diff --git a/config.tf b/config.tf index e944402b12..a860bb4bdc 100644 --- a/config.tf +++ b/config.tf @@ -16,9 +16,9 @@ variable "tectonic_container_images" { type = "map" default = { - hyperkube = "quay.io/coreos/hyperkube:v1.6.2_coreos.0" + hyperkube = "quay.io/coreos/hyperkube:v1.6.4_coreos.0" pod_checkpointer = "quay.io/coreos/pod-checkpointer:2cad4cac4186611a79de1969e3ea4924f02f459e" - bootkube = "quay.io/coreos/bootkube:v0.4.2" + bootkube = "quay.io/coreos/bootkube:v0.4.4" console = "quay.io/coreos/tectonic-console:v1.5.6" identity = "quay.io/coreos/dex:v2.4.1" container_linux_update_operator = "quay.io/coreos/container-linux-update-operator:v0.2.0" diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index 083ed3f64f..9f287d58e5 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -13,6 +13,40 @@ data "null_data_source" "etcd" { } } +resource "template_dir" "experimental" { + count = "${var.experimental_enabled ? 1 : 0}" + source_dir = "${path.module}/resources/experimental/manifests" + destination_dir = "${path.cwd}/generated/experimental" + + vars { + etcd_operator_image = "${var.container_images["etcd_operator"]}" + etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" + } +} + +resource "template_dir" "bootstrap-experimental" { + count = "${var.experimental_enabled ? 1 : 0}" + source_dir = "${path.module}/resources/experimental/bootstrap-manifests" + destination_dir = "${path.cwd}/generated/bootstrap-experimental" + + vars { + etcd_image = "${var.container_images["etcd"]}" + etcd_version = "${var.versions["etcd"]}" + bootstrap_etcd_service_ip = "${cidrhost(var.service_cidr, 200)}" + } +} + +resource "template_dir" "etcd-experimental" { + count = "${var.experimental_enabled ? 1 : 0}" + source_dir = "${path.module}/resources/experimental/etcd" + destination_dir = "${path.cwd}/generated/etcd" + + vars { + etcd_version = "${var.versions["etcd"]}" + bootstrap_etcd_service_ip = "${cidrhost(var.service_cidr, 200)}" + } +} + # Self-hosted manifests (resources/generated/manifests/) resource "template_dir" "bootkube" { source_dir = "${path.module}/resources/manifests" @@ -47,7 +81,8 @@ resource "template_dir" "bootkube" { etcd_cert_flag = "${data.null_data_source.etcd.outputs.cert_flag}" etcd_key_flag = "${data.null_data_source.etcd.outputs.key_flag}" - etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" + etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" + bootstrap_etcd_service_ip = "${cidrhost(var.service_cidr, 200)}" cloud_provider = "${var.cloud_provider}" @@ -102,55 +137,6 @@ resource "template_dir" "bootkube-bootstrap" { } } -# Self-hosted experimental etcd -data "template_file" "etcd-operator" { - template = "${file("${path.module}/resources/experimental/manifests/etcd-operator.yaml")}" - - vars { - etcd_operator_image = "${var.container_images["etcd_operator"]}" - } -} - -resource "local_file" "etcd-operator" { - count = "${var.experimental_enabled ? 1 : 0}" - depends_on = ["template_dir.bootkube"] - - content = "${data.template_file.etcd-operator.rendered}" - filename = "${path.cwd}/generated/experimental/etcd-operator.yaml" -} - -data "template_file" "etcd-service" { - template = "${file("${path.module}/resources/experimental/manifests/etcd-service.yaml")}" - - vars { - etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" - } -} - -resource "local_file" "etcd-service" { - count = "${var.experimental_enabled ? 1 : 0}" - depends_on = ["template_dir.bootkube"] - - content = "${data.template_file.etcd-service.rendered}" - filename = "${path.cwd}/generated/experimental/etcd-service.yaml" -} - -data "template_file" "bootstrap-etcd" { - template = "${file("${path.module}/resources/experimental/bootstrap-manifests/bootstrap-etcd.yaml")}" - - vars { - etcd_image = "${var.container_images["etcd"]}" - } -} - -resource "local_file" "bootstrap-etcd" { - count = "${var.experimental_enabled ? 1 : 0}" - depends_on = ["template_dir.bootkube-bootstrap"] - - content = "${data.template_file.bootstrap-etcd.rendered}" - filename = "${path.cwd}/generated/bootstrap-experimental/bootstrap-etcd.yaml" -} - # etcd certs resource "local_file" "etcd_ca_crt" { count = "${var.etcd_ca_cert == "" ? 0 : 1}" @@ -188,7 +174,7 @@ resource "local_file" "kubeconfig" { } # bootkube.sh (resources/generated/bootkube.sh) -data "template_file" "bootkube" { +data "template_file" "bootkube-sh" { template = "${file("${path.module}/resources/bootkube.sh")}" vars { @@ -196,8 +182,8 @@ data "template_file" "bootkube" { } } -resource "local_file" "bootkube" { - content = "${data.template_file.bootkube.rendered}" +resource "local_file" "bootkube-sh" { + content = "${data.template_file.bootkube-sh.rendered}" filename = "${path.cwd}/generated/bootkube.sh" } diff --git a/modules/bootkube/outputs.tf b/modules/bootkube/outputs.tf index e003095389..c5ae9c5332 100644 --- a/modules/bootkube/outputs.tf +++ b/modules/bootkube/outputs.tf @@ -16,7 +16,16 @@ # combination of all the resources' IDs, it can't be guessed and can only be # interpolated once the assets have all been created. output "id" { - value = "${sha1("${template_dir.bootkube-bootstrap.id} ${local_file.kubeconfig.id} ${local_file.bootkube.id} ${template_dir.bootkube.id} ${join(" ",local_file.etcd-operator.*.id,local_file.etcd-service.*.id,local_file.bootstrap-etcd.*.id)}")}" + value = "${sha1(" + ${local_file.kubeconfig.id} + ${local_file.bootkube-sh.id} + ${template_dir.bootkube.id} ${template_dir.bootkube-bootstrap.id} + ${join(" ", + template_dir.experimental.*.id, + template_dir.bootstrap-experimental.*.id, + template_dir.etcd-experimental.*.id, + )} + ")}" } output "kubeconfig" { diff --git a/modules/bootkube/resources/experimental/bootstrap-manifests/bootstrap-etcd.yaml b/modules/bootkube/resources/experimental/bootstrap-manifests/bootstrap-etcd.yaml index 58001fe7f3..5d7205d460 100644 --- a/modules/bootkube/resources/experimental/bootstrap-manifests/bootstrap-etcd.yaml +++ b/modules/bootkube/resources/experimental/bootstrap-manifests/bootstrap-etcd.yaml @@ -14,16 +14,11 @@ spec: - --name=boot-etcd - --listen-client-urls=http://0.0.0.0:12379 - --listen-peer-urls=http://0.0.0.0:12380 - - --advertise-client-urls=http://$(MY_POD_IP):12379 - - --initial-advertise-peer-urls=http://$(MY_POD_IP):12380 - - --initial-cluster=boot-etcd=http://$(MY_POD_IP):12380 + - --advertise-client-urls=http://${bootstrap_etcd_service_ip}:12379 + - --initial-advertise-peer-urls=http://${bootstrap_etcd_service_ip}:12380 + - --initial-cluster=boot-etcd=http://${bootstrap_etcd_service_ip}:12380 - --initial-cluster-token=bootkube - --initial-cluster-state=new - --data-dir=/var/etcd/data - env: - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP hostNetwork: true restartPolicy: Never diff --git a/modules/bootkube/resources/experimental/etcd/bootstrap-etcd-service.json b/modules/bootkube/resources/experimental/etcd/bootstrap-etcd-service.json new file mode 100644 index 0000000000..69b23eedcf --- /dev/null +++ b/modules/bootkube/resources/experimental/etcd/bootstrap-etcd-service.json @@ -0,0 +1,26 @@ +{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "bootstrap-etcd-service", + "namespace": "kube-system" + }, + "spec": { + "selector": { + "k8s-app": "boot-etcd" + }, + "clusterIP": "${bootstrap_etcd_service_ip}", + "ports": [ + { + "name": "client", + "port": 12379, + "protocol": "TCP" + }, + { + "name": "peers", + "port": 12380, + "protocol": "TCP" + } + ] + } +} diff --git a/modules/bootkube/resources/experimental/etcd/migrate-etcd-cluster.json b/modules/bootkube/resources/experimental/etcd/migrate-etcd-cluster.json new file mode 100644 index 0000000000..2ee7a4f5a1 --- /dev/null +++ b/modules/bootkube/resources/experimental/etcd/migrate-etcd-cluster.json @@ -0,0 +1,27 @@ +{ + "apiVersion": "etcd.coreos.com/v1beta1", + "kind": "Cluster", + "metadata": { + "name": "kube-etcd", + "namespace": "kube-system" + }, + "spec": { + "size": 1, + "version": "v${etcd_version}", + "pod": { + "nodeSelector": { + "node-role.kubernetes.io/master": "" + }, + "tolerations": [ + { + "key": "node-role.kubernetes.io/master", + "operator": "Exists", + "effect": "NoSchedule" + } + ] + }, + "selfHosted": { + "bootMemberClientEndpoint": "http://${bootstrap_etcd_service_ip}:12379" + } + } +} diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf index e08556f581..ecc0b3d4d8 100644 --- a/modules/bootkube/variables.tf +++ b/modules/bootkube/variables.tf @@ -3,6 +3,11 @@ variable "container_images" { type = "map" } +variable "versions" { + description = "Container versions to use" + type = "map" +} + variable "kube_apiserver_url" { description = "URL used to reach kube-apiserver" type = "string" diff --git a/platforms/aws/tectonic.tf b/platforms/aws/tectonic.tf index cf1d61ad89..72f389f644 100644 --- a/platforms/aws/tectonic.tf +++ b/platforms/aws/tectonic.tf @@ -7,6 +7,7 @@ module "bootkube" { # Platform-independent variables wiring, do not modify. container_images = "${var.tectonic_container_images}" + versions = "${var.tectonic_versions}" ca_cert = "${var.tectonic_ca_cert}" ca_key = "${var.tectonic_ca_key}" diff --git a/platforms/azure/tectonic.tf b/platforms/azure/tectonic.tf index 8728ae5cbe..839063b037 100644 --- a/platforms/azure/tectonic.tf +++ b/platforms/azure/tectonic.tf @@ -7,6 +7,7 @@ module "bootkube" { # Platform-independent variables wiring, do not modify. container_images = "${var.tectonic_container_images}" + versions = "${var.tectonic_versions}" ca_cert = "${var.tectonic_ca_cert}" ca_key = "${var.tectonic_ca_key}" diff --git a/platforms/metal/tectonic.tf b/platforms/metal/tectonic.tf index cf39cb72de..24ccc57ebe 100644 --- a/platforms/metal/tectonic.tf +++ b/platforms/metal/tectonic.tf @@ -10,6 +10,7 @@ module "bootkube" { # platform-independent defaults container_images = "${var.tectonic_container_images}" + versions = "${var.tectonic_versions}" ca_cert = "${var.tectonic_ca_cert}" ca_key = "${var.tectonic_ca_key}" diff --git a/platforms/openstack/neutron/main.tf b/platforms/openstack/neutron/main.tf index 2cd400f9aa..4ae393c350 100644 --- a/platforms/openstack/neutron/main.tf +++ b/platforms/openstack/neutron/main.tf @@ -7,6 +7,7 @@ module "bootkube" { # Platform-independent variables wiring, do not modify. container_images = "${var.tectonic_container_images}" + versions = "${var.tectonic_versions}" ca_cert = "${var.tectonic_ca_cert}" ca_key = "${var.tectonic_ca_key}" diff --git a/platforms/openstack/nova/main.tf b/platforms/openstack/nova/main.tf index 111871f894..e3d3f933c5 100644 --- a/platforms/openstack/nova/main.tf +++ b/platforms/openstack/nova/main.tf @@ -7,6 +7,7 @@ module "bootkube" { # Platform-independent variables wiring, do not modify. container_images = "${var.tectonic_container_images}" + versions = "${var.tectonic_versions}" ca_cert = "${var.tectonic_ca_cert}" ca_key = "${var.tectonic_ca_key}"