search

equinix / terraform-equinix-metal-anthos-on-baremetal

Terraform module for quick deployment of baremetal Anthos on Equinix Metal
https://registry.terraform.io/modules/equinix/anthos-on-baremetal
Apache License 2.0
26 stars 24 forks source link

provide kube api configuration as a module output #15

Closed displague closed 3 years ago

displague commented 3 years ago

While the API may need to be publicly exposed first (depends on #9) users would benefit from the ability to treat this provider like a module that can be plugged into broader solutions.

This will require access to the Kubernetes API of the Anthos cluster:

module "anthos" {
 source = "equinix/equinix-metal/anthos" # this repository, once registered
}

provider "kubernetes" {
 // configure using module.anthos.some_output_variables
}

resource "kubernetes_service" "nginx" {
  metadata {
    name = "nginx-example"
  }
  spec {
    selector = {
      App = kubernetes_pod.nginx.metadata[0].labels.App
    }
    port {
      port        = 80
      target_port = 80
    }

    type = "LoadBalancer"
  }
}

output "lb_ip" {
  value = kubernetes_service.nginx.load_balancer_ingress[0].ip
}
c0dyhi11 commented 3 years ago

As the kubeconfig is only dropped onto the disk where bmctl is run... This might be difficult. Terrafom has a hard time returning objects from a remote server as terraform resources.

We can look into hijacking local exec and doing some ssh magic using that. I know that'll be able to return the kubeconfig info in a useable way.

displague commented 3 years ago

The following patch gets the kubeconfig copied locally, replacing 172.29.254.254 with the public IP of the first control plane node. However, the API is not listening or proxied to that address.

@c0dyhi11, any thoughts on how, where, or if the IP should be publicly exposed?

From 8ba3c55d78df1bcddef879fdad500068bbff3796 Mon Sep 17 00:00:00 2001
From: Marques Johansson <mjohansson@equinix.com>
Date: Sat, 28 Nov 2020 16:03:33 -0500
Subject: [PATCH] copy kubeconfig to a local file

Signed-off-by: Marques Johansson <mjohansson@equinix.com>
---
 main.tf            |  9 +++++++++
 util/kubeconfig.sh | 13 +++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100755 util/kubeconfig.sh

diff --git a/main.tf b/main.tf
index 2122921..dfce7dc 100644
--- a/main.tf
+++ b/main.tf
@@ -203,3 +203,12 @@ resource "null_resource" "deploy_anthos_cluster" {
     ]
   }
 }
+
+resource "null_resource" "local_kubectl" {
+  depends_on = [null_resource.deploy_anthos_cluster]
+
+  provisioner "local-exec" {
+    command    = "${path.cwd}/${path.module}/util/kubeconfig.sh ${local.cluster_name} ${packet_device.control_plane.0.access_public_ipv4} ${cidrhost(var.private_subnet, -2)} ${local_file.cluster_private_key_pem.filename}"
+    on_failure = continue
+  }
+}
diff --git a/util/kubeconfig.sh b/util/kubeconfig.sh
new file mode 100755
index 0000000..9b31d46
--- /dev/null
+++ b/util/kubeconfig.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e
+
+CLUSTER=$1
+PUBLIC_IP=$2
+API_IP=$3
+SSH_KEY=$4
+SOURCE="/root/baremetal/bmctl-workspace/$CLUSTER/$CLUSTER-kubeconfig"
+
+ssh -i ${SSH_KEY} -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+  root@${PUBLIC_IP} \
+  cat $SOURCE | \
+  sed -e "s/${API_IP}/${PUBLIC_IP}/g" > ${CLUSTER}.conf
--
2.24.3 (Apple Git-128)
displague commented 3 years ago

Fixed by #23, Thanks @c0dyhi11 !