*/config: compute service k8s IPs

Fixes #642
coreos · May 19, 2017 · 6734534 · 6734534
1 parent 7224186
commit 6734534
Show file tree

Hide file tree

Showing 15 changed files with 145 additions and 46 deletions.
diff --git a/Documentation/variables/config.md b/Documentation/variables/config.md
@@ -23,9 +23,9 @@ This document gives an overview of variables used in all platforms of the Tecton
 | tectonic_etcd_count | The number of etcd nodes to be created. If set to zero, the count of etcd nodes will be determined automatically.<br><br>Note: This is currently only supported on AWS. | string | `0` |
 | tectonic_etcd_servers | (optional) List of external etcd v3 servers to connect with (hostnames/IPs only). Needs to be set if using an external etcd cluster.<br><br>Example: `["etcd1", "etcd2", "etcd3"]` | list | `<list>` |
 | tectonic_experimental | If set to true, experimental Tectonic assets are being deployed. | string | `false` |
-| tectonic_kube_apiserver_service_ip | The Kubernetes service IP used to reach kube-apiserver inside the cluster as returned by `kubectl -n default get service kubernetes`. | string | `10.3.0.1` |
-| tectonic_kube_dns_service_ip | The Kubernetes service IP used to reach kube-dns inside the cluster as returned by `kubectl -n kube-system get service kube-dns`. | string | `10.3.0.10` |
-| tectonic_kube_etcd_service_ip | The Kubernetes service IP used to reach self-hosted etcd inside the cluster as returned by `kubectl -n kube-system get service etcd-service`. | string | `10.3.0.15` |
+| tectonic_kube_apiserver_service_ip | (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster as returned by `kubectl -n default get service kubernetes`.<br><br>If unset, it will be calculated automatically.<br><br>Example: `10.3.0.1` | string | `` |
+| tectonic_kube_dns_service_ip | The Kubernetes service IP used to reach kube-dns inside the cluster as returned by `kubectl -n kube-system get service kube-dns`.<br><br>If unset, it will be calculated automatically.<br><br>Example: `10.3.0.10` | string | `` |
+| tectonic_kube_etcd_service_ip | (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster as returned by `kubectl -n kube-system get service etcd-service`.<br><br>If unset, it will be calculated automatically.<br><br>Example: `10.3.0.15` | string | `` |
 | tectonic_license_path | The path to the tectonic licence file.<br><br>Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` |
 | tectonic_master_count | The number of master nodes to be created. This applies only to cloud platforms. | string | `1` |
 | tectonic_pull_secret_path | The path the pull secret file in JSON format.<br><br>Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` |

diff --git a/config.tf b/config.tf
@@ -62,31 +62,43 @@ variable "tectonic_versions" {
 
 variable "tectonic_kube_apiserver_service_ip" {
   type    = "string"
-  default = "10.3.0.1"
+  default = ""
 
   description = <<EOF
-The Kubernetes service IP used to reach kube-apiserver inside the cluster
+(optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 as returned by `kubectl -n default get service kubernetes`.
+
+If unset, it will be calculated automatically.
+
+Example: `10.3.0.1`
 EOF
 }
 
 variable "tectonic_kube_etcd_service_ip" {
   type    = "string"
-  default = "10.3.0.15"
+  default = ""
 
   description = <<EOF
-The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+(optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 as returned by `kubectl -n kube-system get service etcd-service`.
+
+If unset, it will be calculated automatically.
+
+Example: `10.3.0.15`
 EOF
 }
 
 variable "tectonic_kube_dns_service_ip" {
   type    = "string"
-  default = "10.3.0.10"
+  default = ""
 
   description = <<EOF
 The Kubernetes service IP used to reach kube-dns inside the cluster
 as returned by `kubectl -n kube-system get service kube-dns`.
+
+If unset, it will be calculated automatically.
+
+Example: `10.3.0.10`
 EOF
 }
 

diff --git a/examples/terraform.tfvars.aws b/examples/terraform.tfvars.aws
@@ -170,17 +170,29 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
+// (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 // as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.1`
+// tectonic_kube_apiserver_service_ip = ""
 
 // The Kubernetes service IP used to reach kube-dns inside the cluster
 // as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.10`
+tectonic_kube_dns_service_ip = ""
 
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+// (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 // as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.15`
+// tectonic_kube_etcd_service_ip = ""
 
 // The path to the tectonic licence file.
 // 

diff --git a/examples/terraform.tfvars.azure b/examples/terraform.tfvars.azure
@@ -127,17 +127,29 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
+// (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 // as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.1`
+// tectonic_kube_apiserver_service_ip = ""
 
 // The Kubernetes service IP used to reach kube-dns inside the cluster
 // as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.10`
+tectonic_kube_dns_service_ip = ""
 
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+// (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 // as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.15`
+// tectonic_kube_etcd_service_ip = ""
 
 // The path to the tectonic licence file.
 // 

diff --git a/examples/terraform.tfvars.metal b/examples/terraform.tfvars.metal
@@ -79,17 +79,29 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
+// (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 // as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.1`
+// tectonic_kube_apiserver_service_ip = ""
 
 // The Kubernetes service IP used to reach kube-dns inside the cluster
 // as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.10`
+tectonic_kube_dns_service_ip = ""
 
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+// (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 // as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.15`
+// tectonic_kube_etcd_service_ip = ""
 
 // The path to the tectonic licence file.
 // 

diff --git a/examples/terraform.tfvars.openstack-neutron b/examples/terraform.tfvars.openstack-neutron
@@ -79,17 +79,29 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
+// (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 // as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.1`
+// tectonic_kube_apiserver_service_ip = ""
 
 // The Kubernetes service IP used to reach kube-dns inside the cluster
 // as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.10`
+tectonic_kube_dns_service_ip = ""
 
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+// (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 // as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.15`
+// tectonic_kube_etcd_service_ip = ""
 
 // The path to the tectonic licence file.
 // 

diff --git a/examples/terraform.tfvars.openstack-nova b/examples/terraform.tfvars.openstack-nova
@@ -79,17 +79,29 @@ tectonic_etcd_count = "0"
 // If set to true, experimental Tectonic assets are being deployed.
 tectonic_experimental = false
 
-// The Kubernetes service IP used to reach kube-apiserver inside the cluster
+// (optional) The Kubernetes service IP used to reach kube-apiserver inside the cluster
 // as returned by `kubectl -n default get service kubernetes`.
-tectonic_kube_apiserver_service_ip = "10.3.0.1"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.1`
+// tectonic_kube_apiserver_service_ip = ""
 
 // The Kubernetes service IP used to reach kube-dns inside the cluster
 // as returned by `kubectl -n kube-system get service kube-dns`.
-tectonic_kube_dns_service_ip = "10.3.0.10"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.10`
+tectonic_kube_dns_service_ip = ""
 
-// The Kubernetes service IP used to reach self-hosted etcd inside the cluster
+// (optional) The Kubernetes service IP used to reach self-hosted etcd inside the cluster
 // as returned by `kubectl -n kube-system get service etcd-service`.
-tectonic_kube_etcd_service_ip = "10.3.0.15"
+// 
+// If unset, it will be calculated automatically.
+// 
+// Example: `10.3.0.15`
+// tectonic_kube_etcd_service_ip = ""
 
 // The path to the tectonic licence file.
 // 

diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf
@@ -35,7 +35,18 @@ resource "template_dir" "bootkube" {
     # nodes ourselves (using http), then use insecure http var.etcd_endpoints.
     # 3. Else (if etcd TLS certific are provided), then use the secure https
     # var.etcd_endpoints.
-    etcd_servers = "${var.experimental_enabled ? format("http://%s:2379", var.etcd_service_ip) : data.null_data_source.etcd.outputs.no_certs ? join(",", formatlist("http://%s:2379", var.etcd_endpoints)) : join(",", formatlist("https://%s:2379", var.etcd_endpoints))}"
+    etcd_servers = "${
+      var.experimental_enabled 
+        ? format(
+            "http://%s:2379",
+            var.etcd_service_ip == ""
+              ? cidrhost(var.service_cidr, 15)
+              : var.etcd_service_ip
+            )
+        : data.null_data_source.etcd.outputs.no_certs
+          ? join(",", formatlist("http://%s:2379", var.etcd_endpoints))
+          : join(",", formatlist("https://%s:2379", var.etcd_endpoints))
+      }"
 
     etcd_ca_flag    = "${data.null_data_source.etcd.outputs.ca_flag}"
     etcd_cert_flag  = "${data.null_data_source.etcd.outputs.cert_flag}"
@@ -46,7 +57,7 @@ resource "template_dir" "bootkube" {
 
     cluster_cidr        = "${var.cluster_cidr}"
     service_cidr        = "${var.service_cidr}"
-    kube_dns_service_ip = "${var.kube_dns_service_ip}"
+    kube_dns_service_ip = "${var.kube_dns_service_ip == "" ? cidrhost(var.service_cidr, 10) : var.kube_dns_service_ip}"
     advertise_address   = "${var.advertise_address}"
 
     anonymous_auth      = "${var.anonymous_auth}"
@@ -76,7 +87,19 @@ resource "template_dir" "bootkube-bootstrap" {
     hyperkube_image = "${var.container_images["hyperkube"]}"
     etcd_image      = "${var.container_images["etcd"]}"
 
-    etcd_servers   = "${var.experimental_enabled ? format("http://%s:2379,http://127.0.0.1:12379", var.etcd_service_ip) : data.null_data_source.etcd.outputs.no_certs ? join(",", formatlist("http://%s:2379", var.etcd_endpoints)) : join(",", formatlist("https://%s:2379", var.etcd_endpoints))}"
+    etcd_servers = "${
+      var.experimental_enabled 
+        ? format(
+            "http://%s:2379",
+            var.etcd_service_ip == ""
+              ? cidrhost(var.service_cidr, 15)
+              : var.etcd_service_ip
+            )
+        : data.null_data_source.etcd.outputs.no_certs
+          ? join(",", formatlist("http://%s:2379", var.etcd_endpoints))
+          : join(",", formatlist("https://%s:2379", var.etcd_endpoints))
+      }"
+
     etcd_ca_flag   = "${data.null_data_source.etcd.outputs.ca_flag}"
     etcd_cert_flag = "${data.null_data_source.etcd.outputs.cert_flag}"
     etcd_key_flag  = "${data.null_data_source.etcd.outputs.key_flag}"

diff --git a/modules/bootkube/assets_tls.tf b/modules/bootkube/assets_tls.tf
@@ -74,7 +74,7 @@ resource "tls_cert_request" "apiserver" {
   ]
 
   ip_addresses = [
-    "${var.kube_apiserver_service_ip}",
+    "${var.kube_apiserver_service_ip == "" ? cidrhost(var.service_cidr, 1) : var.kube_apiserver_service_ip}",
   ]
 }
 

diff --git a/modules/bootkube/outputs.tf b/modules/bootkube/outputs.tf
@@ -38,3 +38,7 @@ output "ca_key" {
 output "systemd_service" {
   value = "${data.template_file.bootkube_service.rendered}"
 }
+
+output "kube_dns_service_ip" {
+  value = "${var.kube_dns_service_ip == "" ? cidrhost(var.service_cidr, 10) : var.kube_dns_service_ip}"
+}
diff --git a/platforms/aws/main.tf b/platforms/aws/main.tf
@@ -82,7 +82,7 @@ module "ignition-masters" {
 
   kubelet_node_label        = "node-role.kubernetes.io/master"
   kubelet_node_taints       = "node-role.kubernetes.io/master=:NoSchedule"
-  kube_dns_service_ip       = "${var.tectonic_kube_dns_service_ip}"
+  kube_dns_service_ip       = "${module.bootkube.kube_dns_service_ip}"
   kubeconfig_s3_location    = "${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key}"
   assets_s3_location        = "${aws_s3_bucket_object.tectonic-assets.bucket}/${aws_s3_bucket_object.tectonic-assets.key}"
   container_images          = "${var.tectonic_container_images}"
@@ -126,7 +126,7 @@ module "ignition-workers" {
 
   kubelet_node_label     = "node-role.kubernetes.io/node"
   kubelet_node_taints    = ""
-  kube_dns_service_ip    = "${var.tectonic_kube_dns_service_ip}"
+  kube_dns_service_ip    = "${module.bootkube.kube_dns_service_ip}"
   kubeconfig_s3_location = "${aws_s3_bucket_object.kubeconfig.bucket}/${aws_s3_bucket_object.kubeconfig.key}"
   assets_s3_location     = ""
   container_images       = "${var.tectonic_container_images}"

diff --git a/platforms/azure/main.tf b/platforms/azure/main.tf
@@ -51,7 +51,7 @@ module "masters" {
   kube_image_url               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 0)}"
   kube_image_tag               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 1)}"
   kubeconfig_content           = "${module.bootkube.kubeconfig}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   cloud_provider               = ""
   kubelet_node_label           = "node-role.kubernetes.io/master"
   kubelet_node_taints          = "node-role.kubernetes.io/master=:NoSchedule"
@@ -79,7 +79,7 @@ module "workers" {
   kube_image_url               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 0)}"
   kube_image_tag               = "${element(split(":", var.tectonic_container_images["hyperkube"]), 1)}"
   kubeconfig_content           = "${module.bootkube.kubeconfig}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   cloud_provider               = ""
   kubelet_node_label           = "node-role.kubernetes.io/node"
 }

diff --git a/platforms/metal/matchers.tf b/platforms/metal/matchers.tf
@@ -34,7 +34,7 @@ resource "matchbox_group" "controller" {
     etcd_enabled         = "${var.tectonic_experimental ? "false" : "true"}"
     etcd_name            = "${element(var.tectonic_metal_controller_names, count.index)}"
     etcd_initial_cluster = "${join(",", formatlist("%s=http://%s:2380", var.tectonic_metal_controller_names, var.tectonic_metal_controller_domains))}"
-    k8s_dns_service_ip   = "${var.tectonic_kube_dns_service_ip}"
+    k8s_dns_service_ip   = "${module.bootkube.kube_dns_service_ip}"
     ssh_authorized_key   = "${var.tectonic_ssh_authorized_key}"
     exclude_tectonic     = "${var.tectonic_vanilla_k8s}"
 
@@ -57,7 +57,7 @@ resource "matchbox_group" "worker" {
 
   metadata {
     domain_name        = "${element(var.tectonic_metal_worker_domains, count.index)}"
-    k8s_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+    k8s_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
     ssh_authorized_key = "${var.tectonic_ssh_authorized_key}"
 
     # extra data

diff --git a/platforms/openstack/neutron/main.tf b/platforms/openstack/neutron/main.tf
@@ -102,7 +102,7 @@ EOF
   instance_count               = "${var.tectonic_master_count}"
   kube_image_url               = "${data.null_data_source.local.outputs.kube_image_url}"
   kube_image_tag               = "${data.null_data_source.local.outputs.kube_image_tag}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   core_public_keys             = ["${module.secrets.core_public_key_openssh}"]
   bootkube_service             = "${module.bootkube.systemd_service}"
   tectonic_service             = "${module.tectonic.systemd_service}"
@@ -125,7 +125,7 @@ EOF
   instance_count               = "${var.tectonic_worker_count}"
   kube_image_url               = "${data.null_data_source.local.outputs.kube_image_url}"
   kube_image_tag               = "${data.null_data_source.local.outputs.kube_image_tag}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   core_public_keys             = ["${module.secrets.core_public_key_openssh}"]
   bootkube_service             = ""
   tectonic_service             = ""

diff --git a/platforms/openstack/nova/main.tf b/platforms/openstack/nova/main.tf
@@ -102,7 +102,7 @@ EOF
   instance_count               = "${var.tectonic_master_count}"
   kube_image_url               = "${data.null_data_source.local.outputs.kube_image_url}"
   kube_image_tag               = "${data.null_data_source.local.outputs.kube_image_tag}"
-  tectonic_kube_dns_service_ip = "${var.tectonic_kube_dns_service_ip}"
+  tectonic_kube_dns_service_ip = "${module.bootkube.kube_dns_service_ip}"
   core_public_keys             = ["${module.secrets.core_public_key_openssh}"]
   bootkube_service             = "${module.bootkube.systemd_service}"
   tectonic_service             = "${module.tectonic.systemd_service}"