This commit updates our Terraform variables to include the worker
subnets, and then switches on that (and the master zones) in Terraform
to avoid creating subnet infrastructure (NAT gateways, routes, etc.)
in zones that have no Machine(Set)s. This helps address limit issues
in high-zone regions like us-east-1, as seen in the limits.md change.
Note that without a reduction in our default MachineSet creation, the
installer defaults will still not work on us-east-1 without a limit
bump.
The drawback is that users are now on the hook to provision their own
subnets in other zones if they decide that they want to grow into a
new zone as a day-2 Machine(Set) operation. For now, they'll have to
provide their own infrastructure for that, and our
user-provided-infrastructure docs should give them sufficient
grounding to do so. It's possible that in the future the machine-API
or other infrastructure operator could dynamically provision subnets
in zones that were not populated at install-time, but I can't hazard a
guess as to how likely that will be.
The HCL functions for combining the zone lists are documented in [1,2].
[1]: https://www.terraform.io/docs/configuration-0-11/interpolation.html#concat-list1-list2-
[2]: https://www.terraform.io/docs/configuration-0-11/interpolation.html#distinct-list-
Summary:
- Console security group unused, replaced along the way by Router ELB
- API security group unused, no longer in use after switch to NLB
- Ports 80/443 not required, console using service port and Router ELB
- Master port 22623 only targeted from inside the VPC
- API server only on 6443 (6444 & 6445 carryover from Tectonic)
- SSH port only targeted from inside the VPC with move to private
- Heapster (Port 4194) no longer used
- Master port 10255 (insecure) deprecated and removed in OpenShift
- Renamed 10250 to secure, because it is the secure kubelet port
Fixing an omission from b383cd75 (Adding user doc/guide for AWS
account and installation, 2019-01-09, #1030).
While I'm doing pedantic things at the end of the file, also
alphabetize the link defintions.
We were seeing frequent long requests from etcd. After increasing
CPU (2 -> 4 cores) those pauses dropped significantly. Increase
the limit until the rebase lands and we can deliver the CPU perf
improvements to the control plane.
Make a set of changes to connect machine set size to the values
passed as input. Update the docs.
