Switch userdata to new bootstrap.sh layout as per latest official EKS AMI...

Switch userdata to new bootstrap.sh layout as per latest official EKS AMI builds to circumvent internal DNS issue

Switch userdata to new bootstrap.sh layout as per latest official EKS AMI...
Switch userdata to new bootstrap.sh layout as per latest official EKS AMI builds to circumvent internal DNS issue
140c11e0 · Chris Merrett · a43ed0b5 · 140c11e0 · 140c11e0 · 140c11e0
Commit 140c11e0 authored Sep 12, 2018 by Chris Merrett
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 30 deletions

data.tf data.tf +1 -2

userdata.tpl templates/userdata.tpl +2 -25

variables.tf variables.tf +3 -3

No files found.
--- a/data.tf
+++ b/data.tf
@@ -112,12 +112,11 @@ data "template_file" "workers_userdata" {
  template = "${file("${path.module}/templates/userdata.tpl")}"

  vars {
-    region              = "${data.aws_region.current.name}"
    cluster_name        = "${var.cluster_name}"
    endpoint            = "${aws_eks_cluster.cluster.endpoint}"
    cluster_auth_base64 = "${aws_eks_cluster.cluster.certificate_authority.0.data}"
    max_pod_count       = "${var.max_pods_per_worker}"
-    alt_dns_cluster_ip  = "${var.alt_dns_cluster_ip}"
+    kubelet_extra_args  = "${var.kubelet_extra_args}"
    additional_userdata = "${var.additional_userdata}"
  }
 }
--- a/templates/userdata.tpl
+++ b/templates/userdata.tpl
 #!/bin/bash -xe

-# Certificate Authority config
-CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
-CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
-mkdir -p $CA_CERTIFICATE_DIRECTORY
-echo "${cluster_auth_base64}" | base64 -d >$CA_CERTIFICATE_FILE_PATH
-
-# Authentication
-INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
-sed -i s,MASTER_ENDPOINT,${endpoint},g /var/lib/kubelet/kubeconfig
-sed -i s,CLUSTER_NAME,${cluster_name},g /var/lib/kubelet/kubeconfig
-sed -i s,REGION,${region},g /etc/systemd/system/kubelet.service
-sed -i s,MAX_PODS,${max_pod_count},g /etc/systemd/system/kubelet.service
-sed -i s,MASTER_ENDPOINT,${endpoint},g /etc/systemd/system/kubelet.service
-sed -i s,INTERNAL_IP,$INTERNAL_IP,g /etc/systemd/system/kubelet.service
-
-# DNS cluster configuration
-DNS_CLUSTER_IP=10.100.0.10
-if [[ $INTERNAL_IP == 10.* ]]; then DNS_CLUSTER_IP=${alt_dns_cluster_ip}; fi
-sed -i s,DNS_CLUSTER_IP,$DNS_CLUSTER_IP,g /etc/systemd/system/kubelet.service
-sed -i s,CERTIFICATE_AUTHORITY_FILE,$CA_CERTIFICATE_FILE_PATH,g /var/lib/kubelet/kubeconfig
-sed -i s,CLIENT_CA_FILE,$CA_CERTIFICATE_FILE_PATH,g /etc/systemd/system/kubelet.service
-
-# start services
-systemctl daemon-reload
-systemctl restart kubelet
+# Bootstrap and join the cluster
+/etc/eks/bootstrap.sh --b64-cluster-ca '${cluster_auth_base64}' --apiserver-endpoint '${endpoint}' --use-max-pods '${max_pod_count}' --kubelet-extra-args '${kubelet_extra_args}' '${cluster_name}'

 # Install cron
 yum -y install crontabs

--- a/variables.tf
+++ b/variables.tf
@@ -56,9 +56,9 @@ variable "max_pods_per_worker" {
  default     = "20"
 }

-variable "alt_dns_cluster_ip" {
-  description = "Alternate DNS cluster IP address on different (non 10.x.x.x) range - this is a fallback"
-  default     = "172.20.0.10"
+variable "kubelet_extra_args" {
+  description = "Extra arguments to be passed through to kubelet"
+  default     = ""
 }

 variable "steamhaus_role_arn" {