Organize CoreDNS and kube-proxy manifests so they're optional

* Add a `coredns` variable to configure the CoreDNS manifests, with an `enable` field to determine whether CoreDNS manifests are applied to the cluster during provisioning (default true) * Add a `kube-proxy` variable to configure kube-proxy manifests, with an `enable` field to determine whether the kube-proxy Daemonset is applied to the cluster during provisioning (default true) * These optional allow for provisioning clusters without CoreDNS or kube-proxy, so these components can be customized or managed through separate plan/apply processes or automation
poseidon · May 13, 2024 · 9902860 · 9902860
1 parent baf406f
commit 9902860
Show file tree

Hide file tree

Showing 12 changed files with 67 additions and 19 deletions.
diff --git a/conditional.tf b/conditional.tf
@@ -5,7 +5,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   flannel_manifests = {
     for name in fileset("${path.module}/resources/flannel", "*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/flannel/${name}",
       {
         flannel_image         = var.container_images["flannel"]
@@ -21,7 +21,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   calico_manifests = {
     for name in fileset("${path.module}/resources/calico", "*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/calico/${name}",
       {
         calico_image                    = var.container_images["calico"]
@@ -44,7 +44,7 @@ locals {
   # { manifests-networking/manifest.yaml => content }
   cilium_manifests = {
     for name in fileset("${path.module}/resources/cilium", "**/*.yaml") :
-    "manifests-networking/${name}" => templatefile(
+    "manifests/network/${name}" => templatefile(
       "${path.module}/resources/cilium/${name}",
       {
         cilium_agent_image    = var.container_images["cilium_agent"]

diff --git a/manifests.tf b/manifests.tf
@@ -20,26 +20,45 @@ locals {
 
   # Kubernetes control plane manifests map
   # { manifests/manifest.yaml => content }
-  manifests = {
+  manifests = merge({
     for name in fileset("${path.module}/resources/manifests", "**/*.yaml") :
     "manifests/${name}" => templatefile(
       "${path.module}/resources/manifests/${name}",
       {
-        kube_proxy_image       = var.container_images["kube_proxy"]
-        coredns_image          = var.container_images["coredns"]
-        control_plane_replicas = max(2, length(var.etcd_servers))
-        pod_cidr               = var.pod_cidr
-        cluster_domain_suffix  = var.cluster_domain_suffix
-        cluster_dns_service_ip = cidrhost(var.service_cidr, 10)
-        server                 = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-        apiserver_host         = var.api_servers[0]
-        apiserver_port         = var.external_apiserver_port
-        daemonset_tolerations  = var.daemonset_tolerations
-        token_id               = random_password.bootstrap-token-id.result
-        token_secret           = random_password.bootstrap-token-secret.result
+        server         = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+        apiserver_host = var.api_servers[0]
+        apiserver_port = var.external_apiserver_port
+        token_id       = random_password.bootstrap-token-id.result
+        token_secret   = random_password.bootstrap-token-secret.result
       }
     )
-  }
+    },
+    # CoreDNS manifests (optional)
+    {
+      for name in fileset("${path.module}/resources/coredns", "*.yaml") :
+      "manifests/coredns/${name}" => templatefile(
+        "${path.module}/resources/coredns/${name}",
+        {
+          coredns_image          = var.container_images["coredns"]
+          control_plane_replicas = max(2, length(var.etcd_servers))
+          cluster_domain_suffix  = var.cluster_domain_suffix
+          cluster_dns_service_ip = cidrhost(var.service_cidr, 10)
+        }
+      ) if var.components.enable && var.components.coredns.enable
+    },
+    # kube-proxy manifests (optional)
+    {
+      for name in fileset("${path.module}/resources/kube-proxy", "*.yaml") :
+      "manifests/kube-proxy/${name}" => templatefile(
+        "${path.module}/resources/kube-proxy/${name}",
+        {
+          kube_proxy_image      = var.container_images["kube_proxy"]
+          pod_cidr              = var.pod_cidr
+          daemonset_tolerations = var.daemonset_tolerations
+        }
+      ) if var.components.enable && var.components.kube_proxy.enable
+    }
+  )
 }
 
 locals {

diff --git a/...nifests/coredns/cluster-role-binding.yaml → resources/coredns/cluster-role-binding.yaml b/...nifests/coredns/cluster-role-binding.yaml → resources/coredns/cluster-role-binding.yaml
diff --git a/...urces/manifests/coredns/cluster-role.yaml → resources/coredns/cluster-role.yaml b/...urces/manifests/coredns/cluster-role.yaml → resources/coredns/cluster-role.yaml
diff --git a/resources/manifests/coredns/config.yaml → resources/coredns/config.yaml b/resources/manifests/coredns/config.yaml → resources/coredns/config.yaml
diff --git a/resources/manifests/coredns/deployment.yaml → resources/coredns/deployment.yaml b/resources/manifests/coredns/deployment.yaml → resources/coredns/deployment.yaml
diff --git a/...es/manifests/coredns/service-account.yaml → resources/coredns/service-account.yaml b/...es/manifests/coredns/service-account.yaml → resources/coredns/service-account.yaml
diff --git a/resources/manifests/coredns/service.yaml → resources/coredns/service.yaml b/resources/manifests/coredns/service.yaml → resources/coredns/service.yaml
diff --git a/...es/manifests/kube-proxy-role-binding.yaml → ...s/kube-proxy/kube-proxy-role-binding.yaml b/...es/manifests/kube-proxy-role-binding.yaml → ...s/kube-proxy/kube-proxy-role-binding.yaml
diff --git a/resources/manifests/kube-proxy-sa.yaml → resources/kube-proxy/kube-proxy-sa.yaml b/resources/manifests/kube-proxy-sa.yaml → resources/kube-proxy/kube-proxy-sa.yaml
diff --git a/resources/manifests/kube-proxy.yaml → resources/kube-proxy/kube-proxy.yaml b/resources/manifests/kube-proxy.yaml → resources/kube-proxy/kube-proxy.yaml
diff --git a/variables.tf b/variables.tf
@@ -54,11 +54,9 @@ EOD
   default     = "10.3.0.0/24"
 }
 
-
 variable "container_images" {
   type        = map(string)
   description = "Container images to use"
-
   default = {
     calico                  = "quay.io/calico/node:v3.27.3"
     calico_cni              = "quay.io/calico/cni:v3.27.3"
@@ -105,3 +103,34 @@ variable "cluster_domain_suffix" {
   description = "Queries for domains with the suffix will be answered by kube-dns"
   default     = "cluster.local"
 }
+
+variable "components" {
+  description = "Configure pre-installed cluster components"
+  type = object({
+    enable = optional(bool, true)
+    coredns = optional(
+      object({
+        enable = optional(bool, true)
+      }),
+      {
+        enable = true
+      }
+    )
+    kube_proxy = optional(
+      object({
+        enable = optional(bool, true)
+      }),
+      {
+        enable = true
+      }
+    )
+  })
+  default = {
+    enable     = true
+    coredns    = null
+    kube_proxy = null
+  }
+  # Set the variable value to the default value when the caller
+  # sets it to null.
+  nullable = false
+}