diff --git a/.gitignore b/.gitignore index d2ef326..e1e2930 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ *.backup secrets k8s/ +k8s2/ diff --git a/.terraform-version b/.terraform-version index 1ee43fc..e6adeaa 100644 --- a/.terraform-version +++ b/.terraform-version @@ -1 +1 @@ -0.11.8 +0.11.12-beta1 diff --git a/kubernetes.tf b/kubernetes.tf index db86c00..1a7cf98 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -1,77 +1,12 @@ -module "etcd" { - source = "modules/etcd" - data_dir = "/mnt/disk/etcd" - host_bind_ip = "10.8.0.1" - domain = "etcd.bb8.fun" - - pki = { - ca_cert = "${module.bootkube.etcd_ca_cert}" - server_cert = "${module.bootkube.etcd_server_cert}" - server_key = "${module.bootkube.etcd_server_key}" - peer_cert = "${module.bootkube.etcd_peer_cert}" - peer_key = "${module.bootkube.etcd_peer_key}" - } - - providers = { - docker = "docker.sydney" - } - - depends_on = "${module.bootkube.id}" -} - -module "kubelet-master" { - source = "modules/kubelet" - host_ip = "${var.ips["dovpn"]}" - k8s_host = "k8s.${var.root-domain}" - - assets = { - kubeconfig = "${module.bootkube.kubeconfig-kubelet}" - ca_cert = "${base64decode(module.bootkube.ca_cert)}" - kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}" - kubelet_key = "${base64decode(module.bootkube.kubelet_key)}" - } - - depends_on = "${module.bootkube-start.image}" +module "k8s" { + source = "modules/k8s" + cluster_name = "k8s.${var.root-domain}" + etcd_domain = "etcd.${var.root-domain}" + etcd_data_dir = "/mnt/disk/etcd" + asset_dir = "${path.root}/k8s2" + host_ip = "${var.ips["dovpn"]}" providers = { docker = "docker.sydney" } } - -module "bootkube-start" { - source = "modules/bootkube" - mode = "start" - host_ip = "${var.ips["dovpn"]}" - k8s_host = "k8s.${var.root-domain}" - asset-dir = "${path.root}/k8s" - - assets = { - kubeconfig = "${module.bootkube.kubeconfig-kubelet}" - ca_cert = "${base64decode(module.bootkube.ca_cert)}" - kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}" - kubelet_key = "${base64decode(module.bootkube.kubelet_key)}" - kubeconfig-kubelet = "${module.bootkube.kubeconfig-kubelet}" - - # etcd_ca_cert = "${module.bootkube.etcd_ca_cert}" - # etcd_client_cert = "${module.bootkube.etcd_client_cert}" - # etcd_client_key = "${module.bootkube.etcd_client_key}" - # etcd_server_cert = "${module.bootkube.etcd_server_cert}" - # etcd_server_key = "${module.bootkube.etcd_server_key}" - # etcd_peer_cert = "${module.bootkube.etcd_peer_cert}" - # etcd_peer_key = "${module.bootkube.etcd_peer_key}" - } - - providers = { - docker = "docker.sydney" - } -} - -module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a" - - cluster_name = "k8s.bb8.fun" - api_servers = ["k8s.bb8.fun"] - cluster_domain_suffix = "k8s.bb8.fun" - etcd_servers = ["etcd.bb8.fun"] - asset_dir = "./k8s" -} diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf index 654da70..188a0ec 100644 --- a/modules/bootkube/main.tf +++ b/modules/bootkube/main.tf @@ -89,12 +89,6 @@ resource "docker_container" "bootkube" { content = "${var.assets["kubelet_key"]}" file = "/home/.bootkube/tls/kubelet.key" } - # TODO: Generate Filenames Dynamically - # TODO: Check if this is needed at all - upload { - content = "${file("${var.asset-dir}/auth/k8s.bb8.fun-config")}" - file = "/home/.bootkube/auth/k8s.bb8.fun-config" - } # auth/kubeconfig-kubelet upload { content = "${var.assets["kubeconfig-kubelet"]}" diff --git a/modules/bootkube/outputs.tf b/modules/bootkube/outputs.tf index 29077f3..acc0ef3 100644 --- a/modules/bootkube/outputs.tf +++ b/modules/bootkube/outputs.tf @@ -1,13 +1,3 @@ -# output "exit_code" { -# # TODO: Pick correct exit code -# # value = "${coalesce(formatlist("%s", docker_container.render.*.exit_code))}" -# # See https://github.com/hashicorp/terraform/issues/15165 -# value = "${var.mode == "render" ? -# "${element(concat(docker_container.render.*.exit_code, list("")), 0)}" : -# "${element(concat(docker_container.start.*.exit_code, list("")), 0)}" -# }" -# } - output "image" { value = "${docker_image.image.latest}" } diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf index 1325b72..45f8246 100644 --- a/modules/bootkube/variables.tf +++ b/modules/bootkube/variables.tf @@ -22,8 +22,6 @@ variable "service_cidr" { default = "10.96.0.0/16" } -variable "mode" {} - variable "version" { default = "0.14.0" } diff --git a/modules/etcd/variables.tf b/modules/etcd/variables.tf index d47db7e..6b8c90a 100644 --- a/modules/etcd/variables.tf +++ b/modules/etcd/variables.tf @@ -30,4 +30,5 @@ variable "version" { variable "host_bind_ip" { description = "IP address to expose the ports on host" + default = "0.0.0.0" } diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf index 86415ff..6903f4b 100644 --- a/modules/kubelet/main.tf +++ b/modules/kubelet/main.tf @@ -1,15 +1,15 @@ // This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper resource "docker_container" "kubelet" { image = "${docker_image.image.latest}" - name = "kubelet-static" + name = "kubelet" upload { - file = "/etc/kubernetes/kubeconfig" + file = "/etc/kubeconfig" content = "${var.assets["kubeconfig"]}" } upload { - file = "/etc/kubernetes/ca.crt" + file = "/etc/kubeca.crt" content = "${var.assets["ca_cert"]}" } @@ -41,14 +41,6 @@ resource "docker_container" "kubelet" { host_path = "/var/lib/docker" } - // TODO: Test with this - // It technically only needs the /etc/kubernetes/manifests - // Make sure that the manifests directory exists - upload { - file = "/etc/kubernetes/manifests/.empty" - content = "" - } - volumes { container_path = "/etc/kubernetes" host_path = "/etc/kubernetes" @@ -94,14 +86,6 @@ resource "docker_container" "kubelet" { read_only = true } - // Don't think this is needed anymore - - volumes { - container_path = "/rootfs" - host_path = "/" - read_only = true - } - // Deviates from kubelet-wrapper volumes { @@ -123,21 +107,19 @@ resource "docker_container" "kubelet" { "--anonymous-auth=false", "--authentication-token-webhook", "--authorization-mode=Webhook", - "--cert-dir=/var/lib/kubelet/pki", - "--client-ca-file=/etc/kubernetes/ca.crt", + "--client-ca-file=/etc/kubeca.crt", "--cluster_dns=${var.dns_ip}", "--cluster_domain=${var.k8s_host}", "--exit-on-lock-contention=true", "--hostname-override=${var.host_ip}", - "--kubeconfig=/etc/kubernetes/kubeconfig", + "--kubeconfig=/etc/kubeconfig", "--lock-file=/var/run/lock/kubelet.lock", "--minimum-container-ttl-duration=10m0s", "--network-plugin=cni", - "--node-labels=node-role.kubernetes.io/master", + "--node-labels=${var.node_label}", "--pod-manifest-path=/etc/kubernetes/manifests", "--read-only-port=0", "--register-with-taints=${var.node_taints}", - "--node-labels=${var.node_label}", "--rotate-certificates", ] host { diff --git a/modules/kubelet/variables.tf b/modules/kubelet/variables.tf index 788f03f..24e643f 100644 --- a/modules/kubelet/variables.tf +++ b/modules/kubelet/variables.tf @@ -9,7 +9,8 @@ variable "node_label" { } variable "node_taints" { - default = "node-role.kubernetes.io/master=:NoSchedule" + description = "node taints" + default = "node-role.kubernetes.io/master=:NoSchedule" } variable "depends_on" { diff --git a/providers.tf b/providers.tf index 7d4ce7b..e4d7417 100644 --- a/providers.tf +++ b/providers.tf @@ -11,6 +11,13 @@ provider "docker" { version = "~> 2.0.0" } +provider "docker" { + host = "tcp://docker.captnemo.in:4243" + cert_path = "./secrets/nautilus" + alias = "nautilus" + version = "~> 2.0.0" +} + provider "kubernetes" { version = "1.3.0-custom" host = "https://k8s.bb8.fun:6443"