mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-25 19:59:34 +01:00
eabf00fbf1
* Require the controller module to be completed before starting to remote exec bootkube start, otherwise its possible the controller nodes were created, but not the network load balancer
94 lines
2.6 KiB
HCL
94 lines
2.6 KiB
HCL
# Secure copy etcd TLS assets and kubeconfig to controllers. Activates kubelet.service
|
|
resource "null_resource" "copy-secrets" {
|
|
depends_on = ["module.bootkube"]
|
|
count = "${var.controller_count}"
|
|
|
|
connection {
|
|
type = "ssh"
|
|
host = "${element(module.controllers.ipv4_public, count.index)}"
|
|
user = "core"
|
|
timeout = "15m"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.kubeconfig}"
|
|
destination = "$HOME/kubeconfig"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_ca_cert}"
|
|
destination = "$HOME/etcd-client-ca.crt"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_client_cert}"
|
|
destination = "$HOME/etcd-client.crt"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_client_key}"
|
|
destination = "$HOME/etcd-client.key"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_server_cert}"
|
|
destination = "$HOME/etcd-server.crt"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_server_key}"
|
|
destination = "$HOME/etcd-server.key"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_peer_cert}"
|
|
destination = "$HOME/etcd-peer.crt"
|
|
}
|
|
|
|
provisioner "file" {
|
|
content = "${module.bootkube.etcd_peer_key}"
|
|
destination = "$HOME/etcd-peer.key"
|
|
}
|
|
|
|
provisioner "remote-exec" {
|
|
inline = [
|
|
"sudo mkdir -p /etc/ssl/etcd/etcd",
|
|
"sudo mv etcd-client* /etc/ssl/etcd/",
|
|
"sudo cp /etc/ssl/etcd/etcd-client-ca.crt /etc/ssl/etcd/etcd/server-ca.crt",
|
|
"sudo mv etcd-server.crt /etc/ssl/etcd/etcd/server.crt",
|
|
"sudo mv etcd-server.key /etc/ssl/etcd/etcd/server.key",
|
|
"sudo cp /etc/ssl/etcd/etcd-client-ca.crt /etc/ssl/etcd/etcd/peer-ca.crt",
|
|
"sudo mv etcd-peer.crt /etc/ssl/etcd/etcd/peer.crt",
|
|
"sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key",
|
|
"sudo chown -R etcd:etcd /etc/ssl/etcd",
|
|
"sudo chmod -R 500 /etc/ssl/etcd",
|
|
"sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig",
|
|
]
|
|
}
|
|
}
|
|
|
|
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
|
# one-time self-hosted cluster bootstrapping.
|
|
resource "null_resource" "bootkube-start" {
|
|
depends_on = ["module.controllers", "module.bootkube", "module.workers", "null_resource.copy-secrets"]
|
|
|
|
connection {
|
|
type = "ssh"
|
|
host = "${element(module.controllers.ipv4_public, 0)}"
|
|
user = "core"
|
|
timeout = "15m"
|
|
}
|
|
|
|
provisioner "file" {
|
|
source = "${var.asset_dir}"
|
|
destination = "$HOME/assets"
|
|
}
|
|
|
|
provisioner "remote-exec" {
|
|
inline = [
|
|
"sudo mv /home/core/assets /opt/bootkube",
|
|
"sudo systemctl start bootkube",
|
|
]
|
|
}
|
|
}
|