azure: update assets directory

Updates to new version and according file changes for the respective version. Part of #314 Signed-off-by: Kautilya Tripathi <kautilya@kinvolk.io>
kinvolk · Mar 16, 2022 · 283d4e5 · 283d4e5
1 parent f50166a
commit 283d4e5
Show file tree

Hide file tree

Showing 20 changed files with 978 additions and 353 deletions.
diff --git a/assets/terraform-modules/azure/flatcar-linux/kubernetes/bootkube.tf b/assets/terraform-modules/azure/flatcar-linux/kubernetes/bootkube.tf
@@ -1,22 +1,33 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
+locals {
+  api_server = format("%s.%s", var.cluster_name, var.dns_zone)
+}
+
 module "bootkube" {
   source = "../../../bootkube"
 
-  cluster_name = var.cluster_name
-  api_servers  = [format("%s.%s", var.cluster_name, var.dns_zone)]
-  etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone)
-  asset_dir    = var.asset_dir
+  cluster_name     = var.cluster_name
+  api_servers      = [local.api_server]
+  etcd_servers     = [for i, d in azurerm_linux_virtual_machine.controllers : format("%s-etcd%d.%s", var.cluster_name, i, var.dns_zone)]
+  etcd_endpoints   = azurerm_linux_virtual_machine.controllers.*.private_ip_address
+  asset_dir        = var.asset_dir
+  controller_count = var.controller_count
 
   network_encapsulation = "vxlan"
 
   # we should be able to use 1450 MTU, but in practice, 1410 was needed
   network_mtu = "1410"
 
-  pod_cidr              = var.pod_cidr
-  service_cidr          = var.service_cidr
-  cluster_domain_suffix = var.cluster_domain_suffix
-  enable_reporting      = var.enable_reporting
-  enable_aggregation    = var.enable_aggregation
-
+  conntrack_max_per_core = var.conntrack_max_per_core
+  pod_cidr               = var.pod_cidr
+  service_cidr           = var.service_cidr
+  cluster_domain_suffix  = var.cluster_domain_suffix
+  bootstrap_tokens       = var.enable_tls_bootstrap ? concat([local.controller_bootstrap_token], var.worker_bootstrap_tokens) : []
+  enable_tls_bootstrap   = var.enable_tls_bootstrap
+  enable_reporting       = var.enable_reporting
+  enable_aggregation     = var.enable_aggregation
+  encrypt_pod_traffic    = var.encrypt_pod_traffic
+  # Disable the self hosted kubelet.
+  disable_self_hosted_kubelet = var.disable_self_hosted_kubelet
   certs_validity_period_hours = var.certs_validity_period_hours
 }
diff --git a/assets/terraform-modules/azure/flatcar-linux/kubernetes/bootstrap-configs.tf b/assets/terraform-modules/azure/flatcar-linux/kubernetes/bootstrap-configs.tf
@@ -0,0 +1,24 @@
+locals {
+  controller_bootstrap_token = var.enable_tls_bootstrap ? {
+    token_id     = random_string.bootstrap_token_id[0].result
+    token_secret = random_string.bootstrap_token_secret[0].result
+  } : {}
+}
+
+# Generate a cryptographically random token id (public).
+resource "random_string" "bootstrap_token_id" {
+  count = var.enable_tls_bootstrap == true ? 1 : 0
+
+  length  = 6
+  upper   = false
+  special = false
+}
+
+# Generate a cryptographically random token secret.
+resource "random_string" "bootstrap_token_secret" {
+  count = var.enable_tls_bootstrap == true ? 1 : 0
+
+  length  = 16
+  upper   = false
+  special = false
+}