You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/05 11:40:59 UTC
[incubator-dlab] branch DLAB-terraform-ssn-k8s created (now 0312a46)
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a change to branch DLAB-terraform-ssn-k8s
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.
at 0312a46 added documentation for ssn-k8s terraform module; modified Nexus;
This branch includes the following new commits:
new 0312a46 added documentation for ssn-k8s terraform module; modified Nexus;
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 01/01: added documentation for ssn-k8s terraform
module; modified Nexus;
Posted by om...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform-ssn-k8s
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 0312a46f69ba9652acdaae9bdb9e67a44874d789
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jul 5 14:40:49 2019 +0300
added documentation for ssn-k8s terraform module;
modified Nexus;
---
.../scripts/deploy_repository/deploy_repository.py | 12 +++++
.../templates/configureNexus.groovy | 2 +-
.../terraform/aws/main/main.tf | 2 +-
.../terraform/aws/main/variables.tf | 4 +-
.../terraform/aws/modules/ssn-k8s/README.md | 23 ++++++++++
.../aws/modules/ssn-k8s/auto_scaling_groups.tf | 4 +-
.../aws/modules/ssn-k8s/files/masters-user-data.sh | 52 +++++++++++-----------
.../aws/modules/ssn-k8s/files/workers-user-data.sh | 14 +++---
.../terraform/aws/modules/ssn-k8s/variables.tf | 2 +-
9 files changed, 75 insertions(+), 40 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py b/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
index 6c56e12..7cc8991 100644
--- a/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
+++ b/infrastructure-provisioning/scripts/deploy_repository/deploy_repository.py
@@ -1453,6 +1453,12 @@ if __name__ == "__main__":
},
{
"PrefixListIds": [],
+ "FromPort": 8181,
+ "IpRanges": allowed_ip_cidr,
+ "ToPort": 8181, "IpProtocol": "tcp", "UserIdGroupPairs": []
+ },
+ {
+ "PrefixListIds": [],
"FromPort": 8083,
"IpRanges": allowed_ip_cidr,
"ToPort": 8083, "IpProtocol": "tcp", "UserIdGroupPairs": []
@@ -1492,6 +1498,12 @@ if __name__ == "__main__":
"FromPort": 8082,
"IpRanges": allowed_vpc_cidr_ip_ranges,
"ToPort": 8082, "IpProtocol": "tcp", "UserIdGroupPairs": []
+ },
+ {
+ "PrefixListIds": [],
+ "FromPort": 8181,
+ "IpRanges": allowed_vpc_cidr_ip_ranges,
+ "ToPort": 8181, "IpProtocol": "tcp", "UserIdGroupPairs": []
}
])
egress = format_sg([
diff --git a/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy b/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
index afe5e4b..54608ac 100644
--- a/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
+++ b/infrastructure-provisioning/scripts/deploy_repository/templates/configureNexus.groovy
@@ -51,7 +51,7 @@ repository.createPyPiProxy('pypi','https://pypi.org/', 'packages_store', true)
repository.createMavenProxy('maven-central','https://repo1.maven.org/maven2/', 'artifacts_store', true, VersionPolicy.RELEASE, LayoutPolicy.PERMISSIVE)
repository.createMavenProxy('maven-bintray','https://dl.bintray.com/michaelklishin/maven/', 'artifacts_store', true, VersionPolicy.RELEASE, LayoutPolicy.PERMISSIVE)
repository.createDockerHosted('docker-internal', null, 8083, 'docker_store', true, true)
-repository.createDockerProxy('docker_hub', 'https://registry-1.docker.io', 'HUB', null, null, null, 'docker_store', true, false)
+repository.createDockerProxy('docker_hub', 'https://registry-1.docker.io', 'HUB', null, null, 8181, 'docker_store', true, false)
repository.createRawProxy('docker','https://download.docker.com/linux/ubuntu', 'packages_store')
repository.createRawProxy('jenkins','http://pkg.jenkins.io/debian-stable', 'packages_store')
repository.createRawProxy('mongo','http://repo.mongodb.org/apt/ubuntu', 'packages_store')
diff --git a/infrastructure-provisioning/terraform/aws/main/main.tf b/infrastructure-provisioning/terraform/aws/main/main.tf
index 1360dfb..43613d3 100644
--- a/infrastructure-provisioning/terraform/aws/main/main.tf
+++ b/infrastructure-provisioning/terraform/aws/main/main.tf
@@ -43,7 +43,7 @@ module "ssn-k8s" {
subnet_cidr = var.subnet_cidr
ssn_k8s_masters_shape = var.ssn_k8s_masters_shape
ssn_k8s_workers_shape = var.ssn_k8s_workers_shape
- os-user = var.os-user
+ os_user = var.os_user
}
module "common" {
diff --git a/infrastructure-provisioning/terraform/aws/main/variables.tf b/infrastructure-provisioning/terraform/aws/main/variables.tf
index 2c201b0..62ce7c7 100644
--- a/infrastructure-provisioning/terraform/aws/main/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/main/variables.tf
@@ -39,7 +39,7 @@ variable "key_name" {
variable "allowed_cidrs" {
default = ["0.0.0.0/0"]
}
-variable "os-user" {
+variable "os_user" {
default = "dlab-user"
}
@@ -49,7 +49,7 @@ variable "project_tag" {
// SSN
variable "service_base_name" {
- default = "k8s"
+ default = "dlab-k8s"
}
variable "vpc_id" {
default = ""
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md
new file mode 100644
index 0000000..9c0d265
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/README.md
@@ -0,0 +1,23 @@
+# Terraform module for deploying DLab SSN K8S cluster
+
+List of variables which should be provided:
+
+| Variable | Type | Description/Value |
+|--------------------------|--------|-----------------------------------------------------------------------------------------------------------|
+| service\_base\_name | string | Any infrastructure value (should be unique if multiple SSN’s have been deployed before). Default: dlab-k8s|
+| vpc\_id | string | ID of AWS VPC if you already have VPC created. |
+| vpc\_cidr | string | CIDR for VPC creation. Conflicts with _vpc\_id_. Default: 172.31.0.0/16 |
+| subnet\_id | string | ID of AWS Subnet if you already have subnet created. |
+| subnet\_cidr | string | CIDR for Subnet creation. Conflicts with _subnet\_id_. Default: 172.31.0.0/24 |
+| env\_os | string | OS type. Available options: debian, redhat. Default: debian |
+| ami | string | ID of EC2 AMI. |
+| key\_name | string | Name of EC2 Key pair. |
+| region | string | Name of AWS region. Default: us-west-2 |
+| zone | string | Name of AWS zone. Default: a |
+| ssn\_k8s\_masters\_count | int | Count of K8S masters. Default: 3 |
+| ssn\_k8s\_workers\_count | int | Count of K8S workers. Default: 2 |
+| ssn\_root\_volume\_size | int | Size of root volume in GB. Default: 30 |
+| allowed\_cidrs | string | CIDR to allow acces to SSN K8S cluster. Default: 0.0.0.0/0 |
+| ssn\_k8s\_masters\_shape | string | Shape for SSN K8S masters. Default: t2.medium |
+| ssn\_k8s\_workers\_shape | string | Shape for SSN K8S workers. Default: t2.medium |
+| os\_user | string | Name of DLab service user. Default: dlab-user |
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
index 8644734..9877d25 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/auto_scaling_groups.tf
@@ -27,7 +27,7 @@ data "template_file" "ssn_k8s_masters_user_data" {
k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
k8s-eip = aws_eip.k8s-lb-eip.public_ip
k8s-tg-arn = aws_lb_target_group.ssn_k8s_lb_target_group.arn
- k8s-os-user = var.os-user
+ k8s_os_user = var.os_user
}
}
@@ -35,7 +35,7 @@ data "template_file" "ssn_k8s_workers_user_data" {
template = file("../modules/ssn-k8s/files/workers-user-data.sh")
vars = {
k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
- k8s-os-user = var.os-user
+ k8s_os_user = var.os_user
}
}
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
index 67bff3e..2091b89 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
@@ -35,13 +35,13 @@ sleep 5
}
# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s-os-user}
-sudo bash -c 'echo "${k8s-os-user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s-os-user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s-os-user}/.ssh/authorized_keys'
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/
-sudo chmod 700 /home/${k8s-os-user}/.ssh
-sudo chmod 600 /home/${k8s-os-user}/.ssh/authorized_keys
+sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
+sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
+sudo mkdir /home/${k8s_os_user}/.ssh
+sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
+sudo chmod 700 /home/${k8s_os_user}/.ssh
+sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
sudo apt-get update
sudo apt-get install -y python-pip jq unzip
@@ -88,14 +88,14 @@ do
break
fi
done
-sudo mkdir -p /home/${k8s-os-user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s-os-user}/.kube/config
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/.kube
+sudo mkdir -p /home/${k8s_os_user}/.kube
+sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
sudo kubeadm token create --print-join-command > /tmp/join_command
sudo kubeadm init phase upload-certs --upload-certs | grep -v "upload-certs" > /tmp/cert_key
-sudo -i -u ${k8s-os-user} kubectl apply -f \
- "https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s-os-user} kubectl version | base64 | tr -d '\n')"
-sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+sudo -i -u ${k8s_os_user} kubectl apply -f \
+ "https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s_os_user} kubectl version | base64 | tr -d '\n')"
+sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
cat <<EOF > /tmp/rbac-config.yaml
apiVersion: v1
kind: ServiceAccount
@@ -116,8 +116,8 @@ subjects:
name: tiller
namespace: kube-system
EOF
-sudo -i -u ${k8s-os-user} kubectl create -f /tmp/rbac-config.yaml
-sudo -i -u ${k8s-os-user} helm init --service-account tiller --history-max 200
+sudo -i -u ${k8s_os_user} kubectl create -f /tmp/rbac-config.yaml
+sudo -i -u ${k8s_os_user} helm init --service-account tiller --history-max 200
sleep 60
aws s3 cp /tmp/join_command s3://${k8s-bucket-name}/k8s/masters/join_command
aws s3 cp /tmp/cert_key s3://${k8s-bucket-name}/k8s/masters/cert_key
@@ -139,11 +139,11 @@ aws s3 cp s3://${k8s-bucket-name}/k8s/masters/cert_key /tmp/cert_key
join_command=`cat /tmp/join_command`
cert_key=`cat /tmp/cert_key`
sudo $join_command --control-plane --certificate-key $cert_key
-sudo mkdir -p /home/${k8s-os-user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s-os-user}/.kube/config
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/.kube
-sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
-sudo -i -u ${k8s-os-user} helm init --client-only --history-max 200
+sudo mkdir -p /home/${k8s_os_user}/.kube
+sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
+sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+sudo -i -u ${k8s_os_user} helm init --client-only --history-max 200
fi
cat <<EOF > /tmp/update_files.sh
#!/bin/bash
@@ -161,19 +161,19 @@ sudo bash -c 'echo "0 0 * * * root /usr/local/bin/update_files.sh" >> /etc/cront
cat <<EOF > /tmp/remove-etcd-member.sh
#!/bin/bash
hostname=\$(/bin/hostname)
-not_ready_node=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl get nodes | grep NotReady | grep master | awk '{print \$1}')
+not_ready_node=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get nodes | grep NotReady | grep master | awk '{print \$1}')
if [[ \$not_ready_node != "" ]]; then
-etcd_pod_name=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl get pods -n kube-system | /bin/grep etcd \
+etcd_pod_name=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get pods -n kube-system | /bin/grep etcd \
| /bin/grep "\$hostname" | /usr/bin/awk '{print \$1}')
-etcd_member_id=\$(/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
+etcd_member_id=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-- /bin/sh -c "ETCDCTL_API=3 etcdctl member list --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key" | /bin/grep ", \$not_ready_node" | /usr/bin/awk -F',' '{print \$1}')
-/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
+/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-- /bin/sh -c "ETCDCTL_API=3 etcdctl member remove \$etcd_member_id --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key"
-/usr/bin/sudo -i -u ${k8s-os-user} /usr/bin/kubectl delete node \$not_ready_node
+/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl delete node \$not_ready_node
fi
@@ -181,7 +181,7 @@ EOF
sudo mv /tmp/remove-etcd-member.sh /usr/local/bin/remove-etcd-member.sh
sudo chmod 755 /usr/local/bin/remove-etcd-member.sh
sleep 600
-sudo -i -u ${k8s-os-user} helm repo update
+sudo -i -u ${k8s_os_user} helm repo update
sudo bash -c 'echo "* * * * * root /usr/local/bin/remove-etcd-member.sh >> /var/log/cron_k8s.log 2>&1" >> /etc/crontab'
wget https://releases.hashicorp.com/terraform/0.12.3/terraform_0.12.3_linux_amd64.zip -O /tmp/terraform_0.12.3_linux_amd64.zip
unzip /tmp/terraform_0.12.3_linux_amd64.zip -d /tmp/
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
index ad9e9c9..9ccda5d 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/workers-user-data.sh
@@ -28,13 +28,13 @@ sleep 5
}
# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s-os-user}
-sudo bash -c 'echo "${k8s-os-user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s-os-user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s-os-user}/.ssh/authorized_keys'
-sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/
-sudo chmod 700 /home/${k8s-os-user}/.ssh
-sudo chmod 600 /home/${k8s-os-user}/.ssh/authorized_keys
+sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
+sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
+sudo mkdir /home/${k8s-os-_ser}/.ssh
+sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
+sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
+sudo chmod 700 /home/${k8s_os_user}/.ssh
+sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
sudo apt-get update
sudo apt-get install -y python-pip
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
index 6b1363e..cb16348 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/variables.tf
@@ -51,4 +51,4 @@ variable "ssn_k8s_masters_shape" {}
variable "ssn_k8s_workers_shape" {}
-variable "os-user" {}
\ No newline at end of file
+variable "os_user" {}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org