Initial commit

Author: sebgoa

README

@@ -0,0 +1,6 @@
+Terraform plan for Atomic based k8s cluster
+===========================================
+
+Currently only supports AWS
+
+    $ terraform apply

k8s.tf

@@ -0,0 +1,17 @@
+module "k8s" {
+    source = "./k8s"
+    key_name = "k8s"
+    key_path = "~/.ssh/id_rsa_k8s"
+    region = "eu-west-1"
+    servers= "2"
+    instance_type = "t2.micro"
+    master_instance_type = "t2.micro"
+}
+
+output "master" {
+    value = "${module.k8s.master_address}"
+}
+
+output "workers" {
+    value = "${module.k8s.worker_addresses}"
+}

k8s/main.tf

@@ -0,0 +1,128 @@
+# A Terraform plan to start a k8s cluster with Atomic
+
+resource "aws_security_group" "k8s" {
+  name = "k8s"
+  description = "Kubernetes traffic"
+
+  ingress {
+      from_port = 0
+      to_port = 0
+      protocol = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+      from_port = 0
+      to_port = 0
+      protocol = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+
+}
+
+resource "template_file" "kubelet" {
+    template = "${path.module}/scripts/kubelet"
+
+    vars {
+        master_ip = "${aws_instance.master.private_ip}"
+    }
+
+    depends_on = ["aws_instance.master"]
+}
+
+resource "template_file" "config" {
+    template = "${path.module}/scripts/config"
+
+    vars {
+        master_ip = "${aws_instance.master.private_ip}"
+    }
+
+    depends_on = ["aws_instance.master"]
+}
+
+resource "template_file" "flanneld" {
+    template = "${path.module}/scripts/flanneld"
+
+    vars {
+        master_ip = "${aws_instance.master.private_ip}"
+    }
+
+    depends_on = ["aws_instance.master"]
+}
+
+resource "aws_instance" "master" {
+
+    ami = "${lookup(var.master_ami, var.region)}"
+    instance_type = "${var.master_instance_type}"
+    key_name = "${var.key_name}"
+    security_groups = ["${aws_security_group.k8s.name}"]
+
+    connection {
+        user = "centos"
+        key_file = "${var.key_path}"
+    }
+
+    provisioner "file" {
+        source = "${path.module}/scripts/etcd"
+        destination = "/tmp/etcd"
+    }
+
+    provisioner "file" {
+        source = "${path.module}/scripts/apiserver"
+        destination = "/tmp/apiserver"
+    }
+
+    provisioner "file" {
+        source = "${path.module}/scripts/flannel-config.json"
+        destination = "/tmp/flannel-config.json"
+    }
+
+    provisioner "remote-exec" {
+        scripts = [
+            "${path.module}/scripts/master.sh",
+        ]
+    }
+
+    tags {
+        Name = "master"
+    }
+}
+
+resource "aws_instance" "worker" {
+
+    depends_on = ["aws_instance.master"]
+
+    ami = "${lookup(var.ami, var.region)}"
+    instance_type = "${var.instance_type}"
+    key_name = "${var.key_name}"
+    count = "${var.servers}"
+    security_groups = ["${aws_security_group.k8s.name}"]
+    
+    connection {
+        user = "centos"
+        key_file = "${var.key_path}"
+    }
+
+    provisioner "file" {
+        source = "${path.module}/scripts/proxy"
+        destination = "/tmp/proxy"
+    }
+
+    provisioner "remote-exec" {
+        inline = [
+            "cat <<'EOF' > /tmp/config\n${template_file.config.rendered}\nEOF",
+            "cat <<'EOF' > /tmp/kubelet\n${template_file.kubelet.rendered}\nEOF",
+            "cat <<'EOF' > /tmp/flanneld\n${template_file.flanneld.rendered}\nEOF"
+        ]
+    }
+
+    provisioner "remote-exec" {
+        scripts = [
+            "${path.module}/scripts/worker.sh",
+        ]
+    }
+
+    tags {
+        Name = "worker-${count.index}"
+    }
+}

k8s/outputs.tf

@@ -0,0 +1,6 @@
+output "master_address" {
+    value = "${aws_instance.master.0.public_dns}"
+}
+output "worker_addresses" {
+    value = ["${join(",", aws_instance.worker.*.public_dns)}"]
+}

k8s/scripts/apiserver

@@ -0,0 +1,27 @@
+###
+# kubernetes system config
+#
+# The following values are used to configure the kube-apiserver
+#
+
+# The address on the local server to listen to.
+KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
+
+# The port on the local server to listen on.
+# KUBE_API_PORT="--port=8080"
+
+# Port minions listen on
+# KUBELET_PORT="--kubelet_port=10250"
+
+# Comma separated list of nodes in the etcd cluster
+KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:2379"
+
+# Address range to use for services
+KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
+
+# default admission control policies
+#KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
+KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
+
+# Add your own!
+KUBE_API_ARGS=""

k8s/scripts/config

@@ -0,0 +1,29 @@
+###
+# kubernetes system config
+#
+# The following values are used to configure various aspects of all
+# kubernetes services, including
+#
+#   kube-apiserver.service
+#   kube-controller-manager.service
+#   kube-scheduler.service
+#   kubelet.service
+#   kube-proxy.service
+# logging to stderr means we get it in the systemd journal
+KUBE_LOGTOSTDERR="--logtostderr=true"
+
+# journal message level, 0 is debug
+KUBE_LOG_LEVEL="--v=2"
+
+# Should this cluster be allowed to run privileged docker containers
+KUBE_ALLOW_PRIV="--allow_privileged=false"
+
+# How the controller-manager, scheduler, and proxy find the apiserver
+KUBE_MASTER="--master=http://${master_ip}:8080"
+###
+# The following values are used to configure the kubernetes controller-manager
+
+# defaults from config and apiserver should be adequate
+
+# Add your own!
+KUBE_CONTROLLER_MANAGER_ARGS=""

k8s/scripts/controller-manager

@@ -0,0 +1,7 @@
+###
+# The following values are used to configure the kubernetes controller-manager
+
+# defaults from config and apiserver should be adequate
+
+# Add your own!
+KUBE_CONTROLLER_MANAGER_ARGS=""

k8s/scripts/etcd

@@ -0,0 +1,41 @@
+# [member]
+ETCD_NAME=default
+ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
+#ETCD_SNAPSHOT_COUNTER="10000"
+#ETCD_HEARTBEAT_INTERVAL="100"
+#ETCD_ELECTION_TIMEOUT="1000"
+ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
+ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
+#ETCD_MAX_SNAPSHOTS="5"
+#ETCD_MAX_WALS="5"
+#ETCD_CORS=""
+#
+#[cluster]
+#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
+# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
+#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
+#ETCD_INITIAL_CLUSTER_STATE="new"
+#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
+#ETCD_DISCOVERY=""
+#ETCD_DISCOVERY_SRV=""
+#ETCD_DISCOVERY_FALLBACK="proxy"
+#ETCD_DISCOVERY_PROXY=""
+#
+#[proxy]
+#ETCD_PROXY="off"
+#
+#[security]
+#ETCD_CERT_FILE=""
+#ETCD_KEY_FILE=""
+#ETCD_CLIENT_CERT_AUTH="false"
+#ETCD_TRUSTED_CA_FILE=""
+#ETCD_PEER_CERT_FILE=""
+#ETCD_PEER_KEY_FILE=""
+#ETCD_PEER_CLIENT_CERT_AUTH="false"
+#ETCD_PEER_TRUSTED_CA_FILE=""
+#
+#[logging]
+#ETCD_DEBUG="false"
+# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
+#ETCD_LOG_PACKAGE_LEVELS=""

k8s/scripts/flannel-config.json

@@ -0,0 +1,8 @@
+{
+  "Network": "10.20.0.0/16",
+  "SubnetLen": 24,
+  "Backend": {
+    "Type": "vxlan",
+    "VNI": 1
+  }
+}

k8s/scripts/flanneld

@@ -0,0 +1,11 @@
+# Flanneld configuration options
+
+# etcd url location.  Point this to the server where etcd runs
+FLANNEL_ETCD="http://${master_ip}:2379"
+
+# etcd config key.  This is the configuration key that flannel queries
+# For address range assignment
+FLANNEL_ETCD_KEY="/coreos.com/network"
+
+# Any additional options that you want to pass
+#FLANNEL_OPTIONS=""

k8s/scripts/kubelet

@@ -0,0 +1,17 @@
+###
+# kubernetes kubelet (minion) config
+
+# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
+KUBELET_ADDRESS="--address=0.0.0.0"
+
+# The port for the info server to serve on
+# KUBELET_PORT="--port=10250"
+
+# You may leave this blank to use the actual hostname
+KUBELET_HOSTNAME=""
+
+# location of the api-server
+KUBELET_API_SERVER="--api_servers=http://${master_ip}:8080"
+
+# Add your own!
+KUBELET_ARGS="--register-node=true"

k8s/scripts/master.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+sudo cp /tmp/etcd /etc/etcd/etcd.conf
+sudo cp /tmp/config /etc/kubernetes/config
+sudo cp /tmp/apiserver /etc/kubernetes/apiserver
+
+for s in etcd kube-apiserver kube-controller-manager kube-scheduler; do
+    sudo systemctl restart $s
+    sudo systemctl enable $s
+    sudo systemctl status $s
+done
+
+sudo etcdctl set coreos.com/network/config < /tmp/flannel-config.json
+
+sudo systemctl restart flanneld
+sudo systemctl enable flanneld
+sudo systemctl status flanneld
+
+sudo systemctl reboot

k8s/scripts/proxy

@@ -0,0 +1,7 @@
+###
+# kubernetes proxy config
+
+# default config should be adequate
+
+# Add your own!
+#KUBE_PROXY_ARGS="--master=http://MASTERIP:8080"

k8s/scripts/scheduler

@@ -0,0 +1,7 @@
+###
+# kubernetes scheduler config
+
+# default config should be adequate
+
+# Add your own!
+KUBE_SCHEDULER_ARGS=""

k8s/scripts/worker.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+sudo cp /tmp/config /etc/kubernetes/config
+sudo cp /tmp/kubelet /etc/kubernetes/kubelet
+sudo cp /tmp/proxy /etc/kubernetes/proxy
+sudo cp /tmp/flanneld /etc/sysconfig/flanneld
+
+for s in kube-proxy kubelet flanneld; do
+    sudo systemctl restart $s
+    sudo systemctl enable $s
+    sudo systemctl status $s
+done
+
+sudo systemctl reboot