From c48ffa24bedc1fa72f219677ca44971cccca0c07 Mon Sep 17 00:00:00 2001
From: Vincent Schwarzer <vincent.schwarzer@yahoo.de>
Date: Wed, 12 Apr 2017 15:11:39 +0200
Subject: [PATCH] Fixes for AWS Terraform Deployment and Updated Readme

---
 contrib/terraform/aws/README.md               | 34 +++++++++++++++----
 .../terraform/aws/create-infrastructure.tf    |  1 +
 contrib/terraform/aws/output.tf               |  4 +++
 contrib/terraform/aws/templates/inventory.tpl |  1 +
 .../terraform/aws/terraform.tfvars.example    |  6 ++--
 contrib/terraform/aws/variables.tf            |  4 +++
 6 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/contrib/terraform/aws/README.md b/contrib/terraform/aws/README.md
index 03bc4e23e..de858b2a9 100644
--- a/contrib/terraform/aws/README.md
+++ b/contrib/terraform/aws/README.md
@@ -14,20 +14,42 @@ This project will create:
 
 **How to Use:**
 
-- Export the variables for your AWS credentials or edit credentials.tfvars:
+- Export the variables for your AWS credentials or edit `credentials.tfvars`:
 
 ```
-export aws_access_key="xxx"
-export aws_secret_key="yyy"
-export aws_ssh_key_name="zzz"
+export AWS_ACCESS_KEY_ID="www"
+export AWS_SECRET_ACCESS_KEY ="xxx"
+export AWS_SSH_KEY_NAME="yyy"
+export AWS_DEFAULT_REGION="zzz"
 ```
+- Rename `contrib/terraform/aws/terraform.tfvars.example` to `terraform.tfvars`
 
-- Update contrib/terraform/aws/terraform.tfvars with your data
+- Update `contrib/terraform/aws/terraform.tfvars` with your data
+ - Allocate new AWS Elastic IPs: Depending on # of Availability Zones used (2 for each AZ)
+ - Create an AWS EC2 SSH Key
 
-- Run with `terraform apply -var-file="credentials.tfvars"` or `terraform apply` depending if you exported your AWS credentials
+
+- Run with `terraform apply --var-file="credentials.tfvars"` or `terraform apply` depending if you exported your AWS credentials
+
+- Terraform automatically creates an Ansible Inventory file called `hosts` with the created infrastructure in the directory `inventory`
 
 - Once the infrastructure is created, you can run the kargo playbooks and supply inventory/hosts with the `-i` flag.
 
+**Troubleshooting**
+
+***Remaining AWS IAM Instance Profile***:
+
+If the cluster was destroyed without using Terraform it is possible that
+the AWS IAM Instance Profiles still remain. To delete them you can use
+the `AWS CLI` with the following command:
+```
+aws iam delete-instance-profile --region <region_name> --instance-profile-name <profile_name>
+```
+
+***Ansible Inventory doesnt get created:***
+
+It could happen that Terraform doesnt create an Ansible Inventory file automatically. If this is the case copy the output after `inventory=` and create a file named `hosts`in the directory `inventory` and paste the inventory into the file.
+
 **Architecture**
 
 Pictured is an AWS Infrastructure created with this Terraform project distributed over two Availability Zones.
diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf
index 14da95492..781edea86 100644
--- a/contrib/terraform/aws/create-infrastructure.tf
+++ b/contrib/terraform/aws/create-infrastructure.tf
@@ -173,6 +173,7 @@ data "template_file" "inventory" {
         list_etcd = "${join("\n",aws_instance.k8s-etcd.*.tags.Name)}"
         elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
         elb_api_port = "loadbalancer_apiserver.port=${var.aws_elb_api_port}"
+        kube_insecure_apiserver_address = "kube_apiserver_insecure_bind_address: ${var.kube_insecure_apiserver_address}"
 
     }
 }
diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf
index fbe74f262..fabc0d218 100644
--- a/contrib/terraform/aws/output.tf
+++ b/contrib/terraform/aws/output.tf
@@ -18,3 +18,7 @@ output "etcd" {
 output "aws_elb_api_fqdn" {
     value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}"
 }
+
+output "inventory" {
+    value = "${data.template_file.inventory.rendered}"
+}
diff --git a/contrib/terraform/aws/templates/inventory.tpl b/contrib/terraform/aws/templates/inventory.tpl
index 4140aa768..8d5afd1cf 100644
--- a/contrib/terraform/aws/templates/inventory.tpl
+++ b/contrib/terraform/aws/templates/inventory.tpl
@@ -25,3 +25,4 @@ kube-master
 [k8s-cluster:vars]
 ${elb_api_fqdn}
 ${elb_api_port}
+${kube_insecure_apiserver_address}
diff --git a/contrib/terraform/aws/terraform.tfvars.example b/contrib/terraform/aws/terraform.tfvars.example
index 214ef89db..666b21db2 100644
--- a/contrib/terraform/aws/terraform.tfvars.example
+++ b/contrib/terraform/aws/terraform.tfvars.example
@@ -1,6 +1,5 @@
 #Global Vars
 aws_cluster_name = "devtest"
-aws_region = "eu-central-1"
 
 #VPC Vars
 aws_vpc_cidr_block = "10.250.192.0/18"
@@ -28,5 +27,6 @@ aws_cluster_ami = "ami-903df7ff"
 
 #Settings AWS ELB
 
-aws_elb_api_port = 443
-k8s_secure_api_port = 443
+aws_elb_api_port = 6443
+k8s_secure_api_port = 6443
+kube_insecure_apiserver_address = 0.0.0.0
diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf
index 82e2fb018..c740e6472 100644
--- a/contrib/terraform/aws/variables.tf
+++ b/contrib/terraform/aws/variables.tf
@@ -95,3 +95,7 @@ variable "aws_elb_api_port" {
 variable "k8s_secure_api_port" {
     description = "Secure Port of K8S API Server"
 }
+
+variable "kube_insecure_apiserver_address" {
+    description= "Bind Address for insecure Port of K8s API Server"
+}
-- 
GitLab