add configuration bundle for drydock export
This commit is contained in:
parent
daeef2a085
commit
595e0ef4a9
@ -53,6 +53,10 @@ class Document:
|
|||||||
def name(self):
|
def name(self):
|
||||||
return self.metadata['name']
|
return self.metadata['name']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def alias(self):
|
||||||
|
return self.metadata.get('alias')
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def target(self):
|
def target(self):
|
||||||
return self.metadata.get('target')
|
return self.metadata.get('target')
|
||||||
@ -91,9 +95,11 @@ class Configuration:
|
|||||||
else:
|
else:
|
||||||
return results[0]
|
return results[0]
|
||||||
|
|
||||||
def get(self, *, kind, name):
|
def get(self, *, kind, alias=None, name=None):
|
||||||
for document in self.documents:
|
for document in self.documents:
|
||||||
if document.kind == kind and document.name == name:
|
if (document.kind == kind
|
||||||
|
and (not alias or document.alias == alias)
|
||||||
|
and (not name or document.name == name)) :
|
||||||
return document
|
return document
|
||||||
|
|
||||||
def iterate(self, *, kind=None, target=None):
|
def iterate(self, *, kind=None, target=None):
|
||||||
|
@ -66,6 +66,8 @@ class Generator:
|
|||||||
)
|
)
|
||||||
|
|
||||||
config.Configuration([
|
config.Configuration([
|
||||||
|
admin_cert,
|
||||||
|
admin_cert_key,
|
||||||
cluster_ca,
|
cluster_ca,
|
||||||
cluster_ca_key,
|
cluster_ca_key,
|
||||||
etcd_client_ca,
|
etcd_client_ca,
|
||||||
@ -76,6 +78,19 @@ class Generator:
|
|||||||
sa_priv,
|
sa_priv,
|
||||||
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
|
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
|
||||||
|
|
||||||
|
complete_configuration = [
|
||||||
|
admin_cert,
|
||||||
|
admin_cert_key,
|
||||||
|
cluster_ca,
|
||||||
|
cluster_ca_key,
|
||||||
|
etcd_client_ca,
|
||||||
|
etcd_client_ca_key,
|
||||||
|
etcd_peer_ca,
|
||||||
|
etcd_peer_ca_key,
|
||||||
|
sa_pub,
|
||||||
|
sa_priv,
|
||||||
|
]
|
||||||
|
|
||||||
for hostname, data in cluster['nodes'].items():
|
for hostname, data in cluster['nodes'].items():
|
||||||
if 'genesis' in data.get('roles', []):
|
if 'genesis' in data.get('roles', []):
|
||||||
genesis_hostname = hostname
|
genesis_hostname = hostname
|
||||||
@ -99,6 +114,7 @@ class Generator:
|
|||||||
|
|
||||||
proxy_cert, proxy_cert_key = keys.generate_certificate(
|
proxy_cert, proxy_cert_key = keys.generate_certificate(
|
||||||
alias='proxy',
|
alias='proxy',
|
||||||
|
config_name='system:kube-proxy:%s' % hostname,
|
||||||
name='system:kube-proxy',
|
name='system:kube-proxy',
|
||||||
ca_name='cluster',
|
ca_name='cluster',
|
||||||
hosts=[
|
hosts=[
|
||||||
@ -107,6 +123,14 @@ class Generator:
|
|||||||
],
|
],
|
||||||
target=hostname)
|
target=hostname)
|
||||||
|
|
||||||
|
complete_configuration.extend([
|
||||||
|
kubelet_cert,
|
||||||
|
kubelet_cert_key,
|
||||||
|
node,
|
||||||
|
proxy_cert,
|
||||||
|
proxy_cert_key,
|
||||||
|
])
|
||||||
|
|
||||||
common_documents = [
|
common_documents = [
|
||||||
cluster_ca,
|
cluster_ca,
|
||||||
kubelet_cert,
|
kubelet_cert,
|
||||||
@ -130,12 +154,14 @@ class Generator:
|
|||||||
sa_pub,
|
sa_pub,
|
||||||
])
|
])
|
||||||
if 'genesis' not in data.get('roles', []):
|
if 'genesis' not in data.get('roles', []):
|
||||||
role_specific_documents.append(
|
etcd_config = _master_etcd_config(
|
||||||
_master_etcd_config(cluster_name, genesis_hostname,
|
cluster_name, genesis_hostname, hostname, masters)
|
||||||
hostname, masters)
|
complete_configuration.append(etcd_config)
|
||||||
)
|
role_specific_documents.append(etcd_config)
|
||||||
role_specific_documents.extend(_master_config(hostname, data,
|
master_documents = _master_config(hostname, data,
|
||||||
masters, network, keys))
|
masters, network, keys)
|
||||||
|
complete_configuration.extend(master_documents)
|
||||||
|
role_specific_documents.extend(master_documents)
|
||||||
|
|
||||||
if 'genesis' in data.get('roles', []):
|
if 'genesis' in data.get('roles', []):
|
||||||
role_specific_documents.extend(_genesis_config(hostname, data,
|
role_specific_documents.extend(_genesis_config(hostname, data,
|
||||||
@ -146,6 +172,9 @@ class Generator:
|
|||||||
c = config.Configuration(common_documents + role_specific_documents)
|
c = config.Configuration(common_documents + role_specific_documents)
|
||||||
c.write(os.path.join(output_dir, hostname + '.yaml'))
|
c.write(os.path.join(output_dir, hostname + '.yaml'))
|
||||||
|
|
||||||
|
config.Configuration(complete_configuration).write(
|
||||||
|
os.path.join(output_dir, 'complete-bundle.yaml'))
|
||||||
|
|
||||||
def construct_masters(self, cluster_name):
|
def construct_masters(self, cluster_name):
|
||||||
masters = []
|
masters = []
|
||||||
for hostname, data in self.input_config['Cluster']['nodes'].items():
|
for hostname, data in self.input_config['Cluster']['nodes'].items():
|
||||||
|
@ -61,14 +61,17 @@ class PKI:
|
|||||||
alias = name
|
alias = name
|
||||||
|
|
||||||
return (self._wrap('PublicKey', pub_result['pub.pem'],
|
return (self._wrap('PublicKey', pub_result['pub.pem'],
|
||||||
name=alias,
|
alias=alias,
|
||||||
|
name=name,
|
||||||
target=target),
|
target=target),
|
||||||
self._wrap('PrivateKey', priv_result['priv.pem'],
|
self._wrap('PrivateKey', priv_result['priv.pem'],
|
||||||
name=alias,
|
alias=alias,
|
||||||
|
name=name,
|
||||||
target=target))
|
target=target))
|
||||||
|
|
||||||
|
|
||||||
def generate_certificate(self, *, alias=None, ca_name, groups=[], hosts=[], name, target):
|
def generate_certificate(self, *, alias=None, config_name=None,
|
||||||
|
ca_name, groups=[], hosts=[], name, target):
|
||||||
result = self._cfssl(
|
result = self._cfssl(
|
||||||
['gencert',
|
['gencert',
|
||||||
'-ca', 'ca.pem',
|
'-ca', 'ca.pem',
|
||||||
@ -85,11 +88,16 @@ class PKI:
|
|||||||
if not alias:
|
if not alias:
|
||||||
alias = name
|
alias = name
|
||||||
|
|
||||||
|
if not config_name:
|
||||||
|
config_name = name
|
||||||
|
|
||||||
return (self._wrap('Certificate', result['cert'],
|
return (self._wrap('Certificate', result['cert'],
|
||||||
name=alias,
|
alias=alias,
|
||||||
|
name=config_name,
|
||||||
target=target),
|
target=target),
|
||||||
self._wrap('CertificateKey', result['key'],
|
self._wrap('CertificateKey', result['key'],
|
||||||
name=alias,
|
alias=alias,
|
||||||
|
name=config_name,
|
||||||
target=target))
|
target=target))
|
||||||
|
|
||||||
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):
|
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='kubelet')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='kubelet')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='kubelet')['data'] }}
|
{{ config.get(kind='Certificate', alias='kubelet')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='proxy')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='proxy')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='proxy')['data'] }}
|
{{ config.get(kind='Certificate', alias='proxy')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='apiserver')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='apiserver')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='apiserver')['data'] }}
|
{{ config.get(kind='Certificate', alias='apiserver')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='etcd-apiserver-client')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='etcd-apiserver-client')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='etcd-apiserver-client')['data'] }}
|
{{ config.get(kind='Certificate', alias='etcd-apiserver-client')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='controller-manager')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='controller-manager')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='controller-manager')['data'] }}
|
{{ config.get(kind='Certificate', alias='controller-manager')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='etcd-client')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='etcd-client')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='etcd-client')['data'] }}
|
{{ config.get(kind='Certificate', alias='etcd-client')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='etcd-peer')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='etcd-peer')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='etcd-peer')['data'] }}
|
{{ config.get(kind='Certificate', alias='etcd-peer')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='CertificateKey', name='scheduler')['data'] }}
|
{{ config.get(kind='CertificateKey', alias='scheduler')['data'] }}
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ config.get(kind='Certificate', name='scheduler')['data'] }}
|
{{ config.get(kind='Certificate', alias='scheduler')['data'] }}
|
||||||
|
Loading…
Reference in New Issue
Block a user