mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
general improvements, dont require iam
This commit is contained in:
parent
677cc1a191
commit
bf6ca8b2d8
@ -42,14 +42,3 @@ data "aws_ami" "ubuntu" {
|
||||
values = ["x86_64"]
|
||||
}
|
||||
}
|
||||
|
||||
data "template_file" "k3s-pool-worker-user_data" {
|
||||
template = file("${path.module}/files/pool_worker_userdata.tmpl")
|
||||
|
||||
vars = {
|
||||
k3s_url = data.terraform_remote_state.server.outputs.public_ip[0]
|
||||
k3s_cluster_secret = local.k3s_cluster_secret
|
||||
install_k3s_version = local.install_k3s_version
|
||||
k3s_per_node = var.k3s_per_node
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +1,10 @@
|
||||
#cloud-config
|
||||
%{ if length(extra_ssh_keys) > 0 }
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC06Qvs+Y9JiyOTeYNGAN/Ukq7SmeCTr7EreD1K8Lwu5VuOmo+SBZh685tNTEGV044HgFvGEOBVreDlO2ArYuwHjUBGnpQGV8/abjoeLrmZBdREAUzBQ1h2GFE/WssKUfum81cnigRK1J3tWP7emq/Y2h/Zw5F09yiCIlXMBX2auKWUCXqwG3xKTi1NVSF9N6BGyFolrAR0LZJ6k7UBXPRc/QDTclI427gSJNbnmn8LVym6YxacV/V9Y7s23iR5zYbhLPe9VJWYNk1brVvfUVb3mILVVYz76KGEq8SHdWlPQPCOp+fSJ+PezDRklnex/MmvhNrBOmMSNcpj7wSLA3hD wmaxwell@wmaxwell-laptop
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5O7k6gRYCU7YPkCH6dyXVW10izMAkDAQtQxNxdRE22 drpebcak
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2TBZGjE+J8ag11dzkFT58J3XPONDrVmalCNrKxsfADfyy0eqdZrG8hAcxAR/5zuj90Gin2uB4RSw6Cn4VHsPZcFpXyQCj1KQDADj+WcuhpXOIOY3AB0LZBly9NI0ll+8lo3QtEaoyRLtrMBhQ6Mooy2M3MTG4JNwU9o3yInuqZWf9PvtW6KxMl+ygg1xZkljhemGZ9k0wSrjqif+8usNbzVlCOVQmZwZA+BZxbdcLNwkg7zWJSXzDIXyqM6iWPGXQDEbWLq3+HR1qKucTCSxjbqoe0FD5xcW7NHIME5XKX84yH92n6yn+rxSsyUfhJWYqJd+i0fKf5UbN6qLrtd/D darren@darrens
|
||||
%{ for ssh_key in extra_ssh_keys }
|
||||
- ${ssh_key}
|
||||
%{ endfor }
|
||||
%{ endif }
|
||||
runcmd:
|
||||
- echo "net.ipv4.neigh.default.gc_interval = 3600" >> /etc/sysctl.conf
|
||||
- echo "net.ipv4.neigh.default.gc_stale_time = 3600" >> /etc/sysctl.conf
|
||||
|
@ -55,7 +55,7 @@ module "k3s-pool-worker-asg" {
|
||||
asg_name = local.name
|
||||
instance_type = var.worker_instance_type
|
||||
image_id = data.aws_ami.ubuntu.id
|
||||
user_data = data.template_file.k3s-pool-worker-user_data.rendered
|
||||
user_data = base64encode(templatefile("${path.module}/files/pool_worker_userdata.tmpl", { k3s_url = data.terraform_remote_state.server.outputs.public_ip[0], k3s_cluster_secret = local.k3s_cluster_secret, install_k3s_version = local.install_k3s_version, k3s_per_node = var.k3s_per_node, extra_ssh_keys = var.extra_ssh_keys }))
|
||||
ebs_optimized = true
|
||||
|
||||
desired_capacity = var.node_count
|
||||
|
@ -14,3 +14,9 @@ variable "worker_instance_type" {
|
||||
type = string
|
||||
default = "c5.4xlarge"
|
||||
}
|
||||
|
||||
variable "extra_ssh_keys" {
|
||||
type = list
|
||||
default = []
|
||||
description = "Extra ssh keys to inject into Rancher instances"
|
||||
}
|
||||
|
@ -45,39 +45,3 @@ data "template_file" "k3s-prom-yaml" {
|
||||
graf_host = var.graf_host
|
||||
}
|
||||
}
|
||||
|
||||
data "template_file" "k3s-server-user_data" {
|
||||
template = file("${path.module}/files/server_userdata.tmpl")
|
||||
|
||||
vars = {
|
||||
create_eip = 1
|
||||
metrics_yaml = base64encode(data.template_file.metrics.rendered)
|
||||
prom_yaml = base64encode(data.template_file.k3s-prom-yaml.rendered)
|
||||
eip = join(",", aws_eip.k3s-server.*.public_ip)
|
||||
k3s_cluster_secret = local.k3s_cluster_secret
|
||||
install_k3s_version = local.install_k3s_version
|
||||
k3s_server_args = var.k3s_server_args
|
||||
}
|
||||
}
|
||||
|
||||
data "template_file" "k3s-prom-worker-user_data" {
|
||||
template = file("${path.module}/files/worker_userdata.tmpl")
|
||||
|
||||
vars = {
|
||||
k3s_url = aws_eip.k3s-server.0.public_ip
|
||||
k3s_cluster_secret = local.k3s_cluster_secret
|
||||
install_k3s_version = local.install_k3s_version
|
||||
k3s_exec = "--node-label prom=true"
|
||||
}
|
||||
}
|
||||
|
||||
data "template_file" "k3s-worker-user_data" {
|
||||
template = file("${path.module}/files/worker_userdata.tmpl")
|
||||
|
||||
vars = {
|
||||
k3s_url = aws_eip.k3s-server.0.public_ip
|
||||
k3s_cluster_secret = local.k3s_cluster_secret
|
||||
install_k3s_version = local.install_k3s_version
|
||||
k3s_exec = ""
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +1,10 @@
|
||||
#cloud-config
|
||||
%{ if length(extra_ssh_keys) > 0 }
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC06Qvs+Y9JiyOTeYNGAN/Ukq7SmeCTr7EreD1K8Lwu5VuOmo+SBZh685tNTEGV044HgFvGEOBVreDlO2ArYuwHjUBGnpQGV8/abjoeLrmZBdREAUzBQ1h2GFE/WssKUfum81cnigRK1J3tWP7emq/Y2h/Zw5F09yiCIlXMBX2auKWUCXqwG3xKTi1NVSF9N6BGyFolrAR0LZJ6k7UBXPRc/QDTclI427gSJNbnmn8LVym6YxacV/V9Y7s23iR5zYbhLPe9VJWYNk1brVvfUVb3mILVVYz76KGEq8SHdWlPQPCOp+fSJ+PezDRklnex/MmvhNrBOmMSNcpj7wSLA3hD wmaxwell@wmaxwell-laptop
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5O7k6gRYCU7YPkCH6dyXVW10izMAkDAQtQxNxdRE22 drpebcak
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2TBZGjE+J8ag11dzkFT58J3XPONDrVmalCNrKxsfADfyy0eqdZrG8hAcxAR/5zuj90Gin2uB4RSw6Cn4VHsPZcFpXyQCj1KQDADj+WcuhpXOIOY3AB0LZBly9NI0ll+8lo3QtEaoyRLtrMBhQ6Mooy2M3MTG4JNwU9o3yInuqZWf9PvtW6KxMl+ygg1xZkljhemGZ9k0wSrjqif+8usNbzVlCOVQmZwZA+BZxbdcLNwkg7zWJSXzDIXyqM6iWPGXQDEbWLq3+HR1qKucTCSxjbqoe0FD5xcW7NHIME5XKX84yH92n6yn+rxSsyUfhJWYqJd+i0fKf5UbN6qLrtd/D darren@darrens
|
||||
%{ for ssh_key in extra_ssh_keys }
|
||||
- ${ssh_key}
|
||||
%{ endfor }
|
||||
%{ endif }
|
||||
write_files:
|
||||
- path: /var/lib/rancher/k3s/server/manifests/metrics.yaml
|
||||
permissions: "0755"
|
||||
@ -36,10 +38,4 @@ runcmd:
|
||||
- apt-get install -y software-properties-common resolvconf linux-headers-$(uname -r)
|
||||
- echo "nameserver 1.1.1.1" > /etc/resolvconf/resolv.conf.d/tail
|
||||
- systemctl start resolvconf
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||
- apt-get update
|
||||
- apt-get -y install docker-ce
|
||||
- DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
|
||||
- if [ "${create_eip}" = "1" ]; then docker run -e "EIP=${eip}" cloudnautique/eip-autoassign:latest; fi
|
||||
- until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="${k3s_server_args} --disable-agent --no-deploy traefik --no-deploy servicelb --cluster-cidr=10.0.0.0/8 --service-cidr=192.168.0.0/16 --cluster-dns=192.168.0.10 --tls-san ${eip}" K3S_CLUSTER_SECRET="${k3s_cluster_secret}" INSTALL_K3S_VERSION=${install_k3s_version} sh -); do echo 'Error installing k3s'; sleep 1; done
|
||||
- until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="${k3s_server_args} --disable-agent --no-deploy traefik --no-deploy servicelb --cluster-cidr=10.0.0.0/8 --service-cidr=192.168.0.0/16 --cluster-dns=192.168.0.10 --tls-san ${public_ip}" K3S_CLUSTER_SECRET="${k3s_cluster_secret}" INSTALL_K3S_VERSION=${install_k3s_version} sh -); do echo 'Error installing k3s'; sleep 1; done
|
||||
|
@ -1,7 +1,10 @@
|
||||
#cloud-config
|
||||
%{ if length(extra_ssh_keys) > 0 }
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC06Qvs+Y9JiyOTeYNGAN/Ukq7SmeCTr7EreD1K8Lwu5VuOmo+SBZh685tNTEGV044HgFvGEOBVreDlO2ArYuwHjUBGnpQGV8/abjoeLrmZBdREAUzBQ1h2GFE/WssKUfum81cnigRK1J3tWP7emq/Y2h/Zw5F09yiCIlXMBX2auKWUCXqwG3xKTi1NVSF9N6BGyFolrAR0LZJ6k7UBXPRc/QDTclI427gSJNbnmn8LVym6YxacV/V9Y7s23iR5zYbhLPe9VJWYNk1brVvfUVb3mILVVYz76KGEq8SHdWlPQPCOp+fSJ+PezDRklnex/MmvhNrBOmMSNcpj7wSLA3hD wmaxwell@wmaxwell-laptop
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5O7k6gRYCU7YPkCH6dyXVW10izMAkDAQtQxNxdRE22 drpebcak
|
||||
%{ for ssh_key in extra_ssh_keys }
|
||||
- ${ssh_key}
|
||||
%{ endfor }
|
||||
%{ endif }
|
||||
runcmd:
|
||||
- echo "net.ipv4.neigh.default.gc_interval = 3600" >> /etc/sysctl.conf
|
||||
- echo "net.ipv4.neigh.default.gc_stale_time = 3600" >> /etc/sysctl.conf
|
||||
@ -15,12 +18,9 @@ runcmd:
|
||||
- echo "net.ipv4.tcp_wmem = '1024 4096 16384'" >> /etc/sysctl.conf
|
||||
- echo "net.core.rmem_max = 16384" >> /etc/sysctl.conf
|
||||
- echo "net.core.wmem_max = 16384" >> /etc/sysctl.conf
|
||||
- ulimit -n 20000000
|
||||
- ulimit -n 20000
|
||||
- echo "# <domain> <type> <item> <value>" >> /etc/security/limits.d/limits.conf
|
||||
- echo " * soft nofile 20000" >> /etc/security/limits.d/limits.conf
|
||||
- echo " * hard nofile 20000" >> /etc/security/limits.d/limits.conf
|
||||
- sysctl -p
|
||||
- apt-get update
|
||||
- apt-get install -y software-properties-common
|
||||
- DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
|
||||
- until (curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=${install_k3s_version} INSTALL_K3S_EXEC="${k3s_exec}" K3S_URL=https://${k3s_url}:6443 K3S_CLUSTER_SECRET="${k3s_cluster_secret}" sh -); do echo 'k3s did not install correctly'; sleep 1; done
|
||||
|
@ -1,58 +0,0 @@
|
||||
resource "aws_iam_instance_profile" "k3s-server" {
|
||||
name_prefix = "load-testing-k3s-server"
|
||||
role = aws_iam_role.k3s-server.name
|
||||
|
||||
lifecycle {
|
||||
create_before_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_role" "k3s-server" {
|
||||
name_prefix = "load-testing-k3s-server"
|
||||
|
||||
assume_role_policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "sts:AssumeRole",
|
||||
"Principal": {
|
||||
"Service": "ec2.amazonaws.com"
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
|
||||
|
||||
lifecycle {
|
||||
create_before_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy" "k3s-server" {
|
||||
name_prefix = "load-testing-k3s-server"
|
||||
role = aws_iam_role.k3s-server.id
|
||||
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": [
|
||||
"ec2:AssociateAddress",
|
||||
"ec2:DescribeAddresses"
|
||||
],
|
||||
"Sid": "",
|
||||
"Resource": [
|
||||
"*"
|
||||
],
|
||||
"Effect": "Allow"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
|
||||
}
|
@ -5,12 +5,10 @@ terraform {
|
||||
}
|
||||
|
||||
locals {
|
||||
name = "k3s-load-server"
|
||||
node_count = 1
|
||||
k3s_cluster_secret = "pvc-6476dcaf-73a0-11e9-b8e5-06943b744282"
|
||||
install_k3s_version = "v0.9.0-rc2"
|
||||
prom_worker_node_count = 0
|
||||
worker_node_count = 0
|
||||
name = var.name
|
||||
k3s_cluster_secret = var.k3s_cluster_secret
|
||||
install_k3s_version = var.k3s_version
|
||||
prom_worker_node_count = var.prom_worker_node_count
|
||||
}
|
||||
|
||||
provider "aws" {
|
||||
@ -18,13 +16,8 @@ provider "aws" {
|
||||
profile = "rancher-eng"
|
||||
}
|
||||
|
||||
resource "aws_eip" "k3s-server" {
|
||||
count = local.node_count
|
||||
vpc = true
|
||||
}
|
||||
|
||||
resource "aws_security_group" "k3s" {
|
||||
name = "${local.name}-rancher-server"
|
||||
name = "${local.name}-sg"
|
||||
vpc_id = data.aws_vpc.default.id
|
||||
|
||||
ingress {
|
||||
@ -63,48 +56,36 @@ resource "aws_security_group" "k3s" {
|
||||
}
|
||||
}
|
||||
|
||||
module "k3s-server-asg" {
|
||||
source = "terraform-aws-modules/autoscaling/aws"
|
||||
version = "3.0.0"
|
||||
name = "load-testing-k3s-server"
|
||||
asg_name = "load-testing-k3s-server"
|
||||
resource "aws_spot_instance_request" "k3s-server" {
|
||||
instance_type = var.server_instance_type
|
||||
image_id = data.aws_ami.ubuntu.id
|
||||
user_data = data.template_file.k3s-server-user_data.rendered
|
||||
ami = data.aws_ami.ubuntu.id
|
||||
user_data = base64encode(templatefile("${path.module}/files/server_userdata.tmpl", { extra_ssh_keys = var.extra_ssh_keys, public_ip = aws_spot_instance_request.k3s-server.public_ip, metrics_yaml = base64encode(data.template_file.metrics.rendered), prom_yaml = base64encode(data.template_file.k3s-prom-yaml.rendered), k3s_cluster_secret = local.k3s_cluster_secret, install_k3s_version = local.install_k3s_version, k3s_server_args = var.k3s_server_args }))
|
||||
|
||||
ebs_optimized = true
|
||||
iam_instance_profile = aws_iam_instance_profile.k3s-server.name
|
||||
|
||||
desired_capacity = local.node_count
|
||||
health_check_type = "EC2"
|
||||
max_size = local.node_count
|
||||
min_size = local.node_count
|
||||
vpc_zone_identifier = [data.aws_subnet.selected.id]
|
||||
spot_price = "1.591"
|
||||
|
||||
wait_for_fulfillment = true
|
||||
security_groups = [
|
||||
aws_security_group.k3s.id,
|
||||
]
|
||||
|
||||
lc_name = "load-testing-k3s-server"
|
||||
|
||||
root_block_device = [
|
||||
{
|
||||
root_block_device {
|
||||
volume_size = "1000"
|
||||
volume_type = "gp2"
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
tags = {
|
||||
Name = "${local.name}-server"
|
||||
}
|
||||
}
|
||||
|
||||
module "k3s-prom-worker-asg" {
|
||||
source = "terraform-aws-modules/autoscaling/aws"
|
||||
version = "3.0.0"
|
||||
name = "load-testing-k3s-prom-worker"
|
||||
asg_name = "load-testing-k3s-prom-worker"
|
||||
name = "${local.name}-prom-worker"
|
||||
asg_name = "${local.name}-prom-worker"
|
||||
instance_type = "m5.large"
|
||||
image_id = data.aws_ami.ubuntu.id
|
||||
user_data = data.template_file.k3s-prom-worker-user_data.rendered
|
||||
user_data = base64encode(templatefile("${path.module}/files/worker_userdata.tmpl", { extra_ssh_keys = var.extra_ssh_keys, k3s_url = aws_spot_instance_request.k3s-server.public_ip, k3s_cluster_secret = local.k3s_cluster_secret, install_k3s_version = local.install_k3s_version, k3s_exec = "--node-label prom=true" }))
|
||||
ebs_optimized = true
|
||||
iam_instance_profile = aws_iam_instance_profile.k3s-server.name
|
||||
|
||||
desired_capacity = local.prom_worker_node_count
|
||||
health_check_type = "EC2"
|
||||
@ -117,7 +98,7 @@ module "k3s-prom-worker-asg" {
|
||||
aws_security_group.k3s.id,
|
||||
]
|
||||
|
||||
lc_name = "load-testing-k3s-prom-worker"
|
||||
lc_name = "${local.name}-prom-worker"
|
||||
|
||||
root_block_device = [
|
||||
{
|
||||
@ -130,6 +111,6 @@ module "k3s-prom-worker-asg" {
|
||||
resource "null_resource" "get-kubeconfig" {
|
||||
provisioner "local-exec" {
|
||||
interpreter = ["bash", "-c"]
|
||||
command = "until ssh ubuntu@${aws_eip.k3s-server.0.public_ip} 'sudo sed \"s/localhost/${aws_eip.k3s-server.0.public_ip}/g;s/127.0.0.1/${aws_eip.k3s-server.0.public_ip}/g\" /etc/rancher/k3s/k3s.yaml' >| ../cluster-loader/kubeConfig.yaml; do sleep 5; done"
|
||||
command = "until ssh ubuntu@${aws_spot_instance_request.k3s-server.public_ip} 'sudo sed \"s/localhost/$aws_spot_instance_request.k3s-server.public_ip}/g;s/127.0.0.1/${aws_spot_instance_request.k3s-server.public_ip}/g\" /etc/rancher/k3s/k3s.yaml' >| ../cluster-loader/kubeConfig.yaml; do sleep 5; done"
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
output "public_ip" {
|
||||
value = aws_eip.k3s-server.*.public_ip
|
||||
value = aws_spot_instance_request.k3s-server.public_ip
|
||||
}
|
||||
|
||||
output "install_k3s_version" {
|
||||
|
@ -1,12 +1,38 @@
|
||||
variable "server_instance_type" {
|
||||
# default = "c4.8xlarge"
|
||||
}
|
||||
variable "k3s_version" {
|
||||
default = "v0.9.1"
|
||||
type = string
|
||||
description = "Version of K3S to install"
|
||||
}
|
||||
variable "k3s_server_args" {
|
||||
default = ""
|
||||
}
|
||||
variable "prom_worker_node_count" {
|
||||
default = 0
|
||||
type = number
|
||||
description = "The number of workers to create labeled for prometheus"
|
||||
}
|
||||
variable "k3s_cluster_secret" {
|
||||
default = "pvc-6476dcaf-73a0-11e9-b8e5-06943b744282"
|
||||
type = string
|
||||
description = "Cluster secret for k3s cluster registration"
|
||||
}
|
||||
variable "prom_host" {
|
||||
default = ""
|
||||
}
|
||||
variable "graf_host" {
|
||||
default = ""
|
||||
}
|
||||
variable "name" {
|
||||
default = "k3s-loadtest"
|
||||
type = string
|
||||
description = "Name to identify this cluster"
|
||||
}
|
||||
|
||||
variable "extra_ssh_keys" {
|
||||
type = list
|
||||
default = []
|
||||
description = "Extra ssh keys to inject into Rancher instances"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user