diff --git a/examples/terraform/bootkube-install/README.md b/examples/terraform/bootkube-install/README.md index 90ebed43..0e26204f 100644 --- a/examples/terraform/bootkube-install/README.md +++ b/examples/terraform/bootkube-install/README.md @@ -32,16 +32,16 @@ Copy the `terraform.tfvars.example` file to `terraform.tfvars`. Ensure `provider ```hcl matchbox_http_endpoint = "http://matchbox.example.com:8080" matchbox_rpc_endpoint = "matchbox.example.com:8081" +ssh_authorized_key = "ADD ME" cluster_name = "demo" container_linux_version = "1353.7.0" container_linux_channel = "stable" -ssh_authorized_key = "ADD ME" ``` Provide an ordered list of controller names, MAC addresses, and domain names. Provide an ordered list of worker names, MAC addresses, and domain names. -``` +```hcl controller_names = ["node1"] controller_macs = ["52:54:00:a1:9c:ae"] controller_domains = ["node1.example.com"] @@ -50,18 +50,26 @@ worker_macs = ["52:54:00:b2:2f:86", "52:54:00:c3:61:77"] worker_domains = ["node2.example.com", "node3.example.com"] ``` -Finally, provide an `assets_dir` for generated manifests and a DNS name which you've setup to resolves to controller(s) (e.g. round-robin). Worker nodes and your kubeconfig will communicate via this endpoint. +Provide an `assets_dir` for generated manifests and a DNS name which you've setup to resolves to controller(s) (e.g. round-robin). Worker nodes and your kubeconfig will communicate via this endpoint. -``` +```hcl k8s_domain_name = "cluster.example.com" asset_dir = "assets" ``` -### Options +Note: The `cached-container-linux-install` profile will PXE boot and install Container Linux from matchbox [assets](https://github.com/coreos/matchbox/blob/master/Documentation/api.md#assets). If you have not populated the assets cache, use the `container-linux-install` profile to use public images (slower). -You may set `experimental_self_hosted_etcd = "true"` to deploy "self-hosted" etcd atop Kubernetes instead of running etcd on hosts directly. Warning, this is experimental and potentially dangerous. +### Optional -The example above defines a Kubernetes cluster with 1 controller and 2 workers. Check the `multi-controller.tfvars.example` for an example which defines 3 controllers and one worker. +You may set certain optional variables to override defaults. Set `experimental_self_hosted_etcd = "true"` to deploy "self-hosted" etcd atop Kubernetes instead of running etcd on hosts directly. + +```hcl +# install_disk = "/dev/sda" +# container_linux_oem = "" +# experimental_self_hosted_etcd = "true" +``` + +The default is to create a Kubernetes cluster with 1 controller and 2 workers as an example, but check `multi-controller.tfvars.example` for an example which defines 3 controllers and 1 worker. ## Apply @@ -95,8 +103,6 @@ Apply complete! Resources: 37 added, 0 changed, 0 destroyed. You can now move on to the "Machines" section. Apply will loop until it can successfully copy the kubeconfig to each node and start the one-time Kubernetes bootstrapping process on a controller. In practice, you may see `apply` fail if it connects before the disk install has completed. Run terraform apply until it reconciles successfully. -Note: The `cached-container-linux-install` profile will PXE boot and install Container Linux from matchbox [assets](https://github.com/coreos/matchbox/blob/master/Documentation/api.md#assets). If you have not populated the assets cache, use the `container-linux-install` profile to use public images (slower). - ## Machines Power on each machine (with PXE boot device on next boot). Machines should network boot, install Container Linux to disk, reboot, and provision themselves as bootkube controllers or workers. diff --git a/examples/terraform/bootkube-install/cluster.tf b/examples/terraform/bootkube-install/cluster.tf index af6c3197..6243ee41 100644 --- a/examples/terraform/bootkube-install/cluster.tf +++ b/examples/terraform/bootkube-install/cluster.tf @@ -18,10 +18,12 @@ module "cluster" { worker_domains = "${var.worker_domains}" # bootkube assets - k8s_domain_name = "${var.k8s_domain_name}" - asset_dir = "${var.asset_dir}" + k8s_domain_name = "${var.k8s_domain_name}" + asset_dir = "${var.asset_dir}" # Optional + cached_install = "${var.cached_install}" + install_disk = "${var.install_disk}" container_linux_oem = "${var.container_linux_oem}" experimental_self_hosted_etcd = "${var.experimental_self_hosted_etcd}" } diff --git a/examples/terraform/bootkube-install/terraform.tfvars.example b/examples/terraform/bootkube-install/terraform.tfvars.example index 1c4139ae..2292ed4e 100644 --- a/examples/terraform/bootkube-install/terraform.tfvars.example +++ b/examples/terraform/bootkube-install/terraform.tfvars.example @@ -18,6 +18,8 @@ worker_domains = ["node2.example.com", "node3.example.com"] k8s_domain_name = "cluster.example.com" asset_dir = "assets" -# Optional +# Optional (defaults) +cached_install = "true" +# install_disk = "/dev/sda" # container_linux_oem = "" -# experimental_self_hosted_etcd = "true" +# experimental_self_hosted_etcd = "false" diff --git a/examples/terraform/bootkube-install/variables.tf b/examples/terraform/bootkube-install/variables.tf index 0d1f6599..0ca71549 100644 --- a/examples/terraform/bootkube-install/variables.tf +++ b/examples/terraform/bootkube-install/variables.tf @@ -78,8 +78,23 @@ variable "service_cidr" { CIDR IP range to assign Kubernetes services. The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for kube-dns, the 15th IP will be reserved for self-hosted etcd, and the 200th IP will be reserved for bootstrap self-hosted etcd. EOD + + type = "string" + default = "10.3.0.0/16" +} + +# optional + +variable "cached_install" { type = "string" - default = "10.3.0.0/16" + default = "false" + description = "Whether Container Linux should PXE boot and install from matchbox /assets cache. Note that the admin must have downloaded the container_linux_version into matchbox assets." +} + +variable "install_disk" { + type = "string" + default = "/dev/sda" + description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" } variable "container_linux_oem" { diff --git a/examples/terraform/etcd3-install/README.md b/examples/terraform/etcd3-install/README.md index 21c2c814..e237985e 100644 --- a/examples/terraform/etcd3-install/README.md +++ b/examples/terraform/etcd3-install/README.md @@ -37,6 +37,19 @@ ssh_authorized_key = "ADD ME" Configs in `etcd3-install` configure the matchbox provider, define profiles (e.g. `cached-container-linux-install`, `etcd3`), and define 3 groups which match machines by MAC address to a profile. These resources declare that the machines should PXE boot, install Container Linux to disk, and provision themselves into peers in a 3-node etcd3 cluster. +Note: The `cached-container-linux-install` profile will PXE boot and install Container Linux from matchbox [assets](https://github.com/coreos/matchbox/blob/master/Documentation/api.md#assets). If you have not populated the assets cache, use the `container-linux-install` profile to use public images (slower). + +### Optional + +You may set certain optional variables to override defaults. + +```hcl +# install_disk = "/dev/sda" +# container_linux_oem = "" +``` + +## Apply + Fetch the [profiles](../README.md#modules) Terraform [module](https://www.terraform.io/docs/modules/index.html) which let's you use common machine profiles maintained in the matchbox repo (like `etcd3`). ```sh @@ -52,8 +65,6 @@ $ terraform apply Apply complete! Resources: 10 added, 0 changed, 0 destroyed. ``` -Note: The `cached-container-linux-install` profile will PXE boot and install Container Linux from matchbox [assets](https://github.com/coreos/matchbox/blob/master/Documentation/api.md#assets). If you have not populated the assets cache, use the `container-linux-install` profile to use public images (slower). - ## Machines Power on each machine (with PXE boot device on next boot). Machines should network boot, install Container Linux to disk, reboot, and provision themselves as a 3-node etcd3 cluster. diff --git a/examples/terraform/etcd3-install/etcd3.tf b/examples/terraform/etcd3-install/etcd3.tf index c14621c9..a9b8c2c9 100644 --- a/examples/terraform/etcd3-install/etcd3.tf +++ b/examples/terraform/etcd3-install/etcd3.tf @@ -4,6 +4,8 @@ module "profiles" { matchbox_http_endpoint = "${var.matchbox_http_endpoint}" container_linux_version = "1353.7.0" container_linux_channel = "stable" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" } // Install Container Linux to disk before provisioning @@ -12,13 +14,9 @@ resource "matchbox_group" "default" { profile = "${module.profiles.cached-container-linux-install}" // No selector, matches all nodes + metadata { - container_linux_channel = "stable" - container_linux_version = "1353.7.0" - container_linux_oem = "${var.container_linux_oem}" - ignition_endpoint = "${var.matchbox_http_endpoint}/ignition" - baseurl = "${var.matchbox_http_endpoint}/assets/coreos" - ssh_authorized_key = "${var.ssh_authorized_key}" + ssh_authorized_key = "${var.ssh_authorized_key}" } } diff --git a/examples/terraform/etcd3-install/terraform.tfvars.example b/examples/terraform/etcd3-install/terraform.tfvars.example index 38976486..8ff0909b 100644 --- a/examples/terraform/etcd3-install/terraform.tfvars.example +++ b/examples/terraform/etcd3-install/terraform.tfvars.example @@ -2,5 +2,6 @@ matchbox_http_endpoint = "http://matchbox.example.com:8080" matchbox_rpc_endpoint = "matchbox.example.com:8081" # ssh_authorized_key = "ADD ME" -# Optional +# Optional (defaults) +# install_disk = "/dev/sda" # container_linux_oem = "" diff --git a/examples/terraform/etcd3-install/variables.tf b/examples/terraform/etcd3-install/variables.tf index a9b0cc00..0e593773 100644 --- a/examples/terraform/etcd3-install/variables.tf +++ b/examples/terraform/etcd3-install/variables.tf @@ -13,8 +13,16 @@ variable "ssh_authorized_key" { description = "SSH public key to set as an authorized_key on machines" } +# optional + +variable "install_disk" { + type = "string" + default = "/dev/sda" + description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" +} + variable "container_linux_oem" { - type = "string" - default = "" + type = "string" + default = "" description = "Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" } diff --git a/examples/terraform/modules/bootkube/groups.tf b/examples/terraform/modules/bootkube/groups.tf index 213a99a7..cc558571 100644 --- a/examples/terraform/modules/bootkube/groups.tf +++ b/examples/terraform/modules/bootkube/groups.tf @@ -3,19 +3,14 @@ resource "matchbox_group" "container-linux-install" { count = "${length(var.controller_names) + length(var.worker_names)}" name = "${format("container-linux-install-%s", element(concat(var.controller_names, var.worker_names), count.index))}" - profile = "${module.profiles.cached-container-linux-install}" + profile = "${var.cached_install == "true" ? module.profiles.cached-container-linux-install : module.profiles.container-linux-install}" selector { mac = "${element(concat(var.controller_macs, var.worker_macs), count.index)}" } metadata { - container_linux_channel = "${var.container_linux_channel}" - container_linux_version = "${var.container_linux_version}" - container_linux_oem = "${var.container_linux_oem}" - ignition_endpoint = "${var.matchbox_http_endpoint}/ignition" - baseurl = "${var.matchbox_http_endpoint}/assets/coreos" - ssh_authorized_key = "${var.ssh_authorized_key}" + ssh_authorized_key = "${var.ssh_authorized_key}" } } @@ -54,8 +49,8 @@ resource "matchbox_group" "worker" { domain_name = "${element(var.worker_domains, count.index)}" etcd_endpoints = "${join(",", formatlist("%s:2379", var.controller_domains))}" etcd_on_host = "${var.experimental_self_hosted_etcd ? "false" : "true"}" - k8s_dns_service_ip = "${module.bootkube.kube_dns_service_ip}" - k8s_etcd_service_ip = "${module.bootkube.etcd_service_ip}" + k8s_dns_service_ip = "${module.bootkube.kube_dns_service_ip}" + k8s_etcd_service_ip = "${module.bootkube.etcd_service_ip}" ssh_authorized_key = "${var.ssh_authorized_key}" } } diff --git a/examples/terraform/modules/bootkube/profiles.tf b/examples/terraform/modules/bootkube/profiles.tf index a950b74e..6a2ce73c 100644 --- a/examples/terraform/modules/bootkube/profiles.tf +++ b/examples/terraform/modules/bootkube/profiles.tf @@ -4,4 +4,6 @@ module "profiles" { matchbox_http_endpoint = "${var.matchbox_http_endpoint}" container_linux_version = "${var.container_linux_version}" container_linux_channel = "${var.container_linux_channel}" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" } diff --git a/examples/terraform/modules/bootkube/variables.tf b/examples/terraform/modules/bootkube/variables.tf index bb34b183..35473aae 100644 --- a/examples/terraform/modules/bootkube/variables.tf +++ b/examples/terraform/modules/bootkube/variables.tf @@ -73,8 +73,23 @@ variable "service_cidr" { CIDR IP range to assign Kubernetes services. The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for kube-dns, the 15th IP will be reserved for self-hosted etcd, and the 200th IP will be reserved for bootstrap self-hosted etcd. EOD + + type = "string" + default = "10.3.0.0/16" +} + +# optional + +variable "cached_install" { type = "string" - default = "10.3.0.0/16" + default = "false" + description = "Whether Container Linux should PXE boot and install from matchbox /assets cache. Note that the admin must have downloaded the container_linux_version into matchbox assets." +} + +variable "install_disk" { + type = "string" + default = "/dev/sda" + description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" } variable "container_linux_oem" { diff --git a/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl b/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl index d5c1526e..f38b6a64 100644 --- a/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl +++ b/examples/terraform/modules/profiles/cl/container-linux-install.yaml.tmpl @@ -20,8 +20,14 @@ storage: contents: inline: | #!/bin/bash -ex - curl "{{.ignition_endpoint}}?{{.request.raw_query}}&os=installed" -o ignition.json - coreos-install -d /dev/sda -C {{.container_linux_channel}} -V {{.container_linux_version}} -i ignition.json {{if index . "baseurl"}}-b {{.baseurl}}{{end}} {{if index . "container_linux_oem"}}-o {{.container_linux_oem}}{{end}} + curl "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json + coreos-install \ + -d ${install_disk} \ + -C ${container_linux_channel} \ + -V ${container_linux_version} \ + -o "${container_linux_oem}" \ + ${baseurl_flag} \ + -i ignition.json udevadm settle systemctl reboot passwd: diff --git a/examples/terraform/modules/profiles/profiles.tf b/examples/terraform/modules/profiles/profiles.tf index 0795ca84..5d50b043 100644 --- a/examples/terraform/modules/profiles/profiles.tf +++ b/examples/terraform/modules/profiles/profiles.tf @@ -14,7 +14,22 @@ resource "matchbox_profile" "container-linux-install" { "console=ttyS0", ] - container_linux_config = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + container_linux_config = "${data.template_file.container-linux-install-config.rendered}" +} + +data "template_file" "container-linux-install-config" { + template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + + vars { + container_linux_channel = "${var.container_linux_channel}" + container_linux_version = "${var.container_linux_version}" + ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" + + # only cached-container-linux profile adds -b baseurl + baseurl_flag = "" + } } // Container Linux Install profile (from matchbox /assets cache) @@ -34,7 +49,22 @@ resource "matchbox_profile" "cached-container-linux-install" { "console=ttyS0", ] - container_linux_config = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + container_linux_config = "${data.template_file.cached-container-linux-install-config.rendered}" +} + +data "template_file" "cached-container-linux-install-config" { + template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + + vars { + container_linux_channel = "${var.container_linux_channel}" + container_linux_version = "${var.container_linux_version}" + ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" + + # profile uses -b baseurl to install from matchbox cache + baseurl_flag = "-b ${var.matchbox_http_endpoint}/assets/coreos" + } } // etcd3 profile diff --git a/examples/terraform/modules/profiles/variables.tf b/examples/terraform/modules/profiles/variables.tf index 450cf8bd..9d7fbadf 100644 --- a/examples/terraform/modules/profiles/variables.tf +++ b/examples/terraform/modules/profiles/variables.tf @@ -12,3 +12,17 @@ variable "container_linux_channel" { type = "string" description = "Container Linux channel corresponding to the container_linux_version" } + +# optional + +variable "install_disk" { + type = "string" + default = "/dev/sda" + description = "Disk device to which the install profiles should install Container Linux (e.g. /dev/sda)" +} + +variable "container_linux_oem" { + type = "string" + default = "" + description = "Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" +} diff --git a/tests/smoke/bootkube.tfvars b/tests/smoke/bootkube.tfvars index 89082eb1..93ae1fbb 100644 --- a/tests/smoke/bootkube.tfvars +++ b/tests/smoke/bootkube.tfvars @@ -19,5 +19,4 @@ k8s_domain_name = "cluster.example.com" asset_dir = "assets" # Optional -# container_linux_oem = "" -# experimental_self_hosted_etcd = "true" +cached_install = "true"