You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/05 11:41:00 UTC
[incubator-dlab] 01/01: added documentation for ssn-k8s terraform
module; modified Nexus;
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform-ssn-k8s
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 0312a46f69ba9652acdaae9bdb9e67a44874d789
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jul 5 14:40:49 2019 +0300
added documentation for ssn-k8s terraform module;
modified Nexus;
---
.../scripts/deploy_repository/deploy_repository.py | 12 +++++
.../templates/configureNexus.groovy | 2 +-
.../terraform/aws/main/main.tf | 2 +-
.../terraform/aws/main/variables.tf | 4 +-
.../terraform/aws/modules/ssn-k8s/README.md | 23 ++++++++++
.../aws/modules/ssn-k8s/auto_scaling_groups.tf | 4 +-
.../aws/modules/ssn-k8s/files/masters-user-data.sh | 52 +++++++++++-----------
.../aws/modules/ssn-k8s/files/workers-user-data.sh | 14 +++---
.../terraform/aws/modules/ssn-k8s/variables.tf | 2 +-
9 files changed, 75 insertions(+), 40 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py b/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
index 6c56e12..7cc8991 100644
--- a/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
+++ b/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
@@ -1453,6 +1453,12 @@ if __name__ == "__main__":
},
{
"PrefixListIds": [],
+ "FromPort": 8181,
+ "IpRanges": allowed_ip_cidr,
+ "ToPort": 8181, "IpProtocol": "tcp", "UserIdGroupPairs": []
+ },
+ {
+ "PrefixListIds": [],
"FromPort": 8083,
"IpRanges": allowed_ip_cidr,
"ToPort": 8083, "IpProtocol": "tcp", "UserIdGroupPairs": []
@@ -1492,6 +1498,12 @@ if __name__ == "__main__":
"FromPort": 8082,
"IpRanges": allowed_vpc_cidr_ip_ranges,
"ToPort": 8082, "IpProtocol": "tcp", "UserIdGroupPairs": []
+ },
+ {
+ "PrefixListIds": [],
+ "FromPort": 8181,
+ "IpRanges": allowed_vpc_cidr_ip_ranges,
+ "ToPort": 8181, "IpProtocol": "tcp", "UserIdGroupPairs": []
}
])
egress = format_sg([
diff --git a/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy b/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
index afe5e4b..54608ac 100644
--- a/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
+++ b/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
@@ -51,7 +51,7 @@ repository.createPyPiProxy('pypi','https://pypi.org/', 'packages_store', true)
repository.createMavenProxy('maven-central','https://repo1.maven.org/maven2/', 'artifacts_store', true, VersionPolicy.RELEASE, LayoutPolicy.PERMISSIVE)
repository.createMavenProxy('maven-bintray','https://dl.bintray.com/michaelklishin/maven/', 'artifacts_store', true, VersionPolicy.RELEASE, LayoutPolicy.PERMISSIVE)
repository.createDockerHosted('docker-internal', null, 8083, 'docker_store', true, true)
-repository.createDockerProxy('docker_hub', 'https://registry-1.docker.io', 'HUB', null, null, null, 'docker_store', true, false)
+repository.createDockerProxy('docker_hub', 'https://registry-1.docker.io', 'HUB', null, null, 8181, 'docker_store', true, false)
repository.createRawProxy('docker','https://download.docker.com/linux/ubuntu', 'packages_store')
repository.createRawProxy('jenkins','http://pkg.jenkins.io/debian-stable', 'packages_store')
repository.createRawProxy('mongo','http://repo.mongodb.org/apt/ubuntu', 'packages_store')
diff --git a/infrastructure-provisioning/terraform/aws/main/main.tf b/infrastructure-provisioning/terraform/aws/main/main.tf
index 1360dfb..43613d3 100644
--- a/infrastructure-provisioning/terraform/aws/main/main.tf
+++ b/infrastructure-provisioning/terraform/aws/main/main.tf
@@ -43,7 +43,7 @@ module "ssn-k8s" {
subnet_cidr = var.subnet_cidr
ssn_k8s_masters_shape = var.ssn_k8s_masters_shape
ssn_k8s_workers_shape = var.ssn_k8s_workers_shape
- os-user = var.os-user
+ os_user = var.os_user
}
module "common" {
diff --git a/infrastructure-provisioning/terraform/aws/main/variables.tf b/infrastructure-provisioning/terraform/aws/main/variables.tf
index 2c201b0..62ce7c7 100644
--- a/infrastructure-provisioning/terraform/aws/main/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/main/variables.tf
@@ -39,7 +39,7 @@ variable "key_name" {
variable "allowed_cidrs" {
default = ["0.0.0.0/0"]
}
-variable "os-user" {
+variable "os_user" {
default = "dlab-user"
}
@@ -49,7 +49,7 @@ variable "project_tag" {
// SSN
variable "service_base_name" {
- default = "k8s"
+ default = "dlab-k8s"
}
variable "vpc_id" {
default = ""
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md
new file mode 100644
index 0000000..9c0d265
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md
@@ -0,0 +1,23 @@
+# Terraform module for deploying DLab SSN K8S cluster
+
+List of variables which should be provided:
+
+| Variable | Type | Description/Value |
+|--------------------------|--------|-----------------------------------------------------------------------------------------------------------|
+| service\_base\_name | string | Any infrastructure value (should be unique if multiple SSN’s have been deployed before). Default: dlab-k8s|
+| vpc\_id | string | ID of AWS VPC if you already have VPC created. |
+| vpc\_cidr | string | CIDR for VPC creation. Conflicts with _vpc\_id_. Default: 172.31.0.0/16 |
+| subnet\_id | string | ID of AWS Subnet if you already have subnet created. |
+| subnet\_cidr | string | CIDR for Subnet creation. Conflicts with _subnet\_id_. Default: 172.31.0.0/24 |
+| env\_os | string | OS type. Available options: debian, redhat. Default: debian |
+| ami | string | ID of EC2 AMI. |
+| key\_name | string | Name of EC2 Key pair. |
+| region | string | Name of AWS region. Default: us-west-2 |
+| zone | string | Name of AWS zone. Default: a |
+| ssn\_k8s\_masters\_count | int | Count of K8S masters. Default: 3 |
+| ssn\_k8s\_workers\_count | int | Count of K8S workers. Default: 2 |
+| ssn\_root\_volume\_size | int | Size of root volume in GB. Default: 30 |
+| allowed\_cidrs | string | CIDR to allow acces to SSN K8S cluster. Default: 0.0.0.0/0 |
+| ssn\_k8s\_masters\_shape | string | Shape for SSN K8S masters. Default: t2.medium |
+| ssn\_k8s\_workers\_shape | string | Shape for SSN K8S workers. Default: t2.medium |
+| os\_user | string | Name of DLab service user. Default: dlab-user |
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
index 8644734..9877d25 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
@@ -27,7 +27,7 @@ data "template_file" "ssn_k8s_masters_user_data" {
k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
k8s-eip = aws_eip.k8s-lb-eip.public_ip
k8s-tg-arn = aws_lb_target_group.ssn_k8s_lb_target_group.arn
- k8s-os-user = var.os-user
+ k8s_os_user = var.os_user
}
}
@@ -35,7 +35,7 @@ data "template_file" "ssn_k8s_workers_user_data" {
template = file("../modules/ssn-k8s/files/workers-user-data.sh")
vars = {
k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
- k8s-os-user = var.os-user
+ k8s_os_user = var.os_user
}
}
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
index 67bff3e..2091b89 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
@@ -35,13 +35,13 @@ sleep 5
}
# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s-os-user}
-sudo bash -c 'echo "${k8s-os-user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s-os-user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s-os-user}/.ssh/authorized_keys'
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/
-sudo chmod 700 /home/${k8s-os-user}/.ssh
-sudo chmod 600 /home/${k8s-os-user}/.ssh/authorized_keys
+sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
+sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
+sudo mkdir /home/${k8s_os_user}/.ssh
+sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
+sudo chmod 700 /home/${k8s_os_user}/.ssh
+sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
sudo apt-get update
sudo apt-get install -y python-pip jq unzip
@@ -88,14 +88,14 @@ do
break
fi
done
-sudo mkdir -p /home/${k8s-os-user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s-os-user}/.kube/config
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/.kube
+sudo mkdir -p /home/${k8s_os_user}/.kube
+sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
sudo kubeadm token create --print-join-command > /tmp/join_command
sudo kubeadm init phase upload-certs --upload-certs | grep -v "upload-certs" > /tmp/cert_key
-sudo -i -u ${k8s-os-user} kubectl apply -f \
- "https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s-os-user} kubectl version | base64 | tr -d '\n')"
-sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+sudo -i -u ${k8s_os_user} kubectl apply -f \
+ "https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s_os_user} kubectl version | base64 | tr -d '\n')"
+sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
cat <<EOF > /tmp/rbac-config.yaml
apiVersion: v1
kind: ServiceAccount
@@ -116,8 +116,8 @@ subjects:
name: tiller
namespace: kube-system
EOF
-sudo -i -u ${k8s-os-user} kubectl create -f /tmp/rbac-config.yaml
-sudo -i -u ${k8s-os-user} helm init --service-account tiller --history-max 200
+sudo -i -u ${k8s_os_user} kubectl create -f /tmp/rbac-config.yaml
+sudo -i -u ${k8s_os_user} helm init --service-account tiller --history-max 200
sleep 60
aws s3 cp /tmp/join_command s3://${k8s-bucket-name}/k8s/masters/join_command
aws s3 cp /tmp/cert_key s3://${k8s-bucket-name}/k8s/masters/cert_key
@@ -139,11 +139,11 @@ aws s3 cp s3://${k8s-bucket-name}/k8s/masters/cert_key /tmp/cert_key
join_command=`cat /tmp/join_command`
cert_key=`cat /tmp/cert_key`
sudo $join_command --control-plane --certificate-key $cert_key
-sudo mkdir -p /home/${k8s-os-user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s-os-user}/.kube/config
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/.kube
-sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
-sudo -i -u ${k8s-os-user} helm init --client-only --history-max 200
+sudo mkdir -p /home/${k8s_os_user}/.kube
+sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
+sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+sudo -i -u ${k8s_os_user} helm init --client-only --history-max 200
fi
cat <<EOF > /tmp/update_files.sh
#!/bin/bash
@@ -161,19 +161,19 @@ sudo bash -c 'echo "0 0 * * * root /usr/local/bin/update_files.sh" >> /etc/cront
cat <<EOF > /tmp/remove-etcd-member.sh
#!/bin/bash
hostname=\$(/bin/hostname)
-not_ready_node=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl get nodes | grep NotReady | grep master | awk '{print \$1}')
+not_ready_node=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get nodes | grep NotReady | grep master | awk '{print \$1}')
if [[ \$not_ready_node != "" ]]; then
-etcd_pod_name=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl get pods -n kube-system | /bin/grep etcd \
+etcd_pod_name=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get pods -n kube-system | /bin/grep etcd \
| /bin/grep "\$hostname" | /usr/bin/awk '{print \$1}')
-etcd_member_id=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
+etcd_member_id=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-- /bin/sh -c "ETCDCTL_API=3 etcdctl member list --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key" | /bin/grep ", \$not_ready_node" | /usr/bin/awk -F',' '{print \$1}')
-/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
+/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-- /bin/sh -c "ETCDCTL_API=3 etcdctl member remove \$etcd_member_id --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key"
-/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl delete node \$not_ready_node
+/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl delete node \$not_ready_node
fi
@@ -181,7 +181,7 @@ EOF
sudo mv /tmp/remove-etcd-member.sh /usr/local/bin/remove-etcd-member.sh
sudo chmod 755 /usr/local/bin/remove-etcd-member.sh
sleep 600
-sudo -i -u ${k8s-os-user} helm repo update
+sudo -i -u ${k8s_os_user} helm repo update
sudo bash -c 'echo "* * * * * root /usr/local/bin/remove-etcd-member.sh >> /var/log/cron_k8s.log 2>&1" >> /etc/crontab'
wget https://releases.hashicorp.com/terraform/0.12.3/terraform_0.12.3_linux_amd64.zip -O /tmp/terraform_0.12.3_linux_amd64.zip
unzip /tmp/terraform_0.12.3_linux_amd64.zip -d /tmp/
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
index ad9e9c9..9ccda5d 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
@@ -28,13 +28,13 @@ sleep 5
}
# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s-os-user}
-sudo bash -c 'echo "${k8s-os-user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s-os-user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s-os-user}/.ssh/authorized_keys'
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/
-sudo chmod 700 /home/${k8s-os-user}/.ssh
-sudo chmod 600 /home/${k8s-os-user}/.ssh/authorized_keys
+sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
+sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
+sudo mkdir /home/${k8s-os-_ser}/.ssh
+sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
+sudo chmod 700 /home/${k8s_os_user}/.ssh
+sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
sudo apt-get update
sudo apt-get install -y python-pip
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
index 6b1363e..cb16348 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
@@ -51,4 +51,4 @@ variable "ssn_k8s_masters_shape" {}
variable "ssn_k8s_workers_shape" {}
-variable "os-user" {}
\ No newline at end of file
+variable "os_user" {}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org