mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-26 06:19:33 +01:00
69d064bfdf
* Run kube-apiserver as a non-root user (nobody). User no longer needs to bind low number ports. * On most platforms, the kube-apiserver load balancer listens on 6443 and fronts controllers with kube-apiserver pods using port 6443. Google Cloud TCP proxy load balancers cannot listen on 6443. However, GCP's load balancer can be made to listen on 443, while kube-apiserver uses 6443 across all platforms.
23 lines
755 B
HCL
23 lines
755 B
HCL
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
|
module "bootkube" {
|
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4caca47776dcff440c9f50445fbc8ec5b11728f4"
|
|
|
|
cluster_name = var.cluster_name
|
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
|
etcd_servers = digitalocean_record.etcds.*.fqdn
|
|
asset_dir = var.asset_dir
|
|
|
|
networking = var.networking
|
|
|
|
# only effective with Calico networking
|
|
network_encapsulation = "vxlan"
|
|
network_mtu = "1450"
|
|
|
|
pod_cidr = var.pod_cidr
|
|
service_cidr = var.service_cidr
|
|
cluster_domain_suffix = var.cluster_domain_suffix
|
|
enable_reporting = var.enable_reporting
|
|
enable_aggregation = var.enable_aggregation
|
|
}
|
|
|