From 6bc2125fd2c066308d4a0a9ae7461a26fe296cff Mon Sep 17 00:00:00 2001
From: brandoconnor <brandon@atscale.run>
Date: Fri, 8 Jun 2018 02:21:23 -0700
Subject: [PATCH] forgot to add templates

---
 templates/config-map-aws-auth.yaml.tpl | 12 +++++++++++
 templates/kubeconfig.tpl               | 27 +++++++++++++++++++++++
 templates/userdata.sh.tpl              | 30 ++++++++++++++++++++++++++
 3 files changed, 69 insertions(+)
 create mode 100644 templates/config-map-aws-auth.yaml.tpl
 create mode 100644 templates/kubeconfig.tpl
 create mode 100644 templates/userdata.sh.tpl

diff --git a/templates/config-map-aws-auth.yaml.tpl b/templates/config-map-aws-auth.yaml.tpl
new file mode 100644
index 0000000..e5bf4fa
--- /dev/null
+++ b/templates/config-map-aws-auth.yaml.tpl
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aws-auth
+  namespace: kube-system
+data:
+  mapRoles: |
+    - rolearn: ${role_arn}
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes
diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl
new file mode 100644
index 0000000..9f9dc78
--- /dev/null
+++ b/templates/kubeconfig.tpl
@@ -0,0 +1,27 @@
+apiVersion: v1
+preferences: {}
+kind: Config
+
+clusters:
+- cluster:
+    server: ${endpoint}
+    certificate-authority-data: ${cluster_auth_base64}
+  name: kubernetes
+
+contexts:
+- context:
+    cluster: kubernetes
+    user: aws
+  name: aws
+current-context: aws
+
+users:
+- name: aws
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      command: heptio-authenticator-aws
+      args:
+        - "token"
+        - "-i"
+        - "${cluster_name}"
diff --git a/templates/userdata.sh.tpl b/templates/userdata.sh.tpl
new file mode 100644
index 0000000..14e391a
--- /dev/null
+++ b/templates/userdata.sh.tpl
@@ -0,0 +1,30 @@
+#!/bin/bash -xe
+
+# Certificate Authority config
+CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
+CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
+mkdir -p $CA_CERTIFICATE_DIRECTORY
+echo "${cluster_auth_base64}" | base64 -d >$CA_CERTIFICATE_FILE_PATH
+
+# Authenticatoin
+INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
+sed -i s,MASTER_ENDPOINT,${endpoint},g /var/lib/kubelet/kubeconfig
+sed -i s,CLUSTER_NAME,${cluster_name},g /var/lib/kubelet/kubeconfig
+sed -i s,REGION,${region},g /etc/systemd/system/kubelet.service
+sed -i s,MAX_PODS,${max_pod_count},g /etc/systemd/system/kubelet.service
+sed -i s,MASTER_ENDPOINT,${endpoint},g /etc/systemd/system/kubelet.service
+sed -i s,INTERNAL_IP,$INTERNAL_IP,g /etc/systemd/system/kubelet.service
+
+# DNS cluster configuration
+DNS_CLUSTER_IP=10.100.0.10
+if [[ $INTERNAL_IP == 10.* ]]; then DNS_CLUSTER_IP=172.20.0.10; fi
+sed -i s,DNS_CLUSTER_IP,$DNS_CLUSTER_IP,g /etc/systemd/system/kubelet.service
+sed -i s,CERTIFICATE_AUTHORITY_FILE,$CA_CERTIFICATE_FILE_PATH,g /var/lib/kubelet/kubeconfig
+sed -i s,CLIENT_CA_FILE,$CA_CERTIFICATE_FILE_PATH,g /etc/systemd/system/kubelet.service
+
+# start services
+systemctl daemon-reload
+systemctl restart kubelet kube-proxy
+
+# Allow user supplied userdata code
+${additional_userdata}