Skip to content

Commit

Permalink
add spot worker type
Browse files Browse the repository at this point in the history
  • Loading branch information
@smalltown
smalltown committed Jul 30, 2018
1 parent 009b9c9 commit b4ec0ad
Show file tree
Hide file tree
Showing 15 changed files with 532 additions and 20 deletions.
8 changes: 6 additions & 2 deletions aws/elastikube/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ output "worker_sg_ids" {
value = ["${module.master.worker_sg_ids}"]
}

output "spot_fleet_role_arn" {
value = ["${module.master.spot_fleet_role_arn}"]
output "spot_fleet_tagging_role_arn" {
value = "${module.master.spot_fleet_tagging_role_arn}"
}

output "spot_fleet_autoscale_role_arn" {
value = "${module.master.spot_fleet_autoscale_role_arn}"
}
4 changes: 0 additions & 4 deletions aws/kube-etcd/ignition.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,6 @@ data "ignition_config" "main" {
))}"]
}

data "aws_region" "current" {
current = true
}

resource "aws_s3_bucket_object" "ignition" {
bucket = "${var.s3_bucket}"
key = "ign-etcd-${var.name}.json"
Expand Down
8 changes: 6 additions & 2 deletions aws/kube-master/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ output "worker_sg_ids" {
value = ["${aws_security_group.workers.id}"]
}

output "spot_fleet_role_arn" {
value = "${aws_iam_role.spot_fleet.arn}"
output "spot_fleet_tagging_role_arn" {
value = "${aws_iam_role.spot_fleet_tagging.arn}"
}

output "spot_fleet_autoscale_role_arn" {
value = "${aws_iam_role.spot_fleet_autoscale.arn}"
}
34 changes: 30 additions & 4 deletions aws/kube-master/role.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ resource "aws_iam_role_policy_attachment" "master" {
}

# Role for Spot Fleet
resource "aws_iam_role" "spot_fleet" {
name = "${var.name}-fleet-role"
resource "aws_iam_role" "spot_fleet_tagging" {
name = "${var.name}-spot-fleet-tagging"

assume_role_policy = <<EOF
{
Expand All @@ -98,7 +98,33 @@ resource "aws_iam_role" "spot_fleet" {
EOF
}

resource "aws_iam_role_policy_attachment" "spot_fleet" {
role = "${aws_iam_role.spot_fleet.name}"
resource "aws_iam_role_policy_attachment" "spot_fleet_tagging" {
role = "${aws_iam_role.spot_fleet_tagging.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}


resource "aws_iam_role" "spot_fleet_autoscale" {
name = "${var.name}-spot-fleet-autoscale"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}

resource "aws_iam_role_policy_attachment" "spot_fleet_autoscale" {
role = "${aws_iam_role.spot_fleet_autoscale.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole"
}
6 changes: 3 additions & 3 deletions aws/kube-worker-general/ignition.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ module "ignition_kubelet" {
kubelet_flag_cluster_dns = "${local.cluster_dns_ip}"

kubelet_flag_node_labels = "${join(",", compact(concat(
list("node-role.kubernetes.io/general"),
list("node-role.kubernetes.io/${var.worker_config["name"]}"),
var.kube_node_labels,
)))}"

Expand Down Expand Up @@ -60,14 +60,14 @@ data "ignition_config" "main" {

resource "aws_s3_bucket_object" "ignition" {
bucket = "${var.s3_bucket}"
key = "ign-worker-general-${var.name}.json"
key = "ign-worker-${var.worker_config["name"]}-${var.name}.json"
content = "${data.ignition_config.main.rendered}"
acl = "private"

server_side_encryption = "AES256"

tags = "${merge(map(
"Name", "ign-worker-general-${var.name}.json",
"Name", "ign-worker-${var.worker_config["name"]}-${var.name}.json",
"Role", "worker",
"kubernetes.io/cluster/${var.name}", "owned",
), var.extra_tags)}"
Expand Down
4 changes: 2 additions & 2 deletions aws/kube-worker-general/role.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ resource "aws_iam_role" "worker" {
}

resource "aws_iam_instance_profile" "worker" {
name = "${var.name}-worker"
name = "${var.name}-worker-${var.worker_config["name"]}"

role = "${var.role_arn == "" ?
join("|", aws_iam_role.worker.*.name) :
Expand All @@ -34,7 +34,7 @@ resource "aws_iam_instance_profile" "worker" {

resource "aws_iam_policy" "worker" {
count = "${var.role_arn == "" ? 1 : 0}"
name = "${var.name}-worker"
name = "${var.name}-worker-${var.worker_config["name"]}"
path = "/"
description = "policy for kubernetes workers"

Expand Down
1 change: 1 addition & 0 deletions aws/kube-worker-general/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ variable "worker_config" {
default = {
instance_count = "1"
ec2_type = "t2.medium"
name = "general"
root_volume_iops = "100"
root_volume_size = "256"
root_volume_type = "gp2"
Expand Down
6 changes: 3 additions & 3 deletions aws/kube-worker-general/worker.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ data "null_data_source" "tags" {
}

resource "aws_autoscaling_group" "worker" {
name = "${var.name}-worker-general"
name = "${var.name}-worker-${var.worker_config["name"]}"
desired_capacity = "${var.worker_config["instance_count"]}"
max_size = "${var.worker_config["instance_count"] * 3}"
min_size = "${var.worker_config["instance_count"]}"
Expand All @@ -33,7 +33,7 @@ resource "aws_autoscaling_group" "worker" {
tags = [
{
key = "Name"
value = "${var.name}-worker-general"
value = "${var.name}-worker-${var.worker_config["name"]}"
propagate_at_launch = true
},
{
Expand All @@ -49,7 +49,7 @@ resource "aws_autoscaling_group" "worker" {
resource "aws_launch_configuration" "worker" {
instance_type = "${var.worker_config["ec2_type"]}"
image_id = "${data.aws_ami.coreos_ami.image_id}"
name_prefix = "${var.name}-worker-general-"
name_prefix = "${var.name}-worker-${var.worker_config["name"]}-"

security_groups = [
"${var.security_group_ids}",
Expand Down
36 changes: 36 additions & 0 deletions aws/kube-worker-spot/ami.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
locals {
ami_owner = "595879546273"
arn = "aws"

container_linux_channel = "stable"
container_linux_version = "latest"
}

module "container_linux" {
source = "../container_linux"

release_channel = "${local.container_linux_channel}"
release_version = "${local.container_linux_version}"
}

data "aws_ami" "coreos_ami" {
filter {
name = "name"
values = ["CoreOS-${local.container_linux_channel}-${module.container_linux.version}-*"]
}

filter {
name = "architecture"
values = ["x86_64"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

filter {
name = "owner-id"
values = ["${local.ami_owner}"]
}
}
81 changes: 81 additions & 0 deletions aws/kube-worker-spot/ignition.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
locals {
cluster_dns_ip = "${cidrhost(var.kube_service_cidr, 10)}"
}

module "ignition_docker" {
source = "../ignitions/docker"
}

module "ignition_locksmithd" {
source = "../ignitions/locksmithd"
reboot_strategy = "${var.reboot_strategy}"
}

data "aws_s3_bucket_object" "kubeconfig" {
bucket = "${var.s3_bucket}"
key = "kubeconfig"
}

module "ignition_kube_config" {
source = "../ignitions/kube-config"
content = "${data.aws_s3_bucket_object.kubeconfig.body}"
}

module "ignition_kubelet" {
source = "../ignitions/kubelet"

kubelet_flag_cloud_provider = "aws"
kubelet_flag_cluster_dns = "${local.cluster_dns_ip}"

kubelet_flag_node_labels = "${join(",", compact(concat(
list("node-role.kubernetes.io/${var.worker_config["name"]}"),
var.kube_node_labels,
)))}"

kubelet_flag_register_with_taints = "${join(",", var.kube_node_taints)}"

hyperkube = {
image_path = "quay.io/coreos/hyperkube"
image_tag = "${var.version}_coreos.0"
}
}

data "ignition_config" "main" {
files = ["${compact(concat(
module.ignition_docker.files,
module.ignition_locksmithd.files,
module.ignition_kubelet.files,
module.ignition_kube_config.files,
var.extra_ignition_file_ids,
))}"]

systemd = ["${compact(concat(
module.ignition_docker.systemd_units,
module.ignition_locksmithd.systemd_units,
module.ignition_kubelet.systemd_units,
module.ignition_kube_config.systemd_units,
var.extra_ignition_systemd_unit_ids,
))}"]
}

resource "aws_s3_bucket_object" "ignition" {
bucket = "${var.s3_bucket}"
key = "ign-worker-${var.worker_config["name"]}-${var.name}.json"
content = "${data.ignition_config.main.rendered}"
acl = "private"

server_side_encryption = "AES256"

tags = "${merge(map(
"Name", "ign-worker-${var.worker_config["name"]}-${var.name}.json",
"Role", "worker",
"kubernetes.io/cluster/${var.name}", "owned",
), var.extra_tags)}"
}

data "ignition_config" "s3" {
replace {
source = "${format("s3://%s/%s", var.s3_bucket, aws_s3_bucket_object.ignition.key)}"
verification = "sha512-${sha512(data.ignition_config.main.rendered)}"
}
}
20 changes: 20 additions & 0 deletions aws/kube-worker-spot/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# ---------------------------------------------------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------------------------------------------------

provider "aws" {
version = "1.23.0"
region = "${var.aws_region}"
}

provider "template" {
version = "1.0.0"
}

provider "ignition" {
version = "1.0.0"
}

provider "null" {
version = "1.0.0"
}
78 changes: 78 additions & 0 deletions aws/kube-worker-spot/role.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
data "aws_iam_role" "external" {
count = "${var.role_arn == "" ? 0 : 1}"
arn = "${var.role_arn}"
}

data "aws_iam_policy_document" "default" {
statement {
sid = "KubeWorkerAssumeRole"

actions = [
"sts:AssumeRole",
]

principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}

resource "aws_iam_role" "worker" {
name_prefix = "${var.name}-worker-"
assume_role_policy = "${data.aws_iam_policy_document.default.json}"
}

resource "aws_iam_instance_profile" "worker" {
name = "${var.name}-worker-${var.worker_config["name"]}"

role = "${var.role_arn == "" ?
join("|", aws_iam_role.worker.*.name) :
join("|", data.aws_iam_role.external.*.name)
}"
}

resource "aws_iam_policy" "worker" {
count = "${var.role_arn == "" ? 1 : 0}"
name = "${var.name}-worker-${var.worker_config["name"]}"
path = "/"
description = "policy for kubernetes workers"

policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "elasticloadbalancing:*",
"Resource": "*",
"Effect": "Allow"
},
{
"Action" : [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::${var.s3_bucket}*",
"Effect": "Allow"
},
{
"Action" : [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
EOF
}

resource "aws_iam_role_policy_attachment" "worker" {
policy_arn = "${aws_iam_policy.worker.arn}"
role = "${aws_iam_role.worker.name}"
}
Loading

0 comments on commit b4ec0ad

Please sign in to comment.