General Updates
This commit is contained in:
parent
80ce34d52f
commit
97300459fd
|
@ -7,3 +7,4 @@
|
||||||
*.backup
|
*.backup
|
||||||
secrets
|
secrets
|
||||||
k8s/
|
k8s/
|
||||||
|
k8s2/
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
0.11.8
|
0.11.12-beta1
|
||||||
|
|
|
@ -1,77 +1,12 @@
|
||||||
module "etcd" {
|
module "k8s" {
|
||||||
source = "modules/etcd"
|
source = "modules/k8s"
|
||||||
data_dir = "/mnt/disk/etcd"
|
cluster_name = "k8s.${var.root-domain}"
|
||||||
host_bind_ip = "10.8.0.1"
|
etcd_domain = "etcd.${var.root-domain}"
|
||||||
domain = "etcd.bb8.fun"
|
etcd_data_dir = "/mnt/disk/etcd"
|
||||||
|
asset_dir = "${path.root}/k8s2"
|
||||||
pki = {
|
host_ip = "${var.ips["dovpn"]}"
|
||||||
ca_cert = "${module.bootkube.etcd_ca_cert}"
|
|
||||||
server_cert = "${module.bootkube.etcd_server_cert}"
|
|
||||||
server_key = "${module.bootkube.etcd_server_key}"
|
|
||||||
peer_cert = "${module.bootkube.etcd_peer_cert}"
|
|
||||||
peer_key = "${module.bootkube.etcd_peer_key}"
|
|
||||||
}
|
|
||||||
|
|
||||||
providers = {
|
|
||||||
docker = "docker.sydney"
|
|
||||||
}
|
|
||||||
|
|
||||||
depends_on = "${module.bootkube.id}"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "kubelet-master" {
|
|
||||||
source = "modules/kubelet"
|
|
||||||
host_ip = "${var.ips["dovpn"]}"
|
|
||||||
k8s_host = "k8s.${var.root-domain}"
|
|
||||||
|
|
||||||
assets = {
|
|
||||||
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
|
||||||
ca_cert = "${base64decode(module.bootkube.ca_cert)}"
|
|
||||||
kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
|
|
||||||
kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
|
|
||||||
}
|
|
||||||
|
|
||||||
depends_on = "${module.bootkube-start.image}"
|
|
||||||
|
|
||||||
providers = {
|
providers = {
|
||||||
docker = "docker.sydney"
|
docker = "docker.sydney"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
module "bootkube-start" {
|
|
||||||
source = "modules/bootkube"
|
|
||||||
mode = "start"
|
|
||||||
host_ip = "${var.ips["dovpn"]}"
|
|
||||||
k8s_host = "k8s.${var.root-domain}"
|
|
||||||
asset-dir = "${path.root}/k8s"
|
|
||||||
|
|
||||||
assets = {
|
|
||||||
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
|
||||||
ca_cert = "${base64decode(module.bootkube.ca_cert)}"
|
|
||||||
kubelet_cert = "${base64decode(module.bootkube.kubelet_cert)}"
|
|
||||||
kubelet_key = "${base64decode(module.bootkube.kubelet_key)}"
|
|
||||||
kubeconfig-kubelet = "${module.bootkube.kubeconfig-kubelet}"
|
|
||||||
|
|
||||||
# etcd_ca_cert = "${module.bootkube.etcd_ca_cert}"
|
|
||||||
# etcd_client_cert = "${module.bootkube.etcd_client_cert}"
|
|
||||||
# etcd_client_key = "${module.bootkube.etcd_client_key}"
|
|
||||||
# etcd_server_cert = "${module.bootkube.etcd_server_cert}"
|
|
||||||
# etcd_server_key = "${module.bootkube.etcd_server_key}"
|
|
||||||
# etcd_peer_cert = "${module.bootkube.etcd_peer_cert}"
|
|
||||||
# etcd_peer_key = "${module.bootkube.etcd_peer_key}"
|
|
||||||
}
|
|
||||||
|
|
||||||
providers = {
|
|
||||||
docker = "docker.sydney"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
module "bootkube" {
|
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"
|
|
||||||
|
|
||||||
cluster_name = "k8s.bb8.fun"
|
|
||||||
api_servers = ["k8s.bb8.fun"]
|
|
||||||
cluster_domain_suffix = "k8s.bb8.fun"
|
|
||||||
etcd_servers = ["etcd.bb8.fun"]
|
|
||||||
asset_dir = "./k8s"
|
|
||||||
}
|
|
||||||
|
|
|
@ -89,12 +89,6 @@ resource "docker_container" "bootkube" {
|
||||||
content = "${var.assets["kubelet_key"]}"
|
content = "${var.assets["kubelet_key"]}"
|
||||||
file = "/home/.bootkube/tls/kubelet.key"
|
file = "/home/.bootkube/tls/kubelet.key"
|
||||||
}
|
}
|
||||||
# TODO: Generate Filenames Dynamically
|
|
||||||
# TODO: Check if this is needed at all
|
|
||||||
upload {
|
|
||||||
content = "${file("${var.asset-dir}/auth/k8s.bb8.fun-config")}"
|
|
||||||
file = "/home/.bootkube/auth/k8s.bb8.fun-config"
|
|
||||||
}
|
|
||||||
# auth/kubeconfig-kubelet
|
# auth/kubeconfig-kubelet
|
||||||
upload {
|
upload {
|
||||||
content = "${var.assets["kubeconfig-kubelet"]}"
|
content = "${var.assets["kubeconfig-kubelet"]}"
|
||||||
|
|
|
@ -1,13 +1,3 @@
|
||||||
# output "exit_code" {
|
|
||||||
# # TODO: Pick correct exit code
|
|
||||||
# # value = "${coalesce(formatlist("%s", docker_container.render.*.exit_code))}"
|
|
||||||
# # See https://github.com/hashicorp/terraform/issues/15165
|
|
||||||
# value = "${var.mode == "render" ?
|
|
||||||
# "${element(concat(docker_container.render.*.exit_code, list("")), 0)}" :
|
|
||||||
# "${element(concat(docker_container.start.*.exit_code, list("")), 0)}"
|
|
||||||
# }"
|
|
||||||
# }
|
|
||||||
|
|
||||||
output "image" {
|
output "image" {
|
||||||
value = "${docker_image.image.latest}"
|
value = "${docker_image.image.latest}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,8 +22,6 @@ variable "service_cidr" {
|
||||||
default = "10.96.0.0/16"
|
default = "10.96.0.0/16"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "mode" {}
|
|
||||||
|
|
||||||
variable "version" {
|
variable "version" {
|
||||||
default = "0.14.0"
|
default = "0.14.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,4 +30,5 @@ variable "version" {
|
||||||
|
|
||||||
variable "host_bind_ip" {
|
variable "host_bind_ip" {
|
||||||
description = "IP address to expose the ports on host"
|
description = "IP address to expose the ports on host"
|
||||||
|
default = "0.0.0.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
|
// This is primarily based on https://github.com/coreos/coreos-overlay/blob/master/app-admin/kubelet-wrapper/files/kubelet-wrapper
|
||||||
resource "docker_container" "kubelet" {
|
resource "docker_container" "kubelet" {
|
||||||
image = "${docker_image.image.latest}"
|
image = "${docker_image.image.latest}"
|
||||||
name = "kubelet-static"
|
name = "kubelet"
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
file = "/etc/kubernetes/kubeconfig"
|
file = "/etc/kubeconfig"
|
||||||
content = "${var.assets["kubeconfig"]}"
|
content = "${var.assets["kubeconfig"]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
file = "/etc/kubernetes/ca.crt"
|
file = "/etc/kubeca.crt"
|
||||||
content = "${var.assets["ca_cert"]}"
|
content = "${var.assets["ca_cert"]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -41,14 +41,6 @@ resource "docker_container" "kubelet" {
|
||||||
host_path = "/var/lib/docker"
|
host_path = "/var/lib/docker"
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Test with this
|
|
||||||
// It technically only needs the /etc/kubernetes/manifests
|
|
||||||
// Make sure that the manifests directory exists
|
|
||||||
upload {
|
|
||||||
file = "/etc/kubernetes/manifests/.empty"
|
|
||||||
content = ""
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/kubernetes"
|
container_path = "/etc/kubernetes"
|
||||||
host_path = "/etc/kubernetes"
|
host_path = "/etc/kubernetes"
|
||||||
|
@ -94,14 +86,6 @@ resource "docker_container" "kubelet" {
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Don't think this is needed anymore
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
container_path = "/rootfs"
|
|
||||||
host_path = "/"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deviates from kubelet-wrapper
|
// Deviates from kubelet-wrapper
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
|
@ -123,21 +107,19 @@ resource "docker_container" "kubelet" {
|
||||||
"--anonymous-auth=false",
|
"--anonymous-auth=false",
|
||||||
"--authentication-token-webhook",
|
"--authentication-token-webhook",
|
||||||
"--authorization-mode=Webhook",
|
"--authorization-mode=Webhook",
|
||||||
"--cert-dir=/var/lib/kubelet/pki",
|
"--client-ca-file=/etc/kubeca.crt",
|
||||||
"--client-ca-file=/etc/kubernetes/ca.crt",
|
|
||||||
"--cluster_dns=${var.dns_ip}",
|
"--cluster_dns=${var.dns_ip}",
|
||||||
"--cluster_domain=${var.k8s_host}",
|
"--cluster_domain=${var.k8s_host}",
|
||||||
"--exit-on-lock-contention=true",
|
"--exit-on-lock-contention=true",
|
||||||
"--hostname-override=${var.host_ip}",
|
"--hostname-override=${var.host_ip}",
|
||||||
"--kubeconfig=/etc/kubernetes/kubeconfig",
|
"--kubeconfig=/etc/kubeconfig",
|
||||||
"--lock-file=/var/run/lock/kubelet.lock",
|
"--lock-file=/var/run/lock/kubelet.lock",
|
||||||
"--minimum-container-ttl-duration=10m0s",
|
"--minimum-container-ttl-duration=10m0s",
|
||||||
"--network-plugin=cni",
|
"--network-plugin=cni",
|
||||||
"--node-labels=node-role.kubernetes.io/master",
|
"--node-labels=${var.node_label}",
|
||||||
"--pod-manifest-path=/etc/kubernetes/manifests",
|
"--pod-manifest-path=/etc/kubernetes/manifests",
|
||||||
"--read-only-port=0",
|
"--read-only-port=0",
|
||||||
"--register-with-taints=${var.node_taints}",
|
"--register-with-taints=${var.node_taints}",
|
||||||
"--node-labels=${var.node_label}",
|
|
||||||
"--rotate-certificates",
|
"--rotate-certificates",
|
||||||
]
|
]
|
||||||
host {
|
host {
|
||||||
|
|
|
@ -9,7 +9,8 @@ variable "node_label" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "node_taints" {
|
variable "node_taints" {
|
||||||
default = "node-role.kubernetes.io/master=:NoSchedule"
|
description = "node taints"
|
||||||
|
default = "node-role.kubernetes.io/master=:NoSchedule"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "depends_on" {
|
variable "depends_on" {
|
||||||
|
|
|
@ -11,6 +11,13 @@ provider "docker" {
|
||||||
version = "~> 2.0.0"
|
version = "~> 2.0.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "docker" {
|
||||||
|
host = "tcp://docker.captnemo.in:4243"
|
||||||
|
cert_path = "./secrets/nautilus"
|
||||||
|
alias = "nautilus"
|
||||||
|
version = "~> 2.0.0"
|
||||||
|
}
|
||||||
|
|
||||||
provider "kubernetes" {
|
provider "kubernetes" {
|
||||||
version = "1.3.0-custom"
|
version = "1.3.0-custom"
|
||||||
host = "https://k8s.bb8.fun:6443"
|
host = "https://k8s.bb8.fun:6443"
|
||||||
|
|
Loading…
Reference in New Issue