Merge pull request #21 from mark-burnett/complete-bundle
Okay, LGTM then.
This commit is contained in:
commit
c303008cb8
|
@ -53,6 +53,10 @@ class Document:
|
|||
def name(self):
|
||||
return self.metadata['name']
|
||||
|
||||
@property
|
||||
def alias(self):
|
||||
return self.metadata.get('alias')
|
||||
|
||||
@property
|
||||
def target(self):
|
||||
return self.metadata.get('target')
|
||||
|
@ -91,9 +95,11 @@ class Configuration:
|
|||
else:
|
||||
return results[0]
|
||||
|
||||
def get(self, *, kind, name):
|
||||
def get(self, *, kind, alias=None, name=None):
|
||||
for document in self.documents:
|
||||
if document.kind == kind and document.name == name:
|
||||
if (document.kind == kind
|
||||
and (not alias or document.alias == alias)
|
||||
and (not name or document.name == name)) :
|
||||
return document
|
||||
|
||||
def iterate(self, *, kind=None, target=None):
|
||||
|
|
|
@ -66,6 +66,8 @@ class Generator:
|
|||
)
|
||||
|
||||
config.Configuration([
|
||||
admin_cert,
|
||||
admin_cert_key,
|
||||
cluster_ca,
|
||||
cluster_ca_key,
|
||||
etcd_client_ca,
|
||||
|
@ -76,6 +78,19 @@ class Generator:
|
|||
sa_priv,
|
||||
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
|
||||
|
||||
complete_configuration = [
|
||||
admin_cert,
|
||||
admin_cert_key,
|
||||
cluster_ca,
|
||||
cluster_ca_key,
|
||||
etcd_client_ca,
|
||||
etcd_client_ca_key,
|
||||
etcd_peer_ca,
|
||||
etcd_peer_ca_key,
|
||||
sa_pub,
|
||||
sa_priv,
|
||||
]
|
||||
|
||||
for hostname, data in cluster['nodes'].items():
|
||||
if 'genesis' in data.get('roles', []):
|
||||
genesis_hostname = hostname
|
||||
|
@ -99,6 +114,7 @@ class Generator:
|
|||
|
||||
proxy_cert, proxy_cert_key = keys.generate_certificate(
|
||||
alias='proxy',
|
||||
config_name='system:kube-proxy:%s' % hostname,
|
||||
name='system:kube-proxy',
|
||||
ca_name='cluster',
|
||||
hosts=[
|
||||
|
@ -107,6 +123,14 @@ class Generator:
|
|||
],
|
||||
target=hostname)
|
||||
|
||||
complete_configuration.extend([
|
||||
kubelet_cert,
|
||||
kubelet_cert_key,
|
||||
node,
|
||||
proxy_cert,
|
||||
proxy_cert_key,
|
||||
])
|
||||
|
||||
common_documents = [
|
||||
cluster_ca,
|
||||
kubelet_cert,
|
||||
|
@ -130,12 +154,14 @@ class Generator:
|
|||
sa_pub,
|
||||
])
|
||||
if 'genesis' not in data.get('roles', []):
|
||||
role_specific_documents.append(
|
||||
_master_etcd_config(cluster_name, genesis_hostname,
|
||||
hostname, masters)
|
||||
)
|
||||
role_specific_documents.extend(_master_config(hostname, data,
|
||||
masters, network, keys))
|
||||
etcd_config = _master_etcd_config(
|
||||
cluster_name, genesis_hostname, hostname, masters)
|
||||
complete_configuration.append(etcd_config)
|
||||
role_specific_documents.append(etcd_config)
|
||||
master_documents = _master_config(hostname, data,
|
||||
masters, network, keys)
|
||||
complete_configuration.extend(master_documents)
|
||||
role_specific_documents.extend(master_documents)
|
||||
|
||||
if 'genesis' in data.get('roles', []):
|
||||
role_specific_documents.extend(_genesis_config(hostname, data,
|
||||
|
@ -146,6 +172,9 @@ class Generator:
|
|||
c = config.Configuration(common_documents + role_specific_documents)
|
||||
c.write(os.path.join(output_dir, hostname + '.yaml'))
|
||||
|
||||
config.Configuration(complete_configuration).write(
|
||||
os.path.join(output_dir, 'complete-bundle.yaml'))
|
||||
|
||||
def construct_masters(self, cluster_name):
|
||||
masters = []
|
||||
for hostname, data in self.input_config['Cluster']['nodes'].items():
|
||||
|
@ -174,7 +203,8 @@ def _master_etcd_config(cluster_name, genesis_hostname, hostname, masters):
|
|||
'auxiliary-etcd-0=https://%s:12380' % genesis_hostname,
|
||||
'auxiliary-etcd-1=https://%s:22380' % genesis_hostname,
|
||||
])
|
||||
return _etcd_config(cluster_name, name='master-etcd',
|
||||
return _etcd_config(cluster_name, alias='master-etcd',
|
||||
name='master-etcd:%s' % hostname,
|
||||
target=hostname,
|
||||
initial_cluster=initial_cluster,
|
||||
initial_cluster_state='existing')
|
||||
|
@ -186,19 +216,21 @@ def _genesis_etcd_config(cluster_name, hostname):
|
|||
'auxiliary-etcd-0=https://%s:12380' % hostname,
|
||||
'auxiliary-etcd-1=https://%s:22380' % hostname,
|
||||
]
|
||||
return _etcd_config(cluster_name, name='genesis-etcd',
|
||||
return _etcd_config(cluster_name, alias='genesis-etcd',
|
||||
name='master-etcd:%s' % hostname,
|
||||
target=hostname,
|
||||
initial_cluster=initial_cluster,
|
||||
initial_cluster_state='new')
|
||||
|
||||
|
||||
def _etcd_config(cluster_name, *, name, target,
|
||||
def _etcd_config(cluster_name, *, alias, name, target,
|
||||
initial_cluster, initial_cluster_state):
|
||||
return config.Document({
|
||||
'apiVersion': 'promenade/v1',
|
||||
'kind': 'Etcd',
|
||||
'metadata': {
|
||||
'cluster': cluster_name,
|
||||
'alias': alias,
|
||||
'name': name,
|
||||
'target': target,
|
||||
},
|
||||
|
@ -255,6 +287,7 @@ def _master_config(hostname, host_data, masters, network, keys):
|
|||
|
||||
docs.extend(keys.generate_certificate(
|
||||
alias='controller-manager',
|
||||
config_name='system:kube-controller-manager:%s' % hostname,
|
||||
name='system:kube-controller-manager',
|
||||
ca_name='cluster',
|
||||
hosts=[
|
||||
|
@ -266,6 +299,7 @@ def _master_config(hostname, host_data, masters, network, keys):
|
|||
|
||||
docs.extend(keys.generate_certificate(
|
||||
alias='scheduler',
|
||||
config_name='system:kube-scheduler:%s' % hostname,
|
||||
name='system:kube-scheduler',
|
||||
ca_name='cluster',
|
||||
hosts=[
|
||||
|
|
|
@ -61,14 +61,17 @@ class PKI:
|
|||
alias = name
|
||||
|
||||
return (self._wrap('PublicKey', pub_result['pub.pem'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=name,
|
||||
target=target),
|
||||
self._wrap('PrivateKey', priv_result['priv.pem'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=name,
|
||||
target=target))
|
||||
|
||||
|
||||
def generate_certificate(self, *, alias=None, ca_name, groups=[], hosts=[], name, target):
|
||||
def generate_certificate(self, *, alias=None, config_name=None,
|
||||
ca_name, groups=[], hosts=[], name, target):
|
||||
result = self._cfssl(
|
||||
['gencert',
|
||||
'-ca', 'ca.pem',
|
||||
|
@ -85,11 +88,16 @@ class PKI:
|
|||
if not alias:
|
||||
alias = name
|
||||
|
||||
if not config_name:
|
||||
config_name = name
|
||||
|
||||
return (self._wrap('Certificate', result['cert'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=config_name,
|
||||
target=target),
|
||||
self._wrap('CertificateKey', result['key'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=config_name,
|
||||
target=target))
|
||||
|
||||
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='kubelet')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='kubelet')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='kubelet')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='kubelet')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='proxy')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='proxy')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='proxy')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='proxy')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='apiserver')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='apiserver')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='apiserver')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='apiserver')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-apiserver-client')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-apiserver-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-apiserver-client')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-apiserver-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='controller-manager')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='controller-manager')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='controller-manager')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='controller-manager')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-client')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-client')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-peer')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-peer')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-peer')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-peer')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='scheduler')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='scheduler')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='scheduler')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='scheduler')['data'] }}
|
||||
|
|
Loading…
Reference in New Issue