Remove redundant kubeconfig copy on AWS and GCP
* AWS and Google Cloud make use of auto-scaling groups and managed instance groups, respectively. As such, the kubeconfig is already held in cloud user-data * Controller instances are provisioned with a kubeconfig from user-data. Its redundant to use a Terraform remote file copy step for the kubeconfig.
This commit is contained in:
parent
cfd603bea2
commit
7acd4931f6
|
@ -56,10 +56,10 @@ data "template_file" "controller_config" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
|
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
|
||||||
|
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
|
||||||
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
|
||||||
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service
|
# Secure copy etcd TLS assets to controllers.
|
||||||
resource "null_resource" "copy-secrets" {
|
resource "null_resource" "copy-controller-secrets" {
|
||||||
count = "${var.controller_count}"
|
count = "${var.controller_count}"
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
|
@ -9,11 +9,6 @@ resource "null_resource" "copy-secrets" {
|
||||||
timeout = "15m"
|
timeout = "15m"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
|
||||||
content = "${module.bootkube.kubeconfig}"
|
|
||||||
destination = "$HOME/kubeconfig"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.etcd_ca_cert}"
|
content = "${module.bootkube.etcd_ca_cert}"
|
||||||
destination = "$HOME/etcd-client-ca.crt"
|
destination = "$HOME/etcd-client-ca.crt"
|
||||||
|
@ -61,7 +56,6 @@ resource "null_resource" "copy-secrets" {
|
||||||
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
|
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
|
||||||
"sudo chown -R etcd:etcd /etc/ssl/etcd",
|
"sudo chown -R etcd:etcd /etc/ssl/etcd",
|
||||||
"sudo chmod -R 500 /etc/ssl/etcd",
|
"sudo chmod -R 500 /etc/ssl/etcd",
|
||||||
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -69,7 +63,12 @@ resource "null_resource" "copy-secrets" {
|
||||||
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
||||||
# one-time self-hosted cluster bootstrapping.
|
# one-time self-hosted cluster bootstrapping.
|
||||||
resource "null_resource" "bootkube-start" {
|
resource "null_resource" "bootkube-start" {
|
||||||
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"]
|
depends_on = [
|
||||||
|
"module.bootkube",
|
||||||
|
"module.workers",
|
||||||
|
"aws_route53_record.apiserver",
|
||||||
|
"null_resource.copy-controller-secrets",
|
||||||
|
]
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
|
@ -85,7 +84,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"sudo mv /home/core/assets /opt/bootkube",
|
"sudo mv $HOME/assets /opt/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ resource "null_resource" "copy-worker-secrets" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"sudo mv $HOME/kubeconfig /etc/kubernetes/kubeconfig",
|
"sudo mv $HOME/kubeconfig /etc/kubernetes/kubeconfig",
|
||||||
|
|
|
@ -65,10 +65,10 @@ data "template_file" "controller_config" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
|
etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
|
||||||
|
|
||||||
|
kubeconfig = "${indent(10, var.kubeconfig)}"
|
||||||
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
|
||||||
kubeconfig = "${indent(10, var.kubeconfig)}"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service
|
# Secure copy etcd TLS assets to controllers.
|
||||||
resource "null_resource" "copy-secrets" {
|
resource "null_resource" "copy-controller-secrets" {
|
||||||
depends_on = ["module.bootkube"]
|
|
||||||
count = "${var.controller_count}"
|
count = "${var.controller_count}"
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
|
@ -10,11 +9,6 @@ resource "null_resource" "copy-secrets" {
|
||||||
timeout = "15m"
|
timeout = "15m"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
|
||||||
content = "${module.bootkube.kubeconfig}"
|
|
||||||
destination = "$HOME/kubeconfig"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.etcd_ca_cert}"
|
content = "${module.bootkube.etcd_ca_cert}"
|
||||||
destination = "$HOME/etcd-client-ca.crt"
|
destination = "$HOME/etcd-client-ca.crt"
|
||||||
|
@ -62,7 +56,6 @@ resource "null_resource" "copy-secrets" {
|
||||||
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
|
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
|
||||||
"sudo chown -R etcd:etcd /etc/ssl/etcd",
|
"sudo chown -R etcd:etcd /etc/ssl/etcd",
|
||||||
"sudo chmod -R 500 /etc/ssl/etcd",
|
"sudo chmod -R 500 /etc/ssl/etcd",
|
||||||
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -70,7 +63,12 @@ resource "null_resource" "copy-secrets" {
|
||||||
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
||||||
# one-time self-hosted cluster bootstrapping.
|
# one-time self-hosted cluster bootstrapping.
|
||||||
resource "null_resource" "bootkube-start" {
|
resource "null_resource" "bootkube-start" {
|
||||||
depends_on = ["module.controllers", "module.bootkube", "module.workers", "null_resource.copy-secrets"]
|
depends_on = [
|
||||||
|
"module.bootkube",
|
||||||
|
"module.controllers",
|
||||||
|
"module.workers",
|
||||||
|
"null_resource.copy-controller-secrets",
|
||||||
|
]
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
|
@ -86,7 +84,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"sudo mv /home/core/assets /opt/bootkube",
|
"sudo mv $HOME/assets /opt/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,14 +35,14 @@ variable "worker_count" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable controller_type {
|
variable controller_type {
|
||||||
type = "string"
|
type = "string"
|
||||||
default = "n1-standard-1"
|
default = "n1-standard-1"
|
||||||
description = "Machine type for controllers (see `gcloud compute machine-types list`)"
|
description = "Machine type for controllers (see `gcloud compute machine-types list`)"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable worker_type {
|
variable worker_type {
|
||||||
type = "string"
|
type = "string"
|
||||||
default = "n1-standard-1"
|
default = "n1-standard-1"
|
||||||
description = "Machine type for controllers (see `gcloud compute machine-types list`)"
|
description = "Machine type for controllers (see `gcloud compute machine-types list`)"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue