forked from openshift/installer
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
modules/*: trust CA certificates on the nodes (openshift#2362)
* modules/*: trust CA certificates on the nodes This also bumps the ignition provider to 1.0.0 to support S3 downloads via ignition. Fixes #INST-67 * modules/ignition: unify etcd certificate generation Currently etcd certificate ignition files are created in their respective platform module. This unifies it by declaring the ignition file units centrally in the ignition module. * modules/tls/etcd: remove zip generation Currently the etcd TLS module also generates a zip file which is only used on AWS to reduce the userdata size to be <20k (hard limit on AWS). Since the etcd TLS assets will be provisioned via S3 this optimization/hack is not needed any more. * */aws: use S3 for ignition provisioning We hit the limits of the AWS userdata limit (20k) constantly. This fixes it by provisioning a minimal ignition configuration only which points to a replacement ignition configuration hosted on S3. This also removes workarounds/hacks to keep the userdata size small, especially for provisioning TLS assets on etcd nodes. * Documentation/examples: regenerate * */azure: use unified etcd TLS ignition files * */gcp: use unified etcd TLS ignition files * */openstack: use unified etcd TLS ignition files * */vmware: use unified etcd TLS ignition files
- Loading branch information
Sergiusz Urbaniak
authored
Nov 22, 2017
1 parent
f82cae0
commit 0c7ac90
Showing
55 changed files
with
915 additions
and
981 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
resource "aws_s3_bucket_object" "ignition_etcd" { | ||
count = "${length(var.external_endpoints) == 0 ? var.instance_count : 0}" | ||
|
||
bucket = "${var.s3_bucket}" | ||
key = "ignition_etcd_${count.index}.json" | ||
content = "${data.ignition_config.etcd.*.rendered[count.index]}" | ||
acl = "private" | ||
|
||
server_side_encryption = "AES256" | ||
|
||
tags = "${merge(map( | ||
"Name", "${var.cluster_name}-ignition-etcd-${count.index}", | ||
"KubernetesCluster", "${var.cluster_name}", | ||
"tectonicClusterID", "${var.cluster_id}" | ||
), var.extra_tags)}" | ||
} | ||
|
||
data "ignition_config" "s3" { | ||
count = "${length(var.external_endpoints) == 0 ? var.instance_count : 0}" | ||
|
||
replace { | ||
source = "${format("s3://%s/%s", var.s3_bucket, aws_s3_bucket_object.ignition_etcd.*.key[count.index])}" | ||
verification = "sha512-${sha512(data.ignition_config.etcd.*.rendered[count.index])}" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "aws_s3_bucket_object" "ignition_master" { | ||
bucket = "${var.s3_bucket}" | ||
key = "ignition_master.json" | ||
content = "${data.ignition_config.main.rendered}" | ||
acl = "private" | ||
|
||
server_side_encryption = "AES256" | ||
|
||
tags = "${merge(map( | ||
"Name", "${var.cluster_name}-ignition-master", | ||
"KubernetesCluster", "${var.cluster_name}", | ||
"tectonicClusterID", "${var.cluster_id}" | ||
), var.extra_tags)}" | ||
} | ||
|
||
data "ignition_config" "s3" { | ||
replace { | ||
source = "${format("s3://%s/%s", var.s3_bucket, aws_s3_bucket_object.ignition_master.key)}" | ||
verification = "sha512-${sha512(data.ignition_config.main.rendered)}" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "aws_s3_bucket_object" "ignition_worker" { | ||
bucket = "${var.s3_bucket}" | ||
key = "ignition_worker.json" | ||
content = "${data.ignition_config.main.rendered}" | ||
acl = "private" | ||
|
||
server_side_encryption = "AES256" | ||
|
||
tags = "${merge(map( | ||
"Name", "${var.cluster_name}-ignition-worker", | ||
"KubernetesCluster", "${var.cluster_name}", | ||
"tectonicClusterID", "${var.cluster_id}" | ||
), var.extra_tags)}" | ||
} | ||
|
||
data "ignition_config" "s3" { | ||
replace { | ||
source = "${format("s3://%s/%s", var.s3_bucket, aws_s3_bucket_object.ignition_worker.key)}" | ||
verification = "sha512-${sha512(data.ignition_config.main.rendered)}" | ||
} | ||
} |
Oops, something went wrong.