Simplify CLC kubeconfig templating on AWS and GCP

* Template terraform-render-bootkube's multi-line kubeconfig output using the right indentation * Add `kubeconfig` variable to google-cloud controllers and workers Terraform submodules * Remove `kubeconfig_*` variables from google-cloud controllers and workers Terraform submodules
poseidon · Feb 26, 2018 · 486fdb6 · 486fdb6
1 parent a44cf0e
commit 486fdb6
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 145 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -25,6 +25,8 @@ Notable changes between versions.
 #### Google Cloud
 
 * Add kubelet `--volume-plugin-dir` flag to allow flexvolume plugins ([#142](https://github.com/poseidon/typhoon/pull/142))
+* Add `kubeconfig` variable to `controllers` and `workers` submodules ([#147](https://github.com/poseidon/typhoon/pull/147))
+* Remove `kubeconfig_*` variables from `controllers` and `workers` submodules ([#147](https://github.com/poseidon/typhoon/pull/147))
 
 #### Addons
 

diff --git a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl
@@ -109,22 +109,7 @@ storage:
       mode: 0644
       contents:
         inline: |
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: local
-            cluster:
-              server: ${kubeconfig_server}
-              certificate-authority-data: ${kubeconfig_ca_cert}
-          users:
-          - name: kubelet
-            user:
-              client-certificate-data: ${kubeconfig_kubelet_cert}
-              client-key-data: ${kubeconfig_kubelet_key}
-          contexts:
-          - context:
-              cluster: local
-              user: kubelet
+          ${kubeconfig}
     - path: /etc/kubernetes/kubelet.env
       filesystem: root
       mode: 0644

diff --git a/aws/container-linux/kubernetes/cl/worker.yaml.tmpl b/aws/container-linux/kubernetes/cl/worker.yaml.tmpl
@@ -83,22 +83,7 @@ storage:
       mode: 0644
       contents:
         inline: |
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: local
-            cluster:
-              server: ${kubeconfig_server}
-              certificate-authority-data: ${kubeconfig_ca_cert}
-          users:
-          - name: kubelet
-            user:
-              client-certificate-data: ${kubeconfig_kubelet_cert}
-              client-key-data: ${kubeconfig_kubelet_key}
-          contexts:
-          - context:
-              cluster: local
-              user: kubelet
+          ${kubeconfig}
     - path: /etc/kubernetes/kubelet.env
       filesystem: root
       mode: 0644

diff --git a/aws/container-linux/kubernetes/controllers.tf b/aws/container-linux/kubernetes/controllers.tf
@@ -56,13 +56,10 @@ data "template_file" "controller_config" {
     # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
     etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
 
-    k8s_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"
-    ssh_authorized_key      = "${var.ssh_authorized_key}"
-    cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-    kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
-    kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
-    kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
-    kubeconfig_server       = "${module.bootkube.server}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+    kubeconfig            = "${indent(10, module.bootkube.kubeconfig)}"
   }
 }
 

diff --git a/aws/container-linux/kubernetes/workers.tf b/aws/container-linux/kubernetes/workers.tf
@@ -61,14 +61,11 @@ data "template_file" "worker_config" {
   template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
 
   vars = {
-    k8s_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"
-    k8s_etcd_service_ip     = "${cidrhost(var.service_cidr, 15)}"
-    ssh_authorized_key      = "${var.ssh_authorized_key}"
-    cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-    kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
-    kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
-    kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
-    kubeconfig_server       = "${module.bootkube.server}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    k8s_etcd_service_ip   = "${cidrhost(var.service_cidr, 15)}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+    kubeconfig            = "${indent(10, module.bootkube.kubeconfig)}"
   }
 }
 

diff --git a/google-cloud/container-linux/kubernetes/cluster.tf b/google-cloud/container-linux/kubernetes/cluster.tf
@@ -13,13 +13,10 @@ module "controllers" {
   os_image      = "${var.os_image}"
 
   # configuration
-  networking              = "${var.networking}"
-  service_cidr            = "${var.service_cidr}"
-  cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-  kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
-  kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
-  kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
-  kubeconfig_server       = "${module.bootkube.server}"
+  networking            = "${var.networking}"
+  service_cidr          = "${var.service_cidr}"
+  cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  kubeconfig            = "${module.bootkube.kubeconfig}"
 }
 
 module "workers" {
@@ -36,10 +33,7 @@ module "workers" {
   preemptible  = "${var.worker_preemptible}"
 
   # configuration
-  service_cidr            = "${var.service_cidr}"
-  cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-  kubeconfig_ca_cert      = "${module.bootkube.ca_cert}"
-  kubeconfig_kubelet_cert = "${module.bootkube.kubelet_cert}"
-  kubeconfig_kubelet_key  = "${module.bootkube.kubelet_key}"
-  kubeconfig_server       = "${module.bootkube.server}"
+  service_cidr          = "${var.service_cidr}"
+  cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  kubeconfig            = "${module.bootkube.kubeconfig}"
 }
diff --git a/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl b/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl
@@ -110,22 +110,7 @@ storage:
       mode: 0644
       contents:
         inline: |
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: local
-            cluster:
-              server: ${kubeconfig_server}
-              certificate-authority-data: ${kubeconfig_ca_cert}
-          users:
-          - name: kubelet
-            user:
-              client-certificate-data: ${kubeconfig_kubelet_cert}
-              client-key-data: ${kubeconfig_kubelet_key}
-          contexts:
-          - context:
-              cluster: local
-              user: kubelet
+          ${kubeconfig}
     - path: /etc/kubernetes/kubelet.env
       filesystem: root
       mode: 0644

diff --git a/google-cloud/container-linux/kubernetes/controllers/controllers.tf b/google-cloud/container-linux/kubernetes/controllers/controllers.tf
@@ -65,13 +65,10 @@ data "template_file" "controller_config" {
     # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,...
     etcd_initial_cluster = "${join(",", formatlist("%s=https://%s:2380", null_resource.repeat.*.triggers.name, null_resource.repeat.*.triggers.domain))}"
 
-    k8s_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"
-    cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-    ssh_authorized_key      = "${var.ssh_authorized_key}"
-    kubeconfig_ca_cert      = "${var.kubeconfig_ca_cert}"
-    kubeconfig_kubelet_cert = "${var.kubeconfig_kubelet_cert}"
-    kubeconfig_kubelet_key  = "${var.kubeconfig_kubelet_key}"
-    kubeconfig_server       = "${var.kubeconfig_server}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    kubeconfig            = "${indent(10, var.kubeconfig)}"
   }
 }
 

diff --git a/google-cloud/container-linux/kubernetes/controllers/variables.tf b/google-cloud/container-linux/kubernetes/controllers/variables.tf
@@ -75,24 +75,7 @@ variable "cluster_domain_suffix" {
   default     = "cluster.local"
 }
 
-// kubeconfig
-
-variable "kubeconfig_ca_cert" {
-  type        = "string"
-  description = "Generated kubeconfig CA certificate"
-}
-
-variable "kubeconfig_kubelet_cert" {
-  type        = "string"
-  description = "Generated kubeconfig kubelet certificate"
-}
-
-variable "kubeconfig_kubelet_key" {
-  type        = "string"
-  description = "Generated kubeconfig kubelet private key"
-}
-
-variable "kubeconfig_server" {
+variable "kubeconfig" {
   type        = "string"
-  description = "Generated kubeconfig server"
+  description = "Generated Kubelet kubeconfig"
 }
diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl
@@ -84,22 +84,7 @@ storage:
       mode: 0644
       contents:
         inline: |
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: local
-            cluster:
-              server: ${kubeconfig_server}
-              certificate-authority-data: ${kubeconfig_ca_cert}
-          users:
-          - name: kubelet
-            user:
-              client-certificate-data: ${kubeconfig_kubelet_cert}
-              client-key-data: ${kubeconfig_kubelet_key}
-          contexts:
-          - context:
-              cluster: local
-              user: kubelet
+          ${kubeconfig}
     - path: /etc/kubernetes/kubelet.env
       filesystem: root
       mode: 0644

diff --git a/google-cloud/container-linux/kubernetes/workers/variables.tf b/google-cloud/container-linux/kubernetes/workers/variables.tf
@@ -65,24 +65,7 @@ variable "cluster_domain_suffix" {
   default     = "cluster.local"
 }
 
-# kubeconfig
-
-variable "kubeconfig_ca_cert" {
-  type        = "string"
-  description = "Generated kubeconfig CA certificate"
-}
-
-variable "kubeconfig_kubelet_cert" {
-  type        = "string"
-  description = "Generated kubeconfig kubelet certificate"
-}
-
-variable "kubeconfig_kubelet_key" {
-  type        = "string"
-  description = "Generated kubeconfig kubelet private key"
-}
-
-variable "kubeconfig_server" {
+variable "kubeconfig" {
   type        = "string"
-  description = "Generated kubeconfig server"
+  description = "Generated Kubelet kubeconfig"
 }
diff --git a/google-cloud/container-linux/kubernetes/workers/workers.tf b/google-cloud/container-linux/kubernetes/workers/workers.tf
@@ -22,14 +22,11 @@ data "template_file" "worker_config" {
   template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
 
   vars = {
-    k8s_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"
-    k8s_etcd_service_ip     = "${cidrhost(var.service_cidr, 15)}"
-    cluster_domain_suffix   = "${var.cluster_domain_suffix}"
-    ssh_authorized_key      = "${var.ssh_authorized_key}"
-    kubeconfig_ca_cert      = "${var.kubeconfig_ca_cert}"
-    kubeconfig_kubelet_cert = "${var.kubeconfig_kubelet_cert}"
-    kubeconfig_kubelet_key  = "${var.kubeconfig_kubelet_key}"
-    kubeconfig_server       = "${var.kubeconfig_server}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    k8s_etcd_service_ip   = "${cidrhost(var.service_cidr, 15)}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    kubeconfig            = "${indent(10, var.kubeconfig)}"
   }
 }