Few customizations (kubernetes-digitalocean-terraform#25)

* New setting: prefix to create unique droplet names

* New settings: sizes to customize the droplet sizes

* Allow comma seperated SSH keys.

Existing config still works as well

* Allow terraform apply to be run from other directory

Author: nathansamson

cfssl/generate_admin.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 
 SECRETS_DIR=$PWD/secrets
+CFSSL_DIR=$(dirname "${BASH_SOURCE[0]}")
 
 cfssl gencert -ca=$SECRETS_DIR/ca.pem \
     -ca-key=$SECRETS_DIR/ca-key.pem \
-    -config=$PWD/cfssl/ca-config.json \
-    -profile=client $PWD/cfssl/client.json | cfssljson -bare $SECRETS_DIR/admin
+    -config=$CFSSL_DIR/ca-config.json \
+    -profile=client $CFSSL_DIR/client.json | cfssljson -bare $SECRETS_DIR/admin

cfssl/generate_ca.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 
 SECRETS_DIR=$PWD/secrets
+CFSSL_DIR=$(dirname "${BASH_SOURCE[0]}")
 
-cfssl gencert -initca $PWD/cfssl/ca-csr.json | cfssljson -bare $SECRETS_DIR/ca -
+cfssl gencert -initca $CFSSL_DIR/ca-csr.json | cfssljson -bare $SECRETS_DIR/ca -

cfssl/generate_client.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 
 SECRETS_DIR=$PWD/secrets
+CFSSL_DIR=$(dirname "${BASH_SOURCE[0]}")
 
 cfssl gencert -ca=$SECRETS_DIR/ca.pem \
     -ca-key=$SECRETS_DIR/ca-key.pem \
-    -config=$PWD/cfssl/ca-config.json \
-    -profile=client $PWD/cfssl/client.json | cfssljson -bare $SECRETS_DIR/client-$1
+    -config=$CFSSL_DIR/ca-config.json \
+    -profile=client $CFSSL_DIR/client.json | cfssljson -bare $SECRETS_DIR/client-$1

cfssl/generate_server.sh

@@ -1,11 +1,12 @@
 #!/bin/bash
 
 SECRETS_DIR=$PWD/secrets
+CFSSL_DIR=$(dirname "${BASH_SOURCE[0]}")
 
-template=$(cat $PWD/cfssl/server.json | sed "s/\${SERVERNAME}/$1/g")
+template=$(cat $CFSSL_DIR/server.json | sed "s/\${SERVERNAME}/$1/g")
 
 echo $template | cfssl gencert -ca=$SECRETS_DIR/ca.pem \
     -ca-key=$SECRETS_DIR/ca-key.pem \
-    -config=$PWD/cfssl/ca-config.json \
+    -config=$CFSSL_DIR/ca-config.json \
     -profile=server \
     -hostname="$2" - | cfssljson -bare $SECRETS_DIR/$1

deploy.tf

@@ -21,6 +21,23 @@ variable "number_of_workers" {}
 variable "hypercube_version" {
     default = "v1.3.6_coreos.0"
 }
+
+variable "prefix" {
+    default = ""
+}
+
+variable "size_etcd" {
+    default = "512mb"
+}
+
+variable "size_master" {
+    default = "512mb"
+}
+
+variable "size_worker" {
+    default = "512mb"
+}
+
 ###############################################################################
 #
 # Specify provider
@@ -42,26 +59,24 @@ provider "digitalocean" {
 
 resource "digitalocean_droplet" "k8s_etcd" {
     image = "coreos-stable"
-    name = "k8s-etcd"
+    name = "${var.prefix}k8s-etcd"
     region = "${var.do_region}"
     private_networking = true
-    size = "512mb"
-    user_data = "${file("00-etcd.yaml")}"
-    ssh_keys = [
-        "${var.ssh_fingerprint}"
-    ]
+    size = "${var.size_etcd}"
+    user_data = "${file("${path.module}/00-etcd.yaml")}"
+    ssh_keys = ["${split(",", var.ssh_fingerprint)}"]
 
     # Generate the Certificate Authority
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_ca.sh
+            ${path.module}/cfssl/generate_ca.sh
 EOF
     }
 
     # Generate k8s-etcd server certificate
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_server.sh k8s_etcd ${digitalocean_droplet.k8s_etcd.ipv4_address_private}
+            ${path.module}/cfssl/generate_server.sh k8s_etcd ${digitalocean_droplet.k8s_etcd.ipv4_address_private}
 EOF
     }
 
@@ -120,7 +135,7 @@ EOF
 
 
 data "template_file" "master_yaml" {
-    template = "${file("01-master.yaml")}"
+    template = "${file("${path.module}/01-master.yaml")}"
     vars {
         DNS_SERVICE_IP = "10.3.0.10"
         ETCD_IP = "${digitalocean_droplet.k8s_etcd.ipv4_address_private}"
@@ -140,19 +155,17 @@ data "template_file" "master_yaml" {
 
 resource "digitalocean_droplet" "k8s_master" {
     image = "coreos-stable"
-    name = "k8s-master"
+    name = "${var.prefix}k8s-master"
     region = "${var.do_region}"
     private_networking = true
-    size = "512mb"
+    size = "${var.size_master}"
     user_data = "${data.template_file.master_yaml.rendered}"
-    ssh_keys = [
-        "${var.ssh_fingerprint}"
-    ]
+    ssh_keys = ["${split(",", var.ssh_fingerprint)}"]
 
     # Generate k8s_master server certificate
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_server.sh k8s_master "${digitalocean_droplet.k8s_master.ipv4_address},${digitalocean_droplet.k8s_master.ipv4_address_private},10.3.0.1,kubernetes.default,kubernetes"
+            ${path.module}/cfssl/generate_server.sh k8s_master "${digitalocean_droplet.k8s_master.ipv4_address},${digitalocean_droplet.k8s_master.ipv4_address_private},10.3.0.1,kubernetes.default,kubernetes"
 EOF
     }
 
@@ -182,7 +195,7 @@ EOF
     # Generate k8s_master client certificate
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_client.sh k8s_master
+            ${path.module}/cfssl/generate_client.sh k8s_master
 EOF
     }
 
@@ -243,7 +256,7 @@ EOF
 
 
 data "template_file" "worker_yaml" {
-    template = "${file("02-worker.yaml")}"
+    template = "${file("${path.module}/02-worker.yaml")}"
     vars {
         DNS_SERVICE_IP = "10.3.0.10"
         ETCD_IP = "${digitalocean_droplet.k8s_etcd.ipv4_address_private}"
@@ -263,21 +276,19 @@ data "template_file" "worker_yaml" {
 resource "digitalocean_droplet" "k8s_worker" {
     count = "${var.number_of_workers}"
     image = "coreos-stable"
-    name = "${format("k8s-worker-%02d", count.index + 1)}"
+    name = "${var.prefix}${format("k8s-worker-%02d", count.index + 1)}"
     region = "${var.do_region}"
-    size = "512mb"
+    size = "${var.size_worker}"
     private_networking = true
     user_data = "${data.template_file.worker_yaml.rendered}"
-    ssh_keys = [
-        "${var.ssh_fingerprint}"
-    ]
+    ssh_keys = ["${split(",", var.ssh_fingerprint)}"]
 
 
 
     # Generate k8s_worker client certificate
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_client.sh k8s_worker
+            ${path.module}/cfssl/generate_client.sh k8s_worker
 EOF
     }
 
@@ -343,11 +354,11 @@ resource "null_resource" "make_admin_key" {
     depends_on = ["digitalocean_droplet.k8s_worker"]
     provisioner "local-exec" {
         command = <<EOF
-            $PWD/cfssl/generate_admin.sh
+            ${path.module}/cfssl/generate_admin.sh
 EOF
     }
 }
- 
+
 resource "null_resource" "setup_kubectl" {
     depends_on = ["null_resource.make_admin_key"]
     provisioner "local-exec" {
@@ -372,7 +383,7 @@ resource "null_resource" "deploy_dns_addon" {
     provisioner "local-exec" {
         command = <<EOF
             until kubectl get pods 2>/dev/null; do printf '.'; sleep 5; done
-            kubectl create -f 03-dns-addon.yaml
+            kubectl create -f ${path.module}/03-dns-addon.yaml
 EOF
     }
 }
@@ -381,7 +392,7 @@ resource "null_resource" "deploy_microbot" {
     depends_on = ["null_resource.setup_kubectl"]
     provisioner "local-exec" {
         command = <<EOF
-            sed -e "s/\$EXT_IP1/${digitalocean_droplet.k8s_worker.0.ipv4_address}/" < 04-microbot.yaml > ./secrets/04-microbot.rendered.yaml
+            sed -e "s/\$EXT_IP1/${digitalocean_droplet.k8s_worker.0.ipv4_address}/" < ${path.module}/04-microbot.yaml > ./secrets/04-microbot.rendered.yaml
             until kubectl get pods 2>/dev/null; do printf '.'; sleep 5; done
             kubectl create -f ./secrets/04-microbot.rendered.yaml
 

setup_terraform.sh

@@ -11,12 +11,11 @@ function get_ssh_version {
     [[ -n $ZSH_VERSION ]] && setopt LOCAL_OPTIONS KSH_ARRAYS BASH_REMATCH
     [[ $ssh_ver =~ OpenSSH_([0-9][.][0-9]) ]] && echo "${BASH_REMATCH[1]}"
 }
-    
+
 
 # if ssh version is under 6.9, use -lf, otherwise must use the -E version
 if ! awk -v ver="$(get_ssh_version)" 'BEGIN { if (ver < 6.9) exit 1; }'; then
     export TF_VAR_ssh_fingerprint=$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')
 else
     export TF_VAR_ssh_fingerprint=$(ssh-keygen -E MD5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}' | sed 's/MD5://g')
 fi
-