Lorenzo Nicora nicusX

## k8snthw-infra.yaml
- hosts: etcd
  roles:
    - common
    - etcd

- hosts: controller
  roles:
    - common
    - controller

## k8snthw-instances.tf
resource "aws_instance" "etcd" {
    count = 3
    ami = "ami-1967056a" // Unbuntu 16.04 LTS HVM, EBS-SSD
    instance_type = "t2.micro"

    subnet_id = "${aws_subnet.kubernetes.id}"
    private_ip = "${cidrhost("10.43.0.0/16", 10 + count.index)}"
    associate_public_ip_address = true

    availability_zone = "eu-west-1a"

## k8snthw-cert.tf
# Generate Certificates
data "template_file" "certificates" {
    template = "${file("${path.module}/template/kubernetes-csr.json")}"
    depends_on = ["aws_elb.kubernetes_api","aws_instance.etcd","aws_instance.controller","aws_instance.worker"]
    vars {
      kubernetes_api_elb_dns_name = "${aws_elb.kubernetes_api.dns_name}"
      kubernetes_cluster_dns = "${var.kubernetes_cluster_dns}"
      etcd0_ip = "${aws_instance.etcd.0.private_ip}"
      ...
      controller0_ip = "${aws_instance.controller.0.private_ip}"

## k8snthw-keypair.tf
resource "aws_key_pair" "default_keypair" {
  key_name = "my-keypair"
  public_key = "ssh-rsa AA....zzz"
}

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                nicusX
                / keybase.md
            
            
              Created
              September 6, 2016 08:29
            
          
    Keybase proof

I hereby claim:

I am nicusX on github.
I am nicus (https://keybase.io/nicus) on keybase.
I have a public key whose fingerprint is DDAE E90D B270 D52C 7D70  CBD6 01D7 58A7 D46D 6B5B

To claim this, I am signing this object:

  
## k8snthw-iam.tf
resource "aws_iam_role" "kubernetes" {
  name = "kubernetes"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ]
}
EOF
}

## viewerRequest.js
'use strict';

const sourceCoookie = 'X-Source';
const sourceMain = 'main';
const sourceExperiment = 'experiment';
const experimentTraffic = 0.5;

// Viewer request handler
exports.handler = (event, context, callback) => {
    const request = event.Records[0].cf.request;

## originRequest.js
'use strict';

const sourceCoookie = 'X-Source';
const sourceMain = 'main';
const sourceExperiment = 'experiment';
const experimentTraffic = 0.5;

const experimentBucketEndpoint = 'my-experiment.s3.amazonaws.com';
const experimentBucketRegion = 'eu-west-1';

## k8snthw-security.tf
resource "aws_security_group" "kubernetes" {
  vpc_id = "${aws_vpc.kubernetes.id}"
  name = "kubernetes"

  # Allow all outbound
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]

## k8snthw-etcd.service.j2
# {{ ansible_managed }}
[Unit]
Description=etcd
Documentation=https://github.com/coreos

[Service]
ExecStart=/usr/bin/etcd --name {{ inventory_hostname }} \
  --cert-file=/etc/etcd/kubernetes.pem \
  --key-file=/etc/etcd/kubernetes-key.pem \
  --peer-cert-file=/etc/etcd/kubernetes.pem \
	- hosts: etcd
	roles:
	- common
	- etcd

	- hosts: controller
	roles:
	- common
	- controller
	resource "aws_instance" "etcd" {
	count = 3
	ami = "ami-1967056a" // Unbuntu 16.04 LTS HVM, EBS-SSD
	instance_type = "t2.micro"

	subnet_id = "${aws_subnet.kubernetes.id}"
	private_ip = "${cidrhost("10.43.0.0/16", 10 + count.index)}"
	associate_public_ip_address = true

	availability_zone = "eu-west-1a"
	# Generate Certificates
	data "template_file" "certificates" {
	template = "${file("${path.module}/template/kubernetes-csr.json")}"
	depends_on = ["aws_elb.kubernetes_api","aws_instance.etcd","aws_instance.controller","aws_instance.worker"]
	vars {
	kubernetes_api_elb_dns_name = "${aws_elb.kubernetes_api.dns_name}"
	kubernetes_cluster_dns = "${var.kubernetes_cluster_dns}"
	etcd0_ip = "${aws_instance.etcd.0.private_ip}"
	...
	controller0_ip = "${aws_instance.controller.0.private_ip}"
	resource "aws_key_pair" "default_keypair" {
	key_name = "my-keypair"
	public_key = "ssh-rsa AA....zzz"
	}
	resource "aws_iam_role" "kubernetes" {
	name = "kubernetes"
	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ]
	}
	EOF
	}
	'use strict';

	const sourceCoookie = 'X-Source';
	const sourceMain = 'main';
	const sourceExperiment = 'experiment';
	const experimentTraffic = 0.5;

	// Viewer request handler
	exports.handler = (event, context, callback) => {
	const request = event.Records[0].cf.request;
	resource "aws_security_group" "kubernetes" {
	vpc_id = "${aws_vpc.kubernetes.id}"
	name = "kubernetes"

	# Allow all outbound
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	# {{ ansible_managed }}
	[Unit]
	Description=etcd
	Documentation=https://github.com/coreos

	[Service]
	ExecStart=/usr/bin/etcd --name {{ inventory_hostname }} \
	--cert-file=/etc/etcd/kubernetes.pem \
	--key-file=/etc/etcd/kubernetes-key.pem \
	--peer-cert-file=/etc/etcd/kubernetes.pem \