Remove asset_dir variable and optional asset writes

* Originally, poseidon/terraform-render-bootstrap generated
TLS certificates, manifests, and cluster "assets" written
to local disk (`asset_dir`) during terraform apply cluster
bootstrap
* Typhoon v1.17.0 introduced bootstrapping using only Terraform
state to store cluster assets, to avoid ever writing sensitive
materials to disk and improve automated use-cases. `asset_dir`
was changed to optional and defaulted to "" (no writes)
* Typhoon v1.18.0 deprecated the `asset_dir` variable, removed
docs, and announced it would be deleted in future.
* Add Terraform output `assets_dir` map
* Remove the `asset_dir` variable

Cluster assets are now stored in Terraform state only. For those
who wish to write those assets to local files, this is possible
doing so explicitly.

```
resource local_file "assets" {
  for_each = module.yavin.assets_dist
  filename = "some-assets/${each.key}"
  content = each.value
}
```

Related:

* https://github.com/poseidon/typhoon/pull/595
* https://github.com/poseidon/typhoon/pull/678
This commit is contained in:
Dalton Hubble 2020-10-17 14:41:26 -07:00
parent b1e680ac0c
commit afac46e39a
31 changed files with 75 additions and 80 deletions

View File

@ -4,6 +4,8 @@ Notable changes between versions.
## Latest ## Latest
* Remove `asset_dir` variable (default off in [v1.17.0](https://github.com/poseidon/typhoon/pull/595), deprecated in [v1.18.0](https://github.com/poseidon/typhoon/pull/678))
## v1.19.3 ## v1.19.3
* Update Cilium from v1.8.3 to [v1.8.4](https://github.com/cilium/cilium/releases/tag/v1.8.4) * Update Cilium from v1.8.3 to [v1.8.4](https://github.com/cilium/cilium/releases/tag/v1.8.4)

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = aws_route53_record.etcds.*.fqdn etcd_servers = aws_route53_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = var.network_mtu network_mtu = var.network_mtu
pod_cidr = var.pod_cidr pod_cidr = var.pod_cidr

View File

@ -52,3 +52,9 @@ output "worker_target_group_https" {
value = module.workers.target_group_https value = module.workers.target_group_https
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -149,12 +149,6 @@ variable "worker_node_labels" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by CoreDNS. Default is cluster.local (e.g. foo.default.svc.cluster.local)" description = "Queries for domains with the suffix will be answered by CoreDNS. Default is cluster.local (e.g. foo.default.svc.cluster.local)"

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = aws_route53_record.etcds.*.fqdn etcd_servers = aws_route53_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = var.network_mtu network_mtu = var.network_mtu
pod_cidr = var.pod_cidr pod_cidr = var.pod_cidr

View File

@ -52,3 +52,9 @@ output "worker_target_group_https" {
value = module.workers.target_group_https value = module.workers.target_group_https
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -96,12 +96,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'" description = "SSH public key for user 'core'"
} }
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "networking" { variable "networking" {
type = string type = string
description = "Choice of networking provider (calico or flannel)" description = "Choice of networking provider (calico or flannel)"

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone)
asset_dir = var.asset_dir
networking = var.networking networking = var.networking

View File

@ -57,3 +57,10 @@ output "backend_address_pool_id" {
description = "ID of the worker backend address pool" description = "ID of the worker backend address pool"
value = azurerm_lb_backend_address_pool.worker.id value = azurerm_lb_backend_address_pool.worker.id
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -130,12 +130,6 @@ variable "worker_node_labels" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone)
asset_dir = var.asset_dir
networking = var.networking networking = var.networking

View File

@ -57,3 +57,10 @@ output "backend_address_pool_id" {
description = "ID of the worker backend address pool" description = "ID of the worker backend address pool"
value = azurerm_lb_backend_address_pool.worker.id value = azurerm_lb_backend_address_pool.worker.id
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -129,12 +129,6 @@ variable "worker_node_labels" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name] api_servers = [var.k8s_domain_name]
etcd_servers = var.controllers.*.domain etcd_servers = var.controllers.*.domain
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = var.network_mtu network_mtu = var.network_mtu
network_ip_autodetection_method = var.network_ip_autodetection_method network_ip_autodetection_method = var.network_ip_autodetection_method

View File

@ -2,3 +2,9 @@ output "kubeconfig-admin" {
value = module.bootstrap.kubeconfig-admin value = module.bootstrap.kubeconfig-admin
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -152,12 +152,6 @@ variable "enable_aggregation" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name] api_servers = [var.k8s_domain_name]
etcd_servers = var.controllers.*.domain etcd_servers = var.controllers.*.domain
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = var.network_mtu network_mtu = var.network_mtu
network_ip_autodetection_method = var.network_ip_autodetection_method network_ip_autodetection_method = var.network_ip_autodetection_method

View File

@ -2,3 +2,9 @@ output "kubeconfig-admin" {
value = module.bootstrap.kubeconfig-admin value = module.bootstrap.kubeconfig-admin
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -80,12 +80,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'" description = "SSH public key for user 'core'"
} }
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "networking" { variable "networking" {
type = string type = string
description = "Choice of networking provider (flannel or calico)" description = "Choice of networking provider (flannel or calico)"

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = digitalocean_record.etcds.*.fqdn etcd_servers = digitalocean_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking networking = var.networking

View File

@ -54,3 +54,9 @@ output "vpc_id" {
value = digitalocean_vpc.network.id value = digitalocean_vpc.network.id
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -100,12 +100,6 @@ variable "enable_aggregation" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = digitalocean_record.etcds.*.fqdn etcd_servers = digitalocean_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking networking = var.networking

View File

@ -53,3 +53,10 @@ output "vpc_id" {
description = "ID of the cluster VPC" description = "ID of the cluster VPC"
value = digitalocean_vpc.network.id value = digitalocean_vpc.network.id
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -100,12 +100,6 @@ variable "enable_aggregation" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = google_dns_record_set.etcds.*.name etcd_servers = google_dns_record_set.etcds.*.name
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = 1440 network_mtu = 1440
pod_cidr = var.pod_cidr pod_cidr = var.pod_cidr

View File

@ -42,3 +42,9 @@ output "worker_target_pool" {
value = module.workers.target_pool value = module.workers.target_pool
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -124,12 +124,6 @@ variable "worker_node_labels" {
# unofficial, undocumented, unsupported # unofficial, undocumented, unsupported
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "cluster_domain_suffix" { variable "cluster_domain_suffix" {
type = string type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "

View File

@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = google_dns_record_set.etcds.*.name etcd_servers = google_dns_record_set.etcds.*.name
asset_dir = var.asset_dir
networking = var.networking networking = var.networking
network_mtu = 1440 network_mtu = 1440
pod_cidr = var.pod_cidr pod_cidr = var.pod_cidr

View File

@ -42,3 +42,9 @@ output "worker_target_pool" {
value = module.workers.target_pool value = module.workers.target_pool
} }
# Outputs for debug
output "assets_dist" {
value = module.bootstrap.assets_dist
}

View File

@ -83,12 +83,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'" description = "SSH public key for user 'core'"
} }
variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}
variable "networking" { variable "networking" {
type = string type = string
description = "Choice of networking provider (flannel or calico)" description = "Choice of networking provider (flannel or calico)"