Updates droplets.tf, outputs.tf, templates/ to add TLS SANS for clust…

…er to include all control plane node addresses, VIP and clean up outputs to be more organized and reflect centralization on the LB IP.

Signed-off-by: Joseph D. Marhee <[email protected]>

droplets.tf

@@ -24,8 +24,10 @@ data "template_file" "control-plane-replica" {
   depends_on = [digitalocean_database_cluster.rancherdb, digitalocean_droplet.control-plane-init]
   template   = file("${path.module}/templates/control-plane-replica.tpl")
   vars = {
-    RANCHER_DATA_SOURCE = "postgres://doadmin:${nonsensitive(digitalocean_database_cluster.rancherdb.password)}@${digitalocean_database_cluster.rancherdb.host}:${digitalocean_database_cluster.rancherdb.port}/defaultdb?sslmode=require"
-    GENERATED_K3S_TOKEN = random_string.k3s_token.result
+    RANCHER_DATA_SOURCE   = "postgres://doadmin:${nonsensitive(digitalocean_database_cluster.rancherdb.password)}@${digitalocean_database_cluster.rancherdb.host}:${digitalocean_database_cluster.rancherdb.port}/defaultdb?sslmode=require"
+    GENERATED_K3S_TOKEN   = random_string.k3s_token.result
+    LOAD_BALANCER_VIP     = digitalocean_loadbalancer.kubernetes_lb.ip
+    CONTROL_PLANE_INIT_IP = digitalocean_droplet.control-plane-init.ipv4_address
   }
 }
 

outputs.tf

@@ -1,29 +1,24 @@
-output "controller_addresses" {
-  description = "Kubernetes Controller IP Addresses"
-  value       = "${digitalocean_droplet.control-plane-init.ipv4_address}\n"
-}
-
-output "controller_peers" {
-  description = "Control Plane Nodes"
-  value       = digitalocean_droplet.control-plane-replica.*.ipv4_address
-}
-
-output "worker_nodes" {
-  description = "Worker Nodes"
-  value       = digitalocean_droplet.node.*.ipv4_address
+output "kubeconfig_base64" {
+  description = "Base64 encoded kubeconfig string"
+  value       = data.external.k3s_config.result.kubeconfig
 }
 
-output "kubeconfig" {
+output "kubeconfig_location" {
   description = "Your Kubeconfig"
   value       = "${path.module}/${pathexpand(format("%s-config", var.cluster_name))}"
 }
 
-output "kubeconfig_base64" {
-  description = "Base64 encoded kubeconfig string"
-  value       = data.external.k3s_config.result.kubeconfig
+output "control_plane_lb_address" {
+  description = "K3s Control Plane Load Balancer Address"
+  value       = digitalocean_loadbalancer.kubernetes_lb.ip
 }
 
-output "cluster_lb_address" {
-  description = "K3s Cluster LB Address"
-  value       = digitalocean_loadbalancer.kubernetes_lb.ip
+output "control_plane_nodes" {
+  description = "K3s Control Plane Node IP Addresses"
+  value       = "${digitalocean_droplet.control-plane-init.ipv4_address}, ${join(", ", digitalocean_droplet.control-plane-replica.*.ipv4_address)}"
+}
+
+output "worker_nodes" {
+  description = "K3s Worker Nodes"
+  value       = digitalocean_droplet.node.*.ipv4_address
 }

templates/control-plane-init.tpl

@@ -3,4 +3,5 @@
 curl -sfL https://get.k3s.io | \
 INSTALL_K3S_CHANNEL=latest K3S_TOKEN="${GENERATED_K3S_TOKEN}" \
 sh -s - server --datastore-endpoint="${RANCHER_DATA_SOURCE}" \
---tls-san "${LOAD_BALANCER_VIP}"
+--tls-san "${LOAD_BALANCER_VIP}" \
+--tls-san "$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)"

templates/control-plane-replica.tpl

@@ -2,4 +2,7 @@
 
 curl -sfL https://get.k3s.io | \
 INSTALL_K3S_CHANNEL=latest K3S_TOKEN="${GENERATED_K3S_TOKEN}" \
-sh -s - server --datastore-endpoint="${RANCHER_DATA_SOURCE}"
+sh -s - server --datastore-endpoint="${RANCHER_DATA_SOURCE}" \
+--tls-san "${LOAD_BALANCER_VIP}" \
+--tls-san "${CONTROL_PLANE_INIT_IP}" \
+--tls-san "$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)"