-
-
Notifications
You must be signed in to change notification settings - Fork 322
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for Fedora CoreOS on Azure
* Add `azure/fedora-coreos/kubernetes` module
- Loading branch information
Showing
29 changed files
with
1,873 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2017 Typhoon Authors | ||
Copyright (c) 2017 Dalton Hubble | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Typhoon <img align="right" src="https://storage.googleapis.com/poseidon/typhoon-logo.png"> | ||
|
||
Typhoon is a minimal and free Kubernetes distribution. | ||
|
||
* Minimal, stable base Kubernetes distribution | ||
* Declarative infrastructure and configuration | ||
* Free (freedom and cost) and privacy-respecting | ||
* Practical for labs, datacenters, and clouds | ||
|
||
Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components. | ||
|
||
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a> | ||
|
||
* Kubernetes v1.18.1 (upstream) | ||
* Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking | ||
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) | ||
* Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/) customization | ||
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/) | ||
|
||
## Docs | ||
|
||
Please see the [official docs](https://typhoon.psdn.io) and the Azure [tutorial](https://typhoon.psdn.io/fedora-coreos/azure/). | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Kubernetes assets (kubeconfig, manifests) | ||
module "bootstrap" { | ||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ad53d3b1c1ad75a4ed27f124f772fc5dc025245" | ||
|
||
cluster_name = var.cluster_name | ||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] | ||
etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) | ||
asset_dir = var.asset_dir | ||
|
||
networking = var.networking | ||
|
||
# only effective with Calico networking | ||
# we should be able to use 1450 MTU, but in practice, 1410 was needed | ||
network_encapsulation = "vxlan" | ||
network_mtu = "1410" | ||
|
||
pod_cidr = var.pod_cidr | ||
service_cidr = var.service_cidr | ||
cluster_domain_suffix = var.cluster_domain_suffix | ||
enable_reporting = var.enable_reporting | ||
enable_aggregation = var.enable_aggregation | ||
|
||
# Fedora CoreOS | ||
trusted_certs_dir = "/etc/pki/tls/certs" | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
# Discrete DNS records for each controller's private IPv4 for etcd usage | ||
resource "azurerm_dns_a_record" "etcds" { | ||
count = var.controller_count | ||
resource_group_name = var.dns_zone_group | ||
|
||
# DNS Zone name where record should be created | ||
zone_name = var.dns_zone | ||
|
||
# DNS record | ||
name = format("%s-etcd%d", var.cluster_name, count.index) | ||
ttl = 300 | ||
|
||
# private IPv4 address for etcd | ||
records = [azurerm_network_interface.controllers.*.private_ip_address[count.index]] | ||
} | ||
|
||
# Controller availability set to spread controllers | ||
resource "azurerm_availability_set" "controllers" { | ||
resource_group_name = azurerm_resource_group.cluster.name | ||
|
||
name = "${var.cluster_name}-controllers" | ||
location = var.region | ||
platform_fault_domain_count = 2 | ||
platform_update_domain_count = 4 | ||
managed = true | ||
} | ||
|
||
# Controller instances | ||
resource "azurerm_linux_virtual_machine" "controllers" { | ||
count = var.controller_count | ||
resource_group_name = azurerm_resource_group.cluster.name | ||
|
||
name = "${var.cluster_name}-controller-${count.index}" | ||
location = var.region | ||
availability_set_id = azurerm_availability_set.controllers.id | ||
|
||
size = var.controller_type | ||
custom_data = base64encode(data.ct_config.controller-ignitions.*.rendered[count.index]) | ||
|
||
# storage | ||
source_image_id = var.os_image | ||
os_disk { | ||
name = "${var.cluster_name}-controller-${count.index}" | ||
caching = "None" | ||
disk_size_gb = var.disk_size | ||
storage_account_type = "Premium_LRS" | ||
} | ||
|
||
# network | ||
network_interface_ids = [ | ||
azurerm_network_interface.controllers.*.id[count.index] | ||
] | ||
|
||
# Azure requires setting admin_ssh_key, though Ignition custom_data handles it too | ||
admin_username = "core" | ||
admin_ssh_key { | ||
username = "core" | ||
public_key = var.ssh_authorized_key | ||
} | ||
|
||
lifecycle { | ||
ignore_changes = [ | ||
os_disk, | ||
custom_data, | ||
] | ||
} | ||
} | ||
|
||
# Controller public IPv4 addresses | ||
resource "azurerm_public_ip" "controllers" { | ||
count = var.controller_count | ||
resource_group_name = azurerm_resource_group.cluster.name | ||
|
||
name = "${var.cluster_name}-controller-${count.index}" | ||
location = azurerm_resource_group.cluster.location | ||
sku = "Standard" | ||
allocation_method = "Static" | ||
} | ||
|
||
# Controller NICs with public and private IPv4 | ||
resource "azurerm_network_interface" "controllers" { | ||
count = var.controller_count | ||
resource_group_name = azurerm_resource_group.cluster.name | ||
|
||
name = "${var.cluster_name}-controller-${count.index}" | ||
location = azurerm_resource_group.cluster.location | ||
|
||
ip_configuration { | ||
name = "ip0" | ||
subnet_id = azurerm_subnet.controller.id | ||
private_ip_address_allocation = "Dynamic" | ||
# instance public IPv4 | ||
public_ip_address_id = azurerm_public_ip.controllers.*.id[count.index] | ||
} | ||
} | ||
|
||
# Associate controller network interface with controller security group | ||
resource "azurerm_network_interface_security_group_association" "controllers" { | ||
count = var.controller_count | ||
|
||
network_interface_id = azurerm_network_interface.controllers[count.index].id | ||
network_security_group_id = azurerm_network_security_group.controller.id | ||
} | ||
|
||
# Associate controller network interface with controller backend address pool | ||
resource "azurerm_network_interface_backend_address_pool_association" "controllers" { | ||
count = var.controller_count | ||
|
||
network_interface_id = azurerm_network_interface.controllers[count.index].id | ||
ip_configuration_name = "ip0" | ||
backend_address_pool_id = azurerm_lb_backend_address_pool.controller.id | ||
} | ||
|
||
# Controller Ignition configs | ||
data "ct_config" "controller-ignitions" { | ||
count = var.controller_count | ||
content = data.template_file.controller-configs.*.rendered[count.index] | ||
pretty_print = false | ||
snippets = var.controller_snippets | ||
} | ||
|
||
# Controller Fedora CoreOS configs | ||
data "template_file" "controller-configs" { | ||
count = var.controller_count | ||
|
||
template = file("${path.module}/fcc/controller.yaml") | ||
|
||
vars = { | ||
# Cannot use cyclic dependencies on controllers or their DNS records | ||
etcd_name = "etcd${count.index}" | ||
etcd_domain = "${var.cluster_name}-etcd${count.index}.${var.dns_zone}" | ||
# etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,... | ||
etcd_initial_cluster = join(",", data.template_file.etcds.*.rendered) | ||
kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) | ||
ssh_authorized_key = var.ssh_authorized_key | ||
cluster_dns_service_ip = cidrhost(var.service_cidr, 10) | ||
cluster_domain_suffix = var.cluster_domain_suffix | ||
} | ||
} | ||
|
||
data "template_file" "etcds" { | ||
count = var.controller_count | ||
template = "etcd$${index}=https://$${cluster_name}-etcd$${index}.$${dns_zone}:2380" | ||
|
||
vars = { | ||
index = count.index | ||
cluster_name = var.cluster_name | ||
dns_zone = var.dns_zone | ||
} | ||
} | ||
|
Oops, something went wrong.