init: copied modules from lawndale-infra

2022-05-26 00:40:29 +02:00
commit 414feb48ee
39 changed files with 1435 additions and 0 deletions
--- a/kubernetes/kube-proxy/daemonset.tf
+++ b/kubernetes/kube-proxy/daemonset.tf
@@ -0,0 +1,145 @@
+
+resource "kubernetes_daemonset" "this" {
+  metadata {
+    name      = var.daemonset_name
+    namespace = var.namespace
+    labels = {
+      "k8s-app" = var.daemonset_name
+    }
+  }
+
+  spec {
+    selector {
+      match_labels = {
+        "k8s-app" = var.daemonset_name
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          "k8s-app"              = var.daemonset_name
+          "prometheus.io/scrape" = "true"
+          "prometheus.io/port"   = "10249"
+          "prometheus.io/scheme" = "http"
+        }
+      }
+
+      spec {
+        affinity {
+          node_affinity {
+            required_during_scheduling_ignored_during_execution {
+              node_selector_term {
+                match_expressions {
+                  key      = "kubernetes.io/os"
+                  operator = "In"
+                  values   = ["linux"]
+                }
+              }
+            }
+          }
+        }
+
+        host_network         = true
+        priority_class_name  = "system-node-critical"
+        service_account_name = kubernetes_service_account.this.metadata.0.name
+
+        toleration {
+          operator = "Exists"
+          effect   = "NoSchedule"
+        }
+        volume {
+          name = "kube-proxy-config"
+          config_map {
+            name = kubernetes_config_map.this.metadata.0.name
+          }
+        }
+        volume {
+          name = "kubeconfig"
+          empty_dir {
+            medium = "Memory"
+          }
+        }
+
+        volume {
+          name = "lib-modules"
+          host_path {
+            path = "/lib/modules"
+          }
+        }
+
+        init_container {
+          name    = "kubeconfig"
+          image   = "bitnami/kubectl:${var.kubernetes_version}"
+          command = ["/bin/bash"]
+          args    = ["/kubeconfig.sh"]
+
+          volume_mount {
+            name       = "kube-proxy-config"
+            mount_path = "/kubeconfig.sh"
+            sub_path   = "kubeconfig.sh"
+          }
+          volume_mount {
+            name       = "kubeconfig"
+            mount_path = "/kubeconfig"
+          }
+
+        }
+
+        container {
+          security_context {
+            privileged = true
+          }
+          image   = "k8s.gcr.io/kube-proxy:v${var.kubernetes_version}"
+          command = ["kube-proxy"]
+          args = [
+            "--config=/var/lib/kube-proxy/kube-proxy-config.yaml",
+          ]
+          name = "kube-proxy"
+
+          resources {
+            limits = {
+              cpu    = "100m"
+              memory = "50Mi"
+            }
+            requests = {
+              cpu    = "100m"
+              memory = "50Mi"
+            }
+          }
+
+          volume_mount {
+            name       = "kube-proxy-config"
+            mount_path = "/var/lib/kube-proxy"
+          }
+
+          volume_mount {
+            name       = "lib-modules"
+            mount_path = "/lib/modules"
+          }
+
+          volume_mount {
+            name       = "kubeconfig"
+            mount_path = "/kubeconfig"
+          }
+
+          #   liveness_probe {
+          #     http_get {
+          #       path = "/"
+          #       port = 80
+
+          #       http_header {
+          #         name  = "X-Custom-Header"
+          #         value = "Awesome"
+          #       }
+          #     }
+
+          #     initial_delay_seconds = 3
+          #     period_seconds        = 3
+          #   }
+
+        }
+      }
+    }
+  }
+}