Kubernetes Principal - hqzhang/cloudtestbed GitHub Wiki
Kubernetes on AWS how to install kubernetes on AWS with Centos
#0. Variable define variable
variable "control_count" { default = 1 }
Usage: "${var.control_count}"
#1.Provider define provider
provider "aws" {
region = "${var.region}"
}
Usage:no
#2.variable define variableVVVVVV
variable "control_count" { default = 1 }
Usage: "${var.control_count}"
#3.resource declare and define object VVVVVVVV
resource "aws_route53_zone" "primary" {
name = "wavecloud.com"
}
Usage:"${aws_route53_zone.primary.zone_id}"
#4.output define variable with print
output "aws_hosted_zone" {
value = "${aws_route53_zone.primary.zone_id}"
}
Usage:no
#5. Module define code reuseVVVV
module "ssh-key" {
source ="./terraform/aws/ssh"
short_name = "${var.short_name}"
}
subdirectory:
resource "aws_key_pair" "deployer" {
key_name = "key-${var.short_name}"
public_key = "${file(var.ssh_key)}"
}
Usage: module.ssh-key.aws_key_pair.deployer
#Terraform Item List
├── hostedzone
│ └── main.tf
├── iam
│ └── main.tf
├── instance
│ └── main.tf
├── route53
│ └── dns
│ └── main.tf
├── security_groups
│ └── main.tf
├── ssh
│ ├── main.tf
│ ├── terraform.tfstate
│ └── terraform.tfstate.backup
├── terraform.tfstate
├── terraform.tfstate.backup
└── vpc
└── main.tf
#1. route53_zone
resource "aws_route53_zone" "primary" {
name = "${var.dns_domain}"
}
#2. ssh-key
variable "ssh_key" {default = "~/.ssh/id_rsa.pub"}
resource "aws_key_pair" "deployer" {
short_name = "${var.short_name}"
key_name = "key-${var.short_name}"
public_key = "${file(var.ssh_key)}"
}
output "ssh_key_name" {
value = "${aws_key_pair.deployer.key_name}"
}
#3. router53
resource "aws_route53_record" "dns-control" {
count = "${var.control_count}"
zone_id = "${var.hosted_zone_id}"
records = ["${element(split(",", var.control_ips), count.index)}"]
name = "${var.short_name}-control-${format("%02d", count.index+1)}.node.${var.domain}"
type = "A"
ttl = 60
}
# group records
resource "aws_route53_record" "dns-control-group" {
count = "${var.control_count}"
zone_id = "${var.hosted_zone_id}"
name = "${var.control_subdomain}${var.subdomain}.${var.domain}"
records = ["${split(",", var.control_ips)}"]
type = "A"
ttl = 60
}
output "control_fqdn" {
value = "${join(",", aws_route53_record.dns-control.*.fqdn)}"
}
#4. network vpc
resource "aws_vpc" "main" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags = {
Name = "${var.long_name}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_subnet" "main" {
vpc_id = "${aws_vpc.main.id}"
count = "${length(split(",", var.availability_zones))}"
cidr_block = "${lookup(var.cidr_blocks, "az${count.index}")}"
availability_zone = "${var.region}${element(split(",", var.availability_zones), count.index)}"
tags = {
Name = "${var.long_name}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "${var.long_name}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_route_table" "main" {
vpc_id = "${aws_vpc.main.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.main.id}"
}
tags = {
Name = "${var.long_name}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_main_route_table_association" "main" {
vpc_id = "${aws_vpc.main.id}"
route_table_id = "${aws_route_table.main.id}"
}
resource "aws_route_table_association" "main" {
count = "${length(split(",", var.availability_zones))}"
subnet_id = "${element(aws_subnet.main.*.id, count.index)}"
route_table_id = "${aws_route_table.main.id}"
}
output "availability_zones" {
value = "${join(",",aws_subnet.main.*.availability_zone)}"
}
output "subnet_ids" {
value = "${join(",",aws_subnet.main.*.id)}"
}
output "default_security_group" {
value = "${aws_vpc.main.default_security_group_id}"
}
output "vpc_id" {
value = "${aws_vpc.main.id}"
}
#5. iam profile
resource "aws_iam_instance_profile" "control_profile" {
name = "${var.short_name}-control-profile"
role = "${aws_iam_role.control_role.name}"
}
resource "aws_iam_role_policy" "control_policy" {
name = "${var.short_name}-control-policy"
role = "${aws_iam_role.control_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ec2:*"],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": ["elasticloadbalancing:*"],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": ["route53:*"],
"Resource": ["*"]
}
]
}
EOF
}
resource "aws_iam_role" "control_role" {
name = "${var.short_name}-control-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
output "control_iam_instance_profile" {
value = "${aws_iam_instance_profile.control_profile.name}"
}
#6. secutiry group
resource "aws_security_group" "control" {
name = "${var.short_name}-control"
description = "Allow inbound traffic for control nodes"
vpc_id = "${var.vpc_id}"
tags = {
KubernetesCluster = "${var.short_name}"
}
ingress { # SSH
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # Mesos
from_port = 5050
to_port = 5050
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # Marathon
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # Chronos
from_port = 4400
to_port = 4400
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # Consul
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # ICMP
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # Consul
from_port = 8500
to_port = 8500
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress { # ICMP
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
}
output "control_security_group" {
value = "${aws_security_group.control.id}"
}
#7. instance
resource "aws_ebs_volume" "ebs" {
availability_zone = "${element(split(",", var.availability_zones), count.index)}"
#count = "${var.count}"
size = "${var.data_ebs_volume_size}"
type = "${var.data_ebs_volume_type}"
tags = {
Name = "${var.short_name}-${var.role}-lvm-${format(var.count_format, count.index+1)}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_instance" "instance" {
ami = "${var.source_ami}"
instance_type = "${var.ec2_type}"
count = "${var.count}"
vpc_security_group_ids = [ "${split(",", var.security_group_ids)}"]
key_name = "${var.ssh_key_pair}"
associate_public_ip_address = true
subnet_id = "${element(split(",", var.vpc_subnet_ids), count.index)}"
iam_instance_profile = "${var.iam_profile}"
root_block_device {
delete_on_termination = true
volume_size = "${var.ebs_volume_size}"
volume_type = "${var.ebs_volume_type}"
}
tags {
Name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}"
sshUser = "${var.ssh_username}"
role = "${var.role}"
dc = "${var.datacenter}"
KubernetesCluster = "${var.short_name}"
}
}
resource "aws_volume_attachment" "instance-lvm-attachment" {
count = "${var.count}"
device_name = "xvdh"
instance_id = "${element(aws_instance.instance.*.id, count.index)}"
volume_id = "${element(aws_ebs_volume.ebs.*.id, count.index)}"
force_detach = true
}
output "hostname_list" {
value = "${join(",", aws_instance.instance.*.tags.Name)}"
}
output "ec2_ids" {
value = "${join(",", aws_instance.instance.*.id)}"
}
output "ec2_ips" {
value = "${join(",", aws_instance.instance.*.public_ip)}"
}