Skip to content

Instantly share code, notes, and snippets.

@nicusX
Last active August 17, 2016 15:08
Show Gist options
  • Save nicusX/b257721d42cd4c5f32fe5a67f6130788 to your computer and use it in GitHub Desktop.
Save nicusX/b257721d42cd4c5f32fe5a67f6130788 to your computer and use it in GitHub Desktop.
# Generate Certificates
data "template_file" "certificates" {
template = "${file("${path.module}/template/kubernetes-csr.json")}"
depends_on = ["aws_elb.kubernetes_api","aws_instance.etcd","aws_instance.controller","aws_instance.worker"]
vars {
kubernetes_api_elb_dns_name = "${aws_elb.kubernetes_api.dns_name}"
kubernetes_cluster_dns = "${var.kubernetes_cluster_dns}"
etcd0_ip = "${aws_instance.etcd.0.private_ip}"
...
controller0_ip = "${aws_instance.controller.0.private_ip}"
...
worker2_ip = "${aws_instance.worker.2.private_ip}"
}
}
resource "null_resource" "certificates" {
triggers {
template_rendered = "${ data.template_file.certificates.rendered }"
}
provisioner "local-exec" {
command = "echo '${ data.template_file.certificates.rendered }' > ../cert/kubernetes-csr.json"
}
provisioner "local-exec" {
command = "cd ../cert; cfssl gencert -initca ca-csr.json | cfssljson -bare ca; cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment