├── .github
    ├── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   └── feature_request.md
    └── pull_request_template.md
├── .gitignore
├── CODEOWNERS
├── LICENSE.md
├── NOTICE.md
├── README.md
├── basetemplates
    ├── README.md
    ├── auth
    │   └── kubeconfig
    ├── bootstrap-manifests
    │   ├── bootstrap-apiserver.yaml
    │   ├── bootstrap-controller-manager.yaml
    │   ├── bootstrap-etcd.yaml
    │   └── bootstrap-scheduler.yaml
    ├── etcd
    │   ├── bootstrap-etcd-service.json
    │   └── migrate-etcd-cluster.json
    ├── generate-templates.sh
    ├── manifests
    │   ├── etcd-client-tls.yaml
    │   ├── etcd-operator.yaml
    │   ├── etcd-peer-tls.yaml
    │   ├── etcd-server-tls.yaml
    │   ├── etcd-service.yaml
    │   ├── kube-apiserver-secret.yaml
    │   ├── kube-apiserver.yaml
    │   ├── kube-controller-manager-disruption.yaml
    │   ├── kube-controller-manager-secret.yaml
    │   ├── kube-controller-manager.yaml
    │   ├── kube-dns-deployment.yaml
    │   ├── kube-dns-svc.yaml
    │   ├── kube-etcd-network-checkpointer.yaml
    │   ├── kube-flannel-cfg.yaml
    │   ├── kube-flannel.yaml
    │   ├── kube-proxy.yaml
    │   ├── kube-scheduler-disruption.yaml
    │   ├── kube-scheduler.yaml
    │   ├── kube-system-rbac-role-binding.yaml
    │   └── pod-checkpointer.yaml
    └── tls
    │   ├── apiserver.crt
    │   ├── apiserver.key
    │   ├── ca.crt
    │   ├── ca.key
    │   ├── etcd-client-ca.crt
    │   ├── etcd-client.crt
    │   ├── etcd-client.key
    │   ├── etcd
    │       ├── peer-ca.crt
    │       ├── peer.crt
    │       ├── peer.key
    │       ├── server-ca.crt
    │       ├── server.crt
    │       └── server.key
    │   ├── kubelet.crt
    │   ├── kubelet.key
    │   ├── service-account.key
    │   └── service-account.pub
├── bin
    ├── apply
    ├── bastion
    ├── ec
    ├── k
    ├── ka
    ├── kd
    ├── ks
    ├── kurl
    ├── lbaas
    ├── master
    ├── migrate
    ├── n
    ├── os
    │   ├── os_debug
    │   └── os_image
    ├── plan
    ├── prepare
    ├── recreate
    ├── roll
    ├── tf
    ├── update
    ├── utils
    │   └── render_images
    └── worker
├── docs
    ├── README.md
    ├── addons.md
    ├── addons
    │   └── dex.md
    ├── aws.md
    ├── azure.md
    ├── etcd_migration.md
    ├── files.md
    ├── kubify.png
    ├── kubify.svg
    ├── kubify@20x.png
    ├── kubify@2x.png
    ├── manifests
    │   └── etcdctl.yaml
    ├── openstack.md
    ├── presentations
    │   └── Static-ETCD-Setup.pptx
    └── troubleshoot.md
├── migrate.mig
├── modules
    ├── access
    │   ├── aws
    │   │   ├── aws.tf
    │   │   └── variables.tf
    │   ├── azure
    │   │   ├── azure.tf
    │   │   └── variables.tf
    │   ├── create.sh
    │   └── node_config
    │   │   ├── create.sh
    │   │   ├── node_config.tf
    │   │   └── variables.tf
    ├── b64var
    │   └── variable.tf
    ├── ca
    │   └── cert.tf
    ├── cfgvar
    │   └── cfgvar.tf
    ├── cluster
    │   ├── cluster.tf
    │   ├── templates
    │   │   └── cluster-info
    │   └── tls.tf
    ├── condlist
    │   └── condlist.tf
    ├── condmap
    │   └── condmap.tf
    ├── config_check
    │   └── config_check.tf
    ├── configurable
    │   └── configurable.tf
    ├── defaults
    │   └── defaults.tf
    ├── dns
    │   ├── dns.tf
    │   └── route53
    │   │   └── route53.tf
    ├── etcd_tls
    │   ├── access
    │   │   └── data.tf
    │   └── etcd.tf
    ├── faketls
    │   └── faketls.tf
    ├── file
    │   ├── file.tf
    │   └── resources
    │   │   └── empty
    ├── flag
    │   └── flag.tf
    ├── instance
    │   ├── bootstrap.tf
    │   ├── defaults.tf
    │   ├── dns.tf
    │   ├── main.tf
    │   ├── nodes.tf
    │   ├── recover.tf
    │   ├── resources
    │   │   └── bin
    │   │   │   ├── azure-meta
    │   │   │   ├── bootstrap.sh
    │   │   │   ├── busybox
    │   │   │   ├── cleanup_etcd
    │   │   │   ├── complete-cluster
    │   │   │   ├── complete.sh
    │   │   │   ├── completeetcd.sh
    │   │   │   ├── ctlp.sh
    │   │   │   ├── ec
    │   │   │   ├── etcd.sh
    │   │   │   ├── ks
    │   │   │   ├── operator.sh
    │   │   │   ├── recover-controlplane.sh
    │   │   │   ├── source_me
    │   │   │   ├── wdocker.sh
    │   │   │   └── wpods.sh
    │   ├── roll.tf
    │   ├── settings.tf
    │   ├── sshkey.tf
    │   ├── update.tf
    │   ├── variables.tf
    │   └── version.tf
    ├── listvar
    │   └── variable.tf
    ├── lookup_list
    │   └── lookup_list.tf
    ├── lookup_map
    │   └── lookup_map.tf
    ├── map
    │   └── image.tf
    ├── mapvar
    │   └── variable.tf
    ├── nodes
    │   ├── mount_point
    │   │   ├── mount.tf
    │   │   └── templates
    │   │   │   └── volume.mount
    │   ├── nodes.tf
    │   ├── path_entry
    │   │   ├── entry.tf
    │   │   └── templates
    │   │   │   └── path
    │   ├── resources
    │   │   ├── setup_kubeenv
    │   │   ├── setup_volume
    │   │   └── updatecacerts.service
    │   └── templates
    │   │   ├── bootkube.service
    │   │   ├── cloud-init
    │   │   ├── cloud-init-wrapper
    │   │   └── volume.service
    ├── optrsc
    │   └── optrsc.tf
    ├── roll
    │   ├── complex_attr
    │   │   └── attr.tf
    │   ├── list
    │   │   └── list.tf
    │   ├── roll.tf
    │   └── simple_attr
    │   │   └── attr.tf
    ├── seed
    │   ├── addons.tf
    │   ├── addons
    │   │   ├── addon-template.tf
    │   │   ├── dex
    │   │   │   ├── dex.tf
    │   │   │   └── templates
    │   │   │   │   ├── connectors
    │   │   │   │       ├── github.yaml
    │   │   │   │       └── saml.yaml
    │   │   │   │   ├── manifests
    │   │   │   │       ├── 10-dex-cm.yaml
    │   │   │   │       ├── 20-dex-svc.yaml
    │   │   │   │       ├── 30-dex-dep.yaml
    │   │   │   │       └── 40-dex-ing.yaml
    │   │   │   │   └── tls_secret.yaml
    │   │   ├── external-dns
    │   │   │   ├── external-dns.tf
    │   │   │   └── templates
    │   │   │   │   ├── manifests
    │   │   │   │       └── external.dns.yaml
    │   │   │   │   └── types
    │   │   │   │       └── aws
    │   │   │   │           ├── env.yaml
    │   │   │   │           └── secret.yaml
    │   │   ├── gardener
    │   │   │   ├── gardener.tf
    │   │   │   └── templates
    │   │   │   │   ├── manifests
    │   │   │   │       ├── gardener-0-namespace.yaml
    │   │   │   │       ├── gardener-0-rbac.yaml
    │   │   │   │       ├── gardener-apiserver.yaml
    │   │   │   │       └── gardener-controller.yaml
    │   │   │   │   └── route53_domain_secret.yaml
    │   │   ├── machine
    │   │   │   ├── machines.tf
    │   │   │   └── templates
    │   │   │   │   └── manifests
    │   │   │   │       ├── 10-machine-ns.yaml
    │   │   │   │       ├── 20-crds.yaml
    │   │   │   │       ├── 30-machine-rbac.yaml
    │   │   │   │       ├── 40-machine-depl.yaml
    │   │   │   │       └── 50-machine-cfg.yaml
    │   │   ├── monitoring
    │   │   │   ├── monitoring.tf
    │   │   │   └── templates
    │   │   │   │   ├── alertmanager-base-config.yaml
    │   │   │   │   ├── alertmanager-default-config.yaml
    │   │   │   │   ├── grafana-config.yaml
    │   │   │   │   ├── manifests
    │   │   │   │       ├── alertmanager.yaml
    │   │   │   │       ├── grafana.yaml
    │   │   │   │       └── prometheus.yaml
    │   │   │   │   ├── prometheus-config.yaml
    │   │   │   │   └── prometheus-rules.yaml
    │   │   └── nginx-ingress
    │   │   │   ├── nginx-ingress.tf
    │   │   │   └── templates
    │   │   │       └── manifests
    │   │   │           ├── nginx-echo.yaml
    │   │   │           └── nginx-ingress.yaml
    │   ├── backup.tf
    │   ├── dns.tf
    │   ├── pv_backup.tf
    │   ├── recover.tf
    │   ├── s3_backup.tf
    │   ├── scripts
    │   │   ├── copy_deploy
    │   │   └── prepare_assets.sh
    │   ├── templates.tf
    │   ├── templates
    │   │   ├── addons
    │   │   │   ├── dashboard
    │   │   │   │   └── manifests
    │   │   │   │   │   ├── dashboard-ingress.yaml
    │   │   │   │   │   └── dashboard.yaml
    │   │   │   ├── guestbook
    │   │   │   │   └── manifests
    │   │   │   │   │   ├── a-namespace.yml
    │   │   │   │   │   ├── frontend-deployment.yml
    │   │   │   │   │   ├── frontend-ingress.yml
    │   │   │   │   │   ├── frontend-service.yml
    │   │   │   │   │   ├── redis-master-deployment.yml
    │   │   │   │   │   ├── redis-master-service.yml
    │   │   │   │   │   ├── redis-slave-deployment.yml
    │   │   │   │   │   └── redis-slave-service.yml
    │   │   │   ├── heapster
    │   │   │   │   └── manifests
    │   │   │   │   │   └── heapster.yaml
    │   │   │   ├── kube-lego
    │   │   │   │   └── manifests
    │   │   │   │   │   ├── kube-lego.yaml
    │   │   │   │   │   └── lego-echo.yaml
    │   │   │   └── logging
    │   │   │   │   └── manifests
    │   │   │   │       ├── es-curator-configmap.yaml
    │   │   │   │       ├── es-curator-cronjob.yaml
    │   │   │   │       ├── es-service.yaml
    │   │   │   │       ├── es-statefulset.yaml
    │   │   │   │       ├── fluentd-es-configmap.yaml
    │   │   │   │       ├── fluentd-es-ds.yaml
    │   │   │   │       ├── kibana-deployment.yaml
    │   │   │   │       └── kibana-service.yaml
    │   │   ├── bootkube
    │   │   │   ├── common
    │   │   │   │   ├── bootstrap-manifests
    │   │   │   │   │   ├── bootstrap-apiserver.yaml
    │   │   │   │   │   ├── bootstrap-controller-manager.yaml
    │   │   │   │   │   └── bootstrap-scheduler.yaml
    │   │   │   │   └── manifests
    │   │   │   │   │   ├── etcd-client-tls.yaml
    │   │   │   │   │   ├── etcd-peer-tls.yaml
    │   │   │   │   │   ├── etcd-server-tls.yaml
    │   │   │   │   │   ├── etcd-service.yaml
    │   │   │   │   │   ├── kube-apiserver-secret.yaml
    │   │   │   │   │   ├── kube-apiserver.yaml
    │   │   │   │   │   ├── kube-controller-manager-disruption.yaml
    │   │   │   │   │   ├── kube-controller-manager-secret.yaml
    │   │   │   │   │   ├── kube-controller-manager.yaml
    │   │   │   │   │   ├── kube-dns-deployment.yaml
    │   │   │   │   │   ├── kube-dns-svc.yaml
    │   │   │   │   │   ├── kube-flannel-cfg.yaml
    │   │   │   │   │   ├── kube-flannel.yaml
    │   │   │   │   │   ├── kube-proxy.yaml
    │   │   │   │   │   ├── kube-scheduler-disruption.yaml
    │   │   │   │   │   ├── kube-scheduler.yaml
    │   │   │   │   │   ├── kube-system-rbac-role-binding.yaml
    │   │   │   │   │   └── pod-checkpointer.yaml
    │   │   │   ├── self
    │   │   │   │   ├── bootstrap-manifests
    │   │   │   │   │   └── bootstrap-etcd.yaml
    │   │   │   │   ├── etcd
    │   │   │   │   │   ├── bootstrap-etcd-service.json
    │   │   │   │   │   └── migrate-etcd-cluster.json
    │   │   │   │   └── manifests
    │   │   │   │   │   ├── etcd-operator.yaml
    │   │   │   │   │   └── kube-etcd-network-checkpointer.yaml
    │   │   │   └── single
    │   │   │   │   └── manifests
    │   │   │   │       └── kube-etcd-svc.yaml
    │   │   ├── empty
    │   │   │   └── empty
    │   │   ├── etcd_backup
    │   │   │   ├── pv
    │   │   │   │   └── spec.json
    │   │   │   └── s3
    │   │   │   │   ├── config
    │   │   │   │   ├── credentials
    │   │   │   │   ├── secret.yaml
    │   │   │   │   ├── sidecar.yaml
    │   │   │   │   └── spec.json
    │   │   ├── etcd_bootstrap
    │   │   │   ├── initial
    │   │   │   ├── recover_initcontainers
    │   │   │   ├── recover_mount_backup
    │   │   │   ├── recover_mount_etcd
    │   │   │   ├── recover_volumes
    │   │   │   ├── static_etcd.yaml
    │   │   │   └── static_recover_initcontainers
    │   │   ├── kubelet.conf
    │   │   ├── kubelet.env
    │   │   └── misc
    │   │   │   ├── kube-helm.yaml
    │   │   │   └── oidc.dropin
    │   ├── tls.tf
    │   └── variables.tf
    ├── template_input
    │   └── template_input.tf
    ├── tls
    │   ├── access
    │   │   └── data.tf
    │   └── tls.tf
    ├── value_check
    │   └── value_check.tf
    ├── variable
    │   └── variable.tf
    ├── versions
    │   ├── config.tf
    │   ├── create.sh
    │   ├── defaults.tf
    │   └── variables.tf
    └── vms
    │   ├── info.tf
    │   └── versions.tf
├── platforms
    ├── aws
    │   └── modules
    │   │   ├── config
    │   │       ├── README.md
    │   │       ├── config.tf
    │   │       └── variables.tf
    │   │   ├── iaas
    │   │       ├── addons.tf
    │   │       ├── bastion.tf
    │   │       ├── cloud-init.tf
    │   │       ├── cloud.tf
    │   │       ├── iaas.tf
    │   │       ├── iam.tf
    │   │       ├── kube2iam.tf
    │   │       ├── sshkey.tf
    │   │       ├── templates
    │   │       │   ├── addons
    │   │       │   │   └── manifests
    │   │       │   │   │   ├── etcd-storage-class.yaml
    │   │       │   │   │   ├── kube-storage-class.yaml
    │   │       │   │   │   └── kube2iam.yaml
    │   │       │   └── cloud.conf
    │   │       ├── variables.tf
    │   │       └── versions.tf
    │   │   ├── lbaas
    │   │       └── lbaas.tf
    │   │   ├── machine
    │   │       ├── machine.tf
    │   │       ├── templates
    │   │       │   ├── class.yaml
    │   │       │   ├── deployment.yaml
    │   │       │   └── secret.yaml
    │   │       └── variables.tf
    │   │   └── vms
    │   │       ├── fips.tf
    │   │       ├── lbaas.tf
    │   │       ├── roll.tf
    │   │       ├── variables.tf
    │   │       └── vms.tf
    ├── azure
    │   └── modules
    │   │   ├── config
    │   │       ├── config.tf
    │   │       └── variables.tf
    │   │   ├── iaas
    │   │       ├── addons.tf
    │   │       ├── bastion.tf
    │   │       ├── cloud-init.tf
    │   │       ├── cloud.tf
    │   │       ├── iaas.tf
    │   │       ├── sshkey.tf
    │   │       ├── templates
    │   │       │   ├── addons
    │   │       │   │   └── manifests
    │   │       │   │   │   ├── etcd-storage-class.yaml
    │   │       │   │   │   ├── kube-storage-class-ssd.yaml
    │   │       │   │   │   └── kube-storage-class.yaml
    │   │       │   └── cloud.conf
    │   │       └── variables.tf
    │   │   ├── lbaas
    │   │       └── lbaas.tf
    │   │   ├── machine
    │   │       ├── machine.tf
    │   │       ├── templates
    │   │       │   ├── class.yaml
    │   │       │   ├── deployment.yaml
    │   │       │   └── secret.yaml
    │   │       └── variables.tf
    │   │   └── vms
    │   │       ├── lbaas.tf
    │   │       ├── nics.tf
    │   │       ├── roll.tf
    │   │       ├── variables.tf
    │   │       └── vms.tf
    ├── create.sh
    ├── interfaces
    │   ├── iaas
    │   ├── machine
    │   └── vms
    └── openstack
    │   └── modules
    │       ├── config
    │           ├── README.md
    │           ├── check.tf
    │           ├── config.tf
    │           └── variables.tf
    │       ├── iaas
    │           ├── addons.tf
    │           ├── bastion.tf
    │           ├── cloud-init.tf
    │           ├── cloud.tf
    │           ├── iaas.tf
    │           ├── osrc.tf
    │           ├── sshkey.tf
    │           ├── templates
    │           │   ├── addons
    │           │   │   └── manifests
    │           │   │   │   ├── etcd-storage-class.yaml
    │           │   │   │   └── kube-storage-class.yaml
    │           │   ├── cloud.conf
    │           │   └── osrc
    │           └── variables.tf
    │       ├── lbaas
    │           └── lbaas.tf
    │       ├── machine
    │           ├── machine.tf
    │           ├── templates
    │           │   ├── class.yaml
    │           │   ├── deployment.yaml
    │           │   └── secret.yaml
    │           └── variables.tf
    │       └── vms
    │           ├── fips.tf
    │           ├── lbaas.tf
    │           ├── roll.tf
    │           ├── variables.tf
    │           └── vms.tf
└── variants
    ├── README.md
    ├── aws
        ├── aws.tf
        ├── cluster.tf
        ├── migrate.mig
        └── modules
        │   ├── config
        │   ├── iaas
        │   ├── lbaas
        │   ├── machine
        │   └── vms
    ├── azure
        ├── azure.tf
        ├── cluster.tf
        ├── migrate.mig
        └── modules
        │   ├── config
        │   ├── iaas
        │   ├── lbaas
        │   ├── machine
        │   └── vms
    ├── cluster.tf
    ├── create.sh
    ├── current
    └── openstack
        ├── cluster.tf
        ├── migrate.mig
        ├── modules
            ├── config
            ├── iaas
            ├── lbaas
            ├── machine
            └── vms
        └── os.tf


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Tell us about things that don't work
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **What happened**:
11 | 
12 | **What you expected to happen**:
13 | 
14 | **How to reproduce it (as minimally and precisely as possible)**:
15 | 
16 | **Anything else we need to know?**:
17 | 
18 | **Environment**:
19 | 
20 | - Which cloud provider is configured for the setup?


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Feature request
 3 | about: Suggest an idea for this project
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **What would you like to be added**:
11 | 
12 | **Why is this needed**:


--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 | **What this PR does / why we need it**:
2 | 
3 | **Which issue(s) this PR fixes**:
4 | Fixes #
5 | 
6 | **Special notes for your reviewer**:


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .terraform/
2 | gen/
3 | tmp/
4 | *.sw[opq]
5 | .vscode/


--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # kubify maintainers
2 | * 	@mandelsoft @afritzler @gonzolino
3 | 


--------------------------------------------------------------------------------
/NOTICE.md:
--------------------------------------------------------------------------------
1 | ## kubify
2 | Copyright (c) 2017-2018 SAP SE or an SAP affiliate company. All rights reserved.
3 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Kubify
 2 | 
 3 | ![Kubify Logo](docs/kubify@2x.png)
 4 | 
 5 | Kubify is a [Terraform](https://www.terraform.io/) based provisioning project for setting up production ready [Kubernetes](https://kubernetes.io/) clusters on public and private Cloud infrastructures. Kubify currently supports:
 6 | 
 7 | * OpenStack
 8 | * AWS
 9 | * Azure
10 | 
11 | Key features of Kubify are:
12 | 
13 | * Kubernetes v1.10.12
14 | * Etcd v3.3.10 multi master node setup
15 | * Etcd backup and restore
16 | * Supports rolling updates
17 | 
18 | ----
19 | 
20 | ## To start using or developing Kubify locally
21 | 
22 | See our documentation in the `/docs` repository or [find the main documentation here](https://github.com/gardener/kubify/blob/master/docs/README.md).
23 | 
24 | ## Feedback and Support
25 | 
26 | Feedback and contributions are always welcome. Please report bugs or suggestions about our Kubernetes clusters as such or the Kubify itself as [GitHub issues](https://github.com/gardener/kubify/issues) or join our [Slack channel #gardener](https://kubernetes.slack.com/messages/gardener) (Invite yourself to the Kubernetes Slack workspace [here](http://slack.k8s.io)).


--------------------------------------------------------------------------------
/basetemplates/README.md:
--------------------------------------------------------------------------------
 1 | # Base Templates
 2 | 
 3 | Render the latest bootkube templates and replace the old one in this directory.
 4 | 
 5 | ```
 6 | ./generate-templates.sh
 7 | ```
 8 | 
 9 | To overwrite the bootkube version
10 | ```
11 | BOOTKUBE_VERSION=v0.9.1 ./generate-templates.sh
12 | ```


--------------------------------------------------------------------------------
/basetemplates/bootstrap-manifests/bootstrap-controller-manager.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-kube-controller-manager
 5 |   namespace: kube-system
 6 | spec:
 7 |   containers:
 8 |   - name: kube-controller-manager
 9 |     image: gcr.io/google_containers/hyperkube:v1.8.3
10 |     command:
11 |     - ./hyperkube
12 |     - controller-manager
13 |     - --allocate-node-cidrs=true
14 |     - --cluster-cidr=10.2.0.0/16
15 |     - --cloud-provider=
16 |     - --configure-cloud-routes=false
17 |     - --kubeconfig=/etc/kubernetes/kubeconfig
18 |     - --leader-elect=true
19 |     - --root-ca-file=/etc/kubernetes/bootstrap-secrets/ca.crt
20 |     - --service-account-private-key-file=/etc/kubernetes/bootstrap-secrets/service-account.key
21 |     volumeMounts:
22 |     - name: kubernetes
23 |       mountPath: /etc/kubernetes
24 |       readOnly: true
25 |     - name: ssl-host
26 |       mountPath: /etc/ssl/certs
27 |       readOnly: true
28 |   hostNetwork: true
29 |   volumes:
30 |   - name: kubernetes
31 |     hostPath:
32 |       path: /etc/kubernetes
33 |   - name: ssl-host
34 |     hostPath:
35 |       path: /usr/share/ca-certificates
36 | 


--------------------------------------------------------------------------------
/basetemplates/bootstrap-manifests/bootstrap-etcd.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-etcd
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: boot-etcd
 8 | spec:
 9 |   containers:
10 |   - name: etcd
11 |     image: quay.io/coreos/etcd:v3.1.8
12 |     command:
13 |     - /usr/local/bin/etcd
14 |     - --name=boot-etcd
15 |     - --listen-client-urls=https://0.0.0.0:12379
16 |     - --listen-peer-urls=https://0.0.0.0:12380
17 |     - --advertise-client-urls=https://10.3.0.20:12379
18 |     - --initial-advertise-peer-urls=https://10.3.0.20:12380
19 |     - --initial-cluster=boot-etcd=https://10.3.0.20:12380
20 |     - --initial-cluster-token=bootkube
21 |     - --initial-cluster-state=new
22 |     - --data-dir=/var/etcd/data
23 |     - --peer-client-cert-auth=true
24 |     - --peer-trusted-ca-file=/etc/kubernetes/secrets/etcd/peer-ca.crt
25 |     - --peer-cert-file=/etc/kubernetes/secrets/etcd/peer.crt
26 |     - --peer-key-file=/etc/kubernetes/secrets/etcd/peer.key
27 |     - --client-cert-auth=true
28 |     - --trusted-ca-file=/etc/kubernetes/secrets/etcd/server-ca.crt
29 |     - --cert-file=/etc/kubernetes/secrets/etcd/server.crt
30 |     - --key-file=/etc/kubernetes/secrets/etcd/server.key
31 |     volumeMounts:
32 |     - mountPath: /etc/kubernetes/secrets
33 |       name: secrets
34 |       readOnly: true
35 |   volumes:
36 |   - name: secrets
37 |     hostPath:
38 |       path: /etc/kubernetes/bootstrap-secrets
39 |   hostNetwork: true
40 |   restartPolicy: Never
41 |   dnsPolicy: ClusterFirstWithHostNet
42 | 


--------------------------------------------------------------------------------
/basetemplates/bootstrap-manifests/bootstrap-scheduler.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-kube-scheduler
 5 |   namespace: kube-system
 6 | spec:
 7 |   containers:
 8 |   - name: kube-scheduler
 9 |     image: gcr.io/google_containers/hyperkube:v1.8.3
10 |     command:
11 |     - ./hyperkube
12 |     - scheduler
13 |     - --kubeconfig=/etc/kubernetes/kubeconfig
14 |     - --leader-elect=true
15 |     volumeMounts:
16 |     - name: kubernetes
17 |       mountPath: /etc/kubernetes
18 |       readOnly: true
19 |   hostNetwork: true
20 |   volumes:
21 |   - name: kubernetes
22 |     hostPath:
23 |       path: /etc/kubernetes
24 | 


--------------------------------------------------------------------------------
/basetemplates/etcd/bootstrap-etcd-service.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "apiVersion": "v1",
 3 |   "kind": "Service",
 4 |   "metadata": {
 5 |     "name": "bootstrap-etcd-service",
 6 |     "namespace": "kube-system"
 7 |   },
 8 |   "spec": {
 9 |     "selector": {
10 |       "k8s-app": "boot-etcd"
11 |     },
12 |     "clusterIP": "10.3.0.20",
13 |     "ports": [
14 |       {
15 |         "name": "client",
16 |         "port": 12379,
17 |         "protocol": "TCP"
18 |       },
19 |       {
20 |         "name": "peers",
21 |         "port": 12380,
22 |         "protocol": "TCP"
23 |       }
24 |     ]
25 |   }
26 | }


--------------------------------------------------------------------------------
/basetemplates/etcd/migrate-etcd-cluster.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "apiVersion": "etcd.database.coreos.com/v1beta2",
 3 |   "kind": "EtcdCluster",
 4 |   "metadata": {
 5 |     "name": "kube-etcd",
 6 |     "namespace": "kube-system"
 7 |   },
 8 |   "spec": {
 9 |     "size": 1,
10 |     "version": "v3.1.8",
11 |     "pod": {
12 |       "nodeSelector": {
13 |         "node-role.kubernetes.io/master": ""
14 |       },
15 |       "tolerations": [
16 |         {
17 |           "key": "node-role.kubernetes.io/master",
18 |           "operator": "Exists",
19 |           "effect": "NoSchedule"
20 |         }
21 |       ]
22 |     },
23 |     "selfHosted": {
24 |       "bootMemberClientEndpoint": "https://10.3.0.20:12379"
25 |     },
26 |     "TLS": {
27 |       "static": {
28 |         "member": {
29 |           "peerSecret": "etcd-peer-tls",
30 |           "serverSecret": "etcd-server-tls"
31 |         },
32 |         "operatorSecret": "etcd-client-tls"
33 |       }
34 |     }
35 |   }
36 | }


--------------------------------------------------------------------------------
/basetemplates/generate-templates.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Render the latest bootkube templates and replace the old one in this directory.
 3 | 
 4 | BASEDIR="$(dirname "$0")"
 5 | 
 6 | BOOTKUBE_VERSION=v0.9.1
 7 | 
 8 | docker run -it quay.io/coreos/bootkube:$BOOTKUBE_VERSION /bootkube render \
 9 |     --asset-dir /generated-templates/ \
10 |     --experimental-self-hosted-etcd \
11 |     && docker cp $(docker ps --last 1 -q):/generated-templates/ $BASEDIR
12 | 
13 | # Remove old directories
14 | rm -rf $BASEDIR/auth/ $BASEDIR/bootstrap-manifests/ $BASEDIR/etcd/ $BASEDIR/manifests/ $BASEDIR/tls/
15 | 
16 | # Move generated files into place
17 | cp -r $BASEDIR/generated-templates/* .
18 | rm -rf $BASEDIR/generated-templates/


--------------------------------------------------------------------------------
/basetemplates/manifests/etcd-operator.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: Deployment
 3 | metadata:
 4 |   name: etcd-operator
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: etcd-operator
 8 | spec:
 9 |   replicas: 1
10 |   selector:
11 |     matchLabels:
12 |       k8s-app: etcd-operator
13 |   template:
14 |     metadata:
15 |       labels:
16 |         k8s-app: etcd-operator
17 |     spec:
18 |       containers:
19 |       - name: etcd-operator
20 |         image: quay.io/coreos/etcd-operator:v0.5.0
21 |         command:
22 |         - /usr/local/bin/etcd-operator
23 |         - --analytics=false
24 |         env:
25 |         - name: MY_POD_NAMESPACE
26 |           valueFrom:
27 |             fieldRef:
28 |               fieldPath: metadata.namespace
29 |         - name: MY_POD_NAME
30 |           valueFrom:
31 |             fieldRef:
32 |               fieldPath: metadata.name
33 |       nodeSelector:
34 |         node-role.kubernetes.io/master: ""
35 |       securityContext:
36 |         runAsNonRoot: true
37 |         runAsUser: 65534
38 |       tolerations:
39 |       - key: node-role.kubernetes.io/master
40 |         operator: Exists
41 |         effect: NoSchedule
42 |   strategy:
43 |     type: RollingUpdate
44 |     rollingUpdate:
45 |       maxUnavailable: 1
46 |       maxSurge: 1
47 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/etcd-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: etcd-service
 5 |   namespace: kube-system
 6 |   # This alpha annotation will retain the endpoints even if the etcd pod isn't ready.
 7 |   # This feature is always enabled in endpoint controller in k8s even it is alpha.
 8 |   annotations:
 9 |     service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
10 | spec:
11 |   selector:
12 |     app: etcd
13 |     etcd_cluster: kube-etcd
14 |   clusterIP: 10.3.0.15
15 |   ports:
16 |   - name: client
17 |     port: 2379
18 |     protocol: TCP
19 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-controller-manager-disruption.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy/v1beta1
 2 | kind: PodDisruptionBudget
 3 | metadata:
 4 |   name: kube-controller-manager
 5 |   namespace: kube-system
 6 | spec:
 7 |   minAvailable: 1
 8 |   selector:
 9 |     matchLabels:
10 |       tier: control-plane
11 |       k8s-app: kube-controller-manager
12 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-dns-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: kube-dns
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: kube-dns
 8 |     kubernetes.io/cluster-service: "true"
 9 |     kubernetes.io/name: "KubeDNS"
10 | spec:
11 |   selector:
12 |     k8s-app: kube-dns
13 |   clusterIP: 10.3.0.10
14 |   ports:
15 |   - name: dns
16 |     port: 53
17 |     protocol: UDP
18 |   - name: dns-tcp
19 |     port: 53
20 |     protocol: TCP
21 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-etcd-network-checkpointer.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: DaemonSet
 3 | metadata:
 4 |   name: kube-etcd-network-checkpointer
 5 |   namespace: kube-system
 6 |   labels:
 7 |     tier: control-plane
 8 |     k8s-app: kube-etcd-network-checkpointer
 9 | spec:
10 |   selector:
11 |     matchLabels:
12 |       tier: control-plane
13 |       k8s-app: kube-etcd-network-checkpointer
14 |   template:
15 |     metadata:
16 |       labels:
17 |         tier: control-plane
18 |         k8s-app: kube-etcd-network-checkpointer
19 |       annotations:
20 |         checkpointer.alpha.coreos.com/checkpoint: "true"
21 |     spec:
22 |       containers:
23 |       - image: quay.io/coreos/kenc:0.0.2
24 |         name: kube-etcd-network-checkpointer
25 |         securityContext:
26 |           privileged: true
27 |         volumeMounts:
28 |         - mountPath: /etc/kubernetes/selfhosted-etcd
29 |           name: checkpoint-dir
30 |           readOnly: false
31 |         - mountPath: /var/etcd
32 |           name: etcd-dir
33 |           readOnly: false
34 |         - mountPath: /var/lock
35 |           name: var-lock
36 |           readOnly: false
37 |         command:
38 |         - /usr/bin/flock
39 |         - /var/lock/kenc.lock
40 |         - -c
41 |         - "kenc -r -m iptables && kenc -m iptables"
42 |       hostNetwork: true
43 |       nodeSelector:
44 |         node-role.kubernetes.io/master: ""
45 |       tolerations:
46 |       - key: node-role.kubernetes.io/master
47 |         operator: Exists
48 |         effect: NoSchedule
49 |       volumes:
50 |       - name: checkpoint-dir
51 |         hostPath:
52 |           path: /etc/kubernetes/checkpoint-iptables
53 |       - name: etcd-dir
54 |         hostPath:
55 |           path: /var/etcd
56 |       - name: var-lock
57 |         hostPath:
58 |           path: /var/lock
59 |   updateStrategy:
60 |     rollingUpdate:
61 |       maxUnavailable: 1
62 |     type: RollingUpdate
63 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-flannel-cfg.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: kube-flannel-cfg
 5 |   namespace: kube-system
 6 |   labels:
 7 |     tier: node
 8 |     k8s-app: flannel
 9 | data:
10 |   cni-conf.json: |
11 |     {
12 |       "name": "cbr0",
13 |       "cniVersion": "0.3.1",
14 |       "plugins": [
15 |         {
16 |           "type": "flannel",
17 |           "delegate": {
18 |             "hairpinMode": true,
19 |             "isDefaultGateway": true
20 |           }
21 |         },
22 |         {
23 |           "type": "portmap",
24 |           "capabilities": {
25 |             "portMappings": true
26 |           }
27 |         }
28 |       ]
29 |     }
30 |   net-conf.json: |
31 |     {
32 |       "Network": "10.2.0.0/16",
33 |       "Backend": {
34 |         "Type": "vxlan"
35 |       }
36 |     }
37 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-scheduler-disruption.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy/v1beta1
 2 | kind: PodDisruptionBudget
 3 | metadata:
 4 |   name: kube-scheduler
 5 |   namespace: kube-system
 6 | spec:
 7 |   minAvailable: 1
 8 |   selector:
 9 |     matchLabels:
10 |       tier: control-plane
11 |       k8s-app: kube-scheduler
12 | 


--------------------------------------------------------------------------------
/basetemplates/manifests/kube-system-rbac-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: system:default-sa
 5 | subjects:
 6 |   - kind: ServiceAccount
 7 |     name: default
 8 |     namespace: kube-system
 9 | roleRef:
10 |   kind: ClusterRole
11 |   name: cluster-admin
12 |   apiGroup: rbac.authorization.k8s.io
13 | 


--------------------------------------------------------------------------------
/basetemplates/tls/apiserver.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDrTCCApWgAwIBAgIID/mVVg8X7vIwDQYJKoZIhvcNAQELBQAwVDEtMCsGA1UE
 3 | ChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgxYWU1YTNhMREwDwYDVQQL
 4 | Ewhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTAeFw0xNzExMTUxMjUzMzRaFw0x
 5 | ODExMTUxMjUzMzVaMC8xFDASBgNVBAoTC2t1YmUtbWFzdGVyMRcwFQYDVQQDEw5r
 6 | dWJlLWFwaXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzR
 7 | l0XcazbqJySnggARkIZQk3GNQW20UICWsSk4gE6CVVjUwi4ihWJEQkH+VHbliPNG
 8 | r6Qrv8mF8FhhCWaH6n6O+4g9WN17PdM/lG96VKeplVBI13vgDGCu+yNTkeUvX0DB
 9 | QqQBK6ljtOnFTI8PvxqS1WuHJlveesq4+3WZyvfgNqENDggz/aGehceT2MYBJjb1
10 | Na5HnkHZ61Yw2Lf9NRj7aWDU6AeJ4GTYX+yzdTDZh3Gvmb9ZrzbPF3B/a9/eqeIb
11 | 7G3WfYu7p0l59CY7Zjjd1+kMcwAOO8i+6QQwxQjDUZsUjIEP12+zLExRc9GkGnil
12 | JxYHI+kwx+WKWagQ2akCAwEAAaOBpzCBpDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
13 | BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHMGA1UdEQRsMGqCCmt1YmVybmV0ZXOC
14 | Emt1YmVybmV0ZXMuZGVmYXVsdIIWa3ViZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3Vi
15 | ZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FshwR/AAABhwQKAwABMA0G
16 | CSqGSIb3DQEBCwUAA4IBAQA7iPMjcPBzRKgvFgJyKXmLEFUqlIePwMYnJwGDREIb
17 | DpICKd4qpTQ3xMmNb4Dnp/r9GCO3QX228mVJEeWDkDVr4hpfOILjWIPIfBX1mK8Z
18 | e73Up5mNJUKYjvfTmH7iH8pTEkG2nvQZaW5XE/76MYJAZ2t8RR+v62hLW9R+mFb2
19 | E6RKgEEith3rJHz3N9CEzije+4/xXB8XqFQIZVK27+loaX5T3/PDru3SpBpIPsau
20 | dxS55rN2zRLNPAaOCQlp8HXOMdgp3b8IY1Q9BpPjYHU2TdMAxjPBonCinYcFr+yn
21 | JDR+E+ZiEjPcdtbxvoYC6HW/d8+qTyrbKCA3JBy30raQ
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/basetemplates/tls/apiserver.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEArNGXRdxrNuonJKeCABGQhlCTcY1BbbRQgJaxKTiAToJVWNTC
 3 | LiKFYkRCQf5UduWI80avpCu/yYXwWGEJZofqfo77iD1Y3Xs90z+Ub3pUp6mVUEjX
 4 | e+AMYK77I1OR5S9fQMFCpAErqWO06cVMjw+/GpLVa4cmW956yrj7dZnK9+A2oQ0O
 5 | CDP9oZ6Fx5PYxgEmNvU1rkeeQdnrVjDYt/01GPtpYNToB4ngZNhf7LN1MNmHca+Z
 6 | v1mvNs8XcH9r396p4hvsbdZ9i7unSXn0JjtmON3X6QxzAA47yL7pBDDFCMNRmxSM
 7 | gQ/Xb7MsTFFz0aQaeKUnFgcj6TDH5YpZqBDZqQIDAQABAoIBAFDdedVcwGZfxpUm
 8 | NHRnw6K1zWhS2ozE1O52lMte/tq9rcX1OC9yQ8upeP98THWeDikXqFQ/jGx12fLg
 9 | 5Q8vBhDWQuiLHCv24QUaORC4wyf4+D8q9nmmauRKvITZM+lz8zRPuikXyyBl4V+J
10 | zLsceSWsE2VPRimyvu5hBHkQz6KQaDJ6ACYBCYOvYLS7KsWHRrklvpdPO4XaCT0t
11 | NR4APayQ8BKlNJubXSN8D8QgSwFd9qiCnDlvXXInIbBC0QNB3ky0IUWfnN4uOK5y
12 | X7isx9x7fk1hs6Lbb1NtfGXEopXoL/Wi9/W2JzZIohJcrTHM9S4H8D2rj8fLUAP0
13 | N1S9NykCgYEA5O8+n+nsPGyAg6unBQpi66LO9DUQSnZAbnnE/fAcgkHxexhu7QFd
14 | o+1p6IuI2ex+0eR62wJwPZz09Hhmejez8feDtOxmnJoZgrweDA0kKBPtBFJVDAzr
15 | fUVw7y/snMZLlbh6ocDixEMSXkurQiY/jsBjIFbFqVIMaF50tNfeOVsCgYEAwT/8
16 | 7F+eXGhZj0XiHMWrLs3yd4bCEHOD23ebZwRn+PCYZH57l2it9UA9vKZWaEwCfLso
17 | 2fO6dC0bKz0dUwtM6mI3zCtC8hNiNOAUNmkG8WYcVGyxSGy9lN2oGjnE9s0wPiHa
18 | zROBQ+PAVysvNImILv+fwWlsV5WQQ69R7CFz5EsCgYBog2xElwc5IpOdCN0r6Oz2
19 | BBKU3DC+vbN2e/LZtydcs/wpJSNm4au9LaKe/iyQyG2xJqyLlVZmWmRdwyWNgCaP
20 | PV8MVqwVrCgfTgAtokYyYb5frbKT2MYdH3mKSIetnr1c8aZSd/tOfAxDrinV/h4f
21 | 7maSmeqM/R8a+pwu/ym9ZwKBgCHFifDRAP7LKaOVJd+7V6AVU6M5xJ5VYZyv+VN2
22 | fKkPesJNLFIYdBYhBOj79KvDZMfheVEle9cjrtTOmFpT5jwrr+6ZPNjLNGVjJ4Ue
23 | s5zqKFdEq3KptjPWzLLQl7A9yYmCJxehqfxwR8O0A0reIhN8jrGhN9LSi2SYtetb
24 | KUKjAoGBALVn4lNV3nvJYBLUVxs1ufDWOj+JgO8F0LOc6DLBvfM5iaxfJDq+tltn
25 | vUyh5oo/8lVgZkfI3nj/WGajbLkamgHORKN8bb3SibU4VtbM70Dqe8JQp3NE0NSl
26 | QmDmrKKPNK62000qTOn+dRDbbL7k53VPg5yK0DE9mZ9AXR2gxfb9
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/ca.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDRjCCAi6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBUMS0wKwYDVQQKEyQyMGE4
 3 | NjY4NC1jNWIyLTQyOTQtOTkyMy1iYzYwODFhZTVhM2ExETAPBgNVBAsTCGJvb3Rr
 4 | dWJlMRAwDgYDVQQDEwdrdWJlLWNhMB4XDTE3MTExNTEyNTMzNFoXDTI3MTExMzEy
 5 | NTMzNFowVDEtMCsGA1UEChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgx
 6 | YWU1YTNhMREwDwYDVQQLEwhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTCCASIw
 7 | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkJljZnrxgbx1epmm5JXCMmETvY
 8 | C7J4iqVhsQsQ80ejreyZvtctCIdvY+zVUCGID5DrgEn+9fKWbFTA9WZmrWpPkKTO
 9 | yu97PTaeCp3Vzc62HExq+Wa3z8UKMcSSqzQNdsWPL35JShv9cDs68AGOpVxZb8zf
10 | AqDJwU8+Gu4baC5Qqy1Dn9q9KiubMqjjDIJ1gw7/nrZp+y9SEz3SxY3LEpbpfa6u
11 | nEez2gqvNwr0C1OzmvBpsSqaQ5ewttdOnHNcbmHjQi7P3EcwUP4p1kW7GLXAFMxQ
12 | My/brH4VNHGXC3P5NOsGovm7MndfhSWXQT+WS58Onql+GZkN6IoD0AKdE/8CAwEA
13 | AaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
14 | AQELBQADggEBAKixXXktzO+5SNd2ff+MMqoSr3vpEWawSRQ6PkAQJnA+xD3GHN1E
15 | XDRTcavCL8ssSB1ghgdEvaw+4KUrzo1eRNF7BZxGmreuGdpSkfaFI60Rzs44qIxZ
16 | mtzZKxg4SbiVluRgYwBt37+O8j0VYYfIEy5dVAT18v1a/LObb/FuIrUMsj24u9Mn
17 | CoIm6RyipDBueTynJ+EgCNfHRrlMdJcM0hCEsWTzT1iT9jT5mi72NtLc/ZhYJwrV
18 | Raa9rw5Hpal8AHgEvd90WAMWt4AQptFZGE3Fgnz4Ypgjhav+2Mv0/pBFPiQjK/lU
19 | fFZqa/BPFbTHiaL3B4hO3yojVdWsEsN5DWs=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/ca.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpQIBAAKCAQEAqQmWNmevGBvHV6mabklcIyYRO9gLsniKpWGxCxDzR6Ot7Jm+
 3 | 1y0Ih29j7NVQIYgPkOuASf718pZsVMD1Zmatak+QpM7K73s9Np4KndXNzrYcTGr5
 4 | ZrfPxQoxxJKrNA12xY8vfklKG/1wOzrwAY6lXFlvzN8CoMnBTz4a7htoLlCrLUOf
 5 | 2r0qK5syqOMMgnWDDv+etmn7L1ITPdLFjcsSlul9rq6cR7PaCq83CvQLU7Oa8Gmx
 6 | KppDl7C2106cc1xuYeNCLs/cRzBQ/inWRbsYtcAUzFAzL9usfhU0cZcLc/k06wai
 7 | +bsyd1+FJZdBP5ZLnw6eqX4ZmQ3oigPQAp0T/wIDAQABAoIBAQCe2heDwSRWr6RB
 8 | yW0LP32KundvmbREX+tLR+cs0x0MsdD8i+9AH13oiNGK+1t2Z3rZYbcJ0sQm2R2s
 9 | +DilptBJG8R+XKdxLot0DElF0mq6W4F0fwMpeIuUS+RBKuQg4pY/SjQDpbQzYZRa
10 | 1SQ/EmJrytC54smBeJhlc6OzJ6Zb/oPdLrtUAxZnP+0EkjIuJ/Tr8PC5nh4/3ltr
11 | jjJ9HIFByV7daKgFKO69a2OPKmoN1cqjuAjyUVBxL1olVfpSSuod3oEe4x0EOgAW
12 | qax3WZCl0OIU6prxx0Nai/KSK72z5TA02F9U4hMdK3hIEo+Gi489lU8p47pLrb40
13 | ezEvP5BhAoGBAMhhmiJ5F9naUJlwAjUfsb9VuMBIxBrn8/TlgkpQo5rS/3BUgymH
14 | 8/L4LT5vUf/2fZ2RUp7nhWmxGNCspjkU7h1Jw5PM1XuufE45FRZZRlBdJwX54iZ/
15 | gYRRPvvto7NB4VFM574za8TEsRuTLGg5ZQqoely0cmw+I+rmzqfLIQZNAoGBANf0
16 | zVnsDWLleYjLA0wA3/vWyAWKRGUROpclYV2UcrXF5gabXVr7ZuaY00VtzUS91Cxi
17 | ntdtYwSe6rgTJbAQ+qCIbxgWxl6jJhWwLJAI5VhExciu9mNtp1U+DFo1clsS1wL7
18 | zysVWOwc/22H7khmuvbvz0/xisDtWC8kcMXxe8F7AoGBALHC/DTWzhTiepwT5LFy
19 | A4JkrnhOVUI1QZOgwxvgO7NOuXLSVmVSiVSjW6fGo6z542gUEoKLiyw/Am+kqfV7
20 | nt12ob0Netm06euO8ikYW6tRaBwCGODkPma+mKxvnciZiiRQoEl4XoN5plB7GGsB
21 | d6Sj36E8J0HlQoHR7cSnDA4FAoGBAKXVUNPalrT47okDDHcSvO1RE6xdbwQFZO6o
22 | P8pysluvqmIscFXrdCtj8+j+1oARHZsv6DYZw83KkwfjfC9l+m/IFTd0VcRamGZT
23 | MQUyL5vGw/LFmGLl03d7/FRRco1JPF8IKyA0dmJqKiNcHLjwWmZB5PrIyvo3yF37
24 | J7Z5J8V9AoGAZzMNUK+0xWX6erXrHPVXCOLwsrR9nIC9/vjZetoaf5BCUogvm/wU
25 | mvZQAG3vVxoblwb+vV1rscRrSeTODJy6bYbGuL09DufShski7uHeSYnMMG5fj+Rl
26 | AVoRUSD8eMrG1eEyInrC2JZPYyWtoiACEwk0m/heyWqD/e5Nzv+wSbg=
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd-client-ca.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDRjCCAi6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBUMS0wKwYDVQQKEyQyMGE4
 3 | NjY4NC1jNWIyLTQyOTQtOTkyMy1iYzYwODFhZTVhM2ExETAPBgNVBAsTCGJvb3Rr
 4 | dWJlMRAwDgYDVQQDEwdrdWJlLWNhMB4XDTE3MTExNTEyNTMzNFoXDTI3MTExMzEy
 5 | NTMzNFowVDEtMCsGA1UEChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgx
 6 | YWU1YTNhMREwDwYDVQQLEwhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTCCASIw
 7 | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkJljZnrxgbx1epmm5JXCMmETvY
 8 | C7J4iqVhsQsQ80ejreyZvtctCIdvY+zVUCGID5DrgEn+9fKWbFTA9WZmrWpPkKTO
 9 | yu97PTaeCp3Vzc62HExq+Wa3z8UKMcSSqzQNdsWPL35JShv9cDs68AGOpVxZb8zf
10 | AqDJwU8+Gu4baC5Qqy1Dn9q9KiubMqjjDIJ1gw7/nrZp+y9SEz3SxY3LEpbpfa6u
11 | nEez2gqvNwr0C1OzmvBpsSqaQ5ewttdOnHNcbmHjQi7P3EcwUP4p1kW7GLXAFMxQ
12 | My/brH4VNHGXC3P5NOsGovm7MndfhSWXQT+WS58Onql+GZkN6IoD0AKdE/8CAwEA
13 | AaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
14 | AQELBQADggEBAKixXXktzO+5SNd2ff+MMqoSr3vpEWawSRQ6PkAQJnA+xD3GHN1E
15 | XDRTcavCL8ssSB1ghgdEvaw+4KUrzo1eRNF7BZxGmreuGdpSkfaFI60Rzs44qIxZ
16 | mtzZKxg4SbiVluRgYwBt37+O8j0VYYfIEy5dVAT18v1a/LObb/FuIrUMsj24u9Mn
17 | CoIm6RyipDBueTynJ+EgCNfHRrlMdJcM0hCEsWTzT1iT9jT5mi72NtLc/ZhYJwrV
18 | Raa9rw5Hpal8AHgEvd90WAMWt4AQptFZGE3Fgnz4Ypgjhav+2Mv0/pBFPiQjK/lU
19 | fFZqa/BPFbTHiaL3B4hO3yojVdWsEsN5DWs=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd-client.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDNTCCAh2gAwIBAgIIHD0I0PgnsuEwDQYJKoZIhvcNAQELBQAwVDEtMCsGA1UE
 3 | ChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgxYWU1YTNhMREwDwYDVQQL
 4 | Ewhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTAeFw0xNzExMTUxMjUzMzRaFw0x
 5 | ODExMTUxMjUzMzdaMC4xDTALBgNVBAoTBGV0Y2QxHTAbBgNVBAMTFG9wZXJhdG9y
 6 | IGV0Y2QgY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYAC
 7 | xDC41zcK4tNdq8nRvEuElcpkggEG3UaFFjQ2hRGQ+7PkCPYGw8iass1ankLU40kk
 8 | j1S6w44PhYFEp0mofyaVTi7Lvd67WwMOEOUQQg+/2fGSK/0wP3vweChKsHA4H6Pm
 9 | nhqSkgV/Gtc8GvT2Uw09HxT/UlYwoBB6S3WTOdvo2oznBMMBJ25yykUxBB4DDWAj
10 | aTvdGfpoea2Bet+abjWBrk+OYTOLWPqVpW9oxoxUH91MLi818OnIzs9UAMq1KexP
11 | Bn1N0CvFIZwEpmQSl0FovDgJ0h32IFXBISvTY7GmriX8CvVDPrOqWytmBNaVgK7F
12 | XAaRgbxlQcPHTTn8mQIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
13 | FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBk2c5PZyZo
14 | 5hiblBuqP/mgj44lZ8nrLzboiQeAvCTdjoFzU46+/Mo/tHQIdVupCAdFeih/LruQ
15 | 42b+A0foQNmoihYHPgVmBqtdvb7Yj8Mm6jyOvZ0FaH7Y8Nzdq1uMsV0ysYzYfLQs
16 | dpwx0dYXM5kMBS3EQt8ICPJ27Ch1RfuT7OfAPUC7O2Oe9irCXcR4ijSdBGAojzlx
17 | ov/l44F0+5JNor136FdFZfo71airfh4Qn/BX2LjSjefsRk5LgFnD2R3QXahl9wTg
18 | bOh2u54U3W28IrQ+/FimDppHzOzxnh2E7tE9b+Bt9LZFb2W9HdfxClq+bDE4T32Y
19 | 3pYRHPQQX/pq
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd-client.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpAIBAAKCAQEAtYACxDC41zcK4tNdq8nRvEuElcpkggEG3UaFFjQ2hRGQ+7Pk
 3 | CPYGw8iass1ankLU40kkj1S6w44PhYFEp0mofyaVTi7Lvd67WwMOEOUQQg+/2fGS
 4 | K/0wP3vweChKsHA4H6PmnhqSkgV/Gtc8GvT2Uw09HxT/UlYwoBB6S3WTOdvo2ozn
 5 | BMMBJ25yykUxBB4DDWAjaTvdGfpoea2Bet+abjWBrk+OYTOLWPqVpW9oxoxUH91M
 6 | Li818OnIzs9UAMq1KexPBn1N0CvFIZwEpmQSl0FovDgJ0h32IFXBISvTY7GmriX8
 7 | CvVDPrOqWytmBNaVgK7FXAaRgbxlQcPHTTn8mQIDAQABAoIBAQCzZHtXfvCzh2vz
 8 | FgcXrLro6Zt6kjkVZf5q5zDT6XeZvusWXY+ea83z5WtCH0bZ9iSFId5I7O5MKzWc
 9 | N1CsKFmqk3AvfoFSgbudET/t4vpW0UpHGEXpxK7TkKT1np10FvbiDxX6XzlPqq8e
10 | 0G5QFp8BJ6yp9A8ISrh0/NRjkSqbm9w0e7tXpqqKIG8sEojCS5OkX5TW4iNb13ws
11 | 8MHc+7d3thuE4Y6tTTrsopbCVtPfjuhF2daUukoO9BoP1TCjlZfCb8/EIFGaa6xA
12 | EbY+TdkI/1Uqp7Q7K519XUim/Fq0oYfahIh0ON5WVbT5wyYtu+KUspQYhJn36Urn
13 | uEan2QCBAoGBAMNRYxTscA3G6jhdDVF0NGaytR4ePBYoaEog5OMJUcQ4eCegFLGf
14 | uA36XxWNytjoeOsCtDpY5L+2Ygm742WRzhCOE9ZSsDm047SE6n/jeqPGWtpNK5/K
15 | VLd7NbeCOyrAj7phIWQS0p2xtfiLOvlHC1vGpheEkq4z/2xR1XHii5XlAoGBAO3j
16 | nmxvIqnVZDof0F92yrKk5CWsqsBHz0vzv71HWvrG3qGfta3PQHXmkZ9flIoWiDwa
17 | x+TpXS8F5VPgv7q8vT0IUvIYPzEmxOSGEGAN7AcuY7vkAsaHhJoz9Uy546hZSngw
18 | QtXG3xJg3qpiayksUUdh/iXIbpkc+PAk0CVsEuClAoGAHAeI/Y60wfVi1XXdHGxd
19 | vMM2pLzYCKIB3Wl9D2vd9RfZfm5Fqfvu0Oq2TISNsLUj7S31KU5qfWyyAw2Yo5Ha
20 | DZwmEqLJMW7ZIqXUdUfy6J/ll+BtO0AxCie/XLduwELkHW4k+ZSN7x16rNFmRDHC
21 | 2ofWfBeFaUSDCktwIyjMuVUCgYBb3iRHIeAUEDmFjNWumDSNKsqElhrW6KRwY3Bv
22 | i0fiQrylVAUYW0o8fc9M6d92OF9iPsFlcI2w5Cj87HV+ivbVxAosPhrhQ2SUEAXw
23 | 4k99MngHjnVX7+vQlTIs8DivwdPVeGXHIubwtQIocJuLqfa1h21bb/zuGlc0fjL3
24 | 0LW1lQKBgQCMG+I6+ORWywE8woG/kn9QpDo7GVbkPtuJxmONTyEGoSoYfYl2rj1D
25 | nZTEErQ94Q1+ypmgSJ4+v25bc3F+UtmW3i1KW7M4CBcN9tQPWz1vSJVBzeRSOMT+
26 | XpS2AOUIzx1v/cYlKp6vdXwVBvzf8RO8CjbiNhJQXvfjp/ydvJn0Ew==
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/peer-ca.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDRjCCAi6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBUMS0wKwYDVQQKEyQyMGE4
 3 | NjY4NC1jNWIyLTQyOTQtOTkyMy1iYzYwODFhZTVhM2ExETAPBgNVBAsTCGJvb3Rr
 4 | dWJlMRAwDgYDVQQDEwdrdWJlLWNhMB4XDTE3MTExNTEyNTMzNFoXDTI3MTExMzEy
 5 | NTMzNFowVDEtMCsGA1UEChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgx
 6 | YWU1YTNhMREwDwYDVQQLEwhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTCCASIw
 7 | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkJljZnrxgbx1epmm5JXCMmETvY
 8 | C7J4iqVhsQsQ80ejreyZvtctCIdvY+zVUCGID5DrgEn+9fKWbFTA9WZmrWpPkKTO
 9 | yu97PTaeCp3Vzc62HExq+Wa3z8UKMcSSqzQNdsWPL35JShv9cDs68AGOpVxZb8zf
10 | AqDJwU8+Gu4baC5Qqy1Dn9q9KiubMqjjDIJ1gw7/nrZp+y9SEz3SxY3LEpbpfa6u
11 | nEez2gqvNwr0C1OzmvBpsSqaQ5ewttdOnHNcbmHjQi7P3EcwUP4p1kW7GLXAFMxQ
12 | My/brH4VNHGXC3P5NOsGovm7MndfhSWXQT+WS58Onql+GZkN6IoD0AKdE/8CAwEA
13 | AaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
14 | AQELBQADggEBAKixXXktzO+5SNd2ff+MMqoSr3vpEWawSRQ6PkAQJnA+xD3GHN1E
15 | XDRTcavCL8ssSB1ghgdEvaw+4KUrzo1eRNF7BZxGmreuGdpSkfaFI60Rzs44qIxZ
16 | mtzZKxg4SbiVluRgYwBt37+O8j0VYYfIEy5dVAT18v1a/LObb/FuIrUMsj24u9Mn
17 | CoIm6RyipDBueTynJ+EgCNfHRrlMdJcM0hCEsWTzT1iT9jT5mi72NtLc/ZhYJwrV
18 | Raa9rw5Hpal8AHgEvd90WAMWt4AQptFZGE3Fgnz4Ypgjhav+2Mv0/pBFPiQjK/lU
19 | fFZqa/BPFbTHiaL3B4hO3yojVdWsEsN5DWs=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/peer.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDnzCCAoegAwIBAgIIKEuN0QTsqHcwDQYJKoZIhvcNAQELBQAwVDEtMCsGA1UE
 3 | ChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgxYWU1YTNhMREwDwYDVQQL
 4 | Ewhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTAeFw0xNzExMTUxMjUzMzRaFw0x
 5 | ODExMTUxMjUzMzZaMCoxDTALBgNVBAoTBGV0Y2QxGTAXBgNVBAMTEGV0Y2QgbWVt
 6 | YmVyIHBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaNum0EKA/
 7 | 8NlsOXndcS7rkZjtkGVunJbD3isg8wG2GUGZ9F/b1MF/8zyuE93xcARHFTEaLkWE
 8 | BBBGVGpHuKd7QZXIGZ3OJfaMbm4hJC9EPQyau0Le1BhTY2oIjANzkCNl4N+PHntu
 9 | hxlS2sZt+6Vxamj4cDWfGf5mhsp8+NdQKwlPGo51I6D56CRWe6wNPU7RA3HugO5F
10 | ncLn8bybQmAKRbW7mtA3TuesAXtg3i+QSuFoJMwBBtcoC2GHoMfDovR9XnBPsmcY
11 | p0of/+29EekvU//8Qsn+aU5MK1IR0PtPAxRpcN+XrRS3KGQC+zZlm0M7CMdWmLgT
12 | fBQJABQkb3alAgMBAAGjgZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
13 | CCsGAQUFBwMBBggrBgEFBQcDAjBqBgNVHREEYzBhgikqLmt1YmUtZXRjZC5rdWJl
14 | LXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIIua3ViZS1ldGNkLWNsaWVudC5rdWJl
15 | LXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcECgMAFDANBgkqhkiG9w0BAQsFAAOC
16 | AQEAeqE8E2oR1nmLaDn9Nid0tIRBItSFD+niNFWCBpVGS4FkuZz+YEmkiZnK/R96
17 | Vlz4N/TvY1RH7t5y2G2ngJ1jVQeCpJ7xPydf6M1FJdewuzaCwuhXmmTLQ5Ai1Xqv
18 | RhlGW67rtBe+a5hQaKXvTe+9Z4fOUOoovgwJEZHxLIvmqDLEc603sbQKpngYVYhK
19 | K9CEqvaAyEdNps1lzj85Iu6QcXLCUrUCjlG8l/NVVI/xlZksQJBg8igHjEVrBL2v
20 | DJVpvmxVp5FYQA1u8rCq0JJreUcI7BcRKp0n9JNKZgza/8npnWE+yNh9vv7sS0m/
21 | eEtFC+5V0wFeTTpIUp6+brjngg==
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/peer.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEAmjbptBCgP/DZbDl53XEu65GY7ZBlbpyWw94rIPMBthlBmfRf
 3 | 29TBf/M8rhPd8XAERxUxGi5FhAQQRlRqR7ine0GVyBmdziX2jG5uISQvRD0MmrtC
 4 | 3tQYU2NqCIwDc5AjZeDfjx57bocZUtrGbfulcWpo+HA1nxn+ZobKfPjXUCsJTxqO
 5 | dSOg+egkVnusDT1O0QNx7oDuRZ3C5/G8m0JgCkW1u5rQN07nrAF7YN4vkErhaCTM
 6 | AQbXKAthh6DHw6L0fV5wT7JnGKdKH//tvRHpL1P//ELJ/mlOTCtSEdD7TwMUaXDf
 7 | l60UtyhkAvs2ZZtDOwjHVpi4E3wUCQAUJG92pQIDAQABAoIBABQkeAH86fFwE/X+
 8 | y9wQnIBIVCEzaww3h7mtmxSCqQaP5fGl6Z9c+qkrrBFQpvySFPzz16YDxTCpFzcY
 9 | b4lOpRGET3wDXIlAjCNriRbrEwFmt+695s4UBdlecssK/qhpezYjWQ/oe1bEbppT
10 | 2Pckl0dpDqzkexx82K2rjWclWXou8O6N0VAgJ5oPq6Mod6lmdvOGRvuvKX30WqsS
11 | 9YHF3MJVdTcCvgeO35Us9BmaiOStaG6QJ1APpC6wNnZoi0rbcn807yJCjD0eYRfV
12 | 9e/Nh1vAVKD7FaN4YSWzZo+hz3h77b2vDRieP5nnFv9eQgBwHrtIs0fq1zVj2qAu
13 | 3m5Zf0ECgYEAwyB1f6DGRaFJgPEKgwNLS9Yj9cWDqGjtrHRnMwJS0xa0c9twIv+6
14 | 0xHkbCpr9qs9nZ8E9X32N7n0Z0vpLfziVao+YdkkSq/emmAd2w2BBQtk8uv11Dr7
15 | WMsMSKRxbg+uHwwl2llacnFPonv+eyR3fxi8JTJfOBkmvGRBozua3ScCgYEAylMM
16 | az4SAB/wSsnOJSerLrQjHlCFfe7veI/YCbH026jauKaCF52XseixHlQngDcqij8O
17 | 6h/OdlQeesDFbSx47ICZpXSXP1mh+yrbcMdjOBRkRfdtTOT779HaPnNX7Cl1T4Or
18 | WyUZ7K0A7GZKr88xMGnaUEx5pUtZK4AX9n7YBVMCgYAxz6VvEUHMIKI88kt2qm6c
19 | S2wen28+nJqfvY9irCMsk805DjmQFaxBmX2wRxwMeiZeiGuhp6glDalgfTZncPju
20 | WWlXXTEwh7jRu9ujQc0/1mrMwIOey/fB8QOPv7rdF8+hSV6YYNsAAAEOP4z1Lpf6
21 | r/vHmxZHodQLn6RJ4TtlXQKBgEu0K29tODsHuFejjxjj8O92w7UyF+D5KG2KFSH7
22 | jk0qrzxsQT0o4HvXP37DqkwVWDuGQMRlxlEMRKNVwgmJnG2R6Ou55mXz2eIrNRTL
23 | 5lozdxme7SzaeVJQyUKY0gsxsA1ijRl7lmmyiifqVoPWGOeuk9t74gBxYxodwdmf
24 | uKC1AoGBAKkYSImilEP7tmQgzNMkM4R1Arrm5wzdAVLQ792CLsSxRFKktbxQJ2AW
25 | Yk/iHGJrolmJ6wydpQhx2HfyV2ufaUFrAivgmzuJ5PGA4/BLL4G7auBPCxW7KkIc
26 | yQ2b5/WH/rTsuu5S6Sfi73/HffJLYYc7PwibpaYweii3JBmC9ked
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/server-ca.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDRjCCAi6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBUMS0wKwYDVQQKEyQyMGE4
 3 | NjY4NC1jNWIyLTQyOTQtOTkyMy1iYzYwODFhZTVhM2ExETAPBgNVBAsTCGJvb3Rr
 4 | dWJlMRAwDgYDVQQDEwdrdWJlLWNhMB4XDTE3MTExNTEyNTMzNFoXDTI3MTExMzEy
 5 | NTMzNFowVDEtMCsGA1UEChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgx
 6 | YWU1YTNhMREwDwYDVQQLEwhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTCCASIw
 7 | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkJljZnrxgbx1epmm5JXCMmETvY
 8 | C7J4iqVhsQsQ80ejreyZvtctCIdvY+zVUCGID5DrgEn+9fKWbFTA9WZmrWpPkKTO
 9 | yu97PTaeCp3Vzc62HExq+Wa3z8UKMcSSqzQNdsWPL35JShv9cDs68AGOpVxZb8zf
10 | AqDJwU8+Gu4baC5Qqy1Dn9q9KiubMqjjDIJ1gw7/nrZp+y9SEz3SxY3LEpbpfa6u
11 | nEez2gqvNwr0C1OzmvBpsSqaQ5ewttdOnHNcbmHjQi7P3EcwUP4p1kW7GLXAFMxQ
12 | My/brH4VNHGXC3P5NOsGovm7MndfhSWXQT+WS58Onql+GZkN6IoD0AKdE/8CAwEA
13 | AaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
14 | AQELBQADggEBAKixXXktzO+5SNd2ff+MMqoSr3vpEWawSRQ6PkAQJnA+xD3GHN1E
15 | XDRTcavCL8ssSB1ghgdEvaw+4KUrzo1eRNF7BZxGmreuGdpSkfaFI60Rzs44qIxZ
16 | mtzZKxg4SbiVluRgYwBt37+O8j0VYYfIEy5dVAT18v1a/LObb/FuIrUMsj24u9Mn
17 | CoIm6RyipDBueTynJ+EgCNfHRrlMdJcM0hCEsWTzT1iT9jT5mi72NtLc/ZhYJwrV
18 | Raa9rw5Hpal8AHgEvd90WAMWt4AQptFZGE3Fgnz4Ypgjhav+2Mv0/pBFPiQjK/lU
19 | fFZqa/BPFbTHiaL3B4hO3yojVdWsEsN5DWs=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/server.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDuTCCAqGgAwIBAgIIQFjKZOCYgtIwDQYJKoZIhvcNAQELBQAwVDEtMCsGA1UE
 3 | ChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgxYWU1YTNhMREwDwYDVQQL
 4 | Ewhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTAeFw0xNzExMTUxMjUzMzRaFw0x
 5 | ODExMTUxMjUzMzZaMCwxDTALBgNVBAoTBGV0Y2QxGzAZBgNVBAMTEmV0Y2QgbWVt
 6 | YmVyIGNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkgvEB2
 7 | zTate2RTDGjnATPvqM3+nrqm4UzYm/B9A+wrsUCCBiI4fE0CjererHwH09mLb9HY
 8 | wv+sHBnejRKxR0Gwi78UmAYY1pDksZcw1EjZ8SkF5BQYYqq87hQtIOkOMl7XL04s
 9 | F3YPI/2ozp2Bgg5hp8HjCG9INYW9Xp+2qWJ+icwO8x5wSHV6gns26s9mfDXwjSC8
10 | r7VE2m6q8431EfmbJVTHT2XKmC1hPmNINJR1vJ68EP0xUKApBWxXVdBnyqX7YSke
11 | XtHiUwUh+8h+Os7gcwTw5TLNVkjC8qpyob7I0LTwxQI5NdE+IhqOBm9DcaFSFWqX
12 | /Q7qREdIxVmjoo8CAwEAAaOBtjCBszAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
13 | FAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGBBgNVHREEejB4gglsb2NhbGhvc3SCKSou
14 | a3ViZS1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2Fsgi5rdWJlLWV0
15 | Y2QtY2xpZW50Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKAwAPhwQK
16 | AwAUhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAtQE6YtkRLYdScUalO4vpeIdLI
17 | Olm+Di0HoBAdeK7IdD/m2D5dxSRBjhkuvx2+ZP4OWt7pKjQ+yvX5RVCbevRBRQcy
18 | /VEX3ye6QfhB3N8kq5MV2sZ5ST/uTfpWmVvRDxMfXQ096CuiGh6p6jD77kMbo5Vx
19 | 3ViggjzcarqZ1AX+i/U2psp+dR2IMeG7VdOwFviniB2XJDb5OPKZyGgPpWEDUvgp
20 | wmIu6eBm9kd9Mxpjf2NvZ4x01n4VcmwgfSN025nxcbSUspCllnDNgnmnjX8LYe2W
21 | cDp1A9VxTMvbpwkI2F7DKTVlaXbd6evDXIfoZjqWFzvfpHiikzckCMTw8AKj
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/basetemplates/tls/etcd/server.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpQIBAAKCAQEAySC8QHbNNq17ZFMMaOcBM++ozf6euqbhTNib8H0D7CuxQIIG
 3 | Ijh8TQKN6t6sfAfT2Ytv0djC/6wcGd6NErFHQbCLvxSYBhjWkOSxlzDUSNnxKQXk
 4 | FBhiqrzuFC0g6Q4yXtcvTiwXdg8j/ajOnYGCDmGnweMIb0g1hb1en7apYn6JzA7z
 5 | HnBIdXqCezbqz2Z8NfCNILyvtUTabqrzjfUR+ZslVMdPZcqYLWE+Y0g0lHW8nrwQ
 6 | /TFQoCkFbFdV0GfKpfthKR5e0eJTBSH7yH46zuBzBPDlMs1WSMLyqnKhvsjQtPDF
 7 | Ajk10T4iGo4Gb0NxoVIVapf9DupER0jFWaOijwIDAQABAoIBAQCP73ppk9u2tp5o
 8 | pLpr1G3a8jdW/FIx972i1h17FKya9oXKSYMEOHJUVnCj1imQNbXZqN0kS0D54fzW
 9 | UpuY9f+tth+8ZouJSXs8hD3Hmm1BmZ7pocqgyvbJg53KGKXFw6AumUbEZe+AUMOM
10 | A6Ohuo4Nprt8mPJvWTjcdjJikEFWNzxemPGF01/ju4tIZwkm6gbP6DzdXa2WNqr9
11 | y5gkrWHBr6FpWGaMfIhIReq5V6DNRVnu+BiOtYFo8FDJO3/OIUsoqb7mKLbxh/Z8
12 | YiThALQl5H/UveZ5E1CoSY7r734sosGPkZukn3bKVE1rjdcn9oLCRtLuJCbzEXqx
13 | +h5HIdeZAoGBAM89gaRup8Y4rfw9EvSP81Ywu/ZwQkx3nWZmLxmvwzw0qqGVIaJG
14 | fOnkjjybXAK5FPQsunXXNOlXTl4mxKw+/29Oq+5IljrH/19s+YehwNiJRf1RrYmj
15 | viA9jwNdtFz8VEM0Ic70iGz5kZQsSFLtxQGozdM3eXEvzGazj59ZVrCrAoGBAPhz
16 | EVUL/a9jVQq/tT+BCSvqaQtQTiMuyMfSMTm1d6ZdENrFQP4wjR5VaPaHq8ZpJrjM
17 | 0keX/N9J2VmyAYwy6bTGj+Ls+pWisqEKgvTaF1Bot/PXIvYglDncfVCpjzkNArrI
18 | ksVwx7I9onrRCUHraJ8/Dn0y3id8lLt7Yrss4L2tAoGACb7wu9TgWvgLZpNQsuOa
19 | I/GCxWIeHA57/nbLvD+BxPENHTAwNrtt4Gn5Lmx39UDS9XCtDCGkwVxzuQXFtfv4
20 | czmV6EzNk9IX9lrfmTtIIGbEPdd7e7+Rj16VvSjI9J6BL+/hryPczpMl/3vdoti/
21 | rQZNN6OiOGpxCFtlY68F3qUCgYEAnBb+7qWn7gbEKQqkfo89CeAturPrQ2NjNVcz
22 | IgSGdXjG3AtNd+Vc44/Zb/lwzCjH8RaNjflJH6ev7BBPtJtQBQky4OjtzhD3lQGb
23 | oOVb/GKuH34sMuHo/ikuefztRHSOIHde7riaXbsnV235GPcjNdlR6wqIU9qLPvaX
24 | 4uyhDckCgYEAj2PYKjfFF6Itlnbu9K/Di4ENZQFJvMzhKIKk5wLz9McA2PGFGYLc
25 | NODzwwHxzUKxf9NRDQFHzKR+FXDgbbmNyFwoTIoMYf6NDhVDB/gynxJMKqX001ek
26 | T6SIMfP3KqbkNli2LdcInWZhERve/qmwsolOoWkxTYdQlDPX2eXXJtM=
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/kubelet.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDMjCCAhqgAwIBAgIIPanqRXyDbBIwDQYJKoZIhvcNAQELBQAwVDEtMCsGA1UE
 3 | ChMkMjBhODY2ODQtYzViMi00Mjk0LTk5MjMtYmM2MDgxYWU1YTNhMREwDwYDVQQL
 4 | Ewhib290a3ViZTEQMA4GA1UEAxMHa3ViZS1jYTAeFw0xNzExMTUxMjUzMzRaFw0x
 5 | ODExMTUxMjUzMzVaMCsxFzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMRAwDgYDVQQD
 6 | EwdrdWJlbGV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ATRx7B1
 7 | FaeV9oWg0NYEtWe1ksfMVh6/x11mVH2gvc8y5OAOUacWVVecUrvnU6wjJupsTxAS
 8 | 4OXnQqQ0xpzKxDf4UiNMgQzXpa3eN1ZxhjIS4spQU6ZuFNLBYKKfJqXnkyz7D7VR
 9 | WQ2ad1X89+WTULi+653uVDL9N+XaNezxPq88KkIvlP1rvJc5KIhCDs14ioLx26oi
10 | E24QI699iCYznQhce7n+nd/8L+6IfoRr044qazGOBLBhwCiwcrpq3EHjZM2bet1o
11 | +/7p9mYJJCa4RfJRf64v1WIuMuvlk5x8UQMMpto1XLU8BOvhGT0JcP9Tok/2s9g/
12 | J3YtXHeMmKAl+wIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
13 | KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA8APXDL1HJbuH7
14 | cuUDbxlHf2v/YSHo89v0WtnuGGR119Naw/se8slwS7Y3KmuejJVJjsl0rm951BRW
15 | IZQD9LiyHGsl4ZjPWwn+Jf5Nd71T5CAfAgOHKns28BYoWKTbJeyiyg2fONfb+oV0
16 | 9qjahe7iFs5EOWsTLKe3V5mcAELHrqGYaIKERs8ik8SU6ptWdjl2AjrIZx3TJTf6
17 | XMn1JPDb6m4Dfow5HgiEq+k41x1ie3GAKBWnUrdjBb5oqUt3atji4klEvCW3vTlx
18 | M99wI2LbslqP6R1Uk4bIvXInch1g4l6AP2Yxc9IOrXTdyQjAlVHgnGUPQNGNfA+D
19 | rYX8pv4z
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/basetemplates/tls/kubelet.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEA3ATRx7B1FaeV9oWg0NYEtWe1ksfMVh6/x11mVH2gvc8y5OAO
 3 | UacWVVecUrvnU6wjJupsTxAS4OXnQqQ0xpzKxDf4UiNMgQzXpa3eN1ZxhjIS4spQ
 4 | U6ZuFNLBYKKfJqXnkyz7D7VRWQ2ad1X89+WTULi+653uVDL9N+XaNezxPq88KkIv
 5 | lP1rvJc5KIhCDs14ioLx26oiE24QI699iCYznQhce7n+nd/8L+6IfoRr044qazGO
 6 | BLBhwCiwcrpq3EHjZM2bet1o+/7p9mYJJCa4RfJRf64v1WIuMuvlk5x8UQMMpto1
 7 | XLU8BOvhGT0JcP9Tok/2s9g/J3YtXHeMmKAl+wIDAQABAoIBAQDb5r09FrKPaCZM
 8 | dJac46tlHDiwcZ1bXfRT8Jf8TmvACj1V4FKvbY620Y/eaQv15xBjLt39z5Tuzxnq
 9 | 03AkKkXHBCHfBoTKXumSIEr/iBiDBb02ivrqAGf5zAOW8DKdUCg6QzTTKGgb16rR
10 | J1Jk+kHY5i18FSdFZIkNu1/zkdQ0ztmQi3t+nifGK3u5cNjTBEnoqNqv68cjdUjg
11 | FzLOdZwXITI79CbgwQgkIKIqe/Sx1JoBNp+ei4JFCewhrGdFQ2tZkijPlyGv2qgj
12 | NjS/rOBUtQkqqBLsY8NhZrD1zr9R7c2jbSrS+ZCcD0EkTJVHxkiisTrpl35DFTm+
13 | n0F2YoDhAoGBAPJ0GRppT07HU1D/zlJiJfqTjNxDcXfWeTBXZdfagaXtwUapKz1v
14 | 36aD1OI2EpmXhPLDYfubMtlNRk3FqcBM+DKg16LUr9iuyCmHMP/orUg0A+BIPjk5
15 | 4REB34YloW47nj2C0WIV0bkdEZxtmdvqAECby4zCVJRAARLAVe6qMUqjAoGBAOhP
16 | 1HHj5O3Yrtp3++QrQzG34vG0rfrCai0LK+zVb2wUEy+Q06N/JzPwdfQ/rokeigDs
17 | uhi6KR5sQVAdAP+I6CcysytlKvyun1hVg0ep4noDqy5o30nQF2liAM2IGtEsoMWJ
18 | h3/Zqp3Dy52F4nBZg3gy+nQEB7iWsuP9B3xgVgTJAoGAJbGxGW8X+mp45JXwsNQ7
19 | jVqVQsVlhbkdfEuKNOXu1CpDq0WvyEx1XAEQ/t5jQ+fPrqJ7wE9ft3MRJBRAEPqm
20 | d9CT1ef1Mt3xlqtDDfZRwnD7zUnOCr2Z5TgCVWvSTj4MmwmUnghAY+RGEajki9E0
21 | mtbd7ZNk7OuKfyzR71occbsCgYA3xPpWQQRzSOJpFgbFdtFRvThhGCPwH/4HRDhO
22 | ScrO4l7cu2LjTCIoKODYOvV2e3tbz3i5eO9oG0rupZfYwJAi4Nv8XfQc5vrf5N94
23 | M8Nn0TumD40TFj6YkOtqa/MsJg+OfH6n5aQ87YUTEtIScJrMH0ja0yDbYmodq1/B
24 | rwrXaQKBgH40Lggb6bzlbJngkkn2i9FIFeYZIBVR7LUNSa1vrNPNWr7EtFhvo9FO
25 | Fe3i+f9XdD4s0juI/x7Scz4yOkE7OP8ukAW+nbwFOOin+FXCbM3dqIxU/wPCAcZj
26 | BupBo7RvNFgEwrZ6mU0pzvdtLmBBDeIngjhB7olUoZUV1FgyInwa
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/service-account.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpAIBAAKCAQEA73X2AS+mikLt+O9g+uDxKa0wgQSWOPbn1+/yJywvvOYARifF
 3 | QMFhP5/4oNuff4xacZjVC+fth0wYmlKHCtecpsb8xHgVPXKyTqCAXC8pteTy265c
 4 | 53ov/qopOgZjZA/IGnpwQNyLRvEra31DBkvVjvdAQZV/SnVhhtGS2NLRElmGXJEa
 5 | Digd8gE2HHHDdNAT/sbhNErjpWAgxob7KoKTZTbTjNmOIr2hOAZStpnbL7GazrnG
 6 | ns4VtSjOXR2DdMBqQHK6JyntWu72qH3GWk9KnEnXnaNuG2sAYicOIOQbRm8IMtdN
 7 | DHZiyA2HUGKRE9g5K6sZqhtBThxrsT+ZRAKe8QIDAQABAoIBABI0/uJyNBB5LEzs
 8 | LoyEw/FuSKzWo3FrXI9voBLYajzLpCOxbG8TBQjoaegZKtRw4IOYokJIfSf3YjuB
 9 | oODzKecIZDmwA7VrXiFaVMgtkddRtCF97XRwNuv/FiliSPZXuNhCjPxxiGl5dtqy
10 | aIE3DOLU697Qth/8MtEkaCzyQpFJdaSApte4L1Xgah2xcQZmmhxA8Qtk6f/nhIVw
11 | Ma7JTrJ9DixSMtmqjdaocJAEjkwhRMUH98Da9Rhc4BgfrbDQP0UDZQviRxP41m/d
12 | zrRapBEymjfgqZj0UWo9WSVhb7YkeKdQ5bvFpWGSYBfreUlLRRp6ThpkZsndJZNo
13 | usBQnv0CgYEA/D+9wbsCU3gZ6KCrnkhxflal1+DDJ9RlUqgk2J5o57ZomJZzXTsT
14 | JcV7OiYYynw+2Ak9v5tXnGkNL3XSI4K5sQeqyZjTrY2TJ3al2jIhWQOnzjEaS9eT
15 | tU2vxfjlVbgEnqfhUYAHUE0+jfDlwO8W9t8QuWMP/8wN46vKuKQi5O8CgYEA8wWJ
16 | p++8eFMuC8UOmRUq0vRDflcuEIrgyaa/EMXLZvQ5uTjb4bEwIhiSbmNW+SLZ0tYX
17 | jLMTh1uFlUvl0QwTkBvSrIWJAmWI5TLBcUKrykBjY8RxoZdURNW/5+TetYyOigXE
18 | 9/glpmBPyaF5kNylzfLUmulcrOs5Wu/qNX5Beh8CgYEArA1aA7LnkkFAAsDcbfjh
19 | mJfHRKjk09z2Q1u2zh22Vh2/2Bv+kh/CHqhFNdNYY3w9bSNYf8GYD3JD8RQ/AcOf
20 | npUpM5pO/3iqX2d5FovM3Sc2JNivI/3lnOthMfpjioUaeZDuiaV215noSe5+94rc
21 | sgRSJvDfr8zhyGGbwzcJKfcCgYEAn82ZamP7xAe2dKjc448GvPdAVpjPQrOAAznx
22 | 0/6stQON3Z1lAXD5XMJZr9sE+wiOwdRkYfHzuoNVQQpKkf9l8dJJ44ZfxMKtlUGd
23 | 8HNN8c4LTTSFICQZlrYT3lIinLFTnbETh5eWcmRMsyLKhJaDNP0kDsW7Wj3HVmQC
24 | 17AxMDMCgYBPHFRbS/Ut4yrtC3YAaMPndU4KWoFQEOoA6ApZp4Hb/vl+PbxrKmX9
25 | FoQ6BepLVOSe+aZsYHZzzaDMCmDd7AbwXHNOzwk5sLPmIsN8BWxDICOJyrtrVSGR
26 | HKrY0VCgGIahRKEPQ+X9KA/SVQri7EPwdFbIW4upfWWhT0pbY0GEig==
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/basetemplates/tls/service-account.pub:
--------------------------------------------------------------------------------
 1 | -----BEGIN PUBLIC KEY-----
 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73X2AS+mikLt+O9g+uDx
 3 | Ka0wgQSWOPbn1+/yJywvvOYARifFQMFhP5/4oNuff4xacZjVC+fth0wYmlKHCtec
 4 | psb8xHgVPXKyTqCAXC8pteTy265c53ov/qopOgZjZA/IGnpwQNyLRvEra31DBkvV
 5 | jvdAQZV/SnVhhtGS2NLRElmGXJEaDigd8gE2HHHDdNAT/sbhNErjpWAgxob7KoKT
 6 | ZTbTjNmOIr2hOAZStpnbL7GazrnGns4VtSjOXR2DdMBqQHK6JyntWu72qH3GWk9K
 7 | nEnXnaNuG2sAYicOIOQbRm8IMtdNDHZiyA2HUGKRE9g5K6sZqhtBThxrsT+ZRAKe
 8 | 8QIDAQAB
 9 | -----END PUBLIC KEY-----
10 | 


--------------------------------------------------------------------------------
/bin/apply:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/bastion:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/ec:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/k:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/ka:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/kd:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/ks:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/kurl:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/lbaas:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/migrate:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/n:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/os/os_debug:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | export TF_LOG=DEBUG
16 | export OS_DEBUG=1
17 | "$@"
18 | 


--------------------------------------------------------------------------------
/bin/plan:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/prepare:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/recreate:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/roll:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/tf:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/update:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/bin/utils/render_images:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 4 | #
 5 | # Licensed under the Apache License, Version 2.0 (the "License");
 6 | # you may not use this file except in compliance with the License.
 7 | # You may obtain a copy of the License at
 8 | #
 9 | #      http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | 
17 | set -e
18 | 
19 | ROOT="$(dirname "$0")/../../../"
20 | IMAGES_FILE=$ROOT/images_list
21 | IMAGES_FILE_UNIQUE=$ROOT/images_list_unique
22 | 
23 | # Clear file if exists
24 | if [ -s "$IMAGES_FILE" ]
25 | then 
26 |    rm $IMAGES_FILE
27 | fi
28 | 
29 | # Grep all images from generated manifests
30 | grep -R "image: " $ROOT/gen/ | grep -v "gen/tmp" | grep -v ".zip" | while read -r line ; do
31 |     echo "${line#*image:}" | sed -e 's/^[ \t]*//' >> $IMAGES_FILE
32 | done
33 | 
34 | # Keep only unique value
35 | sort -u $IMAGES_FILE > $IMAGES_FILE_UNIQUE
36 | mv $IMAGES_FILE_UNIQUE $IMAGES_FILE


--------------------------------------------------------------------------------
/bin/worker:
--------------------------------------------------------------------------------
1 | master


--------------------------------------------------------------------------------
/docs/azure.md:
--------------------------------------------------------------------------------
 1 | ### Azure Deployment of Kubernetes
 2 | 
 3 | The azure variant for kubernetes is deployed into a predefined azure tenant and subscription.
 4 | So far, it uses the AWS route53 service for providing DNS names.
 5 | 
 6 | 
 7 | #### Configuration Settings
 8 | 
 9 | |Name|Meaning|Optional|
10 | |--|--|--|
11 | |az_client_id|Azure client id|required|
12 | |az_client_secret|Azure client secreat|required|
13 | |az_tenant_id|Azure tenant id|required|
14 | |az_subscription_id|Azure subscription id|required|
15 | |az_region|Azure region name|required|
16 | 
17 | #### Image Handling
18 | 
19 | On azure the given image names are quadrupel (<publisher>/<offer>/<sku>/<version>).
20 | 


--------------------------------------------------------------------------------
/docs/etcd_migration.md:
--------------------------------------------------------------------------------
 1 | ### Migrating a self-hosted Etcd Cluster to Static Etcds
 2 | 
 3 | The etcd mode is selecting in the configuartion by the `selfhosted_etcd` parameter. Setting it to `false` will enable the static etcd mode. This is simply possible for new clusters. Existing clusters must explicitly be migrated. Unfortunately this migration cannot be done just by switching the value for this parameter.
 4 | 
 5 | The migration is only possible using a cluster recovery. The following steps
 6 | must be performed:
 7 | 
 8 | - Save the latest etcd backup file somewhere near the terraform project
 9 | - Set the following parameters in `terraform.tfvars`:
10 | 
11 | |Name|Value|
12 | |---|---|
13 | |selfhosted_etcd|false|
14 | |recover_cluster|true|
15 | |recover_redeploy|true|
16 | |etcd_backup_file|"file path of the backup file"|
17 | 
18 | - Because of a misbehaving terraform the terraform state must be adapted manually before applying the changes:
19 | 
20 |   -  remove a used resource for `module.instance.module.seed.null_resource.manifests`: `template_dir.bootkube-self`.
21 |   
22 |   This can be done with the following terraform command from the landscape folder
23 | 
24 | ```bash
25 | $ terraform state rm module.instance.module.seed.template_dir.bootkube-self
26 | ```
27 | 
28 | - Now the changes can be applied by `terraform apply variant` 
29 | 
30 | - Afterwards the recovery options must be removed again.
31 | 


--------------------------------------------------------------------------------
/docs/kubify.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/docs/kubify.png


--------------------------------------------------------------------------------
/docs/kubify@20x.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/docs/kubify@20x.png


--------------------------------------------------------------------------------
/docs/kubify@2x.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/docs/kubify@2x.png


--------------------------------------------------------------------------------
/docs/manifests/etcdctl.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: etcdctl
 5 | spec:
 6 |   containers:
 7 |   - image: quay.io/coreos/etcd:v3.2
 8 |     name: etcdctl
 9 |     command:
10 |     - sleep
11 |     - "10000000"
12 |     volumeMounts:
13 |     - mountPath: /tls
14 |       name: etcd-tls
15 |   volumes:
16 |   - name: etcd-tls
17 |     secret:
18 |       secretName: etcd-client-tls


--------------------------------------------------------------------------------
/docs/presentations/Static-ETCD-Setup.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/docs/presentations/Static-ETCD-Setup.pptx


--------------------------------------------------------------------------------
/modules/access/aws/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "secret_key" {
16 |   type = "string"
17 |   default = ""
18 | }
19 | variable "access_key" {
20 |   type = "string"
21 |   default = ""
22 | }
23 | variable "region" {
24 |   type = "string"
25 |   default = ""
26 | }
27 | 


--------------------------------------------------------------------------------
/modules/access/azure/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "client_id" {
16 |   default = ""
17 | }
18 | variable "client_secret" {
19 |   default = ""
20 | }
21 | variable "tenant_id" {
22 |   default = ""
23 | }
24 | variable "subscription_id" {
25 |   default = ""
26 | }
27 | variable "region" {
28 |   default = ""
29 | }
30 | 


--------------------------------------------------------------------------------
/modules/access/node_config/create.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | COPYRIGHT='#
 3 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 4 | #
 5 | # Licensed under the Apache License, Version 2.0 (the "License");
 6 | # you may not use this file except in compliance with the License.
 7 | # You may obtain a copy of the License at
 8 | #
 9 | #      http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | '
17 | 
18 | header="$COPYRIGHT
19 | 
20 | ##############################################################################
21 | # node config handling
22 | # generated by create.sh based on local variables.tf
23 | ##############################################################################"
24 | 
25 | variable="node_config"
26 | locals=X
27 | 
28 | cd "$(dirname "$0")"
29 | source ../create.sh
30 | 


--------------------------------------------------------------------------------
/modules/access/node_config/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "count" {
16 |   type = "string"
17 |   default = ""
18 | }
19 | 
20 | variable "image_name" {
21 |   type = "string"
22 |   default = ""
23 | }
24 | 
25 | variable "flavor_name" {
26 |   type = "string"
27 |   default = ""
28 | }
29 | 
30 | variable "user_name" {
31 |   type = "string"
32 |   default = ""
33 | }
34 | 
35 | variable "update_mode" {
36 |   type = "string"
37 |   default = ""
38 | }
39 | 
40 | variable "generation" {
41 |   type = "string"
42 |   default = ""
43 | }
44 | 
45 | variable "assign_fips" {
46 |   type = "string"
47 |   default = ""
48 | }
49 | 
50 | variable "root_volume_size" {
51 |   type = "string"
52 |   default = ""
53 | }
54 | 
55 | variable "volume_size" {
56 |   type = "string"
57 |   default = ""
58 | }
59 | 


--------------------------------------------------------------------------------
/modules/b64var/variable.tf:
--------------------------------------------------------------------------------
 1 | # Copyright 2017 The Gardener Authors.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 | }
18 | 
19 | variable "default" {
20 |   default = ""
21 | }
22 | 
23 | output "value" {
24 |   value = "${length(var.value) == 0 ? var.default : var.value}"
25 | }
26 | 
27 | output "b64" {
28 |   value = "${base64encode(length(var.value) == 0 ? var.default : var.value)}"
29 | }
30 | 
31 | 


--------------------------------------------------------------------------------
/modules/cfgvar/cfgvar.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "default" {
17 |   default =""
18 | }
19 | 
20 | variable "name" {
21 | }
22 | 
23 | variable "config" {
24 |   type = "map"
25 | }
26 | 
27 | module "value" {
28 |   source = "../variable"
29 |   value = "${lookup(var.config,var.name,var.default)}"
30 |   default = "${var.default}"
31 | }
32 | 
33 | output "value" {
34 |   value = "${module.value.value}"
35 | }
36 | 


--------------------------------------------------------------------------------
/modules/cluster/templates/cluster-info:
--------------------------------------------------------------------------------
 1 | CLUSTER_NAME=${cluster_name}
 2 | CLUSTER_DOMAIN=${cluster_domain}
 3 | BOOTSTRAP_ETCD_SERVICE_IP=${bootstrap_etcd_service_ip}
 4 | ETCD_SERVICE_IP=${etcd_service_ip}
 5 | DNS_SERVICE_IP=${dns_service_ip}
 6 | API_SERVICE_IP=${api_service_ip}
 7 | SERVICE_CIDR=${service_cidr}
 8 | POD_CIDR=${service_cidr}
 9 | API_DNS_NAME=${api_dns_name}
10 | 


--------------------------------------------------------------------------------
/modules/condlist/condlist.tf:
--------------------------------------------------------------------------------
 1 | # Copyright 2017 The Gardener Authors.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "if" {
16 |   type = "string"
17 | }
18 | 
19 | variable "then" {
20 |   type = "list"
21 | }
22 | variable "else" {
23 |   type = "list"
24 | }
25 | 
26 | module "case" {
27 |   source = "../flag"
28 |   option = "${var.if}"
29 | }
30 | 
31 | locals {
32 |   select= {
33 |      "true" = "${var.then}"
34 |      "false" = "${var.else}"
35 |   }
36 | }
37 | 
38 | 
39 | output "value" {
40 |   value = "${local.select[module.case.value]}"
41 | }
42 | 


--------------------------------------------------------------------------------
/modules/condmap/condmap.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "if" {
16 |   type = "string"
17 | }
18 | 
19 | variable "then" {
20 |   type = "map"
21 | }
22 | variable "else" {
23 |   type = "map"
24 | }
25 | 
26 | module "case" {
27 |   source = "../flag"
28 |   option = "${var.if}"
29 | }
30 | 
31 | locals {
32 |   select= {
33 |      "true" = "${var.then}"
34 |      "false" = "${var.else}"
35 |   }
36 | }
37 | 
38 | 
39 | output "value" {
40 |   value = "${local.select[module.case.value]}"
41 | }
42 | 


--------------------------------------------------------------------------------
/modules/defaults/defaults.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "values" {
17 |   type = "list"
18 | }
19 | 
20 | variable "optional" {
21 |   default=false
22 | }
23 | 
24 | locals {
25 |   options = {
26 |     optional = [ "" ]
27 |     non_optional = []
28 |   }
29 | }
30 | 
31 | output "value" {
32 |   value = "${element(concat(compact(concat(var.values,list(""))),local.options[var.optional ? "optional" : "non_optional"]),0)}"
33 | }
34 | 


--------------------------------------------------------------------------------
/modules/faketls/faketls.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "private_key_pem" {
16 |   type = "string"
17 | }
18 | variable "cert_pem" {
19 |   type = "string"
20 | }
21 | variable "ca_cert" {
22 |   type = "string"
23 | }
24 | variable "ca_key" {
25 |   type = "string"
26 | }
27 | variable "file_base" {
28 |   type = "string"
29 | }
30 | resource "local_file" "cert" {
31 |   content = "${var.cert_pem}"
32 |   filename = "${var.file_base}.crt"
33 | }
34 | resource "local_file" "api_key" {
35 |   content = "${var.private_key_pem}"
36 |   filename = "${var.file_base}.key"
37 | }
38 | 
39 | output "private_key_pem" {
40 |   value = "${var.private_key_pem}"
41 | }
42 | output "cert_pem" {
43 |   value = "${var.cert_pem}"
44 | }
45 | output "ca_cert" {
46 |   value = "${var.ca_cert}"
47 | }
48 | output "ca_key" {
49 |   value = "${var.ca_key}"
50 | }
51 | output "private_key_pem_b64" {
52 |   value = "${base64encode(var.private_key_pem)}"
53 | }
54 | output "cert_pem_b64" {
55 |   value = "${base64encode(var.cert_pem)}"
56 | }
57 | output "ca_cert_b64" {
58 |   value = "${base64encode(var.ca_cert)}"
59 | }
60 | output "ca_key_b64" {
61 |   value = "${base64encode(var.ca_key)}"
62 | }
63 | 


--------------------------------------------------------------------------------
/modules/file/file.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "path" {
16 |   type = "string"
17 | }
18 | 
19 | variable "default" {
20 |   default = ""
21 | }
22 | 
23 | variable "prefix" {
24 |   default = ""
25 | }
26 | 
27 | variable "suffix" {
28 |   default = ""
29 | }
30 | 
31 | variable "indent" {
32 |   default = 0
33 | }
34 | 
35 | module "content" {
36 |   source = "../b64var"
37 |   value = "${file(var.path == "" ? "${path.module}/resources/empty" : var.path)}"
38 |   default = "${var.default}"
39 | }
40 | 
41 | locals {
42 |   content = "${module.content.value == "" ? "" : "${var.prefix}${module.content.value}${var.suffix}"}"
43 | }
44 | 
45 | output "content" {
46 |   value = "${local.content}"
47 | }
48 | 
49 | output "b64" {
50 |   value = "${module.content.b64}"
51 | }
52 | 
53 | output "indented" {
54 |   value = "${indent(var.indent,local.content)}"
55 | }
56 | 


--------------------------------------------------------------------------------
/modules/file/resources/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/modules/file/resources/empty


--------------------------------------------------------------------------------
/modules/flag/flag.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "option" {
17 |   type = "string"
18 |   default = "off"
19 | }
20 | 
21 | variable "on" {
22 |   type = "string"
23 |   default = "true"
24 | }
25 | 
26 | variable "off" {
27 |   type = "string"
28 |   default = "false"
29 | }
30 | 
31 | variable "map" {
32 |   type = "map"
33 |   default = {}
34 | }
35 | 
36 | module "values" {
37 |   source = "../mapvar"
38 | 
39 |   value = "${merge(var.map, map("true", var.on, "1", var.on, "yes", var.on, "false", var.off, "0", var.off, "no", var.off))}"
40 | }
41 | 
42 | output "value" {
43 |   value = "${lookup(module.values.value, var.option)}"
44 | }
45 | 
46 | output "flag" {
47 |   value = "${lookup(module.values.value, var.option) == var.on ? 1 : 0}"
48 | }
49 | 
50 | output "if_active" {
51 |   value = "${lookup(module.values.value, var.option) == var.on ? 1 : 0}"
52 | }
53 | output "if_not_active" {
54 |   value = "${lookup(module.values.value, var.option) == var.on ? 0 : 1}"
55 | }
56 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/azure-meta:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | curl -H Metadata:true  "http://169.254.169.254/metadata/instance?api-version=2017-04-02&format=json"
4 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/bootstrap.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | mkdir -p /etc/kubernetes/bootstrap-secrets
 4 | cp -r /opt/bootkube/assets/tls/. /etc/kubernetes/bootstrap-secrets/.
 5 | 
 6 | mkdir -p /etc/kubernetes/manifests/
 7 | cp -r /opt/bootkube/assets/bootstrap-manifests/* /etc/kubernetes/manifests/
 8 | 
 9 | 
10 | 
11 | 
12 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/busybox:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | 
5 | kubectl delete pod busybox || true
6 | kubectl run -it busybox --image busybox --restart=Never /bin/sh
7 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/cleanup_etcd:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | d()
 4 | {
 5 |   if [ $# -gt 1 ]; then
 6 |     docker "$@"
 7 |   fi
 8 | }
 9 | 
10 | sudo rm -f /etc/kubernetes/manifests/kube-etcd.yaml
11 | d kill $(docker ps -q)
12 | d rm $(docker ps -aq)
13 | sudo rm -Rf /var/etcd/kube-system-kube-etcd-00*
14 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/complete-cluster:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | DIR="$(dirname "$0")"
 4 | BOOT=/opt/bootkube/assets
 5 | echo finalizing cluster setup
 6 | 
 7 | source "$(dirname "$0")"/source_me
 8 | 
 9 | TMP="/tmp/pods$$" 
10 | MSG="waiting for bootstrap control plane to be deleted..."
11 | while true; do
12 |   if ks get pods >"$TMP"; then
13 |     if ! grep bootstrap <"$TMP" >/dev/null; then
14 |       break
15 |     fi
16 |   else
17 |     echo "api server no reachable"
18 |   fi
19 |   if [ -n "$MSG" ]; then
20 |     echo "$MSG"
21 |     MSG=
22 |   fi
23 |   sleep 10
24 | done
25 | rm -f "$TMP"
26 | if [ -z "$MSG" ]; then
27 |   echo "bootstrap control plane deleted"
28 | fi
29 | 
30 | "$DIR/completeetcd.sh"
31 | 
32 | if [ -d "$BOOT/addons" ]; then
33 |   for d in "$BOOT/addons"/*; do
34 |     if [ -d "$d" ]; then
35 |        if [ -x "$d/deploy" ]; then
36 |          echo "deploying addon $(basename "$d") with handler ..."
37 |          ( cd "$d"
38 |            ./deploy
39 |          )
40 |        else
41 |          echo "deploying addon $(basename "$d") from manifests ..."
42 |          for f in "$d/manifests"/*.{yaml,yml}; do
43 |            if [ -f "$f" ]; then
44 |              kubectl apply -f "$f"
45 |            fi
46 |          done
47 |        fi
48 |     fi
49 |   done
50 | fi
51 | echo "cluster setup done"
52 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/complete.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | 
5 | for f in kube-system-rbac-role-binding kube-proxy kube-dns-svc kube-dns-deployment kube-flannel-rbac kube-flannel-cfg kube-flannel pod-checkpointer; do
6 |   kubectl create -f /opt/bootkube/assets/manifests/$f.yaml || true
7 | done
8 | kubectl create -f /opt/bootkube/assets/etcd/bootstrap-etcd-service.json
9 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/completeetcd.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | ETCD=kube-etcd-0000.kube-etcd.kube-system.svc.cluster.local
 4 | BOOT=/opt/bootkube/assets
 5 | BACKUP="$BOOT/etcd/backup.json"
 6 | 
 7 | check()
 8 | {
 9 |   MSG="$1"
10 |   shift
11 |   while ! "$@" >/dev/null 2>&1; do
12 |     if [ -n "$MSG" ]; then
13 |       echo "waiting for $MSG..."
14 |       MSG=
15 |     fi
16 |     sleep 5
17 |   done
18 | }
19 | 
20 | source "$(dirname "$0")"/source_me
21 | 
22 | if [ -f "$BOOT/cluster-info" ]; then
23 |   source "$BOOT/cluster-info"
24 | fi
25 | if [ -z "$DNS_SERVICE_IP" ]; then
26 |   DNS_SERVICE_IP=10.241.0.10
27 | fi
28 | 
29 | 
30 | if [ -f "$BOOT/manifests/kube-etcd-svc.yaml" ]; then
31 |   echo "applying etcd service"
32 |   ks apply -f "$BOOT/manifests/kube-etcd-svc.yaml"
33 | fi
34 | 
35 | check "etcd dns resolution" nslookup kube-etcd-0000.kube-etcd.kube-system.svc.cluster.local $DNS_SERVICE_IP
36 | IP="$(dig +short @$DNS_SERVICE_IP kube-etcd-0000.kube-etcd.kube-system.svc.cluster.local)"
37 | echo "IP for etcd 0 is $IP"
38 | 
39 | check "etcd kube proxy access for $IP" wget  -O - http://$IP:2380
40 | echo "etcd now reachable"
41 | 
42 | ks delete storageclass etcd-backup-gce-pd 2>/dev/null|| true
43 | 
44 | n=0
45 | while [ $n -eq 0 ]; do
46 |   n="$(ks get nodes | grep master | wc -l)"
47 |   sleep 5
48 | done
49 | if [ $(( $n / 2  * 2)) == $n ]; then
50 |   echo "invalid master count ($n)"
51 |   n=1
52 | fi
53 | 
54 | if ks get EtcdCluster kube-etcd >/dev/null; then
55 |   echo "scaling etcd cluster"
56 |   ks patch EtcdCluster kube-etcd --type merge -p '{ "spec": { "size": '$n' } }'
57 | 
58 |   if [ -f "$BACKUP" ]; then
59 |     echo "configure etcd cluster backup"
60 |     ks patch EtcdCluster kube-etcd --type merge -p "$(cat "$BACKUP")"
61 |   else
62 |     echo "no etcd cluster backup configured"
63 |   fi
64 | else
65 |   echo "no self hosting etcd enabled"
66 | fi
67 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/ctlp.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | 
5 | for f in kube-apiserver-secret kube-apiserver kube-controller-manager-disruption kube-controller-manager-secret kube-controller-manager kube-scheduler-disruption kube-scheduler; do
6 |   kubectl create -f /opt/bootkube/assets/manifests/$f.yaml || true
7 | done
8 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/ec:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | if [ -f /opt/bootkube/assets/cluster-info ]; then
 4 |   source /opt/bootkube/assets/cluster-info
 5 | fi
 6 | if [ -z "$BOOTSTRAP_ETCD_SERVICE_IP" ]; then
 7 |   BOOTSTRAP_ETCD_SERVICE_IP=10.241.0.20
 8 | fi
 9 | if [ -z "$ETCD_SERVICE_IP" ]; then
10 |   ETCD_SERVICE_IP=10.241.0.15
11 | fi
12 | 
13 | 
14 | case "$1" in
15 |   S) endpoint="--endpoints https://localhost:2379"  // static etcd
16 |      shift;;
17 |   B) endpoint="--endpoints https://localhost:12379"  // bootstrap etcd
18 |      shift;;
19 |   BS) endpoint="--endpoints https://$BOOTSTRAP_ETCD_SERVICE_IP:12379" // bootstrap etcd service 
20 |      shift;;
21 |   C) endpoint="--endpoints https://$ETCD_SERVICE_IP:2379" // etcd cluster service ip
22 |      shift;;
23 | esac
24 | 
25 | echo docker run --net="host" -it --rm -v /opt/bootkube/assets/tls:/tls quay.io/coreos/etcd:v3.2 /bin/sh -c "export ETCDCTL_API=3 && /usr/local/bin/etcdctl --cert /tls/etcd-client.crt --key /tls/etcd-client.key --cacert /tls/ca.crt $endpoint $*"
26 | docker run --net="host" -it --rm -v /opt/bootkube/assets/tls:/tls quay.io/coreos/etcd:v3.2 /bin/sh -c "export ETCDCTL_API=3 && /usr/local/bin/etcdctl --cert /tls/etcd-client.crt --key /tls/etcd-client.key --cacert /tls/ca.crt $endpoint $*"
27 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/etcd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | kubectl create -f /opt/bootkube/assets/etcd/migrate-etcd-cluster.json
5 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/ks:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | kubectl -n kube-system "$@" 
5 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/operator.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | for f in etcd-client-tls etcd-peer-tls etcd-server-tls etcd-service etcd-operator; do
5 |   kubectl create -f /opt/bootkube/assets/manifests/$f.yaml || true
6 | done
7 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/source_me:
--------------------------------------------------------------------------------
1 | export KUBECONFIG=/etc/kubernetes/kubeconfig
2 | export PATH=$PATH:/opt/bin:/opt/bootkube/bin
3 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/wdocker.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash -e
2 | 
3 | watch docker ps
4 | 


--------------------------------------------------------------------------------
/modules/instance/resources/bin/wpods.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | 
3 | source "$(dirname "$0")"/source_me
4 | watch kubectl get pods --all-namespaces -o wide
5 | 


--------------------------------------------------------------------------------
/modules/instance/roll.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | ###########################################
16 | # state handling
17 | #
18 | 
19 | resource "local_file" "state" {
20 |   content     = <<EOF
21 | {
22 |   "worker_state": ${jsonencode(module.worker.state)},
23 |   "master_state": ${jsonencode(module.master.state)},
24 |   "recovery_version": "${module.recovery_version.value}"
25 | }
26 | EOF
27 | 
28 |   filename = "${path.cwd}/state.auto.tfvars"
29 | }
30 | 
31 | output "master_roll_info" {
32 |   value = "${module.master.info}"
33 | }
34 | output "worker_roll_info" {
35 |   value = "${module.worker.info}"
36 | }
37 | 
38 | resource "local_file" "rollinfo" {
39 |   content     = <<EOF
40 |   {
41 |     "master": ${jsonencode(module.master.info)}
42 |     "worker": ${jsonencode(module.worker.info)}
43 |     "recovery": "${module.recovery_version.value}"
44 |   }
45 | EOF
46 |   filename = "${path.cwd}/rollinfo"
47 | }
48 | 
49 | 


--------------------------------------------------------------------------------
/modules/instance/sshkey.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | resource "local_file" "private_key" {
16 |   content     = "${module.iaas.private_key}"
17 |   filename = "${module.cluster.gen_dir}/nodes_privatekey.pem"
18 | }
19 | 
20 | resource "null_resource" "set_private_key_mode" {
21 |   provisioner "local-exec" {
22 |     command = "chmod 0600 ${local_file.private_key.filename}"
23 |   }
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/modules/instance/version.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "versions" {
16 |   type = "map"
17 | }
18 | 
19 | module "versions" {
20 |   source = "../versions"
21 |   versions = "${var.versions}"
22 | }
23 | 
24 | 
25 | 
26 | module "structure_version" {
27 |   source = "../variable"
28 |   value = 9
29 | }
30 | 
31 | output "structure-version" {
32 |   value = "${module.structure_version.value}"
33 | }
34 | 
35 | resource "local_file" "version" {
36 |   content = <<EOF
37 | ${module.structure_version.value}
38 | EOF
39 |   filename = "${path.cwd}/structure-version"
40 | }
41 | 
42 | 


--------------------------------------------------------------------------------
/modules/listvar/variable.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 |   type = "list"
18 | }
19 | 
20 | output "value" {
21 |   value = "${var.value}"
22 | }
23 | 
24 | output "length" {
25 |   value = "${length(var.value)}"
26 | }
27 | 


--------------------------------------------------------------------------------
/modules/map/image.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 | }
18 | 
19 | variable "default" {
20 |   default = ""
21 | }
22 | 
23 | variable "map" {
24 |   type = "map"
25 | }
26 | 
27 | output "value" {
28 |   value = "${length(var.value) == 0 ? lookup(var.map,var.default,var.default) : lookup(var.map,var.value,var.value)}"
29 | }
30 | 


--------------------------------------------------------------------------------
/modules/mapvar/variable.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 |   type = "map"
18 |   default = { }
19 | }
20 | 
21 | output "value" {
22 |   value = "${var.value}"
23 | }
24 | 


--------------------------------------------------------------------------------
/modules/nodes/mount_point/mount.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "device" {
16 |   type = "string"
17 | }
18 | variable "path" {
19 |   type = "string"
20 | }
21 | variable "use" {
22 |   default = 1
23 | }
24 | 
25 | # in replace a "/" leads to a syntax highlighting error in vi
26 | variable "slash" {
27 |   default = "/"
28 | }
29 | 
30 | data "template_file" "mount" {
31 |   template = "${file("${path.module}/templates/volume.mount")}"
32 |   
33 |   vars {
34 |     name = "${substr(replace(var.path, var.slash, "-" ),1,-1)}"
35 |     path = "${var.path}"
36 |     device = "${var.device}"
37 |   }
38 | }
39 | 
40 | output "entry" {
41 |   value = "${var.use ? data.template_file.mount.rendered : ""}"
42 | }
43 | 


--------------------------------------------------------------------------------
/modules/nodes/mount_point/templates/volume.mount:
--------------------------------------------------------------------------------
 1 |   - name: ${name}.mount
 2 |     enable: true
 3 |     content: |
 4 |       [Unit]
 5 |       After=volume.service
 6 |       Requires=volume.service
 7 |       [Mount]
 8 |       What=${device}
 9 |       Where=${path}
10 |       Type=ext4
11 |       [Install]
12 |       WantedBy=multi-user.target
13 | 


--------------------------------------------------------------------------------
/modules/nodes/path_entry/entry.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "path" {
17 |   type = "string"
18 | }
19 | 
20 | variable "permissions" {
21 |   default = "0644"
22 | }
23 | 
24 | variable "content" {
25 |   default = ""
26 | }
27 | 
28 | variable "omit_empty" {
29 |   default = false
30 | }
31 | 
32 | data "template_file" "entry" {
33 |   template = "${file("${path.module}/templates/path")}"
34 | 
35 |   vars {
36 |     path = "${var.path}"
37 |     permissions = "${var.permissions}"
38 |     content = "${base64encode(var.content)}"
39 |   }
40 | }
41 | 
42 | locals {
43 |   entry = "${var.content == "" && var.omit_empty ? "" : data.template_file.entry.rendered}"
44 | }
45 | 
46 | output "entry" {
47 |   value = "${local.entry}"
48 | }
49 | 
50 | output "if_active" {
51 |   value = "${length(local.entry) > 0 ? 1 : 0}"
52 | }
53 | output "if_not_active" {
54 |   value = "${length(local.entry) == 0 ? 1 : 0}"
55 | }
56 | 
57 | 


--------------------------------------------------------------------------------
/modules/nodes/path_entry/templates/path:
--------------------------------------------------------------------------------
1 | - path: ${path}
2 |   permissions: ${permissions}
3 |   encoding: b64
4 |   content: "${content}"
5 | 


--------------------------------------------------------------------------------
/modules/nodes/resources/setup_kubeenv:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | mkdir -p /opt/cni /etc/cni /opt/bin
 4 | mkdir -p /var/lib/kubelet /etc/kubernetes/manifests
 5 | for f in /var/kubernetes/*.conf /var/kubernetes/kubelet.env; do
 6 |   # TODO: why not copy kubelet settings on each reboot?
 7 |   #if [ ! -f "/etc/kubernetes/$(basename "$f")" ]; then
 8 |     cp "$f" /etc/kubernetes
 9 |   #fi
10 | done
11 | if [ ! -f /etc/kubernetes/kubeconfig ]; then
12 |   ln /etc/kubernetes/kubelet.conf /etc/kubernetes/kubeconfig
13 | fi
14 | if [ ! -x /opt/bin/kubectl ]; then
15 |   while ! curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /opt/bin/kubectl || [ $(ls -s /opt/bin/kubectl | cut -f 1 -d " ") -le 1000 ]; do
16 |     sleep 5
17 |     echo "retrying download kubectl"
18 |   done
19 |   chmod +x /opt/bin/kubectl
20 | fi
21 | 


--------------------------------------------------------------------------------
/modules/nodes/resources/setup_volume:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | DEV=${1:-/dev/vdb}
 3 | TARGET=${2:-/var/etcd}
 4 | FSTYPE=ext4
 5 | 
 6 | if [ ! -b $DEV ]; then
 7 |   echo "volume device $DEV not found or no block device"
 8 |   exit 1
 9 | fi
10 | if [ ! -b ${DEV}2 ]; then
11 |   echo "file system device ${DEV}2 not found"
12 |   if [ -b ${DEV}1 ]; then
13 |     echo "OOPS - invalid partitioning of ${DEV} found"
14 |     if [ -f /etc/kubernetes/init_bootkube.done ]; then
15 |       echo "kubernetes already bootstrapped and ${DEV}1 found"
16 |       echo "no repair poissible"
17 |       exit 0
18 |     fi
19 |     echo "${DEV} already partinioned with one partition, but kubernetes not bootstrapped"
20 |     echo "trying to repartition ${DEV}"
21 |     while umount ${DEV}1; do
22 |       echo ${DEV}1 unmounted
23 |     done
24 |     echo -e "d\nw\nq\n" | fdisk $DEV
25 |     echo "partion deleted"
26 |   fi
27 | 
28 |   echo "preparing volume"
29 |   echo -e "n\np\n\n\n+2G\n\nn\np\n\n\n\nw\nw\nq\n" | fdisk $DEV
30 |   mkfs -t ext4 -v ${DEV}1
31 |   mkfs -t ext4 -v ${DEV}2
32 |   echo "block device ready"
33 | else
34 |   echo "file system device found"
35 | fi
36 | 
37 | for i in "$TARGET" "${@:2}"; do
38 |   if [ -d "$i" ]; then
39 |     echo "$i folder found"
40 |   else
41 |     mkdir -p "$i"
42 |     chown root:root "$i"
43 |     echo "$i folder created"
44 |   fi
45 | done
46 | 


--------------------------------------------------------------------------------
/modules/nodes/resources/updatecacerts.service:
--------------------------------------------------------------------------------
 1 |   - name: updatecacerts.service
 2 |     command: start
 3 |     content: |
 4 |       [Unit]
 5 |       Description=Update CA bundle at /etc/ssl/certs/ca-certificates.crt
 6 |       # Since other services depend on the certificate store run this early
 7 |       DefaultDependencies=no
 8 |       Wants=systemd-tmpfiles-setup.service clean-ca-certificates.service
 9 |       After=systemd-tmpfiles-setup.service clean-ca-certificates.service
10 |       Before=sysinit.target
11 |       ConditionPathIsReadWrite=/etc/ssl/certs
12 |       #ConditionPathExists=/etc/ssl/certs/ROOTcerts.pem
13 |       # Do nothing if update-ca-certificates has never been run before
14 |       [Service]
15 |       Type=oneshot
16 |       ExecStart=/usr/sbin/update-ca-certificates
17 | 


--------------------------------------------------------------------------------
/modules/nodes/templates/bootkube.service:
--------------------------------------------------------------------------------
 1 |   - name: bootkube.path
 2 |     command: start
 3 |     content: |
 4 |       [Unit]
 5 |       Description=Bootkube Configuration Trigger
 6 |       After=bootstrap.service
 7 |       [Path]
 8 |       DirectoryNotEmpty=${assets_inst_dir}
 9 |   - name: bootkube.service
10 |     content: |
11 |       [Unit]
12 |       RequiresMountsFor=/etc/kubernetes/manifests
13 |       RequiresMountsFor=/var/etcd
14 |       After=bootstrap.service
15 |       Description=Bootstrap a Kubernetes cluster
16 |       ConditionPathExists=!${bootkube_done_dir}/init_bootkube.done
17 |       ConditionPathExists=${assets_inst_dir}
18 |       [Service]
19 |       Type=oneshot
20 |       RemainAfterExit=true
21 |       WorkingDirectory=${assets_inst_dir}
22 |       User=root
23 |       Group=root
24 |       ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests/.
25 |       ExecStart=/usr/bin/rkt run \
26 |         --insecure-options=image \
27 |         --trust-keys-from-https \
28 |         --volume assets,kind=host,source=${assets_inst_dir} \
29 |         --mount volume=assets,target=/assets \
30 |         --volume etc-kubernetes,kind=host,source=/etc/kubernetes \
31 |         --mount volume=etc-kubernetes,target=/etc/kubernetes \
32 |         ${bootkube_image} \
33 |         --net=host \
34 |         --dns=host \
35 |         --exec=/bootkube -- start --asset-dir=/assets
36 |       ExecStartPost=/bin/touch ${bootkube_done_dir}/init_bootkube.done
37 |       ExecStartPost=${bootkube_inst_dir}/bin/complete-cluster
38 |       [Install]
39 |       WantedBy=multi-user.target
40 | 


--------------------------------------------------------------------------------
/modules/nodes/templates/cloud-init-wrapper:
--------------------------------------------------------------------------------
 1 | #cloud-config 
 2 | coreos: 
 3 |   units: 
 4 |     - name: extra-cloudinit.service 
 5 |       command: start 
 6 |       content: | 
 7 |         [Unit]
 8 |         ConditionPathExists=/opt/data/cloud-init
 9 |         [Service] 
10 |         Type=oneshot 
11 |         RemainAfterExit=yes 
12 |         ExecStart=/usr/bin/coreos-cloudinit --from-file=/opt/data/cloud-init 
13 | write_files:
14 | - path: /opt/data/cloud-init
15 |   permissions: 0644
16 |   encoding: gz+b64
17 |   content: "${cloud_init_gzb64}"
18 | 


--------------------------------------------------------------------------------
/modules/nodes/templates/volume.service:
--------------------------------------------------------------------------------
 1 |   - name: volume.path
 2 |     command: start
 3 |     content: |
 4 |       [Unit]
 5 |       Description=Data Volume Trigger
 6 |       [Path]
 7 |       PathExists=${device}
 8 |   - name: volume.service
 9 |     content: |
10 |       [Unit]
11 |       Description=Prepare Volume
12 |       ConditionPathExists=${device}
13 |       [Service]
14 |       Type=oneshot
15 |       RemainAfterExit=true
16 |       ExecStart=/bin/sh /opt/bin/setup_volume "${device}" "${path}"
17 | 


--------------------------------------------------------------------------------
/modules/optrsc/optrsc.tf:
--------------------------------------------------------------------------------
 1 | variable "value" {
 2 |   type = "list"
 3 | }
 4 | 
 5 | variable "default" {
 6 |   default = ""
 7 | }
 8 | 
 9 | output "value" {
10 |   value = "${element(concat(var.value,list(var.default)),0)}"
11 | }
12 | 


--------------------------------------------------------------------------------
/modules/roll/list/list.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "size" {
16 | }
17 | variable "leading" {
18 |   type = "string"
19 | }
20 | variable "trailing" {
21 |   type = "string"
22 | }
23 | variable "border" {
24 | }
25 | 
26 | module "l_leading" {
27 |   source = "../../variable"
28 |   value = "${format("%*s",0+var.border,"")}"
29 | }
30 | module "l_trailing" {
31 |   source = "../../variable"
32 |   value = "${format("%*s",0+var.size - var.border,"")}"
33 | }
34 | module "p_leading" {
35 |   source = "../../variable"
36 |   value = "${replace(module.l_leading.value, " ","${var.leading},")}"
37 | }
38 | module "p_trailing" {
39 |   source = "../../variable"
40 |   value = "${replace(module.l_trailing.value, " ","${var.trailing},")}"
41 | }
42 | output "list" {
43 |   value = "${compact(split(",", "${module.p_leading.value}${module.p_trailing.value}"))}"
44 | }
45 | 


--------------------------------------------------------------------------------
/modules/roll/simple_attr/attr.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "size" {
17 | }
18 | variable "border" {
19 | }
20 | variable "trailing" {
21 | }
22 | variable "leading" {
23 | }
24 | 
25 | module "active" {
26 |   source = "../../variable"
27 |   value = "${var.leading != module.trailing.value ? 1 : 0}"
28 | }
29 | 
30 | module "trailing" {
31 |   source = "../../variable"
32 |   value = "${length(var.trailing) > 0? var.trailing : var.leading}"
33 | }
34 | 
35 | module "list" {
36 |   source = "../list"
37 |   size = "${var.size}"
38 |   border = "${var.border}"
39 |   trailing = "${module.trailing.value}"
40 |   leading = "${var.leading}"
41 | }
42 | 
43 | output "info" {
44 |   value = {
45 |     active = "${module.active.value}"
46 |     list = "${module.list.list}"
47 |   }
48 | }
49 | 
50 | output "active" {
51 |   value = "${module.active.value}"
52 | }
53 | output "list" {
54 |   value = "${module.list.list}"
55 | }
56 | output "leading" {
57 |   value = "${var.leading}"
58 | }
59 | output "trailing" {
60 |   value = "${module.trailing.value}"
61 | }
62 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/connectors/github.yaml:
--------------------------------------------------------------------------------
 1 | - type: github
 2 |   # Required field for connector id.
 3 |   id: ${id}
 4 |   # Required field for connector name.
 5 |   name: ${name}
 6 |   config:
 7 |     # Credentials can be string literals or pulled from the environment.
 8 |     clientID: ${client_id}
 9 |     clientSecret: ${client_secret}
10 |     redirectURI: ${redirectURI}
11 |     # Optional organizations and teams, communicated through the "groups" scope.
12 |     #
13 |     # NOTE: This is an EXPERIMENTAL config option and will likely change.
14 |     #
15 |     # Legacy 'org' field. 'org' and 'orgs' cannot be used simultaneously. A user
16 |     # MUST be a member of the following org to authenticate with dex.
17 |     # org: my-organization
18 |     #
19 |     # Dex queries the following organizations for group information if the
20 |     # "groups" scope is provided. Group claims are formatted as "(org):(team)".
21 |     # For example if a user is part of the "engineering" team of the "coreos"
22 |     # org, the group claim would include "coreos:engineering".
23 |     #
24 |     # A user MUST be a member of at least one of the following orgs to
25 |     # authenticate with dex.
26 |     orgs: ${orgs}
27 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/connectors/saml.yaml:
--------------------------------------------------------------------------------
 1 | - type: saml
 2 |   id: ${id}
 3 |   name: ${name}
 4 |   config:
 5 |     redirectURI: ${redirectURI}
 6 | 
 7 |     ssoURL: ${ssoURL}
 8 |     ssoIssuer: ${ssoIssuer}
 9 |     caData: ${ca_crt_b64}
10 |     entityIssuer: ${entityIssuer}
11 | 
12 |     emailAttr: email
13 |     usernameAttr: display_name
14 |     groupsAttr: type
15 |     nameIDPolicyFormat: unspecified
16 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/manifests/10-dex-cm.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ConfigMap
 4 | metadata:
 5 |   name: identity-configmap
 6 |   namespace: ${namespace}
 7 | data:
 8 |   issuer: https://${identity}
 9 |   kubectlClientID: ${kubectl_client_id}
10 |   kubectlSecret: ${kubectl_client_secret}
11 | 
12 |   config.yaml: |
13 |     issuer: https://${identity}
14 |     storage:
15 |       type: kubernetes
16 |       config:
17 |         inCluster: true
18 |     web:
19 |       http: '0.0.0.0:${dex_port}'
20 |       allowedOrigins:
21 |         - '*'
22 |     frontend:
23 |       theme: coreos
24 |       issuer: Kubify Identity
25 |     oauth2:
26 |       skipApprovalScreen: true
27 |       responseTypes:
28 |         - token
29 |         - code
30 |         - id_token
31 |     staticClients:
32 |       - id: gardener
33 |         redirectURIs:
34 |           - 'https://gardener.${ingress}/callback'
35 |           - 'http://localhost:8080/callback'
36 |         name: Gardener UI
37 |         secret: ${gardener_client_secret}
38 |       - id: ${kubectl_client_id}
39 |         public: true
40 |         trustedPeers:
41 |           - gardener
42 |         name: Kubectl
43 |         secret: ${kubectl_client_secret}
44 |     enablePasswordDB: false 
45 |     staticPasswords: []  # https://github.com/coreos/dex/blob/master/examples/k8s/dex.yaml
46 |     connectors: ${connectors}
47 | ${tls_secret}
48 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/manifests/20-dex-svc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   labels:
 6 |     component: identity
 7 |     k8s-app: identity
 8 |   name: identity-service
 9 |   namespace: ${namespace}
10 | spec:
11 |   type: ClusterIP
12 |   sessionAffinity: None
13 |   ports:
14 |   - name: identity
15 |     port: ${dex_port}
16 |     protocol: TCP
17 |     targetPort: ${dex_port}
18 |   selector:
19 |     component: identity
20 |     k8s-app: identity
21 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/manifests/40-dex-ing.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     nginx.ingress.kubernetes.io/ssl-redirect: "true"
 7 |     nginx.ingress.kubernetes.io/use-port-in-redirects: "true"
 8 |     kubernetes.io/tls-acme: "true"
 9 |     kubernetes.io/ingress.class: "nginx"
10 |     external-dns.alpha.kubernetes.io/controller: ${dns-controller}
11 |   name: identity-ingress
12 |   namespace: ${namespace}
13 | spec:
14 |   rules:
15 |   - host: ${identity}
16 |     http:
17 |       paths:
18 |       - backend:
19 |           serviceName: identity-service
20 |           servicePort: ${dex_port}
21 |         path: /
22 |   tls:
23 |   - hosts:
24 |     - ${identity}
25 |     secretName: identity-tls
26 | 


--------------------------------------------------------------------------------
/modules/seed/addons/dex/templates/tls_secret.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: identity-tls
 6 |   namespace: ${namespace}
 7 | type: kubernetes.io/tls
 8 | data:
 9 |   tls.crt: ${tls_crt_b64}
10 |   tls.key: ${tls_key_b64}
11 | 


--------------------------------------------------------------------------------
/modules/seed/addons/external-dns/templates/types/aws/env.yaml:
--------------------------------------------------------------------------------
 1 | env:
 2 | - name: AWS_DEFAULT_REGION
 3 |   value: us-east-1
 4 | - name: AWS_ACCESS_KEY_ID
 5 |   valueFrom:
 6 |     secretKeyRef:
 7 |       name: route53-external-domain
 8 |       key: accessKeyID
 9 | - name: AWS_SECRET_ACCESS_KEY
10 |   valueFrom:
11 |     secretKeyRef:
12 |       name: route53-external-domain
13 |       key: secretAccessKey
14 | 


--------------------------------------------------------------------------------
/modules/seed/addons/external-dns/templates/types/aws/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: route53-external-domain
 5 |   namespace: ${namespace}
 6 | type: Opaque
 7 | data:
 8 |   accessKeyID:     ${access_key_b64}
 9 |   secretAccessKey: ${secret_key_b64}
10 | 


--------------------------------------------------------------------------------
/modules/seed/addons/gardener/templates/manifests/gardener-0-namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: ${namespace}
5 | 


--------------------------------------------------------------------------------
/modules/seed/addons/gardener/templates/route53_domain_secret.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: cluster-domain
 6 |   namespace: ${namespace}
 7 |   labels:
 8 |     garden.sapcloud.io/role: internal-domain
 9 |   annotations:
10 |     dns.garden.sapcloud.io/provider: aws-route53
11 |     dns.garden.sapcloud.io/domain: ${domain}
12 |     dns.garden.sapcloud.io/hostedZoneID: ${hosted_zone_id}
13 | type: Opaque
14 | data:
15 |   accessKeyID:     ${route53_access_key_b64}
16 |   secretAccessKey: ${route53_secret_key_b64}
17 | 


--------------------------------------------------------------------------------
/modules/seed/addons/machine/templates/manifests/10-machine-ns.yaml:
--------------------------------------------------------------------------------
 1 | #
 2 | # namespace
 3 | #
 4 | apiVersion: v1
 5 | kind: Namespace
 6 | metadata:
 7 |   name: ${namespace}
 8 | ---
 9 | #
10 | # service account
11 | #
12 | apiVersion: v1
13 | kind: ServiceAccount
14 | metadata:
15 |   labels:
16 |     app: machine-controller
17 |   name: machine-controller
18 |   namespace: ${namespace}
19 | 


--------------------------------------------------------------------------------
/modules/seed/addons/machine/templates/manifests/40-machine-depl.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: ${deployment_version}
 2 | kind: Deployment
 3 | metadata:
 4 |   name: machine-controller-manager
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   replicas: 1
 8 |   selector:
 9 |     matchLabels:
10 |       app: machine-controller
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: machine-controller
15 |     spec:
16 |       serviceAccountName: machine-controller
17 |       containers:
18 |       - name: machine-controller-manager
19 |         image: eu.gcr.io/gardener-project/gardener/machine-controller-manager:${version}
20 |         imagePullPolicy: IfNotPresent
21 |         command:
22 |           - ./machine-controller-manager
23 |           - --control-kubeconfig=inClusterConfig
24 | #          - --target-kubeconfig=inClusterConfig
25 |           - --namespace=${namespace}
26 |           - --v=2
27 |         resources:
28 |           requests:
29 |             cpu: 5m
30 |             memory: 50Mi
31 | 
32 | 


--------------------------------------------------------------------------------
/modules/seed/addons/machine/templates/manifests/50-machine-cfg.yaml:
--------------------------------------------------------------------------------
1 | ${workerdef}
2 | 


--------------------------------------------------------------------------------
/modules/seed/addons/monitoring/templates/alertmanager-base-config.yaml:
--------------------------------------------------------------------------------
1 | global:
2 |   smtp_smarthost: "${alertmanager_smtp_host}"
3 |   smtp_from: "${alertmanager_smtp_from}"
4 |   smtp_auth_username: "${alertmanager_smtp_username}"
5 |   smtp_auth_password: "${alertmanager_smtp_password}"
6 | 
7 | ${alertmanager_config}


--------------------------------------------------------------------------------
/modules/seed/addons/monitoring/templates/alertmanager-default-config.yaml:
--------------------------------------------------------------------------------
1 | receivers:
2 |   - name: dev-null
3 | route:
4 |   receiver: dev-null
5 |   routes: []
6 |     
7 | 


--------------------------------------------------------------------------------
/modules/seed/backup.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | #
17 | # etcd back up modi
18 | #
19 | 
20 | module "etcd_backup" {
21 |   source = "../value_check"
22 |   value = "${var.etcd_backup["storage_type"]}"
23 |   values = [ "pv", "s3" ]
24 | }
25 | 
26 | module "etcd_backup_spec" {
27 |   source = "../variable"
28 |   value = "${var.gen_dir}/assets/etcd/backup.json"
29 | }
30 | 
31 | module "etcd_backup_id" {
32 |   source = "../variable"
33 |   value = "${module.pv_etcd_backup_id.value},${module.s3_etcd_backup_id.value}"
34 | }
35 | 
36 | 
37 | 


--------------------------------------------------------------------------------
/modules/seed/dns.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | variable "dns" {
 3 |   type = "map"
 4 | }
 5 | 
 6 | locals {
 7 |   dns_type = "${lookup(var.dns,"dns_type", "")}"
 8 | }
 9 | 
10 | 
11 | module "route53_dns" {
12 |   source = "../flag"
13 |   option = "${local.dns_type == "route53"}"
14 | }
15 | 
16 | module "route53_access_info" {
17 |   source = "../lookup_map"
18 |   map = "${var.access_info}"
19 |   key = "route53_dns"
20 | }
21 | module "route53_access" {
22 |   source = "../access/aws"
23 |   access_info = "${module.route53_access_info.value}"
24 | } 
25 | 
26 | module "dns_access_info" {
27 |   source = "../mapvar"
28 |   value = "${merge(module.route53_access_info.value,var.dns)}"
29 | }
30 | 
31 | 


--------------------------------------------------------------------------------
/modules/seed/pv_backup.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "pv_etcd_backup" {
17 |   source = "../flag"
18 |   option = "${module.etcd_backup.value == "pv"}"
19 | }
20 | 
21 | data "template_file" "pv_etcd_backup_spec" {
22 |   count = "${module.pv_etcd_backup.flag}"
23 |   template = "${file("${path.module}/templates/etcd_backup/pv/spec.json")}"
24 |   vars {
25 |   }
26 | }
27 | 
28 | resource "local_file" "pv_etcd_backup_spec" {
29 |   count = "${module.pv_etcd_backup.flag}"
30 |   content  = "{ \"spec\": { \n${data.template_file.pv_etcd_backup_spec.rendered}}}"
31 |   filename = "${module.etcd_backup_spec.value}"
32 | }
33 | 
34 | 
35 | module "pv_etcd_backup_id" {
36 |   source = "../defaults"
37 |   optional  = true
38 |   values = "${formatlist("%s",local_file.pv_etcd_backup_spec.*.id)}"
39 | }
40 | 


--------------------------------------------------------------------------------
/modules/seed/scripts/copy_deploy:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -n "$2" ]; then
 4 |   echo "copying $2 to $1"
 5 |   mkdir -p "$1"
 6 |   cp -f "$2" "$1"
 7 |   chmod a+x "$1/$(basename "$2")"
 8 | else 
 9 |   echo "no deploy command for $(basename "$1")"
10 | fi
11 | 


--------------------------------------------------------------------------------
/modules/seed/scripts/prepare_assets.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -eu
 2 | #
 3 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 4 | #
 5 | # Licensed under the Apache License, Version 2.0 (the "License");
 6 | # you may not use this file except in compliance with the License.
 7 | # You may obtain a copy of the License at
 8 | #
 9 | #      http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | 
17 | #!/bin/bash -e
18 | 
19 | target="$1"
20 | shift
21 | rm -Rf "$target"/manifests
22 | mkdir -p "$target"
23 | 
24 | for i; do
25 |   if [ -d "$i" ]; then
26 |     echo "copying $i..."
27 |     cp -r "$i/." "$target"
28 |   else
29 |     echo "$i not found"
30 |   fi
31 | done
32 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/dashboard/manifests/dashboard-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | type: Opaque
 4 | metadata:
 5 |   name: kubernetes-dashboard-basic-auth
 6 |   namespace: kube-system
 7 | data:
 8 |   auth: ${basic_auth_b64}
 9 | ---
10 | apiVersion: extensions/v1beta1
11 | kind: Ingress
12 | metadata:
13 |   name: kubernetes-dashboard
14 |   namespace: kube-system
15 |   annotations:
16 |     kubernetes.io/ingress.class: nginx
17 |     nginx.ingress.kubernetes.io/auth-type: basic
18 |     nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-basic-auth
19 |     nginx.ingress.kubernetes.io/auth-realm: "Super Secret Authentication Required"
20 | spec:
21 |   rules:
22 |   - host: ${app_name}.${ingress}
23 |     http:
24 |       paths:
25 |       - path: /
26 |         backend:
27 |           serviceName: kubernetes-dashboard
28 |           servicePort: 80
29 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/a-namespace.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: guestbook
5 | 
6 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/frontend-deployment.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: Deployment
 3 | metadata:
 4 |   name: frontend
 5 |   namespace: guestbook
 6 |   labels:
 7 |    app: guestbook
 8 |    tier: frontend
 9 | 
10 | spec:
11 |   replicas: 1
12 |   selector:
13 |     matchLabels:
14 |       app: guestbook
15 |       tier: frontend
16 |   template:
17 |     metadata:
18 |       labels:
19 |         app: guestbook
20 |         tier: frontend
21 |     spec:
22 |       containers:
23 |       - name: php-redis
24 |         image: gcr.io/google-samples/gb-frontend:v4
25 |         resources:
26 |           requests:
27 |             cpu: 100m
28 |             memory: 100Mi
29 |         env:
30 |         - name: GET_HOSTS_FROM
31 |           value: dns
32 |           # If your cluster config does not include a dns service, then to
33 |           # instead access environment variables to find service host
34 |           # info, comment out the 'value: dns' line above, and uncomment the
35 |           # line below.
36 |           # value: env
37 |         ports:
38 |         - containerPort: 80
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/frontend-ingress.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |      kubernetes.io/ingress.class: "nginx"
 6 |   name: frontend
 7 |   namespace: guestbook
 8 | spec:
 9 |   rules:
10 |   - host: guestbook.${ingress}
11 |     http:
12 |       paths:
13 |       - path: /
14 |         backend:
15 |           serviceName: frontend
16 |           servicePort: 80
17 | 
18 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/frontend-service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: frontend
 5 |   namespace: guestbook
 6 |   labels:
 7 |     app: guestbook
 8 |     tier: frontend
 9 | spec:
10 |   # if your cluster supports it, uncomment the following to automatically create
11 |   # an external load-balanced IP for the frontend service.
12 |   # type: LoadBalancer
13 |   ports:
14 |     # the port that this service should serve on
15 |   - port: 80
16 |   selector:
17 |     app: guestbook
18 |     tier: frontend
19 | 
20 | 
21 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/redis-master-deployment.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: StatefulSet
 3 | metadata:
 4 |   name: redis-master
 5 |   namespace: guestbook
 6 |   # these labels can be applied automatically 
 7 |   # from the labels in the pod template if not set
 8 |   labels:
 9 |     app: redis
10 |     role: master
11 |     tier: backend
12 | spec:
13 |   replicas: 1
14 |   # selector can be applied automatically 
15 |   # from the labels in the pod template if not set
16 |   selector:
17 |     matchLabels:
18 |       app: redis
19 |       role: master
20 |       tier: backend
21 |   serviceName: redis-master
22 |   template:
23 |     metadata:
24 |       labels:
25 |         app: redis
26 |         role: master
27 |         tier: backend
28 |     spec:
29 |       containers:
30 |       - name: master
31 |         image: gcr.io/google_containers/redis:e2e
32 |         resources:
33 |           requests:
34 |             cpu: 100m
35 |             memory: 100Mi
36 |         ports:
37 |         - containerPort: 6379
38 |         volumeMounts:
39 |         - name: redis-storage
40 |           mountPath: /data
41 |   volumeClaimTemplates:
42 |   - metadata:
43 |       name: redis-storage
44 |     spec:
45 |       accessModes:
46 |       - ReadWriteOnce
47 | #      storageClassName: 
48 |       resources:
49 |         requests:
50 |           storage: 1G
51 | 
52 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/redis-master-service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: redis-master
 5 |   namespace: guestbook
 6 |   labels:
 7 |     app: redis
 8 |     role: master
 9 |     tier: backend
10 | spec:
11 |   ports:
12 |     # the port that this service should serve on
13 |   - port: 6379
14 |     targetPort: 6379
15 |   selector:
16 |     app: redis
17 |     role: master
18 |     tier: backend
19 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/redis-slave-deployment.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: StatefulSet
 3 | metadata:
 4 |   name: redis-slave
 5 |   namespace: guestbook
 6 |   # these labels can be applied automatically
 7 |   # from the labels in the pod template if not set
 8 |   labels:
 9 |     app: redis
10 |     role: slave
11 |     tier: backend
12 | spec:
13 |   # this replicas value is default
14 |   # modify it according to your case
15 |   replicas: 1
16 |   # selector can be applied automatically
17 |   # from the labels in the pod template if not set
18 |   selector:
19 |     matchLabels:
20 |       app: redis
21 |       role: slave
22 |       tier: backend
23 |   serviceName: redis-slave
24 |   template:
25 |     metadata:
26 |       labels:
27 |         app: redis
28 |         role: slave
29 |         tier: backend
30 |     spec:
31 |       containers:
32 |       - name: slave
33 |         image: gcr.io/google_samples/gb-redisslave:v1
34 |         resources:
35 |           requests:
36 |             cpu: 100m
37 |             memory: 100Mi
38 |         env:
39 |         - name: GET_HOSTS_FROM
40 |           value: dns
41 |           # If your cluster config does not include a dns service, then to
42 |           # instead access an environment variable to find the master
43 |           # service's host, comment out the 'value: dns' line above, and
44 |           # uncomment the line below.
45 |           # value: env
46 |         ports:
47 |         - containerPort: 6379
48 |         volumeMounts:
49 |         - name: redis-storage
50 |           mountPath: /data
51 |   volumeClaimTemplates:
52 |   - metadata:
53 |       name: redis-storage
54 |     spec:
55 |       accessModes:
56 |       - ReadWriteOnce
57 | #      storageClassName: 
58 |       resources:
59 |         requests:
60 |           storage: 1G
61 | 
62 | 
63 | 
64 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/guestbook/manifests/redis-slave-service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: redis-slave
 5 |   namespace: guestbook
 6 |   labels:
 7 |     app: redis
 8 |     role: slave
 9 |     tier: backend
10 | spec:
11 |   ports:
12 |     # the port that this service should serve on
13 |   - port: 6379
14 |   selector:
15 |     app: redis
16 |     role: slave
17 |     tier: backend
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/kube-lego/manifests/lego-echo.yaml:
--------------------------------------------------------------------------------
 1 | #
 2 | # namespace
 3 | #
 4 | apiVersion: v1
 5 | kind: Namespace
 6 | metadata:
 7 |   name: kube-lego
 8 | ---
 9 | apiVersion: apps/v1
10 | kind: Deployment
11 | metadata:
12 |   name: echoheaders
13 |   namespace: kube-lego
14 | spec:
15 |   replicas: 1
16 |   template:
17 |     metadata:
18 |       labels:
19 |         app: echoheaders
20 |     spec:
21 |       containers:
22 |       - name: echoheaders
23 |         image: gcr.io/google_containers/echoserver:1.8
24 |         ports:
25 |         - containerPort: 8080
26 | ---
27 | apiVersion: v1
28 | kind: Service
29 | metadata:
30 |   name: echoheaders
31 |   namespace: kube-lego
32 |   labels:
33 |     app: echoheaders
34 | spec:
35 |   ports:
36 |   - port: 80
37 |     targetPort: 8080
38 |     protocol: TCP
39 |     name: http
40 |   selector:
41 |     app: echoheaders
42 | ---
43 | # This is the Ingress resource that creates a HTTP Loadbalancer configured
44 | # according to the Ingress rules.
45 | apiVersion: extensions/v1beta1
46 | kind: Ingress
47 | metadata:
48 |   annotations:
49 |      kubernetes.io/tls-acme: "true"
50 |      kubernetes.io/ingress.class: "nginx"
51 |   name: echomap
52 |   namespace: kube-lego
53 | spec:
54 |   tls:
55 |     - hosts:
56 |         - lego.${ingress}
57 |       secretName: echoserver-tls
58 | 
59 |   rules:
60 |   - host: lego.${ingress}
61 |     http:
62 |       paths:
63 |       - path: /
64 |         backend:
65 |           serviceName: echoheaders
66 |           servicePort: 80
67 | 


--------------------------------------------------------------------------------
/modules/seed/templates/addons/logging/manifests/es-curator-configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: curator-config
 5 |   namespace: kube-system
 6 | data:
 7 |   action_file.yml: |-
 8 |     ---
 9 |     # Remember, leave a key empty if there is no value.  None will be a string,
10 |     # not a Python "NoneType"
11 |     #
12 |     # Also remember that all examples have 'disable_action' set to True.  If you
13 |     # want to use this action as a template, be sure to set this to False after
14 |     # copying it.
15 |     actions:
16 |       1:
17 |         action: delete_indices
18 |         description: "Clean up ES by deleting old indices"
19 |         options:
20 |           timeout_override:
21 |           continue_if_exception: False
22 |           disable_action: False
23 |           ignore_empty_list: True
24 |         filters:
25 |         - filtertype: age
26 |           source: name
27 |           direction: older
28 |           timestring: '%Y.%m.%d'
29 |           unit: days
30 |           unit_count: 30
31 |           field:
32 |           stats_result:
33 |           epoch:
34 |           exclude: False
35 |   config.yml: |-
36 |     ---
37 |     # Remember, leave a key empty if there is no value.  None will be a string,
38 |     # not a Python "NoneType"
39 |     client:
40 |       hosts:
41 |         - elasticsearch-logging
42 |       port: 9200
43 |       url_prefix:
44 |       use_ssl: False
45 |       certificate:
46 |       client_cert:
47 |       client_key:
48 |       ssl_no_validate: False
49 |       http_auth:
50 |       timeout: 30
51 |       master_only: False
52 |     logging:
53 |       loglevel: INFO
54 |       logfile:
55 |       logformat: default
56 |       blacklist: ['elasticsearch', 'urllib3']


--------------------------------------------------------------------------------
/modules/seed/templates/addons/logging/manifests/es-curator-cronjob.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: batch/v1beta1
 2 | kind: CronJob
 3 | metadata:
 4 |   name: curator
 5 |   namespace: kube-system
 6 | spec:
 7 |   schedule: 1 0 * * *
 8 |   jobTemplate:
 9 |     spec:
10 |       template:
11 |         spec:
12 |           containers:
13 |           - name: curator
14 |             image: quay.io/pires/docker-elasticsearch-curator:5.4.1
15 |             args:
16 |             - --config
17 |             - /etc/config/config.yml
18 |             - /etc/config/action_file.yml
19 |             volumeMounts:
20 |               - name: config-volume
21 |                 mountPath: /etc/config
22 |           volumes:
23 |             - name: config-volume
24 |               configMap:
25 |                 name: curator-config
26 |           restartPolicy: OnFailure


--------------------------------------------------------------------------------
/modules/seed/templates/addons/logging/manifests/es-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: elasticsearch-logging
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: elasticsearch-logging
 8 |     kubernetes.io/cluster-service: "true"
 9 |     addonmanager.kubernetes.io/mode: Reconcile
10 |     kubernetes.io/name: "Elasticsearch"
11 | spec:
12 |   ports:
13 |   - port: 9200
14 |     protocol: TCP
15 |     targetPort: db
16 |   selector:
17 |     k8s-app: elasticsearch-logging


--------------------------------------------------------------------------------
/modules/seed/templates/addons/logging/manifests/kibana-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: kibana-logging
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: kibana-logging
 8 |     kubernetes.io/cluster-service: "true"
 9 |     addonmanager.kubernetes.io/mode: Reconcile
10 | spec:
11 |   replicas: 1
12 |   selector:
13 |     matchLabels:
14 |       k8s-app: kibana-logging
15 |   template:
16 |     metadata:
17 |       labels:
18 |         k8s-app: kibana-logging
19 |     spec:
20 |       containers:
21 |       - name: kibana-logging
22 |         image: docker.elastic.co/kibana/kibana:5.6.4
23 |         resources:
24 |           # need more cpu upon initialization, therefore burstable class
25 |           limits:
26 |             cpu: 1000m
27 |           requests:
28 |             cpu: 100m
29 |         env:
30 |           - name: ELASTICSEARCH_URL
31 |             value: http://elasticsearch-logging:9200
32 |           - name: SERVER_BASEPATH
33 |             value: /api/v1/namespaces/kube-system/services/kibana-logging/proxy
34 |           - name: XPACK_MONITORING_ENABLED
35 |             value: "false"
36 |           - name: XPACK_SECURITY_ENABLED
37 |             value: "false"
38 |         ports:
39 |         - containerPort: 5601
40 |           name: ui
41 |           protocol: TCP


--------------------------------------------------------------------------------
/modules/seed/templates/addons/logging/manifests/kibana-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: kibana-logging
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: kibana-logging
 8 |     kubernetes.io/cluster-service: "true"
 9 |     addonmanager.kubernetes.io/mode: Reconcile
10 |     kubernetes.io/name: "Kibana"
11 | spec:
12 |   ports:
13 |   - port: 5601
14 |     protocol: TCP
15 |     targetPort: ui
16 |   selector:
17 |     k8s-app: kibana-logging


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/bootstrap-manifests/bootstrap-controller-manager.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-kube-controller-manager
 5 |   namespace: kube-system
 6 | spec:
 7 |   containers:
 8 |   - name: kube-controller-manager
 9 |     image: ${kubernetes_hyperkube}:${kubernetes_version}${kubernetes_hyperkube_patch}
10 |     command:
11 |     - ./hyperkube
12 |     - controller-manager
13 |     - --allocate-node-cidrs=true
14 |     - --cluster-cidr=${pod_cidr}
15 |     - --cloud-provider=${cloud_provider}
16 |     - --cloud-config=/etc/kubernetes/cloud.conf
17 |     - --configure-cloud-routes=false
18 |     - --kubeconfig=/etc/kubernetes/kubelet.conf
19 |     - --leader-elect=true
20 |     - --root-ca-file=/etc/kubernetes/bootstrap-secrets/ca.crt
21 |     - --service-account-private-key-file=/etc/kubernetes/bootstrap-secrets/service-account.key
22 |     volumeMounts:
23 |     - name: kubernetes
24 |       mountPath: /etc/kubernetes
25 |       readOnly: true
26 |     - name: ssl-host
27 |       mountPath: /etc/ssl/certs
28 |       readOnly: true
29 |   hostNetwork: true
30 |   volumes:
31 |   - name: kubernetes
32 |     hostPath:
33 |       path: /etc/kubernetes
34 |   - name: ssl-host
35 |     hostPath:
36 |       path: ${ssl_certs_dir}
37 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/bootstrap-manifests/bootstrap-scheduler.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-kube-scheduler
 5 |   namespace: kube-system
 6 | spec:
 7 |   containers:
 8 |   - name: kube-scheduler
 9 |     image: ${kubernetes_hyperkube}:${kubernetes_version}${kubernetes_hyperkube_patch}
10 |     command:
11 |     - ./hyperkube
12 |     - scheduler
13 |     - --kubeconfig=/etc/kubernetes/kubelet.conf
14 |     - --leader-elect=true
15 |     volumeMounts:
16 |     - name: kubernetes
17 |       mountPath: /etc/kubernetes
18 |       readOnly: true
19 |   hostNetwork: true
20 |   volumes:
21 |   - name: kubernetes
22 |     hostPath:
23 |       path: /etc/kubernetes
24 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/etcd-client-tls.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   etcd-client-ca.crt: "${etcd_client_ca_crt_b64}"
 4 |   etcd-client.crt: "${etcd_client_crt_b64}"
 5 |   etcd-client.key: "${etcd_client_key_b64}"
 6 | kind: Secret
 7 | metadata:
 8 |   name: etcd-client-tls
 9 |   namespace: kube-system
10 | type: Opaque
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/etcd-peer-tls.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   peer-ca.crt: "${etcd_peer_ca_crt_b64}"
 4 |   peer.crt: "${etcd_peer_crt_b64}"
 5 |   peer.key: "${etcd_peer_key_b64}"
 6 | kind: Secret
 7 | metadata:
 8 |   name: etcd-peer-tls
 9 |   namespace: kube-system
10 | type: Opaque
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/etcd-server-tls.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   server-ca.crt: "${etcd_server_ca_crt_b64}"
 4 |   server.crt: "${etcd_server_crt_b64}"
 5 |   server.key: "${etcd_server_key_b64}"
 6 | kind: Secret
 7 | metadata:
 8 |   name: etcd-server-tls
 9 |   namespace: kube-system
10 | type: Opaque
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/etcd-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: etcd-service
 5 |   namespace: kube-system
 6 |   # This alpha annotation will retain the endpoints even if the etcd pod isn't ready.
 7 |   # This feature is always enabled in endpoint controller in k8s even it is alpha.
 8 |   annotations:
 9 |     service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
10 |     prometheus.io/scrape: "true"
11 |     prometheus.io/name: "etcd"
12 |     prometheus.io/port: "2379"
13 | spec:
14 |   selector:
15 |     app: etcd
16 |     etcd_cluster: kube-etcd
17 |   clusterIP: ${etcd_service_ip}
18 |   ports:
19 |   - name: client
20 |     port: 2379
21 |     protocol: TCP
22 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-apiserver-secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   apiserver.crt: "${apiserver_crt_b64}"
 4 |   apiserver.key: "${apiserver_key_b64}"
 5 |   aggregator.crt: "${api_aggregator_crt_b64}"
 6 |   aggregator.key: "${api_aggregator_key_b64}"
 7 |   ca.crt: "${apiserver_ca_crt_b64}"
 8 |   etcd-client-ca.crt: "${etcd_client_ca_crt_b64}"
 9 |   etcd-client.crt: "${etcd_client_crt_b64}"
10 |   etcd-client.key: "${etcd_client_key_b64}"
11 |   service-account.pub: ${service_account_pub_b64}
12 |   ${oidc_ca_secret}
13 | kind: Secret
14 | metadata:
15 |   name: kube-apiserver
16 |   namespace: kube-system
17 | type: Opaque
18 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-controller-manager-disruption.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy/v1beta1
 2 | kind: PodDisruptionBudget
 3 | metadata:
 4 |   name: kube-controller-manager
 5 |   namespace: kube-system
 6 | spec:
 7 |   minAvailable: 1
 8 |   selector:
 9 |     matchLabels:
10 |       tier: control-plane
11 |       k8s-app: kube-controller-manager
12 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-controller-manager-secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   ca.crt: "${controller_manager_ca_crt_b64}"
 4 |   ca.key: "${controller_manager_ca_key_b64}"
 5 |   service-account.key: "${service_account_key_b64}"
 6 | kind: Secret
 7 | metadata:
 8 |   name: kube-controller-manager
 9 |   namespace: kube-system
10 | type: Opaque
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-dns-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     prometheus.io/scrape: "true"
 6 |     prometheus.io/name: "kube-dns"
 7 |     prometheus.io/port: "10055"
 8 |   name: kube-dns
 9 |   namespace: kube-system
10 |   labels:
11 |     k8s-app: kube-dns
12 |     kubernetes.io/cluster-service: "true"
13 |     kubernetes.io/name: "KubeDNS"
14 | spec:
15 |   selector:
16 |     k8s-app: kube-dns
17 |   clusterIP: ${dns_service_ip}
18 |   ports:
19 |   - name: dns
20 |     port: 53
21 |     protocol: UDP
22 |   - name: dns-tcp
23 |     port: 53
24 |     protocol: TCP
25 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-flannel-cfg.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: kube-flannel-cfg
 5 |   namespace: kube-system
 6 |   labels:
 7 |     tier: node
 8 |     k8s-app: flannel
 9 | data:
10 |   cni-conf.json: |
11 |     {
12 |       "name": "cbr0",
13 |       "cniVersion": "${cni_version}",
14 |       "plugins": [
15 |         {
16 |           "type": "flannel",
17 |           "delegate": {
18 |             "isDefaultGateway": true
19 |           }
20 |         },
21 |         {
22 |           "type": "portmap",
23 |           "capabilities": {
24 |             "portMappings": true
25 |           }
26 |         }
27 |       ]
28 |     }
29 |   net-conf.json: |
30 |     {
31 |       "Network": "${pod_cidr}",
32 |       "Backend": {
33 |         "Type": "vxlan"
34 |       }
35 |     }
36 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-proxy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: DaemonSet
 3 | metadata:
 4 |   name: kube-proxy
 5 |   namespace: kube-system
 6 |   labels:
 7 |     tier: node
 8 |     k8s-app: kube-proxy
 9 | spec:
10 |   selector:
11 |     matchLabels:
12 |       tier: node
13 |       k8s-app: kube-proxy
14 |   template:
15 |     metadata:
16 |       labels:
17 |         tier: node
18 |         k8s-app: kube-proxy
19 |       annotations:
20 |         scheduler.alpha.kubernetes.io/critical-pod: ''
21 |     spec:
22 |       containers:
23 |       - name: kube-proxy
24 |         image: ${kubernetes_hyperkube}:${kubernetes_version}${kubernetes_hyperkube_patch}
25 |         command:
26 |         - ./hyperkube
27 |         - proxy
28 |         - --cluster-cidr=${service_cidr}
29 |         - --hostname-override=$(NODE_NAME)
30 |         - --kubeconfig=/etc/kubernetes/kubelet.conf
31 |         - --proxy-mode=iptables
32 |         env:
33 |           - name: NODE_NAME
34 |             valueFrom:
35 |               fieldRef:
36 |                 fieldPath: spec.nodeName
37 |         securityContext:
38 |           privileged: true
39 |         volumeMounts:
40 |         - mountPath: /etc/ssl/certs
41 |           name: ssl-certs-host
42 |           readOnly: true
43 |         - name: etc-kubernetes
44 |           mountPath: /etc/kubernetes
45 |           readOnly: true
46 |       hostNetwork: true
47 |       tolerations:
48 |       - key: CriticalAddonsOnly
49 |         operator: Exists
50 |       - key: node-role.kubernetes.io/master
51 |         operator: Exists
52 |         effect: NoSchedule
53 |       volumes:
54 |       - hostPath:
55 |           path: ${ssl_certs_dir}
56 |         name: ssl-certs-host
57 |       - name: etc-kubernetes
58 |         hostPath:
59 |           path: /etc/kubernetes
60 |   updateStrategy:
61 |     rollingUpdate:
62 |       maxUnavailable: 1
63 |     type: RollingUpdate
64 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-scheduler-disruption.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy/v1beta1
 2 | kind: PodDisruptionBudget
 3 | metadata:
 4 |   name: kube-scheduler
 5 |   namespace: kube-system
 6 | spec:
 7 |   minAvailable: 1
 8 |   selector:
 9 |     matchLabels:
10 |       tier: control-plane
11 |       k8s-app: kube-scheduler
12 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/common/manifests/kube-system-rbac-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: system:default-sa
 5 | subjects:
 6 |   - kind: ServiceAccount
 7 |     name: default
 8 |     namespace: kube-system
 9 | roleRef:
10 |   kind: ClusterRole
11 |   name: cluster-admin
12 |   apiGroup: rbac.authorization.k8s.io
13 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/self/bootstrap-manifests/bootstrap-etcd.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: bootstrap-etcd
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: boot-etcd
 8 | spec:
 9 | ${etcd_initcontainers}
10 |   containers:
11 |   - name: etcd
12 |     image: {etcd_image}:${etcd_version}
13 |     command:
14 |     - /usr/local/bin/etcd
15 |     - --name=boot-etcd
16 |     - --listen-client-urls=https://0.0.0.0:12379
17 |     - --listen-peer-urls=https://0.0.0.0:12380
18 |     - --advertise-client-urls=https://${bootstrap_etcd_service_ip}:12379
19 | ${etcd_args}
20 |     - --data-dir=/var/etcd/data
21 |     - --peer-client-cert-auth=true
22 |     - --peer-trusted-ca-file=/etc/kubernetes/secrets/etcd/peer-ca.crt
23 |     - --peer-cert-file=/etc/kubernetes/secrets/etcd/peer.crt
24 |     - --peer-key-file=/etc/kubernetes/secrets/etcd/peer.key
25 |     - --client-cert-auth=true
26 |     - --trusted-ca-file=/etc/kubernetes/secrets/etcd/server-ca.crt
27 |     - --cert-file=/etc/kubernetes/secrets/etcd/server.crt
28 |     - --key-file=/etc/kubernetes/secrets/etcd/server.key
29 |     volumeMounts:
30 | ${etcd_mounts}
31 |     - mountPath: /etc/kubernetes/secrets
32 |       name: secrets
33 |       readOnly: true
34 |   volumes:
35 | ${etcd_volumes}
36 |   - name: secrets
37 |     hostPath:
38 |       path: /etc/kubernetes/bootstrap-secrets
39 |   hostNetwork: true
40 |   restartPolicy: Never
41 |   dnsPolicy: ClusterFirstWithHostNet
42 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/self/etcd/bootstrap-etcd-service.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "apiVersion": "v1",
 3 |   "kind": "Service",
 4 |   "metadata": {
 5 |     "name": "bootstrap-etcd-service",
 6 |     "namespace": "kube-system"
 7 |   },
 8 |   "spec": {
 9 |     "selector": {
10 |       "k8s-app": "boot-etcd"
11 |     },
12 |     "clusterIP": "${bootstrap_etcd_service_ip}",
13 |     "ports": [
14 |       {
15 |         "name": "client",
16 |         "port": 12379,
17 |         "protocol": "TCP"
18 |       },
19 |       {
20 |         "name": "peers",
21 |         "port": 12380,
22 |         "protocol": "TCP"
23 |       }
24 |     ]
25 |   }
26 | }
27 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/self/etcd/migrate-etcd-cluster.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "apiVersion": "etcd.database.coreos.com/v1beta2",
 3 |   "kind": "EtcdCluster",
 4 |   "metadata": {
 5 |     "name": "kube-etcd",
 6 |     "namespace": "kube-system"
 7 |   },
 8 |   "spec": {
 9 |     "size": 1,
10 |     "version": "${etcd_version}",
11 |     "pod": {
12 |       "nodeSelector": {
13 |         "node-role.kubernetes.io/master": ""
14 |       },
15 |       "tolerations": [
16 |         {
17 |           "key": "node-role.kubernetes.io/master",
18 |           "operator": "Exists",
19 |           "effect": "NoSchedule"
20 |         }
21 |       ]
22 |     },
23 |     "selfHosted": {
24 |       "bootMemberClientEndpoint": "https://${bootstrap_etcd_service_ip}:12379"
25 |     },
26 |     "TLS": {
27 |       "static": {
28 |         "member": {
29 |           "peerSecret": "etcd-peer-tls",
30 |           "serverSecret": "etcd-server-tls"
31 |         },
32 |         "operatorSecret": "etcd-client-tls"
33 |       }
34 |     }
35 |   }
36 | }
37 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/self/manifests/etcd-operator.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1beta2
 2 | kind: Deployment
 3 | metadata:
 4 |   name: etcd-operator
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: etcd-operator
 8 | spec:
 9 |   replicas: 1
10 |   selector:
11 |     matchLabels:
12 |       k8s-app: etcd-operator
13 |   template:
14 |     metadata:
15 |       labels:
16 |         k8s-app: etcd-operator
17 |     spec:
18 |       containers:
19 |       - name: etcd-operator
20 |         image: quay.io/coreos/etcd-operator:${etcd_operator_version}
21 |         env:
22 |         - name: MY_POD_NAMESPACE
23 |           valueFrom:
24 |             fieldRef:
25 |               fieldPath: metadata.namespace
26 |         - name: MY_POD_NAME
27 |           valueFrom:
28 |             fieldRef:
29 |               fieldPath: metadata.name
30 |       nodeSelector:
31 |         node-role.kubernetes.io/master: ""
32 |       securityContext:
33 |         runAsNonRoot: true
34 |         runAsUser: 65534
35 |       tolerations:
36 |       - key: node-role.kubernetes.io/master
37 |         operator: Exists
38 |         effect: NoSchedule
39 |   strategy:
40 |     type: RollingUpdate
41 |     rollingUpdate:
42 |       maxUnavailable: 1
43 |       maxSurge: 1
44 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/self/manifests/kube-etcd-network-checkpointer.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: DaemonSet
 3 | metadata:
 4 |   name: kube-etcd-network-checkpointer
 5 |   namespace: kube-system
 6 |   labels:
 7 |     tier: control-plane
 8 |     k8s-app: kube-etcd-network-checkpointer
 9 | spec:
10 |   selector:
11 |     matchLabels:
12 |       tier: control-plane
13 |       k8s-app: kube-etcd-network-checkpointer
14 |   template:
15 |     metadata:
16 |       labels:
17 |         tier: control-plane
18 |         k8s-app: kube-etcd-network-checkpointer
19 |       annotations:
20 |         checkpointer.alpha.coreos.com/checkpoint: "true"
21 |     spec:
22 |       containers:
23 |       - image: quay.io/coreos/kenc:0.0.2
24 |         name: kube-etcd-network-checkpointer
25 |         securityContext:
26 |           privileged: true
27 |         volumeMounts:
28 |         - mountPath: /etc/kubernetes/selfhosted-etcd
29 |           name: checkpoint-dir
30 |           readOnly: false
31 |         - mountPath: /var/etcd
32 |           name: etcd-dir
33 |           readOnly: false
34 |         - mountPath: /var/lock
35 |           name: var-lock
36 |           readOnly: false
37 |         command:
38 |         - /usr/bin/flock
39 |         - /var/lock/kenc.lock
40 |         - -c
41 |         - "kenc -r -m iptables && kenc -m iptables"
42 |       hostNetwork: true
43 |       nodeSelector:
44 |         node-role.kubernetes.io/master: ""
45 |       tolerations:
46 |       - key: node-role.kubernetes.io/master
47 |         operator: Exists
48 |         effect: NoSchedule
49 |       volumes:
50 |       - name: checkpoint-dir
51 |         hostPath:
52 |           path: /etc/kubernetes/checkpoint-iptables
53 |       - name: etcd-dir
54 |         hostPath:
55 |           path: /var/etcd
56 |       - name: var-lock
57 |         hostPath:
58 |           path: /var/lock
59 |   updateStrategy:
60 |     rollingUpdate:
61 |       maxUnavailable: 1
62 |     type: RollingUpdate
63 | 


--------------------------------------------------------------------------------
/modules/seed/templates/bootkube/single/manifests/kube-etcd-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 6 |   labels:
 7 |     app: etcd
 8 |     etcd_cluster: kube-etcd
 9 |   name: kube-etcd
10 |   namespace: kube-system
11 | spec:
12 |   clusterIP: None
13 |   ports:
14 |   - name: client
15 |     port: 2379
16 |     protocol: TCP
17 |     targetPort: 2379
18 |   - name: peer
19 |     port: 2380
20 |     protocol: TCP
21 |     targetPort: 2380
22 |   selector:
23 |     app: etcd
24 |     etcd_cluster: kube-etcd
25 |   sessionAffinity: None
26 |   type: ClusterIP
27 | 
28 | 


--------------------------------------------------------------------------------
/modules/seed/templates/empty/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/modules/seed/templates/empty/empty


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/pv/spec.json:
--------------------------------------------------------------------------------
 1 | "backup": {
 2 |   "backupIntervalInSecond": 30,
 3 |   "maxBackups": 5,
 4 |   "storageType": "PersistentVolume",
 5 |   "pv": {
 6 |     "volumeSizeInMB": 20000,
 7 |     "storageClass": "etcd"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/s3/config:
--------------------------------------------------------------------------------
1 | [default]
2 | region = ${region}
3 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/s3/credentials:
--------------------------------------------------------------------------------
1 | [default]
2 | aws_access_key_id = ${access_key}
3 | aws_secret_access_key = ${secret_key}
4 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/s3/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: ${name}
 5 |   namespace: ${namespace}
 6 | type: Opaque
 7 | data:
 8 |   credentials: ${credentials}
 9 |   config: ${config}
10 | 
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/s3/sidecar.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: etcd
 6 |     etcd_cluster: kube-etcd
 7 |   name: kube-etcd-backup-sidecar
 8 |   namespace: kube-system
 9 | spec:
10 |   progressDeadlineSeconds: 600
11 |   replicas: 1
12 |   revisionHistoryLimit: 2
13 |   selector:
14 |     matchLabels:
15 |       app: etcd-backup
16 |       etcd_cluster: kube-etcd
17 |   strategy:
18 |     type: Recreate
19 |   template:
20 |     metadata:
21 |       creationTimestamp: null
22 |       labels:
23 |         app: etcd-backup
24 |         etcd_cluster: kube-etcd
25 |     spec:
26 |       containers:
27 |       - command:
28 |         - etcdbrctl
29 |         - snapshot
30 |         - --cacert=/root/tls/etcd-client-ca.crt
31 |         - --cert=/root/tls/etcd-client.crt
32 |         - --key=/root/tls/etcd-client.key
33 |         - --schedule=*/10 * * * *
34 |         - --max-backups=5
35 |         - --endpoints=https://${service_ip}:2379
36 |         - --storage-provider=S3
37 |         - --store-container=${bucket}
38 |         - --store-prefix=${prefix}
39 |         image: ${backup_image}:${backup_version}
40 |         imagePullPolicy: IfNotPresent
41 |         name: backup
42 |         resources: {}
43 |         volumeMounts:
44 |         - mountPath: /root/.aws/
45 |           name: secret
46 |         - mountPath: /root/tls/
47 |           name: etcd-tls
48 |       dnsPolicy: ClusterFirst
49 |       restartPolicy: Always
50 |       terminationGracePeriodSeconds: 30
51 |       volumes:
52 |       - name: secret
53 |         secret:
54 |           defaultMode: 420
55 |           secretName: etcd-backup
56 |       - name: etcd-tls
57 |         secret:
58 |           defaultMode: 420
59 |           secretName: etcd-client-tls
60 | 
61 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_backup/s3/spec.json:
--------------------------------------------------------------------------------
 1 | "backup": {
 2 |   "backupIntervalInSecond": 600,
 3 |   "maxBackups": 5,
 4 |   "storageType": "S3",
 5 |   "s3": {
 6 |     "s3Bucket": "${bucket}",
 7 |     "awsSecret": "${secret}",
 8 |     "prefix": "${prefix}"
 9 |   }
10 | }
11 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_bootstrap/initial:
--------------------------------------------------------------------------------
1 |     - --initial-advertise-peer-urls=https://${bootstrap_etcd_service_ip}:12380
2 |     - --initial-cluster=boot-etcd=https://${bootstrap_etcd_service_ip}:12380
3 |     - --initial-cluster-token=bootkube
4 |     - --initial-cluster-state=new
5 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_bootstrap/recover_initcontainers:
--------------------------------------------------------------------------------
 1 |   initContainers:
 2 |   - name: recovery
 3 |     image: ${etcd_image}:${etcd_version}
 4 |     command:
 5 |     - /bin/sh 
 6 |     - -ec
 7 |     - |
 8 |       test -f /var/etcd-backupdir/${backup_file} \
 9 |       && etcdctl snapshot restore \
10 |       /var/etcd-backupdir/${backup_file} \
11 |       --data-dir=/var/etcd/data \
12 |       --name=boot-etcd \
13 |       --initial-cluster=boot-etcd=https://${bootstrap_etcd_service_ip}:12380 \
14 |       --initial-cluster-token=bootkube \
15 |       --initial-advertise-peer-urls=https://${bootstrap_etcd_service_ip}:12380 \
16 |       --skip-hash-check=true \
17 |       && mv /var/etcd-backupdir/${backup_file} /var/etcd-backupdir/${backup_file}.bak
18 |     env:
19 |     - name: ETCDCTL_API
20 |       value: "3"
21 |     volumeMounts:
22 | ${etcd_mount}
23 | ${etcd_backup_mount}
24 |   - name: cleanup
25 |     image: ${etcd_image}:${etcd_version}
26 |     command:
27 |     - /bin/sh 
28 |     - -ec
29 |     - |
30 |       (/usr/local/bin/etcd \
31 |       --listen-client-urls=http://127.0.0.1:32379 \
32 |       --listen-peer-urls=http://127.0.0.1:32380 \
33 |       --advertise-client-urls=http://127.0.0.1:32379 \
34 |       --data-dir=/var/etcd/data &) && sleep 30 && \
35 |       etcdctl --endpoints=http://127.0.0.1:32379 \
36 |       del ${crd_key}  && \
37 |       etcdctl --endpoints=http://127.0.0.1:32379 \
38 |       del --prefix ${member_pod_prefix} && \
39 |       etcdctl --endpoints=http://127.0.0.1:32379 \
40 |       del --prefix ${member_depl_prefix}
41 |     env:
42 |     - name: ETCDCTL_API
43 |       value: "3"
44 |     volumeMounts:
45 | ${etcd_mount}
46 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_bootstrap/recover_mount_backup:
--------------------------------------------------------------------------------
1 |     - mountPath: /var/etcd-backupdir
2 |       name: etcdbackup
3 |       readOnly: false
4 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_bootstrap/recover_mount_etcd:
--------------------------------------------------------------------------------
1 |     - mountPath: /var/etcd
2 |       name: etcd
3 |       readOnly: false
4 | 


--------------------------------------------------------------------------------
/modules/seed/templates/etcd_bootstrap/recover_volumes:
--------------------------------------------------------------------------------
1 |   - name: etcd
2 |     emptyDir: {}
3 |   - name: etcdbackup
4 |     hostPath:
5 |       path: ${etcd_backup_dir}
6 | 


--------------------------------------------------------------------------------
/modules/seed/templates/kubelet.conf:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Config
 3 | current-context: admin@${cluster_name}
 4 | preferences: {}
 5 | contexts:
 6 | - context:
 7 |     cluster: ${cluster_name}
 8 |     user: ${cluster_name}-admin
 9 |   name: admin@${cluster_name}
10 | clusters:
11 | - cluster:
12 |     certificate-authority-data: "${cacert_b64}"
13 |     server: ${api_url}
14 |   name: ${cluster_name}
15 | users:
16 | - name: ${cluster_name}-admin
17 |   user:
18 |     client-certificate-data: ${kubelet_cert_b64}
19 |     client-key-data: ${kubelet_key_b64}
20 | 


--------------------------------------------------------------------------------
/modules/seed/templates/kubelet.env:
--------------------------------------------------------------------------------
1 | KUBELET_VERSION=${kubelet_version}
2 | KUBELET_IMAGE_TAG=${kubelet_image_tag}
3 | KUBELET_IMAGE_URL=docker://${kubelet_image}


--------------------------------------------------------------------------------
/modules/seed/templates/misc/oidc.dropin:
--------------------------------------------------------------------------------
1 | ${oidc-optional}
2 | --oidc-issuer-url=${oidc-issuer-url}
3 | --oidc-client-id=${oidc-client-id}
4 | --oidc-username-claim=${oidc-username-claim}
5 | --oidc-groups-claim=${oidc-groups-claim}
6 | 


--------------------------------------------------------------------------------
/modules/seed/tls.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "kubelet" {
17 |   source = "../tls/access"
18 |   tls = "${var.tls_kubelet}"
19 | }
20 | module "apiserver" {
21 |   source = "../tls/access"
22 |   tls = "${var.tls_apiserver}"
23 | }
24 | module "aggregator" {
25 |   source = "../tls/access"
26 |   tls = "${var.tls_aggregator}"
27 | }
28 | module "etcd" {
29 |   source = "../etcd_tls/access"
30 |   tls = "${var.tls_etcd}"
31 |   tls_dir = "${module.selfhosted_etcd.if_active ? "" : "${var.gen_dir}/etcdtls/etcd"}" 
32 | }
33 | module "etcd-client" {
34 |   source = "../tls/access"
35 |   tls = "${var.tls_etcd_client}"
36 |   file_base = "${module.selfhosted_etcd.if_active ? "" : "${var.gen_dir}/etcdtls/etcd-client"}" 
37 | }
38 | 
39 | 


--------------------------------------------------------------------------------
/modules/template_input/template_input.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "template" {
17 |   type = "string"
18 | }
19 | 
20 | variable "variables" {
21 |   type = "map"
22 | }
23 | 
24 | variable "default" {
25 |   default = ""
26 | }
27 | 
28 | data "template_file" "template" {
29 |   template = "${replace(var.template,"$$$$","$$")}"
30 |   vars = "${var.variables}"
31 | }
32 | 
33 | output "value" {
34 |   value = "${length(data.template_file.template.rendered) > 0 ? data.template_file.template.rendered : var.default}"
35 | }
36 | 


--------------------------------------------------------------------------------
/modules/value_check/value_check.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 |   type = "string"
18 | }
19 | 
20 | variable "values" {
21 |   type = "list"
22 | }
23 | 
24 | locals {
25 | #  map = "${transpose(map(var.value,var.values))}"
26 |   value = "${var.value}"
27 |   key = "${contains(var.values, local.value) ? local.value : "invalid value"}"
28 |   map = "${map(local.key, local.value)}"
29 |   checked = "${local.map[local.value]}"
30 | }
31 | 
32 | output "value" {
33 |   value = "${local.checked}"
34 | }
35 | 


--------------------------------------------------------------------------------
/modules/variable/variable.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "value" {
17 | }
18 | 
19 | variable "default" {
20 |   default = ""
21 | }
22 | 
23 | output "value" {
24 |   value = "${length(var.value) == 0 ? var.default : var.value}"
25 | }
26 | 


--------------------------------------------------------------------------------
/modules/vms/versions.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | 
17 | locals {
18 |   image_versions = {
19 |     "openstack" = {
20 |       "ubuntu-16.04" = "ubuntu-16.04"
21 |       "coreos-1745.7.0" = "coreos-1745.7.0"
22 |     }
23 |     "aws" = {
24 |       "ubuntu-16.04" = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server"
25 |       "coreos-1745.7.0" = "CoreOS-stable-1745.7.0-hvm"
26 |     }
27 |     "azure" = {
28 |       "ubuntu-16.04" = "Canonical/UbuntuServer/16.04-LTS/latest"
29 |       "azure-latest" = "CoreOS/CoreOS/Beta/latest"
30 |       "coreos-1745.7.0" = "CoreOS/CoreOS/Stable/1745.7.0"
31 |     }
32 |   }
33 | 
34 |   flavor_names = {
35 |     "openstack" = {
36 |       default = "medium_2_4"
37 |     }
38 |     "aws" = {
39 |       default = "m4.large"
40 |       bastion = "t2.medium"
41 |     }
42 |     "azure" = {
43 |       default = "Standard_DS2_v2"
44 |       bastion = "Standard_A2"
45 |     }
46 |   }
47 | }
48 | 
49 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/config/README.md:
--------------------------------------------------------------------------------
1 | This module contains a iaas config handling. It maps dedicated parameters to a single map value
2 | and a map value to dedicated outputs (pack and unpack).
3 | The map version is used to pass the iaas config to generic modules that internally call iaas specific modules.
4 | The module can be used by the iaas wrapper to pack the dedicated inpout parameters and by the iaas specific modules
5 | to access the dedicated parameters again.
6 | 
7 | Change the file `variables.tf` to modify the iaas config interface.
8 | Then call `../../../create.sh` to create the appropriate terraform file (`config.tf`).
9 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/config/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "secret_key" {
16 |   type = "string"
17 |   default = ""
18 | }
19 | variable "access_key" {
20 |   type = "string"
21 |   default = ""
22 | }
23 | variable "region" {
24 |   type = "string"
25 |   default = ""
26 | }
27 | variable "availability_zone" {
28 |   type = "string"
29 |   default = ""
30 | }
31 | 
32 | 
33 | variable "vpc_cidr" {
34 |   type = "string"
35 |   default = ""
36 | }
37 | variable "public_subnet_cidr" {
38 |   type = "string"
39 |   default = ""
40 | }
41 | variable "private_subnet_cidr" {
42 |   type = "string"
43 |   default = ""
44 | }
45 | 
46 | variable "kube2iam_version" {
47 |   default = ""
48 | }
49 | variable "kube2iam_roles" {
50 |   type = "list"
51 |   default = []
52 |   description = "List of IAM roles available for kube2iam"
53 | }
54 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/addons.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "template_dir" "addons" {
17 |   source_dir = "${path.module}/templates/addons"
18 |   destination_dir = "${var.gen_dir}/iaas-addons"
19 | 
20 |   vars {
21 |     kube2iam_version = "${module.kube2iam_version.value}"
22 |     worker_role_arn = "${aws_iam_role.worker.arn}"
23 |   }
24 | }
25 | 
26 | output "addon-dirs" {
27 |   value = [ "${var.gen_dir}/iaas-addons" ]
28 | }
29 | output "addon-trigger" {
30 |   value = "${template_dir.addons.id}"
31 | }
32 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/cloud-init.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | output "cloud_init" {
17 |   value = {
18 |   }
19 | }
20 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/cloud.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | data "template_file" "cloud_conf" {
17 |   template = "${file("${path.module}/templates/cloud.conf")}"
18 | 
19 |   vars {
20 |   }
21 | }
22 | 
23 | resource "local_file" "cloud_conf" {
24 |   content = "${data.template_file.cloud_conf.rendered}"
25 |   filename = "${var.gen_dir}/iaas/cloud.conf"
26 | }
27 | 
28 | 
29 | output "cloud_conf" {
30 |   value = "${data.template_file.cloud_conf.rendered}"
31 | }
32 | 
33 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/sshkey.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "tls_private_key" "ssh_key" {
17 |   algorithm   = "RSA"
18 |   rsa_bits    = "4096"
19 | }
20 | 
21 | resource "aws_key_pair" "ssh_key" {
22 |   key_name = "${var.prefix}"
23 |   public_key = "${tls_private_key.ssh_key.public_key_openssh}"
24 | }
25 | 
26 | output "public_key" {
27 |   value = "${tls_private_key.ssh_key.public_key_pem}"
28 | }
29 | output "private_key" {
30 |   value = "${tls_private_key.ssh_key.private_key_pem}"
31 | }
32 | output "key" {
33 |   value = "${aws_key_pair.ssh_key.key_name}"
34 | }
35 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/templates/addons/manifests/etcd-storage-class.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 |   name: etcd
5 | provisioner: kubernetes.io/aws-ebs
6 | parameters:
7 |   type: gp2
8 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/templates/addons/manifests/kube-storage-class.yaml:
--------------------------------------------------------------------------------
 1 | kind: StorageClass
 2 | apiVersion: storage.k8s.io/v1
 3 | metadata:
 4 |   name: aws-ebs
 5 |   annotations:
 6 |     storageclass.beta.kubernetes.io/is-default-class: "true"
 7 | provisioner: kubernetes.io/aws-ebs
 8 | parameters:
 9 |   type: gp2
10 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/templates/cloud.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gardener-attic/kubify/5ca79368ee043ec3c30e5b8f9f7df7a8e3763d7e/platforms/aws/modules/iaas/templates/cloud.conf


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/iaas


--------------------------------------------------------------------------------
/platforms/aws/modules/iaas/versions.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "kube2iam_version" {
17 |   source = "../../../../modules/cfgvar"
18 |   name = "kube2iam_version"
19 |   default = "0.8.0"
20 |   config = "${module.aws.simple}"
21 | }
22 | 
23 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/machine/templates/class.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: AWSMachineClass
 3 | metadata:
 4 |   name: standard-worker # Name of aws machine class goes here
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   ami: ${image} # Machine image name
 8 |   machineType: ${flavor} # Name of the machine flavor
 9 |   region: ${region} # Region where to place the machine
10 |   keyName:   ${keypair} # Name of the ssh key pair
11 |   iam:
12 |     name: ${iam_profile} # instance profile
13 |   networkInterfaces:
14 |     - subnetID: ${subnetid} # Subnet ID where the machine should be placed
15 |       securityGroupID:
16 |         - ${secgrp} # List of security groups which should be used for this machine
17 |   tags: ${tags}
18 |   blockDevices:
19 |     - ebs:
20 |         volumeSize: ${root_volume_size}
21 |         volumeType: gp2
22 |   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
23 |     namespace: ${namespace}  # Namespace
24 |     name: worker-nodes  # Name of the secret
25 | 
26 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/machine/templates/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: MachineDeployment
 3 | metadata:
 4 |   name: standard-workers
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   #paused: true [uncommment this when you want to pause]
 8 |   #rollbackTo:
 9 |     #revision: 0 [uncommment this when you want to rollback to previous version]
10 |   replicas: ${worker_count}
11 |   minReadySeconds: 500 # Minimum time to wait for machine to be ready
12 |   strategy: 
13 |     type: RollingUpdate # Strategy for update RollingUpdate/Recreate
14 |     rollingUpdate:
15 |       maxSurge: 1 # Maximum addition machines that spawned over the desired replicas during update
16 |       maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
17 |   selector:
18 |     matchLabels:
19 |       node-type: standard-worker # Label to match the template (XXXXX)
20 |   template:
21 |     metadata:
22 |       labels:
23 |         node-type: standard-worker # Label to match with selector (XXXXX)
24 |     spec: 
25 |       class:
26 |         kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
27 |         name: standard-worker # Name of the machine class
28 | 
29 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/machine/templates/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: worker-nodes
 5 |   namespace: ${namespace}
 6 | type: Opaque
 7 | data:
 8 |   userData:   "${cloud_init_b64}"
 9 |   providerAccessKeyId: "${access_key_b64}"
10 |   providerSecretAccessKey: "${secret_key_b64}"
11 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/machine/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/machine


--------------------------------------------------------------------------------
/platforms/aws/modules/vms/fips.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | ##########################################
17 | # floating ips
18 | #
19 | 
20 | module "fips" {
21 |   source = "../../../../modules/flag"
22 |   option = "${var.provide_fips}"
23 |   on = "${var.node_count}"
24 |   off = "0"
25 |   map = {
26 |     single = "1"
27 |   }
28 | }  
29 | 
30 | resource "aws_eip" "nodes" {
31 |   count = "${module.fips.value}"
32 |   vpc = true
33 | }
34 | 
35 | resource "aws_eip_association" "eip_assoc" {
36 |   count = "${module.fips.value}"
37 |   instance_id = "${element(module.nodes.value,count.index)}"
38 |   allocation_id = "${element(aws_eip.nodes.*.id,count.index)}"
39 | }
40 | 
41 | output "fips" {
42 |   value = ["${aws_eip.nodes.*.public_ip}"]
43 | }
44 | 
45 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/vms/lbaas.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | module "lbaas_name" {
16 |   source = "../../../../modules/variable"
17 |   value = "${var.lbaas_name}"
18 |   default = "${var.node_type}"
19 | }
20 | 
21 | module "lbaas_subnet_id" {
22 |   source = "../../../../modules/variable"
23 |   value ="${lookup(var.iaas_info, "public_subnet_id","")}"
24 | }
25 | 
26 | module "lbaas" {
27 |   source = "../lbaas"
28 | 
29 |   vpc_id ="${lookup(var.iaas_info, "vpc_id")}"
30 |   name = "${var.prefix}-${module.lbaas_name.value}"
31 |   description = "${var.lbaas_description}"
32 |   ports = "${var.lbaas_ports}"
33 | 
34 |   security_groups = [ "${var.security_group}", "${lookup(var.iaas_info,"secgrp_public")}" ]
35 |   vip_subnet_id = "${module.lbaas_subnet_id.value}"
36 |   member_count = "${var.node_count}"
37 |   member_subnet_id = "${var.subnet_id}"
38 |   members = "${module.nodes.value}"
39 |  
40 |   use_lbaas = "${var.provide_lbaas}"
41 | }
42 | 
43 | output "lbaas_address" {
44 |   value = "${module.lbaas.vip_address}"
45 | }
46 | output "lbaas_address_type" {
47 |   value = "${module.lbaas.vip_type}"
48 | }
49 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/vms/roll.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "roll" {
17 |   source = "../../../../modules/roll"
18 | 
19 |   state = "${var.state}"
20 |   update_mode = "${var.update_mode}"
21 | 
22 |   size = "${var.node_count}"
23 | 
24 |   image_name = "${data.aws_ami.image.id}"
25 |   flavor_name = "${var.flavor_name}"
26 |   cloud_init = "${var.cloud_init}"
27 | }
28 | 
29 | output "state" {
30 |   value ="${merge(module.roll.state,map("nodes", join(",",module.nodes.value)))}"
31 | }
32 | 
33 | output "info" {
34 |   value = "${module.roll.info}"
35 | }
36 | 
37 | 
38 | 


--------------------------------------------------------------------------------
/platforms/aws/modules/vms/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/vms


--------------------------------------------------------------------------------
/platforms/azure/modules/config/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "tenant_id" {
16 |   type = "string"
17 |   default = ""
18 | }
19 | variable "subscription_id" {
20 |   type = "string"
21 |   default = ""
22 | }
23 | variable "client_id" {
24 |   type = "string"
25 |   default = ""
26 | }
27 | variable "client_secret" {
28 |   type = "string"
29 |   default = ""
30 | }
31 | variable "region" {
32 |   type = "string"
33 |   default = ""
34 | }
35 | variable "cloudenv" {
36 |   type = "string"
37 |   default = "public"
38 | }
39 | 
40 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/addons.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "template_dir" "addons" {
17 |   source_dir = "${path.module}/templates/addons"
18 |   destination_dir = "${var.gen_dir}/iaas-addons"
19 | 
20 |   vars {
21 |   }
22 | }
23 | 
24 | output "addon-dirs" {
25 |   value = [ "${var.gen_dir}/iaas-addons" ]
26 | }
27 | output "addon-trigger" {
28 |   value = "${template_dir.addons.id}"
29 | }
30 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/cloud-init.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | output "cloud_init" {
17 |   value = {
18 | #    write_files = "${data.template_file.cloud_init_files}"
19 |   }
20 | }
21 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/cloud.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | data "template_file" "cloud_conf" {
17 |   template = "${file("${path.module}/templates/cloud.conf")}"
18 | 
19 |   vars {
20 |     az_client_id = "${module.azure.client_id}"
21 |     az_client_secret = "${module.azure.client_secret}"
22 |     az_region = "${module.azure.region}"
23 |     az_tenant_id = "${module.azure.tenant_id}"
24 |     az_subscription_id = "${module.azure.subscription_id}"
25 |     az_cloudenv = "${module.azure.cloudenv}"
26 |     az_resource_group_name = "${azurerm_resource_group.rg.name}"
27 |     az_vnet_name = "${azurerm_virtual_network.vnet.name}"
28 |     az_subnet_name = "${azurerm_subnet.subnet.name}"
29 |     az_security_group_name = "${azurerm_network_security_group.nodes.name}"
30 |     az_route_table_name = "${azurerm_route_table.pods.name}"
31 |     az_availability_set_name = "${azurerm_availability_set.primary.name}"
32 |   }
33 | }
34 | 
35 | resource "local_file" "cloud_conf" {
36 |   content = "${data.template_file.cloud_conf.rendered}"
37 |   filename = "${var.gen_dir}/iaas/cloud.conf"
38 | }
39 | 
40 | 
41 | output "cloud_conf" {
42 |   value = "${data.template_file.cloud_conf.rendered}"
43 | }
44 | 
45 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/sshkey.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "tls_private_key" "ssh_key" {
17 |   algorithm   = "RSA"
18 |   rsa_bits    = "4096"
19 | }
20 | 
21 | resource "local_file" "private_key" {
22 |   content     = "${tls_private_key.ssh_key.private_key_pem}"
23 |   filename = "${var.gen_dir}/nodes_privatekey.pem"
24 | }
25 | 
26 | resource "null_resource" "set_private_key_mode" {
27 |   provisioner "local-exec" {
28 |     command = "chmod 0600 ${local_file.private_key.filename}"
29 |   }
30 | }
31 | 
32 | output "public_key" {
33 |   value = "${tls_private_key.ssh_key.public_key_pem}"
34 | }
35 | output "private_key" {
36 |   value = "${tls_private_key.ssh_key.private_key_pem}"
37 | }
38 | output "key" {
39 |   value = "${tls_private_key.ssh_key.public_key_openssh}"
40 | }
41 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/templates/addons/manifests/etcd-storage-class.yaml:
--------------------------------------------------------------------------------
 1 | kind: StorageClass
 2 | apiVersion: storage.k8s.io/v1
 3 | metadata:
 4 |   name: etcd
 5 | provisioner: kubernetes.io/azure-disk
 6 | parameters:
 7 |   kind: Managed
 8 |   storageaccounttype: Premium_LRS
 9 | 
10 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/templates/addons/manifests/kube-storage-class-ssd.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 |   name: managed-ssd
5 | provisioner: kubernetes.io/azure-disk
6 | parameters:
7 |   kind: Managed
8 |   storageaccounttype: Premium_LRS
9 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/templates/addons/manifests/kube-storage-class.yaml:
--------------------------------------------------------------------------------
 1 | kind: StorageClass
 2 | apiVersion: storage.k8s.io/v1
 3 | metadata:
 4 |   name: managed-hdd
 5 |   annotations:
 6 |     storageclass.beta.kubernetes.io/is-default-class: "true"
 7 | provisioner: kubernetes.io/azure-disk
 8 | parameters:
 9 |   kind: Managed
10 |   storageaccounttype: Standard_LRS
11 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/templates/cloud.conf:
--------------------------------------------------------------------------------
 1 | cloud: AZUREPUBLICCLOUD
 2 | tenantId: ${az_tenant_id}
 3 | subscriptionId: ${az_subscription_id}
 4 | resourceGroup: ${az_resource_group_name}
 5 | location: ${az_region}
 6 | vnetName: ${az_vnet_name}
 7 | subnetName: ${az_subnet_name}
 8 | securityGroupName: ${az_security_group_name}
 9 | routeTableName: ${az_route_table_name}
10 | primaryAvailabilitySetName: ${az_availability_set_name}
11 | aadClientId: ${az_client_id}
12 | aadClientSecret: ${az_client_secret}
13 | cloudProviderBackoff: true
14 | cloudProviderBackoffRetries: 6
15 | cloudProviderBackoffExponent: 1.5
16 | cloudProviderBackoffDuration: 120
17 | cloudProviderBackoffJitter: 1.0
18 | cloudProviderRateLimit: true
19 | cloudProviderRateLimitQPS: 0.5
20 | cloudProviderRateLimitBucket: 5
21 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/iaas/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/iaas


--------------------------------------------------------------------------------
/platforms/azure/modules/machine/templates/class.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: AWSMachineClass
 3 | metadata:
 4 |   name: standard-worker # Name of aws machine class goes here
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   location: ${location} # Name of aws machine class goes here
 8 |   resourceGroup: ${resource_group} # Name of the resource group to which the node should be bound
 9 |   subnetInfo:
10 |     vnetName: ${vnet} # The V-Net to which the node should belong
11 |     subnetName:   ${subnet} # The subnet to which the node should belong
12 |   tags: ${tags}
13 |   properties:
14 |     availabilitySet: ${availability_set}
15 |     hardwareProfile:
16 |       vmSize: ${flavor}
17 |     storageProfile:
18 |       imageReference:
19 |         publisher: ${publisher}
20 |         offer: ${offer}
21 |         sku: ${sku}
22 |         version: ${version}
23 |       osDisk:
24 |         caching: None
25 |         diskSizeGB: ${root_volume_size}
26 |         creationOption: FromImage
27 |     osProfile:
28 |       adminUserName: ${admin_user}
29 |       linuxConfiguration:
30 |         disablePasswordAuthentication: true
31 |       ssh:
32 |         publicKeys:
33 |           path:
34 |           keyData: "${public_key}"
35 |   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
36 |     namespace: ${namespace}  # Namespace
37 |     name: worker-nodes  # Name of the secret
38 | 
39 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/machine/templates/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: MachineDeployment
 3 | metadata:
 4 |   name: standard-workers
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   #paused: true [uncommment this when you want to pause]
 8 |   #rollbackTo:
 9 |     #revision: 0 [uncommment this when you want to rollback to previous version]
10 |   replicas: ${worker_count}
11 |   minReadySeconds: 500 # Minimum time to wait for machine to be ready
12 |   strategy: 
13 |     type: RollingUpdate # Strategy for update RollingUpdate/Recreate
14 |     rollingUpdate:
15 |       maxSurge: 1 # Maximum addition machines that spawned over the desired replicas during update
16 |       maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
17 |   selector:
18 |     matchLabels:
19 |       node-type: standard-worker # Label to match the template (XXXXX)
20 |   template:
21 |     metadata:
22 |       labels:
23 |         node-type: standard-worker # Label to match with selector (XXXXX)
24 |     spec: 
25 |       class:
26 |         kind: AWSMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
27 |         name: standard-worker # Name of the machine class
28 | 
29 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/machine/templates/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: worker-nodes
 5 |   namespace: ${namespace}
 6 | type: Opaque
 7 | data:
 8 |   userData:   "${cloud_init_b64}"
 9 |   azureClientId: "${client_id_b64}"
10 |   azureClientSecret: "${client_secret_b64}"
11 |   azureSubscriptionId: "${subscription_id_b64}"
12 |   azureTenantId: "${tenant_id_b64}"
13 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/machine/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/machine


--------------------------------------------------------------------------------
/platforms/azure/modules/vms/lbaas.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | module "lbaas_name" {
16 |   source  = "../../../../modules/variable"
17 |   value   = "${var.lbaas_name}"
18 |   default = "${var.node_type}"
19 | }
20 | 
21 | module "lbaas" {
22 |   source = "../lbaas"
23 | 
24 |   name                = "${var.prefix}-${module.lbaas_name.value}"
25 |   resource_group_name = "${module.resource_group_name.value}"
26 |   region              = "${module.azure.region}"
27 |   description         = "${var.lbaas_description}"
28 |   ports               = "${var.lbaas_ports}"
29 | 
30 |   use_lbaas = "${var.provide_lbaas}"
31 | }
32 | 
33 | output "lbaas_address" {
34 |   # forcing to pick first element
35 |   value = "${length(module.lbaas.vip_address) > 0 ? element(concat(module.lbaas.vip_address, list("")), 0) : ""}"
36 | }
37 | 
38 | output "lbaas_address_type" {
39 |   value = "${module.lbaas.vip_type}"
40 | }
41 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/vms/roll.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "roll" {
17 |   source = "../../../../modules/roll"
18 | 
19 |   state = "${var.state}"
20 |   update_mode = "${var.update_mode}"
21 | 
22 |   size = "${var.node_count}"
23 | 
24 |   image_name = "${var.image_name}"
25 |   flavor_name = "${var.flavor_name}"
26 |   cloud_init = "${var.cloud_init}"
27 | }
28 | 
29 | output "state" {
30 |   value ="${merge(module.roll.state,map("nodes", join(",",module.nodes.value)))}"
31 | }
32 | 
33 | output "info" {
34 |   value = "${module.roll.info}"
35 | }
36 | 
37 | 
38 | 


--------------------------------------------------------------------------------
/platforms/azure/modules/vms/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/vms


--------------------------------------------------------------------------------
/platforms/interfaces/iaas:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "iaas_config" {
16 |   type = "map"
17 | }
18 | variable "bastion" {
19 |   type = "map"
20 | }
21 | 
22 | 
23 | variable "cluster_name" {
24 |   type = "string"
25 | }
26 | variable "cluster_type" {
27 |   type = "string"
28 | }
29 | variable "subnet_cidr" {
30 |   type = "string"
31 | }
32 | variable "gen_dir" {
33 |   type = "string"
34 | }
35 | variable "prefix" {
36 |   type = "string"
37 | }
38 | 
39 | variable "dns_nameservers" {
40 |   type = "list"
41 | }
42 | 
43 | variable "use_bastion" {
44 |   default = true
45 | }
46 | 
47 | variable "dns_domain" {
48 |   default = ""
49 | }
50 | 
51 | 
52 | 


--------------------------------------------------------------------------------
/platforms/interfaces/machine:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | variable "namespace" {
16 |   default = "machines"
17 | }
18 | 
19 | variable "iaas_config" {
20 |   type = "map"
21 | }
22 | 
23 | variable "vm_info" {
24 |   type = "map"
25 | }
26 | 
27 | variable "count" {
28 |   default = 1
29 | }
30 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/config/README.md:
--------------------------------------------------------------------------------
1 | This module contains a iaas config handling. It maps dedicated parameters to a single map value
2 | and a map value to dedicated outputs (pack and unpack).
3 | The map version is used to pass the iaas config to generic modules that internally call iaas specific modules.
4 | The module can be used by the iaas wrapper to pack the dedicated inpout parameters and by the iaas specific modules
5 | to access the dedicated parameters again.
6 | 
7 | Change the file `variables.tf` to modify the iaas config interface.
8 | Then call `../../../create.sh` to create the appropriate terraform file (`config.tf`).
9 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/config/check.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | module "domain_check" {
 3 |   source = "../../../../modules/config_check"
 4 |   values = [ "${module.domain_id.value}", "${module.domain_name.value}" ]
 5 |   buddies= [ "OS_PROJECT_DOMAIN_ID", "OS_PROJECT_DOMAIN_NAME" ]
 6 |   message= "please specify either os_domain_name or os_domain_id"
 7 | }
 8 | module "tenant_check" {
 9 |   source = "../../../../modules/config_check"
10 |   values = [ "${module.tenant_id.value}", "${module.tenant_name.value}" ]
11 |   buddies= [ "OS_TENANT_ID", "OS_TENANT_NAME" ]
12 |   message= "please specify either os_tenant_name or os_tenant_id"
13 | }
14 | 
15 | output "domain_key" {
16 |   value = "${module.domain_check.buddy}"
17 | }
18 | output "domain_value" {
19 |   value = "${module.domain_check.value}"
20 | }
21 | 
22 | output "tenant_key" {
23 |   value = "${module.tenant_check.buddy}"
24 | }
25 | output "tenant_value" {
26 |   value = "${module.tenant_check.value}"
27 | }
28 | 
29 | locals {
30 |   keys= {
31 |     "OS_PROJECT_DOMAIN_NAME" = "OS_USER_DOMAIN_NAME"
32 |     "OS_PROJECT_DOMAIN_ID" = "OS_USER_DOMAIN_ID"
33 |   }
34 | }
35 | 
36 | output "user_domain_key" {
37 |   value = "${local.keys[module.domain_check.buddy]}"
38 | }
39 | output "user_domain_value" {
40 |   value = "${module.domain_check.value}"
41 | }
42 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/addons.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "template_dir" "addons" {
17 |   source_dir = "${path.module}/templates/addons"
18 |   destination_dir = "${var.gen_dir}/iaas-addons"
19 | 
20 |   vars {
21 |     availability_zone = "${module.os.availability_zone}"
22 |   }
23 | }
24 | 
25 | output "addon-dirs" {
26 |   value = [ "${var.gen_dir}/iaas-addons" ]
27 | }
28 | output "addon-trigger" {
29 |   value = "${template_dir.addons.id}"
30 | }
31 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/cloud-init.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | output "cloud_init" {
17 |   value = {
18 |   }
19 | }
20 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/osrc.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | data "template_file" "osrc" {
17 |   template = "${file("${path.module}/templates/osrc")}"
18 | 
19 |   vars {
20 |     os_auth_url = "${module.os.auth_url}"
21 |     os_username = "${module.os.user_name}"
22 |     os_password = "${module.os.password}"
23 |     os_tenant_key = "${module.os.tenant_key}"
24 |     os_tenant_value = "${module.os.tenant_value}"
25 |     os_domain_key = "${module.os.domain_key}"
26 |     os_domain_value = "${module.os.domain_value}"
27 |     os_user_domain_key = "${module.os.user_domain_key}"
28 |     os_user_domain_value = "${module.os.user_domain_value}"
29 |     os_region = "${module.os.region}"
30 |   }
31 | }
32 | 
33 | resource "local_file" "osrc" {
34 |   content = "${data.template_file.osrc.rendered}"
35 |   filename = "${var.gen_dir}/osrc"
36 | }
37 | 
38 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/sshkey.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | resource "tls_private_key" "ssh_key" {
17 |   algorithm   = "RSA"
18 |   rsa_bits    = "4096"
19 | }
20 | 
21 | resource "openstack_compute_keypair_v2" "ssh_key" {
22 |   name       = "${var.prefix}"
23 |   public_key = "${tls_private_key.ssh_key.public_key_openssh}"
24 | }
25 | 
26 | output "public_key" {
27 |   value = "${tls_private_key.ssh_key.public_key_pem}"
28 | }
29 | output "private_key" {
30 |   value = "${tls_private_key.ssh_key.private_key_pem}"
31 | }
32 | output "key" {
33 |   value = "${openstack_compute_keypair_v2.ssh_key.name}"
34 | }
35 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/templates/addons/manifests/etcd-storage-class.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 |   name: etcd
5 | provisioner: kubernetes.io/cinder
6 | parameters:
7 |   type: default
8 |   availability: ${availability_zone}
9 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/templates/addons/manifests/kube-storage-class.yaml:
--------------------------------------------------------------------------------
 1 | kind: StorageClass
 2 | apiVersion: storage.k8s.io/v1
 3 | metadata:
 4 |   name: cinder
 5 |   annotations:
 6 |     storageclass.beta.kubernetes.io/is-default-class: "true"
 7 | provisioner: kubernetes.io/cinder
 8 | parameters:
 9 |   type: default
10 |   availability: ${availability_zone}
11 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/templates/cloud.conf:
--------------------------------------------------------------------------------
 1 | [Global]
 2 | auth-url=${os_auth_url}
 3 | username=${os_username}
 4 | password=${os_password}
 5 | ${os_tenant_key}=${os_tenant_value}
 6 | ${os_domain_key}=${os_domain_value}
 7 | [LoadBalancer]
 8 | lb-version=v2
 9 | subnet-id=${lb_subnet_id}
10 | floating-network-id=${fip_subnet_id}
11 | create-monitor=true
12 | monitor-delay=60s
13 | monitor-timeout=30s
14 | monitor-max-retries=5
15 | lb-provider=${lb_provider}


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/templates/osrc:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # unset alternate items in case set
 4 | unset OS_TENANT_NAME
 5 | unset OS_TENANT_ID
 6 | unset OS_PROJECT_DOMAIN_NAME
 7 | unset OS_PROJECT_DOMAIN_ID
 8 | unset OS_USER_DOMAIN_NAME
 9 | unset OS_USER_DOMAIN_ID
10 | 
11 | export OS_IDENTITY_API_VERSION=3
12 | export OS_AUTH_VERSION=3
13 | export OS_AUTH_STRATEGY=keystone
14 | export OS_AUTH_URL="${os_auth_url}"
15 | export ${os_tenant_key}="${os_tenant_value}"
16 | export ${os_domain_key}="${os_domain_value}"
17 | export ${os_user_domain_key}="${os_user_domain_value}"
18 | 
19 | export OS_USERNAME="${os_username}"
20 | export OS_PASSWORD="${os_password}"
21 | export OS_REGION_NAME="${os_region}"
22 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/iaas/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/iaas


--------------------------------------------------------------------------------
/platforms/openstack/modules/machine/templates/class.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: OpenStackMachineClass
 3 | metadata:
 4 |   name: standard-worker # Name of aws machine class goes here
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   flavorName: ${flavor} # Name of the machine flavor
 8 |   keyName:   ${keypair} # Name of the ssh key pair
 9 |   imageName: ${image} # Machine image name
10 |   networkID: ${networkid} # Network ID where the machine should be placed
11 |   securityGroups:
12 |   - ${secgrp} # List of security groups which should be used for this machine
13 |   region: ${region} # Region where to place the machine
14 |   availabilityZone: ${az} # Availability zone where to place the machine
15 |   tags: ${tags}
16 |   secretRef: # Secret pointing to a secret which contains the provider secret and cloudconfig
17 |     namespace: ${namespace}  # Namespace
18 |     name: worker-nodes  # Name of the secret
19 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/machine/templates/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: machine.sapcloud.io/v1alpha1
 2 | kind: MachineDeployment
 3 | metadata:
 4 |   name: standard-workers
 5 |   namespace: ${namespace}
 6 | spec:
 7 |   #paused: true [uncommment this when you want to pause]
 8 |   #rollbackTo:
 9 |     #revision: 0 [uncommment this when you want to rollback to previous version]
10 |   replicas: ${worker_count}
11 |   minReadySeconds: 500 # Minimum time to wait for machine to be ready
12 |   strategy: 
13 |     type: RollingUpdate # Strategy for update RollingUpdate/Recreate
14 |     rollingUpdate:
15 |       maxSurge: 1 # Maximum addition machines that spawned over the desired replicas during update
16 |       maxUnavailable: 1 # Maximum unavailable machines that the cluster can tolerate
17 |   selector:
18 |     matchLabels:
19 |       node-type: standard-worker # Label to match the template (XXXXX)
20 |   template:
21 |     metadata:
22 |       labels:
23 |         node-type: standard-worker # Label to match with selector (XXXXX)
24 |     spec: 
25 |       class:
26 |         kind: OpenStackMachineClass # Machine class template used to create machine, could be AWS/GCP/Azure/Other-cloud-providers
27 |         name: standard-worker # Name of the machine class
28 | 
29 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/machine/templates/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: worker-nodes
 5 |   namespace: ${namespace}
 6 | type: Opaque
 7 | data:
 8 |   userData:   "${cloud_init_b64}"
 9 |   authURL:    "${auth_url_b64}"
10 |   username:   "${username_b64}"
11 |   password:   "${password_b64}"
12 |   ${domain_key}: "${domain_value_b64}"
13 |   ${tenant_key}: "${tenant_value_b64}"
14 |   insecure:   "${insecure_b64}"
15 |   caCert:     "${cacert_b64}"
16 | 
17 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/machine/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/machine


--------------------------------------------------------------------------------
/platforms/openstack/modules/vms/fips.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | ##########################################
17 | # floating ips
18 | #
19 | 
20 | module "fips" {
21 |   source = "../../../../modules/flag"
22 |   option = "${var.provide_fips}"
23 |   on = "${var.node_count}"
24 |   off = "0"
25 |   map = {
26 |     single = "1"
27 |   }
28 | }  
29 | 
30 | resource "openstack_networking_floatingip_v2" "nodes" {
31 |   count = "${module.fips.flag}"
32 |   pool = "${module.os.fip_pool_name}"
33 | }
34 | 
35 | resource "openstack_compute_floatingip_associate_v2" "nodes" {
36 |   count = "${module.fips.value}"
37 |   floating_ip = "${element(openstack_networking_floatingip_v2.nodes.*.address,count.index)}"
38 |   instance_id = "${element(module.nodes.value,count.index)}"
39 | }
40 | 
41 | output "fips" {
42 |   value = ["${openstack_networking_floatingip_v2.nodes.*.address}"]
43 | }
44 | 
45 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/vms/roll.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | module "roll" {
17 |   source = "../../../../modules/roll"
18 | 
19 |   state = "${var.state}"
20 |   update_mode = "${var.update_mode}"
21 | 
22 |   size = "${var.node_count}"
23 | 
24 |   image_name = "${data.openstack_images_image_v2.image.id}"
25 |   flavor_name = "${var.flavor_name}"
26 |   cloud_init = "${var.cloud_init}"
27 | }
28 | 
29 | output "state" {
30 |   value ="${merge(module.roll.state,map("nodes", join(",",module.nodes.value)))}"
31 | }
32 | 
33 | output "info" {
34 |   value = "${module.roll.info}"
35 | }
36 | 
37 | 
38 | 


--------------------------------------------------------------------------------
/platforms/openstack/modules/vms/variables.tf:
--------------------------------------------------------------------------------
1 | ../../../interfaces/vms


--------------------------------------------------------------------------------
/variants/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | The structure of the `platforms` and `variants` folder must be identical, to ensure the
 3 | correct relative parent folder relationship used in the various modules. This is required
 4 | because terraform resolves the parent folder according the path name and not the directory
 5 | structure. This means that parents of symbolic links are determined by the path of
 6 | the symbolic link and not the target path of link.
 7 | 
 8 | A symbolic link is required to fade-in platform specific modules. To align the directory
 9 | structure including the link, the symbolic link to determine the current platform is
10 | double indirect: The first link is part of the folder structure (see remarks above)
11 | below the `variants` folder with the name `current`. This link does not point directly to the
12 | actual platform, because this location is in the shared module. Instead it points pack to
13 | a link above the root module in the cluster project, that the determines the correct variant for
14 | the actual cluster.
15 | 
16 | 


--------------------------------------------------------------------------------
/variants/aws/cluster.tf:
--------------------------------------------------------------------------------
1 | ../cluster.tf


--------------------------------------------------------------------------------
/variants/aws/migrate.mig:
--------------------------------------------------------------------------------
1 | ../../migrate.mig


--------------------------------------------------------------------------------
/variants/aws/modules/config:
--------------------------------------------------------------------------------
1 | ../../../platforms/aws/modules/config


--------------------------------------------------------------------------------
/variants/aws/modules/iaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/aws/modules/iaas


--------------------------------------------------------------------------------
/variants/aws/modules/lbaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/aws/modules/lbaas


--------------------------------------------------------------------------------
/variants/aws/modules/machine:
--------------------------------------------------------------------------------
1 | ../../../platforms/aws/modules/machine/


--------------------------------------------------------------------------------
/variants/aws/modules/vms:
--------------------------------------------------------------------------------
1 | ../../../platforms/aws/modules/vms


--------------------------------------------------------------------------------
/variants/azure/azure.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | 
16 | variable "az_tenant_id" {
17 |   type = "string"
18 | }
19 | variable "az_subscription_id" {
20 |   type = "string"
21 | }
22 | variable "az_client_id" {
23 |   type = "string"
24 | }
25 | variable "az_client_secret" {
26 |   type = "string"
27 | }
28 | variable "az_region" {
29 |   type = "string"
30 | }
31 | variable "az_cloudenv" {
32 |   type = "string"
33 |   default = "public"
34 | }
35 | 
36 | 
37 | provider "azurerm" {
38 |   version = "0.1.5"
39 |   tenant_id = "${var.az_tenant_id}"
40 |   subscription_id = "${var.az_subscription_id}"
41 |   client_id = "${var.az_client_id}"
42 |   client_secret = "${var.az_client_secret}"
43 | }
44 | 
45 | module "iaas_config" {
46 |   source = "./modules/config"
47 |   tenant_id = "${var.az_tenant_id}"
48 |   subscription_id = "${var.az_subscription_id}"
49 |   client_id = "${var.az_client_id}"
50 |   client_secret = "${var.az_client_secret}"
51 | 
52 |   region = "${var.az_region}"
53 |   cloudenv = "${var.az_cloudenv}"
54 | }
55 | 
56 | locals {
57 |   platform = "azure"
58 |   aws_defaults = { }
59 | }
60 | 
61 | 


--------------------------------------------------------------------------------
/variants/azure/cluster.tf:
--------------------------------------------------------------------------------
1 | ../cluster.tf


--------------------------------------------------------------------------------
/variants/azure/migrate.mig:
--------------------------------------------------------------------------------
1 | ../../migrate.mig


--------------------------------------------------------------------------------
/variants/azure/modules/config:
--------------------------------------------------------------------------------
1 | ../../../platforms/azure/modules/config/


--------------------------------------------------------------------------------
/variants/azure/modules/iaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/azure/modules/iaas


--------------------------------------------------------------------------------
/variants/azure/modules/lbaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/azure/modules/lbaas/


--------------------------------------------------------------------------------
/variants/azure/modules/machine:
--------------------------------------------------------------------------------
1 | ../../../platforms/azure/modules/machine/


--------------------------------------------------------------------------------
/variants/azure/modules/vms:
--------------------------------------------------------------------------------
1 | ../../../platforms/azure/modules/vms


--------------------------------------------------------------------------------
/variants/current:
--------------------------------------------------------------------------------
1 | ../../variant


--------------------------------------------------------------------------------
/variants/openstack/cluster.tf:
--------------------------------------------------------------------------------
1 | ../cluster.tf


--------------------------------------------------------------------------------
/variants/openstack/migrate.mig:
--------------------------------------------------------------------------------
1 | ../../migrate.mig


--------------------------------------------------------------------------------
/variants/openstack/modules/config:
--------------------------------------------------------------------------------
1 | ../../../platforms/openstack/modules/config


--------------------------------------------------------------------------------
/variants/openstack/modules/iaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/openstack/modules/iaas


--------------------------------------------------------------------------------
/variants/openstack/modules/lbaas:
--------------------------------------------------------------------------------
1 | ../../../platforms/openstack/modules/lbaas/


--------------------------------------------------------------------------------
/variants/openstack/modules/machine:
--------------------------------------------------------------------------------
1 | ../../../platforms/openstack/modules/machine


--------------------------------------------------------------------------------
/variants/openstack/modules/vms:
--------------------------------------------------------------------------------
1 | ../../../platforms/openstack/modules/vms


--------------------------------------------------------------------------------