terraform-docs

README.md

@@ -11,11 +11,11 @@
 | aws\_region | AWS region (e.g. `us-east-1` => US North Virginia) | string | `"us-east-1"` | no |
 | etcd\_instance\_type | EC2 instance type for the instances | string | `"t3.small"` | no |
 | etcd\_instances | Number of EC2 instances to provision for etcd | number | `"3"` | no |
-| hosted\_zone | Route53 Hosted Zone for creating records (without . suffix, e.g. `example.com`) | string | n/a | yes |
+| hosted\_zone | Route53 Hosted Zone for creating records (without . suffix, e.g. `napo.io`) | string | n/a | yes |
 | master\_instance\_type | EC2 instance type for the instances | string | `"t3.small"` | no |
 | master\_instances | Number of EC2 instances to provision for Kubernetes master nodes | number | `"3"` | no |
 | owner | Owner name used for tags | string | n/a | yes |
-| project | Project name used for tags | string | `"k8s-hard-way"` | no |
+| project | Project name used for tags | string | `"k8s-the-real-hard-way"` | no |
 | ssh\_public\_key\_path | SSH public key path | string | `"~/.ssh/id_rsa.pub"` | no |
 | vpc\_cidr | VPC CIDR block | string | `"10.23.0.0/16"` | no |
 | worker\_instance\_type | EC2 instance type for the instances | string | `"t3.small"` | no |
@@ -25,8 +25,11 @@
 
 | Name | Description |
 |------|-------------|
-| elastic\_ip\_master | Elastic IP for first master node |
-| route53\_master\_fqdn | Route53 records for master instances |
-| route53\_worker\_fqdn | Route53 records for worker instances |
+| route53\_etcd\_private\_fqdn | Route53 records for etcd instances private |
+| route53\_etcd\_public\_fqdn | Route53 records for etcd instances public |
+| route53\_master\_private\_fqdn | Route53 records for kube master instances private |
+| route53\_master\_public\_fqdn | Route53 records for kube master instances public |
+| route53\_worker\_private\_fqdn | Route53 records for kube worker instances private |
+| route53\_worker\_public\_fqdn | Route53 records for kube worker instances public |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

main.tf

@@ -13,7 +13,7 @@ data "aws_availability_zones" "available" {
   state = "available"
 }
 
-
+# Get local workstation's external IPv4 address
 data "http" "workstation-external-ip" {
   url = "http://ipv4.icanhazip.com"
 }
@@ -22,13 +22,13 @@ locals {
   workstation-external-cidr = "${chomp(data.http.workstation-external-ip.body)}/32"
 }
 
-
+# Get HostedZone ID
 data "aws_route53_zone" "selected" {
   name         = "${var.hosted_zone}."
   private_zone = false
 }
 
-
+# AWS VPC
 resource "aws_vpc" "main" {
   cidr_block                       = var.vpc_cidr
   enable_dns_hostnames             = true
@@ -42,7 +42,7 @@ resource "aws_vpc" "main" {
   }
 }
 
-
+# Public Subnets
 resource "aws_subnet" "public" {
   count                   = var.availability_zones
   availability_zone       = element(data.aws_availability_zones.available.names, count.index)
@@ -97,7 +97,7 @@ resource "aws_key_pair" "ssh" {
   public_key = file(var.ssh_public_key_path)
 }
 
-
+# SecurityGroups
 resource "aws_security_group" "allow_workstation" {
   name        = "allow_workstationctl_ssh_http_https"
   description = "Allow kubectl ssh http https inbound traffic for kubectl"
@@ -139,7 +139,7 @@ resource "aws_security_group" "allow_workstation" {
   }
 
   tags = {
-    Name    = "${var.project}-sg-workstation"
+    Name    = "${var.project}-workstation"
     Project = var.project
     Owner   = var.owner
   }
@@ -173,13 +173,17 @@ resource "aws_security_group" "allow_internal" {
   }
 }
 
-
+# etcd EC2 Instances
 resource "aws_instance" "etcd" {
-  count                  = var.etcd_instances
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.etcd_instance_type
-  subnet_id              = aws_subnet.public[count.index].id
-  key_name               = aws_key_pair.ssh.key_name
+  count         = var.etcd_instances
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = var.etcd_instance_type
+  subnet_id     = aws_subnet.public[count.index].id
+  key_name      = aws_key_pair.ssh.key_name
+  user_data = templatefile("${path.module}/userdata.tpl", {
+    component = "etcd"
+    domain    = var.hosted_zone
+  })
   ebs_optimized          = true
   monitoring             = true
   vpc_security_group_ids = [aws_security_group.allow_workstation.id, aws_security_group.allow_internal.id]
@@ -192,13 +196,17 @@ resource "aws_instance" "etcd" {
   }
 }
 
-
+# Kubernetes Master EC2 Instances
 resource "aws_instance" "master" {
-  count                  = var.master_instances
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.master_instance_type
-  subnet_id              = aws_subnet.public[count.index].id
-  key_name               = aws_key_pair.ssh.key_name
+  count         = var.master_instances
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = var.master_instance_type
+  subnet_id     = aws_subnet.public[count.index].id
+  key_name      = aws_key_pair.ssh.key_name
+  user_data = templatefile("${path.module}/userdata.tpl", {
+    component = "master"
+    domain    = var.hosted_zone
+  })
   ebs_optimized          = true
   monitoring             = true
   vpc_security_group_ids = [aws_security_group.allow_workstation.id, aws_security_group.allow_internal.id]
@@ -211,17 +219,20 @@ resource "aws_instance" "master" {
   }
 }
 
-
+# Kubernetes Worker EC2 Instances
 resource "aws_instance" "worker" {
-  count                  = var.worker_instances
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = var.worker_instance_type
-  subnet_id              = aws_subnet.public[count.index].id
-  key_name               = aws_key_pair.ssh.key_name
+  count         = var.worker_instances
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = var.worker_instance_type
+  subnet_id     = aws_subnet.public[count.index].id
+  key_name      = aws_key_pair.ssh.key_name
+  user_data = templatefile("${path.module}/userdata.tpl", {
+    component = "worker"
+    domain    = var.hosted_zone
+  })
   ebs_optimized          = true
   monitoring             = true
   vpc_security_group_ids = [aws_security_group.allow_workstation.id, aws_security_group.allow_internal.id]
-  user_data              = file("user_data.sh")
 
   tags = {
     Name    = "${var.project}-worker-${count.index + 1}"
@@ -231,33 +242,62 @@ resource "aws_instance" "worker" {
 }
 
 
-resource "aws_route53_record" "master" {
+# etcd Route53 records
+resource "aws_route53_record" "etcd-public" {
   count   = var.availability_zones
   zone_id = data.aws_route53_zone.selected.id
-  name    = "k8s-master-${var.owner}-${count.index + 1}"
+  name    = "etcd${count.index + 1}"
   type    = "A"
   ttl     = "300"
-  records = [aws_instance.master[count.index].public_ip]
+  records = [aws_instance.etcd[count.index].public_ip]
+}
+
+resource "aws_route53_record" "etcd-private" {
+  count   = var.availability_zones
+  zone_id = data.aws_route53_zone.selected.id
+  name    = "etcd${count.index + 1}.internal"
+  type    = "A"
+  ttl     = "300"
+  records = [aws_instance.etcd[count.index].private_ip]
 }
 
 
-resource "aws_route53_record" "worker" {
+# Kubernetes Master Route53 records
+resource "aws_route53_record" "master-public" {
   count   = var.availability_zones
   zone_id = data.aws_route53_zone.selected.id
-  name    = "k8s-worker-${var.owner}-${count.index + 1}"
+  name    = "master${count.index + 1}"
   type    = "A"
   ttl     = "300"
-  records = [aws_instance.worker[count.index].public_ip]
+  records = [aws_instance.master[count.index].public_ip]
+}
+
+resource "aws_route53_record" "master-private" {
+  count   = var.availability_zones
+  zone_id = data.aws_route53_zone.selected.id
+  name    = "master${count.index + 1}.internal"
+  type    = "A"
+  ttl     = "300"
+  records = [aws_instance.master[count.index].private_ip]
 }
 
 
-resource "aws_eip" "eip" {
-  instance = aws_instance.master.0.id
-  vpc      = true
+# Kubernetes Worker Route53 records
+resource "aws_route53_record" "worker-public" {
+  count   = var.availability_zones
+  zone_id = data.aws_route53_zone.selected.id
+  name    = "worker${count.index + 1}"
+  type    = "A"
+  ttl     = "300"
+  records = [aws_instance.worker[count.index].public_ip]
+}
 
-  tags = {
-    Name    = "${var.project}-eip"
-    Project = var.project
-    Owner   = var.owner
-  }
+resource "aws_route53_record" "worker-private" {
+  count   = var.availability_zones
+  zone_id = data.aws_route53_zone.selected.id
+  name    = "worker${count.index + 1}.internal"
+  type    = "A"
+  ttl     = "300"
+  records = [aws_instance.worker[count.index].private_ip]
 }
+

outputs.tf

@@ -1,14 +1,29 @@
-output "route53_worker_fqdn" {
-  description = "Route53 records for worker instances"
-  value       = [aws_route53_record.worker.*.fqdn]
+output "route53_etcd_public_fqdn" {
+  description = "Route53 records for etcd instances public"
+  value       = [aws_route53_record.etcd-public.*.fqdn]
 }
 
-output "route53_master_fqdn" {
-  description = "Route53 records for master instances"
-  value       = [aws_route53_record.master.*.fqdn]
+output "route53_etcd_private_fqdn" {
+  description = "Route53 records for etcd instances private"
+  value       = [aws_route53_record.etcd-private.*.fqdn]
 }
 
-output "elastic_ip_master" {
-  description = "Elastic IP for first master node"
-  value       = [aws_eip.eip.public_ip]
-}
+output "route53_master_public_fqdn" {
+  description = "Route53 records for kube master instances public"
+  value       = [aws_route53_record.master-public.*.fqdn]
+}
+
+output "route53_master_private_fqdn" {
+  description = "Route53 records for kube master instances private"
+  value       = [aws_route53_record.master-private.*.fqdn]
+}
+
+output "route53_worker_public_fqdn" {
+  description = "Route53 records for kube worker instances public"
+  value       = [aws_route53_record.worker-public.*.fqdn]
+}
+
+output "route53_worker_private_fqdn" {
+  description = "Route53 records for kube worker instances private"
+  value       = [aws_route53_record.worker-private.*.fqdn]
+}

userdata.tpl

@@ -0,0 +1,12 @@
+#!/bin/env bash
+sudo apt-get update
+sudo apt-get upgrade -y
+sudo apt-get install python3-pip -y
+pip3 install awscli
+wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
+chmod +x cfssl_linux-amd64
+sudo mv cfssl_linux-amd64 /usr/local/bin/cfssl
+wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
+chmod +x cfssljson_linux-amd64
+sudo mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
+sudo hostname " + "${component}" + str(x + 1) + "." + "internal." + ${domain},

variables.tf

@@ -1,7 +1,12 @@
-variable "aws_region" {
-  description = "AWS region (e.g. `us-east-1` => US North Virginia)"
+variable "project" {
+  description = "Project name used for tags"
+  type        = string
+  default     = "k8s-the-real-hard-way"
+}
+
+variable "owner" {
+  description = "Owner name used for tags"
   type        = string
-  default     = "us-east-1"
 }
 
 variable "aws_profile" {
@@ -10,6 +15,12 @@ variable "aws_profile" {
   default     = "default"
 }
 
+variable "aws_region" {
+  description = "AWS region (e.g. `us-east-1` => US North Virginia)"
+  type        = string
+  default     = "us-east-1"
+}
+
 variable "availability_zones" {
   description = "Number of different AZs to use"
   type        = number
@@ -52,17 +63,6 @@ variable "worker_instance_type" {
   default     = "t3.small"
 }
 
-variable "project" {
-  description = "Project name used for tags"
-  type        = string
-  default     = "k8s-hard-way"
-}
-
-variable "owner" {
-  description = "Owner name used for tags"
-  type        = string
-}
-
 variable "vpc_cidr" {
   description = "VPC CIDR block"
   type        = string
@@ -76,6 +76,6 @@ variable "ssh_public_key_path" {
 }
 
 variable "hosted_zone" {
-  description = "Route53 Hosted Zone for creating records (without . suffix, e.g. `example.com`)"
+  description = "Route53 Hosted Zone for creating records (without . suffix, e.g. `napo.io`)"
   type        = string
 }

version.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12.1"
+}