Update control plane manifests and add etcd metrics
* Enable etcd v3.3 metrics to expose metrics for scraping by Prometheus * Use k8s.gcr.io instead of gcr.io/google_containers * Add flexvolume plugin mount to controller manager * Update kube-dns from v1.14.8 to v1.14.9
This commit is contained in:
parent
8523a086e2
commit
f990473cde
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -8,6 +8,7 @@ write_files:
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
ETCD_STRICT_RECONFIG_CHECK=true
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
@ -91,7 +92,7 @@ bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
|
|
|
@ -51,6 +51,16 @@ resource "aws_security_group_rule" "controller-etcd" {
|
||||||
self = true
|
self = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group_rule" "controller-etcd-metrics" {
|
||||||
|
security_group_id = "${aws_security_group.controller.id}"
|
||||||
|
|
||||||
|
type = "ingress"
|
||||||
|
protocol = "tcp"
|
||||||
|
from_port = 2381
|
||||||
|
to_port = 2381
|
||||||
|
source_security_group_id = "${aws_security_group.worker.id}"
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_security_group_rule" "controller-flannel" {
|
resource "aws_security_group_rule" "controller-flannel" {
|
||||||
security_group_id = "${aws_security_group.controller.id}"
|
security_group_id = "${aws_security_group.controller.id}"
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${var.k8s_domain_name}"]
|
api_servers = ["${var.k8s_domain_name}"]
|
||||||
|
|
|
@ -8,6 +8,7 @@ write_files:
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380
|
||||||
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
ETCD_STRICT_RECONFIG_CHECK=true
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
@ -96,7 +97,7 @@ bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [hostnamectl, set-hostname, ${domain_name}]
|
- [hostnamectl, set-hostname, ${domain_name}]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -8,6 +8,7 @@ write_files:
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
ETCD_STRICT_RECONFIG_CHECK=true
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
@ -110,7 +111,7 @@ bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, cloud-metadata.service]
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
||||||
|
|
Loading…
Reference in New Issue