-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
14 changed files
with
5,220 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,209 @@ | ||
# Local .terraform directories | ||
### macOS ### | ||
# General | ||
.DS_Store | ||
.AppleDouble | ||
.LSOverride | ||
|
||
# Icon must end with two \r | ||
Icon | ||
|
||
|
||
# Thumbnails | ||
._* | ||
|
||
# Files that might appear in the root of a volume | ||
.DocumentRevisions-V100 | ||
.fseventsd | ||
.Spotlight-V100 | ||
.TemporaryItems | ||
.Trashes | ||
.VolumeIcon.icns | ||
.com.apple.timemachine.donotpresent | ||
|
||
# Directories potentially created on remote AFP share | ||
.AppleDB | ||
.AppleDesktop | ||
Network Trash Folder | ||
Temporary Items | ||
.apdisk | ||
|
||
### Linux ### | ||
*~ | ||
|
||
# temporary files which can be created if a process still has a handle open of a deleted file | ||
.fuse_hidden* | ||
|
||
# KDE directory preferences | ||
.directory | ||
|
||
# Linux trash folder which might appear on any partition or disk | ||
.Trash-* | ||
|
||
# .nfs files are created when an open file is removed but is still being accessed | ||
.nfs* | ||
|
||
### Windows ### | ||
# Windows thumbnail cache files | ||
Thumbs.db | ||
Thumbs.db:encryptable | ||
ehthumbs.db | ||
ehthumbs_vista.db | ||
|
||
# Dump file | ||
*.stackdump | ||
|
||
# Folder config file | ||
[Dd]esktop.ini | ||
|
||
# Recycle Bin used on file shares | ||
$RECYCLE.BIN/ | ||
|
||
# Windows Installer files | ||
*.cab | ||
*.msi | ||
*.msix | ||
*.msm | ||
*.msp | ||
|
||
# Windows shortcuts | ||
*.lnk | ||
|
||
### Node ### | ||
# Logs | ||
logs | ||
*.log | ||
npm-debug.log* | ||
yarn-debug.log* | ||
yarn-error.log* | ||
lerna-debug.log* | ||
|
||
# Diagnostic reports (https://nodejs.org/api/report.html) | ||
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json | ||
|
||
# Runtime data | ||
pids | ||
*.pid | ||
*.seed | ||
*.pid.lock | ||
|
||
# Directory for instrumented libs generated by jscoverage/JSCover | ||
lib-cov | ||
|
||
# Coverage directory used by tools like istanbul | ||
coverage | ||
*.lcov | ||
|
||
# nyc test coverage | ||
.nyc_output | ||
|
||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) | ||
.grunt | ||
|
||
# Bower dependency directory (https://bower.io/) | ||
bower_components | ||
|
||
# node-waf configuration | ||
.lock-wscript | ||
|
||
# Compiled binary addons (https://nodejs.org/api/addons.html) | ||
build/Release | ||
|
||
# Dependency directories | ||
node_modules/ | ||
jspm_packages/ | ||
|
||
# TypeScript v1 declaration files | ||
typings/ | ||
|
||
# TypeScript cache | ||
*.tsbuildinfo | ||
|
||
# Optional npm cache directory | ||
.npm | ||
|
||
# Optional eslint cache | ||
.eslintcache | ||
|
||
# Microbundle cache | ||
.rpt2_cache/ | ||
.rts2_cache_cjs/ | ||
.rts2_cache_es/ | ||
.rts2_cache_umd/ | ||
|
||
# Optional REPL history | ||
.node_repl_history | ||
|
||
# Output of 'npm pack' | ||
*.tgz | ||
|
||
# Yarn Integrity file | ||
.yarn-integrity | ||
|
||
# dotenv environment variables file | ||
.env | ||
.env.test | ||
|
||
# parcel-bundler cache (https://parceljs.org/) | ||
.cache | ||
|
||
# Next.js build output | ||
.next | ||
|
||
# Nuxt.js build / generate output | ||
.nuxt | ||
dist | ||
|
||
# Gatsby files | ||
.cache/ | ||
# Comment in the public line in if your project uses Gatsby and not Next.js | ||
# https://nextjs.org/blog/next-9-1#public-directory-support | ||
# public | ||
|
||
# vuepress build output | ||
.vuepress/dist | ||
|
||
# Serverless directories | ||
.serverless/ | ||
|
||
# FuseBox cache | ||
.fusebox/ | ||
|
||
# DynamoDB Local files | ||
.dynamodb/ | ||
|
||
# TernJS port file | ||
.tern-port | ||
|
||
# Stores VSCode versions used for testing VSCode extensions | ||
.vscode-test | ||
|
||
### Terraform ### | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# .tfvars files | ||
*.tfvars | ||
# Crash log files | ||
crash.log | ||
|
||
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most | ||
# .tfvars files are managed as part of configuration and so should be included in | ||
# version control. | ||
# | ||
# example.tfvars | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# | ||
# !example_override.tf | ||
|
||
# Intellij folders (used as TF IDE) | ||
.idea/ | ||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
. "$(dirname "$0")/_/husky.sh" | ||
|
||
npx --no-install commitlint --edit "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
version: ">= 0.14" | ||
formatter: markdown table | ||
|
||
sections: | ||
show: | ||
- inputs | ||
- outputs | ||
- providers | ||
- requirements | ||
|
||
sort: | ||
enabled: true | ||
by: required | ||
|
||
settings: | ||
indent: 2 | ||
anchor: true | ||
escape: true | ||
html: true | ||
color: true | ||
|
||
type: true | ||
default: true | ||
description: true | ||
required: true | ||
sensitive: true | ||
|
||
content: | | ||
# terraform-module-k3s | ||
![Terraform Version](https://img.shields.io/badge/terraform-≈_1.0-blueviolet) | ||
[![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/xunleii/terraform-module-k3s?label=registry)](https://registry.terraform.io/modules/xunleii/k3s) | ||
[![GitHub issues](https://img.shields.io/github/issues/xunleii/terraform-module-k3s)](https://github.com/xunleii/terraform-module-k3s/issues) | ||
[![Open Source Helpers](https://www.codetriage.com/xunleii/terraform-module-k3s/badges/users.svg)](https://www.codetriage.com/xunleii/terraform-module-k3s) | ||
[![MIT Licensed](https://img.shields.io/badge/license-MIT-green.svg)](https://tldrlegal.com/license/mit-license) | ||
Terraform module which creates a [k3s](https://k3s.io/) cluster, with multi-server | ||
and annotations/labels/taints management features. | ||
## Usage | ||
``` hcl | ||
module "k3s" { | ||
source = "xunleii/k3s/module" | ||
k3s_version = "v1.0.0" | ||
name = "my.k3s.local" | ||
cidr = { | ||
pods = "10.0.0.0/16" | ||
services = "10.1.0.0/16" | ||
} | ||
drain_timeout = "30s" | ||
managed_fields = ["label", "taint"] | ||
global_flags = [ | ||
"--tls-san k3s.my.domain.com" | ||
] | ||
servers = { | ||
# The node name will be automatically provided by | ||
# the module using the field name... any usage of | ||
# --node-name in additional_flags will be ignored | ||
server-one = { | ||
ip = "10.123.45.67" // internal node IP | ||
connection = { | ||
host = "203.123.45.67" // public node IP | ||
user = "ubuntu" | ||
} | ||
flags = ["--flannel-backend=none"] | ||
labels = {"node.kubernetes.io/type" = "master"} | ||
taints = {"node.k3s.io/type" = "server:NoSchedule"} | ||
} | ||
server-two = { | ||
ip = "10.123.45.68" | ||
connection = { | ||
host = "203.123.45.68" // bastion node | ||
user = "ubuntu" | ||
} | ||
flags = ["--flannel-backend=none"] | ||
labels = {"node.kubernetes.io/type" = "master"} | ||
taints = {"node.k3s.io/type" = "server:NoSchedule"} | ||
} | ||
server-three = { | ||
ip = "10.123.45.69" | ||
connection = { | ||
host = "203.123.45.69" // bastion node | ||
user = "ubuntu" | ||
} | ||
flags = ["--flannel-backend=none"] | ||
labels = {"node.kubernetes.io/type" = "master"} | ||
taints = {"node.k3s.io/type" = "server:NoSchedule"} | ||
} | ||
} | ||
agents = { | ||
# The node name will be automatically provided by | ||
# the module using the field name... any usage of | ||
# --node-name in additional_flags will be ignored | ||
agent-one = { | ||
ip = "10.123.45.70" | ||
connection = { | ||
user = "root" | ||
bastion_host = "203.123.45.67" // server_one node used as bastion | ||
bastion_user = "ubuntu" | ||
} | ||
labels = {"node.kubernetes.io/pool" = "service-pool"} | ||
}, | ||
agent-two = { | ||
ip = "10.123.45.71" | ||
connection = { | ||
user = "root" | ||
bastion_host = "203.123.45.67" | ||
bastion_user = "ubuntu" | ||
} | ||
labels = {"node.kubernetes.io/pool" = "service-pool"} | ||
}, | ||
agent-three = { | ||
name = "gpu-agent-one" | ||
ip = "10.123.45.72" | ||
connection = { | ||
user = "root" | ||
bastion_host = "203.123.45.67" | ||
bastion_user = "ubuntu" | ||
} | ||
labels = {"node.kubernetes.io/pool" = "gpu-pool"} | ||
taints = {dedicated = "gpu:NoSchedule"} | ||
}, | ||
} | ||
} | ||
``` | ||
{{ .Inputs }} | ||
> NOTES: <br/> | ||
> servers must have an odd number of nodes <br/> | ||
> use the first server node to configure the cluster <br/> | ||
> if `name` is not specified, the key in the map will be used as name <br/> | ||
> **only one** taint can be applied per taint name and per node <br/> | ||
{{ .Outputs }} | ||
{{ .Requirements }} | ||
## Security warning | ||
Because using external references on `destroy` provisionner is deprecated by Terraform, storing information | ||
inside each resources will be mandatory in order to manage several features like auto-draining node | ||
and fields management. So, several fields like `connection` block will be available in your TF state. | ||
This means that used password or private key will be **clearly readable** in this TF state. | ||
**Please do not use | ||
this module if you need to pass private key or password in the connection block, even if your TF state is | ||
securely stored**. | ||
## License | ||
terraform-module-k3s is released under the **MIT License**. See the bundled [LICENSE](LICENSE) file for details. | ||
# | ||
*Generated with :heart: by [terraform-docs](https://github.com/terraform-docs/terraform-docs)* |
Oops, something went wrong.