CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove redundant kubeconfig copy on AWS and GCP 

* AWS and Google Cloud make use of auto-scaling groups
and managed instance groups, respectively. As such, the
kubeconfig is already held in cloud user-data
* Controller instances are provisioned with a kubeconfig
from user-data. Its redundant to use a Terraform remote
file copy step for the kubeconfig.
This commit is contained in:
Dalton Hubble 2018-03-26 00:01:47 -07:00
parent cfd603bea2
commit 7acd4931f6
6 changed files with 28 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
aws/container-linux/kubernetes/controllers.tf
View File

@ -56,10 +56,10 @@ data "template_file" "controller_config" {
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,... # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}" etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
ssh_authorized_key = "${var.ssh_authorized_key}"
cluster_domain_suffix = "${var.cluster_domain_suffix}"
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}" kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
ssh_authorized_key = "${var.ssh_authorized_key}"
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
cluster_domain_suffix = "${var.cluster_domain_suffix}"
} }
} }

19
aws/container-linux/kubernetes/ssh.tf
View File

@ -1,5 +1,5 @@
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service # Secure copy etcd TLS assets to controllers.
resource "null_resource" "copy-secrets" { resource "null_resource" "copy-controller-secrets" {
count = "${var.controller_count}" count = "${var.controller_count}"
connection { connection {
@ -9,11 +9,6 @@ resource "null_resource" "copy-secrets" {
timeout = "15m" timeout = "15m"
} }
provisioner "file" {
content = "${module.bootkube.kubeconfig}"
destination = "$HOME/kubeconfig"
}
provisioner "file" { provisioner "file" {
content = "${module.bootkube.etcd_ca_cert}" content = "${module.bootkube.etcd_ca_cert}"
destination = "$HOME/etcd-client-ca.crt" destination = "$HOME/etcd-client-ca.crt"
@ -61,7 +56,6 @@ resource "null_resource" "copy-secrets" {
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key", "sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
"sudo chown -R etcd:etcd /etc/ssl/etcd", "sudo chown -R etcd:etcd /etc/ssl/etcd",
"sudo chmod -R 500 /etc/ssl/etcd", "sudo chmod -R 500 /etc/ssl/etcd",
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
] ]
} }
} }
@ -69,7 +63,12 @@ resource "null_resource" "copy-secrets" {
# Secure copy bootkube assets to ONE controller and start bootkube to perform # Secure copy bootkube assets to ONE controller and start bootkube to perform
# one-time self-hosted cluster bootstrapping. # one-time self-hosted cluster bootstrapping.
resource "null_resource" "bootkube-start" { resource "null_resource" "bootkube-start" {
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"] depends_on = [
"module.bootkube",
"module.workers",
"aws_route53_record.apiserver",
"null_resource.copy-controller-secrets",
]
connection { connection {
type = "ssh" type = "ssh"
@ -85,7 +84,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"sudo mv /home/core/assets /opt/bootkube", "sudo mv $HOME/assets /opt/bootkube",
"sudo systemctl start bootkube", "sudo systemctl start bootkube",
] ]
} }

4
google-cloud/container-linux/kubernetes/controllers/controllers.tf
View File

@ -65,10 +65,10 @@ data "template_file" "controller_config" {
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,... # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}" etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
kubeconfig = "${indent(10, var.kubeconfig)}"
ssh_authorized_key = "${var.ssh_authorized_key}"
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}" k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
cluster_domain_suffix = "${var.cluster_domain_suffix}" cluster_domain_suffix = "${var.cluster_domain_suffix}"
ssh_authorized_key = "${var.ssh_authorized_key}"
kubeconfig = "${indent(10, var.kubeconfig)}"
} }
} }

20
google-cloud/container-linux/kubernetes/ssh.tf
View File

@ -1,6 +1,5 @@
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service # Secure copy etcd TLS assets to controllers.
resource "null_resource" "copy-secrets" { resource "null_resource" "copy-controller-secrets" {
depends_on = ["module.bootkube"]
count = "${var.controller_count}" count = "${var.controller_count}"
connection { connection {
@ -10,11 +9,6 @@ resource "null_resource" "copy-secrets" {
timeout = "15m" timeout = "15m"
} }
provisioner "file" {
content = "${module.bootkube.kubeconfig}"
destination = "$HOME/kubeconfig"
}
provisioner "file" { provisioner "file" {
content = "${module.bootkube.etcd_ca_cert}" content = "${module.bootkube.etcd_ca_cert}"
destination = "$HOME/etcd-client-ca.crt" destination = "$HOME/etcd-client-ca.crt"
@ -62,7 +56,6 @@ resource "null_resource" "copy-secrets" {
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key", "sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
"sudo chown -R etcd:etcd /etc/ssl/etcd", "sudo chown -R etcd:etcd /etc/ssl/etcd",
"sudo chmod -R 500 /etc/ssl/etcd", "sudo chmod -R 500 /etc/ssl/etcd",
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
] ]
} }
} }
@ -70,7 +63,12 @@ resource "null_resource" "copy-secrets" {
# Secure copy bootkube assets to ONE controller and start bootkube to perform # Secure copy bootkube assets to ONE controller and start bootkube to perform
# one-time self-hosted cluster bootstrapping. # one-time self-hosted cluster bootstrapping.
resource "null_resource" "bootkube-start" { resource "null_resource" "bootkube-start" {
depends_on = ["module.controllers", "module.bootkube", "module.workers", "null_resource.copy-secrets"] depends_on = [
"module.bootkube",
"module.controllers",
"module.workers",
"null_resource.copy-controller-secrets",
]
connection { connection {
type = "ssh" type = "ssh"
@ -86,7 +84,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"sudo mv /home/core/assets /opt/bootkube", "sudo mv $HOME/assets /opt/bootkube",
"sudo systemctl start bootkube", "sudo systemctl start bootkube",
] ]
} }

8
google-cloud/container-linux/kubernetes/variables.tf
View File

@ -35,14 +35,14 @@ variable "worker_count" {
} }
variable controller_type { variable controller_type {
type = "string" type = "string"
default = "n1-standard-1" default = "n1-standard-1"
description = "Machine type for controllers (see `gcloud compute machine-types list`)" description = "Machine type for controllers (see `gcloud compute machine-types list`)"
} }
variable worker_type { variable worker_type {
type = "string" type = "string"
default = "n1-standard-1" default = "n1-standard-1"
description = "Machine type for controllers (see `gcloud compute machine-types list`)" description = "Machine type for controllers (see `gcloud compute machine-types list`)"
} }