Merge pull request #23 from displague/separate_modules

refactored modules

Author: displague

.gitignore

@@ -2,6 +2,7 @@
 *.tfstate
 *.tfstate.backup
 *.terraform.tfstate.lock.info
+*.tfvars
 
 # Module directory
 .terraform/

README.md

@@ -33,12 +33,24 @@ Create a `main.tf` file in a new directory with the following contents:
 ```hcl
 module "k8s" {
   source  = "linode/k8s/linode"
+
   linode_token = "YOUR TOKEN HERE"
 }
 ```
 
 That's all it takes to get started!
 
+Pin to a specific module version using `version = "..."` to avoid upgrading to a version with breaking changes.  Upgrades to this module could potentially replace all master and worker nodes resulting in data loss.  The `terraform plan` will report this, but it may not be obvious.
+
+```hcl
+module "k8s" {
+  source  = "linode/k8s/linode"
+  version = "0.1.0"
+
+  linode_token = "YOUR TOKEN HERE"
+}
+```
+
 Choose a Terraform workspace name (because the default is `default`).  In this example we've chosen `linode`.  The workspace name will be used as a prefix for Linode resource created in this cluster, for example: `linode-master-1`, `linode-node-1`.  Alternate workspaces can be created and selected to change clusters.
 
 ```bash
@@ -164,6 +176,14 @@ Or if you won't be submitting changes, you can use `terraform init`:
 terraform init --from-module=linode/k8s/linode linode-k8s
 ```
 
+### Modules
+
+This terraform modules is composed of three sub-modules for reuse and separation of concerns.
+
+* Instance - Accepts all necessary Linode Instance provisioning variables and performs CoreOS Container Linux common tasks for the Linode environment.
+* Master - Uses the Instance module as a base and futher provisions a Kubernetes control-plane.
+* Node - Uses the Instance module as a base and further provisions a Kubernetes worker joined to a control-plane using module parameters.
+
 ### Contribution Guidelines
 
 Would you like to improve the `terraform-linode-k8s` module? Please start [here](https://github.com/linode/terraform-linode-k8s/blob/master/.github/CONTRIBUTING.md).

example/main.tf

@@ -0,0 +1,128 @@
+// # Work In Progress Example
+// 
+// This generally demonstrates how to use the terraform-linode-k8s module, however there
+// are some provisioning errors with the usage of the helm provider here.  The
+// install.sh script in this example/ directory is equivalent.
+// 
+// ## TODO
+// - Fix timeouts (set better "depends_on" values)
+// - Fix permission issue with helm listing configmaps from the kube-system namespace:
+//   https://github.com/terraform-providers/terraform-provider-helm/issues/77
+
+module "linode_k8s" {
+  # Work against a branch:
+  # source = "git::https://github.com/linode/terraform-linode-k8s?ref=some_branch"
+  #
+  # Or download a tagged releases
+  source = "linode/k8s/linode"
+  version      = "0.1.0"
+
+  nodes        = "${var.nodes}"
+  linode_token = "${var.linode_token}"
+}
+
+variable "nodes" {
+  default = "3"
+}
+
+variable "linode_token" {
+  description = "Linode APIv4 Token"
+}
+
+variable "linode_domain" {
+  description = "Domain managed by Linode Domain Manager"
+}
+
+provider "kubernetes" {
+  config_path = "${module.linode_k8s.kubectl_config}"
+}
+
+resource "kubernetes_service_account" "tiller" {
+  metadata {
+    name      = "tiller"
+    namespace = "kube-system"
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "tiller" {
+  depends_on = ["kubernetes_service_account.tiller"]
+
+  metadata {
+    name = "tiller"
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+  }
+
+  subject {
+    kind = "User"
+    name = "system:serviceaccount:kube-system:tiller"
+  }
+}
+
+resource null_resource "tiller" {
+  depends_on = ["kubernetes_cluster_role_binding.tiller"]
+
+  provisioner "local-exec" {
+    environment {
+      KUBECONFIG = "${module.linode_k8s.kubectl_config}"
+    }
+
+    command = "helm init --service-account tiller --wait"
+  }
+}
+
+provider "helm" {
+  service_account = "tiller"
+  namespace       = "kube-system"
+  install_tiller  = false
+
+  kubernetes {
+    config_path = "${module.linode_k8s.kubectl_config}"
+  }
+}
+
+resource "helm_repository" "incubator" {
+  name = "incubator"
+  url  = "https://kubernetes-charts-incubator.storage.googleapis.com"
+}
+
+resource "helm_release" "wordpress" {
+  depends_on = ["helm_release.mysqlha"]
+  name       = "stable"
+  chart      = "wordpress"
+  version    = "5.0.1"
+  values     = ["${file("${path.module}/values/wordpress.values.yaml")}"]
+
+  set {
+    name  = "ingress.hosts[0].name"
+    value = "wordpress.${var.linode_domain}"
+  }
+}
+
+resource "helm_release" "mysqlha" {
+  name    = "${helm_repository.incubator.name}"
+  chart   = "mysqlha"
+  version = "0.4.0"
+  values  = ["${file("${path.module}/values/mysqlha.values.yaml")}"]
+}
+
+resource "helm_release" "traefik" {
+  name    = "stable"
+  chart   = "traefik"
+  version = "1.55.1"
+  values  = ["${file("${path.module}/values/traefik.values.yaml")}"]
+
+  set {
+    name  = "service.annotations.external-dns\\.alpha\\.kubernetes\\.io/hostname\\.io/hostname"
+    value = "dashboard.${var.linode_domain}"
+  }
+
+  set {
+    name  = "dashboard.domain"
+    value = "dashboard.${var.linode_domain}"
+  }
+}

main.tf

@@ -1,6 +1,6 @@
 provider "linode" {
-  token = "${var.linode_token}"
-  version = "1.3.0"
+  token   = "${var.linode_token}"
+  version = "1.4.0"
 }
 
 provider "external" {
@@ -12,7 +12,53 @@ resource "null_resource" "preflight-checks" {
   triggers {
     key = "${uuid()}"
   }
+
+  provisioner "local-exec" {
+    command = "${path.module}/scripts/local/preflight.sh"
+  }
+}
+
+module "masters" {
+  source       = "./modules/masters"
+  label_prefix = "${var.cluster_name == "" ? terraform.workspace : var.cluster_name}"
+  node_class   = "master"
+  node_count   = "${var.masters}"
+  node_type    = "${var.server_type_master}"
+  linode_token = "${var.linode_token}"
+
+  k8s_version       = "${var.k8s_version}"
+  k8s_feature_gates = "${var.k8s_feature_gates}"
+  cni_version       = "${var.cni_version}"
+  ssh_public_key    = "${var.ssh_public_key}"
+  region            = "${var.region}"
+  linode_group      = "${var.cluster_name}"
+
+  //todo variable instead of workspace?
+  cluster_name = "${var.cluster_name == "" ? terraform.workspace : var.cluster_name}"
+}
+
+module "nodes" {
+  source       = "./modules/nodes"
+  label_prefix = "${var.cluster_name == "" ? terraform.workspace : var.cluster_name}"
+  node_class   = "node"
+  node_count   = "${var.nodes}"
+  node_type    = "${var.server_type_node}"
+
+  k8s_version          = "${var.k8s_version}"
+  k8s_feature_gates    = "${var.k8s_feature_gates}"
+  cni_version          = "${var.cni_version}"
+  ssh_public_key       = "${var.ssh_public_key}"
+  region               = "${var.region}"
+  linode_group         = "${var.cluster_name}"
+  kubeadm_join_command = "${module.masters.kubeadm_join_command}"
+}
+
+resource "null_resource" "local_kubectl" {
+  // todo
+  depends_on = ["module.masters"]
+
   provisioner "local-exec" {
-    command    = "${path.module}/scripts/local/preflight.sh"
+    command    = "${path.module}/scripts/local/kubectl-conf.sh ${terraform.workspace} ${module.masters.k8s_master_public_ip} ${module.masters.k8s_master_private_ip} ${var.ssh_public_key}"
+    on_failure = "continue"
   }
 }

master.tf

@@ -0,0 +1,3 @@
+## CoreOS Kubernetes Instances
+
+This module provisions a Linode Instance using CoreOS while staging some Kubernetes tooling.

modules/instances/README.md

@@ -0,0 +1,55 @@
+data "linode_instance_type" "type" {
+  id = "${var.node_type}"
+}
+
+resource "linode_instance" "instance" {
+  count      = "${var.node_count}"
+  region     = "${var.region}"
+  label      = "${var.label_prefix == "" ? "" : "${var.label_prefix}-"}${var.node_class}-${count.index + 1}"
+  group      = "${var.linode_group}"
+  type       = "${var.node_type}"
+  private_ip = "${var.private_ip}"
+
+  disk {
+    label           = "boot"
+    size            = "${data.linode_instance_type.type.disk}"
+    authorized_keys = ["${chomp(file(var.ssh_public_key))}"]
+    image           = "linode/containerlinux"
+  }
+
+  config {
+    label = "${var.node_class}"
+
+    kernel = "linode/direct-disk"
+
+    devices {
+      sda = {
+        disk_label = "boot"
+      }
+    }
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/scripts/"
+    destination = "/tmp"
+
+    connection {
+      user    = "core"
+      timeout = "300s"
+    }
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "set -e",
+      "chmod +x /tmp/start.sh && sudo /tmp/start.sh",
+      "chmod +x /tmp/linode-network.sh && sudo /tmp/linode-network.sh ${self.private_ip_address} ${self.label}",
+      "chmod +x /tmp/kubeadm-install.sh && sudo /tmp/kubeadm-install.sh ${var.k8s_version} ${var.cni_version} ${self.label} ${var.use_public ? self.ip_address : self.private_ip_address} ${var.k8s_feature_gates}",
+    ]
+
+    connection {
+      user    = "core"
+      timeout = "300s"
+    }
+  }
+}