fix etcd, c-m, and node label/taints for kubelet

2019-01-27 20:07:52 +05:30 · 2019-01-27 20:07:52 +05:30 · ff8efd3139
parent 6586244fa8
commit ff8efd3139
4 changed files with 15 additions and 5 deletions
--- a/modules/bootkube/main.tf
+++ b/modules/bootkube/main.tf
@ -61,6 +61,10 @@ resource "docker_container" "bootkube" {
    file    = "/home/.bootkube/tls/service-account.pub"
    content = "${file("${var.asset-dir}/tls/service-account.pub")}"
  }
+  upload {
+    file    = "/home/.bootkube/tls/service-account.key"
+    content = "${file("${var.asset-dir}/tls/service-account.key")}"
+  }
  upload {
    content = "${file("${var.asset-dir}/tls/ca.key")}"
    file    = "/home/.bootkube/tls/ca.key"
--- a/modules/etcd/main.tf
+++ b/modules/etcd/main.tf
@ -46,7 +46,7 @@ resource "docker_container" "etcd" {

  env = [
    "ETCD_NAME=${var.node_name}",
-    "ETCD_DATA_DIR=/var/lib/etcd",
+    "ETCD_DATA_DIR=/etcd-data",
    "ETCD_ADVERTISE_CLIENT_URLS=https://${var.domain}:2379",
    "ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${var.domain}:2380",
    "ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379",
--- a/modules/kubelet/main.tf
+++ b/modules/kubelet/main.tf
@ -101,8 +101,10 @@ resource "docker_container" "kubelet" {
    "--anonymous-auth=false",
    "--authentication-token-webhook",
    "--authorization-mode=Webhook",
-    "--cert-dir=/var/lib/kubelet/pki",
+
+    # "--cert-dir=/var/lib/kubelet/pki",
    "--client-ca-file=/etc/kubernetes/ca.crt",
+
    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",

@ -117,6 +119,8 @@ resource "docker_container" "kubelet" {
    "--node-labels=node-role.kubernetes.io/master",
    "--pod-manifest-path=/etc/kubernetes/manifests",
    "--read-only-port=0",
+    "--register-with-taints=${var.node_taints}",
+    "--node-labels=${var.node_label}",
    "--rotate-certificates",
  ]
  host {
@ -125,8 +129,6 @@ resource "docker_container" "kubelet" {
  }

  # TODO
-  # "--register-with-taints=${var.node_taints}",
-  # "--node-labels=${var.node_label}",

  network_mode = "host"
  privileged   = true
--- a/modules/kubelet/variables.tf
+++ b/modules/kubelet/variables.tf
@ -5,7 +5,11 @@ variable "version" {

 variable "node_label" {
  description = "kubelet version"
-  default     = "node.kubernetes.io/master"
+  default     = "node-role.kubernetes.io/master"
+}
+
+variable "node_taints" {
+  default = "node-role.kubernetes.io/master=:NoSchedule"
 }

 variable "depends_on" {