Skip to content

Instantly share code, notes, and snippets.

View nicusX's full-sized avatar

Lorenzo Nicora nicusX

39 followers · 4 following
View GitHub Profile
@nicusX
nicusX / k8snthw-vpc.tf
Last active August 9, 2016 16:59
resource "aws_vpc" "kubernetes" {
cidr_block = "10.43.0.0/16"
enable_dns_hostnames = true
}
resource "aws_subnet" "kubernetes" {
vpc_id = "${aws_vpc.kubernetes.id}"
cidr_block = "10.43.0.0/16"
availability_zone = "eu-west-1a"
}
@nicusX
nicusX / k8snthw-vpc-routing.tf
Last active August 9, 2016 17:04
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.kubernetes.id}"
}
resource "aws_route_table" "kubernetes" {
vpc_id = "${aws_vpc.kubernetes.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.gw.id}"
}
@nicusX
nicusX / k8snthw-instances.tf
Last active August 13, 2016 16:19
resource "aws_instance" "etcd" {
count = 3
ami = "ami-1967056a" // Unbuntu 16.04 LTS HVM, EBS-SSD
instance_type = "t2.micro"
subnet_id = "${aws_subnet.kubernetes.id}"
private_ip = "${cidrhost("10.43.0.0/16", 10 + count.index)}"
associate_public_ip_address = true
availability_zone = "eu-west-1a"
@nicusX
nicusX / k8snthw-elb.tf
Last active August 9, 2016 22:22
resource "aws_elb" "kubernetes_api" {
name = "kube-api"
instances = ["${aws_instance.controller.*.id}"]
subnets = ["${aws_subnet.kubernetes.id}"]
cross_zone_load_balancing = false
security_groups = ["${aws_security_group.kubernetes_api.id}"]
listener {
lb_port = 6443
@nicusX
nicusX / k8snthw-tags.tf
Created August 9, 2016 22:09
resource "aws_instance" "worker" {
count = 3
...
tags {
Owner = "Lorenzo"
Name = "worker-${count.index}"
ansibleFilter = "Kubernetes01"
ansibleNodeType = "worker"
ansibleNodeName = "worker${count.index}"
}
@nicusX
nicusX / k8snthw-security.tf
Last active April 23, 2018 23:25
resource "aws_security_group" "kubernetes" {
vpc_id = "${aws_vpc.kubernetes.id}"
name = "kubernetes"
# Allow all outbound
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
@nicusX
nicusX / k8snthw-cert.tf
Last active August 17, 2016 15:08
# Generate Certificates
data "template_file" "certificates" {
template = "${file("${path.module}/template/kubernetes-csr.json")}"
depends_on = ["aws_elb.kubernetes_api","aws_instance.etcd","aws_instance.controller","aws_instance.worker"]
vars {
kubernetes_api_elb_dns_name = "${aws_elb.kubernetes_api.dns_name}"
kubernetes_cluster_dns = "${var.kubernetes_cluster_dns}"
etcd0_ip = "${aws_instance.etcd.0.private_ip}"
...
controller0_ip = "${aws_instance.controller.0.private_ip}"
@nicusX
nicusX / k8snthw-infra.yaml
Last active August 13, 2016 12:36
- hosts: etcd
roles:
- common
- etcd
- hosts: controller
roles:
- common
- controller
@nicusX
nicusX / k8snthw-ec2.ini
Created August 11, 2016 09:23
[ec2]
instance_filters = tag:ansibleFilter=Kubernetes01
regions = eu-west-1
destination_variable = ip_address
vpc_destination_variable = ip_address
hostname_variable = tag_ansibleNodeName
@nicusX
nicusX / k8snthw-groups
Last active August 11, 2016 10:34
Ansible groups
[tag_ansibleNodeType_etcd]
[tag_ansibleNodeType_worker]
[tag_ansibleNodeType_controller]
[etcd:children]
tag_ansibleNodeType_etcd
[worker:children]
tag_ansibleNodeType_worker