WIP: build aws components, ignition not complete yet

Author: alexsomesan

aws/bastion.tf

@@ -0,0 +1,42 @@
+/*
+    The bastion instance is used only for debugging during development.
+    This file should be removed once the templates are stable and working correctly.
+*/
+resource "aws_security_group" "bastion_sec_group" {
+  vpc_id = "${data.aws_vpc.cluster_vpc.id}"
+
+  ingress {
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port   = 22
+    to_port     = 22
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "ignition_config" "bastion" {
+  files = [
+    "${ignition_file.etcd-endpoints.id}",
+  ]
+}
+
+resource "aws_instance" "bastion_node" {
+  ami                         = "${data.aws_ami.coreos_ami.image_id}"
+  instance_type               = "t2.small"
+  subnet_id                   = "${aws_subnet.az_subnet_pub.0.id}"
+  key_name                    = "${aws_key_pair.ssh-key.key_name}"
+  vpc_security_group_ids      = ["${aws_security_group.bastion_sec_group.id}"]
+  user_data                   = "${ignition_config.bastion.rendered}"
+  associate_public_ip_address = true
+
+  tags {
+    Name = "bastion"
+  }
+}

aws/dns.tf

@@ -0,0 +1,8 @@
+resource "aws_route53_zone" "tectonic-int" {
+  vpc_id = "${data.aws_vpc.cluster_vpc.id}"
+  name   = "${var.tectonic_domain}"
+}
+
+resource "aws_route53_zone" "tectonic-ext" {
+  name = "${var.tectonic_domain}"
+}

aws/elb.tf

@@ -0,0 +1,56 @@
+resource "aws_elb" "api-internal" {
+  name     = "${var.cluster_name}-api-internal"
+  subnets  = ["${aws_subnet.master_subnet.*.id}"]
+  internal = true
+
+  listener {
+    instance_port     = 443
+    instance_protocol = "tcp"
+    lb_port           = 443
+    lb_protocol       = "tcp"
+  }
+
+  listener {
+    instance_port     = 10255
+    instance_protocol = "tcp"
+    lb_port           = 10255
+    lb_protocol       = "tcp"
+  }
+}
+
+resource "aws_elb" "api-external" {
+  name     = "${var.cluster_name}-api-external"
+  subnets  = ["${aws_subnet.az_subnet_pub.*.id}"]
+  internal = false
+
+  listener {
+    instance_port     = 443
+    instance_protocol = "tcp"
+    lb_port           = 443
+    lb_protocol       = "tcp"
+  }
+}
+
+resource "aws_route53_record" "api-internal" {
+  zone_id = "${aws_route53_zone.tectonic-int.zone_id}"
+  name    = "${var.cluster_name}-k8s.${var.tectonic_domain}"
+  type    = "A"
+
+  alias {
+    name                   = "${aws_elb.api-internal.dns_name}"
+    zone_id                = "${aws_elb.api-internal.zone_id}"
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "api-external" {
+  zone_id = "${aws_route53_zone.tectonic-ext.zone_id}"
+  name    = "${var.cluster_name}-k8s.${var.tectonic_domain}"
+  type    = "A"
+
+  alias {
+    name                   = "${aws_elb.api-internal.dns_name}"
+    zone_id                = "${aws_elb.api-internal.zone_id}"
+    evaluate_target_health = true
+  }
+}

aws/etcd/cloudconfig.tf

@@ -1,20 +1,15 @@
-resource "aws_route53_zone" etcd_zone {
-  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
-  name   = "${var.etcd_domain}"
-}
-
 resource "aws_route53_record" "etcd_srv_discover" {
   name    = "_etcd-server._tcp"
   type    = "SRV"
-  zone_id = "${aws_route53_zone.etcd_zone.id}"
+  zone_id = "${var.dns_zone}"
   records = ["${formatlist("0 0 2380 %s", aws_route53_record.etc_a_nodes.*.fqdn)}"]
   ttl     = "300"
 }
 
 resource "aws_route53_record" "etcd_srv_client" {
   name    = "_etcd-client._tcp"
   type    = "SRV"
-  zone_id = "${aws_route53_zone.etcd_zone.id}"
+  zone_id = "${var.dns_zone}"
   records = ["${formatlist("0 0 2379 %s", aws_route53_record.etc_a_nodes.*.fqdn)}"]
   ttl     = "60"
 }
@@ -23,7 +18,7 @@ resource "aws_route53_record" "etc_a_nodes" {
   count   = "${var.node_count}"
   type    = "A"
   ttl     = "60"
-  zone_id = "${aws_route53_zone.etcd_zone.id}"
-  name    = "node-${count.index}"
+  zone_id = "${var.dns_zone}"
+  name    = "etcd-${count.index}"
   records = ["${aws_instance.etcd_node.*.private_ip[count.index]}"]
 }

aws/etcd/dns.tf

@@ -1,19 +1,5 @@
-data "aws_vpc" "etcd_vpc" {
-  id = "${var.vpc_id}"
-}
-
-data "aws_subnet" "az_subnet" {
-  count  = "${var.node_count}"
-  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
-
-  filter = {
-    name   = "availabilityZone"
-    values = ["${data.aws_availability_zones.zones.names[count.index]}"]
-  }
-}
-
-resource "aws_default_security_group" "default_sec_group" {
-  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
+resource "aws_security_group" "etcd_sec_group" {
+  vpc_id = "${var.vpc_id}"
 
   ingress {
     protocol  = -1
@@ -29,6 +15,13 @@ resource "aws_default_security_group" "default_sec_group" {
     to_port     = 22
   }
 
+  ingress {
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port   = 2379
+    to_port     = 2379
+  }
+
   egress {
     from_port   = 0
     to_port     = 0

aws/etcd/network.tf

@@ -1,38 +1,23 @@
-data "aws_availability_zones" "zones" {}
+data "template_file" "userdata" {
+  count    = "${var.node_count}"
+  template = "${file("${path.module}/userdata.yml")}"
 
-data "aws_ami" "coreos_ami" {
-  most_recent = true
-
-  filter {
-    name   = "name"
-    values = ["CoreOS-stable-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  filter {
-    name   = "owner-id"
-    values = ["595879546273"]
+  vars {
+    node_name   = "etcd-${count.index}.${var.tectonic_domain}"
+    etcd_domain = "${var.tectonic_domain}"
   }
 }
 
 resource "aws_instance" "etcd_node" {
-  count         = "${var.node_count}"
-  ami           = "${data.aws_ami.coreos_ami.id}"
-  instance_type = "t2.medium"
-  subnet_id     = "${data.aws_subnet.az_subnet.*.id[count.index]}"
-  key_name      = "${aws_key_pair.ssh-key.id}"
-  user_data     = "${data.template_file.userdata.*.rendered[count.index]}"
+  count                  = "${var.node_count}"
+  ami                    = "${var.coreos_ami}"
+  instance_type          = "t2.medium"
+  subnet_id              = "${var.etcd_subnets[count.index]}"
+  key_name               = "${var.ssh_key}"
+  user_data              = "${data.template_file.userdata.*.rendered[count.index]}"
+  vpc_security_group_ids = ["${aws_security_group.etcd_sec_group.id}"]
 
   tags {
-    Name = "node-${count.index}"
+    Name = "etcd-${count.index}"
   }
 }

aws/etcd/nodes.tf

@@ -1,3 +1,3 @@
 output "endpoints" {
-  value = "${join(",",formatlist("http://%s:2379",aws_route53_record.etc_a_nodes.*.fqdn))}"
+  value = "${formatlist("http://%s:2379",aws_route53_record.etc_a_nodes.*.fqdn)}"
 }

aws/etcd/outputs.tf

@@ -0,0 +1,28 @@
+#cloud-config
+
+hostname: ${node_name}
+
+coreos:
+  update:
+    reboot-strategy: "etcd-lock"
+  units:
+  - name: "etcd2.service"
+    enable: false
+  - name: "etcd.service"
+    enable: false
+  - name: "etcd-member.service"
+    enable: true
+    command: "start"
+    drop-ins: 
+    - name: "40-etcd-cluster.conf"
+      content: |
+        [Service]
+        Environment="ETCD_IMAGE_TAG=v3.1.1"
+        ExecStart=
+        ExecStart=/usr/lib/coreos/etcd-wrapper \
+        --name=etcd \
+        --discovery-srv=${etcd_domain} \
+        --advertise-client-urls=http://${node_name}:2379 \
+        --initial-advertise-peer-urls=http://${node_name}:2380 \
+        --listen-client-urls=http://0.0.0.0:2379 \
+        --listen-peer-urls=http://$private_ipv4:2380

aws/etcd/userdata.yaml

@@ -1,4 +1,8 @@
-variable "etcd_domain" {
+variable "tectonic_domain" {
+  type = "string"
+}
+
+variable "dns_zone" {
   type = "string"
 }
 
@@ -9,3 +13,15 @@ variable "node_count" {
 variable "vpc_id" {
   type = "string"
 }
+
+variable "ssh_key" {
+  type = "string"
+}
+
+variable "coreos_ami" {
+  type = "string"
+}
+
+variable "etcd_subnets" {
+  type = "list"
+}

aws/etcd/userdata.yml

@@ -0,0 +1,47 @@
+data "aws_availability_zones" "azs" {}
+
+data "aws_ami" "coreos_ami" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["CoreOS-stable-*"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "owner-id"
+    values = ["595879546273"]
+  }
+}
+
+module "vpc" {
+  source          = "./vpc"
+  external_vpc_id = "${var.external_vpc_id}"
+  vpc_cid_block   = "${var.vpc_cid_block}"
+}
+
+data "aws_vpc" "cluster_vpc" {
+  id = "${module.vpc.vpc_id}"
+}
+
+module "etcd" {
+  source = "./etcd"
+
+  vpc_id          = "${data.aws_vpc.cluster_vpc.id}"
+  node_count      = "${var.az_count}"
+  ssh_key         = "${aws_key_pair.ssh-key.id}"
+  dns_zone        = "${aws_route53_zone.tectonic-int.zone_id}"
+  coreos_ami      = "${data.aws_ami.coreos_ami.id}"
+  etcd_subnets    = ["${aws_subnet.etcd_subnet.*.id}"]
+  tectonic_domain = "${var.tectonic_domain}"
+}