Merge pull request #53 from phillc/merge-for-cli

Merge for-cli branch changes into master

Author: phillc

.gitignore

@@ -17,3 +17,4 @@
 
 # Logs
 *.log
+

Makefile

@@ -14,13 +14,19 @@ init:
 lint:
 	terraform fmt -recursive -check -diff .
 
-plan:
+plan: check-token
 	terraform plan
 
-apply:
+apply: check-token
 	terraform apply -auto-approve
 
-destroy:
+destroy: check-token
 	terraform destroy -auto-approve
 
 test: lint init plan apply destroy
+
+check-token:
+	@if test "$(LINODE_TOKEN)" = "" ; then \
+	  echo "LINODE_TOKEN must be set"; \
+	  exit 1; \
+	fi

main.tf

@@ -5,7 +5,8 @@ resource "null_resource" "preflight-checks" {
   }
 
   provisioner "local-exec" {
-    command = "${path.module}/scripts/local/preflight.sh"
+    command     = "${path.cwd}/${path.module}/scripts/local/preflight.sh ${var.ccm_image} ${var.csi_image}"
+    working_dir = "${path.cwd}/${path.module}"
   }
 }
 
@@ -51,7 +52,7 @@ resource "null_resource" "local_kubectl" {
   depends_on = [module.masters]
 
   provisioner "local-exec" {
-    command    = "${path.module}/scripts/local/kubectl-conf.sh ${terraform.workspace} ${module.masters.k8s_master_public_ip} ${module.masters.k8s_master_private_ip} ${var.ssh_public_key}"
+    command    = "${path.cwd}/${path.module}/scripts/local/kubectl-conf.sh ${terraform.workspace} ${module.masters.k8s_master_public_ip} ${module.masters.k8s_master_private_ip} ${var.ssh_public_key}"
     on_failure = continue
   }
 }

modules/instances/main.tf

@@ -46,7 +46,7 @@ resource "linode_instance" "instance" {
   }
 
   provisioner "file" {
-    source      = "${path.module}/scripts/"
+    source      = "${path.cwd}/${path.module}/scripts/"
     destination = "/home/core/init/"
 
     connection {
@@ -61,7 +61,7 @@ resource "linode_instance" "instance" {
       "set -e",
       "chmod +x /home/core/init/start.sh && sudo /home/core/init/start.sh",
       "chmod +x /home/core/init/linode-network.sh && sudo /home/core/init/linode-network.sh ${self.private_ip_address} ${self.label}",
-      "chmod +x /home/core/init/kubeadm-install.sh && sudo /home/core/init/kubeadm-install.sh ${var.k8s_version} ${var.cni_version} ${var.crictl_version} ${self.label} ${var.use_public ? self.ip_address : self.private_ip_address} ${var.k8s_feature_gates}",
+      "chmod +x /home/core/init/kubeadm-install.sh && sudo /home/core/init/kubeadm-install.sh \"${var.k8s_version}\" \"${var.cni_version}\" \"${var.crictl_version}\" \"${self.label}\" \"${var.use_public ? self.ip_address : self.private_ip_address}\" \"${var.k8s_feature_gates}\"",
     ]
 
     connection {

modules/instances/scripts/kubeadm-init.sh

@@ -8,7 +8,7 @@ NODE_PUBLIC_IP="$4"
 K8S_FEATURE_GATES="$5"
 POD_NETWORK="10.244.0.0/16"
 
-# Generated with kubeadm config print-default
+# Generated with kubeadm config print init-defaults
 cat <<EOF > $HOME/kubeadm-config.yml
 apiVersion: kubeadm.k8s.io/v1beta1
 #bootstrapTokens:
@@ -25,9 +25,7 @@ localAPIEndpoint:
   bindPort: 6443
 nodeRegistration:
   criSocket: /var/run/dockershim.sock
-  kubeletExtraArgs:
-    cloud-provider: external
-# name: ${NODE_NAME}
+  name: ${NODE_NAME}
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
@@ -39,10 +37,9 @@ apiServer:
     cloud-provider: external
     feature-gates: ${K8S_FEATURE_GATES}
   timeoutForControlPlane: 4m0s
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
 certificatesDir: /etc/kubernetes/pki
-clusterName: ${K8S_CLUSTERNAME}
-controlPlaneEndpoint: ""
+clusterName: kubernetes
 controllerManager:
   extraArgs:
     cloud-provider: external
@@ -60,44 +57,6 @@ networking:
   podSubnet: ${POD_NETWORK}
   serviceSubnet: 10.96.0.0/12
 scheduler: {}
----
-apiVersion: kubeproxy.config.k8s.io/v1alpha1
-bindAddress: 0.0.0.0
-clientConnection:
-  acceptContentTypes: ""
-  burst: 10
-  contentType: application/vnd.kubernetes.protobuf
-  kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
-  qps: 5
-clusterCIDR: ${POD_NETWORK}
-configSyncPeriod: 15m0s
-conntrack:
-  max: null
-  maxPerCore: 32768
-  min: 131072
-  tcpCloseWaitTimeout: 1h0m0s
-  tcpEstablishedTimeout: 24h0m0s
-enableProfiling: false
-#healthzBindAddress: 0.0.0.0:10256
-hostnameOverride: ""
-iptables:
-  masqueradeAll: false
-  masqueradeBit: 14
-  minSyncPeriod: 0s
-  syncPeriod: 30s
-ipvs:
-  excludeCIDRs: null
-  minSyncPeriod: 0s
-  scheduler: ""
-  syncPeriod: 30s
-kind: KubeProxyConfiguration
-#metricsBindAddress: 127.0.0.1:10249
-mode: ""
-nodePortAddresses: null
-oomScoreAdj: -999
-portRange: ""
-resourceContainer: /kube-proxy
-udpIdleTimeout: 250ms
 EOF
 
 kubeadm init --config $HOME/kubeadm-config.yml

modules/instances/scripts/kubeadm-install.sh

@@ -9,7 +9,7 @@ NODE_IP=$5
 K8S_FEATURE_GATES="$6"
 
 cat << EOF > /etc/default/kubelet
-KUBELET_EXTRA_ARGS="--cloud-provider=external --allow-privileged=true --feature-gates=${K8S_FEATURE_GATES}"
+KUBELET_EXTRA_ARGS="--cloud-provider=external --feature-gates=${K8S_FEATURE_GATES}"
 EOF
 
 # enable ipvs

modules/instances/scripts/start.sh

@@ -5,6 +5,7 @@ for mod in ip_vs_sh ip_vs ip_vs_rr ip_vs_wrr nf_conntrack_ipv4; do echo $mod | s
 
 # Enable the update-engine, but disable the locksmith which it requires
 sudo systemctl unmask update-engine.service || true
+
 sudo systemctl start update-engine.service || true
 sudo systemctl stop locksmithd.service || true
 sudo systemctl mask locksmithd.service || true

modules/masters/main.tf

@@ -32,7 +32,7 @@ resource "null_resource" "masters_provisioner" {
   }
 
   provisioner "file" {
-    source      = "${path.module}/manifests/"
+    source      = "${path.cwd}/${path.module}/manifests/"
     destination = "/home/core/init/"
 
     connection {
@@ -46,11 +46,11 @@ resource "null_resource" "masters_provisioner" {
     # TODO advertise on public adress
     inline = [
       "set -e",
-      "chmod +x /home/core/init/kubeadm-init.sh && sudo /home/core/init/kubeadm-init.sh ${var.cluster_name} ${var.k8s_version} ${module.master_instance.public_ip_address} ${module.master_instance.private_ip_address} ${var.k8s_feature_gates}",
+      "chmod +x /home/core/init/kubeadm-init.sh && sudo /home/core/init/kubeadm-init.sh \"${var.cluster_name}\" \"${var.k8s_version}\" \"${module.master_instance.public_ip_address}\" \"${module.master_instance.private_ip_address}\" \"${var.k8s_feature_gates}\"",
       "mkdir -p $HOME/.kube && sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config && sudo chown core $HOME/.kube/config",
       "export PATH=$${PATH}:/opt/bin",
       "kubectl apply -f /home/core/init/calico.yaml",
-      "chmod +x /home/core/init/linode-addons.sh && /home/core/init/linode-addons.sh ${var.region} ${var.linode_token}",
+      "chmod +x /home/core/init/linode-addons.sh && /home/core/init/linode-addons.sh \"${var.region}\" \"${var.linode_token}\"",
       "chmod +x /home/core/init/monitoring-install.sh && /home/core/init/monitoring-install.sh",
       "chmod +x /home/core/init/update-operator.sh && /home/core/init/update-operator.sh",
       "kubectl annotate node $${HOSTNAME} --overwrite container-linux-update.v1.coreos.com/reboot-paused=true",
@@ -66,7 +66,7 @@ resource "null_resource" "masters_provisioner" {
 }
 
 data "external" "kubeadm_join" {
-  program = ["${path.module}/scripts/local/kubeadm-token.sh"]
+  program = ["${path.cwd}/${path.module}/scripts/local/kubeadm-token.sh"]
 
   query = {
     host = module.master_instance.public_ip_address

modules/masters/manifests/.gitignore

@@ -0,0 +1,2 @@
+ccm-linode.yaml
+csi-linode.yaml

modules/masters/scripts/local/kubeadm-token.sh

@@ -3,7 +3,7 @@
 set -e
 
 # Extract "host" argument from the input into HOST shell variable
-eval "$(python -c 'import sys, json; print("HOST="+json.load(sys.stdin)["host"])')" 2>/dev/null || true
+eval "$(python3 -c 'import sys, json; print("HOST="+json.load(sys.stdin)["host"])')" 2>/dev/null || true
 
 # TODO: pass the ssh key into this command
 # Fetch the join command

modules/masters/manifests/ccm-linode.yaml renamed to modules/masters/templates/ccm-linode.yaml.template

@@ -57,7 +57,7 @@ spec:
           effect: NoSchedule
       hostNetwork: true
       containers:
-        - image: linode/linode-cloud-controller-manager:latest
+        - image: {{ .Values.CCMImage }}
           imagePullPolicy: Always
           name: ccm-linode
           args:

modules/masters/manifests/csi-linode.yaml renamed to modules/masters/templates/csi-linode.yaml.template

@@ -341,7 +341,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: linode-csi-plugin
-          image: linode/linode-blockstorage-csi-driver:v0.1.0
+          image: {{ .Values.CSIImage }}
           args :
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--token=$(LINODE_TOKEN)"
@@ -417,7 +417,7 @@ spec:
             - name: registration-dir
               mountPath: /registration/
         - name: csi-linode-plugin 
-          image: linode/linode-blockstorage-csi-driver:v0.1.0
+          image: {{ .Values.CSIImage }}
           args :
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--token=$(LINODE_TOKEN)"

scripts/local/preflight.sh

@@ -11,3 +11,12 @@ function assertInstalled() {
 }
 
 assertInstalled ssh scp sed kubectl python
+
+CCM_IMAGE=$1
+CSI_IMAGE=$2
+
+# substitute Docker images in manifests
+
+sed -e "s|{{ \.Values\.CCMImage }}|${CCM_IMAGE}|g" modules/masters/templates/ccm-linode.yaml.template > modules/masters/manifests/ccm-linode.yaml
+sed -e "s|{{ \.Values\.CSIImage }}|${CSI_IMAGE}|g" modules/masters/templates/csi-linode.yaml.template > modules/masters/manifests/csi-linode.yaml
+

variables.tf

@@ -14,7 +14,7 @@ variable "crictl_version" {
 }
 
 variable "k8s_feature_gates" {
-  default     = "CSINodeInfo=true,CSIDriverRegistry=true,BlockVolume=true,CSIBlockVolume=true"
+  default     = ""
   description = "Feature gates to enable in the Kubelet and API server"
 }
 
@@ -53,12 +53,6 @@ variable "linode_token" {
   description = "Linode API v4 Personal Access Token"
 }
 
-variable "ssh_private_key" {
-  type        = string
-  default     = "~/.ssh/id_rsa"
-  description = "The path to your private key"
-}
-
 variable "ssh_public_key" {
   type        = string
   default     = "~/.ssh/id_rsa.pub"
@@ -70,3 +64,15 @@ variable "update_agent_reboot_paused" {
   default     = "true"
   description = "Pause the container-linux update-agent operator from triggering reboots.  Defaults to 'true' (Paused) to prevent the control-plane from rebooting in the first few minutes of the cluster's life-cycle."
 }
+
+variable "ccm_image" {
+  type        = string
+  default     = "linode/linode-cloud-controller-manager:latest"
+  description = "The docker repo/image:tag to use for the CCM"
+}
+
+variable "csi_image" {
+  type        = string
+  default     = "linode/linode-blockstorage-csi-driver:latest"
+  description = "The docker repo/image:tag to use for the CSI"
+}