digital-ocean: Distribute kubeconfig via Terraform null_resource

* Keep kubeconfig out of DigitalOcean metadata user-data
This commit is contained in:
Dalton Hubble
2017-09-13 20:08:28 -07:00
parent 64e8d207b1
commit 2ff6d602d8
5 changed files with 42 additions and 53 deletions

View File

@ -1,7 +1,30 @@
# Secure copy kubeconfig to all nodes. Activates kubelet.service
resource "null_resource" "copy-secrets" {
count = "${var.controller_count + var.worker_count}"
connection {
type = "ssh"
host = "${element(concat(digitalocean_droplet.controllers.*.ipv4_address, digitalocean_droplet.workers.*.ipv4_address), count.index)}"
user = "core"
timeout = "15m"
}
provisioner "file" {
content = "${module.bootkube.kubeconfig}"
destination = "$HOME/kubeconfig"
}
provisioner "remote-exec" {
inline = [
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
]
}
}
# Secure copy bootkube assets to ONE controller and start bootkube to perform
# one-time self-hosted cluster bootstrapping.
resource "null_resource" "bootkube-start" {
depends_on = ["module.bootkube", "digitalocean_droplet.controllers"]
depends_on = ["module.bootkube", "null_resource.copy-secrets", "digitalocean_droplet.controllers"]
connection {
type = "ssh"