Skip to content

Commit f2220a2

Browse files
bartv2bartv2
committed
Reorganize the configuration to be more logical
1 parent 3ce9958 commit f2220a2

File tree

5 files changed

+97
-124
lines changed

5 files changed

+97
-124
lines changed

controlplane.tf

+88
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
resource "random_password" "kubeadm_token" {
2+
length = 22
3+
special = false
4+
upper = false
5+
}
6+
7+
resource "random_id" "kubeadm_certificate_key" {
8+
byte_length = 32
9+
}
10+
11+
locals {
12+
controleplane_network = var.networks[0]
13+
controleplane_ips = [for i in range(2, 2 + var.controlplane_count) : cidrhost(local.controleplane_network, i)]
14+
domainname = "k8s.lab"
15+
cluster_endpoint = "cluster-endpoint.${local.domainname}"
16+
cluster_endpoint_with_user = "${var.ssh_admin}@${local.cluster_endpoint}"
17+
kubeadm_token_id = substr(random_password.kubeadm_token.result, 0, 6)
18+
kubeadm_token = join(".", [local.kubeadm_token_id, substr(random_password.kubeadm_token.result, 6, 16)])
19+
kubeadm_certificate_key = random_id.kubeadm_certificate_key.hex
20+
}
21+
22+
module "control_plane" {
23+
source = "./modules/vm"
24+
25+
autostart = false
26+
vm_hostname_prefix = "controlplane-"
27+
vm_count = length(local.controleplane_ips)
28+
memory = "2048"
29+
vcpu = 2
30+
system_volume = 10
31+
32+
time_zone = "CET"
33+
34+
os_img_url = var.os_img_url
35+
pool = libvirt_pool.cluster.name
36+
37+
# dhcp = true
38+
vm_domain = local.domainname
39+
ip_address = local.controleplane_ips
40+
ip_gateway = cidrhost(local.controleplane_network, 1)
41+
ip_nameserver = cidrhost(local.controleplane_network, 1)
42+
43+
bridge = libvirt_network.default.bridge
44+
45+
http_proxy = var.http_proxy
46+
47+
ssh_admin = var.ssh_admin
48+
ssh_private_key = var.ssh_private_key
49+
ssh_keys = [
50+
file("${var.ssh_private_key}.pub"),
51+
]
52+
53+
runcmd = [
54+
"install-kubeadm.sh ${local.cluster_endpoint}:6443 ${local.kubeadm_token} ${local.kubeadm_certificate_key} --control-plane --discovery-token-unsafe-skip-ca-verification"
55+
]
56+
}
57+
58+
resource "ssh_resource" "control_plane_certs" {
59+
host = module.control_plane.ip_address[0]
60+
user = var.ssh_admin
61+
private_key = var.ssh_private_key
62+
timeout = "1m"
63+
64+
triggers = {
65+
count_changes = length(local.controleplane_ips)
66+
}
67+
commands = [
68+
"sudo kubeadm init phase upload-certs --upload-certs --certificate-key ${local.kubeadm_certificate_key}",
69+
"sudo kubeadm token create ${local.kubeadm_token} || true",
70+
]
71+
}
72+
73+
resource "ssh_resource" "control_plane_destroy" {
74+
count = length(local.controleplane_ips)
75+
host = module.control_plane.ip_address[count.index]
76+
user = var.ssh_admin
77+
private_key = var.ssh_private_key
78+
when = "destroy"
79+
timeout = "30s"
80+
81+
commands = [
82+
"sudo /usr/local/bin/remove-node.sh"
83+
]
84+
}
85+
86+
output "control_plane" {
87+
value = module.control_plane
88+
}

main.tf

-113
Original file line numberDiff line numberDiff line change
@@ -8,27 +8,6 @@ resource "libvirt_pool" "cluster" {
88
path = var.pool_path
99
}
1010

11-
resource "random_password" "kubeadm_token" {
12-
length = 22
13-
special = false
14-
upper = false
15-
}
16-
17-
resource "random_id" "kubeadm_certificate_key" {
18-
byte_length = 32
19-
}
20-
21-
locals {
22-
controleplane_network = var.networks[0]
23-
controleplane_ips = [for i in range(2, 2 + var.controlplane_count) : cidrhost(local.controleplane_network, i)]
24-
domainname = "k8s.lab"
25-
cluster_endpoint = "cluster-endpoint.${local.domainname}"
26-
cluster_endpoint_with_user = "${var.ssh_admin}@${local.cluster_endpoint}"
27-
kubeadm_token_id = substr(random_password.kubeadm_token.result, 0, 6)
28-
kubeadm_token = join(".", [local.kubeadm_token_id, substr(random_password.kubeadm_token.result, 6, 16)])
29-
kubeadm_certificate_key = random_id.kubeadm_certificate_key.hex
30-
}
31-
3211
resource "libvirt_network" "default" {
3312
name = "default"
3413
addresses = var.networks
@@ -48,95 +27,3 @@ resource "libvirt_network" "default" {
4827
}
4928
}
5029
}
51-
52-
module "control_plane" {
53-
source = "./modules/vm"
54-
55-
autostart = false
56-
vm_hostname_prefix = "controlplane-"
57-
vm_count = length(local.controleplane_ips)
58-
memory = "2048"
59-
vcpu = 2
60-
system_volume = 10
61-
62-
time_zone = "CET"
63-
64-
os_img_url = var.os_img_url
65-
pool = libvirt_pool.cluster.name
66-
67-
# dhcp = true
68-
vm_domain = local.domainname
69-
ip_address = local.controleplane_ips
70-
ip_gateway = cidrhost(local.controleplane_network, 1)
71-
ip_nameserver = cidrhost(local.controleplane_network, 1)
72-
73-
bridge = libvirt_network.default.bridge
74-
75-
http_proxy = var.http_proxy
76-
77-
ssh_admin = var.ssh_admin
78-
ssh_private_key = var.ssh_private_key
79-
ssh_keys = [
80-
file("${var.ssh_private_key}.pub"),
81-
]
82-
}
83-
resource "ssh_resource" "control_plane_certs" {
84-
host = module.control_plane.ip_address[0]
85-
user = var.ssh_admin
86-
private_key = var.ssh_private_key
87-
timeout = "1m"
88-
89-
triggers = {
90-
count_changes = length(local.controleplane_ips)
91-
}
92-
commands = [
93-
"sudo kubeadm init phase upload-certs --upload-certs --certificate-key ${local.kubeadm_certificate_key}",
94-
"sudo kubeadm token create ${local.kubeadm_token} || true",
95-
]
96-
}
97-
resource "ssh_resource" "control_plane" {
98-
count = length(local.controleplane_ips)
99-
host = module.control_plane.ip_address[count.index]
100-
user = var.ssh_admin
101-
private_key = var.ssh_private_key
102-
103-
commands = [
104-
"sudo /usr/local/bin/install-kubeadm.sh cluster-endpoint.k8s.lab:6443 ${local.kubeadm_token} ${local.kubeadm_certificate_key} --control-plane --discovery-token-unsafe-skip-ca-verification"
105-
]
106-
}
107-
108-
resource "ssh_resource" "control_plane_destroy" {
109-
count = length(local.controleplane_ips)
110-
host = module.control_plane.ip_address[count.index]
111-
user = var.ssh_admin
112-
private_key = var.ssh_private_key
113-
when = "destroy"
114-
timeout = "30s"
115-
116-
file {
117-
source = "remove-node.sh"
118-
destination = "/tmp/remove-node.sh"
119-
permissions = "0700"
120-
}
121-
122-
commands = [
123-
"sudo /tmp/remove-node.sh"
124-
]
125-
}
126-
127-
# kubeadm init phase upload-certs --upload-certs --certificate-key d9456efcc50c12d8f5fff93c097a16d2495fb5df9cb17cd2fd26f8022a926af4
128-
# kubeadm token create qahkjs.ru8katsu52fep1ea
129-
130-
## kubectl cordon controlplane-02
131-
# kubectl drain controlplane-02 --ignore-daemonsets
132-
# kubectl delete node controlplane-02
133-
134-
# sudo etcdctl --endpoints=127.0.0.1:2379 --key /etc/kubernetes/pki/etcd/healthcheck-client.key --cert /etc/kubernetes/pki/etcd/healthcheck-client.crt --cacert /etc/kubernetes/pki/etcd/ca.crt endpoint status
135-
# sudo etcdctl --endpoints=cluster-endpoint.k8s.lab:2379 --key /etc/kubernetes/pki/etcd/healthcheck-client.key --cert /etc/kubernetes/pki/etcd/healthcheck-client.crt --cacert /etc/kubernetes/pki/etcd/ca.crt member remove c7b9a74f4a348e3d
136-
137-
output "outputs" {
138-
value = module.control_plane
139-
}
140-
output "run" {
141-
value = ssh_resource.control_plane[*].result
142-
}

modules/vm/templates/cloud_init.tpl

+8-5
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,10 @@ packages:
2828
- etcd-client
2929

3030
runcmd:
31+
- [ systemctl, daemon-reload ]
32+
- [ systemctl, enable, qemu-guest-agent ]
33+
- [ systemctl, start, qemu-guest-agent ]
34+
- [ systemctl, restart, systemd-networkd ]
3135
${runcmd}
3236

3337
fqdn: ${hostname}
@@ -61,18 +65,13 @@ write_files:
6165
HostKey /etc/ssh/ssh_host_dsa_key
6266
HostKey /etc/ssh/ssh_host_ecdsa_key
6367
HostKey /etc/ssh/ssh_host_ed25519_key
64-
UsePrivilegeSeparation yes
65-
KeyRegenerationInterval 3600
66-
ServerKeyBits 1024
6768
SyslogFacility AUTH
6869
LogLevel INFO
6970
LoginGraceTime 120
7071
PermitRootLogin no
7172
StrictModes yes
72-
RSAAuthentication yes
7373
PubkeyAuthentication yes
7474
IgnoreRhosts yes
75-
RhostsRSAAuthentication no
7675
HostbasedAuthentication no
7776
PermitEmptyPasswords no
7877
ChallengeResponseAuthentication no
@@ -113,6 +112,10 @@ write_files:
113112
permissions: 0o755
114113
content: |
115114
${ indent(8, file("${path}/templates/install-kubeadm.sh")) }
115+
- path: /usr/local/bin/remove-node.sh
116+
permissions: 0o755
117+
content: |
118+
${ indent(8, file("${path}/templates/remove-node.sh")) }
116119

117120
growpart:
118121
mode: auto

remove-node.sh renamed to modules/vm/templates/remove-node.sh

File renamed without changes.

modules/vm/variables.tf

+1-6
Original file line numberDiff line numberDiff line change
@@ -199,12 +199,7 @@ variable "ssh_private_key" {
199199
variable "runcmd" {
200200
description = "Extra commands to be run with cloud init"
201201
type = list(string)
202-
default = [
203-
"[ systemctl, daemon-reload ]",
204-
"[ systemctl, enable, qemu-guest-agent ]",
205-
"[ systemctl, start, qemu-guest-agent ]",
206-
"[ systemctl, restart, systemd-networkd ]"
207-
]
202+
default = []
208203
}
209204

210205
variable "http_proxy" {

0 commit comments

Comments
 (0)