This repository has been archived by the owner on Feb 5, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathtectonic.tf
169 lines (130 loc) · 7.09 KB
/
tectonic.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
locals {
etcd_count = "${var.tectonic_self_hosted_etcd != "" ? 0 : max(var.tectonic_etcd_count, 1)}"
}
data "template_file" "etcd_hostname_list" {
count = "${local.etcd_count}"
template = "${var.tectonic_cluster_name}-etcd-${count.index}${var.tectonic_base_domain == "" ? "" : ".${var.tectonic_base_domain}"}"
}
module "kube_certs" {
source = "github.com/coreos/tectonic-installer//modules/tls/kube/self-signed?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
ca_cert_pem = "${var.tectonic_ca_cert}"
ca_key_alg = "${var.tectonic_ca_key_alg}"
ca_key_pem = "${var.tectonic_ca_key}"
kube_apiserver_url = "https://${module.vnet.api_fqdn}:443"
service_cidr = "${var.tectonic_service_cidr}"
validity_period = "${var.tectonic_tls_validity_period}"
}
module "etcd_certs" {
source = "github.com/coreos/tectonic-installer//modules/tls/etcd/signed?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
etcd_ca_cert_path = "${var.tectonic_etcd_ca_cert_path}"
etcd_cert_dns_names = "${data.template_file.etcd_hostname_list.*.rendered}"
etcd_client_cert_path = "${var.tectonic_etcd_client_cert_path}"
etcd_client_key_path = "${var.tectonic_etcd_client_key_path}"
self_signed = "${var.tectonic_self_hosted_etcd != "" ? "true" : length(compact(var.tectonic_etcd_servers)) == 0 ? "true" : "false"}"
service_cidr = "${var.tectonic_service_cidr}"
}
module "ingress_certs" {
source = "github.com/coreos/tectonic-installer//modules/tls/ingress/self-signed?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
base_address = "${module.vnet.ingress_fqdn}"
ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
ca_key_alg = "${module.kube_certs.ca_key_alg}"
ca_key_pem = "${module.kube_certs.ca_key_pem}"
validity_period = "${var.tectonic_tls_validity_period}"
}
module "identity_certs" {
source = "github.com/coreos/tectonic-installer//modules/tls/identity/self-signed?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
ca_key_alg = "${module.kube_certs.ca_key_alg}"
ca_key_pem = "${module.kube_certs.ca_key_pem}"
validity_period = "${var.tectonic_tls_validity_period}"
}
module "bootkube" {
source = "github.com/coreos/tectonic-installer//modules/bootkube?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
cloud_provider = "azure"
cloud_provider_config = "${jsonencode(data.null_data_source.cloud_provider.inputs)}"
cluster_name = "${var.tectonic_cluster_name}"
kube_apiserver_url = "https://${module.vnet.api_fqdn}:443"
oidc_issuer_url = "https://${module.vnet.ingress_fqdn}/identity"
# Platform-independent variables wiring, do not modify.
container_images = "${var.tectonic_container_images}"
versions = "${var.tectonic_versions}"
service_cidr = "${var.tectonic_service_cidr}"
cluster_cidr = "${var.tectonic_cluster_cidr}"
advertise_address = "0.0.0.0"
anonymous_auth = "false"
oidc_username_claim = "email"
oidc_groups_claim = "groups"
oidc_client_id = "tectonic-kubectl"
oidc_ca_cert = "${module.ingress_certs.ca_cert_pem}"
apiserver_cert_pem = "${module.kube_certs.apiserver_cert_pem}"
apiserver_key_pem = "${module.kube_certs.apiserver_key_pem}"
etcd_ca_cert_pem = "${module.etcd_certs.etcd_ca_crt_pem}"
etcd_client_cert_pem = "${module.etcd_certs.etcd_client_crt_pem}"
etcd_client_key_pem = "${module.etcd_certs.etcd_client_key_pem}"
etcd_peer_cert_pem = "${module.etcd_certs.etcd_peer_crt_pem}"
etcd_peer_key_pem = "${module.etcd_certs.etcd_peer_key_pem}"
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
etcd_backup_size = "${var.tectonic_etcd_backup_size}"
etcd_backup_storage_class = "${var.tectonic_etcd_backup_storage_class}"
etcd_endpoints = "${data.template_file.etcd_hostname_list.*.rendered}"
self_hosted_etcd = "${var.tectonic_self_hosted_etcd}"
master_count = "${var.tectonic_master_count}"
cloud_config_path = "/etc/kubernetes/cloud"
}
module "tectonic" {
source = "github.com/coreos/tectonic-installer//modules/tectonic?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
platform = "azure"
cluster_name = "${var.tectonic_cluster_name}"
base_address = "${module.vnet.ingress_fqdn}"
kube_apiserver_url = "https://${module.vnet.api_fqdn}:443"
service_cidr = "${var.tectonic_service_cidr}"
# Platform-independent variables wiring, do not modify.
container_images = "${var.tectonic_container_images}"
container_base_images = "${var.tectonic_container_base_images}"
versions = "${var.tectonic_versions}"
license_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_license_path)}"
pull_secret_path = "${var.tectonic_vanilla_k8s ? "/dev/null" : pathexpand(var.tectonic_pull_secret_path)}"
admin_email = "${var.tectonic_admin_email}"
admin_password = "${var.tectonic_admin_password}"
update_channel = "${var.tectonic_update_channel}"
update_app_id = "${var.tectonic_update_app_id}"
update_server = "${var.tectonic_update_server}"
ca_generated = "${var.tectonic_ca_cert == "" ? false : true}"
ca_cert = "${module.kube_certs.ca_cert_pem}"
ingress_ca_cert_pem = "${module.ingress_certs.ca_cert_pem}"
ingress_cert_pem = "${module.ingress_certs.cert_pem}"
ingress_key_pem = "${module.ingress_certs.key_pem}"
identity_client_cert_pem = "${module.identity_certs.client_cert_pem}"
identity_client_key_pem = "${module.identity_certs.client_key_pem}"
identity_server_cert_pem = "${module.identity_certs.server_cert_pem}"
identity_server_key_pem = "${module.identity_certs.server_key_pem}"
console_client_id = "tectonic-console"
kubectl_client_id = "tectonic-kubectl"
ingress_kind = "NodePort"
self_hosted_etcd = "${var.tectonic_self_hosted_etcd}"
master_count = "${var.tectonic_master_count}"
stats_url = "${var.tectonic_stats_url}"
image_re = "${var.tectonic_image_re}"
}
module "flannel_vxlan" {
source = "github.com/coreos/tectonic-installer//modules/net/flannel_vxlan?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
cluster_cidr = "${var.tectonic_cluster_cidr}"
enabled = "${var.tectonic_networking == "flannel"}"
container_images = "${var.tectonic_container_images}"
}
module "calico" {
source = "github.com/coreos/tectonic-installer//modules/net/calico?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
container_images = "${var.tectonic_container_images}"
cluster_cidr = "${var.tectonic_cluster_cidr}"
enabled = "${var.tectonic_networking == "calico"}"
}
module "canal" {
source = "github.com/coreos/tectonic-installer//modules/net/canal?ref=0a22c73d39f67ba4bb99106a9e72322a47179736"
container_images = "${var.tectonic_container_images}"
cluster_cidr = "${var.tectonic_cluster_cidr}"
enabled = "${var.tectonic_networking == "canal"}"
}