thomasklein/terraform-modules
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

init: copied modules from lawndale-infra

Browse Source
This commit is contained in:
Tamas Kiss
2022-05-26 00:40:29 +02:00
commit 414feb48ee
39 changed files with 1435 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
kubernetes/kube-proxy/configmap.tf Normal file
View File

@@ -0,0 +1,26 @@
resource "kubernetes_config_map" "this" {
metadata {
name = "${var.daemonset_name}-config"
namespace = var.namespace
}
data = {
"kube-proxy-config.yaml" = yamlencode(merge({
kind = "KubeProxyConfiguration"
apiVersion = "kubeproxy.config.k8s.io/v1alpha1"
clientConnection = {
kubeconfig = "/kubeconfig/kubeconfig"
}
mode = var.mode
clusterCIDR = var.cluster_cidr
}, var.additional_config))
"kubeconfig.sh" : <<EOM
#!/bin/sh
kubectl --kubeconfig=/kubeconfig/kubeconfig config set-cluster default --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt --server=${var.kubernetes_server}
kubectl --kubeconfig=/kubeconfig/kubeconfig config set-credentials kube-proxy --token=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
kubectl --kubeconfig=/kubeconfig/kubeconfig config set-context default --cluster=default --user=kube-proxy
kubectl --kubeconfig=/kubeconfig/kubeconfig config use-context default
EOM
}
}

145
kubernetes/kube-proxy/daemonset.tf Normal file
View File

@@ -0,0 +1,145 @@
resource "kubernetes_daemonset" "this" {
metadata {
name = var.daemonset_name
namespace = var.namespace
labels = {
"k8s-app" = var.daemonset_name
}
}
spec {
selector {
match_labels = {
"k8s-app" = var.daemonset_name
}
}
template {
metadata {
labels = {
"k8s-app" = var.daemonset_name
"prometheus.io/scrape" = "true"
"prometheus.io/port" = "10249"
"prometheus.io/scheme" = "http"
}
}
spec {
affinity {
node_affinity {
required_during_scheduling_ignored_during_execution {
node_selector_term {
match_expressions {
key = "kubernetes.io/os"
operator = "In"
values = ["linux"]
}
}
}
}
}
host_network = true
priority_class_name = "system-node-critical"
service_account_name = kubernetes_service_account.this.metadata.0.name
toleration {
operator = "Exists"
effect = "NoSchedule"
}
volume {
name = "kube-proxy-config"
config_map {
name = kubernetes_config_map.this.metadata.0.name
}
}
volume {
name = "kubeconfig"
empty_dir {
medium = "Memory"
}
}
volume {
name = "lib-modules"
host_path {
path = "/lib/modules"
}
}
init_container {
name = "kubeconfig"
image = "bitnami/kubectl:${var.kubernetes_version}"
command = ["/bin/bash"]
args = ["/kubeconfig.sh"]
volume_mount {
name = "kube-proxy-config"
mount_path = "/kubeconfig.sh"
sub_path = "kubeconfig.sh"
}
volume_mount {
name = "kubeconfig"
mount_path = "/kubeconfig"
}
}
container {
security_context {
privileged = true
}
image = "k8s.gcr.io/kube-proxy:v${var.kubernetes_version}"
command = ["kube-proxy"]
args = [
"--config=/var/lib/kube-proxy/kube-proxy-config.yaml",
]
name = "kube-proxy"
resources {
limits = {
cpu = "100m"
memory = "50Mi"
}
requests = {
cpu = "100m"
memory = "50Mi"
}
}
volume_mount {
name = "kube-proxy-config"
mount_path = "/var/lib/kube-proxy"
}
volume_mount {
name = "lib-modules"
mount_path = "/lib/modules"
}
volume_mount {
name = "kubeconfig"
mount_path = "/kubeconfig"
}
# liveness_probe {
# http_get {
# path = "/"
# port = 80
# http_header {
# name = "X-Custom-Header"
# value = "Awesome"
# }
# }
# initial_delay_seconds = 3
# period_seconds = 3
# }
}
}
}
}
}

13
kubernetes/kube-proxy/outputs.tf Normal file
View File

@@ -0,0 +1,13 @@
output "daemonset" {
value = kubernetes_daemonset.this
}
output "configmap" {
value = kubernetes_config_map.this
}
output "service_account" {
value = kubernetes_service_account.this
}
output "cluster_role_binding" {
value = kubernetes_cluster_role_binding.this
}

8
kubernetes/kube-proxy/provider.tf Normal file
View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.11"
}
}
}

22
kubernetes/kube-proxy/rbac.tf Normal file
View File

@@ -0,0 +1,22 @@
resource "kubernetes_service_account" "this" {
metadata {
name = "kube-proxy"
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "this" {
metadata {
name = "kube-proxy-is-system-node-proxier"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "system:node-proxier"
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.this.metadata.0.name
namespace = "kube-system"
}
}

17
kubernetes/kube-proxy/service.tf Normal file
View File

@@ -0,0 +1,17 @@
resource "kubernetes_service" "prometheus" {
metadata {
name = var.daemonset_name
namespace = var.namespace
}
spec {
selector = {
"k8s-app" = var.daemonset_name
}
port {
port = 10249
target_port = 10249
}
type = "ClusterIP"
}
}

34
kubernetes/kube-proxy/variables.tf Normal file
View File

@@ -0,0 +1,34 @@
variable "kubernetes_version" {
type = string
description = "Kubernetes cluster version (eg: 1.23.5)"
}
variable "cluster_cidr" {
type = string
description = "Kubernetes cluster CIDR"
}
variable "kubernetes_server" {
type = string
description = "Kubernetes (master) server address (eg: https://k8s.my.domain:6443/)"
}
variable "mode" {
type = string
default = "iptables"
}
variable "daemonset_name" {
type = string
default = "kube-proxy"
}
variable "additional_config" {
type = map(any)
default = {}
}
variable "namespace" {
type = string
default = "kube-system"
}