airship
/
promenade
Code Issues Proposed changes

Merge pull request #21 from mark-burnett/complete-bundle 

Okay, LGTM then.
This commit is contained in:
Scott Hussey 2017-06-23 09:23:19 -05:00 committed by GitHub
parent b071b33a91 a9784b4c83
commit c303008cb8
19 changed files with 80 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
promenade/config.py
View File

@ -53,6 +53,10 @@ class Document:
def name(self):
return self.metadata['name']
@property
def alias(self):
return self.metadata.get('alias')
@property
def target(self):
return self.metadata.get('target')
@ -91,9 +95,11 @@ class Configuration:
else:
return results[0]
def get(self, *, kind, name):
def get(self, *, kind, alias=None, name=None):
for document in self.documents:
if document.kind == kind and document.name == name:
if (document.kind == kind
and (not alias or document.alias == alias)
and (not name or document.name == name)) :
return document
def iterate(self, *, kind=None, target=None):

52
promenade/generator.py
View File

@ -66,6 +66,8 @@ class Generator:
)
config.Configuration([
admin_cert,
admin_cert_key,
cluster_ca,
cluster_ca_key,
etcd_client_ca,
@ -76,6 +78,19 @@ class Generator:
sa_priv,
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
complete_configuration = [
admin_cert,
admin_cert_key,
cluster_ca,
cluster_ca_key,
etcd_client_ca,
etcd_client_ca_key,
etcd_peer_ca,
etcd_peer_ca_key,
sa_pub,
sa_priv,
]
for hostname, data in cluster['nodes'].items():
if 'genesis' in data.get('roles', []):
genesis_hostname = hostname
@ -99,6 +114,7 @@ class Generator:
proxy_cert, proxy_cert_key = keys.generate_certificate(
alias='proxy',
config_name='system:kube-proxy:%s' % hostname,
name='system:kube-proxy',
ca_name='cluster',
hosts=[
@ -107,6 +123,14 @@ class Generator:
],
target=hostname)
complete_configuration.extend([
kubelet_cert,
kubelet_cert_key,
node,
proxy_cert,
proxy_cert_key,
])
common_documents = [
cluster_ca,
kubelet_cert,
@ -130,12 +154,14 @@ class Generator:
sa_pub,
])
if 'genesis' not in data.get('roles', []):
role_specific_documents.append(
_master_etcd_config(cluster_name, genesis_hostname,
hostname, masters)
)
role_specific_documents.extend(_master_config(hostname, data,
masters, network, keys))
etcd_config = _master_etcd_config(
cluster_name, genesis_hostname, hostname, masters)
complete_configuration.append(etcd_config)
role_specific_documents.append(etcd_config)
master_documents = _master_config(hostname, data,
masters, network, keys)
complete_configuration.extend(master_documents)
role_specific_documents.extend(master_documents)
if 'genesis' in data.get('roles', []):
role_specific_documents.extend(_genesis_config(hostname, data,
@ -146,6 +172,9 @@ class Generator:
c = config.Configuration(common_documents + role_specific_documents)
c.write(os.path.join(output_dir, hostname + '.yaml'))
config.Configuration(complete_configuration).write(
os.path.join(output_dir, 'complete-bundle.yaml'))
def construct_masters(self, cluster_name):
masters = []
for hostname, data in self.input_config['Cluster']['nodes'].items():
@ -174,7 +203,8 @@ def _master_etcd_config(cluster_name, genesis_hostname, hostname, masters):
'auxiliary-etcd-0=https://%s:12380' % genesis_hostname,
'auxiliary-etcd-1=https://%s:22380' % genesis_hostname,
])
return _etcd_config(cluster_name, name='master-etcd',
return _etcd_config(cluster_name, alias='master-etcd',
name='master-etcd:%s' % hostname,
target=hostname,
initial_cluster=initial_cluster,
initial_cluster_state='existing')
@ -186,19 +216,21 @@ def _genesis_etcd_config(cluster_name, hostname):
'auxiliary-etcd-0=https://%s:12380' % hostname,
'auxiliary-etcd-1=https://%s:22380' % hostname,
]
return _etcd_config(cluster_name, name='genesis-etcd',
return _etcd_config(cluster_name, alias='genesis-etcd',
name='master-etcd:%s' % hostname,
target=hostname,
initial_cluster=initial_cluster,
initial_cluster_state='new')
def _etcd_config(cluster_name, *, name, target,
def _etcd_config(cluster_name, *, alias, name, target,
initial_cluster, initial_cluster_state):
return config.Document({
'apiVersion': 'promenade/v1',
'kind': 'Etcd',
'metadata': {
'cluster': cluster_name,
'alias': alias,
'name': name,
'target': target,
},
@ -255,6 +287,7 @@ def _master_config(hostname, host_data, masters, network, keys):
docs.extend(keys.generate_certificate(
alias='controller-manager',
config_name='system:kube-controller-manager:%s' % hostname,
name='system:kube-controller-manager',
ca_name='cluster',
hosts=[
@ -266,6 +299,7 @@ def _master_config(hostname, host_data, masters, network, keys):
docs.extend(keys.generate_certificate(
alias='scheduler',
config_name='system:kube-scheduler:%s' % hostname,
name='system:kube-scheduler',
ca_name='cluster',
hosts=[

18
promenade/pki.py
View File

@ -61,14 +61,17 @@ class PKI:
alias = name
return (self._wrap('PublicKey', pub_result['pub.pem'],
name=alias,
alias=alias,
name=name,
target=target),
self._wrap('PrivateKey', priv_result['priv.pem'],
name=alias,
alias=alias,
name=name,
target=target))
def generate_certificate(self, *, alias=None, ca_name, groups=[], hosts=[], name, target):
def generate_certificate(self, *, alias=None, config_name=None,
ca_name, groups=[], hosts=[], name, target):
result = self._cfssl(
['gencert',
'-ca', 'ca.pem',
@ -85,11 +88,16 @@ class PKI:
if not alias:
alias = name
if not config_name:
config_name = name
return (self._wrap('Certificate', result['cert'],
name=alias,
alias=alias,
name=config_name,
target=target),
self._wrap('CertificateKey', result['key'],
name=alias,
alias=alias,
name=config_name,
target=target))
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):

2
promenade/templates/common/etc/kubernetes/kubelet/pki/kubelet-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='kubelet')['data'] }}
{{ config.get(kind='CertificateKey', alias='kubelet')['data'] }}

2
promenade/templates/common/etc/kubernetes/kubelet/pki/kubelet.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='kubelet')['data'] }}
{{ config.get(kind='Certificate', alias='kubelet')['data'] }}

2
promenade/templates/common/etc/kubernetes/proxy/pki/proxy-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='proxy')['data'] }}
{{ config.get(kind='CertificateKey', alias='proxy')['data'] }}

2
promenade/templates/common/etc/kubernetes/proxy/pki/proxy.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='proxy')['data'] }}
{{ config.get(kind='Certificate', alias='proxy')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/apiserver-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='apiserver')['data'] }}
{{ config.get(kind='CertificateKey', alias='apiserver')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/apiserver.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='apiserver')['data'] }}
{{ config.get(kind='Certificate', alias='apiserver')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/etcd-client-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-apiserver-client')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-apiserver-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/etcd-client.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-apiserver-client')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-apiserver-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/controller-manager/pki/controller-manager-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='controller-manager')['data'] }}
{{ config.get(kind='CertificateKey', alias='controller-manager')['data'] }}

2
promenade/templates/master/etc/kubernetes/controller-manager/pki/controller-manager.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='controller-manager')['data'] }}
{{ config.get(kind='Certificate', alias='controller-manager')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-client-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-client')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-client.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-client')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-peer-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-peer')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-peer')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-peer.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-peer')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-peer')['data'] }}

2
promenade/templates/master/etc/kubernetes/scheduler/pki/scheduler-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='scheduler')['data'] }}
{{ config.get(kind='CertificateKey', alias='scheduler')['data'] }}

2
promenade/templates/master/etc/kubernetes/scheduler/pki/scheduler.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='scheduler')['data'] }}
{{ config.get(kind='Certificate', alias='scheduler')['data'] }}