Merge pull request #29 from cncf/ci-master

WIP: CI Pipeline for master

Dockerfile

@@ -43,18 +43,28 @@ rm -rf helm-*gz linux-amd64
 RUN wget https://releases.hashicorp.com/terraform/$TERRAFORM_VERSION/terraform_"${TERRAFORM_VERSION}"_linux_$ARC.zip
 RUN unzip terraform*.zip -d /usr/bin
 
-# Install CFSSL
-RUN go get -u github.com/cloudflare/cfssl/cmd/cfssl && \
-go get -u github.com/cloudflare/cfssl/cmd/...
+# # Install CFSSL
+# RUN go get -u github.com/cloudflare/cfssl/cmd/cfssl && \
+# go get -u github.com/cloudflare/cfssl/cmd/...
 
-# Install Gzip+base64 Provider
+# Install Gzip+base64 & ETCD Provider
 RUN go get -u github.com/jakexks/terraform-provider-gzip && \
+    go get -u github.com/paperg/terraform-provider-etcdiscovery && \
   echo providers { >> ~/.terraformrc && \
   echo '    gzip = "terraform-provider-gzip"' >> ~/.terraformrc && \
+  echo '    etcdiscovery = "terraform-provider-etcdiscovery"' >> ~/.terraformrc && \
   echo } >> ~/.terraformrc
 
 #Add Terraform Modules
 
+COPY aws/ /cncf/aws/
+COPY azure/ /cncf/azure/
+COPY gce/ /cncf/gce/
+COPY gke/ /cncf/gke/
+COPY packet/ /cncf/packet/
+COPY cross-cloud/ /cncf/cross-cloud/
+COPY kubeconfig/ /cncf/kubeconfig/
+COPY tls/ /cncf/tls/
 COPY provision.sh /cncf/
 RUN chmod +x /cncf/provision.sh
 #ENTRYPOINT ["/cncf/provision.sh"]

aws/input.tf

@@ -20,9 +20,9 @@ variable "aws_bastion_vm_size" { default = "t2.nano" }
 # Kubernetes
 variable "cluster_domain" { default = "cluster.local" }
 variable "pod_cidr" { default = "10.2.0.0/16" }
-variable "service_cidr"   { default = "10.3.0.0/24" }
-variable "k8s_service_ip" { default = "10.3.0.1" }
-variable "dns_service_ip" { default = "10.3.0.10" }
+variable "service_cidr"   { default = "10.0.0.0/24" }
+variable "k8s_service_ip" { default = "10.0.0.1" }
+variable "dns_service_ip" { default = "10.0.0.10" }
 variable "master_node_count" { default = "3" }
 variable "worker_node_count" { default = "3" }
 variable "worker_node_min" { default = "3" }

aws/modules.tf

@@ -149,7 +149,7 @@ module "tls" {
   tls_apiserver_cert_validity_period_hours = 1000
   tls_apiserver_cert_early_renewal_hours = 100
   tls_apiserver_cert_dns_names = "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master.${ var.internal_tld },*.ap-southeast-2.elb.amazonaws.com"
-  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.3.0.1"
+  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.0.0.1"
 
   tls_worker_cert_subject_common_name = "k8s-worker"
   tls_worker_cert_validity_period_hours = 1000

gke/gke.tf

@@ -1,2 +1,9 @@
 provider "google" {}
 
+terraform {
+  backend "s3" {
+    bucket = "aws"
+    key    = "setme"
+    region = "ap-southeast-2"
+  }
+}

gke/modules.tf

@@ -25,10 +25,10 @@ module "cluster" {
 module "kubeconfig" {
   source = "../kubeconfig"
 
-  ca_pem = "${ var.data_dir }/ca.pem"
-  admin_pem = "${ var.data_dir }/k8s-admin.pem"
-  admin_key_pem = "${ var.data_dir }/k8s-admin-key.pem"
-  fqdn_k8s = "${ module.cluster.fqdn_k8s }"
+  ca = "${base64decode(module.cluster.ca)}"
+  client = "${base64decode(module.cluster.client)}"
+  client_key = "${base64decode(module.cluster.client_key)}"
+  endpoint = "${ module.cluster.endpoint }"
   data_dir = "${ var.data_dir }"
   name = "gke_${ var.project }_${ var.zone }-a_${ var.name }"
 }

gke/modules/cluster/cluster.tf

@@ -11,7 +11,7 @@ resource "google_container_cluster" "cncf" {
 
   network            = "${ var.network }"
   subnetwork         = "${ var.subnetwork }"
-  node_version       = "${ var.node_version }"
+  #node_version       = "${ var.node_version }"
 
   master_auth {
     username         = "${ var.master_user }"

gke/modules/cluster/node-pool.tf

@@ -1,7 +1,7 @@
-resource "google_container_node_pool" "cncf" {
-  name               = "${ var.name }"
-  project            = "${ var.project }"
-  zone               = "${ var.zone }"
-  cluster            = "${google_container_cluster.cncf.name}"
-  initial_node_count = "${ var.node_pool_count }"
-}
+#resource "google_container_node_pool" "cncf" {
+#  name               = "${ var.name }"
+#  project            = "${ var.project }"
+#  zone               = "${ var.zone }"
+#  cluster            = "${google_container_cluster.cncf.name}"
+#  initial_node_count = "${ var.node_pool_count }"
+#}

gke/modules/cluster/output.tf

@@ -1 +1,4 @@
-output "fqdn_k8s" { value = "${ google_container_cluster.cncf.endpoint }" }
+output "endpoint" { value = "${ google_container_cluster.cncf.endpoint }" }
+output "ca" { value = "${ google_container_cluster.cncf.master_auth.0.cluster_ca_certificate }" }
+output "client" { value = "${ google_container_cluster.cncf.master_auth.0.client_certificate }" }
+output "client_key" { value = "${ google_container_cluster.cncf.master_auth.0.client_key }" }

gke/output.tf

@@ -1 +1,2 @@
 output "kubeconfig" { value = "${ module.kubeconfig.kubeconfig }"}
+output "endpoint" { value = "${ module.cluster.endpoint }"}

packet/input.tf

@@ -2,6 +2,7 @@ variable "name" { default = "packet" }
 
 # Set with env TF_VAR_packet_project_id
 variable "packet_project_id" {} # required for now
+variable "packet_api_key" {}
 # https://www.packet.net/locations/
 variable "packet_facility" { default = "sjc1" }
 variable "packet_billing_cycle" { default = "hourly" }
@@ -18,9 +19,9 @@ variable "admin_username" { default = "core"}
 # Kubernetes
 variable "cluster_domain" { default = "cluster.local" }
 variable "pod_cidr" { default = "10.2.0.0/16" }
-variable "service_cidr"   { default = "10.3.0.0/24" }
-variable "k8s_service_ip" { default = "10.3.0.1" }
-variable "dns_service_ip" { default = "10.3.0.10" }
+variable "service_cidr"   { default = "10.0.0.0/24" }
+variable "k8s_service_ip" { default = "10.0.0.1" }
+variable "dns_service_ip" { default = "10.0.0.10" }
 variable "master_node_count" { default = "3" }
 variable "worker_node_count" { default = "3" }
 # Autoscaling not supported by Kuberenetes on Azure yet

packet/modules.tf

@@ -20,7 +20,6 @@ module "dns" {
 module "etcd" {
   source                    = "./modules/etcd"
   name                      = "${ var.name }"
-  etcd_discovery            = "${ var.data_dir }/etcd"
   master_node_count         = "${ var.master_node_count }"
   packet_project_id         = "${ var.packet_project_id }"
   packet_facility           = "${ var.packet_facility }"
@@ -39,7 +38,6 @@ module "etcd" {
   etcd_key                  = "${ module.tls.etcd_key }"
   apiserver                 = "${ module.tls.apiserver }"
   apiserver_key             = "${ module.tls.apiserver_key }"
-
   data_dir                  = "${ var.data_dir }"
 }
 
@@ -80,7 +78,7 @@ module "worker" {
   ca = "${ module.tls.ca }"
   worker = "${ module.tls.worker }"
   worker_key = "${ module.tls.worker_key }"
-  etcd_discovery            = "${ var.data_dir }/etcd"
+  etcd_discovery            = "${ module.etcd.etcd_discovery }"
   data_dir                  = "${ var.data_dir }"
 }
 
@@ -124,7 +122,7 @@ module "tls" {
   tls_apiserver_cert_validity_period_hours = 1000
   tls_apiserver_cert_early_renewal_hours = 100
   tls_apiserver_cert_dns_names = "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master.${ var.name }.${ var.domain },endpoint.${ var.name }.${ var.domain }"
-  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.3.0.1"
+  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.0.0.1"
 
   tls_worker_cert_subject_common_name = "k8s-worker"
   tls_worker_cert_validity_period_hours = 1000

packet/modules/etcd/discovery.tf

@@ -1,18 +1,10 @@
-#Get Discovery URL
-resource "null_resource" "discovery_gen" {
-
-  provisioner "local-exec" {
-    command = <<EOF
-curl https://discovery.etcd.io/new?size=${ var.master_node_count } > ${ var.etcd_discovery }
-EOF
-  }
+provider "etcdiscovery" {
+}
 
-  provisioner "local-exec" {
-    when = "destroy"
-    on_failure = "continue"
-    command = <<EOF
-rm -rf ${ var.etcd_discovery }
-EOF
-  }
+resource "etcdiscovery_token" "etcd" {
+  size = "${ var.master_node_count }"
+}
 
+output "etcd_discovery" {
+  value = "${ etcdiscovery_token.etcd.id }"
 }

packet/modules/etcd/etcd-cloud-config.tf

@@ -93,6 +93,6 @@ data "template_file" "etcd_user_data" {
     kube_proxy = "${ gzip_me.kube_proxy.output }"
     kube_scheduler = "${ gzip_me.kube_scheduler.output }"
     kube_controller_manager = "${ gzip_me.kube_controller_manager.output }"
-    etcd_discovery = "${ file(var.etcd_discovery) }"
+    etcd_discovery = "${ etcdiscovery_token.etcd.id }"
   }
 }

packet/modules/etcd/input.tf

@@ -18,4 +18,3 @@ variable "etcd_key" {}
 variable "apiserver" {}
 variable "apiserver_key" {}
 variable "data_dir" {}
-variable "etcd_discovery" {}

packet/modules/worker/worker-cloud-config.tf

@@ -39,7 +39,7 @@ data "template_file" "worker_user_data" {
     ca                = "${ gzip_me.ca.output }"
     worker            = "${ gzip_me.worker.output }"
     worker_key        = "${ gzip_me.worker_key.output }"
-    etcd_discovery    = "${file(var.etcd_discovery)}"
+    etcd_discovery    = "${ var.etcd_discovery }"
   }
 }
 

packet/packet.tf

@@ -7,13 +7,15 @@
 #   payment_method = ""
 # }
 
-resource "packet_ssh_key" "cncf" {
-  name     = "${ var.name }"
-  public_key = "${file("${ var.data_dir }/.ssh/id_rsa.pub")}"
-}
-
- # terraform {
-#   backend "local" {
-#     path = "${ var.data_dir}/terraform.tfstate"
-#   }
+# resource "packet_ssh_key" "cncf" {
+#   name     = "${ var.name }"
+#   public_key = "${file("${ var.data_dir }/.ssh/id_rsa.pub")}"
 # }
+
+terraform {
+  backend "s3" {
+    bucket = "aws"
+    key    = "aws"
+    region = "ap-southeast-2"
+  }
+}

packet/ssh-cloud.tf

@@ -16,6 +16,12 @@ EOF
 EOF
   }
 
+  provisioner "local-exec" {
+    command = <<EOF
+    packet admin -k ${ var.packet_api_key } create-sshkey --label ${ var.name } --file ${ var.data_dir}/.ssh/id_rsa.pub
+EOF
+  }
+
 }
 
 resource "null_resource" "dummy_dependency" {