A terraform Ignition modules to bootstrap a Kubernetes cluster with CoreOS Container Linux/Flatcar Container Linux/Fedora CoreOS.
This repo also contains the following submodules:
- kubelet: Bootstrap a worker node to join a Kubernetes cluster.
- kubeconfig: Generate a kubeconfig from variabels.
- extra-addons.
- Kubernetes v1.19.0+.
- Supported AWS VPC CNI, or flannel networking.
- RBAC-enabled, Audit log, and etcd data encryption.
- Terraform v1.2.0+.
- terraform-provider-ignition 1.2.1+.
The following block is show you how to use this module for bootstrapping a cluster:
resource "random_id" "bootstrap_token_id" {
byte_length = 3
}
resource "random_id" "bootstrap_token_secret" {
byte_length = 8
}
resource "random_password" "encryption_secret" {
length = 32
special = true
}
module "ignition_kubernetes" {
source = "git::ssh://[email protected]/getamis/terraform-ignition-kubernetes"
service_network_cidr = "10.96.0.0/12"
pod_network_cidr = "10.244.0.0/16"
network_plugin = "flannel"
internal_endpoint = "https://127.0.0.1:6443"
etcd_endpoints = "https://127.0.0.1:2379"
encryption_secret = random_password.encryption_secret.result
tls_bootstrap_token = {
id = random_id.bootstrap_token_id.hex
secret = random_id.bootstrap_token_secret.hex
}
// Create certs through https://github.com/getamis/vishwakarma/tree/master/modules/tls.
certs = {
etcd_ca_cert = module.etcd_cert.cert_pem
ca_cert = module.kubernetes_ca.cert_pem
ca_key = module.kubernetes_ca.private_key_pem
admin_cert = module.admin_cert.cert_pem
admin_key = module.admin_cert.private_key_pem
apiserver_cert = module.apiserver_cert.cert_pem
apiserver_key = module.apiserver_cert.private_key_pem
apiserver_kubelet_client_cert = module.apiserver_kubelet_client_cert.cert_pem
apiserver_kubelet_client_key = module.apiserver_kubelet_client_cert.private_key_pem
apiserver_etcd_client_cert = module.apiserver_etcd_client_cert.cert_pem
apiserver_etcd_client_key = module.apiserver_etcd_client_cert.private_key_pem
controller_manager_cert = module.controller_manager_cert.cert_pem
controller_manager_key = module.controller_manager_cert.private_key_pem
scheduler_cert = module.scheduler_cert.cert_pem
scheduler_key = module.scheduler_cert.private_key_pem
front_proxy_ca_cert = module.front_proxy_ca.cert_pem
front_proxy_ca_key = module.front_proxy_ca.private_key_pem
front_proxy_client_cert = module.front_proxy_client_cert.cert_pem
front_proxy_client_key = module.front_proxy_client_cert.private_key_pem
sa_pub = module.service_account.public_key_pem
sa_key = module.service_account.private_key_pem
}
}See variables/master.md for the detail variable inputs and outputs.
There are several ways to contribute to this project:
- Find bug: create an issue in our Github issue tracker.
- Fix a bug: check our issue tracker, leave comments and send a pull request to us to fix a bug.
- Make new feature: leave your idea in the issue tracker and discuss with us then send a pull request!
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent