Use a lower-privilege Kubelet kubeconfig in system:nodes
* Kubelets can use a lower-privilege TLS client certificate with Org system:nodes and a binding to the system:node ClusterRole * Admin kubeconfig's continue to belong to Org system:masters to provide cluster-admin (available in assets/auth/kubeconfig or as a Terraform output kubeconfig-admin) * Remove bare-metal output variable kubeconfig
This commit is contained in:
parent
1c6a0392ad
commit
812a1adb49
|
@ -4,13 +4,19 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
* Add ServiceAccounts for `kube-apiserver` and `kube-scheduler`
|
* Add ServiceAccounts for `kube-apiserver` and `kube-scheduler` ([#370](https://github.com/poseidon/typhoon/pull/370))
|
||||||
|
* Use a lower-privilege TLS client certificate with org `system:nodes` for Kubelets ([#372](https://github.com/poseidon/typhoon/pull/372))
|
||||||
|
* Bind the `system:nodes` group to the `system:node` ClusterRole
|
||||||
|
|
||||||
#### AWS
|
#### AWS
|
||||||
|
|
||||||
* Change `controller_type` and `worker_type` default from t2.small to t3.small
|
* Change `controller_type` and `worker_type` default from t2.small to t3.small
|
||||||
* t3.small is cheaper, provides 2 vCPU (instead of 1), and 5 Gbps of pod-to-pod bandwidth!
|
* t3.small is cheaper, provides 2 vCPU (instead of 1), and 5 Gbps of pod-to-pod bandwidth!
|
||||||
|
|
||||||
|
#### Bare-Metal
|
||||||
|
|
||||||
|
* Remove the `kubeconfig` output variable
|
||||||
|
|
||||||
#### Addons
|
#### Addons
|
||||||
|
|
||||||
* Update Prometheus from v2.5.0 to v2.6.0
|
* Update Prometheus from v2.5.0 to v2.6.0
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -68,7 +68,7 @@ data "template_file" "controller-configs" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
||||||
|
|
||||||
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(10, module.bootkube.kubeconfig-kubelet)}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for Kubernetes Ingress
|
# Outputs for Kubernetes Ingress
|
||||||
|
@ -27,7 +27,7 @@ output "worker_security_groups" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig" {
|
output "kubeconfig" {
|
||||||
value = "${module.bootkube.kubeconfig}"
|
value = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for custom load balancing
|
# Outputs for custom load balancing
|
||||||
|
|
|
@ -13,7 +13,7 @@ module "workers" {
|
||||||
spot_price = "${var.worker_price}"
|
spot_price = "${var.worker_price}"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
kubeconfig = "${module.bootkube.kubeconfig}"
|
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
service_cidr = "${var.service_cidr}"
|
service_cidr = "${var.service_cidr}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -60,7 +60,7 @@ data "template_file" "controller-cloudinit" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
||||||
|
|
||||||
kubeconfig = "${indent(6, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(6, module.bootkube.kubeconfig-kubelet)}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for Kubernetes Ingress
|
# Outputs for Kubernetes Ingress
|
||||||
|
@ -27,7 +27,7 @@ output "worker_security_groups" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig" {
|
output "kubeconfig" {
|
||||||
value = "${module.bootkube.kubeconfig}"
|
value = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for custom load balancing
|
# Outputs for custom load balancing
|
||||||
|
|
|
@ -12,7 +12,7 @@ module "workers" {
|
||||||
spot_price = "${var.worker_price}"
|
spot_price = "${var.worker_price}"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
kubeconfig = "${module.bootkube.kubeconfig}"
|
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
service_cidr = "${var.service_cidr}"
|
service_cidr = "${var.service_cidr}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -149,7 +149,7 @@ data "template_file" "controller-configs" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
||||||
|
|
||||||
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(10, module.bootkube.kubeconfig-kubelet)}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for Kubernetes Ingress
|
# Outputs for Kubernetes Ingress
|
||||||
|
@ -32,5 +32,5 @@ output "backend_address_pool_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig" {
|
output "kubeconfig" {
|
||||||
value = "${module.bootkube.kubeconfig}"
|
value = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,7 @@ module "workers" {
|
||||||
priority = "${var.worker_priority}"
|
priority = "${var.worker_priority}"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
kubeconfig = "${module.bootkube.kubeconfig}"
|
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
service_cidr = "${var.service_cidr}"
|
service_cidr = "${var.service_cidr}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${var.k8s_domain_name}"]
|
api_servers = ["${var.k8s_domain_name}"]
|
||||||
|
|
|
@ -1,7 +1,3 @@
|
||||||
output "kubeconfig" {
|
|
||||||
value = "${module.bootkube.kubeconfig}"
|
|
||||||
}
|
|
||||||
|
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ resource "null_resource" "copy-controller-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ resource "null_resource" "copy-worker-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${var.k8s_domain_name}"]
|
api_servers = ["${var.k8s_domain_name}"]
|
||||||
|
|
|
@ -1,8 +1,4 @@
|
||||||
output "kubeconfig" {
|
|
||||||
value = "${module.bootkube.kubeconfig}"
|
|
||||||
}
|
|
||||||
|
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ resource "null_resource" "copy-controller-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,7 +92,7 @@ resource "null_resource" "copy-worker-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -10,7 +10,7 @@ resource "null_resource" "copy-controller-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ resource "null_resource" "copy-worker-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -10,7 +10,7 @@ resource "null_resource" "copy-controller-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ resource "null_resource" "copy-worker-secrets" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = "${module.bootkube.kubeconfig}"
|
content = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
destination = "$HOME/kubeconfig"
|
destination = "$HOME/kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -87,7 +87,7 @@ data "template_file" "controller-configs" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
||||||
|
|
||||||
kubeconfig = "${indent(10, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(10, module.bootkube.kubeconfig-kubelet)}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for Kubernetes Ingress
|
# Outputs for Kubernetes Ingress
|
||||||
|
@ -21,7 +21,7 @@ output "network_name" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig" {
|
output "kubeconfig" {
|
||||||
value = "${module.bootkube.kubeconfig}"
|
value = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for custom firewalling
|
# Outputs for custom firewalling
|
||||||
|
|
|
@ -13,7 +13,7 @@ module "workers" {
|
||||||
preemptible = "${var.worker_preemptible}"
|
preemptible = "${var.worker_preemptible}"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
kubeconfig = "${module.bootkube.kubeconfig}"
|
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
service_cidr = "${var.service_cidr}"
|
service_cidr = "${var.service_cidr}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=f382415f2bc18c7a2d39a92fe254e3823a634270"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=a7bd306679a0ce8a9e5084f928af696a284a256b"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -79,7 +79,7 @@ data "template_file" "controller-cloudinit" {
|
||||||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
|
||||||
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
etcd_initial_cluster = "${join(",", data.template_file.etcds.*.rendered)}"
|
||||||
|
|
||||||
kubeconfig = "${indent(6, module.bootkube.kubeconfig)}"
|
kubeconfig = "${indent(6, module.bootkube.kubeconfig-kubelet)}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
k8s_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
output "kubeconfig-admin" {
|
output "kubeconfig-admin" {
|
||||||
value = "${module.bootkube.user-kubeconfig}"
|
value = "${module.bootkube.kubeconfig-admin-context}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for Kubernetes Ingress
|
# Outputs for Kubernetes Ingress
|
||||||
|
@ -21,7 +21,7 @@ output "network_name" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig" {
|
output "kubeconfig" {
|
||||||
value = "${module.bootkube.kubeconfig}"
|
value = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs for custom firewalling
|
# Outputs for custom firewalling
|
||||||
|
|
|
@ -13,7 +13,7 @@ module "workers" {
|
||||||
preemptible = "${var.worker_preemptible}"
|
preemptible = "${var.worker_preemptible}"
|
||||||
|
|
||||||
# configuration
|
# configuration
|
||||||
kubeconfig = "${module.bootkube.kubeconfig}"
|
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
|
||||||
ssh_authorized_key = "${var.ssh_authorized_key}"
|
ssh_authorized_key = "${var.ssh_authorized_key}"
|
||||||
service_cidr = "${var.service_cidr}"
|
service_cidr = "${var.service_cidr}"
|
||||||
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
||||||
|
|
Loading…
Reference in New Issue