Skip to content

Instantly share code, notes, and snippets.

@limed
Last active May 31, 2018 17:36
Show Gist options
  • Save limed/32dcc9c160a45f1ff588480697d6f51b to your computer and use it in GitHub Desktop.
Save limed/32dcc9c160a45f1ff588480697d6f51b to your computer and use it in GitHub Desktop.
diff --git a/input.tf b/input.tf
index df22c1a..e66f48d 100644
--- a/input.tf
+++ b/input.tf
@@ -55,6 +55,7 @@ variable features {
default = {
vpc = 1
consul = 1
+ kubernetes = 0
jumphost = 0
fluent = 0
mig = 0
@@ -187,6 +188,15 @@ variable sso {
}
}
+variable kubernetes {
+ default = {
+ master_type = "c4.large"
+ node_type = "t2.medium"
+ node_count = "2"
+ version = ""
+ }
+}
+
variable fluentd {
default = {
sqs_queues = ""
diff --git a/main.tf b/main.tf
index 1cca946..2c06247 100644
--- a/main.tf
+++ b/main.tf
@@ -157,6 +157,9 @@ module "vpcs" {
user_management_sudo_groups = "${lookup(var.user_management, "sudo_groups")}"
user_management_user_groups = "${lookup(var.user_management, "user_groups")}"
+ # kubernetes
+ kubernetes_version = "${lookup(var.kubernetes, "version")}"
+
# MiG
mig = "${var.mig}"
diff --git a/modules/global/vpcs/inputs.tf b/modules/global/vpcs/inputs.tf
index ca8f21e..d7fd896 100644
--- a/modules/global/vpcs/inputs.tf
+++ b/modules/global/vpcs/inputs.tf
@@ -147,3 +147,5 @@ variable mig {
variable instance_mfa {
type = "map"
}
+
+variable kubernetes_version {}
diff --git a/modules/global/vpcs/main.tf b/modules/global/vpcs/main.tf
index 3105115..6a25728 100644
--- a/modules/global/vpcs/main.tf
+++ b/modules/global/vpcs/main.tf
@@ -120,6 +120,9 @@ module "us-east-1" {
user_management_sudo_groups = "${var.user_management_sudo_groups}"
user_management_user_groups = "${var.user_management_user_groups}"
+ # kubernetes
+ kubernetes_version = "${var.kubernetes_version}"
+
# MiG
mig = "${var.mig}"
@@ -238,6 +241,9 @@ module "us-west-2" {
user_management_sudo_groups = "${var.user_management_sudo_groups}"
user_management_user_groups = "${var.user_management_user_groups}"
+ # kubernetes
+ kubernetes_version = "${var.kubernetes_version}"
+
# MiG
mig = "${var.mig}"
diff --git a/modules/vpc/inputs.tf b/modules/vpc/inputs.tf
index cd049e0..c57246a 100644
--- a/modules/vpc/inputs.tf
+++ b/modules/vpc/inputs.tf
@@ -169,3 +169,9 @@ variable mig {
variable instance_mfa {
type = "map"
}
+
+variable enable_kubernetes {
+ default = 1
+}
+
+variable "kubernetes_version" {}
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
index 5a40acf..8cab8b0 100644
--- a/modules/vpc/main.tf
+++ b/modules/vpc/main.tf
@@ -1065,6 +1065,25 @@ module "vpn" {
output_config = "${var.vpn_output_config}"
}
+module "kube-image" {
+ source = "github.com/nubisproject/nubis-terraform//images?ref=v2.2.0"
+ region = "${var.aws_region}"
+ image_version = "${coalesce(var.kubernetes_version, var.nubis_version)}"
+ project = "nubis-kubernetes"
+}
+
+module "kubnernetes" {
+ source = "github.com/limed/nubis-kubernetes//nubis/terraform?ref=deploy-migrate"
+
+ enabled = "${var.enabled * var.enable_kubernetes}"
+ region = "${var.aws_region}"
+ arena = "core"
+ environment = "core"
+ service_name = "kubernetes"
+ account = "${var.account_name}"
+ ami = "${module.kube-image.image_id}"
+}
+
# Create a proxy discovery VPC DNS zone
resource "aws_route53_zone" "proxy" {
count = "${var.enabled * length(var.arenas)}"
@@ -1214,6 +1233,7 @@ resource "aws_s3_bucket_object" "public_state" {
],
"outputs": {
"nubis_version": ${jsonencode(var.nubis_version)},
+ "nubis_domain": ${jsonencode(var.nubis_domain)},
"region": ${jsonencode(var.aws_region)},
"regions": ${jsonencode(var.aws_regions)},
"arena": "${element(var.arenas, count.index)}",
@@ -1335,7 +1355,7 @@ resource "aws_lambda_function" "user_management" {
handler = "index.handler"
description = "Queries LDAP and inserts user into consul and create and delete IAM users"
memory_size = 128
- runtime = "nodejs4.3"
+ runtime = "nodejs8.10"
timeout = "30"
vpc_config = {
diff --git a/modules/vpc/user_management/main.tf b/modules/vpc/user_management/main.tf
index 5c1daa2..d17a5ca 100644
--- a/modules/vpc/user_management/main.tf
+++ b/modules/vpc/user_management/main.tf
@@ -53,7 +53,7 @@ resource "aws_lambda_function" "user_management" {
handler = "index.handler"
description = "Queries LDAP and inserts user into consul and create and delete IAM users"
memory_size = 128
- runtime = "nodejs4.3"
+ runtime = "nodejs8.10"
timeout = "300"
}
* module.vpcs.module.us-east-1.module.kube-image.data.aws_ami.image: 1 error(s) occurred:
* module.vpcs.module.us-east-1.module.kube-image.data.aws_ami.image: data.aws_ami.image: Your query returned no results. Please change your search criteria and try again.
* module.vpcs.module.us-west-2.module.kube-image.data.aws_ami.image: 1 error(s) occurred:
* module.vpcs.module.us-west-2.module.kube-image.data.aws_ami.image: data.aws_ami.image: Your query returned no results. Please change your search criteria and try again.
* module.vpcs.module.us-east-1.module.kubnernetes.module.info.data.terraform_remote_state.info: 1 error(s) occurred:
* module.vpcs.module.us-east-1.module.kubnernetes.module.info.data.terraform_remote_state.info: data.terraform_remote_state.info: HTTP remote state endpoint invalid auth
* module.vpcs.module.us-east-1.module.kubnernetes.module.kops_bucket.module.info.data.terraform_remote_state.info: 1 error(s) occurred:
* module.vpcs.module.us-east-1.module.kubnernetes.module.kops_bucket.module.info.data.terraform_remote_state.info: data.terraform_remote_state.info: HTTP remote state endpoint invalid auth
diff --git a/nubis/terraform/main.tf b/nubis/terraform/main.tf
index 1ba5445..87189ad 100644
--- a/nubis/terraform/main.tf
+++ b/nubis/terraform/main.tf
@@ -84,6 +84,7 @@ module "kops_cluster" {
# Master
master-availability-zones = "${split(",",module.info.availability_zones)}"
master-image = "${var.ami}"
+ master-machine-type = "${var.kubernetes_master_type}"
master-additional-sgs = "${local.security_groups}"
master-additional-sgs-count = "${local.security_groups_count}"
master-additional-user-data = "${data.template_file.userdata_master.rendered}"
@@ -97,23 +98,23 @@ module "kops_cluster" {
# First minion instance group
minion-image = "${var.ami}"
+ minion-machine-type = "${var.kubernetes_node_type}"
minion-additional-sgs = "${local.security_groups}"
minion-additional-sgs-count = "${local.security_groups_count}"
minion-additional-user-data = "${data.template_file.userdata_node.rendered}"
minion-update-interval = 4
- min-minions = 2
+ min-minions = "${var.kubernetes_node_minimum}"
}
resource "aws_security_group" "kubernetes" {
- name_prefix = "${var.service_name}-${var.arena}-${var.environment}-ssh-"
+ name_prefix = "${var.service_name}-${var.arena}-ssh-"
vpc_id = "${module.info.vpc_id}"
tags = {
- Name = "${var.service_name}-${var.arena}-${var.environment}-ssh"
+ Name = "${var.service_name}-${var.arena}-ssh"
Arena = "${var.arena}"
Region = "${var.region}"
- Environment = "${var.environment}"
}
ingress {
diff --git a/nubis/terraform/variables.tf b/nubis/terraform/variables.tf
index bdc8096..371b913 100644
--- a/nubis/terraform/variables.tf
+++ b/nubis/terraform/variables.tf
@@ -1,3 +1,5 @@
+variable "enabled" {}
+
variable "account" {}
variable "region" {}
@@ -41,3 +43,15 @@ variable "ssh_pubkey" {
type = "string"
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0/tR0k8b6gIQpd6IHyEJdzmGur60ShmOdQGpBoF7IPMBWTHgc5w3CTcqvK6aJ6GpZHyybi9D9EON4+1WZTf9tcsdUP8kyVOs66sw26FWeCri2k1zomsGP9Ysr3bSUe3dpi5vipk1PDXpaD6wYs/eEtQxO1U1wRCGEGclRdh5G8UbOMwrPIHvQd77ma5RyXzd36htzFtsKnuyTtG7xHGPphzVqLZmiDZeyxbr3mCuaMBW30syEKviiVbMo4RsmDqzR3N2ltInGKYgZpCW7fd7KrZL/G0oi/XS+Up5MvmYSsP2tYNx909CWFpWDsXEPMNddl7ZYizHXLbLexU8+0h5j nubis"
}
+
+variable "kubernetes_master_type" {
+ default = "c4.large"
+}
+
+variable "kubernetes_node_type" {
+ default = "t2.medium"
+}
+
+variable "kubernetes_node_minimum" {
+ default = "2"
+}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment