Update control plane manifests and add etcd metrics

* Enable etcd v3.3 metrics to expose metrics for
scraping by Prometheus
* Use k8s.gcr.io instead of gcr.io/google_containers
* Add flexvolume plugin mount to controller manager
* Update kube-dns from v1.14.8 to v1.14.9
This commit is contained in:
Dalton Hubble 2018-04-08 15:42:45 -07:00
parent 8523a086e2
commit f990473cde
7 changed files with 19 additions and 6 deletions

View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]

View File

@ -8,6 +8,7 @@ write_files:
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380 ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
ETCD_STRICT_RECONFIG_CHECK=true ETCD_STRICT_RECONFIG_CHECK=true
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
@ -91,7 +92,7 @@ bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
- [systemctl, start, --no-block, kubelet.service] - [systemctl, start, --no-block, kubelet.service]

View File

@ -51,6 +51,16 @@ resource "aws_security_group_rule" "controller-etcd" {
self = true self = true
} }
resource "aws_security_group_rule" "controller-etcd-metrics" {
security_group_id = "${aws_security_group.controller.id}"
type = "ingress"
protocol = "tcp"
from_port = 2381
to_port = 2381
source_security_group_id = "${aws_security_group.worker.id}"
}
resource "aws_security_group_rule" "controller-flannel" { resource "aws_security_group_rule" "controller-flannel" {
security_group_id = "${aws_security_group.controller.id}" security_group_id = "${aws_security_group.controller.id}"

View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${var.k8s_domain_name}"] api_servers = ["${var.k8s_domain_name}"]

View File

@ -8,6 +8,7 @@ write_files:
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380 ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
ETCD_STRICT_RECONFIG_CHECK=true ETCD_STRICT_RECONFIG_CHECK=true
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
@ -96,7 +97,7 @@ bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- [hostnamectl, set-hostname, ${domain_name}] - [hostnamectl, set-hostname, ${domain_name}]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"

View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=61fb176647e15d4d0e72fdccb34d27e47430407c" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]

View File

@ -8,6 +8,7 @@ write_files:
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380 ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379 ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380 ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster} ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
ETCD_STRICT_RECONFIG_CHECK=true ETCD_STRICT_RECONFIG_CHECK=true
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
@ -110,7 +111,7 @@ bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service] - [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"