Disable rand, extra args (#5)

* s3 url output
* get kubeconfig as data object
* extra_args
* disable randomize

README.md

@@ -58,7 +58,8 @@ module
 |------|-------------|------|---------|:--------:|
 | cluster\_name | Cluster name | `string` | n/a | yes |
 | domain | DNS zone record to assign to NLB | `string` | n/a | yes |
-| extra\_api\_args | A list of additional arguments for kubeapi | `map` | `{}` | no |
+| extra\_api\_args | A map of additional arguments for kubeapi. Key - argument without --, and it value. See examples. | `map` | `{}` | no |
+| extra\_args | A list of additional arguments for k3s server | `list` | `[]` | no |
 | k3s\_version | Version of k3s engine: https://github.com/rancher/k3s/releases | `string` | n/a | yes |
 | key\_name | The key name to use for the instances | `string` | n/a | yes |
 | kubeconfig\_filename | Name of file to save kubeconfig local. | `string` | `"./kubeconfig"` | no |

data.tf

@@ -24,8 +24,8 @@ data "template_file" "init-master" {
     s3_bucket        = var.s3_bucket
     node_labels      = local.master_node_labels
     node_taints      = local.master_node_taints
-    extra_api_args   = local.extra_api_args
-    kubeconfig_name  = local.kubeconfig_filename
+    extra_args       = "${local.custom_args} ${local.extra_api_args}"
+    kubeconfig_name  = local.s3_kubeconfig_filename
   }
 }
 

examples/simple/terraform.tfvars

@@ -10,3 +10,15 @@ s3_bucket               = "cluster-dev-k3s"
 cluster_name            = "k3s-test"
 key_name                = "arti-key"
 worker_node_groups      = []
+
+extra_api_args = {
+  oidc-issuer-url     = "https://example.com/my"
+  oidc-username-claim = "email"
+  oidc-groups-claim   = "groups"
+  oidc-client-id      = "login"
+  allow-privileged    = "true"
+}
+
+extra_args = [
+  "--disable traefik"
+]

files/k3s.tpl.sh

@@ -24,7 +24,7 @@ software_install() {
     fi
   %{ endif }
   START_ARGS="server --cluster-domain ${cluster_domain} --secrets-encryption --node-name $(curl http://169.254.169.254/latest/meta-data/local-hostname)"
-  START_ARGS="$${START_ARGS} ${extra_api_args}"
+  START_ARGS="$${START_ARGS} ${extra_args}"
 %{ endif }
 
 %{ if instance_role == "worker" }

kubeconfig.tf

@@ -1,7 +1,7 @@
 resource "null_resource" "wait_cluster_ready" {
   provisioner "local-exec" {
     # command = "until (curl --connect-timeout 2 https://${local.cluster_domain}:6443/ping --insecure) >/dev/null 2>&1; do sleep 1; echo waiting for k3s; done"
-    command = "until (aws s3 cp s3://${var.s3_bucket}/${var.cluster_name}/${local.kubeconfig_filename} ./kubeconfig_tmp && for i in $(seq 10); do kubectl version --kubeconfig ./kubeconfig_tmp --request-timeout=5s || exit 1; sleep 1; done) >/dev/null 2>&1; do sleep 1; echo waiting for kubeconfig; done"
+    command = "until (aws s3 cp s3://${var.s3_bucket}/${var.cluster_name}/${local.s3_kubeconfig_filename} ./kubeconfig_tmp && for i in $(seq 10); do kubectl version --kubeconfig ./kubeconfig_tmp --request-timeout=5s || exit 1; sleep 1; done) >/dev/null 2>&1; do sleep 1; echo waiting for kubeconfig; done"
   }
   depends_on = [
     aws_autoscaling_group.master,
@@ -11,7 +11,7 @@ resource "null_resource" "wait_cluster_ready" {
 
 # Not really secure as it will keep entire file as a plain text in tfstate
 data "aws_s3_bucket_object" "get_kubeconfig" {
-  key    = "${var.cluster_name}/${local.kubeconfig_filename}"
+  key    = "${var.cluster_name}/${local.s3_kubeconfig_filename}"
   bucket = var.s3_bucket
   depends_on = [
     null_resource.wait_cluster_ready

locals.tf

@@ -1,9 +1,9 @@
-resource "random_pet" "kubeconfig_sufix" {}
+
 locals {
-  name                = var.cluster_name
-  cluster_dns_zone    = "${var.cluster_name}.${var.domain}"
-  cluster_domain      = "cp.${local.cluster_dns_zone}"
-  kubeconfig_filename = "kubeconfig${random_pet.kubeconfig_sufix.id}"
+  name                   = var.cluster_name
+  cluster_dns_zone       = "${var.cluster_name}.${var.domain}"
+  cluster_domain         = "cp.${local.cluster_dns_zone}"
+  s3_kubeconfig_filename = "kubeconfig"
   common_tags = {
     "kubernetes.io/cluster/${var.cluster_name}" = "owned"
     KubernetesCluster                           = var.cluster_name
@@ -63,6 +63,7 @@ locals {
     [for key, value in var.extra_api_args :
       "--kube-apiserver-arg \"${key}=${value}\""
   ])
+  custom_args = join(" ", var.extra_args)
 }
 
 resource null_resource "validate_domain_length" {

outputs.tf

@@ -7,5 +7,5 @@ output "kubeconfig" {
 }
 
 output "kubeconfig_s3_url" {
-  value = "s3://${var.s3_bucket}/${var.cluster_name}/${local.kubeconfig_filename}"
+  value = "s3://${var.s3_bucket}/${var.cluster_name}/${local.s3_kubeconfig_filename}"
 }

variables.tf

@@ -81,11 +81,18 @@ variable worker_node_groups {
 }
 
 variable extra_api_args {
-  description = "A list of additional arguments for kubeapi"
+  description = "A map of additional arguments for kubeapi. Key - argument without --, and it value. See examples."
   type        = map
   default     = {}
 }
 
+variable extra_args {
+  description = "A list of additional arguments for k3s server"
+  type        = list
+  default     = []
+}
+
+
 variable master_iam_instance_profile {
   description = "IAM instance profile to be attached to master instances"
   type        = string