Support Container Linux Config snippets on bare-metal

This commit is contained in:
Dalton Hubble 2018-07-25 22:44:07 -07:00
parent ec5ea51141
commit 4e7dfc115d
5 changed files with 104 additions and 4 deletions

View File

@ -4,6 +4,15 @@ Notable changes between versions.
## Latest ## Latest
#### Bare-Metal
* Introduce [Container Linux Config snippets](https://typhoon.psdn.io/advanced/customization/#container-linux) on bare-metal
* Validate and additively merge custom Container Linux Configs during terraform plan
* Define files, systemd units, dropins, networkd configs, mounts, users, and more
* [Require](https://typhoon.psdn.io/cl/bare-metal/#terraform-setup) `terraform-provider-ct` plugin v0.2.1 (action required!)
## v1.11.1
* Kubernetes [v1.11.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v1111) * Kubernetes [v1.11.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v1111)
#### Addons #### Addons

View File

@ -118,9 +118,18 @@ resource "matchbox_profile" "flatcar-install" {
resource "matchbox_profile" "controllers" { resource "matchbox_profile" "controllers" {
count = "${length(var.controller_names)}" count = "${length(var.controller_names)}"
name = "${format("%s-controller-%s", var.cluster_name, element(var.controller_names, count.index))}" name = "${format("%s-controller-%s", var.cluster_name, element(var.controller_names, count.index))}"
container_linux_config = "${element(data.template_file.controller-configs.*.rendered, count.index)}" raw_ignition = "${element(data.ct_config.controller-ignitions.*.rendered, count.index)}"
} }
data "ct_config" "controller-ignitions" {
count = "${length(var.controller_names)}"
content = "${element(data.template_file.controller-configs.*.rendered, count.index)}"
pretty_print = false
# Must use direct lookup. Cannot use lookup(map, key) since it only works for flat maps
snippets = ["${local.controller_clc_map[element(var.controller_names, count.index)]}"]
}
data "template_file" "controller-configs" { data "template_file" "controller-configs" {
count = "${length(var.controller_names)}" count = "${length(var.controller_names)}"
@ -143,7 +152,16 @@ data "template_file" "controller-configs" {
resource "matchbox_profile" "workers" { resource "matchbox_profile" "workers" {
count = "${length(var.worker_names)}" count = "${length(var.worker_names)}"
name = "${format("%s-worker-%s", var.cluster_name, element(var.worker_names, count.index))}" name = "${format("%s-worker-%s", var.cluster_name, element(var.worker_names, count.index))}"
container_linux_config = "${element(data.template_file.worker-configs.*.rendered, count.index)}" raw_ignition = "${element(data.ct_config.worker-ignitions.*.rendered, count.index)}"
}
data "ct_config" "worker-ignitions" {
count = "${length(var.worker_names)}"
content = "${element(data.template_file.worker-configs.*.rendered, count.index)}"
pretty_print = false
# Must use direct lookup. Cannot use lookup(map, key) since it only works for flat maps
snippets = ["${local.worker_clc_map[element(var.worker_names, count.index)]}"]
} }
data "template_file" "worker-configs" { data "template_file" "worker-configs" {
@ -161,3 +179,26 @@ data "template_file" "worker-configs" {
networkd_content = "${length(var.worker_networkds) == 0 ? "" : element(concat(var.worker_networkds, list("")), count.index)}" networkd_content = "${length(var.worker_networkds) == 0 ? "" : element(concat(var.worker_networkds, list("")), count.index)}"
} }
} }
locals {
# Hack to workaround https://github.com/hashicorp/terraform/issues/17251
# Default CLC snippets map every worker to list("\n") so all lookups succeed
controller_clc_default = "${zipmap(var.controller_names, chunklist(data.template_file.controller-clc-snippets.*.rendered, 1))}"
worker_clc_default = "${zipmap(var.worker_names, chunklist(data.template_file.worker-clc-snippets.*.rendered, 1))}"
# Union of the default and user specific snippets, later overrides prior.
controller_clc_map = "${merge(local.controller_clc_default, var.controller_clc_snippets)}"
worker_clc_map = "${merge(local.worker_clc_default, var.worker_clc_snippets)}"
}
// Horrible hack to generate a Terraform list of controller count length
data "template_file" "controller-clc-snippets" {
count = "${length(var.controller_names)}"
template = "\n"
}
// Horrible hack to generate a Terraform list of worker count length
data "template_file" "worker-clc-snippets" {
count = "${length(var.worker_names)}"
template = "\n"
}

View File

@ -25,26 +25,44 @@ variable "os_version" {
variable "controller_names" { variable "controller_names" {
type = "list" type = "list"
description = "Ordered list of controller names (e.g. [node1])"
} }
variable "controller_macs" { variable "controller_macs" {
type = "list" type = "list"
description = "Ordered list of controller identifying MAC addresses (e.g. [52:54:00:a1:9c:ae])"
} }
variable "controller_domains" { variable "controller_domains" {
type = "list" type = "list"
description = "Ordered list of controller FQDNs (e.g. [node1.example.com])"
}
variable "controller_clc_snippets" {
type = "map"
description = "Map from controller names to a lists of Container Linux Config snippets"
default = {}
} }
variable "worker_names" { variable "worker_names" {
type = "list" type = "list"
description = "Ordered list of worker names (e.g. [node2, node3])"
} }
variable "worker_macs" { variable "worker_macs" {
type = "list" type = "list"
description = "Ordered list of worker identifying MAC addresses (e.g. [52:54:00:b2:2f:86, 52:54:00:c3:61:77])"
} }
variable "worker_domains" { variable "worker_domains" {
type = "list" type = "list"
description = "Ordered list of worker FQDNs (e.g. [node2.example.com, node3.example.com])"
}
variable "worker_clc_snippets" {
type = "map"
description = "Map from worker names to a lists of Container Linux Config snippets"
default = {}
} }
# configuration # configuration

View File

@ -69,7 +69,7 @@ View the Container Linux Config [format](https://coreos.com/os/docs/1576.4.0/con
Write Container Linux Configs *snippets* as files in the repository where you keep Terraform configs for clusters (perhaps in a `clc` or `snippets` subdirectory). You may organize snippets in multiple files as desired, provided they are each valid. Write Container Linux Configs *snippets* as files in the repository where you keep Terraform configs for clusters (perhaps in a `clc` or `snippets` subdirectory). You may organize snippets in multiple files as desired, provided they are each valid.
Define an [AWS](https://typhoon.psdn.io/aws/#cluster), [Google Cloud](https://typhoon.psdn.io/google-cloud/#cluster), or [Digital Ocean](https://typhoon.psdn.io/digital-ocean/#cluster) cluster and fill in the optional `controller_clc_snippets` or `worker_clc_snippets` fields. For [AWS](https://typhoon.psdn.io/aws/#cluster), [Google Cloud](https://typhoon.psdn.io/google-cloud/#cluster), or [Digital Ocean](https://typhoon.psdn.io/digital-ocean/#cluster) clusters, define the optional `controller_clc_snippets` or `worker_clc_snippets` list variables.
``` ```
module "digital-ocean-nemo" { module "digital-ocean-nemo" {
@ -89,6 +89,28 @@ module "digital-ocean-nemo" {
} }
``` ```
Bare-Metal clusters allow different Container Linux snippets to be used for each node (since hardware may be heterogeneous). Define the optional `controller_clc_snippets` and `worker_clc_snippets` map variables using controller or worker keys.
```
module "bare-metal-mercury" {
...
worker_names = [
"node2",
"node3",
]
worker_clc_snippets = {
"node2" = [
"${file("./units/hello.yaml")}"
]
"node3" = [
"${file("./units/world.yaml")}",
"${file("./units/hello.yaml")}",
]
}
...
}
```
Plan the resources to be created. Plan the resources to be created.
``` ```

View File

@ -12,7 +12,7 @@ Controllers are provisioned to run an `etcd-member` peer and a `kubelet` service
* PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment * PXE-enabled [network boot](https://coreos.com/matchbox/docs/latest/network-setup.html) environment
* Matchbox v0.6+ deployment with API enabled * Matchbox v0.6+ deployment with API enabled
* Matchbox credentials `client.crt`, `client.key`, `ca.crt` * Matchbox credentials `client.crt`, `client.key`, `ca.crt`
* Terraform v0.11.x and [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox) installed locally * Terraform v0.11.x, [terraform-provider-matchbox](https://github.com/coreos/terraform-provider-matchbox), and [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) installed locally
## Machines ## Machines
@ -121,6 +121,14 @@ tar xzf terraform-provider-matchbox-v0.2.2-linux-amd64.tar.gz
sudo mv terraform-provider-matchbox-v0.2.2-linux-amd64/terraform-provider-matchbox /usr/local/bin/ sudo mv terraform-provider-matchbox-v0.2.2-linux-amd64/terraform-provider-matchbox /usr/local/bin/
``` ```
Add the [terraform-provider-ct](https://github.com/coreos/terraform-provider-ct) plugin binary for your system.
```sh
wget https://github.com/coreos/terraform-provider-ct/releases/download/v0.2.1/terraform-provider-ct-v0.2.1-linux-amd64.tar.gz
tar xzf terraform-provider-ct-v0.2.1-linux-amd64.tar.gz
sudo mv terraform-provider-ct-v0.2.1-linux-amd64/terraform-provider-ct /usr/local/bin/
```
Add the plugin to your `~/.terraformrc`. Add the plugin to your `~/.terraformrc`.
``` ```
@ -373,6 +381,8 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
| install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" | | install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" |
| networking | Choice of networking provider | "calico" | "calico" or "flannel" | | networking | Choice of networking provider | "calico" | "calico" or "flannel" |
| network_mtu | CNI interface MTU (calico-only) | 1480 | - | | network_mtu | CNI interface MTU (calico-only) | 1480 | - |
| controller_clc_snippets | Map from controller names to lists of Container Linux Config snippets | {} | |
| worker_clc_snippets | Map from worker names to lists of Container Linux Config snippets | {} | |
| network_ip_autodetection_method | Method to detect host IPv4 address (calico-only) | first-found | can-reach=10.0.0.1 | | network_ip_autodetection_method | Method to detect host IPv4 address (calico-only) | first-found | can-reach=10.0.0.1 |
| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | | pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | | service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |