Skip to content

Commit

Permalink
contrib: add cloud-init support for terraform vms (kubernetes-sigs#8394)
Browse files Browse the repository at this point in the history 
* contrib: add cloud-init support for terraform vms

This change enables instance customization via cloud-init,
for example: additional CA certs, custom SSH access etc.

* contrib: update docs for terraform cloud-init

* contrib: disable yamllint in cloud-init

require-starting-space rule breaks cloud-init header

* contrib: documenation formatting

* yamllint: disable comments related checks

* docs: markdown formatting
  • Loading branch information
@moss2k13
moss2k13 authored Jan 11, 2022
1 parent e0d6736 commit 135c9b2
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 0 deletions.
21 changes: 21 additions & 0 deletions contrib/terraform/openstack/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,27 @@ terraform init ../../contrib/terraform/openstack

This should finish fairly quickly telling you Terraform has successfully initialized and loaded necessary modules.

### Customizing with cloud-init

You can apply cloud-init based customization for the openstack instances before provisioning your cluster.
One common template is used for all instances. Adjust the file shown below:
`contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml`
For example, to enable openstack novnc access and ansible_user=root SSH access:

```ShellSession
#cloud-config
## in some cases novnc console access is required
## it requires ssh password to be set
ssh_pwauth: yes
chpasswd:
list: |
root:secret
expire: False
## in some cases direct root ssh access via ssh key is required
disable_root: false
```

### Provisioning cluster

You can apply the Terraform configuration to your cluster with the following command
Expand Down
12 changes: 12 additions & 0 deletions contrib/terraform/openstack/modules/compute/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ data "openstack_images_image_v2" "image_master" {
name = var.image_master == "" ? var.image : var.image_master
}

data "template_file" "cloudinit" {
template = file("${path.module}/templates/cloudinit.yaml")
}

resource "openstack_compute_keypair_v2" "k8s" {
name = "kubernetes-${var.cluster_name}"
public_key = chomp(file(var.public_key_path))
Expand Down Expand Up @@ -175,6 +179,7 @@ resource "openstack_compute_instance_v2" "bastion" {
image_id = var.bastion_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
flavor_id = var.flavor_bastion
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.bastion_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
Expand Down Expand Up @@ -215,6 +220,7 @@ resource "openstack_compute_instance_v2" "k8s_master" {
image_id = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
flavor_id = var.flavor_k8s_master
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered


dynamic "block_device" {
Expand Down Expand Up @@ -262,6 +268,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
image_id = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
flavor_id = var.flavor_k8s_master
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered


dynamic "block_device" {
Expand Down Expand Up @@ -309,6 +316,7 @@ resource "openstack_compute_instance_v2" "etcd" {
image_id = var.etcd_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
flavor_id = var.flavor_etcd
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.etcd_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
Expand Down Expand Up @@ -392,6 +400,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
image_id = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
flavor_id = var.flavor_k8s_master
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.master_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
Expand Down Expand Up @@ -434,6 +443,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
image_id = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
flavor_id = var.flavor_k8s_node
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
Expand Down Expand Up @@ -480,6 +490,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
image_id = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
flavor_id = var.flavor_k8s_node
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
Expand Down Expand Up @@ -522,6 +533,7 @@ resource "openstack_compute_instance_v2" "k8s_nodes" {
image_id = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
flavor_id = each.value.flavor
key_pair = openstack_compute_keypair_v2.k8s.name
user_data = data.template_file.cloudinit.rendered

dynamic "block_device" {
for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
Expand Down
17 changes: 17 additions & 0 deletions contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# yamllint disable rule:comments
#cloud-config
## in some cases novnc console access is required
## it requires ssh password to be set
#ssh_pwauth: yes
#chpasswd:
# list: |
# root:secret
# expire: False

## in some cases direct root ssh access via ssh key is required
#disable_root: false

## in some cases additional CA certs are required
#ca-certs:
# trusted: |
# -----BEGIN CERTIFICATE-----

0 comments on commit 135c9b2

Please sign in to comment.