Skip to content

Commit

Permalink
Remove asset_dir variable and optional asset writes
Browse files Browse the repository at this point in the history
* Originally, poseidon/terraform-render-bootstrap generated
TLS certificates, manifests, and cluster "assets" written
to local disk (`asset_dir`) during terraform apply cluster
bootstrap
* Typhoon v1.17.0 introduced bootstrapping using only Terraform
state to store cluster assets, to avoid ever writing sensitive
materials to disk and improve automated use-cases. `asset_dir`
was changed to optional and defaulted to "" (no writes)
* Typhoon v1.18.0 deprecated the `asset_dir` variable, removed
docs, and announced it would be deleted in future.
* Add Terraform output `assets_dir` map
* Remove the `asset_dir` variable

Cluster assets are now stored in Terraform state only. For those
who wish to write those assets to local files, this is possible
doing so explicitly.

```
resource local_file "assets" {
  for_each = module.yavin.assets_dist
  filename = "some-assets/${each.key}"
  content = each.value
}
```

Related:

* #595
* #678
  • Loading branch information
dghubble committed Oct 17, 2020
1 parent b1e680a commit afac46e
Show file tree
Hide file tree
Showing 31 changed files with 75 additions and 80 deletions.
2 changes: 2 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ Notable changes between versions.

## Latest

* Remove `asset_dir` variable (default off in [v1.17.0](https://github.com/poseidon/typhoon/pull/595), deprecated in [v1.18.0](https://github.com/poseidon/typhoon/pull/678))

## v1.19.3

* Update Cilium from v1.8.3 to [v1.8.4](https://github.com/cilium/cilium/releases/tag/v1.8.4)
Expand Down
3 changes: 1 addition & 2 deletions aws/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = aws_route53_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking
network_mtu = var.network_mtu
pod_cidr = var.pod_cidr
Expand Down
6 changes: 6 additions & 0 deletions aws/container-linux/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,9 @@ output "worker_target_group_https" {
value = module.workers.target_group_https
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions aws/container-linux/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -149,12 +149,6 @@ variable "worker_node_labels" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by CoreDNS. Default is cluster.local (e.g. foo.default.svc.cluster.local)"
Expand Down
3 changes: 1 addition & 2 deletions aws/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = aws_route53_record.etcds.*.fqdn
asset_dir = var.asset_dir
networking = var.networking
network_mtu = var.network_mtu
pod_cidr = var.pod_cidr
Expand Down
6 changes: 6 additions & 0 deletions aws/fedora-coreos/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,9 @@ output "worker_target_group_https" {
value = module.workers.target_group_https
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions aws/fedora-coreos/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'"
}

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "networking" {
type = string
description = "Choice of networking provider (calico or flannel)"
Expand Down
3 changes: 1 addition & 2 deletions azure/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone)
asset_dir = var.asset_dir

networking = var.networking

Expand Down
7 changes: 7 additions & 0 deletions azure/container-linux/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,10 @@ output "backend_address_pool_id" {
description = "ID of the worker backend address pool"
value = azurerm_lb_backend_address_pool.worker.id
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions azure/container-linux/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -130,12 +130,6 @@ variable "worker_node_labels" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions azure/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone)
asset_dir = var.asset_dir

networking = var.networking

Expand Down
7 changes: 7 additions & 0 deletions azure/fedora-coreos/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,10 @@ output "backend_address_pool_id" {
description = "ID of the worker backend address pool"
value = azurerm_lb_backend_address_pool.worker.id
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions azure/fedora-coreos/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -129,12 +129,6 @@ variable "worker_node_labels" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions bare-metal/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
etcd_servers = var.controllers.*.domain
asset_dir = var.asset_dir
networking = var.networking
network_mtu = var.network_mtu
network_ip_autodetection_method = var.network_ip_autodetection_method
Expand Down
6 changes: 6 additions & 0 deletions bare-metal/container-linux/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,9 @@ output "kubeconfig-admin" {
value = module.bootstrap.kubeconfig-admin
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions bare-metal/container-linux/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -152,12 +152,6 @@ variable "enable_aggregation" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions bare-metal/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
etcd_servers = var.controllers.*.domain
asset_dir = var.asset_dir
networking = var.networking
network_mtu = var.network_mtu
network_ip_autodetection_method = var.network_ip_autodetection_method
Expand Down
6 changes: 6 additions & 0 deletions bare-metal/fedora-coreos/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,9 @@ output "kubeconfig-admin" {
value = module.bootstrap.kubeconfig-admin
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions bare-metal/fedora-coreos/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'"
}

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "networking" {
type = string
description = "Choice of networking provider (flannel or calico)"
Expand Down
3 changes: 1 addition & 2 deletions digital-ocean/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = digitalocean_record.etcds.*.fqdn
asset_dir = var.asset_dir

networking = var.networking

Expand Down
6 changes: 6 additions & 0 deletions digital-ocean/container-linux/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,9 @@ output "vpc_id" {
value = digitalocean_vpc.network.id
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions digital-ocean/container-linux/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,6 @@ variable "enable_aggregation" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = digitalocean_record.etcds.*.fqdn
asset_dir = var.asset_dir

networking = var.networking

Expand Down
7 changes: 7 additions & 0 deletions digital-ocean/fedora-coreos/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,10 @@ output "vpc_id" {
description = "ID of the cluster VPC"
value = digitalocean_vpc.network.id
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions digital-ocean/fedora-coreos/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,6 @@ variable "enable_aggregation" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions google-cloud/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = google_dns_record_set.etcds.*.name
asset_dir = var.asset_dir
networking = var.networking
network_mtu = 1440
pod_cidr = var.pod_cidr
Expand Down
6 changes: 6 additions & 0 deletions google-cloud/container-linux/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,9 @@ output "worker_target_pool" {
value = module.workers.target_pool
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions google-cloud/container-linux/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -124,12 +124,6 @@ variable "worker_node_labels" {

# unofficial, undocumented, unsupported

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "cluster_domain_suffix" {
type = string
description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) "
Expand Down
3 changes: 1 addition & 2 deletions google-cloud/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7988fb7159cb81e2d080b365b147fe90542fd258"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9037d7311b949439b217cd9c657d4500eab3e16b"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
etcd_servers = google_dns_record_set.etcds.*.name
asset_dir = var.asset_dir
networking = var.networking
network_mtu = 1440
pod_cidr = var.pod_cidr
Expand Down
6 changes: 6 additions & 0 deletions google-cloud/fedora-coreos/kubernetes/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,9 @@ output "worker_target_pool" {
value = module.workers.target_pool
}

# Outputs for debug

output "assets_dist" {
value = module.bootstrap.assets_dist
}

6 changes: 0 additions & 6 deletions google-cloud/fedora-coreos/kubernetes/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,6 @@ variable "ssh_authorized_key" {
description = "SSH public key for user 'core'"
}

variable "asset_dir" {
type = string
description = "Absolute path to a directory where generated assets should be placed (contains secrets)"
default = ""
}

variable "networking" {
type = string
description = "Choice of networking provider (flannel or calico)"
Expand Down

0 comments on commit afac46e

Please sign in to comment.