Run terraform fmt and add step to CI (#4405)

* Run terraform fmt

* Add terraform fmt to .terraform-validate CI step

* Add tf-validate-aws CI step

* Revert "Add tf-validate-aws CI step"

This reverts commit e007225fac.
This commit is contained in:
Andreas Holmsten 2019-04-08 11:22:24 +02:00 committed by Kubernetes Prow Robot
parent 29825e6873
commit 01cf11b961
16 changed files with 231 additions and 261 deletions

View file

@ -769,6 +769,7 @@ tox-inventory-builder:
stage: unit-tests stage: unit-tests
script: script:
- terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER - terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER
- terraform fmt -check -diff ../../contrib/terraform/$PROVIDER
.terraform_apply: &terraform_apply .terraform_apply: &terraform_apply
<<: *terraform_install <<: *terraform_install

View file

@ -1,11 +1,11 @@
terraform { terraform {
required_version = ">= 0.8.7" required_version = ">= 0.8.7"
} }
provider "aws" { provider "aws" {
access_key = "${var.AWS_ACCESS_KEY_ID}" access_key = "${var.AWS_ACCESS_KEY_ID}"
secret_key = "${var.AWS_SECRET_ACCESS_KEY}" secret_key = "${var.AWS_SECRET_ACCESS_KEY}"
region = "${var.AWS_DEFAULT_REGION}" region = "${var.AWS_DEFAULT_REGION}"
} }
data "aws_availability_zones" "available" {} data "aws_availability_zones" "available" {}
@ -18,33 +18,30 @@ data "aws_availability_zones" "available" {}
module "aws-vpc" { module "aws-vpc" {
source = "modules/vpc" source = "modules/vpc"
aws_cluster_name = "${var.aws_cluster_name}" aws_cluster_name = "${var.aws_cluster_name}"
aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}" aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}"
aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}" aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}"
aws_cidr_subnets_private="${var.aws_cidr_subnets_private}" aws_cidr_subnets_private = "${var.aws_cidr_subnets_private}"
aws_cidr_subnets_public="${var.aws_cidr_subnets_public}" aws_cidr_subnets_public = "${var.aws_cidr_subnets_public}"
default_tags="${var.default_tags}" default_tags = "${var.default_tags}"
} }
module "aws-elb" { module "aws-elb" {
source = "modules/elb" source = "modules/elb"
aws_cluster_name="${var.aws_cluster_name}" aws_cluster_name = "${var.aws_cluster_name}"
aws_vpc_id="${module.aws-vpc.aws_vpc_id}" aws_vpc_id = "${module.aws-vpc.aws_vpc_id}"
aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}" aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}"
aws_subnet_ids_public="${module.aws-vpc.aws_subnet_ids_public}" aws_subnet_ids_public = "${module.aws-vpc.aws_subnet_ids_public}"
aws_elb_api_port = "${var.aws_elb_api_port}" aws_elb_api_port = "${var.aws_elb_api_port}"
k8s_secure_api_port = "${var.k8s_secure_api_port}" k8s_secure_api_port = "${var.k8s_secure_api_port}"
default_tags="${var.default_tags}" default_tags = "${var.default_tags}"
} }
module "aws-iam" { module "aws-iam" {
source = "modules/iam" source = "modules/iam"
aws_cluster_name="${var.aws_cluster_name}" aws_cluster_name = "${var.aws_cluster_name}"
} }
/* /*
@ -53,50 +50,44 @@ module "aws-iam" {
*/ */
resource "aws_instance" "bastion-server" { resource "aws_instance" "bastion-server" {
ami = "${data.aws_ami.distro.id}" ami = "${data.aws_ami.distro.id}"
instance_type = "${var.aws_bastion_size}" instance_type = "${var.aws_bastion_size}"
count = "${length(var.aws_cidr_subnets_public)}" count = "${length(var.aws_cidr_subnets_public)}"
associate_public_ip_address = true associate_public_ip_address = true
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}" subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}"
vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] key_name = "${var.AWS_SSH_KEY_NAME}"
key_name = "${var.AWS_SSH_KEY_NAME}" tags = "${merge(var.default_tags, map(
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}",
"Cluster", "${var.aws_cluster_name}", "Cluster", "${var.aws_cluster_name}",
"Role", "bastion-${var.aws_cluster_name}-${count.index}" "Role", "bastion-${var.aws_cluster_name}-${count.index}"
))}" ))}"
} }
/* /*
* Create K8s Master and worker nodes and etcd instances * Create K8s Master and worker nodes and etcd instances
* *
*/ */
resource "aws_instance" "k8s-master" { resource "aws_instance" "k8s-master" {
ami = "${data.aws_ami.distro.id}" ami = "${data.aws_ami.distro.id}"
instance_type = "${var.aws_kube_master_size}" instance_type = "${var.aws_kube_master_size}"
count = "${var.aws_kube_master_num}" count = "${var.aws_kube_master_num}"
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
iam_instance_profile = "${module.aws-iam.kube-master-profile}"
key_name = "${var.AWS_SSH_KEY_NAME}"
vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] tags = "${merge(var.default_tags, map(
iam_instance_profile = "${module.aws-iam.kube-master-profile}"
key_name = "${var.AWS_SSH_KEY_NAME}"
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-master${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-master${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "master" "Role", "master"
@ -104,88 +95,77 @@ resource "aws_instance" "k8s-master" {
} }
resource "aws_elb_attachment" "attach_master_nodes" { resource "aws_elb_attachment" "attach_master_nodes" {
count = "${var.aws_kube_master_num}" count = "${var.aws_kube_master_num}"
elb = "${module.aws-elb.aws_elb_api_id}" elb = "${module.aws-elb.aws_elb_api_id}"
instance = "${element(aws_instance.k8s-master.*.id,count.index)}" instance = "${element(aws_instance.k8s-master.*.id,count.index)}"
} }
resource "aws_instance" "k8s-etcd" { resource "aws_instance" "k8s-etcd" {
ami = "${data.aws_ami.distro.id}" ami = "${data.aws_ami.distro.id}"
instance_type = "${var.aws_etcd_size}" instance_type = "${var.aws_etcd_size}"
count = "${var.aws_etcd_num}" count = "${var.aws_etcd_num}"
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
key_name = "${var.AWS_SSH_KEY_NAME}"
vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] tags = "${merge(var.default_tags, map(
key_name = "${var.AWS_SSH_KEY_NAME}"
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "etcd" "Role", "etcd"
))}" ))}"
} }
resource "aws_instance" "k8s-worker" { resource "aws_instance" "k8s-worker" {
ami = "${data.aws_ami.distro.id}" ami = "${data.aws_ami.distro.id}"
instance_type = "${var.aws_kube_worker_size}" instance_type = "${var.aws_kube_worker_size}"
count = "${var.aws_kube_worker_num}" count = "${var.aws_kube_worker_num}"
availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}" availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}" subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ] vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
iam_instance_profile = "${module.aws-iam.kube-worker-profile}" iam_instance_profile = "${module.aws-iam.kube-worker-profile}"
key_name = "${var.AWS_SSH_KEY_NAME}" key_name = "${var.AWS_SSH_KEY_NAME}"
tags = "${merge(var.default_tags, map(
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}", "Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member", "kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "worker" "Role", "worker"
))}" ))}"
} }
/* /*
* Create Kubespray Inventory File * Create Kubespray Inventory File
* *
*/ */
data "template_file" "inventory" { data "template_file" "inventory" {
template = "${file("${path.module}/templates/inventory.tpl")}" template = "${file("${path.module}/templates/inventory.tpl")}"
vars {
public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}"
connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}"
list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}"
list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
}
vars {
public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}"
connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}"
list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}"
list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
}
} }
resource "null_resource" "inventories" { resource "null_resource" "inventories" {
provisioner "local-exec" { provisioner "local-exec" {
command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}" command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}"
} }
triggers { triggers {
template = "${data.template_file.inventory.rendered}" template = "${data.template_file.inventory.rendered}"
} }
} }

View file

@ -1,55 +1,54 @@
resource "aws_security_group" "aws-elb" { resource "aws_security_group" "aws-elb" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
vpc_id = "${var.aws_vpc_id}" vpc_id = "${var.aws_vpc_id}"
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb" "Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
))}" ))}"
} }
resource "aws_security_group_rule" "aws-allow-api-access" { resource "aws_security_group_rule" "aws-allow-api-access" {
type = "ingress" type = "ingress"
from_port = "${var.aws_elb_api_port}" from_port = "${var.aws_elb_api_port}"
to_port = "${var.k8s_secure_api_port}" to_port = "${var.k8s_secure_api_port}"
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.aws-elb.id}" security_group_id = "${aws_security_group.aws-elb.id}"
} }
resource "aws_security_group_rule" "aws-allow-api-egress" { resource "aws_security_group_rule" "aws-allow-api-egress" {
type = "egress" type = "egress"
from_port = 0 from_port = 0
to_port = 65535 to_port = 65535
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.aws-elb.id}" security_group_id = "${aws_security_group.aws-elb.id}"
} }
# Create a new AWS ELB for K8S API # Create a new AWS ELB for K8S API
resource "aws_elb" "aws-elb-api" { resource "aws_elb" "aws-elb-api" {
name = "kubernetes-elb-${var.aws_cluster_name}" name = "kubernetes-elb-${var.aws_cluster_name}"
subnets = ["${var.aws_subnet_ids_public}"] subnets = ["${var.aws_subnet_ids_public}"]
security_groups = ["${aws_security_group.aws-elb.id}"] security_groups = ["${aws_security_group.aws-elb.id}"]
listener { listener {
instance_port = "${var.k8s_secure_api_port}" instance_port = "${var.k8s_secure_api_port}"
instance_protocol = "tcp" instance_protocol = "tcp"
lb_port = "${var.aws_elb_api_port}" lb_port = "${var.aws_elb_api_port}"
lb_protocol = "tcp" lb_protocol = "tcp"
} }
health_check { health_check {
healthy_threshold = 2 healthy_threshold = 2
unhealthy_threshold = 2 unhealthy_threshold = 2
timeout = 3 timeout = 3
target = "TCP:${var.k8s_secure_api_port}" target = "TCP:${var.k8s_secure_api_port}"
interval = 30 interval = 30
} }
cross_zone_load_balancing = true cross_zone_load_balancing = true
idle_timeout = 400 idle_timeout = 400
connection_draining = true connection_draining = true
connection_draining_timeout = 400 connection_draining_timeout = 400
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(

View file

@ -1,7 +1,7 @@
output "aws_elb_api_id" { output "aws_elb_api_id" {
value = "${aws_elb.aws-elb-api.id}" value = "${aws_elb.aws-elb-api.id}"
} }
output "aws_elb_api_fqdn" { output "aws_elb_api_fqdn" {
value = "${aws_elb.aws-elb-api.dns_name}" value = "${aws_elb.aws-elb-api.dns_name}"
} }

View file

@ -1,33 +1,30 @@
variable "aws_cluster_name" { variable "aws_cluster_name" {
description = "Name of Cluster" description = "Name of Cluster"
} }
variable "aws_vpc_id" { variable "aws_vpc_id" {
description = "AWS VPC ID" description = "AWS VPC ID"
} }
variable "aws_elb_api_port" { variable "aws_elb_api_port" {
description = "Port for AWS ELB" description = "Port for AWS ELB"
} }
variable "k8s_secure_api_port" { variable "k8s_secure_api_port" {
description = "Secure Port of K8S API Server" description = "Secure Port of K8S API Server"
} }
variable "aws_avail_zones" { variable "aws_avail_zones" {
description = "Availability Zones Used" description = "Availability Zones Used"
type = "list" type = "list"
} }
variable "aws_subnet_ids_public" { variable "aws_subnet_ids_public" {
description = "IDs of Public Subnets" description = "IDs of Public Subnets"
type = "list" type = "list"
} }
variable "default_tags" { variable "default_tags" {
description = "Tags for all resources" description = "Tags for all resources"
type = "map" type = "map"
} }

View file

@ -1,8 +1,9 @@
#Add AWS Roles for Kubernetes #Add AWS Roles for Kubernetes
resource "aws_iam_role" "kube-master" { resource "aws_iam_role" "kube-master" {
name = "kubernetes-${var.aws_cluster_name}-master" name = "kubernetes-${var.aws_cluster_name}-master"
assume_role_policy = <<EOF
assume_role_policy = <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [ "Statement": [
@ -19,8 +20,9 @@ EOF
} }
resource "aws_iam_role" "kube-worker" { resource "aws_iam_role" "kube-worker" {
name = "kubernetes-${var.aws_cluster_name}-node" name = "kubernetes-${var.aws_cluster_name}-node"
assume_role_policy = <<EOF
assume_role_policy = <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [ "Statement": [
@ -39,9 +41,10 @@ EOF
#Add AWS Policies for Kubernetes #Add AWS Policies for Kubernetes
resource "aws_iam_role_policy" "kube-master" { resource "aws_iam_role_policy" "kube-master" {
name = "kubernetes-${var.aws_cluster_name}-master" name = "kubernetes-${var.aws_cluster_name}-master"
role = "${aws_iam_role.kube-master.id}" role = "${aws_iam_role.kube-master.id}"
policy = <<EOF
policy = <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [ "Statement": [
@ -73,9 +76,10 @@ EOF
} }
resource "aws_iam_role_policy" "kube-worker" { resource "aws_iam_role_policy" "kube-worker" {
name = "kubernetes-${var.aws_cluster_name}-node" name = "kubernetes-${var.aws_cluster_name}-node"
role = "${aws_iam_role.kube-worker.id}" role = "${aws_iam_role.kube-worker.id}"
policy = <<EOF
policy = <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [ "Statement": [
@ -124,15 +128,14 @@ resource "aws_iam_role_policy" "kube-worker" {
EOF EOF
} }
#Create AWS Instance Profiles #Create AWS Instance Profiles
resource "aws_iam_instance_profile" "kube-master" { resource "aws_iam_instance_profile" "kube-master" {
name = "kube_${var.aws_cluster_name}_master_profile" name = "kube_${var.aws_cluster_name}_master_profile"
role = "${aws_iam_role.kube-master.name}" role = "${aws_iam_role.kube-master.name}"
} }
resource "aws_iam_instance_profile" "kube-worker" { resource "aws_iam_instance_profile" "kube-worker" {
name = "kube_${var.aws_cluster_name}_node_profile" name = "kube_${var.aws_cluster_name}_node_profile"
role = "${aws_iam_role.kube-worker.name}" role = "${aws_iam_role.kube-worker.name}"
} }

View file

@ -1,7 +1,7 @@
output "kube-master-profile" { output "kube-master-profile" {
value = "${aws_iam_instance_profile.kube-master.name }" value = "${aws_iam_instance_profile.kube-master.name }"
} }
output "kube-worker-profile" { output "kube-worker-profile" {
value = "${aws_iam_instance_profile.kube-worker.name }" value = "${aws_iam_instance_profile.kube-worker.name }"
} }

View file

@ -1,3 +1,3 @@
variable "aws_cluster_name" { variable "aws_cluster_name" {
description = "Name of Cluster" description = "Name of Cluster"
} }

View file

@ -1,58 +1,53 @@
resource "aws_vpc" "cluster-vpc" { resource "aws_vpc" "cluster-vpc" {
cidr_block = "${var.aws_vpc_cidr_block}" cidr_block = "${var.aws_vpc_cidr_block}"
#DNS Related Entries #DNS Related Entries
enable_dns_support = true enable_dns_support = true
enable_dns_hostnames = true enable_dns_hostnames = true
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-vpc" "Name", "kubernetes-${var.aws_cluster_name}-vpc"
))}" ))}"
} }
resource "aws_eip" "cluster-nat-eip" { resource "aws_eip" "cluster-nat-eip" {
count = "${length(var.aws_cidr_subnets_public)}" count = "${length(var.aws_cidr_subnets_public)}"
vpc = true vpc = true
} }
resource "aws_internet_gateway" "cluster-vpc-internetgw" { resource "aws_internet_gateway" "cluster-vpc-internetgw" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-internetgw" "Name", "kubernetes-${var.aws_cluster_name}-internetgw"
))}" ))}"
} }
resource "aws_subnet" "cluster-vpc-subnets-public" { resource "aws_subnet" "cluster-vpc-subnets-public" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
count="${length(var.aws_avail_zones)}" count = "${length(var.aws_avail_zones)}"
availability_zone = "${element(var.aws_avail_zones, count.index)}" availability_zone = "${element(var.aws_avail_zones, count.index)}"
cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}" cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}"
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public", "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member" "kubernetes.io/cluster/${var.aws_cluster_name}", "member"
))}" ))}"
} }
resource "aws_nat_gateway" "cluster-nat-gateway" { resource "aws_nat_gateway" "cluster-nat-gateway" {
count = "${length(var.aws_cidr_subnets_public)}" count = "${length(var.aws_cidr_subnets_public)}"
allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}" allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}"
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}"
} }
resource "aws_subnet" "cluster-vpc-subnets-private" { resource "aws_subnet" "cluster-vpc-subnets-private" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
count="${length(var.aws_avail_zones)}" count = "${length(var.aws_avail_zones)}"
availability_zone = "${element(var.aws_avail_zones, count.index)}" availability_zone = "${element(var.aws_avail_zones, count.index)}"
cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}" cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}"
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private" "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private"
))}" ))}"
} }
@ -62,81 +57,78 @@ resource "aws_subnet" "cluster-vpc-subnets-private" {
#TODO: Do we need two routing tables for each subnet for redundancy or is one enough? #TODO: Do we need two routing tables for each subnet for redundancy or is one enough?
resource "aws_route_table" "kubernetes-public" { resource "aws_route_table" "kubernetes-public" {
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}"
}
tags = "${merge(var.default_tags, map( route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}"
}
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-public" "Name", "kubernetes-${var.aws_cluster_name}-routetable-public"
))}" ))}"
} }
resource "aws_route_table" "kubernetes-private" { resource "aws_route_table" "kubernetes-private" {
count = "${length(var.aws_cidr_subnets_private)}" count = "${length(var.aws_cidr_subnets_private)}"
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}"
}
tags = "${merge(var.default_tags, map( route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}"
}
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}" "Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}"
))}" ))}"
} }
resource "aws_route_table_association" "kubernetes-public" { resource "aws_route_table_association" "kubernetes-public" {
count = "${length(var.aws_cidr_subnets_public)}" count = "${length(var.aws_cidr_subnets_public)}"
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id,count.index)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id,count.index)}"
route_table_id = "${aws_route_table.kubernetes-public.id}" route_table_id = "${aws_route_table.kubernetes-public.id}"
} }
resource "aws_route_table_association" "kubernetes-private" { resource "aws_route_table_association" "kubernetes-private" {
count = "${length(var.aws_cidr_subnets_private)}" count = "${length(var.aws_cidr_subnets_private)}"
subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id,count.index)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id,count.index)}"
route_table_id = "${element(aws_route_table.kubernetes-private.*.id,count.index)}" route_table_id = "${element(aws_route_table.kubernetes-private.*.id,count.index)}"
} }
#Kubernetes Security Groups #Kubernetes Security Groups
resource "aws_security_group" "kubernetes" { resource "aws_security_group" "kubernetes" {
name = "kubernetes-${var.aws_cluster_name}-securitygroup" name = "kubernetes-${var.aws_cluster_name}-securitygroup"
vpc_id = "${aws_vpc.cluster-vpc.id}" vpc_id = "${aws_vpc.cluster-vpc.id}"
tags = "${merge(var.default_tags, map( tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup" "Name", "kubernetes-${var.aws_cluster_name}-securitygroup"
))}" ))}"
} }
resource "aws_security_group_rule" "allow-all-ingress" { resource "aws_security_group_rule" "allow-all-ingress" {
type = "ingress" type = "ingress"
from_port = 0 from_port = 0
to_port = 65535 to_port = 65535
protocol = "-1" protocol = "-1"
cidr_blocks= ["${var.aws_vpc_cidr_block}"] cidr_blocks = ["${var.aws_vpc_cidr_block}"]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = "${aws_security_group.kubernetes.id}"
} }
resource "aws_security_group_rule" "allow-all-egress" { resource "aws_security_group_rule" "allow-all-egress" {
type = "egress" type = "egress"
from_port = 0 from_port = 0
to_port = 65535 to_port = 65535
protocol = "-1" protocol = "-1"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = "${aws_security_group.kubernetes.id}"
} }
resource "aws_security_group_rule" "allow-ssh-connections" { resource "aws_security_group_rule" "allow-ssh-connections" {
type = "ingress" type = "ingress"
from_port = 22 from_port = 22
to_port = 22 to_port = 22
protocol = "TCP" protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kubernetes.id}" security_group_id = "${aws_security_group.kubernetes.id}"
} }

View file

@ -1,21 +1,19 @@
output "aws_vpc_id" { output "aws_vpc_id" {
value = "${aws_vpc.cluster-vpc.id}" value = "${aws_vpc.cluster-vpc.id}"
} }
output "aws_subnet_ids_private" { output "aws_subnet_ids_private" {
value = ["${aws_subnet.cluster-vpc-subnets-private.*.id}"] value = ["${aws_subnet.cluster-vpc-subnets-private.*.id}"]
} }
output "aws_subnet_ids_public" { output "aws_subnet_ids_public" {
value = ["${aws_subnet.cluster-vpc-subnets-public.*.id}"] value = ["${aws_subnet.cluster-vpc-subnets-public.*.id}"]
} }
output "aws_security_group" { output "aws_security_group" {
value = ["${aws_security_group.kubernetes.*.id}"] value = ["${aws_security_group.kubernetes.*.id}"]
} }
output "default_tags" { output "default_tags" {
value = "${var.default_tags}" value = "${var.default_tags}"
} }

View file

@ -1,29 +1,27 @@
variable "aws_vpc_cidr_block" { variable "aws_vpc_cidr_block" {
description = "CIDR Blocks for AWS VPC" description = "CIDR Blocks for AWS VPC"
} }
variable "aws_cluster_name" { variable "aws_cluster_name" {
description = "Name of Cluster" description = "Name of Cluster"
} }
variable "aws_avail_zones" { variable "aws_avail_zones" {
description = "AWS Availability Zones Used" description = "AWS Availability Zones Used"
type = "list" type = "list"
} }
variable "aws_cidr_subnets_private" { variable "aws_cidr_subnets_private" {
description = "CIDR Blocks for private subnets in Availability zones" description = "CIDR Blocks for private subnets in Availability zones"
type = "list" type = "list"
} }
variable "aws_cidr_subnets_public" { variable "aws_cidr_subnets_public" {
description = "CIDR Blocks for public subnets in Availability zones" description = "CIDR Blocks for public subnets in Availability zones"
type = "list" type = "list"
} }
variable "default_tags" { variable "default_tags" {
description = "Default tags for all resources" description = "Default tags for all resources"
type = "map" type = "map"
} }

View file

@ -1,28 +1,27 @@
output "bastion_ip" { output "bastion_ip" {
value = "${join("\n", aws_instance.bastion-server.*.public_ip)}" value = "${join("\n", aws_instance.bastion-server.*.public_ip)}"
} }
output "masters" { output "masters" {
value = "${join("\n", aws_instance.k8s-master.*.private_ip)}" value = "${join("\n", aws_instance.k8s-master.*.private_ip)}"
} }
output "workers" { output "workers" {
value = "${join("\n", aws_instance.k8s-worker.*.private_ip)}" value = "${join("\n", aws_instance.k8s-worker.*.private_ip)}"
} }
output "etcd" { output "etcd" {
value = "${join("\n", aws_instance.k8s-etcd.*.private_ip)}" value = "${join("\n", aws_instance.k8s-etcd.*.private_ip)}"
} }
output "aws_elb_api_fqdn" { output "aws_elb_api_fqdn" {
value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}" value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}"
} }
output "inventory" { output "inventory" {
value = "${data.template_file.inventory.rendered}" value = "${data.template_file.inventory.rendered}"
} }
output "default_tags" { output "default_tags" {
value = "${var.default_tags}" value = "${var.default_tags}"
} }

View file

@ -44,18 +44,18 @@ variable "aws_vpc_cidr_block" {
variable "aws_cidr_subnets_private" { variable "aws_cidr_subnets_private" {
description = "CIDR Blocks for private subnets in Availability Zones" description = "CIDR Blocks for private subnets in Availability Zones"
type = "list" type = "list"
} }
variable "aws_cidr_subnets_public" { variable "aws_cidr_subnets_public" {
description = "CIDR Blocks for public subnets in Availability Zones" description = "CIDR Blocks for public subnets in Availability Zones"
type = "list" type = "list"
} }
//AWS EC2 Settings //AWS EC2 Settings
variable "aws_bastion_size" { variable "aws_bastion_size" {
description = "EC2 Instance Size of Bastion Host" description = "EC2 Instance Size of Bastion Host"
} }
/* /*
@ -64,27 +64,27 @@ variable "aws_bastion_size" {
* AWS Availability Zones without an remainder. * AWS Availability Zones without an remainder.
*/ */
variable "aws_kube_master_num" { variable "aws_kube_master_num" {
description = "Number of Kubernetes Master Nodes" description = "Number of Kubernetes Master Nodes"
} }
variable "aws_kube_master_size" { variable "aws_kube_master_size" {
description = "Instance size of Kube Master Nodes" description = "Instance size of Kube Master Nodes"
} }
variable "aws_etcd_num" { variable "aws_etcd_num" {
description = "Number of etcd Nodes" description = "Number of etcd Nodes"
} }
variable "aws_etcd_size" { variable "aws_etcd_size" {
description = "Instance size of etcd Nodes" description = "Instance size of etcd Nodes"
} }
variable "aws_kube_worker_num" { variable "aws_kube_worker_num" {
description = "Number of Kubernetes Worker Nodes" description = "Number of Kubernetes Worker Nodes"
} }
variable "aws_kube_worker_size" { variable "aws_kube_worker_size" {
description = "Instance size of Kubernetes Worker Nodes" description = "Instance size of Kubernetes Worker Nodes"
} }
/* /*
@ -92,16 +92,16 @@ variable "aws_kube_worker_size" {
* *
*/ */
variable "aws_elb_api_port" { variable "aws_elb_api_port" {
description = "Port for AWS ELB" description = "Port for AWS ELB"
} }
variable "k8s_secure_api_port" { variable "k8s_secure_api_port" {
description = "Secure Port of K8S API Server" description = "Secure Port of K8S API Server"
} }
variable "default_tags" { variable "default_tags" {
description = "Default tags for all resources" description = "Default tags for all resources"
type = "map" type = "map"
} }
variable "inventory_file" { variable "inventory_file" {

View file

@ -1,6 +1,5 @@
# Configure the Packet Provider # Configure the Packet Provider
provider "packet" { provider "packet" {}
}
resource "packet_ssh_key" "k8s" { resource "packet_ssh_key" "k8s" {
count = "${var.public_key_path != "" ? 1 : 0}" count = "${var.public_key_path != "" ? 1 : 0}"
@ -19,7 +18,6 @@ resource "packet_device" "k8s_master" {
billing_cycle = "${var.billing_cycle}" billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}" project_id = "${var.packet_project_id}"
tags = ["cluster-${var.cluster_name}", "k8s-cluster", "kube-master", "etcd", "kube-node"] tags = ["cluster-${var.cluster_name}", "k8s-cluster", "kube-master", "etcd", "kube-node"]
} }
resource "packet_device" "k8s_master_no_etcd" { resource "packet_device" "k8s_master_no_etcd" {

View file

@ -1,15 +1,15 @@
output "k8s_masters" { output "k8s_masters" {
value = "${packet_device.k8s_master.*.access_public_ipv4}" value = "${packet_device.k8s_master.*.access_public_ipv4}"
} }
output "k8s_masters_no_etc" { output "k8s_masters_no_etc" {
value = "${packet_device.k8s_master_no_etcd.*.access_public_ipv4}" value = "${packet_device.k8s_master_no_etcd.*.access_public_ipv4}"
} }
output "k8s_etcds" { output "k8s_etcds" {
value = "${packet_device.k8s_etcd.*.access_public_ipv4}" value = "${packet_device.k8s_etcd.*.access_public_ipv4}"
} }
output "k8s_nodes" { output "k8s_nodes" {
value = "${packet_device.k8s_node.*.access_public_ipv4}" value = "${packet_device.k8s_node.*.access_public_ipv4}"
} }

View file

@ -14,14 +14,19 @@ facility = "ewr1"
# standalone etcds # standalone etcds
number_of_etcd = 0 number_of_etcd = 0
plan_etcd = "t1.small.x86" plan_etcd = "t1.small.x86"
# masters # masters
number_of_k8s_masters = 1 number_of_k8s_masters = 1
number_of_k8s_masters_no_etcd = 0 number_of_k8s_masters_no_etcd = 0
plan_k8s_masters = "t1.small.x86" plan_k8s_masters = "t1.small.x86"
plan_k8s_masters_no_etcd = "t1.small.x86" plan_k8s_masters_no_etcd = "t1.small.x86"
# nodes # nodes
number_of_k8s_nodes = 2 number_of_k8s_nodes = 2
plan_k8s_nodes = "t1.small.x86" plan_k8s_nodes = "t1.small.x86"