docker_container" "kubelet" {
|
|||
"--anonymous-auth=false",
|
||||
"--authentication-token-webhook",
|
||||
"--authorization-mode=Webhook",
|
||||
"--cert-dir=/var/lib/kubelet/pki",
|
||||
"--client-ca-file=/etc/kubernetes/ca.crt",
|
||||
"--client-ca-file=/etc/kubeca.crt",
|
||||
"--cluster_dns=${var.dns_ip}",
|
||||
"--cluster_domain=${var.k8s_host}",
|
||||
"--exit-on-lock-contention=true",
|
||||
"--hostname-override=${var.host_ip}",
|
||||
"--kubeconfig=/etc/kubernetes/kubeconfig",
|
||||
"--kubeconfig=/etc/kubeconfig",
|
||||
"--lock-file=/var/run/lock/kubelet.lock",
|
||||
"--minimum-container-ttl-duration=10m0s",
|
||||
"--network-plugin=cni",
|
||||
"--node-labels=node-role.kubernetes.io/master",
|
||||
"--node-labels=${var.node_label}",
|
||||
"--pod-manifest-path=/etc/kubernetes/manifests",
|
||||
"--read-only-port=0",
|
||||
"--register-with-taints=${var.node_taints}",
|
||||
"--node-labels=${var.node_label}",
|
||||
"--rotate-certificates",
|
||||
]
|
||||
host {
|
||||
|
|
|
@ -9,7 +9,8 @@ variable "node_label" {
|
|||
}
|
||||
|
||||
variable "node_taints" {
|
||||
default = "node-role.kubernetes.io/master=:NoSchedule"
|
||||
description = "node taints"
|
||||
default = "node-role.kubernetes.io/master=:NoSchedule"
|
||||
}
|
||||
|
||||
variable "depends_on" {
|
||||
|
|
|
@ -11,6 +11,13 @@ provider "docker" {
|
|||
version = "~> 2.0.0"
|
||||
}
|
||||
|
||||
provider "docker" {
|
||||
host = "tcp://docker.captnemo.in:4243"
|
||||
cert_path = "./secrets/nautilus"
|
||||
alias = "nautilus"
|
||||
version = "~> 2.0.0"
|
||||
}
|
||||
|
||||
provider "kubernetes" {
|
||||
version = "1.3.0-custom"
|
||||
host = "https://k8s.bb8.fun:6443"
|
||||
|
|
Loading…
Reference in New Issue