-
Notifications
You must be signed in to change notification settings - Fork 2
/
admin.tf
189 lines (180 loc) · 6.82 KB
/
admin.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
resource "shell_script" "cfssl" {
lifecycle_commands {
create = <<-EOF
mkdir -p bin
wget "https://github.com/cloudflare/cfssl/releases/download/v1.6.0/cfssl_1.6.0_${var.terraform_os}_${var.terraform_arch}" -O bin/cfssl
chmod +x bin/cfssl
EOF
read = <<-EOF
echo "{\"md5\": \"$(md5sum bin/cfssl)\"}"
EOF
delete = "rm -f bin/cfssl"
}
}
resource "shell_script" "cfssljson" {
lifecycle_commands {
create = <<-EOF
mkdir -p bin
wget "https://github.com/cloudflare/cfssl/releases/download/v1.6.0/cfssljson_1.6.0_${var.terraform_os}_${var.terraform_arch}" -O bin/cfssljson
chmod +x bin/cfssljson
EOF
read = <<-EOF
echo "{\"md5\": \"$(md5sum bin/cfssljson)\"}"
EOF
delete = "rm -f bin/cfssljson"
}
}
resource "shell_script" "kubectl-local" {
lifecycle_commands {
create = <<-EOF
mkdir -p bin
wget "https://dl.k8s.io/release/${var.kubernetes_version}/bin/${var.terraform_os}/${var.terraform_arch}/kubectl" -O bin/kubectl-local
chmod +x bin/kubectl-local
EOF
read = <<-EOF
echo "{\"md5\": \"$(md5sum bin/kubectl-local)\"}"
EOF
delete = "rm -f bin/kubectl-local"
}
}
resource "shell_script" "kubectl-remote" {
lifecycle_commands {
create = <<-EOF
mkdir -p bin
wget "https://dl.k8s.io/release/${var.kubernetes_version}/bin/linux/amd64/kubectl" -O bin/kubectl
chmod +x bin/kubectl
EOF
read = <<-EOF
echo "{\"md5\": \"$(md5sum bin/kubectl)\"}"
EOF
delete = "rm -f bin/kubectl"
}
}
data "local_file" "admin-csr-json" {
filename = "${path.module}/admin/admin-csr.json"
}
resource "shell_script" "admin" {
lifecycle_commands {
create = <<-EOF
../bin/cfssl gencert \
-ca=../ca/ca.pem \
-ca-key=../ca/ca-key.pem \
-config=../ca/ca-config.json \
-profile=kubernetes \
admin-csr.json \
| ../bin/cfssljson -bare admin
EOF
read = <<-EOF
echo "{\"pem_b64\": \"$(cat admin.pem|base64)\",
\"key_b64\": \"$(cat admin-key.pem|base64)\"}"
EOF
delete = "rm -f admin.pem admin-key.pem admin.csr"
}
working_directory = "${path.module}/admin"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, data.local_file.admin-csr-json]
}
resource "shell_script" "admin-kubeconfig-lb" {
lifecycle_commands {
create = <<-EOF
../bin/kubectl-local config set-cluster ${var.cluster_name} \
--certificate-authority=../ca/ca.pem \
--embed-certs=true \
--server=https://${outscale_load_balancer.kubernetes-lb.dns_name}:6443 \
--kubeconfig=admin.kubeconfig
../bin/kubectl-local config set-credentials system:admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=admin.kubeconfig
../bin/kubectl-local config set-context default --cluster=${var.cluster_name} \
--user=system:admin \
--kubeconfig=admin.kubeconfig
../bin/kubectl-local config use-context default \
--kubeconfig=admin.kubeconfig
EOF
read = <<-EOF
echo "{\"b64\": \"$(cat admin.kubeconfig|base64)\"}"
EOF
delete = <<-EOF
rm -f admin.kubeconfig
EOF
}
working_directory = "${path.root}/admin"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, shell_script.admin]
}
resource "shell_script" "admin-kubeconfig-public" {
count = var.control_plane_count
lifecycle_commands {
create = <<-EOF
../bin/kubectl-local config set-cluster ${var.cluster_name} \
--certificate-authority=../ca/ca.pem \
--embed-certs=true \
--server=https://${outscale_public_ip.control-planes[count.index].public_ip}:6443 \
--kubeconfig=control-plane-${count.index}_admin.kubeconfig
../bin/kubectl-local config set-credentials system:admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=control-plane-${count.index}_admin.kubeconfig
../bin/kubectl-local config set-context default --cluster=${var.cluster_name} \
--user=system:admin \
--kubeconfig=control-plane-${count.index}_admin.kubeconfig
../bin/kubectl-local config use-context default \
--kubeconfig=control-plane-${count.index}_admin.kubeconfig
EOF
read = <<-EOF
echo "{\"b64\": \"$(cat control-plane-${count.index}_admin.kubeconfig|base64)\"}"
EOF
delete = <<-EOF
rm -f control-plane-${count.index}_admin.kubeconfig
EOF
}
working_directory = "${path.root}/admin"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, shell_script.admin]
}
resource "shell_script" "admin-kubeconfig-localhost" {
lifecycle_commands {
create = <<-EOF
../bin/kubectl-local config set-cluster ${var.cluster_name} \
--certificate-authority=../ca/ca.pem \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=localhost_admin.kubeconfig
../bin/kubectl-local config set-credentials system:admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=localhost_admin.kubeconfig
../bin/kubectl-local config set-context default --cluster=${var.cluster_name} \
--user=system:admin \
--kubeconfig=localhost_admin.kubeconfig
../bin/kubectl-local config use-context default \
--kubeconfig=localhost_admin.kubeconfig
EOF
read = <<-EOF
echo "{\"b64\": \"$(cat localhost_admin.kubeconfig|base64)\"}"
EOF
delete = <<-EOF
rm -f localhost_admin.kubeconfig
EOF
}
working_directory = "${path.root}/admin"
depends_on = [shell_script.cfssl, shell_script.cfssljson, shell_script.ca, data.local_file.ca-config, shell_script.admin]
}
resource "shell_script" "admin-playbook" {
lifecycle_commands {
create = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook admin/playbook.yaml
EOF
update = <<-EOF
ANSIBLE_CONFIG=ansible.cfg ansible-playbook admin/playbook.yaml
EOF
read = <<-EOF
echo "{\"file\": \"$(cat admin/playbook.yaml|base64)\",
\"check\": \"$(ANSIBLE_CONFIG=ansible.cfg ansible-playbook --check admin/playbook.yaml|base64)\"
}"
EOF
delete = ""
}
depends_on = [shell_script.control-planes-playbook, data.local_file.admin-csr-json, shell_script.admin-kubeconfig-lb, shell_script.admin-kubeconfig-public, shell_script.admin-kubeconfig-localhost]
}