mirror of
https://github.com/outbackdingo/terraform-render-bootstrap.git
synced 2026-01-27 10:20:45 +00:00
ac5cb95774
* Generate TLS client certificates for kube-scheduler and kube-controller-manager with `system:kube-scheduler` and `system:kube-controller-manager` CNs * Template separate kubeconfigs for kube-scheduler and kube-controller manager (`scheduler.conf` and `controller-manager.conf`). Rename admin for clarity * Before v1.16.0, Typhoon scheduled a self-hosted control plane, which allowed the steady-state kube-scheduler and kube-controller-manager to use a scoped ServiceAccount. With a static pod control plane, separate CN TLS client certificates are the nearest equiv. * https://kubernetes.io/docs/setup/best-practices/certificates/ * Remove unused Kubelet certificate, TLS bootstrap is used instead
terraform-render-bootstrap
terraform-render-bootstrap is a Terraform module that renders TLS certificates, static pods, and manifests for bootstrapping a Kubernetes cluster.
Audience
terraform-render-bootstrap is a low-level component of the Typhoon Kubernetes distribution. Use Typhoon modules to create and manage Kubernetes clusters across supported platforms. Use the bootstrap module if you'd like to customize a Kubernetes control plane or build your own distribution.
Usage
Use the module to declare bootstrap assets. Check variables.tf for options and terraform.tfvars.example for examples.
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=SHA"
cluster_name = "example"
api_servers = ["node1.example.com"]
etcd_servers = ["node1.example.com"]
}
Generate assets in Terraform state.
terraform init
terraform plan
terraform apply
To inspect and write assets locally (e.g. debugging) use the assets_dist Terraform output.
resource local_file "assets" {
for_each = module.bootstrap.assets_dist
filename = "some-assets/${each.key}"
content = each.value
}