github-personal/terraform-render-bootstrap

mirror of https://github.com/outbackdingo/terraform-render-bootstrap.git synced 2026-01-27 18:20:40 +00:00

Go to file

Dalton Hubble 6e59af7113 Migrate from a self-hosted to static pod control plane

* Run kube-apiserver, kube-scheduler, and kube-controller-manager
as static pods on each controller node
* Boostrap a minimal control plane by copying `static-manifests`
to the Kubelet `--pod-manifest-path` and tls/auth secrets to
`/etc/kubernetes/bootstrap-secrets`. Then, kubectl apply Kubernetes
manifests.
* Discontinue using bootkube to bootstrap and pivot to a self-hosted
control plane.
* Remove bootkube self-hosted kube-apiserver DaemonSet and
kube-scheduler and kube-controller-manager Deployments
* Remove pod-checkpointer manifests (no longer needed)

Advantages:

* Reduce control plane bootstrapping complexity. Self-hosted pivot and
pod checkpointing worked well, but in-place edits to kube-apiserver,
kube-controller-manager, or kube-scheduler is infrequently used. The
concept was originally geared toward continuously in-place upgrading
clusters, a goal Typhoon doesn't take on (rec. blue/green clusters).
As such, the value-add isn't justifying the extra components for this
particular project.
* Static pods still provide kubectl visibility and log access

Drawbacks:

* In-place edits to kube-apiserver, kube-controller-manager, and
kube-scheduler are not possible via kubectl (non-goal)
* Assets must be copied to each controller (not just one)
* Static pod must load credentials via hostPath, which is less clean
compared with the former Kubernetes secrets and service accounts

2019-09-02 20:52:46 -07:00

resources

Migrate from a self-hosted to static pod control plane

2019-09-02 20:52:46 -07:00

.gitignore

Add support for calico networking

2017-09-01 10:27:43 -07:00

assets.tf

Migrate from a self-hosted to static pod control plane

2019-09-02 20:52:46 -07:00

conditional.tf

Migrate from Terraform v0.11.x to v0.12.x (breaking!)

2019-06-06 09:39:46 -07:00

LICENSE

Add MIT License

2017-08-02 00:05:04 -07:00

outputs.tf

Migrate from a self-hosted to static pod control plane

2019-09-02 20:52:46 -07:00

README.md

Migrate from a self-hosted to static pod control plane

2019-09-02 20:52:46 -07:00

terraform.tfvars.example

Remove experimental self-hosted etcd options

2017-12-11 21:51:07 -08:00

tls-aggregation.tf

Migrate from Terraform v0.11.x to v0.12.x (breaking!)

2019-06-06 09:39:46 -07:00

tls-etcd.tf

Migrate from Terraform v0.11.x to v0.12.x (breaking!)

2019-06-06 09:39:46 -07:00

tls-k8s.tf

Migrate from Terraform v0.11.x to v0.12.x (breaking!)

2019-06-06 09:39:46 -07:00

variables.tf

Migrate from a self-hosted to static pod control plane

2019-09-02 20:52:46 -07:00

versions.tf

Define module required provider versions

2019-06-06 09:39:48 -07:00

README.md

terraform-render-bootkube

terraform-render-bootkube is a Terraform module that renders TLS certificates, static pods, and manifests for bootstrapping a Kubernetes cluster.

Audience

terraform-render-bootstrap is a low-level component of the Typhoon Kubernetes distribution. Use Typhoon modules to create and manage Kubernetes clusters across supported platforms. Use the bootstrap module if you'd like to customize a Kubernetes control plane or build your own distribution.

Usage

Use the module to declare bootstrap assets. Check variables.tf for options and terraform.tfvars.example for examples.

module "bootstrap" {
  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=SHA"

  cluster_name = "example"
  api_servers = ["node1.example.com"]
  etcd_servers = ["node1.example.com"]
  asset_dir = "/home/core/clusters/mycluster"
}

Generate the assets.

terraform init
terraform plan
terraform apply

Find bootstrap assets rendered to the asset_dir path. That's it.