From 2ba0181dbe0bb421fedcbaf7cb54340a4a081d14 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Mon, 27 May 2019 20:42:48 -0700 Subject: [PATCH] Migrate AWS module Terraform v0.11 to v0.12 * Replace v0.11 bracket type hints with Terraform v0.12 list expressions * Use expression syntax instead of interpolated strings, where suggested * Update AWS tutorial and worker pools documentation * Define Terraform and plugin version requirements in versions.tf * Require aws ~> 2.7 to support Terraform v0.12 * Require ct ~> 0.3.2 to support Terraform v0.12 --- CHANGES.md | 3 + aws/container-linux/kubernetes/ami.tf | 7 +- aws/container-linux/kubernetes/bootkube.tf | 25 ++-- aws/container-linux/kubernetes/controllers.tf | 64 +++++----- aws/container-linux/kubernetes/network.tf | 46 +++++--- aws/container-linux/kubernetes/nlb.tf | 31 ++--- aws/container-linux/kubernetes/outputs.tf | 21 ++-- aws/container-linux/kubernetes/require.tf | 25 ---- aws/container-linux/kubernetes/security.tf | 109 +++++++++--------- aws/container-linux/kubernetes/ssh.tf | 31 ++--- aws/container-linux/kubernetes/variables.tf | 58 +++++----- aws/container-linux/kubernetes/versions.tf | 11 ++ aws/container-linux/kubernetes/workers.tf | 31 ++--- aws/container-linux/kubernetes/workers/ami.tf | 7 +- .../kubernetes/workers/ingress.tf | 5 +- .../kubernetes/workers/outputs.tf | 5 +- .../kubernetes/workers/variables.tf | 38 +++--- .../kubernetes/workers/versions.tf | 4 + .../kubernetes/workers/workers.tf | 65 ++++++----- docs/advanced/worker-pools.md | 26 ++--- docs/cl/aws.md | 38 +----- 21 files changed, 321 insertions(+), 329 deletions(-) delete mode 100644 aws/container-linux/kubernetes/require.tf create mode 100644 aws/container-linux/kubernetes/versions.tf create mode 100644 aws/container-linux/kubernetes/workers/versions.tf diff --git a/CHANGES.md b/CHANGES.md index 6bb34544..fb739fca 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -20,6 +20,9 @@ Notable changes between versions. ### AWS +* Migrate from Terraform v0.11 to v0.12.x (**action required!**) + * Require `terraform-provider-aws` v2.7+ to support Terraform v0.12 + * Require `terraform-provider-ct` v0.3.2+ to support Terraform v0.12 * Rename `worker` pool module `count` variable to `worker_count` ([#485](https://github.com/poseidon/typhoon/pull/485)) (action required) * `count` will become a reserved variable name in Terraform v0.12 diff --git a/aws/container-linux/kubernetes/ami.tf b/aws/container-linux/kubernetes/ami.tf index c2b8efbb..cde47bdf 100644 --- a/aws/container-linux/kubernetes/ami.tf +++ b/aws/container-linux/kubernetes/ami.tf @@ -2,10 +2,10 @@ locals { # Pick a CoreOS Container Linux derivative # coreos-stable -> Container Linux AMI # flatcar-stable -> Flatcar Linux AMI - ami_id = "${local.flavor == "flatcar" ? data.aws_ami.flatcar.image_id : data.aws_ami.coreos.image_id}" + ami_id = local.flavor == "flatcar" ? data.aws_ami.flatcar.image_id : data.aws_ami.coreos.image_id - flavor = "${element(split("-", var.os_image), 0)}" - channel = "${element(split("-", var.os_image), 1)}" + flavor = element(split("-", var.os_image), 0) + channel = element(split("-", var.os_image), 1) } data "aws_ami" "coreos" { @@ -47,3 +47,4 @@ data "aws_ami" "flatcar" { values = ["Flatcar-${local.channel}-*"] } } + diff --git a/aws/container-linux/kubernetes/bootkube.tf b/aws/container-linux/kubernetes/bootkube.tf index 0bb6b24f..9d7f10ef 100644 --- a/aws/container-linux/kubernetes/bootkube.tf +++ b/aws/container-linux/kubernetes/bootkube.tf @@ -1,16 +1,17 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=082921d67905417755609eebda7d39a7e26f7fdb" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=0103bc06bb3f597455a765bf5d916f9b241cbea0" - cluster_name = "${var.cluster_name}" - api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] - etcd_servers = ["${aws_route53_record.etcds.*.fqdn}"] - asset_dir = "${var.asset_dir}" - networking = "${var.networking}" - network_mtu = "${var.network_mtu}" - pod_cidr = "${var.pod_cidr}" - service_cidr = "${var.service_cidr}" - cluster_domain_suffix = "${var.cluster_domain_suffix}" - enable_reporting = "${var.enable_reporting}" - enable_aggregation = "${var.enable_aggregation}" + cluster_name = var.cluster_name + api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] + etcd_servers = aws_route53_record.etcds.*.fqdn + asset_dir = var.asset_dir + networking = var.networking + network_mtu = var.network_mtu + pod_cidr = var.pod_cidr + service_cidr = var.service_cidr + cluster_domain_suffix = var.cluster_domain_suffix + enable_reporting = var.enable_reporting + enable_aggregation = var.enable_aggregation } + diff --git a/aws/container-linux/kubernetes/controllers.tf b/aws/container-linux/kubernetes/controllers.tf index 7cac72c0..98e7d002 100644 --- a/aws/container-linux/kubernetes/controllers.tf +++ b/aws/container-linux/kubernetes/controllers.tf @@ -1,87 +1,89 @@ # Discrete DNS records for each controller's private IPv4 for etcd usage resource "aws_route53_record" "etcds" { - count = "${var.controller_count}" + count = var.controller_count # DNS Zone where record should be created - zone_id = "${var.dns_zone_id}" + zone_id = var.dns_zone_id - name = "${format("%s-etcd%d.%s.", var.cluster_name, count.index, var.dns_zone)}" + name = format("%s-etcd%d.%s.", var.cluster_name, count.index, var.dns_zone) type = "A" ttl = 300 # private IPv4 address for etcd - records = ["${element(aws_instance.controllers.*.private_ip, count.index)}"] + records = [element(aws_instance.controllers.*.private_ip, count.index)] } # Controller instances resource "aws_instance" "controllers" { - count = "${var.controller_count}" + count = var.controller_count tags = { Name = "${var.cluster_name}-controller-${count.index}" } - instance_type = "${var.controller_type}" + instance_type = var.controller_type - ami = "${local.ami_id}" - user_data = "${element(data.ct_config.controller-ignitions.*.rendered, count.index)}" + ami = local.ami_id + user_data = element(data.ct_config.controller-ignitions.*.rendered, count.index) # storage root_block_device { - volume_type = "${var.disk_type}" - volume_size = "${var.disk_size}" - iops = "${var.disk_iops}" + volume_type = var.disk_type + volume_size = var.disk_size + iops = var.disk_iops } # network associate_public_ip_address = true - subnet_id = "${element(aws_subnet.public.*.id, count.index)}" - vpc_security_group_ids = ["${aws_security_group.controller.id}"] + subnet_id = element(aws_subnet.public.*.id, count.index) + vpc_security_group_ids = [aws_security_group.controller.id] lifecycle { ignore_changes = [ - "ami", - "user_data", + ami, + user_data, ] } } # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = "${var.controller_count}" - content = "${element(data.template_file.controller-configs.*.rendered, count.index)}" + count = var.controller_count + content = element( + data.template_file.controller-configs.*.rendered, + count.index, + ) pretty_print = false - snippets = ["${var.controller_clc_snippets}"] + snippets = var.controller_clc_snippets } # Controller Container Linux configs data "template_file" "controller-configs" { - count = "${var.controller_count}" + count = var.controller_count - template = "${file("${path.module}/cl/controller.yaml.tmpl")}" + template = file("${path.module}/cl/controller.yaml.tmpl") vars = { # Cannot use cyclic dependencies on controllers or their DNS records etcd_name = "etcd${count.index}" etcd_domain = "${var.cluster_name}-etcd${count.index}.${var.dns_zone}" - # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,... - etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}" - - kubeconfig = "${indent(10, module.bootkube.kubeconfig-kubelet)}" - ssh_authorized_key = "${var.ssh_authorized_key}" - cluster_dns_service_ip = "${cidrhost(var.service_cidr, 10)}" - cluster_domain_suffix = "${var.cluster_domain_suffix}" + etcd_initial_cluster = join(",", data.template_file.etcds.*.rendered) + kubeconfig = indent(10, module.bootkube.kubeconfig-kubelet) + ssh_authorized_key = var.ssh_authorized_key + cluster_dns_service_ip = cidrhost(var.service_cidr, 10) + cluster_domain_suffix = var.cluster_domain_suffix } } data "template_file" "etcds" { - count = "${var.controller_count}" + count = var.controller_count template = "etcd$${index}=https://$${cluster_name}-etcd$${index}.$${dns_zone}:2380" vars = { - index = "${count.index}" - cluster_name = "${var.cluster_name}" - dns_zone = "${var.dns_zone}" + index = count.index + cluster_name = var.cluster_name + dns_zone = var.dns_zone } } + diff --git a/aws/container-linux/kubernetes/network.tf b/aws/container-linux/kubernetes/network.tf index 1be5073b..ae159ba5 100644 --- a/aws/container-linux/kubernetes/network.tf +++ b/aws/container-linux/kubernetes/network.tf @@ -1,57 +1,67 @@ -data "aws_availability_zones" "all" {} +data "aws_availability_zones" "all" { +} # Network VPC, gateway, and routes resource "aws_vpc" "network" { - cidr_block = "${var.host_cidr}" + cidr_block = var.host_cidr assign_generated_ipv6_cidr_block = true enable_dns_support = true enable_dns_hostnames = true - tags = "${map("Name", "${var.cluster_name}")}" + tags = { + "Name" = var.cluster_name + } } resource "aws_internet_gateway" "gateway" { - vpc_id = "${aws_vpc.network.id}" + vpc_id = aws_vpc.network.id - tags = "${map("Name", "${var.cluster_name}")}" + tags = { + "Name" = var.cluster_name + } } resource "aws_route_table" "default" { - vpc_id = "${aws_vpc.network.id}" + vpc_id = aws_vpc.network.id route { cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.gateway.id}" + gateway_id = aws_internet_gateway.gateway.id } route { ipv6_cidr_block = "::/0" - gateway_id = "${aws_internet_gateway.gateway.id}" + gateway_id = aws_internet_gateway.gateway.id } - tags = "${map("Name", "${var.cluster_name}")}" + tags = { + "Name" = var.cluster_name + } } # Subnets (one per availability zone) resource "aws_subnet" "public" { - count = "${length(data.aws_availability_zones.all.names)}" + count = length(data.aws_availability_zones.all.names) - vpc_id = "${aws_vpc.network.id}" - availability_zone = "${data.aws_availability_zones.all.names[count.index]}" + vpc_id = aws_vpc.network.id + availability_zone = data.aws_availability_zones.all.names[count.index] - cidr_block = "${cidrsubnet(var.host_cidr, 4, count.index)}" - ipv6_cidr_block = "${cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index)}" + cidr_block = cidrsubnet(var.host_cidr, 4, count.index) + ipv6_cidr_block = cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index) map_public_ip_on_launch = true assign_ipv6_address_on_creation = true - tags = "${map("Name", "${var.cluster_name}-public-${count.index}")}" + tags = { + "Name" = "${var.cluster_name}-public-${count.index}" + } } resource "aws_route_table_association" "public" { - count = "${length(data.aws_availability_zones.all.names)}" + count = length(data.aws_availability_zones.all.names) - route_table_id = "${aws_route_table.default.id}" - subnet_id = "${element(aws_subnet.public.*.id, count.index)}" + route_table_id = aws_route_table.default.id + subnet_id = element(aws_subnet.public.*.id, count.index) } + diff --git a/aws/container-linux/kubernetes/nlb.tf b/aws/container-linux/kubernetes/nlb.tf index ddcc52f5..08458a97 100644 --- a/aws/container-linux/kubernetes/nlb.tf +++ b/aws/container-linux/kubernetes/nlb.tf @@ -1,14 +1,14 @@ # Network Load Balancer DNS Record resource "aws_route53_record" "apiserver" { - zone_id = "${var.dns_zone_id}" + zone_id = var.dns_zone_id - name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}" + name = format("%s.%s.", var.cluster_name, var.dns_zone) type = "A" # AWS recommends their special "alias" records for NLBs alias { - name = "${aws_lb.nlb.dns_name}" - zone_id = "${aws_lb.nlb.zone_id}" + name = aws_lb.nlb.dns_name + zone_id = aws_lb.nlb.zone_id evaluate_target_health = true } } @@ -19,51 +19,51 @@ resource "aws_lb" "nlb" { load_balancer_type = "network" internal = false - subnets = ["${aws_subnet.public.*.id}"] + subnets = aws_subnet.public.*.id enable_cross_zone_load_balancing = true } # Forward TCP apiserver traffic to controllers resource "aws_lb_listener" "apiserver-https" { - load_balancer_arn = "${aws_lb.nlb.arn}" + load_balancer_arn = aws_lb.nlb.arn protocol = "TCP" port = "6443" default_action { type = "forward" - target_group_arn = "${aws_lb_target_group.controllers.arn}" + target_group_arn = aws_lb_target_group.controllers.arn } } # Forward HTTP ingress traffic to workers resource "aws_lb_listener" "ingress-http" { - load_balancer_arn = "${aws_lb.nlb.arn}" + load_balancer_arn = aws_lb.nlb.arn protocol = "TCP" port = 80 default_action { type = "forward" - target_group_arn = "${module.workers.target_group_http}" + target_group_arn = module.workers.target_group_http } } # Forward HTTPS ingress traffic to workers resource "aws_lb_listener" "ingress-https" { - load_balancer_arn = "${aws_lb.nlb.arn}" + load_balancer_arn = aws_lb.nlb.arn protocol = "TCP" port = 443 default_action { type = "forward" - target_group_arn = "${module.workers.target_group_https}" + target_group_arn = module.workers.target_group_https } } # Target group of controllers resource "aws_lb_target_group" "controllers" { name = "${var.cluster_name}-controllers" - vpc_id = "${aws_vpc.network.id}" + vpc_id = aws_vpc.network.id target_type = "instance" protocol = "TCP" @@ -85,9 +85,10 @@ resource "aws_lb_target_group" "controllers" { # Attach controller instances to apiserver NLB resource "aws_lb_target_group_attachment" "controllers" { - count = "${var.controller_count}" + count = var.controller_count - target_group_arn = "${aws_lb_target_group.controllers.arn}" - target_id = "${element(aws_instance.controllers.*.id, count.index)}" + target_group_arn = aws_lb_target_group.controllers.arn + target_id = element(aws_instance.controllers.*.id, count.index) port = 6443 } + diff --git a/aws/container-linux/kubernetes/outputs.tf b/aws/container-linux/kubernetes/outputs.tf index ac66d0fd..471c3300 100644 --- a/aws/container-linux/kubernetes/outputs.tf +++ b/aws/container-linux/kubernetes/outputs.tf @@ -1,53 +1,54 @@ output "kubeconfig-admin" { - value = "${module.bootkube.kubeconfig-admin}" + value = module.bootkube.kubeconfig-admin } # Outputs for Kubernetes Ingress output "ingress_dns_name" { - value = "${aws_lb.nlb.dns_name}" + value = aws_lb.nlb.dns_name description = "DNS name of the network load balancer for distributing traffic to Ingress controllers" } output "ingress_zone_id" { - value = "${aws_lb.nlb.zone_id}" + value = aws_lb.nlb.zone_id description = "Route53 zone id of the network load balancer DNS name that can be used in Route53 alias records" } # Outputs for worker pools output "vpc_id" { - value = "${aws_vpc.network.id}" + value = aws_vpc.network.id description = "ID of the VPC for creating worker instances" } output "subnet_ids" { - value = ["${aws_subnet.public.*.id}"] + value = aws_subnet.public.*.id description = "List of subnet IDs for creating worker instances" } output "worker_security_groups" { - value = ["${aws_security_group.worker.id}"] + value = [aws_security_group.worker.id] description = "List of worker security group IDs" } output "kubeconfig" { - value = "${module.bootkube.kubeconfig-kubelet}" + value = module.bootkube.kubeconfig-kubelet } # Outputs for custom load balancing output "nlb_id" { description = "ARN of the Network Load Balancer" - value = "${aws_lb.nlb.id}" + value = aws_lb.nlb.id } output "worker_target_group_http" { description = "ARN of a target group of workers for HTTP traffic" - value = "${module.workers.target_group_http}" + value = module.workers.target_group_http } output "worker_target_group_https" { description = "ARN of a target group of workers for HTTPS traffic" - value = "${module.workers.target_group_https}" + value = module.workers.target_group_https } + diff --git a/aws/container-linux/kubernetes/require.tf b/aws/container-linux/kubernetes/require.tf deleted file mode 100644 index 68f475d6..00000000 --- a/aws/container-linux/kubernetes/require.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Terraform version and plugin versions - -terraform { - required_version = ">= 0.11.0" -} - -provider "aws" { - version = ">= 1.13, < 3.0" -} - -provider "local" { - version = "~> 1.0" -} - -provider "null" { - version = "~> 1.0" -} - -provider "template" { - version = "~> 1.0" -} - -provider "tls" { - version = "~> 1.0" -} diff --git a/aws/container-linux/kubernetes/security.tf b/aws/container-linux/kubernetes/security.tf index 7672a92e..aa2f84cb 100644 --- a/aws/container-linux/kubernetes/security.tf +++ b/aws/container-linux/kubernetes/security.tf @@ -6,13 +6,15 @@ resource "aws_security_group" "controller" { name = "${var.cluster_name}-controller" description = "${var.cluster_name} controller security group" - vpc_id = "${aws_vpc.network.id}" + vpc_id = aws_vpc.network.id - tags = "${map("Name", "${var.cluster_name}-controller")}" + tags = { + "Name" = "${var.cluster_name}-controller" + } } resource "aws_security_group_rule" "controller-ssh" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" @@ -22,7 +24,7 @@ resource "aws_security_group_rule" "controller-ssh" { } resource "aws_security_group_rule" "controller-etcd" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" @@ -33,31 +35,31 @@ resource "aws_security_group_rule" "controller-etcd" { # Allow Prometheus to scrape etcd metrics resource "aws_security_group_rule" "controller-etcd-metrics" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" from_port = 2381 to_port = 2381 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-vxlan" { - count = "${var.networking == "flannel" ? 1 : 0}" + count = var.networking == "flannel" ? 1 : 0 - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "udp" from_port = 4789 to_port = 4789 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-vxlan-self" { - count = "${var.networking == "flannel" ? 1 : 0}" + count = var.networking == "flannel" ? 1 : 0 - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "udp" @@ -67,7 +69,7 @@ resource "aws_security_group_rule" "controller-vxlan-self" { } resource "aws_security_group_rule" "controller-apiserver" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" @@ -78,28 +80,28 @@ resource "aws_security_group_rule" "controller-apiserver" { # Allow Prometheus to scrape node-exporter daemonset resource "aws_security_group_rule" "controller-node-exporter" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" from_port = 9100 to_port = 9100 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } # Allow apiserver to access kubelets for exec, log, port-forward resource "aws_security_group_rule" "controller-kubelet" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" from_port = 10250 to_port = 10250 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-kubelet-self" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" @@ -109,17 +111,17 @@ resource "aws_security_group_rule" "controller-kubelet-self" { } resource "aws_security_group_rule" "controller-bgp" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" from_port = 179 to_port = 179 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-bgp-self" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = "tcp" @@ -129,17 +131,17 @@ resource "aws_security_group_rule" "controller-bgp-self" { } resource "aws_security_group_rule" "controller-ipip" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = 4 from_port = 0 to_port = 0 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-ipip-self" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = 4 @@ -149,17 +151,17 @@ resource "aws_security_group_rule" "controller-ipip-self" { } resource "aws_security_group_rule" "controller-ipip-legacy" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = 94 from_port = 0 to_port = 0 - source_security_group_id = "${aws_security_group.worker.id}" + source_security_group_id = aws_security_group.worker.id } resource "aws_security_group_rule" "controller-ipip-legacy-self" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "ingress" protocol = 94 @@ -169,7 +171,7 @@ resource "aws_security_group_rule" "controller-ipip-legacy-self" { } resource "aws_security_group_rule" "controller-egress" { - security_group_id = "${aws_security_group.controller.id}" + security_group_id = aws_security_group.controller.id type = "egress" protocol = "-1" @@ -185,13 +187,15 @@ resource "aws_security_group" "worker" { name = "${var.cluster_name}-worker" description = "${var.cluster_name} worker security group" - vpc_id = "${aws_vpc.network.id}" + vpc_id = aws_vpc.network.id - tags = "${map("Name", "${var.cluster_name}-worker")}" + tags = { + "Name" = "${var.cluster_name}-worker" + } } resource "aws_security_group_rule" "worker-ssh" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -201,7 +205,7 @@ resource "aws_security_group_rule" "worker-ssh" { } resource "aws_security_group_rule" "worker-http" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -211,7 +215,7 @@ resource "aws_security_group_rule" "worker-http" { } resource "aws_security_group_rule" "worker-https" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -221,21 +225,21 @@ resource "aws_security_group_rule" "worker-https" { } resource "aws_security_group_rule" "worker-vxlan" { - count = "${var.networking == "flannel" ? 1 : 0}" + count = var.networking == "flannel" ? 1 : 0 - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "udp" from_port = 4789 to_port = 4789 - source_security_group_id = "${aws_security_group.controller.id}" + source_security_group_id = aws_security_group.controller.id } resource "aws_security_group_rule" "worker-vxlan-self" { - count = "${var.networking == "flannel" ? 1 : 0}" + count = var.networking == "flannel" ? 1 : 0 - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "udp" @@ -246,7 +250,7 @@ resource "aws_security_group_rule" "worker-vxlan-self" { # Allow Prometheus to scrape node-exporter daemonset resource "aws_security_group_rule" "worker-node-exporter" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -256,7 +260,7 @@ resource "aws_security_group_rule" "worker-node-exporter" { } resource "aws_security_group_rule" "ingress-health" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -267,18 +271,18 @@ resource "aws_security_group_rule" "ingress-health" { # Allow apiserver to access kubelets for exec, log, port-forward resource "aws_security_group_rule" "worker-kubelet" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" from_port = 10250 to_port = 10250 - source_security_group_id = "${aws_security_group.controller.id}" + source_security_group_id = aws_security_group.controller.id } # Allow Prometheus to scrape kubelet metrics resource "aws_security_group_rule" "worker-kubelet-self" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -288,17 +292,17 @@ resource "aws_security_group_rule" "worker-kubelet-self" { } resource "aws_security_group_rule" "worker-bgp" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" from_port = 179 to_port = 179 - source_security_group_id = "${aws_security_group.controller.id}" + source_security_group_id = aws_security_group.controller.id } resource "aws_security_group_rule" "worker-bgp-self" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = "tcp" @@ -308,17 +312,17 @@ resource "aws_security_group_rule" "worker-bgp-self" { } resource "aws_security_group_rule" "worker-ipip" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = 4 from_port = 0 to_port = 0 - source_security_group_id = "${aws_security_group.controller.id}" + source_security_group_id = aws_security_group.controller.id } resource "aws_security_group_rule" "worker-ipip-self" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = 4 @@ -328,17 +332,17 @@ resource "aws_security_group_rule" "worker-ipip-self" { } resource "aws_security_group_rule" "worker-ipip-legacy" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = 94 from_port = 0 to_port = 0 - source_security_group_id = "${aws_security_group.controller.id}" + source_security_group_id = aws_security_group.controller.id } resource "aws_security_group_rule" "worker-ipip-legacy-self" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "ingress" protocol = 94 @@ -348,7 +352,7 @@ resource "aws_security_group_rule" "worker-ipip-legacy-self" { } resource "aws_security_group_rule" "worker-egress" { - security_group_id = "${aws_security_group.worker.id}" + security_group_id = aws_security_group.worker.id type = "egress" protocol = "-1" @@ -357,3 +361,4 @@ resource "aws_security_group_rule" "worker-egress" { cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } + diff --git a/aws/container-linux/kubernetes/ssh.tf b/aws/container-linux/kubernetes/ssh.tf index 111bbeaa..22b7a5d9 100644 --- a/aws/container-linux/kubernetes/ssh.tf +++ b/aws/container-linux/kubernetes/ssh.tf @@ -1,46 +1,46 @@ # Secure copy etcd TLS assets to controllers. resource "null_resource" "copy-controller-secrets" { - count = "${var.controller_count}" + count = var.controller_count connection { type = "ssh" - host = "${element(aws_instance.controllers.*.public_ip, count.index)}" + host = element(aws_instance.controllers.*.public_ip, count.index) user = "core" timeout = "15m" } provisioner "file" { - content = "${module.bootkube.etcd_ca_cert}" + content = module.bootkube.etcd_ca_cert destination = "$HOME/etcd-client-ca.crt" } provisioner "file" { - content = "${module.bootkube.etcd_client_cert}" + content = module.bootkube.etcd_client_cert destination = "$HOME/etcd-client.crt" } provisioner "file" { - content = "${module.bootkube.etcd_client_key}" + content = module.bootkube.etcd_client_key destination = "$HOME/etcd-client.key" } provisioner "file" { - content = "${module.bootkube.etcd_server_cert}" + content = module.bootkube.etcd_server_cert destination = "$HOME/etcd-server.crt" } provisioner "file" { - content = "${module.bootkube.etcd_server_key}" + content = module.bootkube.etcd_server_key destination = "$HOME/etcd-server.key" } provisioner "file" { - content = "${module.bootkube.etcd_peer_cert}" + content = module.bootkube.etcd_peer_cert destination = "$HOME/etcd-peer.crt" } provisioner "file" { - content = "${module.bootkube.etcd_peer_key}" + content = module.bootkube.etcd_peer_key destination = "$HOME/etcd-peer.key" } @@ -64,21 +64,21 @@ resource "null_resource" "copy-controller-secrets" { # one-time self-hosted cluster bootstrapping. resource "null_resource" "bootkube-start" { depends_on = [ - "module.bootkube", - "module.workers", - "aws_route53_record.apiserver", - "null_resource.copy-controller-secrets", + module.bootkube, + module.workers, + aws_route53_record.apiserver, + null_resource.copy-controller-secrets, ] connection { type = "ssh" - host = "${aws_instance.controllers.0.public_ip}" + host = aws_instance.controllers[0].public_ip user = "core" timeout = "15m" } provisioner "file" { - source = "${var.asset_dir}" + source = var.asset_dir destination = "$HOME/assets" } @@ -89,3 +89,4 @@ resource "null_resource" "bootkube-start" { ] } } + diff --git a/aws/container-linux/kubernetes/variables.tf b/aws/container-linux/kubernetes/variables.tf index 33be7faa..42d03282 100644 --- a/aws/container-linux/kubernetes/variables.tf +++ b/aws/container-linux/kubernetes/variables.tf @@ -1,90 +1,90 @@ variable "cluster_name" { - type = "string" + type = string description = "Unique cluster name (prepended to dns_zone)" } # AWS variable "dns_zone" { - type = "string" + type = string description = "AWS Route53 DNS Zone (e.g. aws.example.com)" } variable "dns_zone_id" { - type = "string" + type = string description = "AWS Route53 DNS Zone ID (e.g. Z3PAABBCFAKEC0)" } # instances variable "controller_count" { - type = "string" + type = string default = "1" description = "Number of controllers (i.e. masters)" } variable "worker_count" { - type = "string" + type = string default = "1" description = "Number of workers" } variable "controller_type" { - type = "string" + type = string default = "t3.small" description = "EC2 instance type for controllers" } variable "worker_type" { - type = "string" + type = string default = "t3.small" description = "EC2 instance type for workers" } variable "os_image" { - type = "string" + type = string default = "coreos-stable" description = "AMI channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)" } variable "disk_size" { - type = "string" + type = string default = "40" description = "Size of the EBS volume in GB" } variable "disk_type" { - type = "string" + type = string default = "gp2" description = "Type of the EBS volume (e.g. standard, gp2, io1)" } variable "disk_iops" { - type = "string" + type = string default = "0" description = "IOPS of the EBS volume (e.g. 100)" } variable "worker_price" { - type = "string" + type = string default = "" description = "Spot price in USD for autoscaling group spot instances. Leave as default empty string for autoscaling group to use on-demand instances. Note, switching in-place from spot to on-demand is not possible: https://github.com/terraform-providers/terraform-provider-aws/issues/4320" } variable "worker_target_groups" { - type = "list" + type = list(string) description = "Additional target group ARNs to which worker instances should be added" default = [] } variable "controller_clc_snippets" { - type = "list" + type = list(string) description = "Controller Container Linux Config snippets" default = [] } variable "worker_clc_snippets" { - type = "list" + type = list(string) description = "Worker Container Linux Config snippets" default = [] } @@ -92,36 +92,36 @@ variable "worker_clc_snippets" { # configuration variable "ssh_authorized_key" { - type = "string" + type = string description = "SSH public key for user 'core'" } variable "asset_dir" { description = "Path to a directory where generated assets should be placed (contains secrets)" - type = "string" + type = string } variable "networking" { description = "Choice of networking provider (calico or flannel)" - type = "string" + type = string default = "calico" } variable "network_mtu" { description = "CNI interface MTU (applies to calico only). Use 8981 if using instances types with Jumbo frames." - type = "string" + type = string default = "1480" } variable "host_cidr" { description = "CIDR IPv4 range to assign to EC2 nodes" - type = "string" + type = string default = "10.0.0.0/16" } variable "pod_cidr" { description = "CIDR IPv4 range to assign Kubernetes pods" - type = "string" + type = string default = "10.2.0.0/16" } @@ -131,24 +131,26 @@ CIDR IPv4 range to assign Kubernetes services. The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for coredns. EOD - type = "string" + + type = string default = "10.3.0.0/16" } variable "cluster_domain_suffix" { description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = "string" - default = "cluster.local" + type = string + default = "cluster.local" } variable "enable_reporting" { - type = "string" + type = string description = "Enable usage or analytics reporting to upstreams (Calico)" - default = "false" + default = "false" } variable "enable_aggregation" { description = "Enable the Kubernetes Aggregation Layer (defaults to false)" - type = "string" - default = "false" + type = string + default = "false" } + diff --git a/aws/container-linux/kubernetes/versions.tf b/aws/container-linux/kubernetes/versions.tf new file mode 100644 index 00000000..19d087c6 --- /dev/null +++ b/aws/container-linux/kubernetes/versions.tf @@ -0,0 +1,11 @@ +# Terraform version and plugin versions + +terraform { + required_version = "~> 0.12.0" + required_providers { + aws = "~> 2.7" + ct = "~> 0.3.2" + template = "~> 2.1" + null = "~> 2.1" + } +} diff --git a/aws/container-linux/kubernetes/workers.tf b/aws/container-linux/kubernetes/workers.tf index f28b13a5..5b3b787d 100644 --- a/aws/container-linux/kubernetes/workers.tf +++ b/aws/container-linux/kubernetes/workers.tf @@ -1,22 +1,23 @@ module "workers" { source = "./workers" - name = "${var.cluster_name}" + name = var.cluster_name # AWS - vpc_id = "${aws_vpc.network.id}" - subnet_ids = ["${aws_subnet.public.*.id}"] - security_groups = ["${aws_security_group.worker.id}"] - worker_count = "${var.worker_count}" - instance_type = "${var.worker_type}" - os_image = "${var.os_image}" - disk_size = "${var.disk_size}" - spot_price = "${var.worker_price}" - target_groups = ["${var.worker_target_groups}"] + vpc_id = aws_vpc.network.id + subnet_ids = aws_subnet.public.*.id + security_groups = [aws_security_group.worker.id] + worker_count = var.worker_count + instance_type = var.worker_type + os_image = var.os_image + disk_size = var.disk_size + spot_price = var.worker_price + target_groups = var.worker_target_groups # configuration - kubeconfig = "${module.bootkube.kubeconfig-kubelet}" - ssh_authorized_key = "${var.ssh_authorized_key}" - service_cidr = "${var.service_cidr}" - cluster_domain_suffix = "${var.cluster_domain_suffix}" - clc_snippets = "${var.worker_clc_snippets}" + kubeconfig = module.bootkube.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + cluster_domain_suffix = var.cluster_domain_suffix + clc_snippets = var.worker_clc_snippets } + diff --git a/aws/container-linux/kubernetes/workers/ami.tf b/aws/container-linux/kubernetes/workers/ami.tf index c2b8efbb..cde47bdf 100644 --- a/aws/container-linux/kubernetes/workers/ami.tf +++ b/aws/container-linux/kubernetes/workers/ami.tf @@ -2,10 +2,10 @@ locals { # Pick a CoreOS Container Linux derivative # coreos-stable -> Container Linux AMI # flatcar-stable -> Flatcar Linux AMI - ami_id = "${local.flavor == "flatcar" ? data.aws_ami.flatcar.image_id : data.aws_ami.coreos.image_id}" + ami_id = local.flavor == "flatcar" ? data.aws_ami.flatcar.image_id : data.aws_ami.coreos.image_id - flavor = "${element(split("-", var.os_image), 0)}" - channel = "${element(split("-", var.os_image), 1)}" + flavor = element(split("-", var.os_image), 0) + channel = element(split("-", var.os_image), 1) } data "aws_ami" "coreos" { @@ -47,3 +47,4 @@ data "aws_ami" "flatcar" { values = ["Flatcar-${local.channel}-*"] } } + diff --git a/aws/container-linux/kubernetes/workers/ingress.tf b/aws/container-linux/kubernetes/workers/ingress.tf index bdb7362f..6b25152f 100644 --- a/aws/container-linux/kubernetes/workers/ingress.tf +++ b/aws/container-linux/kubernetes/workers/ingress.tf @@ -2,7 +2,7 @@ resource "aws_lb_target_group" "workers-http" { name = "${var.name}-workers-http" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id target_type = "instance" protocol = "TCP" @@ -25,7 +25,7 @@ resource "aws_lb_target_group" "workers-http" { resource "aws_lb_target_group" "workers-https" { name = "${var.name}-workers-https" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id target_type = "instance" protocol = "TCP" @@ -45,3 +45,4 @@ resource "aws_lb_target_group" "workers-https" { interval = 10 } } + diff --git a/aws/container-linux/kubernetes/workers/outputs.tf b/aws/container-linux/kubernetes/workers/outputs.tf index 19552266..22f37885 100644 --- a/aws/container-linux/kubernetes/workers/outputs.tf +++ b/aws/container-linux/kubernetes/workers/outputs.tf @@ -1,9 +1,10 @@ output "target_group_http" { description = "ARN of a target group of workers for HTTP traffic" - value = "${aws_lb_target_group.workers-http.arn}" + value = aws_lb_target_group.workers-http.arn } output "target_group_https" { description = "ARN of a target group of workers for HTTPS traffic" - value = "${aws_lb_target_group.workers-https.arn}" + value = aws_lb_target_group.workers-https.arn } + diff --git a/aws/container-linux/kubernetes/workers/variables.tf b/aws/container-linux/kubernetes/workers/variables.tf index 9d10da36..67b5e061 100644 --- a/aws/container-linux/kubernetes/workers/variables.tf +++ b/aws/container-linux/kubernetes/workers/variables.tf @@ -1,77 +1,77 @@ variable "name" { - type = "string" + type = string description = "Unique name for the worker pool" } # AWS variable "vpc_id" { - type = "string" + type = string description = "Must be set to `vpc_id` output by cluster" } variable "subnet_ids" { - type = "list" + type = list(string) description = "Must be set to `subnet_ids` output by cluster" } variable "security_groups" { - type = "list" + type = list(string) description = "Must be set to `worker_security_groups` output by cluster" } # instances variable "worker_count" { - type = "string" + type = string default = "1" description = "Number of instances" } variable "instance_type" { - type = "string" + type = string default = "t3.small" description = "EC2 instance type" } variable "os_image" { - type = "string" + type = string default = "coreos-stable" description = "AMI channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)" } variable "disk_size" { - type = "string" + type = string default = "40" description = "Size of the EBS volume in GB" } variable "disk_type" { - type = "string" + type = string default = "gp2" description = "Type of the EBS volume (e.g. standard, gp2, io1)" } variable "disk_iops" { - type = "string" + type = string default = "0" description = "IOPS of the EBS volume (required for io1)" } variable "spot_price" { - type = "string" + type = string default = "" description = "Spot price in USD for autoscaling group spot instances. Leave as default empty string for autoscaling group to use on-demand instances. Note, switching in-place from spot to on-demand is not possible: https://github.com/terraform-providers/terraform-provider-aws/issues/4320" } variable "target_groups" { - type = "list" + type = list(string) description = "Additional target group ARNs to which instances should be added" default = [] } variable "clc_snippets" { - type = "list" + type = list(string) description = "Container Linux Config snippets" default = [] } @@ -79,12 +79,12 @@ variable "clc_snippets" { # configuration variable "kubeconfig" { - type = "string" + type = string description = "Must be set to `kubeconfig` output by cluster" } variable "ssh_authorized_key" { - type = "string" + type = string description = "SSH public key for user 'core'" } @@ -94,12 +94,14 @@ CIDR IPv4 range to assign Kubernetes services. The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for coredns. EOD - type = "string" + + type = string default = "10.3.0.0/16" } variable "cluster_domain_suffix" { description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = "string" - default = "cluster.local" + type = string + default = "cluster.local" } + diff --git a/aws/container-linux/kubernetes/workers/versions.tf b/aws/container-linux/kubernetes/workers/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/aws/container-linux/kubernetes/workers/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/aws/container-linux/kubernetes/workers/workers.tf b/aws/container-linux/kubernetes/workers/workers.tf index db5a454f..26f9eab3 100644 --- a/aws/container-linux/kubernetes/workers/workers.tf +++ b/aws/container-linux/kubernetes/workers/workers.tf @@ -3,24 +3,24 @@ resource "aws_autoscaling_group" "workers" { name = "${var.name}-worker ${aws_launch_configuration.worker.name}" # count - desired_capacity = "${var.worker_count}" - min_size = "${var.worker_count}" - max_size = "${var.worker_count + 2}" + desired_capacity = var.worker_count + min_size = var.worker_count + max_size = var.worker_count + 2 default_cooldown = 30 health_check_grace_period = 30 # network - vpc_zone_identifier = ["${var.subnet_ids}"] + vpc_zone_identifier = var.subnet_ids # template - launch_configuration = "${aws_launch_configuration.worker.name}" + launch_configuration = aws_launch_configuration.worker.name # target groups to which instances should be added - target_group_arns = [ - "${aws_lb_target_group.workers-http.id}", - "${aws_lb_target_group.workers-https.id}", - "${var.target_groups}", - ] + target_group_arns = flatten([ + aws_lb_target_group.workers-http.id, + aws_lb_target_group.workers-https.id, + var.target_groups, + ]) lifecycle { # override the default destroy and replace update behavior @@ -33,54 +33,57 @@ resource "aws_autoscaling_group" "workers" { # used. Disable wait to avoid issues and align with other clouds. wait_for_capacity_timeout = "0" - tags = [{ - key = "Name" - value = "${var.name}-worker" - propagate_at_launch = true - }] + tags = [ + { + key = "Name" + value = "${var.name}-worker" + propagate_at_launch = true + }, + ] } # Worker template resource "aws_launch_configuration" "worker" { - image_id = "${local.ami_id}" - instance_type = "${var.instance_type}" - spot_price = "${var.spot_price}" + image_id = local.ami_id + instance_type = var.instance_type + spot_price = var.spot_price enable_monitoring = false - user_data = "${data.ct_config.worker-ignition.rendered}" + user_data = data.ct_config.worker-ignition.rendered # storage root_block_device { - volume_type = "${var.disk_type}" - volume_size = "${var.disk_size}" - iops = "${var.disk_iops}" + volume_type = var.disk_type + volume_size = var.disk_size + iops = var.disk_iops } # network - security_groups = ["${var.security_groups}"] + security_groups = var.security_groups lifecycle { // Override the default destroy and replace update behavior create_before_destroy = true - ignore_changes = ["image_id"] + ignore_changes = [image_id] } } # Worker Ignition config data "ct_config" "worker-ignition" { - content = "${data.template_file.worker-config.rendered}" + content = data.template_file.worker-config.rendered pretty_print = false - snippets = ["${var.clc_snippets}"] + snippets = var.clc_snippets } # Worker Container Linux config data "template_file" "worker-config" { - template = "${file("${path.module}/cl/worker.yaml.tmpl")}" + template = file("${path.module}/cl/worker.yaml.tmpl") vars = { - kubeconfig = "${indent(10, var.kubeconfig)}" - ssh_authorized_key = "${var.ssh_authorized_key}" - cluster_dns_service_ip = "${cidrhost(var.service_cidr, 10)}" - cluster_domain_suffix = "${var.cluster_domain_suffix}" + kubeconfig = indent(10, var.kubeconfig) + ssh_authorized_key = var.ssh_authorized_key + cluster_dns_service_ip = cidrhost(var.service_cidr, 10) + cluster_domain_suffix = var.cluster_domain_suffix } } + diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index e3ac5981..7935a5de 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -16,21 +16,17 @@ Create a cluster following the AWS [tutorial](../cl/aws.md#cluster). Define a wo ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes/workers?ref=v1.14.3" - - providers = { - aws = "aws.default" - } + source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes/workers?ref=v1.14.4" # AWS - vpc_id = "${module.aws-tempest.vpc_id}" - subnet_ids = "${module.aws-tempest.subnet_ids}" - security_groups = "${module.aws-tempest.worker_security_groups}" + vpc_id = module.aws-tempest.vpc_id + subnet_ids = module.aws-tempest.subnet_ids + security_groups = module.aws-tempest.worker_security_groups # configuration - name = "tempest-worker-pool" - kubeconfig = "${module.aws-tempest.kubeconfig}" - ssh_authorized_key = "${var.ssh_authorized_key}" + name = "tempest-pool" + kubeconfig = module.aws-tempest.kubeconfig + ssh_authorized_key = var.ssh_authorized_key # optional worker_count = 2 @@ -56,10 +52,10 @@ The AWS internal `workers` module supports a number of [variables](https://githu | Name | Description | Example | |:-----|:------------|:--------| | name | Unique name (distinct from cluster name) | "tempest-m5s" | -| vpc_id | Must be set to `vpc_id` output by cluster | "${module.cluster.vpc_id}" | -| subnet_ids | Must be set to `subnet_ids` output by cluster | "${module.cluster.subnet_ids}" | -| security_groups | Must be set to `worker_security_groups` output by cluster | "${module.cluster.worker_security_groups}" | -| kubeconfig | Must be set to `kubeconfig` output by cluster | "${module.cluster.kubeconfig}" | +| vpc_id | Must be set to `vpc_id` output by cluster | module.cluster.vpc_id | +| subnet_ids | Must be set to `subnet_ids` output by cluster | module.cluster.subnet_ids | +| security_groups | Must be set to `worker_security_groups` output by cluster | module.cluster.worker_security_groups | +| kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig | | ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | #### Optional diff --git a/docs/cl/aws.md b/docs/cl/aws.md index abd33b68..7dbfffc4 100644 --- a/docs/cl/aws.md +++ b/docs/cl/aws.md @@ -10,15 +10,15 @@ Controllers are provisioned to run an `etcd-member` peer and a `kubelet` service * AWS Account and IAM credentials * AWS Route53 DNS Zone (registered Domain Name or delegated subdomain) -* Terraform v0.11.x and [terraform-provider-ct](https://github.com/poseidon/terraform-provider-ct) installed locally +* Terraform v0.12.x and [terraform-provider-ct](https://github.com/poseidon/terraform-provider-ct) installed locally ## Terraform Setup -Install [Terraform](https://www.terraform.io/downloads.html) v0.11.x on your system. +Install [Terraform](https://www.terraform.io/downloads.html) v0.12.x on your system. ```sh $ terraform version -Terraform v0.11.14 +Terraform v0.12.0 ``` Add the [terraform-provider-ct](https://github.com/poseidon/terraform-provider-ct) plugin binary for your system to `~/.terraform.d/plugins/`, noting the final name. @@ -49,9 +49,7 @@ Configure the AWS provider to use your access key credentials in a `providers.tf ```tf provider "aws" { - version = "~> 2.12.0" - alias = "default" - + version = "2.12.0" region = "eu-central-1" shared_credentials_file = "/home/user/.config/aws/credentials" } @@ -59,26 +57,6 @@ provider "aws" { provider "ct" { version = "0.3.2" } - -provider "local" { - version = "~> 1.0" - alias = "default" -} - -provider "null" { - version = "~> 1.0" - alias = "default" -} - -provider "template" { - version = "~> 1.0" - alias = "default" -} - -provider "tls" { - version = "~> 1.0" - alias = "default" -} ``` Additional configuration options are described in the `aws` provider [docs](https://www.terraform.io/docs/providers/aws/). @@ -94,14 +72,6 @@ Define a Kubernetes cluster using the module `aws/container-linux/kubernetes`. module "aws-tempest" { source = "git::https://github.com/poseidon/typhoon//aws/container-linux/kubernetes?ref=v1.14.3" - providers = { - aws = "aws.default" - local = "local.default" - null = "null.default" - template = "template.default" - tls = "tls.default" - } - # AWS cluster_name = "tempest" dns_zone = "aws.example.com"