-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathkube-controller-manager.tf
121 lines (114 loc) · 4.84 KB
/
kube-controller-manager.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
data "local_file" "kube-controller-manager-csr-json" {
filename = "${path.root}/kube-controller-manager/kube-controller-manager-csr.json"
}
resource "shell_script" "kube-controller-manager" {
lifecycle_commands {
create = <<-EOF
../bin/cfssl gencert \
-ca=../ca/ca.pem \
-ca-key=../ca/ca-key.pem \
-config=../ca/ca-config.json \
-profile=kubernetes \
kube-controller-manager-csr.json \
| ../bin/cfssljson -bare kube-controller-manager
EOF
read = <<-EOF
echo "{\"pem_b64\": \"$(cat kube-controller-manager.pem|base64)\",
\"csr_b64\": \"$(cat kube-controller-manager.csr|base64)\",
\"key_b64\": \"$(cat kube-controller-manager-key.pem|base64)\"}"
EOF
delete = <<-EOF
rm -f kube-controller-manager.pem
rm -f kube-controller-manager-key.pem
rm -f kube-controller-manager.csr
EOF
}
working_directory = "${path.root}/kube-controller-manager"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, data.local_file.kube-controller-manager-csr-json]
}
resource "shell_script" "kube-controller-manager-kubeconfig" {
lifecycle_commands {
create = <<-EOF
../bin/kubectl-local config set-cluster ${var.cluster_name} \
--certificate-authority=../ca/ca.pem \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=kube-controller-manager.kubeconfig
../bin/kubectl-local config set-credentials system:kube-controller-manager \
--client-certificate=kube-controller-manager.pem \
--client-key=kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
../bin/kubectl-local config set-context default --cluster=${var.cluster_name} \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
../bin/kubectl-local config use-context default \
--kubeconfig=kube-controller-manager.kubeconfig
EOF
read = <<-EOF
echo "{\"b64\": \"$(cat kube-controller-manager.kubeconfig|base64)\"}"
EOF
delete = <<-EOF
rm -f kube-controller-manager.kubeconfig
EOF
}
working_directory = "${path.root}/kube-controller-manager"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, shell_script.kube-controller-manager]
}
resource "shell_script" "kube-controller-manager-bin" {
lifecycle_commands {
create = <<-EOF
mkdir -p bin
wget -q --https-only --timestamping "https://storage.googleapis.com/kubernetes-release/release/${var.kubernetes_version}/bin/linux/amd64/kube-controller-manager" -O bin/kube-controller-manager
chmod +x bin/kube-controller-manager
EOF
read = <<-EOF
echo "{\"md5\": \"$(md5sum bin/kube-controller-manager|base64)\"}"
EOF
delete = "rm -f bin/kube-controller-manager"
}
}
resource "local_file" "kube-controller-manager-service" {
filename = "${path.root}/kube-controller-manager/kube-controller-manager.service"
file_permission = "0660"
content = <<-EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-controller-manager \
--bind-address=0.0.0.0 \
--cluster-cidr=10.200.0.0/16 \
--cluster-name=${var.cluster_name} \
--cluster-signing-cert-file=/var/lib/kubernetes/ca.pem \
--cluster-signing-key-file=/var/lib/kubernetes/ca-key.pem \
--kubeconfig=/var/lib/kubernetes/kube-controller-manager.kubeconfig \
--leader-elect=true \
--root-ca-file=/var/lib/kubernetes/ca.pem \
--service-account-private-key-file=/var/lib/kubernetes/service-account-key.pem \
--service-cluster-ip-range=10.32.0.0/24 \
--use-service-account-credentials=true \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
}
resource "shell_script" "kube-controller-manager-playbook" {
lifecycle_commands {
create = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook kube-controller-manager/playbook.yaml
EOF
update = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook kube-controller-manager/playbook.yaml
EOF
read = <<-EOF
echo "{\"file\": \"$(cat kube-controller-manager/playbook.yaml|base64)\",
\"check\": \"$(ANSIBLE_CONFIG=ansible.cfg ansible-playbook --check kube-controller-manager/playbook.yaml|base64)\"
}"
EOF
delete = ""
}
depends_on = [shell_script.kubernetes-playbook, data.local_file.kube-controller-manager-csr-json, shell_script.kube-controller-manager, shell_script.kube-controller-manager-kubeconfig, shell_script.kube-controller-manager-bin, local_file.kube-controller-manager-service]
}