Add support for K8s v1.9 and add certificates controller.

Author: jlamillan

instances/k8smaster/cloud_init/bootstrap.template.yaml

@@ -100,6 +100,11 @@ write_files:
     encoding: "gzip+base64"
     content: |
       ${ca-pem-content}
+  - path: "/etc/kubernetes/ssl/ca-key.pem"
+    permissions: "0600"
+    encoding: "gzip+base64"
+    content: |
+      ${ca-key-content}
   - path: "/etc/kubernetes/ssl/apiserver.pem"
     permissions: "0600"
     encoding: "gzip+base64"

instances/k8smaster/datasources.tf

@@ -141,6 +141,7 @@ data "template_file" "kube_master_cloud_init_file" {
     kube_scheduler_template_content          = "${base64gzip(data.template_file.kube-scheduler.rendered)}"
     kubelet_service_content                  = "${base64gzip(data.template_file.kubelet-service.rendered)}"
     ca-pem-content                           = "${base64gzip(var.root_ca_pem)}"
+    ca-key-content                           = "${base64gzip(var.root_ca_key)}"
     api-server-key-content                   = "${base64gzip(var.api_server_private_key_pem)}"
     api-server-cert-content                  = "${base64gzip(var.api_server_cert_pem)}"
     api-token_auth_template_content          = "${base64gzip(data.template_file.token_auth_file.rendered)}"

instances/k8smaster/manifests/kube-controller-manager.yaml

@@ -17,6 +17,8 @@ spec:
     - --leader-elect=true
     - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
     - --root-ca-file=/etc/kubernetes/ssl/ca.pem
+    - --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem
+    - --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem
     - --v=2
     livenessProbe:
       httpGet:

instances/k8smaster/manifests/kubernetes-dashboard.yaml

@@ -46,18 +46,13 @@ spec:
         - containerPort: 9090
           protocol: TCP
         args:
-          # Uncomment the following line to manually specify Kubernetes API server Host
-          # If not specified, Dashboard will attempt to auto discover the API server and connect
-          # to it. Uncomment only if the default does not work.
-          # - --apiserver-host=http://my-address:port
         livenessProbe:
           httpGet:
             path: /
             port: 9090
           initialDelaySeconds: 30
           timeoutSeconds: 30
       serviceAccountName: kubernetes-dashboard
-      # Comment the following tolerations if Dashboard must not be deployed on master
       tolerations:
       - key: node-role.kubernetes.io/master
         effect: NoSchedule

instances/k8smaster/variables.tf

@@ -64,6 +64,7 @@ variable "k8s_dns_ver" {
 variable "api_server_count" {}
 
 variable "root_ca_pem" {}
+variable "root_ca_key" {}
 variable "api_server_private_key_pem" {}
 variable "api_server_cert_pem" {}
 variable "k8s_apiserver_token_admin" {}

k8s-oci.tf

@@ -221,6 +221,7 @@ module "instances-k8smaster-ad1" {
   k8s_ver                     = "${var.k8s_ver}"
   label_prefix                = "${var.label_prefix}"
   root_ca_pem                 = "${module.k8s-tls.root_ca_pem}"
+  root_ca_key                 = "${module.k8s-tls.root_ca_key}"
   shape                       = "${var.k8sMasterShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
@@ -263,6 +264,7 @@ module "instances-k8smaster-ad2" {
   k8s_ver                     = "${var.k8s_ver}"
   label_prefix                = "${var.label_prefix}"
   root_ca_pem                 = "${module.k8s-tls.root_ca_pem}"
+  root_ca_key                 = "${module.k8s-tls.root_ca_key}"
   shape                       = "${var.k8sMasterShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
@@ -305,6 +307,7 @@ module "instances-k8smaster-ad3" {
   k8s_ver                     = "${var.k8s_ver}"
   label_prefix                = "${var.label_prefix}"
   root_ca_pem                 = "${module.k8s-tls.root_ca_pem}"
+  root_ca_key                 = "${module.k8s-tls.root_ca_key}"
   shape                       = "${var.k8sMasterShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"