kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gzip and base64 encode the heredocs in the nodeup.sh portion of user-data

This commit is contained in:
Rodrigo Menezes 2020-12-02 16:01:12 -08:00
parent 443567426e
commit 3fb12c66ae
20 changed files with 1269 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kops/integration_test.go
View File

@ -166,6 +166,11 @@ func TestComplex(t *testing.T) {
newIntegrationTest("complex.example.com", "complex").withoutSSHKey().withVersion("legacy-v1alpha2").runTestTerraformAWS(t)
}
// TestCompress runs a test on compressing structs in nodeus.sh user-data
func TestCompress(t *testing.T) {
newIntegrationTest("compress.example.com", "compress").withoutSSHKey().runTestTerraformAWS(t)
}
// TestExternalPolicies tests external policies output
func TestExternalPolicies(t *testing.T) {
newIntegrationTest("externalpolicies.example.com", "externalpolicies").runTestTerraformAWS(t)

11
docs/instance_groups.md
View File

@ -115,6 +115,17 @@ spec:
- http://archive.ubuntu.com
```
## compressUserData
{{ kops_feature_table(kops_added_default='1.19') }}
Compresses parts of the user-data to save space and help with the size limit
in certain clouds. Currently only the Specs in nodeup.sh will be compressed.
```YAML
spec:
compressUserData: true
```
## sysctlParameters
{{ kops_feature_table(kops_added_default='1.17') }}

2
docs/releases/1.19-NOTES.md
View File

@ -38,6 +38,8 @@ The expiration times vary randomly so that nodes are likely to have their certs
* kOps now supports using an AWS Network Load Balancer (NLB) for API access.
See the [documentation](/cluster_spec/#load-balancer-class) for more info.
* Allow users to partially compress user-data, check the instance groups docs for more details.
### CLI
* The `kops update cluster` command will now refuse to run on a cluster that

3
k8s/crds/kops.k8s.io_instancegroups.yaml
View File

@ -84,6 +84,9 @@ spec:
type: string
description: CloudLabels indicates the labels for instances in this group, at the AWS level
type: object
compressUserData:
description: CompressUserData compresses parts of the user data to save space
type: boolean
detailedInstanceMonitoring:
description: DetailedInstanceMonitoring defines if detailed-monitoring is enabled (AWS only)
type: boolean

2
pkg/apis/kops/instancegroup.go
View File

@ -164,6 +164,8 @@ type InstanceGroupSpec struct {
// InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated,
// or stopped after interruption
InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"`
// CompressUserData compresses parts of the user data to save space
CompressUserData *bool `json:"compressUserData,omitempty"`
}
const (

2
pkg/apis/kops/v1alpha2/instancegroup.go
View File

@ -162,6 +162,8 @@ type InstanceGroupSpec struct {
// InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated,
// or stopped after interruption
InstanceInterruptionBehavior *string `json:"instanceInterruptionBehavior,omitempty"`
// CompressUserData compresses parts of the user data to save space
CompressUserData *bool `json:"compressUserData,omitempty"`
}
const (

2
pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View File

@ -3570,6 +3570,7 @@ func autoConvert_v1alpha2_InstanceGroupSpec_To_kops_InstanceGroupSpec(in *Instan
out.RollingUpdate = nil
}
out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior
out.CompressUserData = in.CompressUserData
return nil
}
@ -3708,6 +3709,7 @@ func autoConvert_kops_InstanceGroupSpec_To_v1alpha2_InstanceGroupSpec(in *kops.I
out.RollingUpdate = nil
}
out.InstanceInterruptionBehavior = in.InstanceInterruptionBehavior
out.CompressUserData = in.CompressUserData
return nil
}

5
pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
View File

@ -1918,6 +1918,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
*out = new(string)
**out = **in
}
if in.CompressUserData != nil {
in, out := &in.CompressUserData, &out.CompressUserData
*out = new(bool)
**out = **in
}
return
}

5
pkg/apis/kops/zz_generated.deepcopy.go
View File

@ -2084,6 +2084,11 @@ func (in *InstanceGroupSpec) DeepCopyInto(out *InstanceGroupSpec) {
*out = new(string)
**out = **in
}
if in.CompressUserData != nil {
in, out := &in.CompressUserData, &out.CompressUserData
*out = new(bool)
**out = **in
}
return
}

29
pkg/model/bootstrapscript.go
View File

@ -18,6 +18,7 @@ package model
import (
"bytes"
"compress/gzip"
"crypto/sha1"
"encoding/base64"
"fmt"
@ -358,6 +359,14 @@ func (b *BootstrapScript) Run(c *fi.Context) error {
}
return string(content), nil
},
"CompressUserData": func() *bool {
return b.ig.Spec.CompressUserData
},
"GzipBase64": func(data string) (string, error) {
return gzipBase64(data)
},
}
awsNodeUpTemplate, err := resources.AWSNodeUpTemplate(b.ig)
@ -520,3 +529,23 @@ func (b *BootstrapScript) createProxyEnv(ps *kops.EgressProxySpec) string {
}
return buffer.String()
}
func gzipBase64(data string) (string, error) {
var b bytes.Buffer
gz := gzip.NewWriter(&b)
_, err := gz.Write([]byte(data))
if err != nil {
return "", err
}
if err = gz.Flush(); err != nil {
return "", err
}
if err = gz.Close(); err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(b.Bytes()), nil
}

12
pkg/model/resources/nodeup.go
View File

@ -159,17 +159,29 @@ function download-release() {
echo "== nodeup node config starting =="
ensure-install-dir
{{ if CompressUserData -}}
echo "{{ GzipBase64 ClusterSpec }}" | base64 -d | gzip -d > conf/cluster_spec.yaml
{{- else -}}
cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
{{ ClusterSpec }}
__EOF_CLUSTER_SPEC
{{- end }}
{{ if CompressUserData -}}
echo "{{ GzipBase64 IGSpec }}" | base64 -d | gzip -d > conf/ig_spec.yaml
{{- else -}}
cat > conf/ig_spec.yaml << '__EOF_IG_SPEC'
{{ IGSpec }}
__EOF_IG_SPEC
{{- end }}
{{ if CompressUserData -}}
echo "{{ GzipBase64 KubeEnv }}" | base64 -d | gzip -d > conf/kube_env.yaml
{{- else -}}
cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
{{ KubeEnv }}
__EOF_KUBE_ENV
{{- end }}
download-release
echo "== nodeup node config done =="

10
tests/integration/update_cluster/compress/data/aws_iam_role_masters.compress.example.com_policy Normal file
View File

@ -0,0 +1,10 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

10
tests/integration/update_cluster/compress/data/aws_iam_role_nodes.compress.example.com_policy Normal file
View File

@ -0,0 +1,10 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}

170
tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy Normal file
View File

@ -0,0 +1,170 @@
{
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeVolumesModifications",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:DescribeLaunchTemplateVersions"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Condition": {
"StringEquals": {
"autoscaling:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Action": [
"route53:GetChange"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Action": [
"route53:ListHostedZones"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}

15
tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy Normal file
View File

@ -0,0 +1,15 @@
{
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}

162
tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data Normal file
View File

@ -0,0 +1,162 @@
Content-Type: multipart/mixed; boundary="MIMEBOUNDARY"
MIME-Version: 1.0
--MIMEBOUNDARY
Content-Disposition: attachment; filename="nodeup.sh"
Content-Transfer-Encoding: 7bit
Content-Type: text/x-shellscript
Mime-Version: 1.0
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.19.0-alpha.3/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.19.0-alpha.3/nodeup-linux-amd64,https://kubeupv2.s3.amazonaws.com/kops/1.19.0-alpha.3/linux/amd64/nodeup
NODEUP_HASH_AMD64=6980fda4fa37bbdc043738cf4ddac6388eb57f561895c69299c1b0ee263d465d
NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.19.0-alpha.3/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.19.0-alpha.3/nodeup-linux-arm64,https://kubeupv2.s3.amazonaws.com/kops/1.19.0-alpha.3/linux/arm64/nodeup
NODEUP_HASH_ARM64=dcc7f9f3c180ee76a511627e46da0ac69cdcb518cdf3be348e5ed046d491eb87
export AWS_REGION=us-test-1
function ensure-install-dir() {
INSTALL_DIR="/opt/kops"
# On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
if [[ -d /var/lib/toolbox ]]; then
INSTALL_DIR="/var/lib/toolbox/kops"
fi
mkdir -p ${INSTALL_DIR}/bin
mkdir -p ${INSTALL_DIR}/conf
cd ${INSTALL_DIR}
}
# Retry a download until we get it. args: name, sha, url1, url2...
download-or-bust() {
local -r file="$1"
local -r hash="$2"
shift 2
urls=( $* )
while true; do
for url in "${urls[@]}"; do
commands=(
"curl -f --ipv4 --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10"
"wget --inet4-only --compression=auto -O "${file}" --connect-timeout=20 --tries=6 --wait=10"
"curl -f --ipv4 -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10"
"wget --inet4-only -O "${file}" --connect-timeout=20 --tries=6 --wait=10"
)
for cmd in "${commands[@]}"; do
echo "Attempting download with: ${cmd} {url}"
if ! (${cmd} "${url}"); then
echo "== Download failed with ${cmd} =="
continue
fi
if [[ -n "${hash}" ]] && ! validate-hash "${file}" "${hash}"; then
echo "== Hash validation of ${url} failed. Retrying. =="
rm -f "${file}"
else
if [[ -n "${hash}" ]]; then
echo "== Downloaded ${url} (SHA1 = ${hash}) =="
else
echo "== Downloaded ${url} =="
fi
return
fi
done
done
echo "All downloads failed; sleeping before retrying"
sleep 60
done
}
validate-hash() {
local -r file="$1"
local -r expected="$2"
local actual
actual=$(sha256sum ${file} | awk '{ print $1 }') || true
if [[ "${actual}" != "${expected}" ]]; then
echo "== ${file} corrupted, hash ${actual} doesn't match expected ${expected} =="
return 1
fi
}
function split-commas() {
echo $1 | tr "," "\n"
}
function try-download-release() {
local -r nodeup_urls=( $(split-commas "${NODEUP_URL}") )
if [[ -n "${NODEUP_HASH:-}" ]]; then
local -r nodeup_hash="${NODEUP_HASH}"
else
# TODO: Remove?
echo "Downloading sha256 (not found in env)"
download-or-bust nodeup.sha256 "" "${nodeup_urls[@]/%/.sha256}"
local -r nodeup_hash=$(cat nodeup.sha256)
fi
echo "Downloading nodeup (${nodeup_urls[@]})"
download-or-bust nodeup "${nodeup_hash}" "${nodeup_urls[@]}"
chmod +x nodeup
}
function download-release() {
case "$(uname -m)" in
x86_64*|i?86_64*|amd64*)
NODEUP_URL="${NODEUP_URL_AMD64}"
NODEUP_HASH="${NODEUP_HASH_AMD64}"
;;
aarch64*|arm64*)
NODEUP_URL="${NODEUP_URL_ARM64}"
NODEUP_HASH="${NODEUP_HASH_ARM64}"
;;
*)
echo "Unsupported host arch: $(uname -m)" >&2
exit 1
;;
esac
# In case of failure checking integrity of release, retry.
cd ${INSTALL_DIR}/bin
until try-download-release; do
sleep 15
echo "Couldn't download release. Retrying..."
done
echo "Running nodeup"
# We can't run in the foreground because of https://github.com/docker/docker/issues/23793
( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 )
}
####################################################################################
/bin/systemd-machine-id-setup || echo "failed to set up ensure machine-id configured"
echo "== nodeup node config starting =="
ensure-install-dir
echo "H4sIAAAAAAAA/+xWTW8TSRO++1e0eIW4xGNPHHhDC6Q1DkusjcHrBHav5e7yuNc93UN/ODa/flXd46+QLIfV3hAS8dTXPFX1VNUIbaMcWbNQFWcmat0R1gRQBt0smqBq5ExasUJ3UEjeYcyvVDM2PoDWnAUXsZPNSKeaCfivnC1Ae0zPdzDX6A8Sbasrp9boOPvLW9NdKN2Kb3CNmjNlFjYLPjWBYnZZDZuuV9/wbdmv9wJyfPuS8ATroELO7Bqdhu35WfvjDOLCdxhbo/PKGs7Ky6L/qhh00Ai3bYKy5iR/DEKOdPQBnacX4xpNSL+OYgyKQVH2O4zVoMzjulWc43A6vkW3zlUBre391Km10lihbKvGGBhrtrWNfhjD8lAiaFT2HdloAmclyWJYWqe+AaGeWImcDfU9bP2QYncYmysjh1I69J6zfpH+dRhLXZ46u1aSSg73VBA01JShrJUn4FMdK2V8rvVHqNE3IPBGLVBsRepOl92oWoUZmApdeiaASuBQCMKYRFMqgw9owherY403MEedNFe4gKjDbW7USIP3x/I7q9GlxG5RWCOzchIDBGWqPcw/cL60dpWUX0Ar+bT6o5U4Qx+cEhQ2yWbobXQCf482ABUhCJnL3Ga+DKHhvV55/v9UvZJf9PvlqeGnNTqnJLYevcyQ/z3meU7srxMvV5e+qIQrlO0RNbrQKJ+5sS6L8iL1SRmPIjp8d9zGfcAjg6l1gbPL/iV5UTiNYepwgc7hzvNu2+wgjk1AZ0CPp+nx2vpgoM49fb850h0GkJA7/BrRhyWCRJcohjIxI0eFqnJYQbDuoe37TXBwnX4SKrXZufzZnWFtA3aTRfeh3wdnY5P9Hjok1UP7z56g1/i4C2lpMxxV7OJikCSJtu2Uj6eJ0ZyV/X7x6oJq3SsHh5XyDsQKjeSJAoM01yNrgrNao5uAgeow3wICEu1G46uZP0x4CCCWV0j/z4jcQmm83RoxRaes5Kys+/6pMRUZJUXMEF+/yhDLg5KawpmwdUONL3ADdaOxEJYWpUjbLTocUfiZjQEP0J4gp9gn2K3bDA8s1bnHGtNY5e13JNvHPiVT9Hi6LkYOJZqgQO/g0Kunzm62/Id5N3GWiZB0lOayJfVuOjl78Qvc+xdPJ9mkVx3ldYSXDG7FEmXU7U17PIbf2/y7+rQzzJ++B6KiCZhZGzjr/YAsVx9vj+hc9o80Nl2s3WNBlNX7Y3CF81hVylTXYKSmidphxXVeotfgJGc11tZtC1iD0uT3puz3J+rMWIkLfyJ+vhMq+ut/dYhvXj4/S9X8znQnPbHtMLZACNHhBwjYHuL3mwadqtEE0COnghKgp1YOjbEh3RDOnhHyZ/9MDKp6Ho8pUK17a3A9rea9th29g8F3fDYY7q1b5bM5ufvM2et8KU4UeTIpjEE6kMYa+jaK6CBvidO1Q51qrBybhYPR7ntr/B31Goge+aA4z+YTMGqBPrRJYBAJuDMY0PfqVus7NVDPf/tJtZ9U+6+pRoe6ou9A125RqvyOYX8DAAD//wEAAP//suhCc3UMAAA=" | base64 -d | gzip -d > conf/cluster_spec.yaml
echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml
echo "H4sIAAAAAAAA/8RWTY/kthG9968gFjB8cUv8EClS8MGb2cRexOMs7OQcFMlitzBqsUNSPbP+9QGl6fHMOgbizW58kkQWX72qesXS65yx5GFHCJy86urLnjhhe6GCp4FS0SvpGPfGBO6MkaCFMqh4x0L3zbGUcx7aNpeY4IDNIcbDhHAec+Piqb1bLKYZC+Z9wgkhY3t9XljDuoa2dpzbaZyXh3b1vx6ZsKw0ehQgEJQSTIpgKHXWS24oBWGcYQFMEKKz+JlouDKtNIQDJh0FphG1oJJTFwQY2VFtUXPlrOdSApNCgtBILRpFteUSvLZBfUyWZiz3Md3tz9NyGOfcunm8vu9XgvsLbfpGNuXw88axU8EI0wkjELW3MmjrGXJuEI03FKUVyghmve9lJyo9QKW17rxXmvMnjj7ez1ME3/jo7jCtBLfE5AJldPVhJ2wftPqn6trNas90Q1Uj9g4fGUE6XcXkQ01KJ3tFuRJGUCmdc33vqHfYC8W4MUoq9mmrWP2/EBNljltlO+GFssoGCE5TEL3ohWGOGbTBavDyM9G4iqkP6AyD0Gs0stM+CKoCRdcJiyB577Rj1DkBRmnuhEDTM6cl59AH59F/ajFVgh+KyWOw3DlnpKOaSy0EZ8ppa5AikxYAJLMOvRUYHAvCiCCF5J7pziP47neLCSC542+q6WZacsH0A5xwIC6ezglzbvABTucJK+buJs5hPPwJMg7khKdQfbvt1AvD9j+efjvnArPDb1NczpuXE9Sz+yXvC+ayZ/DS6Mc44UBuV6PdXzeRbRzWi3SO8/tTXPLrpRwHEmDKuCPEHbajsQykrd9TXPy7FC+jxzQQuM/r4sr6zQ8/DYRR2qiuoQ2jz3biCcZ5uH42U3RQlYVzzeQbtMvhMM6H72D2E6Y8kJKW6h0voytjnL+D5NckxfS+gQuMUz33NaP0dvxqjh5DfrH8xXVxrM/8l4T4tfziq/EEh1+bXldf2O4ICQhlSfgtFFxHDSF/fjhjGk84F5hu0lhGB9O76F/Pc6zKiPNAXlXmr3aEHGMuM5zwbxdMafQ4kC+/gfv85Y6QtbPWxL+Dmuv2AqmdRnvt/PYXgx0hUzx8jxecBsJ3hDy2xbu1E27//o+BGErZhxubHirMvF4kNbLvweL0GMgv/daMsU2rMDb1rNvVfF9Xm5eGm8lAXr1aMedbyP9aMIHHm7dvfnxWe9qu1T9H/3YOCW7iXGCcMb2tqR7Inc7NwaUKeYYl4yAavpnfwjwGzOUxMVjcs7uhPT3uVs0lPIyVzU/uiH5Zq3lVrTvCPK+x7n9/Y7XgfZxza2MsuSQ47x/hmvdwmnZY3BPJj3TwFEUNz7e1MzbsTwCGF5xL3uDOKZZYs7dl/fnPEiFHyMeB9Fa4Pijw1gNjlqHrO2q9skYZp7vAO2N7RNRMQzAycC84M0pQrXknQW9qWcX25G1gDTMN3cN0PkIjVpMcl+SuXbQn15sWUhkDuJKbqogx1hkEacTc3sVzbl8CtWuf5vbJ0fZP0RRIzToCniMfxnJc7AezZUN9HDD56Z5fJ+CvHe3/K0d1fzlfeJNFAyf4Oc5w/zjTPiKEpx+Qa4GU4T11YBxzRlKLSkLoqBA9+OAcOgo910bQAILzzlrqOWodmK4DDsH/wQWq4fxfCvTbjv7XAj1H/jcAAAD//wEAAP//BAVb53cMAAA=" | base64 -d | gzip -d > conf/kube_env.yaml
download-release
echo "== nodeup node config done =="
--MIMEBOUNDARY
Content-Disposition: attachment; filename="myscript.sh"
Content-Transfer-Encoding: 7bit
Content-Type: text/x-shellscript
Mime-Version: 1.0
#!/bin/sh
echo "nodes: The time is now $(date -R)!" | tee /root/output.txt
--MIMEBOUNDARY--

162
tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data Normal file
View File

@ -0,0 +1,162 @@
Content-Type: multipart/mixed; boundary="MIMEBOUNDARY"
MIME-Version: 1.0
--MIMEBOUNDARY
Content-Disposition: attachment; filename="nodeup.sh"
Content-Transfer-Encoding: 7bit
Content-Type: text/x-shellscript
Mime-Version: 1.0
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.19.0-alpha.3/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.19.0-alpha.3/nodeup-linux-amd64,https://kubeupv2.s3.amazonaws.com/kops/1.19.0-alpha.3/linux/amd64/nodeup
NODEUP_HASH_AMD64=6980fda4fa37bbdc043738cf4ddac6388eb57f561895c69299c1b0ee263d465d
NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.19.0-alpha.3/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.19.0-alpha.3/nodeup-linux-arm64,https://kubeupv2.s3.amazonaws.com/kops/1.19.0-alpha.3/linux/arm64/nodeup
NODEUP_HASH_ARM64=dcc7f9f3c180ee76a511627e46da0ac69cdcb518cdf3be348e5ed046d491eb87
export AWS_REGION=us-test-1
function ensure-install-dir() {
INSTALL_DIR="/opt/kops"
# On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
if [[ -d /var/lib/toolbox ]]; then
INSTALL_DIR="/var/lib/toolbox/kops"
fi
mkdir -p ${INSTALL_DIR}/bin
mkdir -p ${INSTALL_DIR}/conf
cd ${INSTALL_DIR}
}
# Retry a download until we get it. args: name, sha, url1, url2...
download-or-bust() {
local -r file="$1"
local -r hash="$2"
shift 2
urls=( $* )
while true; do
for url in "${urls[@]}"; do
commands=(
"curl -f --ipv4 --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10"
"wget --inet4-only --compression=auto -O "${file}" --connect-timeout=20 --tries=6 --wait=10"
"curl -f --ipv4 -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10"
"wget --inet4-only -O "${file}" --connect-timeout=20 --tries=6 --wait=10"
)
for cmd in "${commands[@]}"; do
echo "Attempting download with: ${cmd} {url}"
if ! (${cmd} "${url}"); then
echo "== Download failed with ${cmd} =="
continue
fi
if [[ -n "${hash}" ]] && ! validate-hash "${file}" "${hash}"; then
echo "== Hash validation of ${url} failed. Retrying. =="
rm -f "${file}"
else
if [[ -n "${hash}" ]]; then
echo "== Downloaded ${url} (SHA1 = ${hash}) =="
else
echo "== Downloaded ${url} =="
fi
return
fi
done
done
echo "All downloads failed; sleeping before retrying"
sleep 60
done
}
validate-hash() {
local -r file="$1"
local -r expected="$2"
local actual
actual=$(sha256sum ${file} | awk '{ print $1 }') || true
if [[ "${actual}" != "${expected}" ]]; then
echo "== ${file} corrupted, hash ${actual} doesn't match expected ${expected} =="
return 1
fi
}
function split-commas() {
echo $1 | tr "," "\n"
}
function try-download-release() {
local -r nodeup_urls=( $(split-commas "${NODEUP_URL}") )
if [[ -n "${NODEUP_HASH:-}" ]]; then
local -r nodeup_hash="${NODEUP_HASH}"
else
# TODO: Remove?
echo "Downloading sha256 (not found in env)"
download-or-bust nodeup.sha256 "" "${nodeup_urls[@]/%/.sha256}"
local -r nodeup_hash=$(cat nodeup.sha256)
fi
echo "Downloading nodeup (${nodeup_urls[@]})"
download-or-bust nodeup "${nodeup_hash}" "${nodeup_urls[@]}"
chmod +x nodeup
}
function download-release() {
case "$(uname -m)" in
x86_64*|i?86_64*|amd64*)
NODEUP_URL="${NODEUP_URL_AMD64}"
NODEUP_HASH="${NODEUP_HASH_AMD64}"
;;
aarch64*|arm64*)
NODEUP_URL="${NODEUP_URL_ARM64}"
NODEUP_HASH="${NODEUP_HASH_ARM64}"
;;
*)
echo "Unsupported host arch: $(uname -m)" >&2
exit 1
;;
esac
# In case of failure checking integrity of release, retry.
cd ${INSTALL_DIR}/bin
until try-download-release; do
sleep 15
echo "Couldn't download release. Retrying..."
done
echo "Running nodeup"
# We can't run in the foreground because of https://github.com/docker/docker/issues/23793
( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 )
}
####################################################################################
/bin/systemd-machine-id-setup || echo "failed to set up ensure machine-id configured"
echo "== nodeup node config starting =="
ensure-install-dir
echo "H4sIAAAAAAAA/3xT3U7bTBC991OMkBA3iX/4E6xA+lDytURqIErpA0zssdlmPWP2x5A+fbVO0hSQemXvObO7c87ZKY2EaiJc60YBB2OSUtijZrLLwF63pKCSck32QFQqAXBr3c3YeTRGgbeBkm1Z5HQ3R/eioEbjaFg/4cqQOyBGmqnVPVkFP53wuNZmB3+jnowCzbVsgcfOxzPH0OLb2OlfdFvk7R8gbry9iP14sdiQAunJGtycjnY/Iwy1SwB6sk4LKyiu0vwyPUvWYUULK2+beHxpgvNkJ7PpUkGR5+n1ZZqneVYUkezCkl4COT9w8fZncZ6xpceerNUVKTj5D1/dSVTbDn2sr1zalDbVksWbxt1wVV+kxXmav9N6OrRiaNCJLLxpJbi74J8PhpWNldAtRbyCbOhXQrWw0usqmoiv7iBi+vB9q+HyPM3TIv+LkRY1q/0yNVKiSQCIYz5TWoWm0dzcI1eGrNsFC0C9Lr0WvkdbKWipFbtJsUdt4r6bIs/nesRSUe3ewcd7UMev+2KJbi6OR4NDn0r36LvaBKAm9MHSV/TkokMA/791ZHVL7NFMrPa6RLOQ6o5ZPPoh5KPY+dG/g4qul8PTX2D0OuvRZkavsl0c2aHgQ14ATP5V7HphQqN5/vRDwXWeFx+JB4zzE49h8pEUjpMRyGJFh7c25JRnQ1KdVDOuLU720zb79Jw6DI7UWXq6LZ8j65qc34kgXw6NWyZPLmt3rEt+AwAA//8BAAD//yusPHfrAwAA" | base64 -d | gzip -d > conf/cluster_spec.yaml
echo "H4sIAAAAAAAA/6qu5QIAAAD//wEAAP//BrCh3QMAAAA=" | base64 -d | gzip -d > conf/ig_spec.yaml
echo "H4sIAAAAAAAA/7RVz5PcJha+919BTZXLF7cEQiBQ+WDveNeeWo93ypucUw94aFQjQQdQzzh/fUrq6djjJAen7JPg/fz4+B56nTOW3O8IgdnJdl3sieWm49I76inlnRSWNU5r31itBSguNcqmZb59dVvKIfd1nUtMMGA1xDhMCIcxVzbO9d1iMAUsmPcJJ4SM9fl7ZBVrK1qbMdTTGJaHeuu/pUxYNhgdcuAIUnImuNeUWuNEoykFrq1mHrTnvDX4g2DYMm0wuAUmLAWmEBWnoqHWc9CipcqgaqQ1rhECmOACuEJqUEuqTCPAKePlP2EpYLmP6W5/mJZhDLm2YTyv9xvA/ZFWXSWqMvx2wthKr7luueaIyhnhlXEMm0YjaqcpCsOl5sw414mWr/AApVKqdU6qpvkDo4v3YYrgKhftHaYN4ImYXKCMdv2YCesHJX+RbX2K2jNVUVnxvcVHRJDms5icX0lpRSdpI7nmVAhrbddZ6ix2XLJGaykk+763uPZ/IibKbGOkabnj0kjjwVtFgXe845pZptF4o8CJHwTjLKbOo9UMfKdQi1Y5z6n0FG3LDYJoOqsso9Zy0FI1lnPUHbNKNA103jp031tMK8CvxeTQm8Zaq4WlqhGK84ZJq4xGikwYABDMWHSGo7fMc8294KJxTLUOwbXfLCaAZG//Vk2X05ILpg8wY09snA8Jc67wAebDhGvN3WUMfhz+BRl7MuPs1972lPUksP7L7KuQCwSLb1NcDqcuITrMTx0f44Q9+RAd7v57ktWp6/Z0hhg+zXHJr5dy2xMPU8YdIXY4JcbSk3rdT3FxNykeR4epJ3CfN+OG882H//eEUVrJtqIVo1944gxj6M/baooWVi1hWLl7g2YZhjEM7yC4CVPuSUnL2h2Poy1jDO8guY2WmD5VcIRxWvNeMkqvxxfrQX1+Yn52No4bC/9JiC/FsxfjDMOfQ8/WJ7E7QjxCWRK+hYLbz4WQfz8cMI0zhgLTZRrLaGG6ie51CHHVQgw9uViRX+wIuY25BJjxf0dMaXTYk+ev4D4/3xGyzdJG/A2sXNdHSPU0mvOs158DdoRMcXiPR5x60uwIeRyEm0371z/93BNNKfvacVLAWiZsT8d6svdgcHo8yOcJq8ZYp00Wa8zmXBf71VY9DVvtPbm42OqFa8i/LpjA4eXVm49f3Dutt5s/RHcVfILLGAqMAdPVSnNP7lSuBpvWggdYMva8ak7h1xBGj7k8koLFfvES1POjN+/sLYSwHWX/7ZNSg3Mx5NrEWHJJcNg/lqs+wTztfgcAAP//AQAA///I7JLqSwgAAA==" | base64 -d | gzip -d > conf/kube_env.yaml
download-release
echo "== nodeup node config done =="
--MIMEBOUNDARY
Content-Disposition: attachment; filename="myscript.sh"
Content-Transfer-Encoding: 7bit
Content-Type: text/x-shellscript
Mime-Version: 1.0
#!/bin/sh
echo "nodes: The time is now $(date -R)!" | tee /root/output.txt
--MIMEBOUNDARY--

1
tests/integration/update_cluster/compress/id_rsa.pub Executable file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ==

93
tests/integration/update_cluster/compress/in-v1alpha2.yaml Normal file
View File

@ -0,0 +1,93 @@
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
creationTimestamp: "2016-12-10T22:42:27Z"
name: compress.example.com
spec:
kubernetesApiAccess:
- 0.0.0.0/0
channel: stable
cloudProvider: aws
configBase: memfs://clusters.example.com/compress.example.com
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: main
- etcdMembers:
- instanceGroup: master-us-test-1a
name: us-test-1a
name: events
iam: {}
kubelet:
anonymousAuth: false
kubernetesVersion: v1.14.0
masterInternalName: api.internal.compress.example.com
masterPublicName: api.compress.example.com
networkCIDR: 172.20.0.0/16
networking:
kubenet: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
sshKeyName: ""
topology:
masters: public
nodes: public
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a
type: Public
zone: us-test-1a
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2016-12-10T22:42:28Z"
name: nodes
labels:
kops.k8s.io/cluster: compress.example.com
spec:
associatePublicIp: true
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
machineType: t2.medium
maxSize: 2
minSize: 2
role: Node
subnets:
- us-test-1a
compressUserData: true
additionalUserData:
- name: myscript.sh
type: text/x-shellscript
content: |
#!/bin/sh
echo "nodes: The time is now $(date -R)!" | tee /root/output.txt
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2016-12-10T22:42:28Z"
name: master-us-test-1a
labels:
kops.k8s.io/cluster: compress.example.com
spec:
associatePublicIp: true
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
machineType: m3.medium
maxSize: 1
minSize: 1
role: Master
subnets:
- us-test-1a
compressUserData: true
additionalUserData:
- name: myscript.sh
type: text/x-shellscript
content: |
#!/bin/sh
echo "nodes: The time is now $(date -R)!" | tee /root/output.txt

568
tests/integration/update_cluster/compress/kubernetes.tf Normal file
View File

@ -0,0 +1,568 @@
locals {
cluster_name = "compress.example.com"
master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-compress-example-com.id]
master_security_group_ids = [aws_security_group.masters-compress-example-com.id]
masters_role_arn = aws_iam_role.masters-compress-example-com.arn
masters_role_name = aws_iam_role.masters-compress-example-com.name
node_autoscaling_group_ids = [aws_autoscaling_group.nodes-compress-example-com.id]
node_security_group_ids = [aws_security_group.nodes-compress-example-com.id]
node_subnet_ids = [aws_subnet.us-test-1a-compress-example-com.id]
nodes_role_arn = aws_iam_role.nodes-compress-example-com.arn
nodes_role_name = aws_iam_role.nodes-compress-example-com.name
region = "us-test-1"
route_table_public_id = aws_route_table.compress-example-com.id
subnet_us-test-1a_id = aws_subnet.us-test-1a-compress-example-com.id
vpc_cidr_block = aws_vpc.compress-example-com.cidr_block
vpc_id = aws_vpc.compress-example-com.id
}
output "cluster_name" {
value = "compress.example.com"
}
output "master_autoscaling_group_ids" {
value = [aws_autoscaling_group.master-us-test-1a-masters-compress-example-com.id]
}
output "master_security_group_ids" {
value = [aws_security_group.masters-compress-example-com.id]
}
output "masters_role_arn" {
value = aws_iam_role.masters-compress-example-com.arn
}
output "masters_role_name" {
value = aws_iam_role.masters-compress-example-com.name
}
output "node_autoscaling_group_ids" {
value = [aws_autoscaling_group.nodes-compress-example-com.id]
}
output "node_security_group_ids" {
value = [aws_security_group.nodes-compress-example-com.id]
}
output "node_subnet_ids" {
value = [aws_subnet.us-test-1a-compress-example-com.id]
}
output "nodes_role_arn" {
value = aws_iam_role.nodes-compress-example-com.arn
}
output "nodes_role_name" {
value = aws_iam_role.nodes-compress-example-com.name
}
output "region" {
value = "us-test-1"
}
output "route_table_public_id" {
value = aws_route_table.compress-example-com.id
}
output "subnet_us-test-1a_id" {
value = aws_subnet.us-test-1a-compress-example-com.id
}
output "vpc_cidr_block" {
value = aws_vpc.compress-example-com.cidr_block
}
output "vpc_id" {
value = aws_vpc.compress-example-com.id
}
provider "aws" {
region = "us-test-1"
}
resource "aws_autoscaling_group" "master-us-test-1a-masters-compress-example-com" {
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
launch_template {
id = aws_launch_template.master-us-test-1a-masters-compress-example-com.id
version = aws_launch_template.master-us-test-1a-masters-compress-example-com.latest_version
}
max_size = 1
metrics_granularity = "1Minute"
min_size = 1
name = "master-us-test-1a.masters.compress.example.com"
tag {
key = "KubernetesCluster"
propagate_at_launch = true
value = "compress.example.com"
}
tag {
key = "Name"
propagate_at_launch = true
value = "master-us-test-1a.masters.compress.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "master"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/role/master"
propagate_at_launch = true
value = "1"
}
tag {
key = "kops.k8s.io/instancegroup"
propagate_at_launch = true
value = "master-us-test-1a"
}
tag {
key = "kubernetes.io/cluster/compress.example.com"
propagate_at_launch = true
value = "owned"
}
vpc_zone_identifier = [aws_subnet.us-test-1a-compress-example-com.id]
}
resource "aws_autoscaling_group" "nodes-compress-example-com" {
enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
launch_template {
id = aws_launch_template.nodes-compress-example-com.id
version = aws_launch_template.nodes-compress-example-com.latest_version
}
max_size = 2
metrics_granularity = "1Minute"
min_size = 2
name = "nodes.compress.example.com"
tag {
key = "KubernetesCluster"
propagate_at_launch = true
value = "compress.example.com"
}
tag {
key = "Name"
propagate_at_launch = true
value = "nodes.compress.example.com"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role"
propagate_at_launch = true
value = "node"
}
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node"
propagate_at_launch = true
value = ""
}
tag {
key = "k8s.io/role/node"
propagate_at_launch = true
value = "1"
}
tag {
key = "kops.k8s.io/instancegroup"
propagate_at_launch = true
value = "nodes"
}
tag {
key = "kubernetes.io/cluster/compress.example.com"
propagate_at_launch = true
value = "owned"
}
vpc_zone_identifier = [aws_subnet.us-test-1a-compress-example-com.id]
}
resource "aws_ebs_volume" "us-test-1a-etcd-events-compress-example-com" {
availability_zone = "us-test-1a"
encrypted = false
size = 20
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "us-test-1a.etcd-events.compress.example.com"
"k8s.io/etcd/events" = "us-test-1a/us-test-1a"
"k8s.io/role/master" = "1"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
type = "gp2"
}
resource "aws_ebs_volume" "us-test-1a-etcd-main-compress-example-com" {
availability_zone = "us-test-1a"
encrypted = false
size = 20
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "us-test-1a.etcd-main.compress.example.com"
"k8s.io/etcd/main" = "us-test-1a/us-test-1a"
"k8s.io/role/master" = "1"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
type = "gp2"
}
resource "aws_iam_instance_profile" "masters-compress-example-com" {
name = "masters.compress.example.com"
role = aws_iam_role.masters-compress-example-com.name
}
resource "aws_iam_instance_profile" "nodes-compress-example-com" {
name = "nodes.compress.example.com"
role = aws_iam_role.nodes-compress-example-com.name
}
resource "aws_iam_role_policy" "masters-compress-example-com" {
name = "masters.compress.example.com"
policy = file("${path.module}/data/aws_iam_role_policy_masters.compress.example.com_policy")
role = aws_iam_role.masters-compress-example-com.name
}
resource "aws_iam_role_policy" "nodes-compress-example-com" {
name = "nodes.compress.example.com"
policy = file("${path.module}/data/aws_iam_role_policy_nodes.compress.example.com_policy")
role = aws_iam_role.nodes-compress-example-com.name
}
resource "aws_iam_role" "masters-compress-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.compress.example.com_policy")
name = "masters.compress.example.com"
}
resource "aws_iam_role" "nodes-compress-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.compress.example.com_policy")
name = "nodes.compress.example.com"
}
resource "aws_internet_gateway" "compress-example-com" {
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" {
block_device_mappings {
device_name = "/dev/xvda"
ebs {
delete_on_termination = true
volume_size = 64
volume_type = "gp2"
}
}
block_device_mappings {
device_name = "/dev/sdc"
virtual_name = "ephemeral0"
}
iam_instance_profile {
name = aws_iam_instance_profile.masters-compress-example-com.id
}
image_id = "ami-12345678"
instance_type = "m3.medium"
lifecycle {
create_before_destroy = true
}
name = "master-us-test-1a.masters.compress.example.com"
network_interfaces {
associate_public_ip_address = true
delete_on_termination = true
security_groups = [aws_security_group.masters-compress-example-com.id]
}
tag_specifications {
resource_type = "instance"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "master-us-test-1a.masters.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
tag_specifications {
resource_type = "volume"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "master-us-test-1a.masters.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "master-us-test-1a.masters.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = ""
"k8s.io/role/master" = "1"
"kops.k8s.io/instancegroup" = "master-us-test-1a"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
user_data = filebase64("${path.module}/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data")
}
resource "aws_launch_template" "nodes-compress-example-com" {
block_device_mappings {
device_name = "/dev/xvda"
ebs {
delete_on_termination = true
volume_size = 128
volume_type = "gp2"
}
}
iam_instance_profile {
name = aws_iam_instance_profile.nodes-compress-example-com.id
}
image_id = "ami-12345678"
instance_type = "t2.medium"
lifecycle {
create_before_destroy = true
}
name = "nodes.compress.example.com"
network_interfaces {
associate_public_ip_address = true
delete_on_termination = true
security_groups = [aws_security_group.nodes-compress-example-com.id]
}
tag_specifications {
resource_type = "instance"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "nodes.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
tag_specifications {
resource_type = "volume"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "nodes.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "nodes.compress.example.com"
"k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node"
"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = ""
"k8s.io/role/node" = "1"
"kops.k8s.io/instancegroup" = "nodes"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
user_data = filebase64("${path.module}/data/aws_launch_template_nodes.compress.example.com_user_data")
}
resource "aws_route_table_association" "us-test-1a-compress-example-com" {
route_table_id = aws_route_table.compress-example-com.id
subnet_id = aws_subnet.us-test-1a-compress-example-com.id
}
resource "aws_route_table" "compress-example-com" {
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
"kubernetes.io/kops/role" = "public"
}
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_route" "route-0-0-0-0--0" {
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.compress-example-com.id
route_table_id = aws_route_table.compress-example-com.id
}
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "masters-compress-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to0-masters-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.masters-compress-example-com.id
source_security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "masters-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-compress-example-com.id
source_security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-egress-all-0to0-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 0
type = "egress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-all-0to0-nodes-compress-example-com" {
from_port = 0
protocol = "-1"
security_group_id = aws_security_group.nodes-compress-example-com.id
source_security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 0
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-1to2379-masters-compress-example-com" {
from_port = 1
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
source_security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 2379
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-2382to4000-masters-compress-example-com" {
from_port = 2382
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
source_security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 4000
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-tcp-4003to65535-masters-compress-example-com" {
from_port = 4003
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
source_security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes-compress-example-com-ingress-udp-1to65535-masters-compress-example-com" {
from_port = 1
protocol = "udp"
security_group_id = aws_security_group.masters-compress-example-com.id
source_security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.masters-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" {
cidr_blocks = ["0.0.0.0/0"]
from_port = 22
protocol = "tcp"
security_group_id = aws_security_group.nodes-compress-example-com.id
to_port = 22
type = "ingress"
}
resource "aws_security_group" "masters-compress-example-com" {
description = "Security group for masters"
name = "masters.compress.example.com"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "masters.compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_security_group" "nodes-compress-example-com" {
description = "Security group for nodes"
name = "nodes.compress.example.com"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "nodes.compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_subnet" "us-test-1a-compress-example-com" {
availability_zone = "us-test-1a"
cidr_block = "172.20.32.0/19"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "us-test-1a.compress.example.com"
"SubnetType" = "Public"
"kubernetes.io/cluster/compress.example.com" = "owned"
"kubernetes.io/role/elb" = "1"
}
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_vpc_dhcp_options_association" "compress-example-com" {
dhcp_options_id = aws_vpc_dhcp_options.compress-example-com.id
vpc_id = aws_vpc.compress-example-com.id
}
resource "aws_vpc_dhcp_options" "compress-example-com" {
domain_name = "us-test-1.compute.internal"
domain_name_servers = ["AmazonProvidedDNS"]
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
resource "aws_vpc" "compress-example-com" {
cidr_block = "172.20.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}
terraform {
required_version = ">= 0.12.26"
required_providers {
aws = {
"source" = "hashicorp/aws"
"version" = ">= 2.46.0"
}
}
}