diff --git a/.gitignore b/.gitignore index 7f290157ac..a6e417a9a3 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,13 @@ # Output of the go coverage tool, specifically when used with LiteIDE *.out +### Terraform ### +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Auto-generated manifests +tfManifests/ diff --git a/prebuild/main.tf b/prebuild/main.tf new file mode 100644 index 0000000000..284be79f05 --- /dev/null +++ b/prebuild/main.tf @@ -0,0 +1,59 @@ +provider "aws" { + region = "${var.aws_region}" +} + +data "aws_availability_zones" "azs" {} +data "aws_region" "current" {} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + name = "${var.vpc_name}" + cidr = "${var.vpc_cidr}" + azs = "${data.aws_availability_zones.azs.names}" + public_subnets = "${var.vpc_public_networks}" + private_subnets = "${var.vpc_private_networks}" + + public_subnet_tags = { + Name = "${var.cluster_name}" + } + + private_subnet_tags = { + Name = "${var.cluster_name}" + } + + enable_nat_gateway = true + single_nat_gateway = true + + tags = { + Owner = "user" + Environment = "dev" + } + + vpc_tags = { + Name = "${var.vpc_name}" + } +} + +# Generate Manifest Dir +resource "template_dir" "manifests" { + source_dir = "${path.module}/resources" + destination_dir = "${path.cwd}/tfManifests" + + vars { + aws_availability_zone = "${data.aws_availability_zones.azs.names[0]}" + aws_machine_controller_image = "${var.container_images["aws_machine_controller"]}" + aws_region = "${data.aws_region.current.name}" + cluster_apiserver_image = "${var.container_images["cluster_apiserver"]}" + cluster_cidr = "${var.vpc_cidr}" + cluster_name = "${var.cluster_name}" + cluster_domain = "${var.cluster_domain}" + cluster_namespace = "${var.cluster_namespace}" + cluster_security_group = "${aws_security_group.cluster_default.id}" + controller_manager_image = "${var.container_images["controller_manager"]}" + etcd_image = "${var.container_images["etcd"]}" + apiserver_image = "${var.container_images["cluster_apiserver"]}" + pod_cidr = "${var.vpc_private_networks[1]}" + service_cidr = "${var.vpc_private_networks[0]}" + ssh_key_name = "${var.sshKey}" + } +} diff --git a/prebuild/resources/addons.yaml b/prebuild/resources/addons.yaml new file mode 100644 index 0000000000..127ec32564 --- /dev/null +++ b/prebuild/resources/addons.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ${cluster_namespace} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aws-credentials-secret + namespace: ${cluster_namespace} +type: Opaque +data: + awsAccessKeyId: + awsSecretAccessKey: diff --git a/prebuild/resources/cluster-api-server.yaml b/prebuild/resources/cluster-api-server.yaml new file mode 100644 index 0000000000..7286a28a28 --- /dev/null +++ b/prebuild/resources/cluster-api-server.yaml @@ -0,0 +1,220 @@ +apiVersion: apiregistration.k8s.io/v1beta1 +kind: APIService +metadata: + name: v1alpha1.cluster.k8s.io + labels: + api: clusterapi + apiserver: "true" +spec: + version: v1alpha1 + group: cluster.k8s.io + groupPriorityMinimum: 2000 + priority: 200 + service: + name: clusterapi + namespace: ${cluster_namespace} + versionPriority: 10 + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5RENDQWR5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVNrd0p3WURWUVFERXlCamJIVnoKZEdWeVlYQnBMV05sY25ScFptbGpZWFJsTFdGMWRHaHZjbWwwZVRBZUZ3MHhPREE0TURreE5EUXhOVFZhRncweQpPREE0TURZeE5EUXhOVFZhTUNzeEtUQW5CZ05WQkFNVElHTnNkWE4wWlhKaGNHa3RZMlZ5ZEdsbWFXTmhkR1V0CllYVjBhRzl5YVhSNU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNXU3QkdCODUKKzNPT0NIV0NCQjYrWFNSTkNxelhTazBCUFo5YjBsbkdBZGVLNHdxc2h2SUhhZ0N2WHRGZEx3Q21zMVBXbzNHMApUM2ExY2h6TVBSUFNwV01tcldDei9Ibm1zOG45RkVjZi9BRGJXcmw4V2I5akJlbHNlWGlQS2dyYVY4dnp6N0xHCnJvdDZMV2Q0RjVUaUo4Q2FuaGl3dTFqT1RkK2FiNHRxc0ZDU05CZDRzTXc0Y2loejNjVzZoNnZmTlJtZ2VDaUcKNXp4S2RRTlBNT08rZ01rQjZJUXZPcG5MdllEMWxDTkRMTHY0c3NKNncxbUxlVHZGME9BT3A5NWxuT3k0MUtJSgpWK1RaVGlMZHZ5aFdRMmJEekwvbG9vNitHSUJ5NWJMeGdBV3FUcGQ3blU5NElzWEpuQ1NQR20zUzVOLy96TjJSCnlzTTU1cnlSNlVMWlpRSURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEyQnI3MGNMT1BXM1g3bHpKdXBlOFpBTUM4Uk4rMUtwTgoxLzF2NitSNU1xMEtnSlFzTnFnUC9ZQWRUdGFvcVRsaGVhMnFMenBPSDBmNHlNZWthckhPd2VxZjVLL1JwLzdoCk1vNG9jT1ZUZm13OStWZmZ4Nk9RVHhxTTZ1dkszSXd6ZlBJa25hMWFsS3pBTmlxVkM5UTg0NExzMG42RDJDazUKK245Um82TUd5d1gybkVvUDd2bFJHdnB3ejExV0ZjcWNPTWp3WTV1aUlpdUlSOGhTNmpOSmJ6OUgvME5nNTB3egpOSFJOc3ltWkdvTEtYMDBBbjJyVVZ5ME53TllyNDAwR0VRQnVwcEtsNHJaNmw1UFR4N2ZoNy8zd0FOM0pmWEUwClA2NlFvY081WnJYQXF3ZXpva215bWp4MzFraElnRnZObDhUYzFXaEVmN01PbWRTd1duUUNQdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +--- +apiVersion: v1 +kind: Service +metadata: + name: clusterapi + namespace: ${cluster_namespace} + labels: + api: clusterapi + apiserver: "true" +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 443 + selector: + api: clusterapi + apiserver: "true" +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: clusterapi-apiserver + namespace: ${cluster_namespace} + labels: + api: clusterapi + apiserver: "true" +spec: + replicas: 1 + template: + metadata: + labels: + api: clusterapi + apiserver: "true" + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/notReady + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/unreachable + operator: Exists + containers: + - name: apiserver + image: ${apiserver_image} + volumeMounts: + - name: cluster-apiserver-certs + mountPath: /apiserver.local.config/certificates + readOnly: true + - name: config + mountPath: /etc/kubernetes + - name: certs + mountPath: /etc/ssl/certs + command: + - "./apiserver" + args: + - "--etcd-servers=http://etcd-clusterapi-svc:2379" + - "--tls-cert-file=/apiserver.local.config/certificates/tls.crt" + - "--tls-private-key-file=/apiserver.local.config/certificates/tls.key" + - "--audit-log-path=-" + - "--audit-log-maxage=0" + - "--audit-log-maxbackup=0" + - "--authorization-kubeconfig=/etc/kubernetes/admin.conf" + - "--kubeconfig=/etc/kubernetes/admin.conf" + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + cpu: 300m + memory: 200Mi + volumes: + - name: cluster-apiserver-certs + secret: + secretName: cluster-apiserver-certs + - name: config + hostPath: + path: /etc/kubernetes + - name: certs + hostPath: + path: /etc/ssl/certs +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: clusterapi + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: default + namespace: ${cluster_namespace} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: etcd-clusterapi + namespace: ${cluster_namespace} +spec: + serviceName: "etcd" + replicas: 1 + template: + metadata: + labels: + app: etcd + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/notReady + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/unreachable + operator: Exists + volumes: + - hostPath: + path: /var/lib/etcd2 + type: DirectoryOrCreate + name: etcd-data-dir + terminationGracePeriodSeconds: 10 + containers: + - name: etcd + image: ${etcd_image} + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + cpu: 200m + memory: 300Mi + env: + - name: ETCD_DATA_DIR + value: /etcd-data-dir + command: + - /usr/local/bin/etcd + - --listen-client-urls + - http://0.0.0.0:2379 + - --advertise-client-urls + - http://localhost:2379 + ports: + - containerPort: 2379 + volumeMounts: + - name: etcd-data-dir + mountPath: /etcd-data-dir + readinessProbe: + httpGet: + port: 2379 + path: /health + failureThreshold: 1 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + livenessProbe: + httpGet: + port: 2379 + path: /health + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 +--- +apiVersion: v1 +kind: Service +metadata: + name: etcd-clusterapi-svc + namespace: ${cluster_namespace} + labels: + app: etcd +spec: + ports: + - port: 2379 + name: etcd + targetPort: 2379 + selector: + app: etcd +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: cluster-apiserver-certs + namespace: ${cluster_namespace} + labels: + api: clusterapi + apiserver: "true" +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lJT3RCZ0hiT3pnZWN3RFFZSktvWklodmNOQVFFTEJRQXdLekVwTUNjR0ExVUUKQXhNZ1kyeDFjM1JsY21Gd2FTMWpaWEowYVdacFkyRjBaUzFoZFhSb2IzSnBkSGt3SGhjTk1UZ3dPREE1TVRRMApNVFUxV2hjTk1Ua3dPREE1TVRRME1UVTFXakFoTVI4d0hRWURWUVFERXhaamJIVnpkR1Z5WVhCcExtUmxabUYxCmJIUXVjM1pqTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEwQzdBVk9qQ2NuTHAKRngrSll6Q3JjYUJHZHpFMzRUeWxWTTFYUWhhK2R1ODJmVHY3cUQwWS93VGFOdjBlWm1hSDJJY3VKOXluR3dJUgpabTNWNDI4dWxzK01pQU45ZDhqVVdvcTNCL0RpVVoxZERQQ1JZd3ZxVFQwMk83MEdGNkZlMGpGTXFKVTVJOWYyCk9NOTlpeVA5dGlYWUM0MjNrQlBMN203ZDlUTFhIS2todkZkRmxVS1paSTJrSTQ3L29JYmttNlVWd25GT0pvNDcKenNhOFQranc2UUhQbUF2cGlnWDFQcEJManlqa1hiZ1dkcmdJNXJlamlTVnM5TEl1MGtsRkQvQ3NMUjBvL0YyeAo5cWtvZmM4ZjFIUlh4TE5scTlKdUxCMEJnWWd4cElqQm9aNW9McmJneGsyenVWT3NILzZLbXMzSFc5UGxXb3hoClBpVm9CYTVFSlFJREFRQUJvNEdSTUlHT01BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3IKQmdFRkJRY0RBVEJuQmdOVkhSRUVZREJlZ2dwamJIVnpkR1Z5WVhCcGdoSmpiSFZ6ZEdWeVlYQnBMbVJsWm1GMQpiSFNDRm1Oc2RYTjBaWEpoY0drdVpHVm1ZWFZzZEM1emRtT0NKR05zZFhOMFpYSmhjR2t1WkdWbVlYVnNkQzV6CmRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQXJabE5INlQwQ1dyVXI4Vm0KeHZCa2VqTlRiT0RzWXV1aGRxR2dzOS9LbW9xTFhTcmRqV2ErKzdOY2lxR3NLb0RaTUlydTJ3ekQ4NG5SSERLUgo1Z3lCeVJIRjVXNTgzRVhRTmp3Z1h4SnBXbm1sb3ZSaWtwcm96OTllOVhCREczeDNtUzliK0pqVWJNeE92OW9JCndXZm15SDN3SHNhczN6WkNDU2lzNDluM3hzQVJrUlk2RXN3em1HS0xubzlVWUlkbkcyRHpPZTJKdjROOEhlTjcKT0xVOXRMQWlXRkRhYnNuV3F2YnlPekwzR2RqYVdmVURqbUZoWDhFSzgrNVBNZVJFd3UrR1ppTzFvMVFFVjY4OAo1a3pNUCs4ZndRVlRWMDN2Smk3UW5odWNwT2hXMFZaZm9pT0t0MGt0aFBnKzJSMDFwOGh3RzBxZHgrVTVrSHpUClQzZ09rQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMEM3QVZPakNjbkxwRngrSll6Q3JjYUJHZHpFMzRUeWxWTTFYUWhhK2R1ODJmVHY3CnFEMFkvd1RhTnYwZVptYUgySWN1Sjl5bkd3SVJabTNWNDI4dWxzK01pQU45ZDhqVVdvcTNCL0RpVVoxZERQQ1IKWXd2cVRUMDJPNzBHRjZGZTBqRk1xSlU1STlmMk9NOTlpeVA5dGlYWUM0MjNrQlBMN203ZDlUTFhIS2todkZkRgpsVUtaWkkya0k0Ny9vSWJrbTZVVnduRk9KbzQ3enNhOFQranc2UUhQbUF2cGlnWDFQcEJManlqa1hiZ1dkcmdJCjVyZWppU1ZzOUxJdTBrbEZEL0NzTFIwby9GMng5cWtvZmM4ZjFIUlh4TE5scTlKdUxCMEJnWWd4cElqQm9aNW8KTHJiZ3hrMnp1Vk9zSC82S21zM0hXOVBsV294aFBpVm9CYTVFSlFJREFRQUJBb0lCQVFDdzRraEEzTlA2Y25CaQpXVVZlcGdmRnI2eXZzWDROUG40cm81MDBaaWJHMzFHbzdzSlFuRGtVMVlham1rV3VOQWZRam10RksxSkF2RzBVClh0YVJPL0tWNlJzNnBkeUJYbjR2d0JUc0Jsd0ZoSE4vZnhmSTFHTHI1Y3FpejJUUnh5Yk42VjE5RCsxUTZ6b2wKNHdhRXBydjNmQWdwS095QzJvODNzN09ibHVyM1NhUmxhWFYzM1VZVTY3SWhZN1lQTlVxdm1waHB5UUpVVGJFSwo5RHNMUFFzQUt3cUVGT0dOcTVmRENmTjRlUmM2VTVBVjVKa0txNTYxT2RrQy90YnlwL25YMG5idXJrdVB0STlmCkYrbzNzS1picVkyUFBSZ0NtaFhybFNrMW1TYkZDdnU5VS9sTHlUeTZQY1N4a2Y4M2ZNUGRQMVZ3Snd3V3pqQmEKMDhEQVY5T0JBb0dCQU5odUVMUHVoWTl0YkNKQVZqWkgwR3dWOTR5SWFkdE1Cbk54ZENZZGc0WitibzRVc0ZPMwpDM0x3ZURiSjZ2QVdyYktJMHRnenZuTnBMNFk4RTFRSTJKNlR2UTEyejhhdUNaQVI4T0pjQStUMUVJU1VncTZqCkZVL1ZFTElSYTZnbThDWDVXRmJJamdmVHpwYU1uNTVXWk1IU3cvVHlQdUlaRVArVU9SelZDb1o5QW9HQkFQWSsKckQvaXRsckc3SU5qK2Ywc1RoN0NUVmN2NklrUDVZYXNvVzUvRkhSemp1d0s5dTZkZnlWUTA0TjdmMktuWTM2awplemR1Mnc5Ry83WUE2UWRrbENQR0RXbVByY0REZUJhTWVOTC9UT2MzcU8xUTZVL2prRi9mV3V2MDMyaWpEQ1ZECnJ6NW1NLzAydGNXOFZNcnZWZ1drTHJ4VU9zcjFBZzB5T2JKdG1SekpBb0dBV2ltUUg4VlFNcTRkREMvTk9wTzAKU2pMa2k5RVFlR0UxbHNZKzR0b012dXpRMWJQY3VTTmFTNm5PQ3RVWFlLbXg5dHgxS2NoMG9OUEREcUxjVW5mVQo5a3NKeVNBajh0cng5T2prZHdocVB1bXcxZXFnZm14R0pwbldlTGcxSnpvQmRYQm8wczUrRE5pNkNaSFB0VUM4CmZOcDI5QVl2R0RYbEZQUUV6dlFaakdrQ2dZQlJodHA4cEZEL3FSQ3hSNjZDMWVKZmFMRTJocFFVblFDL0gvU3EKb3NSZzhjbUYrUE5jZVNTWmRETXpPdlluOFllTmJHT25MTHEyU2lsclZzM1FOc3FkTlh0SFVkeVRENlI0d3JWVwpGbFNkME4zTEJKamFiRnRtZ29xVnlKTVhEN1I3dWZjUlQ4RXl1cVJmL1VTTms4UUZSaUI3RmVBSlJpa1J1V2xFCjIraHZrUUtCZ1FDRTNCNHZaS3JiVXdYdXlYbnVBaXVWRlFCU3JqVkpscHFZMzgrVnVjQjBVQ3pVZzRCZWdZQ3EKdUxWelB1S1FSVVRWSzY2UEI5S1lGc1NxR2VVc0VHcEQwcEJrM09vcU42Q2RpbzA1MTdJYmVTcDV0dy9KYUduUgpPUmoyT1RSZmpab1BzcXJPbFVZOEEzVFZMWmM0MDhFQ3YxNVBlZGZXKzJUWS8ydTM2WGtCRkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/prebuild/resources/cluster.yaml b/prebuild/resources/cluster.yaml new file mode 100644 index 0000000000..1f609e0006 --- /dev/null +++ b/prebuild/resources/cluster.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: "cluster.k8s.io/v1alpha1" +kind: Cluster +metadata: + name: ${cluster_name} + namespace: ${cluster_namespace} +spec: + clusterNetwork: + services: + cidrBlocks: + - "${service_cidr}" + pods: + cidrBlocks: + - "${pod_cidr}" + serviceDomain: ${cluster_domain} diff --git a/prebuild/resources/machine-set.yaml b/prebuild/resources/machine-set.yaml new file mode 100644 index 0000000000..363457ef9e --- /dev/null +++ b/prebuild/resources/machine-set.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: cluster.k8s.io/v1alpha1 +kind: MachineSet +metadata: + name: aws-actuator-testing-machine + namespace: ${cluster_namespace} + labels: + sigs.k8s.io/cluster-api-cluster: ${cluster_name} + sigs.k8s.io/cluster-api-machine-role: infra + sigs.k8s.io/cluster-api-machine-type: master +spec: + replicas: 2 + selector: + matchLabels: + sigs.k8s.io/cluster-api-machineset: ${cluster_name}-master + sigs.k8s.io/cluster-api-cluster: ${cluster_name} + template: + metadata: + labels: + sigs.k8s.io/cluster-api-machineset: ${cluster_name}-master + sigs.k8s.io/cluster-api-cluster: ${cluster_name} + sigs.k8s.io/cluster-api-machine-role: infra + sigs.k8s.io/cluster-api-machine-type: master + spec: + providerConfig: + value: + apiVersion: aws.cluster.k8s.io/v1alpha1 + kind: AWSMachineProviderConfig + ami: + # id: ami-060f14ef82deddfc6 + filters: + - name: "image_stage" + values: + - "base" + - name: operating_system + values: + - "rhel" + - name: ready + values: + - "yes" + credentialsSecret: + name: aws-credentials-secret + instanceType: m4.xlarge + placement: + region: ${aws_region} + availabilityZone: ${aws_availability_zone} + iamInstanceProfile: + id: openshift_master_launch_instances + keyName: ${ssh_key_name} + tags: + - name: openshift-node-group-config + value: node-config-master + - name: host-type + value: master + - name: sub-host-type + value: default + securityGroups: + - id: ${cluster_security_group} + publicIP: true diff --git a/prebuild/resources/machine.yaml b/prebuild/resources/machine.yaml new file mode 100644 index 0000000000..5c71ec4d4a --- /dev/null +++ b/prebuild/resources/machine.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: "cluster.k8s.io/v1alpha1" +kind: Machine +metadata: + name: aws-actuator-testing-machine + namespace: ${cluster_namespace} + generateName: vs-master- + labels: + sigs.k8s.io/cluster-api-cluster: ${cluster_name} + sigs.k8s.io/cluster-api-machine-role: infra + sigs.k8s.io/cluster-api-machine-type: master +spec: + providerConfig: + value: + apiVersion: aws.cluster.k8s.io/v1alpha1 + kind: AWSMachineProviderConfig + ami: + # id: ami-060f14ef82deddfc6 + filters: + - name: "image_stage" + values: + - "base" + - name: operating_system + values: + - "rhel" + - name: ready + values: + - "yes" + credentialsSecret: + name: aws-credentials-secret + instanceType: m4.xlarge + placement: + region: ${aws_region} + availabilityZone: ${aws_availability_zone} + iamInstanceProfile: + id: openshift_master_launch_instances + keyName: ${ssh_key_name} + tags: + - name: openshift-node-group-config + value: node-config-master + - name: host-type + value: master + - name: sub-host-type + value: default + securityGroups: + - id: ${cluster_security_group} + publicIp: true + versions: + kubelet: 1.10.1 + controlPlane: 1.10.1 diff --git a/prebuild/resources/provider-components.yml b/prebuild/resources/provider-components.yml new file mode 100644 index 0000000000..eaa4794c27 --- /dev/null +++ b/prebuild/resources/provider-components.yml @@ -0,0 +1,83 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: clusterapi-controllers + labels: + api: clusterapi + namespace: ${cluster_namespace} +spec: + replicas: 1 + template: + metadata: + labels: + api: clusterapi + namespace: ${cluster_namespace} + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/notReady + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/unreachable + operator: Exists + containers: + - name: controller-manager + image: ${controller_manager_image} + volumeMounts: + - name: config + mountPath: /etc/kubernetes + - name: certs + mountPath: /etc/ssl/certs + command: + - "./controller-manager" + args: + - --kubeconfig=/etc/kubernetes/admin.conf + resources: + requests: + cpu: 100m + memory: 20Mi + limits: + cpu: 100m + memory: 30Mi + - name: aws-machine-controller + image: ${aws_machine_controller_image} + volumeMounts: + - name: config + mountPath: /etc/kubernetes + - name: certs + mountPath: /etc/ssl/certs + - name: kubeadm + mountPath: /usr/bin/kubeadm + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - /machine-controller + args: + - --log-level=debug + - --kubeconfig=/etc/kubernetes/admin.conf + resources: + requests: + cpu: 100m + memory: 20Mi + limits: + cpu: 100m + memory: 30Mi + volumes: + - name: config + hostPath: + path: /etc/kubernetes + - name: certs + hostPath: + path: /etc/ssl/certs + - name: kubeadm + hostPath: + path: /usr/bin/kubeadm diff --git a/prebuild/security_groups.tf b/prebuild/security_groups.tf new file mode 100644 index 0000000000..d0497f5c62 --- /dev/null +++ b/prebuild/security_groups.tf @@ -0,0 +1,29 @@ +resource "aws_security_group" "cluster_default" { + name = "${format("%s-default", var.cluster_name)}" + description = "${format("%s default security policy", var.cluster_name)}" + vpc_id = "${module.vpc.vpc_id}" + + tags { + Name = "${var.cluster_name}" + } +} + +resource "aws_security_group_rule" "deault_egress" { + type = "egress" + security_group_id = "${aws_security_group.cluster_default.id}" + + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "default_ingress_ssh" { + type = "ingress" + security_group_id = "${aws_security_group.cluster_default.id}" + + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + from_port = 22 + to_port = 22 +} diff --git a/prebuild/variables.tf b/prebuild/variables.tf new file mode 100644 index 0000000000..d9c81092a0 --- /dev/null +++ b/prebuild/variables.tf @@ -0,0 +1,58 @@ +variable "sshKey" { + type = "string" +} + +variable "cluster_domain" { + type = "string" +} + +variable "container_images" { + description = "Container images to use" + type = "map" + + default = { + aws_machine_controller = "quay.io/kalmog/aws-machine-controller:0.0.1" + cluster_apiserver = "gcr.io/k8s-cluster-api/cluster-apiserver:0.0.6" + controller_manager = "gcr.io/k8s-cluster-api/controller-manager:0.0.7" + etcd = "k8s.gcr.io/etcd:3.1.12" + } +} + +variable "cluster_namespace" { + type = "string" +} + +variable "cluster_name" { + type = "string" +} + +variable "aws_region" { + type = "string" + default = "us-east-1" +} + +variable "vpc_cidr" { + type = "string" + default = "10.0.0.0/16" +} + +variable "vpc_name" { + type = "string" + default = "test" +} + +variable "vpc_public_networks" { + default = [ + "10.0.101.0/24", + "10.0.102.0/24", + "10.0.103.0/24", + ] +} + +variable "vpc_private_networks" { + default = [ + "10.0.1.0/24", + "10.0.2.0/24", + "10.0.3.0/24", + ] +}