diff --git a/.gitignore b/.gitignore index a6e417a9a3..47d811c333 100644 --- a/.gitignore +++ b/.gitignore @@ -19,5 +19,8 @@ *.tfstate *.tfstate.* +# Terraform plan file +*.tfplan.* + # Auto-generated manifests tfManifests/ diff --git a/hack/aws-provision.sh b/hack/aws-provision.sh new file mode 100755 index 0000000000..941c257172 --- /dev/null +++ b/hack/aws-provision.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# Your AWS user account +export TF_VAR_aws_user=$(aws iam get-user | jq --raw-output '.User.UserName') + +export TF_VAR_cluster_domain="aos-cloud.eu" +export TF_VAR_cluster_name=$(whoami) +export TF_VAR_cluster_namespace="dev-${TF_VAR_cluster_name}" + +export TF_IN_AUTOMATION="true" + +cd ./prebuild +echo "*** starting terraform" + +terraform init -input=false +if [ $? == "0" ]; then + terraform plan -input=false -out=tfplan.out && terraform apply -input=false -auto-approve tfplan.out +fi diff --git a/hack/prebuild/README.md b/hack/prebuild/README.md new file mode 100644 index 0000000000..99a671d8b0 --- /dev/null +++ b/hack/prebuild/README.md @@ -0,0 +1,19 @@ +# Building a dev environment using terraform +This directory holds the recipes required in order to deploy a working AWS dev environment using [terraform](https://www.terraform.io/downloads.html). + +## Deployment Instructions +1. Download terraform from the link above and place it into your `$PATH`. +2. The following environment variables need to be set: + 1. `TF_VAR_aws_user` your AWS username (`aws iam get-user | jq --raw-output '.User.UserName'`) + 2. `TF_VAR_cluster_domain` The Route53 domain name to be used for the cluster. + 3. `TF_VAR_cluster_name` (self explanatory...) + 4. `TF_VAR_cluster_namespace`: the namespace to deploy the cluster components to (suggestion: `dev-${TF_VAR_cluster_name}`) + +4. Run terraform: +``` +> terraform init +> terraform plan +> terraform apply +``` + +To destroy the environment, simply run `terraform destroy`. diff --git a/prebuild/main.tf b/hack/prebuild/main.tf similarity index 93% rename from prebuild/main.tf rename to hack/prebuild/main.tf index 284be79f05..ea300fc80e 100644 --- a/prebuild/main.tf +++ b/hack/prebuild/main.tf @@ -7,7 +7,7 @@ data "aws_region" "current" {} module "vpc" { source = "terraform-aws-modules/vpc/aws" - name = "${var.vpc_name}" + name = "vpc-${var.cluster_name}" cidr = "${var.vpc_cidr}" azs = "${data.aws_availability_zones.azs.names}" public_subnets = "${var.vpc_public_networks}" @@ -25,15 +25,16 @@ module "vpc" { single_nat_gateway = true tags = { - Owner = "user" + Owner = "${var.aws_user}" Environment = "dev" } vpc_tags = { - Name = "${var.vpc_name}" + Name = "vpc-${var.cluster_name}" } } +/* # Generate Manifest Dir resource "template_dir" "manifests" { source_dir = "${path.module}/resources" @@ -57,3 +58,5 @@ resource "template_dir" "manifests" { ssh_key_name = "${var.sshKey}" } } +*/ + diff --git a/prebuild/security_groups.tf b/hack/prebuild/security_groups.tf similarity index 84% rename from prebuild/security_groups.tf rename to hack/prebuild/security_groups.tf index d0497f5c62..f768a7ef8c 100644 --- a/prebuild/security_groups.tf +++ b/hack/prebuild/security_groups.tf @@ -18,12 +18,12 @@ resource "aws_security_group_rule" "deault_egress" { cidr_blocks = ["0.0.0.0/0"] } -resource "aws_security_group_rule" "default_ingress_ssh" { +resource "aws_security_group_rule" "default_ingress" { type = "ingress" security_group_id = "${aws_security_group.cluster_default.id}" - protocol = "tcp" + from_port = 0 + to_port = 0 + protocol = "-1" cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - to_port = 22 } diff --git a/prebuild/variables.tf b/hack/prebuild/variables.tf similarity index 76% rename from prebuild/variables.tf rename to hack/prebuild/variables.tf index d9c81092a0..7fd7d9a92b 100644 --- a/prebuild/variables.tf +++ b/hack/prebuild/variables.tf @@ -1,29 +1,18 @@ -variable "sshKey" { +// Your aws account user name +variable "aws_user" { type = "string" } variable "cluster_domain" { - type = "string" -} - -variable "container_images" { - description = "Container images to use" - type = "map" - - default = { - aws_machine_controller = "quay.io/kalmog/aws-machine-controller:0.0.1" - cluster_apiserver = "gcr.io/k8s-cluster-api/cluster-apiserver:0.0.6" - controller_manager = "gcr.io/k8s-cluster-api/controller-manager:0.0.7" - etcd = "k8s.gcr.io/etcd:3.1.12" - } + type = "string" } variable "cluster_namespace" { - type = "string" + type = "string" } variable "cluster_name" { - type = "string" + type = "string" } variable "aws_region" { @@ -36,11 +25,6 @@ variable "vpc_cidr" { default = "10.0.0.0/16" } -variable "vpc_name" { - type = "string" - default = "test" -} - variable "vpc_public_networks" { default = [ "10.0.101.0/24", @@ -56,3 +40,17 @@ variable "vpc_private_networks" { "10.0.3.0/24", ] } + +// only needed if we want to dynamically generate +// the manifests +variable "container_images" { + description = "Container images to use" + type = "map" + + default = { + aws_machine_controller = "openshift/origin-aws-machine-controllers" + cluster_apiserver = "gcr.io/k8s-cluster-api/cluster-apiserver:0.0.6" + controller_manager = "gcr.io/k8s-cluster-api/controller-manager:0.0.7" + etcd = "k8s.gcr.io/etcd:3.1.12" + } +} diff --git a/prebuild/resources/addons.yaml b/prebuild/resources/addons.yaml deleted file mode 100644 index 127ec32564..0000000000 --- a/prebuild/resources/addons.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: ${cluster_namespace} ---- -apiVersion: v1 -kind: Secret -metadata: - name: aws-credentials-secret - namespace: ${cluster_namespace} -type: Opaque -data: - awsAccessKeyId: - awsSecretAccessKey: diff --git a/prebuild/resources/cluster-api-server.yaml b/prebuild/resources/cluster-api-server.yaml deleted file mode 100644 index 7286a28a28..0000000000 --- a/prebuild/resources/cluster-api-server.yaml +++ /dev/null @@ -1,220 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.cluster.k8s.io - labels: - api: clusterapi - apiserver: "true" -spec: - version: v1alpha1 - group: cluster.k8s.io - groupPriorityMinimum: 2000 - priority: 200 - service: - name: clusterapi - namespace: ${cluster_namespace} - versionPriority: 10 - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5RENDQWR5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVNrd0p3WURWUVFERXlCamJIVnoKZEdWeVlYQnBMV05sY25ScFptbGpZWFJsTFdGMWRHaHZjbWwwZVRBZUZ3MHhPREE0TURreE5EUXhOVFZhRncweQpPREE0TURZeE5EUXhOVFZhTUNzeEtUQW5CZ05WQkFNVElHTnNkWE4wWlhKaGNHa3RZMlZ5ZEdsbWFXTmhkR1V0CllYVjBhRzl5YVhSNU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNXU3QkdCODUKKzNPT0NIV0NCQjYrWFNSTkNxelhTazBCUFo5YjBsbkdBZGVLNHdxc2h2SUhhZ0N2WHRGZEx3Q21zMVBXbzNHMApUM2ExY2h6TVBSUFNwV01tcldDei9Ibm1zOG45RkVjZi9BRGJXcmw4V2I5akJlbHNlWGlQS2dyYVY4dnp6N0xHCnJvdDZMV2Q0RjVUaUo4Q2FuaGl3dTFqT1RkK2FiNHRxc0ZDU05CZDRzTXc0Y2loejNjVzZoNnZmTlJtZ2VDaUcKNXp4S2RRTlBNT08rZ01rQjZJUXZPcG5MdllEMWxDTkRMTHY0c3NKNncxbUxlVHZGME9BT3A5NWxuT3k0MUtJSgpWK1RaVGlMZHZ5aFdRMmJEekwvbG9vNitHSUJ5NWJMeGdBV3FUcGQ3blU5NElzWEpuQ1NQR20zUzVOLy96TjJSCnlzTTU1cnlSNlVMWlpRSURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEyQnI3MGNMT1BXM1g3bHpKdXBlOFpBTUM4Uk4rMUtwTgoxLzF2NitSNU1xMEtnSlFzTnFnUC9ZQWRUdGFvcVRsaGVhMnFMenBPSDBmNHlNZWthckhPd2VxZjVLL1JwLzdoCk1vNG9jT1ZUZm13OStWZmZ4Nk9RVHhxTTZ1dkszSXd6ZlBJa25hMWFsS3pBTmlxVkM5UTg0NExzMG42RDJDazUKK245Um82TUd5d1gybkVvUDd2bFJHdnB3ejExV0ZjcWNPTWp3WTV1aUlpdUlSOGhTNmpOSmJ6OUgvME5nNTB3egpOSFJOc3ltWkdvTEtYMDBBbjJyVVZ5ME53TllyNDAwR0VRQnVwcEtsNHJaNmw1UFR4N2ZoNy8zd0FOM0pmWEUwClA2NlFvY081WnJYQXF3ZXpva215bWp4MzFraElnRnZObDhUYzFXaEVmN01PbWRTd1duUUNQdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K ---- -apiVersion: v1 -kind: Service -metadata: - name: clusterapi - namespace: ${cluster_namespace} - labels: - api: clusterapi - apiserver: "true" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - api: clusterapi - apiserver: "true" ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: clusterapi-apiserver - namespace: ${cluster_namespace} - labels: - api: clusterapi - apiserver: "true" -spec: - replicas: 1 - template: - metadata: - labels: - api: clusterapi - apiserver: "true" - spec: - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/notReady - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/unreachable - operator: Exists - containers: - - name: apiserver - image: ${apiserver_image} - volumeMounts: - - name: cluster-apiserver-certs - mountPath: /apiserver.local.config/certificates - readOnly: true - - name: config - mountPath: /etc/kubernetes - - name: certs - mountPath: /etc/ssl/certs - command: - - "./apiserver" - args: - - "--etcd-servers=http://etcd-clusterapi-svc:2379" - - "--tls-cert-file=/apiserver.local.config/certificates/tls.crt" - - "--tls-private-key-file=/apiserver.local.config/certificates/tls.key" - - "--audit-log-path=-" - - "--audit-log-maxage=0" - - "--audit-log-maxbackup=0" - - "--authorization-kubeconfig=/etc/kubernetes/admin.conf" - - "--kubeconfig=/etc/kubernetes/admin.conf" - resources: - requests: - cpu: 100m - memory: 50Mi - limits: - cpu: 300m - memory: 200Mi - volumes: - - name: cluster-apiserver-certs - secret: - secretName: cluster-apiserver-certs - - name: config - hostPath: - path: /etc/kubernetes - - name: certs - hostPath: - path: /etc/ssl/certs ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: clusterapi - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: default - namespace: ${cluster_namespace} ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: etcd-clusterapi - namespace: ${cluster_namespace} -spec: - serviceName: "etcd" - replicas: 1 - template: - metadata: - labels: - app: etcd - spec: - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/notReady - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/unreachable - operator: Exists - volumes: - - hostPath: - path: /var/lib/etcd2 - type: DirectoryOrCreate - name: etcd-data-dir - terminationGracePeriodSeconds: 10 - containers: - - name: etcd - image: ${etcd_image} - resources: - requests: - cpu: 100m - memory: 50Mi - limits: - cpu: 200m - memory: 300Mi - env: - - name: ETCD_DATA_DIR - value: /etcd-data-dir - command: - - /usr/local/bin/etcd - - --listen-client-urls - - http://0.0.0.0:2379 - - --advertise-client-urls - - http://localhost:2379 - ports: - - containerPort: 2379 - volumeMounts: - - name: etcd-data-dir - mountPath: /etcd-data-dir - readinessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 ---- -apiVersion: v1 -kind: Service -metadata: - name: etcd-clusterapi-svc - namespace: ${cluster_namespace} - labels: - app: etcd -spec: - ports: - - port: 2379 - name: etcd - targetPort: 2379 - selector: - app: etcd ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: cluster-apiserver-certs - namespace: ${cluster_namespace} - labels: - api: clusterapi - apiserver: "true" -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lJT3RCZ0hiT3pnZWN3RFFZSktvWklodmNOQVFFTEJRQXdLekVwTUNjR0ExVUUKQXhNZ1kyeDFjM1JsY21Gd2FTMWpaWEowYVdacFkyRjBaUzFoZFhSb2IzSnBkSGt3SGhjTk1UZ3dPREE1TVRRMApNVFUxV2hjTk1Ua3dPREE1TVRRME1UVTFXakFoTVI4d0hRWURWUVFERXhaamJIVnpkR1Z5WVhCcExtUmxabUYxCmJIUXVjM1pqTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEwQzdBVk9qQ2NuTHAKRngrSll6Q3JjYUJHZHpFMzRUeWxWTTFYUWhhK2R1ODJmVHY3cUQwWS93VGFOdjBlWm1hSDJJY3VKOXluR3dJUgpabTNWNDI4dWxzK01pQU45ZDhqVVdvcTNCL0RpVVoxZERQQ1JZd3ZxVFQwMk83MEdGNkZlMGpGTXFKVTVJOWYyCk9NOTlpeVA5dGlYWUM0MjNrQlBMN203ZDlUTFhIS2todkZkRmxVS1paSTJrSTQ3L29JYmttNlVWd25GT0pvNDcKenNhOFQranc2UUhQbUF2cGlnWDFQcEJManlqa1hiZ1dkcmdJNXJlamlTVnM5TEl1MGtsRkQvQ3NMUjBvL0YyeAo5cWtvZmM4ZjFIUlh4TE5scTlKdUxCMEJnWWd4cElqQm9aNW9McmJneGsyenVWT3NILzZLbXMzSFc5UGxXb3hoClBpVm9CYTVFSlFJREFRQUJvNEdSTUlHT01BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3IKQmdFRkJRY0RBVEJuQmdOVkhSRUVZREJlZ2dwamJIVnpkR1Z5WVhCcGdoSmpiSFZ6ZEdWeVlYQnBMbVJsWm1GMQpiSFNDRm1Oc2RYTjBaWEpoY0drdVpHVm1ZWFZzZEM1emRtT0NKR05zZFhOMFpYSmhjR2t1WkdWbVlYVnNkQzV6CmRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQXJabE5INlQwQ1dyVXI4Vm0KeHZCa2VqTlRiT0RzWXV1aGRxR2dzOS9LbW9xTFhTcmRqV2ErKzdOY2lxR3NLb0RaTUlydTJ3ekQ4NG5SSERLUgo1Z3lCeVJIRjVXNTgzRVhRTmp3Z1h4SnBXbm1sb3ZSaWtwcm96OTllOVhCREczeDNtUzliK0pqVWJNeE92OW9JCndXZm15SDN3SHNhczN6WkNDU2lzNDluM3hzQVJrUlk2RXN3em1HS0xubzlVWUlkbkcyRHpPZTJKdjROOEhlTjcKT0xVOXRMQWlXRkRhYnNuV3F2YnlPekwzR2RqYVdmVURqbUZoWDhFSzgrNVBNZVJFd3UrR1ppTzFvMVFFVjY4OAo1a3pNUCs4ZndRVlRWMDN2Smk3UW5odWNwT2hXMFZaZm9pT0t0MGt0aFBnKzJSMDFwOGh3RzBxZHgrVTVrSHpUClQzZ09rQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMEM3QVZPakNjbkxwRngrSll6Q3JjYUJHZHpFMzRUeWxWTTFYUWhhK2R1ODJmVHY3CnFEMFkvd1RhTnYwZVptYUgySWN1Sjl5bkd3SVJabTNWNDI4dWxzK01pQU45ZDhqVVdvcTNCL0RpVVoxZERQQ1IKWXd2cVRUMDJPNzBHRjZGZTBqRk1xSlU1STlmMk9NOTlpeVA5dGlYWUM0MjNrQlBMN203ZDlUTFhIS2todkZkRgpsVUtaWkkya0k0Ny9vSWJrbTZVVnduRk9KbzQ3enNhOFQranc2UUhQbUF2cGlnWDFQcEJManlqa1hiZ1dkcmdJCjVyZWppU1ZzOUxJdTBrbEZEL0NzTFIwby9GMng5cWtvZmM4ZjFIUlh4TE5scTlKdUxCMEJnWWd4cElqQm9aNW8KTHJiZ3hrMnp1Vk9zSC82S21zM0hXOVBsV294aFBpVm9CYTVFSlFJREFRQUJBb0lCQVFDdzRraEEzTlA2Y25CaQpXVVZlcGdmRnI2eXZzWDROUG40cm81MDBaaWJHMzFHbzdzSlFuRGtVMVlham1rV3VOQWZRam10RksxSkF2RzBVClh0YVJPL0tWNlJzNnBkeUJYbjR2d0JUc0Jsd0ZoSE4vZnhmSTFHTHI1Y3FpejJUUnh5Yk42VjE5RCsxUTZ6b2wKNHdhRXBydjNmQWdwS095QzJvODNzN09ibHVyM1NhUmxhWFYzM1VZVTY3SWhZN1lQTlVxdm1waHB5UUpVVGJFSwo5RHNMUFFzQUt3cUVGT0dOcTVmRENmTjRlUmM2VTVBVjVKa0txNTYxT2RrQy90YnlwL25YMG5idXJrdVB0STlmCkYrbzNzS1picVkyUFBSZ0NtaFhybFNrMW1TYkZDdnU5VS9sTHlUeTZQY1N4a2Y4M2ZNUGRQMVZ3Snd3V3pqQmEKMDhEQVY5T0JBb0dCQU5odUVMUHVoWTl0YkNKQVZqWkgwR3dWOTR5SWFkdE1Cbk54ZENZZGc0WitibzRVc0ZPMwpDM0x3ZURiSjZ2QVdyYktJMHRnenZuTnBMNFk4RTFRSTJKNlR2UTEyejhhdUNaQVI4T0pjQStUMUVJU1VncTZqCkZVL1ZFTElSYTZnbThDWDVXRmJJamdmVHpwYU1uNTVXWk1IU3cvVHlQdUlaRVArVU9SelZDb1o5QW9HQkFQWSsKckQvaXRsckc3SU5qK2Ywc1RoN0NUVmN2NklrUDVZYXNvVzUvRkhSemp1d0s5dTZkZnlWUTA0TjdmMktuWTM2awplemR1Mnc5Ry83WUE2UWRrbENQR0RXbVByY0REZUJhTWVOTC9UT2MzcU8xUTZVL2prRi9mV3V2MDMyaWpEQ1ZECnJ6NW1NLzAydGNXOFZNcnZWZ1drTHJ4VU9zcjFBZzB5T2JKdG1SekpBb0dBV2ltUUg4VlFNcTRkREMvTk9wTzAKU2pMa2k5RVFlR0UxbHNZKzR0b012dXpRMWJQY3VTTmFTNm5PQ3RVWFlLbXg5dHgxS2NoMG9OUEREcUxjVW5mVQo5a3NKeVNBajh0cng5T2prZHdocVB1bXcxZXFnZm14R0pwbldlTGcxSnpvQmRYQm8wczUrRE5pNkNaSFB0VUM4CmZOcDI5QVl2R0RYbEZQUUV6dlFaakdrQ2dZQlJodHA4cEZEL3FSQ3hSNjZDMWVKZmFMRTJocFFVblFDL0gvU3EKb3NSZzhjbUYrUE5jZVNTWmRETXpPdlluOFllTmJHT25MTHEyU2lsclZzM1FOc3FkTlh0SFVkeVRENlI0d3JWVwpGbFNkME4zTEJKamFiRnRtZ29xVnlKTVhEN1I3dWZjUlQ4RXl1cVJmL1VTTms4UUZSaUI3RmVBSlJpa1J1V2xFCjIraHZrUUtCZ1FDRTNCNHZaS3JiVXdYdXlYbnVBaXVWRlFCU3JqVkpscHFZMzgrVnVjQjBVQ3pVZzRCZWdZQ3EKdUxWelB1S1FSVVRWSzY2UEI5S1lGc1NxR2VVc0VHcEQwcEJrM09vcU42Q2RpbzA1MTdJYmVTcDV0dy9KYUduUgpPUmoyT1RSZmpab1BzcXJPbFVZOEEzVFZMWmM0MDhFQ3YxNVBlZGZXKzJUWS8ydTM2WGtCRkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/prebuild/resources/cluster.yaml b/prebuild/resources/cluster.yaml deleted file mode 100644 index 1f609e0006..0000000000 --- a/prebuild/resources/cluster.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: "cluster.k8s.io/v1alpha1" -kind: Cluster -metadata: - name: ${cluster_name} - namespace: ${cluster_namespace} -spec: - clusterNetwork: - services: - cidrBlocks: - - "${service_cidr}" - pods: - cidrBlocks: - - "${pod_cidr}" - serviceDomain: ${cluster_domain} diff --git a/prebuild/resources/machine-set.yaml b/prebuild/resources/machine-set.yaml deleted file mode 100644 index 363457ef9e..0000000000 --- a/prebuild/resources/machine-set.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -apiVersion: cluster.k8s.io/v1alpha1 -kind: MachineSet -metadata: - name: aws-actuator-testing-machine - namespace: ${cluster_namespace} - labels: - sigs.k8s.io/cluster-api-cluster: ${cluster_name} - sigs.k8s.io/cluster-api-machine-role: infra - sigs.k8s.io/cluster-api-machine-type: master -spec: - replicas: 2 - selector: - matchLabels: - sigs.k8s.io/cluster-api-machineset: ${cluster_name}-master - sigs.k8s.io/cluster-api-cluster: ${cluster_name} - template: - metadata: - labels: - sigs.k8s.io/cluster-api-machineset: ${cluster_name}-master - sigs.k8s.io/cluster-api-cluster: ${cluster_name} - sigs.k8s.io/cluster-api-machine-role: infra - sigs.k8s.io/cluster-api-machine-type: master - spec: - providerConfig: - value: - apiVersion: aws.cluster.k8s.io/v1alpha1 - kind: AWSMachineProviderConfig - ami: - # id: ami-060f14ef82deddfc6 - filters: - - name: "image_stage" - values: - - "base" - - name: operating_system - values: - - "rhel" - - name: ready - values: - - "yes" - credentialsSecret: - name: aws-credentials-secret - instanceType: m4.xlarge - placement: - region: ${aws_region} - availabilityZone: ${aws_availability_zone} - iamInstanceProfile: - id: openshift_master_launch_instances - keyName: ${ssh_key_name} - tags: - - name: openshift-node-group-config - value: node-config-master - - name: host-type - value: master - - name: sub-host-type - value: default - securityGroups: - - id: ${cluster_security_group} - publicIP: true diff --git a/prebuild/resources/machine.yaml b/prebuild/resources/machine.yaml deleted file mode 100644 index 5c71ec4d4a..0000000000 --- a/prebuild/resources/machine.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: "cluster.k8s.io/v1alpha1" -kind: Machine -metadata: - name: aws-actuator-testing-machine - namespace: ${cluster_namespace} - generateName: vs-master- - labels: - sigs.k8s.io/cluster-api-cluster: ${cluster_name} - sigs.k8s.io/cluster-api-machine-role: infra - sigs.k8s.io/cluster-api-machine-type: master -spec: - providerConfig: - value: - apiVersion: aws.cluster.k8s.io/v1alpha1 - kind: AWSMachineProviderConfig - ami: - # id: ami-060f14ef82deddfc6 - filters: - - name: "image_stage" - values: - - "base" - - name: operating_system - values: - - "rhel" - - name: ready - values: - - "yes" - credentialsSecret: - name: aws-credentials-secret - instanceType: m4.xlarge - placement: - region: ${aws_region} - availabilityZone: ${aws_availability_zone} - iamInstanceProfile: - id: openshift_master_launch_instances - keyName: ${ssh_key_name} - tags: - - name: openshift-node-group-config - value: node-config-master - - name: host-type - value: master - - name: sub-host-type - value: default - securityGroups: - - id: ${cluster_security_group} - publicIp: true - versions: - kubelet: 1.10.1 - controlPlane: 1.10.1 diff --git a/prebuild/resources/provider-components.yml b/prebuild/resources/provider-components.yml deleted file mode 100644 index eaa4794c27..0000000000 --- a/prebuild/resources/provider-components.yml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: clusterapi-controllers - labels: - api: clusterapi - namespace: ${cluster_namespace} -spec: - replicas: 1 - template: - metadata: - labels: - api: clusterapi - namespace: ${cluster_namespace} - spec: - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/notReady - operator: Exists - - effect: NoExecute - key: node.alpha.kubernetes.io/unreachable - operator: Exists - containers: - - name: controller-manager - image: ${controller_manager_image} - volumeMounts: - - name: config - mountPath: /etc/kubernetes - - name: certs - mountPath: /etc/ssl/certs - command: - - "./controller-manager" - args: - - --kubeconfig=/etc/kubernetes/admin.conf - resources: - requests: - cpu: 100m - memory: 20Mi - limits: - cpu: 100m - memory: 30Mi - - name: aws-machine-controller - image: ${aws_machine_controller_image} - volumeMounts: - - name: config - mountPath: /etc/kubernetes - - name: certs - mountPath: /etc/ssl/certs - - name: kubeadm - mountPath: /usr/bin/kubeadm - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - command: - - /machine-controller - args: - - --log-level=debug - - --kubeconfig=/etc/kubernetes/admin.conf - resources: - requests: - cpu: 100m - memory: 20Mi - limits: - cpu: 100m - memory: 30Mi - volumes: - - name: config - hostPath: - path: /etc/kubernetes - - name: certs - hostPath: - path: /etc/ssl/certs - - name: kubeadm - hostPath: - path: /usr/bin/kubeadm