richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
583 Commits
29 Branches
80 Tags
156 MiB
Tree: b3282cd0bb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b3282cd0bb'
${ noResults }
kubespray/contrib/terraform/aws/00-create-infrastructure.tf

261 lines
5.7 KiB
Raw Normal View History

base functionality to create aws resources
8 years ago
Add IAM profiles for Kubernetes nodes
8 years ago
base functionality to create aws resources
8 years ago
Add IAM profiles for Kubernetes nodes
8 years ago
base functionality to create aws resources
8 years ago
Add IAM profiles for Kubernetes nodes
8 years ago
base functionality to create aws resources
8 years ago
Add IAM profiles for Kubernetes nodes
8 years ago
base functionality to create aws resources
8 years ago
Add IAM profiles for Kubernetes nodes
8 years ago
  1. variable "deploymentName" {
  2. type = "string"
  3. description = "The desired name of your deployment."
  4. }
  6. variable "numControllers"{
  7. type = "string"
  8. description = "Desired # of controllers."
  9. }
  11. variable "numEtcd" {
  12. type = "string"
  13. description = "Desired # of etcd nodes. Should be an odd number."
  14. }
  16. variable "numNodes" {
  17. type = "string"
  18. description = "Desired # of nodes."
  19. }
  21. variable "volSizeController" {
  22. type = "string"
  23. description = "Volume size for the controllers (GB)."
  24. }
  26. variable "volSizeEtcd" {
  27. type = "string"
  28. description = "Volume size for etcd (GB)."
  29. }
  31. variable "volSizeNodes" {
  32. type = "string"
  33. description = "Volume size for nodes (GB)."
  34. }
  36. variable "subnet" {
  37. type = "string"
  38. description = "The subnet in which to put your cluster."
  39. }
  41. variable "securityGroups" {
  42. type = "string"
  43. description = "The sec. groups in which to put your cluster."
  44. }
  46. variable "ami"{
  47. type = "string"
  48. description = "AMI to use for all VMs in cluster."
  49. }
  51. variable "SSHKey" {
  52. type = "string"
  53. description = "SSH key to use for VMs."
  54. }
  56. variable "master_instance_type" {
  57. type = "string"
  58. description = "Size of VM to use for masters."
  59. }
  61. variable "etcd_instance_type" {
  62. type = "string"
  63. description = "Size of VM to use for etcd."
  64. }
  66. variable "node_instance_type" {
  67. type = "string"
  68. description = "Size of VM to use for nodes."
  69. }
  71. variable "terminate_protect" {
  72. type = "string"
  73. default = "false"
  74. }
  76. variable "awsRegion" {
  77. type = "string"
  78. }
  80. provider "aws" {
  81. region = "${var.awsRegion}"
  82. }
  84. variable "iam_prefix" {
  85. type = "string"
  86. description = "Prefix name for IAM profiles"
  87. }
  89. resource "aws_iam_instance_profile" "kubernetes_master_profile" {
  90. name = "${var.iam_prefix}_kubernetes_master_profile"
  91. roles = ["${aws_iam_role.kubernetes_master_role.name}"]
  92. }
  94. resource "aws_iam_role" "kubernetes_master_role" {
  95. name = "${var.iam_prefix}_kubernetes_master_role"
  96. assume_role_policy = <<EOF
  97. {
  98. "Version": "2012-10-17",
  99. "Statement": [
  100. {
  101. "Effect": "Allow",
  102. "Principal": { "Service": "ec2.amazonaws.com"},
  103. "Action": "sts:AssumeRole"
  104. }
  105. ]
  106. }
  107. EOF
  108. }
  110. resource "aws_iam_role_policy" "kubernetes_master_policy" {
  111. name = "${var.iam_prefix}_kubernetes_master_policy"
  112. role = "${aws_iam_role.kubernetes_master_role.id}"
  113. policy = <<EOF
  114. {
  115. "Version": "2012-10-17",
  116. "Statement": [
  117. {
  118. "Effect": "Allow",
  119. "Action": ["ec2:*"],
  120. "Resource": ["*"]
  121. },
  122. {
  123. "Effect": "Allow",
  124. "Action": ["elasticloadbalancing:*"],
  125. "Resource": ["*"]
  126. },
  127. {
  128. "Effect": "Allow",
  129. "Action": "s3:*",
  130. "Resource": "*"
  131. }
  132. ]
  133. }
  134. EOF
  135. }
  137. resource "aws_iam_instance_profile" "kubernetes_node_profile" {
  138. name = "${var.iam_prefix}_kubernetes_node_profile"
  139. roles = ["${aws_iam_role.kubernetes_node_role.name}"]
  140. }
  142. resource "aws_iam_role" "kubernetes_node_role" {
  143. name = "${var.iam_prefix}_kubernetes_node_role"
  144. assume_role_policy = <<EOF
  145. {
  146. "Version": "2012-10-17",
  147. "Statement": [
  148. {
  149. "Effect": "Allow",
  150. "Principal": { "Service": "ec2.amazonaws.com"},
  151. "Action": "sts:AssumeRole"
  152. }
  153. ]
  154. }
  155. EOF
  156. }
  158. resource "aws_iam_role_policy" "kubernetes_node_policy" {
  159. name = "${var.iam_prefix}_kubernetes_node_policy"
  160. role = "${aws_iam_role.kubernetes_node_role.id}"
  161. policy = <<EOF
  162. {
  163. "Version": "2012-10-17",
  164. "Statement": [
  165. {
  166. "Effect": "Allow",
  167. "Action": "s3:*",
  168. "Resource": "*"
  169. },
  170. {
  171. "Effect": "Allow",
  172. "Action": "ec2:Describe*",
  173. "Resource": "*"
  174. },
  175. {
  176. "Effect": "Allow",
  177. "Action": "ec2:AttachVolume",
  178. "Resource": "*"
  179. },
  180. {
  181. "Effect": "Allow",
  182. "Action": "ec2:DetachVolume",
  183. "Resource": "*"
  184. }
  185. ]
  186. }
  187. EOF
  188. }
  190. resource "aws_instance" "master" {
  191. count = "${var.numControllers}"
  192. ami = "${var.ami}"
  193. instance_type = "${var.master_instance_type}"
  194. subnet_id = "${var.subnet}"
  195. vpc_security_group_ids = ["${var.securityGroups}"]
  196. key_name = "${var.SSHKey}"
  197. disable_api_termination = "${var.terminate_protect}"
  198. iam_instance_profile = "${aws_iam_instance_profile.kubernetes_master_profile.id}"
  199. root_block_device {
  200. volume_size = "${var.volSizeController}"
  201. }
  202. tags {
  203. Name = "${var.deploymentName}-master-${count.index + 1}"
  204. }
  205. }
  207. resource "aws_instance" "etcd" {
  208. count = "${var.numEtcd}"
  209. ami = "${var.ami}"
  210. instance_type = "${var.etcd_instance_type}"
  211. subnet_id = "${var.subnet}"
  212. vpc_security_group_ids = ["${var.securityGroups}"]
  213. key_name = "${var.SSHKey}"
  214. disable_api_termination = "${var.terminate_protect}"
  215. root_block_device {
  216. volume_size = "${var.volSizeEtcd}"
  217. }
  218. tags {
  219. Name = "${var.deploymentName}-etcd-${count.index + 1}"
  220. }
  221. }
  224. resource "aws_instance" "minion" {
  225. count = "${var.numNodes}"
  226. ami = "${var.ami}"
  227. instance_type = "${var.node_instance_type}"
  228. subnet_id = "${var.subnet}"
  229. vpc_security_group_ids = ["${var.securityGroups}"]
  230. key_name = "${var.SSHKey}"
  231. disable_api_termination = "${var.terminate_protect}"
  232. iam_instance_profile = "${aws_iam_instance_profile.kubernetes_node_profile.id}"
  233. root_block_device {
  234. volume_size = "${var.volSizeNodes}"
  235. }
  236. tags {
  237. Name = "${var.deploymentName}-minion-${count.index + 1}"
  238. }
  239. }
  241. output "kubernetes_master_profile" {
  242. value = "${aws_iam_instance_profile.kubernetes_master_profile.id}"
  243. }
  245. output "kubernetes_node_profile" {
  246. value = "${aws_iam_instance_profile.kubernetes_node_profile.id}"
  247. }
  249. output "master-ip" {
  250. value = "${join(", ", aws_instance.master.*.private_ip)}"
  251. }
  253. output "etcd-ip" {
  254. value = "${join(", ", aws_instance.etcd.*.private_ip)}"
  255. }
  257. output "minion-ip" {
  258. value = "${join(", ", aws_instance.minion.*.private_ip)}"
  259. }