diff --git a/contrib/terraform/aws/README.md b/contrib/terraform/aws/README.md index 03bc4e23e..de858b2a9 100644 --- a/contrib/terraform/aws/README.md +++ b/contrib/terraform/aws/README.md @@ -14,20 +14,42 @@ This project will create: **How to Use:** -- Export the variables for your AWS credentials or edit credentials.tfvars: +- Export the variables for your AWS credentials or edit `credentials.tfvars`: ``` -export aws_access_key="xxx" -export aws_secret_key="yyy" -export aws_ssh_key_name="zzz" +export AWS_ACCESS_KEY_ID="www" +export AWS_SECRET_ACCESS_KEY ="xxx" +export AWS_SSH_KEY_NAME="yyy" +export AWS_DEFAULT_REGION="zzz" ``` +- Rename `contrib/terraform/aws/terraform.tfvars.example` to `terraform.tfvars` -- Update contrib/terraform/aws/terraform.tfvars with your data +- Update `contrib/terraform/aws/terraform.tfvars` with your data + - Allocate new AWS Elastic IPs: Depending on # of Availability Zones used (2 for each AZ) + - Create an AWS EC2 SSH Key -- Run with `terraform apply -var-file="credentials.tfvars"` or `terraform apply` depending if you exported your AWS credentials + +- Run with `terraform apply --var-file="credentials.tfvars"` or `terraform apply` depending if you exported your AWS credentials + +- Terraform automatically creates an Ansible Inventory file called `hosts` with the created infrastructure in the directory `inventory` - Once the infrastructure is created, you can run the kargo playbooks and supply inventory/hosts with the `-i` flag. +**Troubleshooting** + +***Remaining AWS IAM Instance Profile***: + +If the cluster was destroyed without using Terraform it is possible that +the AWS IAM Instance Profiles still remain. To delete them you can use +the `AWS CLI` with the following command: +``` +aws iam delete-instance-profile --region --instance-profile-name +``` + +***Ansible Inventory doesnt get created:*** + +It could happen that Terraform doesnt create an Ansible Inventory file automatically. If this is the case copy the output after `inventory=` and create a file named `hosts`in the directory `inventory` and paste the inventory into the file. + **Architecture** Pictured is an AWS Infrastructure created with this Terraform project distributed over two Availability Zones. diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf index 14da95492..781edea86 100644 --- a/contrib/terraform/aws/create-infrastructure.tf +++ b/contrib/terraform/aws/create-infrastructure.tf @@ -173,6 +173,7 @@ data "template_file" "inventory" { list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}" elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\"" elb_api_port = "loadbalancer_apiserver.port=${var.aws_elb_api_port}" + kube_insecure_apiserver_address = "kube_apiserver_insecure_bind_address: ${var.kube_insecure_apiserver_address}" } } diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf index fbe74f262..fabc0d218 100644 --- a/contrib/terraform/aws/output.tf +++ b/contrib/terraform/aws/output.tf @@ -18,3 +18,7 @@ output "etcd" { output "aws_elb_api_fqdn" { value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}" } + +output "inventory" { + value = "${data.template_file.inventory.rendered}" +} diff --git a/contrib/terraform/aws/templates/inventory.tpl b/contrib/terraform/aws/templates/inventory.tpl index 4140aa768..8d5afd1cf 100644 --- a/contrib/terraform/aws/templates/inventory.tpl +++ b/contrib/terraform/aws/templates/inventory.tpl @@ -25,3 +25,4 @@ kube-master [k8s-cluster:vars] ${elb_api_fqdn} ${elb_api_port} +${kube_insecure_apiserver_address} diff --git a/contrib/terraform/aws/terraform.tfvars.example b/contrib/terraform/aws/terraform.tfvars.example index 214ef89db..666b21db2 100644 --- a/contrib/terraform/aws/terraform.tfvars.example +++ b/contrib/terraform/aws/terraform.tfvars.example @@ -1,6 +1,5 @@ #Global Vars aws_cluster_name = "devtest" -aws_region = "eu-central-1" #VPC Vars aws_vpc_cidr_block = "10.250.192.0/18" @@ -28,5 +27,6 @@ aws_cluster_ami = "ami-903df7ff" #Settings AWS ELB -aws_elb_api_port = 443 -k8s_secure_api_port = 443 +aws_elb_api_port = 6443 +k8s_secure_api_port = 6443 +kube_insecure_apiserver_address = 0.0.0.0 diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf index 82e2fb018..c740e6472 100644 --- a/contrib/terraform/aws/variables.tf +++ b/contrib/terraform/aws/variables.tf @@ -95,3 +95,7 @@ variable "aws_elb_api_port" { variable "k8s_secure_api_port" { description = "Secure Port of K8S API Server" } + +variable "kube_insecure_apiserver_address" { + description= "Bind Address for insecure Port of K8s API Server" +}