*/config: compute service k8s IPs (coreos#767)

Fixes coreos#642

Documentation/variables/config.md

@@ -23,9 +23,6 @@ This document gives an overview of variables used in all platforms of the Tecton
 | tectonic_etcd_count | The number of etcd nodes to be created. If set to zero, the count of etcd nodes will be determined automatically.<br><br>Note: This is currently only supported on AWS. | string | `0` |
 | tectonic_etcd_servers | (optional) List of external etcd v3 servers to connect with (hostnames/IPs only). Needs to be set if using an external etcd cluster.<br><br>Example: `["etcd1", "etcd2", "etcd3"]` | list | `<list>` |
 | tectonic_experimental | If set to true, experimental Tectonic assets are being deployed. | string | `false` |
-| tectonic_kube_apiserver_service_ip | The Kubernetes service IP used to reach kube-apiserver inside the cluster as returned by `kubectl -n default get service kubernetes`. | string | `10.3.0.1` |
-| tectonic_kube_dns_service_ip | The Kubernetes service IP used to reach kube-dns inside the cluster as returned by `kubectl -n kube-system get service kube-dns`. | string | `10.3.0.10` |
-| tectonic_kube_etcd_service_ip | The Kubernetes service IP used to reach self-hosted etcd inside the cluster as returned by `kubectl -n kube-system get service etcd-service`. | string | `10.3.0.15` |
 | tectonic_license_path | The path to the tectonic licence file.<br><br>Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` |
 | tectonic_master_count | The number of master nodes to be created. This applies only to cloud platforms. | string | `1` |
 | tectonic_pull_secret_path | The path the pull secret file in JSON format.<br><br>Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` |

config.tf

@@ -60,36 +60,6 @@ variable "tectonic_versions" {
   }
 }
 
-variable "tectonic_kube_apiserver_service_ip" {
-  type    = "string"
-  default = "10.3.0.1"
-
-  description = <<EOF
-The Kubernetes service IP used to reach kube-apiserver inside the cluster
-as returned by `kubectl -n default get service kubernetes`.
-EOF
-}
-
-variable "tectonic_kube_etcd_service_ip" {
-  type    = "string"
-  default = "10.3.0.15"
-
-  description = <<EOF
-The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-as returned by `kubectl -n kube-system get service etcd-service`.
-EOF
-}
-
-variable "tectonic_kube_dns_service_ip" {
-  type    = "string"
-  default = "10.3.0.10"
-
-  description = <<EOF
-The Kubernetes service IP used to reach kube-dns inside the cluster
-as returned by `kubectl -n kube-system get service kube-dns`.
-EOF
-}
-
 variable "tectonic_service_cidr" {
   type    = "string"
   default = "10.3.0.0/16"

examples/terraform.tfvars.aws

@@ -177,18 +177,6 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
-// as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
-
-// The Kubernetes service IP used to reach kube-dns inside the cluster
-// as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
-
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-// as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
-
 // The path to the tectonic licence file.
 // 
 // Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.

examples/terraform.tfvars.azure

@@ -127,18 +127,6 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
-// as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
-
-// The Kubernetes service IP used to reach kube-dns inside the cluster
-// as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
-
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-// as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
-
 // The path to the tectonic licence file.
 // 
 // Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.

examples/terraform.tfvars.metal

@@ -79,18 +79,6 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
-// as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
-
-// The Kubernetes service IP used to reach kube-dns inside the cluster
-// as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
-
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-// as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
-
 // The path to the tectonic licence file.
 // 
 // Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.

examples/terraform.tfvars.openstack-neutron

@@ -79,18 +79,6 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
-// as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
-
-// The Kubernetes service IP used to reach kube-dns inside the cluster
-// as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
-
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-// as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
-
 // The path to the tectonic licence file.
 // 
 // Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.

examples/terraform.tfvars.openstack-nova

@@ -79,18 +79,6 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
-// as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
-
-// The Kubernetes service IP used to reach kube-dns inside the cluster
-// as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
-
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
-// as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
-
 // The path to the tectonic licence file.
 // 
 // Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`.

modules/bootkube/assets.tf

@@ -35,18 +35,25 @@ resource "template_dir" "bootkube" {
     # nodes ourselves (using http), then use insecure http var.etcd_endpoints.
     # 3. Else (if etcd TLS certific are provided), then use the secure https
     # var.etcd_endpoints.
-    etcd_servers = "${var.experimental_enabled ? format("http://%s:2379", var.etcd_service_ip) : data.null_data_source.etcd.outputs.no_certs ? join(",", formatlist("http://%s:2379", var.etcd_endpoints)) : join(",", formatlist("https://%s:2379", var.etcd_endpoints))}"
+    etcd_servers = "${
+      var.experimental_enabled 
+        ? format("http://%s:2379", cidrhost(var.service_cidr, 15))
+        : data.null_data_source.etcd.outputs.no_certs
+          ? join(",", formatlist("http://%s:2379", var.etcd_endpoints))
+          : join(",", formatlist("https://%s:2379", var.etcd_endpoints))
+      }"
 
-    etcd_ca_flag    = "${data.null_data_source.etcd.outputs.ca_flag}"
-    etcd_cert_flag  = "${data.null_data_source.etcd.outputs.cert_flag}"
-    etcd_key_flag   = "${data.null_data_source.etcd.outputs.key_flag}"
-    etcd_service_ip = "${var.etcd_service_ip}"
+    etcd_ca_flag   = "${data.null_data_source.etcd.outputs.ca_flag}"
+    etcd_cert_flag = "${data.null_data_source.etcd.outputs.cert_flag}"
+    etcd_key_flag  = "${data.null_data_source.etcd.outputs.key_flag}"
+
+    etcd_service_ip = "${cidrhost(var.service_cidr, 15)}"
 
     cloud_provider = "${var.cloud_provider}"
 
     cluster_cidr        = "${var.cluster_cidr}"
     service_cidr        = "${var.service_cidr}"
-    kube_dns_service_ip = "${var.kube_dns_service_ip}"
+    kube_dns_service_ip = "${cidrhost(var.service_cidr, 10)}"
     advertise_address   = "${var.advertise_address}"
 
     anonymous_auth      = "${var.anonymous_auth}"
@@ -76,7 +83,14 @@ resource "template_dir" "bootkube-bootstrap" {
     hyperkube_image = "${var.container_images["hyperkube"]}"
     etcd_image      = "${var.container_images["etcd"]}"
 
-    etcd_servers   = "${var.experimental_enabled ? format("http://%s:2379,http://127.0.0.1:12379", var.etcd_service_ip) : data.null_data_source.etcd.outputs.no_certs ? join(",", formatlist("http://%s:2379", var.etcd_endpoints)) : join(",", formatlist("https://%s:2379", var.etcd_endpoints))}"
+    etcd_servers = "${
+      var.experimental_enabled 
+        ? format("http://%s:2379,http://127.0.0.1:12379", cidrhost(var.service_cidr, 15))
+        : data.null_data_source.etcd.outputs.no_certs
+          ? join(",", formatlist("http://%s:2379", var.etcd_endpoints))
+          : join(",", formatlist("https://%s:2379", var.etcd_endpoints))
+      }"
+
     etcd_ca_flag   = "${data.null_data_source.etcd.outputs.ca_flag}"
     etcd_cert_flag = "${data.null_data_source.etcd.outputs.cert_flag}"
     etcd_key_flag  = "${data.null_data_source.etcd.outputs.key_flag}"
@@ -109,7 +123,7 @@ data "template_file" "etcd-service" {
   template = "${file("${path.module}/resources/experimental/manifests/etcd-service.yaml")}"
 
   vars {
-    etcd_service_ip = "${var.etcd_service_ip}"
+    etcd_service_ip = "${cidrhost(var.service_cidr, 15)}"
   }
 }
 

modules/bootkube/assets_tls.tf

@@ -74,7 +74,7 @@ resource "tls_cert_request" "apiserver" {
   ]
 
   ip_addresses = [
-    "${var.kube_apiserver_service_ip}",
+    "${cidrhost(var.service_cidr, 1)}",
   ]
 }
 

modules/bootkube/outputs.tf

@@ -38,3 +38,7 @@ output "ca_key" {
 output "systemd_service" {
   value = "${data.template_file.bootkube_service.rendered}"
 }
+
+output "kube_dns_service_ip" {
+  value = "${cidrhost(var.service_cidr, 10)}"
+}

modules/bootkube/variables.tf

@@ -8,16 +8,6 @@ variable "kube_apiserver_url" {
   type        = "string"
 }
 
-variable "kube_apiserver_service_ip" {
-  description = "Service IP used to reach kube-apiserver inside the cluster"
-  type        = "string"
-}
-
-variable "kube_dns_service_ip" {
-  description = "Service IP used to reach kube-dns"
-  type        = "string"
-}
-
 variable "etcd_endpoints" {
   description = "List of etcd endpoints to connect with (hostnames/IPs only)"
   type        = "list"
@@ -35,11 +25,6 @@ variable "etcd_client_key" {
   type = "string"
 }
 
-variable "etcd_service_ip" {
-  description = "Service IP used to reach etcd"
-  type        = "string"
-}
-
 variable "experimental_enabled" {
   description = "If set to true, provision experimental assets, like self-hosted etcd."
   default     = false

platforms/aws/main.tf

@@ -82,7 +82,7 @@ module "ignition-masters" {
 
   kubelet_node_label        = "node-role.kubernetes.io/master"
   kubelet_node_taints       = "node-role.kubernetes.io/master=:NoSchedule"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
+  kube_dns_service_ip       = "${module.bootkube.kube_dns_service_ip}"
   kubeconfig_s3_location    = "${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key}"
   assets_s3_location        = "${aws_s3_bucket_object.tectonic-assets.bucket}/${aws_s3_bucket_object.tectonic-assets.key}"
   container_images          = "${var.tectonic_container_images}"
@@ -126,7 +126,7 @@ module "ignition-workers" {
 
   kubelet_node_label     = "node-role.kubernetes.io/node"
   kubelet_node_taints    = ""
-  kube_dns_service_ip    = "${var.tectonic_kube_dns_service_ip}"
+  kube_dns_service_ip    = "${module.bootkube.kube_dns_service_ip}"
   kubeconfig_s3_location = "${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key}"
   assets_s3_location     = ""
   container_images       = "${var.tectonic_container_images}"

platforms/aws/tectonic.tf

@@ -15,9 +15,6 @@ module "bootkube" {
   service_cidr = "${var.tectonic_service_cidr}"
   cluster_cidr = "${var.tectonic_cluster_cidr}"
 
-  kube_apiserver_service_ip = "${var.tectonic_kube_apiserver_service_ip}"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
-
   advertise_address = "0.0.0.0"
   anonymous_auth    = "false"
 
@@ -29,7 +26,6 @@ module "bootkube" {
   etcd_ca_cert         = "${var.tectonic_etcd_ca_cert_path}"
   etcd_client_cert     = "${var.tectonic_etcd_client_cert_path}"
   etcd_client_key      = "${var.tectonic_etcd_client_key_path}"
-  etcd_service_ip      = "${var.tectonic_kube_etcd_service_ip}"
   experimental_enabled = "${var.tectonic_experimental}"
 }
 

platforms/azure/main.tf

@@ -51,7 +51,7 @@ module "masters" {
   kube_image_url               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 0)}"
   kube_image_tag               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 1)}"
   kubeconfig_content           = "${module.bootkube.kubeconfig}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   cloud_provider               = ""
   kubelet_node_label           = "node-role.kubernetes.io/master"
   kubelet_node_taints          = "node-role.kubernetes.io/master=:NoSchedule"
@@ -79,7 +79,7 @@ module "workers" {
   kube_image_url               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 0)}"
   kube_image_tag               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 1)}"
   kubeconfig_content           = "${module.bootkube.kubeconfig}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   cloud_provider               = ""
   kubelet_node_label           = "node-role.kubernetes.io/node"
 }

platforms/azure/tectonic.tf

@@ -15,9 +15,6 @@ module "bootkube" {
   service_cidr = "${var.tectonic_service_cidr}"
   cluster_cidr = "${var.tectonic_cluster_cidr}"
 
-  kube_apiserver_service_ip = "${var.tectonic_kube_apiserver_service_ip}"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
-
   advertise_address = "0.0.0.0"
   anonymous_auth    = "false"
 
@@ -29,7 +26,6 @@ module "bootkube" {
   etcd_ca_cert     = "${var.tectonic_etcd_ca_cert_path}"
   etcd_client_cert = "${var.tectonic_etcd_client_cert_path}"
   etcd_client_key  = "${var.tectonic_etcd_client_key_path}"
-  etcd_service_ip  = "${var.tectonic_kube_etcd_service_ip}"
 }
 
 module "tectonic" {

platforms/metal/matchers.tf

@@ -34,7 +34,7 @@ resource "matchbox_group" "controller" {
     etcd_enabled         = "${var.tectonic_experimental ? "false" : "true"}"
     etcd_name            = "${element(var.tectonic_metal_controller_names, count.index)}"
     etcd_initial_cluster = "${join(",", formatlist("%s=http://%s:2380", var.tectonic_metal_controller_names, var.tectonic_metal_controller_domains))}"
-    k8s_dns_service_ip   = "${var.tectonic_kube_dns_service_ip}"
+    k8s_dns_service_ip   = "${module.bootkube.kube_dns_service_ip}"
     ssh_authorized_key   = "${var.tectonic_ssh_authorized_key}"
     exclude_tectonic     = "${var.tectonic_vanilla_k8s}"
 
@@ -57,7 +57,7 @@ resource "matchbox_group" "worker" {
 
   metadata {
     domain_name        = "${element(var.tectonic_metal_worker_domains, count.index)}"
-    k8s_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+    k8s_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
     ssh_authorized_key = "${var.tectonic_ssh_authorized_key}"
 
     # extra data

platforms/metal/tectonic.tf

@@ -18,10 +18,6 @@ module "bootkube" {
   service_cidr = "${var.tectonic_service_cidr}"
   cluster_cidr = "${var.tectonic_cluster_cidr}"
 
-  kube_apiserver_service_ip = "${var.tectonic_kube_apiserver_service_ip}"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
-  etcd_service_ip           = "${var.tectonic_kube_etcd_service_ip}"
-
   advertise_address = "0.0.0.0"
   anonymous_auth    = "false"
 
@@ -33,7 +29,6 @@ module "bootkube" {
   etcd_ca_cert         = "${var.tectonic_etcd_ca_cert_path}"
   etcd_client_cert     = "${var.tectonic_etcd_client_cert_path}"
   etcd_client_key      = "${var.tectonic_etcd_client_key_path}"
-  etcd_service_ip      = "${var.tectonic_kube_etcd_service_ip}"
   experimental_enabled = "${var.tectonic_experimental}"
 }
 

platforms/openstack/neutron/main.tf

@@ -15,9 +15,6 @@ module "bootkube" {
   service_cidr = "${var.tectonic_service_cidr}"
   cluster_cidr = "${var.tectonic_cluster_cidr}"
 
-  kube_apiserver_service_ip = "${var.tectonic_kube_apiserver_service_ip}"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
-
   advertise_address = "0.0.0.0"
   anonymous_auth    = "false"
 
@@ -29,7 +26,6 @@ module "bootkube" {
   etcd_ca_cert     = "${var.tectonic_etcd_ca_cert_path}"
   etcd_client_cert = "${var.tectonic_etcd_client_cert_path}"
   etcd_client_key  = "${var.tectonic_etcd_client_key_path}"
-  etcd_service_ip  = "${var.tectonic_kube_etcd_service_ip}"
 }
 
 module "tectonic" {
@@ -102,7 +98,7 @@ EOF
   instance_count               = "${var.tectonic_master_count}"
   kube_image_url               = "${data.null_data_source.local.outputs.kube_image_url}"
   kube_image_tag               = "${data.null_data_source.local.outputs.kube_image_tag}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   core_public_keys             = ["${module.secrets.core_public_key_openssh}"]
   bootkube_service             = "${module.bootkube.systemd_service}"
   tectonic_service             = "${module.tectonic.systemd_service}"
@@ -125,7 +121,7 @@ EOF
   instance_count               = "${var.tectonic_worker_count}"
   kube_image_url               = "${data.null_data_source.local.outputs.kube_image_url}"
   kube_image_tag               = "${data.null_data_source.local.outputs.kube_image_tag}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   core_public_keys             = ["${module.secrets.core_public_key_openssh}"]
   bootkube_service             = ""
   tectonic_service             = ""