Support Container Linux Config snippets on bare-metal
This commit is contained in:
parent
ec5ea51141
commit
4e7dfc115d
|
@ -4,6 +4,15 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
|
#### Bare-Metal
|
||||||
|
|
||||||
|
* Introduce [Container Linux Config snippets](https://typhoon.psdn.io/advanced/customization/#container-linux) on bare-metal
|
||||||
|
* Validate and additively merge custom Container Linux Configs during terraform plan
|
||||||
|
* Define files, systemd units, dropins, networkd configs, mounts, users, and more
|
||||||
|
* [Require](https://typhoon.psdn.io/cl/bare-metal/#terraform-setup) `terraform-provider-ct` plugin v0.2.1 (action required!)
|
||||||
|
|
||||||
|
## v1.11.1
|
||||||
|
|
||||||
* Kubernetes [v1.11.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v1111)
|
* Kubernetes [v1.11.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v1111)
|
||||||
|
|
||||||
#### Addons
|
#### Addons
|
||||||
|
|
|
@ -118,9 +118,18 @@ resource "matchbox_profile" "flatcar-install" {
|
||||||
resource "matchbox_profile" "controllers" {
|
resource "matchbox_profile" "controllers" {
|
||||||
count = "${length(var.controller_names)}"
|
count = "${length(var.controller_names)}"
|
||||||
name = "${format("%s-controller-%s", var.cluster_name, element(var.controller_names, count.index))}"
|
name = "${format("%s-controller-%s", var.cluster_name, element(var.controller_names, count.index))}"
|
||||||
container_linux_config = "${element(data.template_file.controller-configs.*.rendered, count.index)}"
|
raw_ignition = "${element(data.ct_config.controller-ignitions.*.rendered, count.index)}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data "ct_config" "controller-ignitions" {
|
||||||
|
count = "${length(var.controller_names)}"
|
||||||
|
content = "${element(data.template_file.controller-configs.*.rendered, count.index)}"
|
||||||
|
pretty_print = false
|
||||||
|
# Must use direct lookup. Cannot use lookup(map, key) since it only works for flat maps
|
||||||
|
snippets = ["${local.controller_clc_map[element(var.controller_names, count.index)]}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
data "template_file" "controller-configs" {
|
data "template_file" "controller-configs" {
|
||||||
count = "${length(var.controller_names)}"
|
count = "${length(var.controller_names)}"
|
||||||
|
|
||||||
|
@ -143,7 +152,16 @@ data "template_file" "controller-configs" {
|
||||||
resource "matchbox_profile" "workers" {
|
resource "matchbox_profile" "workers" {
|
||||||
count = "${length(var.worker_names)}"
|
count = "${length(var.worker_names)}"
|
||||||
name = "${format("%s-worker-%s", var.cluster_name, element(var.worker_names, count.index))}"
|
name = "${format("%s-worker-%s", var.cluster_name, element(var.worker_names, count.index))}"
|
||||||
container_linux_config = "${element(data.template_file.worker-configs.*.rendered, count.index)}"
|
raw_ignition = "${element(data.ct_config.worker-ignitions.*.rendered, count.index)}"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
data "ct_config" "worker-ignitions" {
|
||||||
|
count = "${length(var.worker_names)}"
|
||||||
|
content = "${element(data.template_file.worker-configs.*.rendered, count.index)}"
|
||||||
|
pretty_print = false
|
||||||
|
# Must use direct lookup. Cannot use lookup(map, key) since it only works for flat maps
|
||||||
|
snippets = ["${local.worker_clc_map[element(var.worker_names, count.index)]}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
data "template_file" "worker-configs" {
|
data "template_file" "worker-configs" {
|
||||||
|
@ -161,3 +179,26 @@ data "template_file" "worker-configs" {
|
||||||
networkd_content = "${length(var.worker_networkds) == 0 ? "" : element(concat(var.worker_networkds, list("")), count.index)}"
|
networkd_content = "${length(var.worker_networkds) == 0 ? "" : element(concat(var.worker_networkds, list("")), count.index)}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
# Hack to workaround https://github.com/hashicorp/terraform/issues/17251
|
||||||
|
# Default CLC snippets map every worker to list("\n") so all lookups succeed
|
||||||
|
controller_clc_default = "${zipmap(var.controller_names, chunklist(data.template_file.controller-clc-snippets.*.rendered, 1))}"
|
||||||
|
worker_clc_default = "${zipmap(var.worker_names, chunklist(data.template_file.worker-clc-snippets.*.rendered, 1))}"
|
||||||
|
# Union of the default and user specific snippets, later overrides prior.
|
||||||
|
controller_clc_map = "${merge(local.controller_clc_default, var.controller_clc_snippets)}"
|
||||||
|
worker_clc_map = "${merge(local.worker_clc_default, var.worker_clc_snippets)}"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Horrible hack to generate a Terraform list of controller count length
|
||||||
|
data "template_file" "controller-clc-snippets" {
|
||||||
|
count = "${length(var.controller_names)}"
|
||||||
|
template = "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Horrible hack to generate a Terraform list of worker count length
|
||||||
|
data "template_file" "worker-clc-snippets" {
|
||||||
|
count = "${length(var.worker_names)}"
|
||||||
|
template = "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,26 +25,44 @@ variable "os_version" {
|
||||||
|
|
||||||
variable "controller_names" {
|
variable "controller_names" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of controller names (e.g. [node1])"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "controller_macs" {
|
variable "controller_macs" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of controller identifying MAC addresses (e.g. [52:54:00:a1:9c:ae])"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "controller_domains" {
|
variable "controller_domains" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of controller FQDNs (e.g. [node1.example.com])"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "controller_clc_snippets" {
|
||||||
|
type = "map"
|
||||||
|
description = "Map from controller names to a lists of Container Linux Config snippets"
|
||||||
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "worker_names" {
|
variable "worker_names" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of worker names (e.g. [node2, node3])"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "worker_macs" {
|
variable "worker_macs" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of worker identifying MAC addresses (e.g. [52:54:00:b2:2f:86, 52:54:00:c3:61:77])"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "worker_domains" {
|
variable "worker_domains" {
|
||||||
type = "list"
|
type = "list"
|
||||||
|
description = "Ordered list of worker FQDNs (e.g. [node2.example.com, node3.example.com])"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "worker_clc_snippets" {
|
||||||
|
type = "map"
|
||||||
|
description = "Map from worker names to a lists of Container Linux Config snippets"
|
||||||
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
|
|
|
@ -69,7 +69,7 @@ View the Container Linux Config [format](https://coreos.com/os/docs/1576.4.0/con
|
||||||
|
|
||||||
Write Container Linux Configs *snippets* as files in the repository where you keep Terraform configs for clusters (perhaps in a `clc` or `snippets` subdirectory). You may organize snippets in multiple files as desired, provided they are each valid.
|
Write Container Linux Configs *snippets* as files in the repository where you keep Terraform configs for clusters (perhaps in a `clc` or `snippets` subdirectory). You may organize snippets in multiple files as desired, provided they are each valid.
|
||||||
|
|
||||||
Define an [AWS](https://typhoon.psdn.io/aws/#cluster), [Google Cloud](https://typhoon.psdn.io/google-cloud/#cluster), or [Digital Ocean](https://typhoon.psdn.io/digital-ocean/#cluster) cluster and fill in the optional `controller_clc_snippets` or `worker_clc_snippets` fields.
|
For [AWS](https://typhoon.psdn.io/aws/#cluster), [Google Cloud](https://typhoon.psdn.io/google-cloud/#cluster), or [Digital Ocean](https://typhoon.psdn.io/digital-ocean/#cluster) clusters, define the optional `controller_clc_snippets` or `worker_clc_snippets` list variables.
|
||||||
|
|
||||||
```
|
```
|
||||||
module "digital-ocean-nemo" {
|
module "digital-ocean-nemo" {
|
||||||
|
@ -89,6 +89,28 @@ module "digital-ocean-nemo" {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bare-Metal clusters allow different Container Linux snippets to be used for each node (since hardware may be heterogeneous). Define the optional `controller_clc_snippets` and `worker_clc_snippets` map variables using controller or worker keys.
|
||||||
|
|
||||||
|
```
|
||||||
|
module "bare-metal-mercury" {
|
||||||
|
...
|
||||||
|
worker_names = [
|
||||||
|
"node2",
|
||||||
|
"node3",
|
||||||
|
]
|
||||||
|
worker_clc_snippets = {
|
||||||
|
"node2" = [
|
||||||
|
"${file("./units/hello.yaml")}"
|
||||||
|
]
|
||||||
|
"node3" = [
|
||||||
|
"${file("./units/world.yaml")}",
|
||||||
|
"${file("./units/hello.yaml")}",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
Plan the resources to be created.
|
Plan the resources to be created.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
|
@ -12,7 +12,7 @@ Controllers are provisioned to run an `etcd-member` peer and a `kubelet` service
|
||||||
* PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment
|
* PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment
|
||||||
* Matchbox v0.6+ deployment with API enabled
|
* Matchbox v0.6+ deployment with API enabled
|
||||||
* Matchbox credentials `client.crt`, `client.key`, `ca.crt`
|
* Matchbox credentials `client.crt`, `client.key`, `ca.crt`
|
||||||
* Terraform v0.11.x and [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) installed locally
|
* Terraform v0.11.x, [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox), and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
|
||||||
|
|
||||||
## Machines
|
## Machines
|
||||||
|
|
||||||
|
@ -121,6 +121,14 @@ tar xzf terraform-provider-matchbox-v0.2.2-linux-amd64.tar.gz
|
||||||
sudo mv terraform-provider-matchbox-v0.2.2-linux-amd64/terraform-provider-matchbox /usr/local/bin/
|
sudo mv terraform-provider-matchbox-v0.2.2-linux-amd64/terraform-provider-matchbox /usr/local/bin/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
wget https://github.com/coreos/terraform-provider-ct/releases/download/v0.2.1/terraform-provider-ct-v0.2.1-linux-amd64.tar.gz
|
||||||
|
tar xzf terraform-provider-ct-v0.2.1-linux-amd64.tar.gz
|
||||||
|
sudo mv terraform-provider-ct-v0.2.1-linux-amd64/terraform-provider-ct /usr/local/bin/
|
||||||
|
```
|
||||||
|
|
||||||
Add the plugin to your `~/.terraformrc`.
|
Add the plugin to your `~/.terraformrc`.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -373,6 +381,8 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
|
||||||
| install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" |
|
| install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" |
|
||||||
| networking | Choice of networking provider | "calico" | "calico" or "flannel" |
|
| networking | Choice of networking provider | "calico" | "calico" or "flannel" |
|
||||||
| network_mtu | CNI interface MTU (calico-only) | 1480 | - |
|
| network_mtu | CNI interface MTU (calico-only) | 1480 | - |
|
||||||
|
| controller_clc_snippets | Map from controller names to lists of Container Linux Config snippets | {} | |
|
||||||
|
| worker_clc_snippets | Map from worker names to lists of Container Linux Config snippets | {} | |
|
||||||
| network_ip_autodetection_method | Method to detect host IPv4 address (calico-only) | first-found | can-reach=10.0.0.1 |
|
| network_ip_autodetection_method | Method to detect host IPv4 address (calico-only) | first-found | can-reach=10.0.0.1 |
|
||||||
| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
|
| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
|
||||||
| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |
|
| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |
|
||||||
|
|
Loading…
Reference in New Issue