Add WorkerFeatureGates, refactor configuration

Dockerfile

@@ -3,7 +3,7 @@ FROM debian:sid
 ENV KUBE_VERSION v1.8.4
 ENV KUBEADM_URL https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/amd64/kubeadm
 
-RUN apt-get -qy update && apt-get -qy install curl make awscli golang-cfssl \
+RUN apt-get -qy update && apt-get -qy install curl make awscli golang-cfssl jq \
   && useradd -m user \
   && curl -Lfo /usr/bin/kubeadm "$KUBEADM_URL" \
   && chmod a+x  /usr/bin/kubeadm

Makefile

@@ -1,12 +1,6 @@
-NAME                 ?= int
-DOMAIN_ROOT          ?= example.com
-DOMAIN_NAME          := $(NAME).$(DOMAIN_ROOT)
-CONTROLLER_SUBDOMAIN := api
-CONTROLLER_FQDN      := $(CONTROLLER_SUBDOMAIN).$(DOMAIN_NAME)
-CONTROLLER_POOL_SIZE := 3
-
-REGION       ?= us-east-1
-ASSET_BUCKET ?= example-asset-bucket
+NAME   ?= example
+CONFIG ?= config/$(NAME).json
+REGION ?= us-east-1
 
 TOP := $(shell pwd)
 TLS_CA_CSR ?= $(TOP)/cfssl/csr/ca-csr.json
@@ -15,34 +9,15 @@ BUILD         ?= generated/$(NAME)
 BUILD_TLS     := $(BUILD)/tls
 BUILD_KUBEADM := $(BUILD)/kubeadm
 
-PUBLIC_SUBNET_CIDR_PREFIX  ?= 172.20.15
-PRIVATE_SUBNET_CIDR_PREFIX ?= 172.20.16
-
-PARENT_ZONEID ?= ZABCD
-
-VPCID ?= vpc-1234
-IGW   ?= igw-1234
-
-CLUSTER_STATE ?= existing
-
-define kv_pair
-{ "ParameterKey": "$(1)", "ParameterValue": "$(2)" }
+define config
+$(shell jq -r '.[]|select(.ParameterKey == "$(1)").ParameterValue' $(CONFIG))
 endef
 
-define cfn_params
-[
-	$(call kv_pair,DomainName,$(DOMAIN_NAME)),
-	$(call kv_pair,ControllerSubdomain,$(CONTROLLER_SUBDOMAIN)),
-	$(call kv_pair,assetBucket,$(ASSET_BUCKET)),
-	$(call kv_pair,PrivateSubnetCidrPrefix,$(PRIVATE_SUBNET_CIDR_PREFIX)),
-	$(call kv_pair,PublicSubnetCidrPrefix,$(PUBLIC_SUBNET_CIDR_PREFIX)),
-	$(call kv_pair,VPCID,$(VPCID)),
-	$(call kv_pair,InternetGateway,$(IGW)),
-	$(call kv_pair,ParentZoneID,$(PARENT_ZONEID)),
-	$(call kv_pair,ClusterState,$(CLUSTER_STATE))
-]
-endef
-export cfn_params
+DOMAIN_NAME                := $(call config,DomainName)
+CONTROLLER_SUBDOMAIN       := $(call config,ControllerSubdomain)
+CONTROLLER_FQDN            := $(CONTROLLER_SUBDOMAIN).$(DOMAIN_NAME)
+ASSET_BUCKET               := $(call config,assetBucket)
+CLUSTER_STATE              := $(call config,ClusterState)
 
 OBJS := $(BUILD_TLS) $(BUILD_TLS)/ca.pem $(BUILD_TLS)/server-key.pem \
 	$(BUILD_TLS)/peer-key.pem $(BUILD_KUBEADM)/ca.crt \
@@ -60,11 +35,8 @@ ifndef OP
 	$(error OP required)
 endif
 
-params:
-	echo $$cfn_params
-
 create-cluster:
-	OP=create-stack CLUSTER_STATE=new make cloudformation
+	OP=create-stack make cloudformation
 
 update-cluster:
 	OP=update-stack make cloudformation
@@ -73,7 +45,7 @@ cloudformation: require-op upload
 	aws --region $(REGION) cloudformation $(OP) \
 		--stack-name $(NAME) \
 		--capabilities CAPABILITY_IAM \
-		--parameters "$$cfn_params" \
+		--parameters "$$(cat $(CONFIG))" \
 		--template-body "$$(cat kubernetes.yaml)" $(OPTS)
 
 $(BUILD):

README.md

@@ -54,6 +54,7 @@ specific settings.
   'retry': https://github.com/coreos/bugs/issues/2280
 
 ## Create cluster
+- modify `config/example.json`, make sure to set ClusterState=new!
 - `docker build -t cfn-make .`
 - `docker run -e AWS_ACCESS_KEY_ID=xx -e AWS_SECRET_ACCESS_KEY=yy cfn-make \
     create-cluster`
@@ -64,6 +65,8 @@ specific settings.
     update-cluster`
 - Install networking plugin:
 - `kubectl apply -f manifests/kube-flanne.yaml`
+- modify `config/example.json`, make sure to set ClusterState=existing,
+  otherwise replaced etcd instances won't be able to join the cluster.
 
 ## "Dry run"
 Cloudformation supports [Change
@@ -87,11 +90,4 @@ aws --region us-east-1 cloudformation describe-change-set \
 To create a second cluster, you need to override the name of the cloudformation
 stack. This can be done with the NAME environment variable.
 Since the stack uses a existing VPC but brings it's own subnets, the network
-ranges need to be adjusted too:
-
-```
-docker run -e AWS_ACCESS_KEY_ID=.. -e AWS_SECRET_ACCESS_KEY=.. -v $PWD:/usr/src/ \
-  cfn-make create-cluster NAME=int3 \
-    PUBLIC_SUBNET_CIDR_PREFIX=172.20.15 \
-    PRIVATE_SUBNET_CIDR_PREFIX=172.20.16
-```
+ranges need to be adjusted in the config.

config/example.json

@@ -0,0 +1,38 @@
+[
+  {
+    "ParameterKey": "DomainName",
+    "ParameterValue": "int.example.com"
+  },
+  {
+    "ParameterKey": "ControllerSubdomain",
+    "ParameterValue": "api"
+  },
+  {
+    "ParameterKey": "assetBucket",
+    "ParameterValue": "example-asset-bucket"
+  },
+  {
+    "ParameterKey": "PrivateSubnetCidrPrefix",
+    "ParameterValue": "172.20.16"
+  },
+  {
+    "ParameterKey": "PublicSubnetCidrPrefix",
+    "ParameterValue": "172.20.15"
+  },
+  {
+    "ParameterKey": "VPCID",
+    "ParameterValue": "vpc-1234"
+  },
+  {
+    "ParameterKey": "InternetGateway",
+    "ParameterValue": "igw-1234"
+  },
+  {
+    "ParameterKey": "ParentZoneID",
+    "ParameterValue": "ZABCD"
+  },
+  {
+    "ParameterKey": "ClusterState",
+    "ParameterValue": "existing"
+  }
+]

kubernetes.yaml

@@ -42,6 +42,10 @@ Parameters:
     Type: String
     Default: v1.9.2_coreos.0
 
+  WorkerFeatureGates:
+    Type: String
+    Default: ""
+
   KubeadmVersion:
     Type: String
     Default: v1.9.2
@@ -1200,11 +1204,12 @@ Resources:
         - assetBucket: !Ref assetBucket
           DomainName:  !Ref DomainName
       Parameters:
-        DomainName:          !Ref DomainName
-        assetBucket:         !Ref assetBucket
-        VPCID:               !Ref VPCID
-        PrivateSubnetA:      !Ref PrivateSubnetA
-        PrivateSubnetB:      !Ref PrivateSubnetB
+        DomainName:     !Ref DomainName
+        FeatureGates:   !Ref WorkerFeatureGates
+        assetBucket:    !Ref assetBucket
+        VPCID:          !Ref VPCID
+        PrivateSubnetA: !Ref PrivateSubnetA
+        PrivateSubnetB: !Ref PrivateSubnetB
         PrivateSubnetC:      !Ref PrivateSubnetC
 
 Outputs: