Organize modules by platform and OS distribution

2025-07-16 07:11:34 +02:00 · 2017-07-24 19:37:27 -07:00
parent 75f4826097
commit 4df6bb81a8
15 changed files with 8 additions and 8 deletions
--- a/google-cloud/container-linux/kubernetes/bootkube.tf
+++ b/google-cloud/container-linux/kubernetes/bootkube.tf
@ -0,0 +1,12 @@
+# Self-hosted Kubernetes assets (kubeconfig, manifests)
+module "bootkube" {
+  source = "git::https://github.com/dghubble/bootkube-terraform.git?ref=v0.6.0"
+
+  cluster_name                  = "${var.cluster_name}"
+  api_servers                   = ["${var.k8s_domain_name}"]
+  etcd_servers                  = ["http://127.0.0.1:2379"]
+  asset_dir                     = "${var.asset_dir}"
+  pod_cidr                      = "${var.pod_cidr}"
+  service_cidr                  = "${var.service_cidr}"
+  experimental_self_hosted_etcd = "true"
+}
--- a/google-cloud/container-linux/kubernetes/cluster.tf
+++ b/google-cloud/container-linux/kubernetes/cluster.tf
@ -0,0 +1,44 @@
+module "controllers" {
+  source             = "../controllers"
+  cluster_name       = "${var.cluster_name}"
+  ssh_authorized_key = "${var.ssh_authorized_key}"
+
+  # GCE
+  network            = "${google_compute_network.network.name}"
+  count              = "${var.controller_count}"
+  dns_base_zone      = "${var.dns_base_zone}"
+  dns_base_zone_name = "${var.dns_base_zone_name}"
+  k8s_domain_name    = "${var.k8s_domain_name}"
+  zone               = "${var.zone}"
+  machine_type       = "${var.machine_type}"
+  os_image           = "${var.os_image}"
+  preemptible        = "${var.controller_preemptible}"
+
+  # configuration
+  service_cidr            = "${var.service_cidr}"
+  kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
+  kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
+  kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
+  kubeconfig_server       = "${module.bootkube.server}"
+}
+
+module "workers" {
+  source             = "../workers"
+  cluster_name       = "${var.cluster_name}"
+  ssh_authorized_key = "${var.ssh_authorized_key}"
+
+  # GCE
+  network      = "${google_compute_network.network.name}"
+  count        = "${var.worker_count}"
+  zone         = "${var.zone}"
+  machine_type = "${var.machine_type}"
+  os_image     = "${var.os_image}"
+  preemptible  = "${var.worker_preemptible}"
+
+  # configuration
+  service_cidr            = "${var.service_cidr}"
+  kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
+  kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
+  kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
+  kubeconfig_server       = "${module.bootkube.server}"
+}
--- a/google-cloud/container-linux/kubernetes/network.tf
+++ b/google-cloud/container-linux/kubernetes/network.tf
@ -0,0 +1,46 @@
+resource "google_compute_network" "network" {
+  name                    = "${var.cluster_name}"
+  description             = "Network for the ${var.cluster_name} cluster"
+  auto_create_subnetworks = true
+}
+
+resource "google_compute_firewall" "allow-ingress" {
+  name    = "${var.cluster_name}-allow-ingress"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = [80, 443]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "allow-ssh" {
+  name    = "${var.cluster_name}-allow-ssh"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = [22]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "allow-internal" {
+  name    = "${var.cluster_name}-allow-internal"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["1-65535"]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = ["1-65535"]
+  }
+
+  source_ranges = ["10.0.0.0/8"]
+}
--- a/google-cloud/container-linux/kubernetes/outputs.tf
+++ b/google-cloud/container-linux/kubernetes/outputs.tf
@ -0,0 +1,3 @@
+output "ingress_static_ip" {
+  value = "${module.workers.ingress_static_ip}"
+}
--- a/google-cloud/container-linux/kubernetes/ssh.tf
+++ b/google-cloud/container-linux/kubernetes/ssh.tf
@ -0,0 +1,25 @@
+# Secure copy bootkube assets to ONE controller and start bootkube to perform
+# one-time self-hosted cluster bootstrapping.
+resource "null_resource" "bootkube-start" {
+  depends_on = ["module.controllers", "module.workers", "module.bootkube"]
+
+  # TODO: SSH to a controller's IP instead of waiting on DNS resolution
+  connection {
+    type    = "ssh"
+    host    = "${var.k8s_domain_name}"
+    user    = "core"
+    timeout = "15m"
+  }
+
+  provisioner "file" {
+    source      = "${var.asset_dir}"
+    destination = "$HOME/assets"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mv /home/core/assets /opt/bootkube",
+      "sudo systemctl start bootkube",
+    ]
+  }
+}
--- a/google-cloud/container-linux/kubernetes/variables.tf
+++ b/google-cloud/container-linux/kubernetes/variables.tf
@ -0,0 +1,87 @@
+variable "cluster_name" {
+  type        = "string"
+  description = "Cluster name"
+}
+
+variable "ssh_authorized_key" {
+  type        = "string"
+  description = "SSH public key for logging in as user 'core'"
+}
+
+variable "dns_base_zone" {
+  type        = "string"
+  description = "Google Cloud DNS Zone value to create etcd/k8s subdomains (e.g. dghubble.io)"
+}
+
+variable "dns_base_zone_name" {
+  type        = "string"
+  description = "Google Cloud DNS Zone name to create etcd/k8s subdomains (e.g. dghubble-io)"
+}
+
+variable "k8s_domain_name" {
+  type        = "string"
+  description = "Controller DNS name which resolves to the controller instance. Kubectl and workers use TLS client credentials to communicate via this endpoint."
+}
+
+variable "zone" {
+  type        = "string"
+  description = "Google zone that compute instances should be created in (e.g. gcloud compute zones list)"
+}
+
+variable "machine_type" {
+  type        = "string"
+  default     = "n1-standard-1"
+  description = "Machine type for compute instances (e.g. gcloud compute machine-types list)"
+}
+
+variable "os_image" {
+  type        = "string"
+  description = "OS image from which to initialize the disk (e.g. gcloud compute images list)"
+}
+
+variable "controller_count" {
+  type        = "string"
+  default     = "1"
+  description = "Number of workers"
+}
+
+variable "worker_count" {
+  type        = "string"
+  default     = "1"
+  description = "Number of workers"
+}
+
+variable "controller_preemptible" {
+  type        = "string"
+  default     = "false"
+  description = "If enabled, Compute Engine will terminate controllers randomly within 24 hours"
+}
+
+variable "worker_preemptible" {
+  type        = "string"
+  default     = "false"
+  description = "If enabled, Compute Engine will terminate workers randomly within 24 hours"
+}
+
+# bootkube assets
+
+variable "asset_dir" {
+  description = "Path to a directory where generated assets should be placed (contains secrets)"
+  type        = "string"
+}
+
+variable "pod_cidr" {
+  description = "CIDR IP range to assign Kubernetes pods"
+  type        = "string"
+  default     = "10.2.0.0/16"
+}
+
+variable "service_cidr" {
+  description = <<EOD
+CIDR IP range to assign Kubernetes services.
+The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for kube-dns, the 15th IP will be reserved for self-hosted etcd, and the 200th IP will be reserved for bootstrap self-hosted etcd.
+EOD
+
+  type    = "string"
+  default = "10.3.0.0/16"
+}