From 01cf11b9619017bcccf8f6e10b29bbdd97bffa22 Mon Sep 17 00:00:00 2001
From: Andreas Holmsten <andreas.holmsten@gmail.com>
Date: Mon, 8 Apr 2019 11:22:24 +0200
Subject: [PATCH] Run terraform fmt and add step to CI (#4405)
* Run terraform fmt
* Add terraform fmt to .terraform-validate CI step
* Add tf-validate-aws CI step
* Revert "Add tf-validate-aws CI step"
This reverts commit e007225fac831d263613ae9ab2998d11c3e8673d.
---
.gitlab-ci.yml | 1 +
.../terraform/aws/create-infrastructure.tf | 156 ++++++++----------
contrib/terraform/aws/modules/elb/main.tf | 55 +++---
contrib/terraform/aws/modules/elb/outputs.tf | 4 +-
.../terraform/aws/modules/elb/variables.tf | 23 ++-
contrib/terraform/aws/modules/iam/main.tf | 33 ++--
contrib/terraform/aws/modules/iam/outputs.tf | 4 +-
.../terraform/aws/modules/iam/variables.tf | 2 +-
contrib/terraform/aws/modules/vpc/main.tf | 134 +++++++--------
contrib/terraform/aws/modules/vpc/outputs.tf | 12 +-
.../terraform/aws/modules/vpc/variables.tf | 16 +-
contrib/terraform/aws/output.tf | 15 +-
contrib/terraform/aws/variables.tf | 24 +--
contrib/terraform/packet/kubespray.tf | 4 +-
contrib/terraform/packet/output.tf | 8 +-
.../packet/sample-inventory/cluster.tf | 5 +
16 files changed, 233 insertions(+), 263 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a671ca0f0..11eb67ec0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -769,6 +769,7 @@ tox-inventory-builder:
stage: unit-tests
script:
- terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER
+ - terraform fmt -check -diff ../../contrib/terraform/$PROVIDER
.terraform_apply: &terraform_apply
<<: *terraform_install
diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf
index 1ff584f0c..ebfd99701 100644
--- a/contrib/terraform/aws/create-infrastructure.tf
+++ b/contrib/terraform/aws/create-infrastructure.tf
@@ -1,11 +1,11 @@
terraform {
- required_version = ">= 0.8.7"
+ required_version = ">= 0.8.7"
}
provider "aws" {
- access_key = "${var.AWS_ACCESS_KEY_ID}"
- secret_key = "${var.AWS_SECRET_ACCESS_KEY}"
- region = "${var.AWS_DEFAULT_REGION}"
+ access_key = "${var.AWS_ACCESS_KEY_ID}"
+ secret_key = "${var.AWS_SECRET_ACCESS_KEY}"
+ region = "${var.AWS_DEFAULT_REGION}"
}
data "aws_availability_zones" "available" {}
@@ -18,33 +18,30 @@ data "aws_availability_zones" "available" {}
module "aws-vpc" {
source = "modules/vpc"
- aws_cluster_name = "${var.aws_cluster_name}"
- aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}"
- aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}"
- aws_cidr_subnets_private="${var.aws_cidr_subnets_private}"
- aws_cidr_subnets_public="${var.aws_cidr_subnets_public}"
- default_tags="${var.default_tags}"
-
+ aws_cluster_name = "${var.aws_cluster_name}"
+ aws_vpc_cidr_block = "${var.aws_vpc_cidr_block}"
+ aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}"
+ aws_cidr_subnets_private = "${var.aws_cidr_subnets_private}"
+ aws_cidr_subnets_public = "${var.aws_cidr_subnets_public}"
+ default_tags = "${var.default_tags}"
}
-
module "aws-elb" {
source = "modules/elb"
- aws_cluster_name="${var.aws_cluster_name}"
- aws_vpc_id="${module.aws-vpc.aws_vpc_id}"
- aws_avail_zones="${slice(data.aws_availability_zones.available.names,0,2)}"
- aws_subnet_ids_public="${module.aws-vpc.aws_subnet_ids_public}"
- aws_elb_api_port = "${var.aws_elb_api_port}"
- k8s_secure_api_port = "${var.k8s_secure_api_port}"
- default_tags="${var.default_tags}"
-
+ aws_cluster_name = "${var.aws_cluster_name}"
+ aws_vpc_id = "${module.aws-vpc.aws_vpc_id}"
+ aws_avail_zones = "${slice(data.aws_availability_zones.available.names,0,2)}"
+ aws_subnet_ids_public = "${module.aws-vpc.aws_subnet_ids_public}"
+ aws_elb_api_port = "${var.aws_elb_api_port}"
+ k8s_secure_api_port = "${var.k8s_secure_api_port}"
+ default_tags = "${var.default_tags}"
}
module "aws-iam" {
source = "modules/iam"
- aws_cluster_name="${var.aws_cluster_name}"
+ aws_cluster_name = "${var.aws_cluster_name}"
}
/*
@@ -53,50 +50,44 @@ module "aws-iam" {
*/
resource "aws_instance" "bastion-server" {
- ami = "${data.aws_ami.distro.id}"
- instance_type = "${var.aws_bastion_size}"
- count = "${length(var.aws_cidr_subnets_public)}"
- associate_public_ip_address = true
- availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
- subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}"
-
+ ami = "${data.aws_ami.distro.id}"
+ instance_type = "${var.aws_bastion_size}"
+ count = "${length(var.aws_cidr_subnets_public)}"
+ associate_public_ip_address = true
+ availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
+ subnet_id = "${element(module.aws-vpc.aws_subnet_ids_public,count.index)}"
- vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ]
+ vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
- key_name = "${var.AWS_SSH_KEY_NAME}"
+ key_name = "${var.AWS_SSH_KEY_NAME}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-bastion-${count.index}",
"Cluster", "${var.aws_cluster_name}",
"Role", "bastion-${var.aws_cluster_name}-${count.index}"
))}"
}
-
/*
* Create K8s Master and worker nodes and etcd instances
*
*/
resource "aws_instance" "k8s-master" {
- ami = "${data.aws_ami.distro.id}"
- instance_type = "${var.aws_kube_master_size}"
+ ami = "${data.aws_ami.distro.id}"
+ instance_type = "${var.aws_kube_master_size}"
- count = "${var.aws_kube_master_num}"
-
-
- availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
- subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
-
-
- vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ]
+ count = "${var.aws_kube_master_num}"
+ availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
+ subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
- iam_instance_profile = "${module.aws-iam.kube-master-profile}"
- key_name = "${var.AWS_SSH_KEY_NAME}"
+ vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
+ iam_instance_profile = "${module.aws-iam.kube-master-profile}"
+ key_name = "${var.AWS_SSH_KEY_NAME}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-master${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "master"
@@ -104,88 +95,77 @@ resource "aws_instance" "k8s-master" {
}
resource "aws_elb_attachment" "attach_master_nodes" {
- count = "${var.aws_kube_master_num}"
+ count = "${var.aws_kube_master_num}"
elb = "${module.aws-elb.aws_elb_api_id}"
instance = "${element(aws_instance.k8s-master.*.id,count.index)}"
}
-
resource "aws_instance" "k8s-etcd" {
- ami = "${data.aws_ami.distro.id}"
- instance_type = "${var.aws_etcd_size}"
-
- count = "${var.aws_etcd_num}"
-
+ ami = "${data.aws_ami.distro.id}"
+ instance_type = "${var.aws_etcd_size}"
- availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
- subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
+ count = "${var.aws_etcd_num}"
+ availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
+ subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
- vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ]
+ vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
- key_name = "${var.AWS_SSH_KEY_NAME}"
+ key_name = "${var.AWS_SSH_KEY_NAME}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-etcd${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "etcd"
))}"
-
}
-
resource "aws_instance" "k8s-worker" {
- ami = "${data.aws_ami.distro.id}"
- instance_type = "${var.aws_kube_worker_size}"
-
- count = "${var.aws_kube_worker_num}"
+ ami = "${data.aws_ami.distro.id}"
+ instance_type = "${var.aws_kube_worker_size}"
- availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
- subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
+ count = "${var.aws_kube_worker_num}"
- vpc_security_group_ids = [ "${module.aws-vpc.aws_security_group}" ]
+ availability_zone = "${element(slice(data.aws_availability_zones.available.names,0,2),count.index)}"
+ subnet_id = "${element(module.aws-vpc.aws_subnet_ids_private,count.index)}"
- iam_instance_profile = "${module.aws-iam.kube-worker-profile}"
- key_name = "${var.AWS_SSH_KEY_NAME}"
+ vpc_security_group_ids = ["${module.aws-vpc.aws_security_group}"]
+ iam_instance_profile = "${module.aws-iam.kube-worker-profile}"
+ key_name = "${var.AWS_SSH_KEY_NAME}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-worker${count.index}",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member",
"Role", "worker"
))}"
-
}
-
-
/*
* Create Kubespray Inventory File
*
*/
data "template_file" "inventory" {
- template = "${file("${path.module}/templates/inventory.tpl")}"
-
- vars {
- public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}"
- connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
- connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
- connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
- list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}"
- list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}"
- list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
- elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
- }
-
+ template = "${file("${path.module}/templates/inventory.tpl")}"
+
+ vars {
+ public_ip_address_bastion = "${join("\n",formatlist("bastion ansible_host=%s" , aws_instance.bastion-server.*.public_ip))}"
+ connection_strings_master = "${join("\n",formatlist("%s ansible_host=%s",aws_instance.k8s-master.*.tags.Name, aws_instance.k8s-master.*.private_ip))}"
+ connection_strings_node = "${join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-worker.*.tags.Name, aws_instance.k8s-worker.*.private_ip))}"
+ connection_strings_etcd = "${join("\n",formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.tags.Name, aws_instance.k8s-etcd.*.private_ip))}"
+ list_master = "${join("\n",aws_instance.k8s-master.*.tags.Name)}"
+ list_node = "${join("\n",aws_instance.k8s-worker.*.tags.Name)}"
+ list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
+ elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
+ }
}
resource "null_resource" "inventories" {
provisioner "local-exec" {
- command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}"
+ command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}"
}
triggers {
- template = "${data.template_file.inventory.rendered}"
+ template = "${data.template_file.inventory.rendered}"
}
-
}
diff --git a/contrib/terraform/aws/modules/elb/main.tf b/contrib/terraform/aws/modules/elb/main.tf
index a2a6f69a1..48b8e3df7 100644
--- a/contrib/terraform/aws/modules/elb/main.tf
+++ b/contrib/terraform/aws/modules/elb/main.tf
@@ -1,55 +1,54 @@
resource "aws_security_group" "aws-elb" {
- name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
- vpc_id = "${var.aws_vpc_id}"
+ name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
+ vpc_id = "${var.aws_vpc_id}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
))}"
}
-
resource "aws_security_group_rule" "aws-allow-api-access" {
- type = "ingress"
- from_port = "${var.aws_elb_api_port}"
- to_port = "${var.k8s_secure_api_port}"
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- security_group_id = "${aws_security_group.aws-elb.id}"
+ type = "ingress"
+ from_port = "${var.aws_elb_api_port}"
+ to_port = "${var.k8s_secure_api_port}"
+ protocol = "TCP"
+ cidr_blocks = ["0.0.0.0/0"]
+ security_group_id = "${aws_security_group.aws-elb.id}"
}
resource "aws_security_group_rule" "aws-allow-api-egress" {
- type = "egress"
- from_port = 0
- to_port = 65535
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- security_group_id = "${aws_security_group.aws-elb.id}"
+ type = "egress"
+ from_port = 0
+ to_port = 65535
+ protocol = "TCP"
+ cidr_blocks = ["0.0.0.0/0"]
+ security_group_id = "${aws_security_group.aws-elb.id}"
}
# Create a new AWS ELB for K8S API
resource "aws_elb" "aws-elb-api" {
- name = "kubernetes-elb-${var.aws_cluster_name}"
- subnets = ["${var.aws_subnet_ids_public}"]
+ name = "kubernetes-elb-${var.aws_cluster_name}"
+ subnets = ["${var.aws_subnet_ids_public}"]
security_groups = ["${aws_security_group.aws-elb.id}"]
listener {
- instance_port = "${var.k8s_secure_api_port}"
+ instance_port = "${var.k8s_secure_api_port}"
instance_protocol = "tcp"
- lb_port = "${var.aws_elb_api_port}"
- lb_protocol = "tcp"
+ lb_port = "${var.aws_elb_api_port}"
+ lb_protocol = "tcp"
}
health_check {
- healthy_threshold = 2
+ healthy_threshold = 2
unhealthy_threshold = 2
- timeout = 3
- target = "TCP:${var.k8s_secure_api_port}"
- interval = 30
+ timeout = 3
+ target = "TCP:${var.k8s_secure_api_port}"
+ interval = 30
}
- cross_zone_load_balancing = true
- idle_timeout = 400
- connection_draining = true
+ cross_zone_load_balancing = true
+ idle_timeout = 400
+ connection_draining = true
connection_draining_timeout = 400
tags = "${merge(var.default_tags, map(
diff --git a/contrib/terraform/aws/modules/elb/outputs.tf b/contrib/terraform/aws/modules/elb/outputs.tf
index 075c751e4..3f3d790e3 100644
--- a/contrib/terraform/aws/modules/elb/outputs.tf
+++ b/contrib/terraform/aws/modules/elb/outputs.tf
@@ -1,7 +1,7 @@
output "aws_elb_api_id" {
- value = "${aws_elb.aws-elb-api.id}"
+ value = "${aws_elb.aws-elb-api.id}"
}
output "aws_elb_api_fqdn" {
- value = "${aws_elb.aws-elb-api.dns_name}"
+ value = "${aws_elb.aws-elb-api.dns_name}"
}
diff --git a/contrib/terraform/aws/modules/elb/variables.tf b/contrib/terraform/aws/modules/elb/variables.tf
index 1ed9edd40..4395e7132 100644
--- a/contrib/terraform/aws/modules/elb/variables.tf
+++ b/contrib/terraform/aws/modules/elb/variables.tf
@@ -1,33 +1,30 @@
variable "aws_cluster_name" {
- description = "Name of Cluster"
+ description = "Name of Cluster"
}
variable "aws_vpc_id" {
- description = "AWS VPC ID"
+ description = "AWS VPC ID"
}
variable "aws_elb_api_port" {
- description = "Port for AWS ELB"
+ description = "Port for AWS ELB"
}
variable "k8s_secure_api_port" {
- description = "Secure Port of K8S API Server"
+ description = "Secure Port of K8S API Server"
}
-
-
variable "aws_avail_zones" {
- description = "Availability Zones Used"
- type = "list"
+ description = "Availability Zones Used"
+ type = "list"
}
-
variable "aws_subnet_ids_public" {
- description = "IDs of Public Subnets"
- type = "list"
+ description = "IDs of Public Subnets"
+ type = "list"
}
variable "default_tags" {
- description = "Tags for all resources"
- type = "map"
+ description = "Tags for all resources"
+ type = "map"
}
diff --git a/contrib/terraform/aws/modules/iam/main.tf b/contrib/terraform/aws/modules/iam/main.tf
index 7818d7b0f..6fa233e49 100644
--- a/contrib/terraform/aws/modules/iam/main.tf
+++ b/contrib/terraform/aws/modules/iam/main.tf
@@ -1,8 +1,9 @@
#Add AWS Roles for Kubernetes
resource "aws_iam_role" "kube-master" {
- name = "kubernetes-${var.aws_cluster_name}-master"
- assume_role_policy = <<EOF
+ name = "kubernetes-${var.aws_cluster_name}-master"
+
+ assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
@@ -19,8 +20,9 @@ EOF
}
resource "aws_iam_role" "kube-worker" {
- name = "kubernetes-${var.aws_cluster_name}-node"
- assume_role_policy = <<EOF
+ name = "kubernetes-${var.aws_cluster_name}-node"
+
+ assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
@@ -39,9 +41,10 @@ EOF
#Add AWS Policies for Kubernetes
resource "aws_iam_role_policy" "kube-master" {
- name = "kubernetes-${var.aws_cluster_name}-master"
- role = "${aws_iam_role.kube-master.id}"
- policy = <<EOF
+ name = "kubernetes-${var.aws_cluster_name}-master"
+ role = "${aws_iam_role.kube-master.id}"
+
+ policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
@@ -73,9 +76,10 @@ EOF
}
resource "aws_iam_role_policy" "kube-worker" {
- name = "kubernetes-${var.aws_cluster_name}-node"
- role = "${aws_iam_role.kube-worker.id}"
- policy = <<EOF
+ name = "kubernetes-${var.aws_cluster_name}-node"
+ role = "${aws_iam_role.kube-worker.id}"
+
+ policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
@@ -124,15 +128,14 @@ resource "aws_iam_role_policy" "kube-worker" {
EOF
}
-
#Create AWS Instance Profiles
resource "aws_iam_instance_profile" "kube-master" {
- name = "kube_${var.aws_cluster_name}_master_profile"
- role = "${aws_iam_role.kube-master.name}"
+ name = "kube_${var.aws_cluster_name}_master_profile"
+ role = "${aws_iam_role.kube-master.name}"
}
resource "aws_iam_instance_profile" "kube-worker" {
- name = "kube_${var.aws_cluster_name}_node_profile"
- role = "${aws_iam_role.kube-worker.name}"
+ name = "kube_${var.aws_cluster_name}_node_profile"
+ role = "${aws_iam_role.kube-worker.name}"
}
diff --git a/contrib/terraform/aws/modules/iam/outputs.tf b/contrib/terraform/aws/modules/iam/outputs.tf
index a6ccf8847..448be9753 100644
--- a/contrib/terraform/aws/modules/iam/outputs.tf
+++ b/contrib/terraform/aws/modules/iam/outputs.tf
@@ -1,7 +1,7 @@
output "kube-master-profile" {
- value = "${aws_iam_instance_profile.kube-master.name }"
+ value = "${aws_iam_instance_profile.kube-master.name }"
}
output "kube-worker-profile" {
- value = "${aws_iam_instance_profile.kube-worker.name }"
+ value = "${aws_iam_instance_profile.kube-worker.name }"
}
diff --git a/contrib/terraform/aws/modules/iam/variables.tf b/contrib/terraform/aws/modules/iam/variables.tf
index 690fbe756..f52e644fa 100644
--- a/contrib/terraform/aws/modules/iam/variables.tf
+++ b/contrib/terraform/aws/modules/iam/variables.tf
@@ -1,3 +1,3 @@
variable "aws_cluster_name" {
- description = "Name of Cluster"
+ description = "Name of Cluster"
}
diff --git a/contrib/terraform/aws/modules/vpc/main.tf b/contrib/terraform/aws/modules/vpc/main.tf
index b267a23a9..d953c133a 100644
--- a/contrib/terraform/aws/modules/vpc/main.tf
+++ b/contrib/terraform/aws/modules/vpc/main.tf
@@ -1,58 +1,53 @@
-
resource "aws_vpc" "cluster-vpc" {
- cidr_block = "${var.aws_vpc_cidr_block}"
+ cidr_block = "${var.aws_vpc_cidr_block}"
- #DNS Related Entries
- enable_dns_support = true
- enable_dns_hostnames = true
+ #DNS Related Entries
+ enable_dns_support = true
+ enable_dns_hostnames = true
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-vpc"
))}"
}
-
resource "aws_eip" "cluster-nat-eip" {
- count = "${length(var.aws_cidr_subnets_public)}"
- vpc = true
+ count = "${length(var.aws_cidr_subnets_public)}"
+ vpc = true
}
-
resource "aws_internet_gateway" "cluster-vpc-internetgw" {
vpc_id = "${aws_vpc.cluster-vpc.id}"
-
tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-internetgw"
))}"
}
resource "aws_subnet" "cluster-vpc-subnets-public" {
- vpc_id = "${aws_vpc.cluster-vpc.id}"
- count="${length(var.aws_avail_zones)}"
- availability_zone = "${element(var.aws_avail_zones, count.index)}"
- cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}"
+ vpc_id = "${aws_vpc.cluster-vpc.id}"
+ count = "${length(var.aws_avail_zones)}"
+ availability_zone = "${element(var.aws_avail_zones, count.index)}"
+ cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public",
"kubernetes.io/cluster/${var.aws_cluster_name}", "member"
))}"
}
resource "aws_nat_gateway" "cluster-nat-gateway" {
- count = "${length(var.aws_cidr_subnets_public)}"
- allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}"
- subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}"
-
+ count = "${length(var.aws_cidr_subnets_public)}"
+ allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}"
+ subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}"
}
resource "aws_subnet" "cluster-vpc-subnets-private" {
- vpc_id = "${aws_vpc.cluster-vpc.id}"
- count="${length(var.aws_avail_zones)}"
- availability_zone = "${element(var.aws_avail_zones, count.index)}"
- cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}"
+ vpc_id = "${aws_vpc.cluster-vpc.id}"
+ count = "${length(var.aws_avail_zones)}"
+ availability_zone = "${element(var.aws_avail_zones, count.index)}"
+ cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private"
))}"
}
@@ -62,81 +57,78 @@ resource "aws_subnet" "cluster-vpc-subnets-private" {
#TODO: Do we need two routing tables for each subnet for redundancy or is one enough?
resource "aws_route_table" "kubernetes-public" {
- vpc_id = "${aws_vpc.cluster-vpc.id}"
- route {
- cidr_block = "0.0.0.0/0"
- gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}"
- }
+ vpc_id = "${aws_vpc.cluster-vpc.id}"
- tags = "${merge(var.default_tags, map(
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}"
+ }
+
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-public"
))}"
}
resource "aws_route_table" "kubernetes-private" {
- count = "${length(var.aws_cidr_subnets_private)}"
- vpc_id = "${aws_vpc.cluster-vpc.id}"
- route {
- cidr_block = "0.0.0.0/0"
- nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}"
- }
-
- tags = "${merge(var.default_tags, map(
+ count = "${length(var.aws_cidr_subnets_private)}"
+ vpc_id = "${aws_vpc.cluster-vpc.id}"
+
+ route {
+ cidr_block = "0.0.0.0/0"
+ nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}"
+ }
+
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}"
))}"
-
}
resource "aws_route_table_association" "kubernetes-public" {
- count = "${length(var.aws_cidr_subnets_public)}"
- subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id,count.index)}"
- route_table_id = "${aws_route_table.kubernetes-public.id}"
-
+ count = "${length(var.aws_cidr_subnets_public)}"
+ subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id,count.index)}"
+ route_table_id = "${aws_route_table.kubernetes-public.id}"
}
resource "aws_route_table_association" "kubernetes-private" {
- count = "${length(var.aws_cidr_subnets_private)}"
- subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id,count.index)}"
- route_table_id = "${element(aws_route_table.kubernetes-private.*.id,count.index)}"
-
+ count = "${length(var.aws_cidr_subnets_private)}"
+ subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id,count.index)}"
+ route_table_id = "${element(aws_route_table.kubernetes-private.*.id,count.index)}"
}
-
#Kubernetes Security Groups
resource "aws_security_group" "kubernetes" {
- name = "kubernetes-${var.aws_cluster_name}-securitygroup"
- vpc_id = "${aws_vpc.cluster-vpc.id}"
+ name = "kubernetes-${var.aws_cluster_name}-securitygroup"
+ vpc_id = "${aws_vpc.cluster-vpc.id}"
- tags = "${merge(var.default_tags, map(
+ tags = "${merge(var.default_tags, map(
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup"
))}"
}
resource "aws_security_group_rule" "allow-all-ingress" {
- type = "ingress"
- from_port = 0
- to_port = 65535
- protocol = "-1"
- cidr_blocks= ["${var.aws_vpc_cidr_block}"]
- security_group_id = "${aws_security_group.kubernetes.id}"
+ type = "ingress"
+ from_port = 0
+ to_port = 65535
+ protocol = "-1"
+ cidr_blocks = ["${var.aws_vpc_cidr_block}"]
+ security_group_id = "${aws_security_group.kubernetes.id}"
}
resource "aws_security_group_rule" "allow-all-egress" {
- type = "egress"
- from_port = 0
- to_port = 65535
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- security_group_id = "${aws_security_group.kubernetes.id}"
+ type = "egress"
+ from_port = 0
+ to_port = 65535
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ security_group_id = "${aws_security_group.kubernetes.id}"
}
-
resource "aws_security_group_rule" "allow-ssh-connections" {
- type = "ingress"
- from_port = 22
- to_port = 22
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- security_group_id = "${aws_security_group.kubernetes.id}"
+ type = "ingress"
+ from_port = 22
+ to_port = 22
+ protocol = "TCP"
+ cidr_blocks = ["0.0.0.0/0"]
+ security_group_id = "${aws_security_group.kubernetes.id}"
}
diff --git a/contrib/terraform/aws/modules/vpc/outputs.tf b/contrib/terraform/aws/modules/vpc/outputs.tf
index b2a94a2e1..fa00f525e 100644
--- a/contrib/terraform/aws/modules/vpc/outputs.tf
+++ b/contrib/terraform/aws/modules/vpc/outputs.tf
@@ -1,21 +1,19 @@
output "aws_vpc_id" {
- value = "${aws_vpc.cluster-vpc.id}"
+ value = "${aws_vpc.cluster-vpc.id}"
}
output "aws_subnet_ids_private" {
- value = ["${aws_subnet.cluster-vpc-subnets-private.*.id}"]
+ value = ["${aws_subnet.cluster-vpc-subnets-private.*.id}"]
}
output "aws_subnet_ids_public" {
- value = ["${aws_subnet.cluster-vpc-subnets-public.*.id}"]
+ value = ["${aws_subnet.cluster-vpc-subnets-public.*.id}"]
}
output "aws_security_group" {
- value = ["${aws_security_group.kubernetes.*.id}"]
-
+ value = ["${aws_security_group.kubernetes.*.id}"]
}
output "default_tags" {
- value = "${var.default_tags}"
-
+ value = "${var.default_tags}"
}
diff --git a/contrib/terraform/aws/modules/vpc/variables.tf b/contrib/terraform/aws/modules/vpc/variables.tf
index b6295cbb9..fea460ce5 100644
--- a/contrib/terraform/aws/modules/vpc/variables.tf
+++ b/contrib/terraform/aws/modules/vpc/variables.tf
@@ -1,29 +1,27 @@
variable "aws_vpc_cidr_block" {
- description = "CIDR Blocks for AWS VPC"
+ description = "CIDR Blocks for AWS VPC"
}
-
variable "aws_cluster_name" {
- description = "Name of Cluster"
+ description = "Name of Cluster"
}
-
variable "aws_avail_zones" {
- description = "AWS Availability Zones Used"
- type = "list"
+ description = "AWS Availability Zones Used"
+ type = "list"
}
variable "aws_cidr_subnets_private" {
description = "CIDR Blocks for private subnets in Availability zones"
- type = "list"
+ type = "list"
}
variable "aws_cidr_subnets_public" {
description = "CIDR Blocks for public subnets in Availability zones"
- type = "list"
+ type = "list"
}
variable "default_tags" {
description = "Default tags for all resources"
- type = "map"
+ type = "map"
}
diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf
index 51250306e..6fefd711a 100644
--- a/contrib/terraform/aws/output.tf
+++ b/contrib/terraform/aws/output.tf
@@ -1,28 +1,27 @@
output "bastion_ip" {
- value = "${join("\n", aws_instance.bastion-server.*.public_ip)}"
+ value = "${join("\n", aws_instance.bastion-server.*.public_ip)}"
}
output "masters" {
- value = "${join("\n", aws_instance.k8s-master.*.private_ip)}"
+ value = "${join("\n", aws_instance.k8s-master.*.private_ip)}"
}
output "workers" {
- value = "${join("\n", aws_instance.k8s-worker.*.private_ip)}"
+ value = "${join("\n", aws_instance.k8s-worker.*.private_ip)}"
}
output "etcd" {
- value = "${join("\n", aws_instance.k8s-etcd.*.private_ip)}"
+ value = "${join("\n", aws_instance.k8s-etcd.*.private_ip)}"
}
-
output "aws_elb_api_fqdn" {
- value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}"
+ value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}"
}
output "inventory" {
- value = "${data.template_file.inventory.rendered}"
+ value = "${data.template_file.inventory.rendered}"
}
output "default_tags" {
- value = "${var.default_tags}"
+ value = "${var.default_tags}"
}
diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf
index 37aab2bae..8a7e3ae30 100644
--- a/contrib/terraform/aws/variables.tf
+++ b/contrib/terraform/aws/variables.tf
@@ -44,18 +44,18 @@ variable "aws_vpc_cidr_block" {
variable "aws_cidr_subnets_private" {
description = "CIDR Blocks for private subnets in Availability Zones"
- type = "list"
+ type = "list"
}
variable "aws_cidr_subnets_public" {
description = "CIDR Blocks for public subnets in Availability Zones"
- type = "list"
+ type = "list"
}
//AWS EC2 Settings
variable "aws_bastion_size" {
- description = "EC2 Instance Size of Bastion Host"
+ description = "EC2 Instance Size of Bastion Host"
}
/*
@@ -64,27 +64,27 @@ variable "aws_bastion_size" {
* AWS Availability Zones without an remainder.
*/
variable "aws_kube_master_num" {
- description = "Number of Kubernetes Master Nodes"
+ description = "Number of Kubernetes Master Nodes"
}
variable "aws_kube_master_size" {
- description = "Instance size of Kube Master Nodes"
+ description = "Instance size of Kube Master Nodes"
}
variable "aws_etcd_num" {
- description = "Number of etcd Nodes"
+ description = "Number of etcd Nodes"
}
variable "aws_etcd_size" {
- description = "Instance size of etcd Nodes"
+ description = "Instance size of etcd Nodes"
}
variable "aws_kube_worker_num" {
- description = "Number of Kubernetes Worker Nodes"
+ description = "Number of Kubernetes Worker Nodes"
}
variable "aws_kube_worker_size" {
- description = "Instance size of Kubernetes Worker Nodes"
+ description = "Instance size of Kubernetes Worker Nodes"
}
/*
@@ -92,16 +92,16 @@ variable "aws_kube_worker_size" {
*
*/
variable "aws_elb_api_port" {
- description = "Port for AWS ELB"
+ description = "Port for AWS ELB"
}
variable "k8s_secure_api_port" {
- description = "Secure Port of K8S API Server"
+ description = "Secure Port of K8S API Server"
}
variable "default_tags" {
description = "Default tags for all resources"
- type = "map"
+ type = "map"
}
variable "inventory_file" {
diff --git a/contrib/terraform/packet/kubespray.tf b/contrib/terraform/packet/kubespray.tf
index 0f584d624..ac48f818a 100644
--- a/contrib/terraform/packet/kubespray.tf
+++ b/contrib/terraform/packet/kubespray.tf
@@ -1,6 +1,5 @@
# Configure the Packet Provider
-provider "packet" {
-}
+provider "packet" {}
resource "packet_ssh_key" "k8s" {
count = "${var.public_key_path != "" ? 1 : 0}"
@@ -19,7 +18,6 @@ resource "packet_device" "k8s_master" {
billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}"
tags = ["cluster-${var.cluster_name}", "k8s-cluster", "kube-master", "etcd", "kube-node"]
-
}
resource "packet_device" "k8s_master_no_etcd" {
diff --git a/contrib/terraform/packet/output.tf b/contrib/terraform/packet/output.tf
index 89e78800d..2f9633dea 100644
--- a/contrib/terraform/packet/output.tf
+++ b/contrib/terraform/packet/output.tf
@@ -1,15 +1,15 @@
output "k8s_masters" {
- value = "${packet_device.k8s_master.*.access_public_ipv4}"
+ value = "${packet_device.k8s_master.*.access_public_ipv4}"
}
output "k8s_masters_no_etc" {
- value = "${packet_device.k8s_master_no_etcd.*.access_public_ipv4}"
+ value = "${packet_device.k8s_master_no_etcd.*.access_public_ipv4}"
}
output "k8s_etcds" {
- value = "${packet_device.k8s_etcd.*.access_public_ipv4}"
+ value = "${packet_device.k8s_etcd.*.access_public_ipv4}"
}
output "k8s_nodes" {
- value = "${packet_device.k8s_node.*.access_public_ipv4}"
+ value = "${packet_device.k8s_node.*.access_public_ipv4}"
}
diff --git a/contrib/terraform/packet/sample-inventory/cluster.tf b/contrib/terraform/packet/sample-inventory/cluster.tf
index 0bf4a317b..2482194cf 100644
--- a/contrib/terraform/packet/sample-inventory/cluster.tf
+++ b/contrib/terraform/packet/sample-inventory/cluster.tf
@@ -14,14 +14,19 @@ facility = "ewr1"
# standalone etcds
number_of_etcd = 0
+
plan_etcd = "t1.small.x86"
# masters
number_of_k8s_masters = 1
+
number_of_k8s_masters_no_etcd = 0
+
plan_k8s_masters = "t1.small.x86"
+
plan_k8s_masters_no_etcd = "t1.small.x86"
# nodes
number_of_k8s_nodes = 2
+
plan_k8s_nodes = "t1.small.x86"
--
GitLab