mirror of
https://github.com/outbackdingo/terraform-render-bootstrap.git
synced 2026-01-27 18:20:40 +00:00
Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
92ff0f253a | ||
|
|
4f6af5b811 | ||
|
|
f76e58b56d | ||
|
|
383aba4e8e | ||
|
|
aebb45e6e9 | ||
|
|
b6b320ef6a | ||
|
|
9f4ffe273b | ||
|
|
74366f6076 | ||
|
|
db7c13f5ee | ||
|
|
3ac28c9210 | ||
|
|
64748203ba | ||
|
|
262cc49856 | ||
|
|
125f29d43d | ||
|
|
aded06a0a7 | ||
|
|
cc2b45780a | ||
|
|
d93b7e4dc8 | ||
|
|
48b33db1f1 | ||
|
|
8a9b6f1270 | ||
|
|
3b8d762081 | ||
|
|
9c144e6522 | ||
|
|
c0d4f56a4c | ||
|
|
62c887f41b |
30
README.md
30
README.md
@@ -1,42 +1,42 @@
|
||||
# bootkube-terraform
|
||||
# terraform-render-bootkube
|
||||
|
||||
`bootkube-terraform` is Terraform module that renders [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube) bootstrapping assets. It functions as a low-level component of the [Typhoon](https://github.com/poseidon/typhoon) Kubernetes distribution.
|
||||
`terraform-render-bootkube` is a Terraform module that renders [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube) assets for bootstrapping a Kubernetes cluster.
|
||||
|
||||
The module provides many of the same variable names, defaults, features, and outputs as running `bootkube render` directly.
|
||||
## Audience
|
||||
|
||||
`terraform-render-bootkube` is a low-level component of the [Typhoon](https://github.com/poseidon/typhoon) Kubernetes distribution. Use Typhoon modules to create and manage Kubernetes clusters across supported platforms. Use the bootkube module if you'd like to customize a Kubernetes control plane or build your own distribution.
|
||||
|
||||
## Usage
|
||||
|
||||
Use [Typhoon](https://github.com/poseidon/typhoon) to create and manage Kubernetes clusters in different environments. Use `bootkube-terraform` if you require low-level customizations to the control plane or wish to build your own distribution.
|
||||
|
||||
Add the `bootkube-terraform` module alongside existing Terraform configs. Provide the variables listed in `variables.tf` or check `terraform.tfvars.example` for examples.
|
||||
Use the module to declare bootkube assets. Check [variables.tf](variables.tf) for options and [terraform.tfvars.example](terraform.tfvars.example) for examples.
|
||||
|
||||
```hcl
|
||||
module "bootkube" {
|
||||
source = "git://https://github.com/dghubble/bootkube-terraform.git?ref=SHA"
|
||||
source = "git://https://github.com/poseidon/terraform-render-bootkube.git?ref=SHA"
|
||||
|
||||
cluster_name = "example"
|
||||
api_servers = ["node1.example.com"]
|
||||
etcd_servers = ["node1.example.com"]
|
||||
asset_dir = "/home/core/clusters/mycluster"
|
||||
experimental_self_hosted_etcd = false
|
||||
}
|
||||
```
|
||||
|
||||
Alternately, use a local checkout of this repo and copy `terraform.tfvars.example` to `terraform.tfvars` to generate assets without an existing terraform config repo.
|
||||
|
||||
Generate the bootkube assets.
|
||||
Generate the assets.
|
||||
|
||||
```sh
|
||||
terraform get
|
||||
terraform init
|
||||
terraform get --update
|
||||
terraform plan
|
||||
terraform apply
|
||||
```
|
||||
|
||||
Find bootkube assets rendered to the `asset_dir` path. That's it.
|
||||
|
||||
### Comparison
|
||||
|
||||
Render bootkube assets directly with bootkube v0.6.2.
|
||||
Render bootkube assets directly with bootkube v0.8.2.
|
||||
|
||||
#### On-host etcd
|
||||
#### On-host etcd (recommended)
|
||||
|
||||
```sh
|
||||
bootkube render --asset-dir=assets --api-servers=https://node1.example.com:443 --api-server-alt-names=DNS=node1.example.com --etcd-servers=https://node1.example.com:2379
|
||||
@@ -51,7 +51,7 @@ popd
|
||||
diff -rw assets /home/core/mycluster
|
||||
```
|
||||
|
||||
#### Self-hosted etcd
|
||||
#### Self-hosted etcd (deprecated)
|
||||
|
||||
```sh
|
||||
bootkube render --asset-dir=assets --api-servers=https://node1.example.com:443 --api-server-alt-names=DNS=node1.example.com --experimental-self-hosted-etcd
|
||||
|
||||
@@ -19,8 +19,13 @@ resource "template_dir" "manifests" {
|
||||
destination_dir = "${var.asset_dir}/manifests"
|
||||
|
||||
vars {
|
||||
hyperkube_image = "${var.container_images["hyperkube"]}"
|
||||
etcd_servers = "${var.experimental_self_hosted_etcd ? format("https://%s:2379", cidrhost(var.service_cidr, 15)) : join(",", formatlist("https://%s:2379", var.etcd_servers))}"
|
||||
hyperkube_image = "${var.container_images["hyperkube"]}"
|
||||
pod_checkpointer_image = "${var.container_images["pod_checkpointer"]}"
|
||||
kubedns_image = "${var.container_images["kubedns"]}"
|
||||
kubedns_dnsmasq_image = "${var.container_images["kubedns_dnsmasq"]}"
|
||||
kubedns_sidecar_image = "${var.container_images["kubedns_sidecar"]}"
|
||||
|
||||
etcd_servers = "${var.experimental_self_hosted_etcd ? format("https://%s:2379", cidrhost(var.service_cidr, 15)) : join(",", formatlist("https://%s:2379", var.etcd_servers))}"
|
||||
|
||||
cloud_provider = "${var.cloud_provider}"
|
||||
pod_cidr = "${var.pod_cidr}"
|
||||
|
||||
@@ -6,6 +6,9 @@ resource "template_dir" "flannel-manifests" {
|
||||
destination_dir = "${var.asset_dir}/manifests-networking"
|
||||
|
||||
vars {
|
||||
flannel_image = "${var.container_images["flannel"]}"
|
||||
flannel_cni_image = "${var.container_images["flannel_cni"]}"
|
||||
|
||||
pod_cidr = "${var.pod_cidr}"
|
||||
}
|
||||
}
|
||||
@@ -16,6 +19,9 @@ resource "template_dir" "calico-manifests" {
|
||||
destination_dir = "${var.asset_dir}/manifests-networking"
|
||||
|
||||
vars {
|
||||
calico_image = "${var.container_images["calico"]}"
|
||||
calico_cni_image = "${var.container_images["calico_cni"]}"
|
||||
|
||||
network_mtu = "${var.network_mtu}"
|
||||
pod_cidr = "${var.pod_cidr}"
|
||||
}
|
||||
@@ -52,7 +58,9 @@ resource "template_dir" "experimental-manifests" {
|
||||
destination_dir = "${var.asset_dir}/experimental/manifests"
|
||||
|
||||
vars {
|
||||
etcd_service_ip = "${cidrhost(var.service_cidr, 15)}"
|
||||
etcd_operator_image = "${var.container_images["etcd_operator"]}"
|
||||
etcd_checkpointer_image = "${var.container_images["etcd_checkpointer"]}"
|
||||
etcd_service_ip = "${cidrhost(var.service_cidr, 15)}"
|
||||
|
||||
# Self-hosted etcd TLS certs / keys
|
||||
etcd_ca_cert = "${base64encode(tls_self_signed_cert.etcd-ca.cert_pem)}"
|
||||
|
||||
@@ -12,7 +12,7 @@ spec:
|
||||
- /var/lock/api-server.lock
|
||||
- /hyperkube
|
||||
- apiserver
|
||||
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
|
||||
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
|
||||
- --advertise-address=$(POD_IP)
|
||||
- --allow-privileged=true
|
||||
- --authorization-mode=RBAC
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: calico-node
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: calico-node
|
||||
|
||||
@@ -10,7 +10,7 @@ data:
|
||||
"name": "k8s-pod-network",
|
||||
"cniVersion": "0.3.0",
|
||||
"type": "calico",
|
||||
"log_level": "debug",
|
||||
"log_level": "info",
|
||||
"datastore_type": "kubernetes",
|
||||
"nodename": "__KUBERNETES_NODE_NAME__",
|
||||
"mtu": ${network_mtu},
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: calico-node
|
||||
@@ -27,7 +27,7 @@ spec:
|
||||
operator: "Exists"
|
||||
containers:
|
||||
- name: calico-node
|
||||
image: quay.io/calico/node:v2.5.1
|
||||
image: ${calico_image}
|
||||
env:
|
||||
# Use Kubernetes API as the backing datastore.
|
||||
- name: DATASTORE_TYPE
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
readOnly: false
|
||||
# Install Calico CNI binaries and CNI network config file on nodes
|
||||
- name: install-cni
|
||||
image: quay.io/calico/cni:v1.10.0
|
||||
image: ${calico_cni_image}
|
||||
command: ["/install-cni.sh"]
|
||||
env:
|
||||
- name: CNI_NETWORK_CONFIG
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: etcd-operator
|
||||
@@ -6,12 +6,10 @@ metadata:
|
||||
labels:
|
||||
k8s-app: etcd-operator
|
||||
spec:
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 1
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: etcd-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -19,7 +17,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: etcd-operator
|
||||
image: quay.io/coreos/etcd-operator:v0.5.0
|
||||
image: ${etcd_operator_image}
|
||||
command:
|
||||
- /usr/local/bin/etcd-operator
|
||||
- --analytics=false
|
||||
@@ -41,3 +39,8 @@ spec:
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 1
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: "extensions/v1beta1"
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-etcd-network-checkpointer
|
||||
@@ -7,6 +7,10 @@ metadata:
|
||||
tier: control-plane
|
||||
k8s-app: kube-etcd-network-checkpointer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: control-plane
|
||||
k8s-app: kube-etcd-network-checkpointer
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -16,7 +20,7 @@ spec:
|
||||
checkpointer.alpha.coreos.com/checkpoint: "true"
|
||||
spec:
|
||||
containers:
|
||||
- image: quay.io/coreos/kenc:0.0.2
|
||||
- image: ${etcd_checkpointer_image}
|
||||
name: kube-etcd-network-checkpointer
|
||||
securityContext:
|
||||
privileged: true
|
||||
@@ -10,11 +10,22 @@ data:
|
||||
cni-conf.json: |
|
||||
{
|
||||
"name": "cbr0",
|
||||
"type": "flannel",
|
||||
"delegate": {
|
||||
"isDefaultGateway": true,
|
||||
"hairpinMode": true
|
||||
}
|
||||
"cniVersion": "0.3.1",
|
||||
"plugins": [
|
||||
{
|
||||
"type": "flannel",
|
||||
"delegate": {
|
||||
"hairpinMode": true,
|
||||
"isDefaultGateway": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "portmap",
|
||||
"capabilities": {
|
||||
"portMappings": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
net-conf.json: |
|
||||
{
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-flannel
|
||||
@@ -7,6 +7,10 @@ metadata:
|
||||
tier: node
|
||||
k8s-app: flannel
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: node
|
||||
k8s-app: flannel
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -15,7 +19,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-flannel
|
||||
image: quay.io/coreos/flannel:v0.8.0-amd64
|
||||
image: ${flannel_image}
|
||||
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr", "--iface=$(POD_IP)"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
@@ -40,7 +44,7 @@ spec:
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
- name: install-cni
|
||||
image: quay.io/coreos/flannel-cni:v0.2.0
|
||||
image: ${flannel_cni_image}
|
||||
command: ["/install-cni.sh"]
|
||||
env:
|
||||
- name: CNI_NETWORK_CONFIG
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: "extensions/v1beta1"
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-apiserver
|
||||
@@ -7,6 +7,10 @@ metadata:
|
||||
tier: control-plane
|
||||
k8s-app: kube-apiserver
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: control-plane
|
||||
k8s-app: kube-apiserver
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -24,7 +28,7 @@ spec:
|
||||
- /var/lock/api-server.lock
|
||||
- /hyperkube
|
||||
- apiserver
|
||||
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
|
||||
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
|
||||
- --advertise-address=$(POD_IP)
|
||||
- --allow-privileged=true
|
||||
- --anonymous-auth=false
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kube-controller-manager
|
||||
@@ -8,6 +8,10 @@ metadata:
|
||||
k8s-app: kube-controller-manager
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: control-plane
|
||||
k8s-app: kube-controller-manager
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kube-dns
|
||||
@@ -41,7 +41,7 @@ spec:
|
||||
optional: true
|
||||
containers:
|
||||
- name: kubedns
|
||||
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4
|
||||
image: ${kubedns_image}
|
||||
resources:
|
||||
# TODO: Set memory limits when we've profiled the container for large
|
||||
# clusters, then set request = limit to keep this container in
|
||||
@@ -92,7 +92,7 @@ spec:
|
||||
- name: kube-dns-config
|
||||
mountPath: /kube-dns-config
|
||||
- name: dnsmasq
|
||||
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4
|
||||
image: ${kubedns_dnsmasq_image}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthcheck/dnsmasq
|
||||
@@ -110,6 +110,7 @@ spec:
|
||||
- --
|
||||
- -k
|
||||
- --cache-size=1000
|
||||
- --no-negcache
|
||||
- --log-facility=-
|
||||
- --server=/cluster.local/127.0.0.1#10053
|
||||
- --server=/in-addr.arpa/127.0.0.1#10053
|
||||
@@ -130,7 +131,7 @@ spec:
|
||||
- name: kube-dns-config
|
||||
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
||||
- name: sidecar
|
||||
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4
|
||||
image: ${kubedns_sidecar_image}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: "extensions/v1beta1"
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
@@ -7,6 +7,10 @@ metadata:
|
||||
tier: node
|
||||
k8s-app: kube-proxy
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: node
|
||||
k8s-app: kube-proxy
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -33,6 +37,9 @@ spec:
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
@@ -47,13 +54,16 @@ spec:
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
volumes:
|
||||
- hostPath:
|
||||
- name: lib-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
- name: ssl-certs-host
|
||||
hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
- name: etc-kubernetes
|
||||
hostPath:
|
||||
path: /etc/kubernetes
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
type: RollingUpdate
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kube-scheduler
|
||||
@@ -8,6 +8,10 @@ metadata:
|
||||
k8s-app: kube-scheduler
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: control-plane
|
||||
k8s-app: kube-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: system:default-sa
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: "extensions/v1beta1"
|
||||
apiVersion: apps/v1beta2
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: pod-checkpointer
|
||||
@@ -7,6 +7,10 @@ metadata:
|
||||
tier: control-plane
|
||||
k8s-app: pod-checkpointer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
tier: control-plane
|
||||
k8s-app: pod-checkpointer
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -17,10 +21,9 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: pod-checkpointer
|
||||
image: quay.io/coreos/pod-checkpointer:0cd390e0bc1dcdcc714b20eda3435c3d00669d0e
|
||||
image: ${pod_checkpointer_image}
|
||||
command:
|
||||
- /checkpoint
|
||||
- --v=4
|
||||
- --lock-file=/var/run/lock/pod-checkpointer.lock
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
@@ -57,6 +60,6 @@ spec:
|
||||
hostPath:
|
||||
path: /var/run
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
|
||||
12
tls-etcd.tf
12
tls-etcd.tf
@@ -100,13 +100,13 @@ resource "tls_cert_request" "client" {
|
||||
"${cidrhost(var.service_cidr, 20)}",
|
||||
]
|
||||
|
||||
dns_names = "${concat(
|
||||
dns_names = ["${concat(
|
||||
var.etcd_servers,
|
||||
list(
|
||||
"localhost",
|
||||
"*.kube-etcd.kube-system.svc.cluster.local",
|
||||
"kube-etcd-client.kube-system.svc.cluster.local",
|
||||
))}"
|
||||
))}"]
|
||||
}
|
||||
|
||||
resource "tls_locally_signed_cert" "client" {
|
||||
@@ -146,13 +146,13 @@ resource "tls_cert_request" "server" {
|
||||
"${cidrhost(var.service_cidr, 20)}",
|
||||
]
|
||||
|
||||
dns_names = "${concat(
|
||||
dns_names = ["${concat(
|
||||
var.etcd_servers,
|
||||
list(
|
||||
"localhost",
|
||||
"*.kube-etcd.kube-system.svc.cluster.local",
|
||||
"kube-etcd-client.kube-system.svc.cluster.local",
|
||||
))}"
|
||||
))}"]
|
||||
}
|
||||
|
||||
resource "tls_locally_signed_cert" "server" {
|
||||
@@ -190,12 +190,12 @@ resource "tls_cert_request" "peer" {
|
||||
"${cidrhost(var.service_cidr, 20)}",
|
||||
]
|
||||
|
||||
dns_names = "${concat(
|
||||
dns_names = ["${concat(
|
||||
var.etcd_servers,
|
||||
list(
|
||||
"*.kube-etcd.kube-system.svc.cluster.local",
|
||||
"kube-etcd-client.kube-system.svc.cluster.local",
|
||||
))}"
|
||||
))}"]
|
||||
}
|
||||
|
||||
resource "tls_locally_signed_cert" "peer" {
|
||||
|
||||
18
variables.tf
18
variables.tf
@@ -4,12 +4,12 @@ variable "cluster_name" {
|
||||
}
|
||||
|
||||
variable "api_servers" {
|
||||
description = "URL used to reach kube-apiserver"
|
||||
description = "List of URLs used to reach kube-apiserver"
|
||||
type = "list"
|
||||
}
|
||||
|
||||
variable "etcd_servers" {
|
||||
description = "List of etcd server URLs including protocol, host, and port. Ignored if experimental self-hosted etcd is enabled."
|
||||
description = "List of URLs used to reach etcd servers. Ignored if experimental self-hosted etcd is enabled."
|
||||
type = "list"
|
||||
}
|
||||
|
||||
@@ -62,8 +62,18 @@ variable "container_images" {
|
||||
type = "map"
|
||||
|
||||
default = {
|
||||
hyperkube = "quay.io/coreos/hyperkube:v1.7.5_coreos.0"
|
||||
etcd = "quay.io/coreos/etcd:v3.1.8"
|
||||
calico = "quay.io/calico/node:v2.6.1"
|
||||
calico_cni = "quay.io/calico/cni:v1.11.0"
|
||||
etcd = "quay.io/coreos/etcd:v3.1.8"
|
||||
etcd_operator = "quay.io/coreos/etcd-operator:v0.5.0"
|
||||
etcd_checkpointer = "quay.io/coreos/kenc:0.0.2"
|
||||
flannel = "quay.io/coreos/flannel:v0.9.0-amd64"
|
||||
flannel_cni = "quay.io/coreos/flannel-cni:v0.3.0"
|
||||
hyperkube = "gcr.io/google_containers/hyperkube:v1.8.3"
|
||||
kubedns = "gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5"
|
||||
kubedns_dnsmasq = "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5"
|
||||
kubedns_sidecar = "gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5"
|
||||
pod_checkpointer = "quay.io/coreos/pod-checkpointer:e22cc0e3714378de92f45326474874eb602ca0ac"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user