From ce3154cae962e868faa2b247d856e004eb8545a7 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 12 Jul 2017 17:00:21 -0700 Subject: [PATCH] examples: Update terraform Kubernetes to use bootkube v0.5.0 --- .../terraform/modules/bootkube/bootkube.tf | 2 +- examples/terraform/modules/bootkube/ssh.tf | 22 ++++++++++++++++--- .../profiles/cl/bootkube-controller.yaml.tmpl | 16 ++++++++------ .../profiles/cl/bootkube-worker.yaml.tmpl | 2 +- 4 files changed, 30 insertions(+), 12 deletions(-) diff --git a/examples/terraform/modules/bootkube/bootkube.tf b/examples/terraform/modules/bootkube/bootkube.tf index 68437b19..e0f875ce 100644 --- a/examples/terraform/modules/bootkube/bootkube.tf +++ b/examples/terraform/modules/bootkube/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/dghubble/bootkube-terraform.git?ref=v0.4.5" + source = "git::https://github.com/dghubble/bootkube-terraform.git?ref=v0.5.0" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] diff --git a/examples/terraform/modules/bootkube/ssh.tf b/examples/terraform/modules/bootkube/ssh.tf index b33f9ed4..a9c4654a 100644 --- a/examples/terraform/modules/bootkube/ssh.tf +++ b/examples/terraform/modules/bootkube/ssh.tf @@ -16,7 +16,7 @@ resource "null_resource" "copy-secrets" { provisioner "file" { content = "${module.bootkube.etcd_ca_cert}" - destination = "$HOME/etcd-ca.crt" + destination = "$HOME/etcd-client-ca.crt" } provisioner "file" { @@ -29,6 +29,16 @@ resource "null_resource" "copy-secrets" { destination = "$HOME/etcd-client.key" } + provisioner "file" { + content = "${module.bootkube.etcd_server_cert}" + destination = "$HOME/etcd-server.crt" + } + + provisioner "file" { + content = "${module.bootkube.etcd_server_key}" + destination = "$HOME/etcd-server.key" + } + provisioner "file" { content = "${module.bootkube.etcd_peer_cert}" destination = "$HOME/etcd-peer.crt" @@ -41,8 +51,14 @@ resource "null_resource" "copy-secrets" { provisioner "remote-exec" { inline = [ - "sudo mkdir -p /etc/ssl/etcd", - "sudo mv etcd-* /etc/ssl/etcd/", + "sudo mkdir -p /etc/ssl/etcd/etcd", + "sudo mv etcd-client* /etc/ssl/etcd/", + "sudo cp /etc/ssl/etcd/etcd-client-ca.crt /etc/ssl/etcd/etcd/server-ca.crt", + "sudo mv etcd-server.crt /etc/ssl/etcd/etcd/server.crt", + "sudo mv etcd-server.key /etc/ssl/etcd/etcd/server.key", + "sudo cp /etc/ssl/etcd/etcd-client-ca.crt /etc/ssl/etcd/etcd/peer-ca.crt", + "sudo mv etcd-peer.crt /etc/ssl/etcd/etcd/peer.crt", + "sudo mv etcd-peer.key /etc/ssl/etcd/etcd/peer.key", "sudo chown -R etcd:etcd /etc/ssl/etcd", "sudo chmod -R 500 /etc/ssl/etcd", "sudo mv /home/core/kubeconfig /etc/kubernetes/kubeconfig", diff --git a/examples/terraform/modules/profiles/cl/bootkube-controller.yaml.tmpl b/examples/terraform/modules/profiles/cl/bootkube-controller.yaml.tmpl index 1b4f5b61..5f96842d 100644 --- a/examples/terraform/modules/profiles/cl/bootkube-controller.yaml.tmpl +++ b/examples/terraform/modules/profiles/cl/bootkube-controller.yaml.tmpl @@ -17,11 +17,13 @@ systemd: Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" Environment="ETCD_STRICT_RECONFIG_CHECK=true" Environment="ETCD_SSL_DIR=/etc/ssl/etcd" - Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd-client.crt" - Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd-client.key" - Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd-peer.crt" - Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd-peer.key" - Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd-ca.crt" + Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt" + Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt" + Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key" + Environment="ETCD_CLIENT_CERT_AUTH=true" + Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt" + Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt" + Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" {{ end }} - name: docker.service @@ -32,7 +34,7 @@ systemd: contents: | [Service] Environment="REBOOT_STRATEGY=etcd-lock" - Environment="LOCKSMITHD_ETCD_CAFILE=/etc/ssl/etcd/etcd-ca.crt" + Environment="LOCKSMITHD_ETCD_CAFILE=/etc/ssl/etcd/etcd-client-ca.crt" Environment="LOCKSMITHD_ETCD_CERTFILE=/etc/ssl/etcd/etcd-client.crt" Environment="LOCKSMITHD_ETCD_KEYFILE=/etc/ssl/etcd/etcd-client.key" {{ if eq .etcd_on_host "false" -}} @@ -166,7 +168,7 @@ storage: [ -d /opt/bootkube/assets/experimental/manifests ] && mv /opt/bootkube/assets/experimental/manifests/* /opt/bootkube/assets/manifests && rm -r /opt/bootkube/assets/experimental/manifests [ -d /opt/bootkube/assets/experimental/bootstrap-manifests ] && mv /opt/bootkube/assets/experimental/bootstrap-manifests/* /opt/bootkube/assets/bootstrap-manifests && rm -r /opt/bootkube/assets/experimental/bootstrap-manifests BOOTKUBE_ACI="${BOOTKUBE_ACI:-quay.io/coreos/bootkube}" - BOOTKUBE_VERSION="${BOOTKUBE_VERSION:-v0.4.5}" + BOOTKUBE_VERSION="${BOOTKUBE_VERSION:-v0.5.0}" BOOTKUBE_ASSETS="${BOOTKUBE_ASSETS:-/opt/bootkube/assets}" exec /usr/bin/rkt run \ --trust-keys-from-https \ diff --git a/examples/terraform/modules/profiles/cl/bootkube-worker.yaml.tmpl b/examples/terraform/modules/profiles/cl/bootkube-worker.yaml.tmpl index b99f98f6..18e12388 100644 --- a/examples/terraform/modules/profiles/cl/bootkube-worker.yaml.tmpl +++ b/examples/terraform/modules/profiles/cl/bootkube-worker.yaml.tmpl @@ -9,7 +9,7 @@ systemd: contents: | [Service] Environment="REBOOT_STRATEGY=etcd-lock" - Environment="LOCKSMITHD_ETCD_CAFILE=/etc/ssl/etcd/etcd-ca.crt" + Environment="LOCKSMITHD_ETCD_CAFILE=/etc/ssl/etcd/etcd-client-ca.crt" Environment="LOCKSMITHD_ETCD_CERTFILE=/etc/ssl/etcd/etcd-client.crt" Environment="LOCKSMITHD_ETCD_KEYFILE=/etc/ssl/etcd/etcd-client.key" {{ if eq .etcd_on_host "false" -}}