github-personal/terraform-render-bootstrap
1
0
Fork 0
mirror of https://github.com/outbackdingo/terraform-render-bootstrap.git synced 2026-01-27 10:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
275 Commits 1 Branch 20 Tags
a83ddbb30ed5b377209c5291977fd94fedb8de45
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dalton Hubble a83ddbb30e Add CoreDNS "soft" nodeAffinity for controller nodes 
* Add nodeAffinity to CoreDNS deployment PodSpec to
prefer running CoreDNS pods on controllers, while
relying on podAntiAffinity for spreading.
* For single master clusters, running two CoreDNS pods
on the master or running one pod on a worker is
permissible.
* Note: Its still _possible_ to end up with CoreDNS pods
all running on workers since we only express scheduling
preference ("soft"), but unlikely. Plus the motivating
scenario (below) is also rare.

Background:

* CoreDNS replicas are set to the higher of 2 or the
number of control plane nodes to (at a minimum) support
Deployment updates or pod restarts and match the cluster
size (e.g. 5 master/controller nodes likely means a
larger cluster, so run 5 CoreDNS replicas)
* In the past (before v1.14), we required kube-dns (CoreOS
predecessor) to run CoreDNS pods on master nodes. With
CoreDNS this node selection was relaxed. We'd like a
gentler form of it now.

Motivation:

* On clusters using 100% preemptible/spot workers, it is
possible that CoreDNS pods schedule to workers that are all
preempted at the same time, causing a loss of cluster internal
DNS service until a CoreDNS pod reschedules (1 min). We'd like
CoreDNS to prefer controller/master nodes (which aren't preempted)
to reduce the possibility of control plane disruption
2020-05-09 22:48:56 -07:00
resources
Add CoreDNS "soft" nodeAffinity for controller nodes
2020-05-09 22:48:56 -07:00
.gitignore
Add support for calico networking
2017-09-01 10:27:43 -07:00
auth.tf
Enable Kubelet TLS bootstrap and NodeRestriction
2020-04-25 19:38:56 -07:00
conditional.tf
Change default kube-system DaemonSet tolerations
2020-03-25 22:43:50 -07:00
LICENSE
Add MIT License
2017-08-02 00:05:04 -07:00
manifests.tf
Enable Kubelet TLS bootstrap and NodeRestriction
2020-04-25 19:38:56 -07:00
outputs.tf
Enable Kubelet TLS bootstrap and NodeRestriction
2020-04-25 19:38:56 -07:00
README.md
Change asset_dir variable from required to optional
2019-12-05 00:56:54 -08:00
terraform.tfvars.example
Change asset_dir variable from required to optional
2019-12-05 00:56:54 -08:00
tls-aggregation.tf
Fix terraform format with fmt
2019-12-05 01:02:01 -08:00
tls-etcd.tf
Fix terraform format with fmt
2019-12-05 01:02:01 -08:00
tls-k8s.tf
Fix terraform format with fmt
2019-12-05 01:02:01 -08:00
variables.tf
Update Calico from v3.13.3 to v3.14.0
2020-05-09 16:02:38 -07:00
versions.tf
Enable Kubelet TLS bootstrap and NodeRestriction
2020-04-25 19:38:56 -07:00

README.md

terraform-render-bootstrap

terraform-render-bootstrap is a Terraform module that renders TLS certificates, static pods, and manifests for bootstrapping a Kubernetes cluster.

Audience

terraform-render-bootstrap is a low-level component of the Typhoon Kubernetes distribution. Use Typhoon modules to create and manage Kubernetes clusters across supported platforms. Use the bootstrap module if you'd like to customize a Kubernetes control plane or build your own distribution.

Usage

Use the module to declare bootstrap assets. Check variables.tf for options and terraform.tfvars.example for examples.

module "bootstrap" {
  source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=SHA"

  cluster_name = "example"
  api_servers = ["node1.example.com"]
  etcd_servers = ["node1.example.com"]
}

Generate the assets.

terraform init
terraform plan
terraform apply

Find bootstrap assets rendered to the asset_dir path. That's it.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 667 KiB
Languages
HCL 100%