promenade/promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml

178 lines
5.3 KiB
YAML

---
apiVersion: v1
kind: Pod
metadata:
name: bootstrap-armada
namespace: kube-system
labels:
app: promenade
component: genesis-tiller
spec:
dnsPolicy: Default
hostNetwork: true
containers:
- env:
- name: TILLER_NAMESPACE
value: kube-system
image: {{ config['Genesis:images.helm.tiller'] }}
command:
- /tiller
- -logtostderr
- -v
- "99"
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: tiller
ports:
- containerPort: 44134
name: tiller
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readiness
port: 44135
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- name: armada
image: {{ config['Genesis:images.armada'] }}
command:
- /bin/bash
- -c
- |-
set -x
while true; do
sleep 10
if armada \
apply \
--target-manifest {{ config.get_path('Genesis:armada.target_manifest', 'cluster-bootstrap') }} \
--tiller-host 127.0.0.1 \
/etc/genesis/armada/assets/manifest.yaml &>> "${ARMADA_LOGFILE}"; then
break
fi
done
touch /ipc/armada-done
sleep 10000
env:
- name: ARMADA_LOGFILE
value: /tmp/log/bootstrap-armada.log
{%- if config['KubernetesNetwork:proxy.url'] is defined %}
- name: HTTP_PROXY
value: {{ config['KubernetesNetwork:proxy.url'] }}
- name: HTTPS_PROXY
value: {{ config['KubernetesNetwork:proxy.url'] }}
- name: NO_PROXY
value: {{ config.get(kind='KubernetesNetwork') | fill_no_proxy }}
- name: http_proxy
value: {{ config['KubernetesNetwork:proxy.url'] }}
- name: https_proxy
value: {{ config['KubernetesNetwork:proxy.url'] }}
- name: no_proxy
value: {{ config.get(kind='KubernetesNetwork') | fill_no_proxy }}
{%- endif %}
volumeMounts:
- name: assets
mountPath: /etc/genesis/armada/assets
- name: auth
mountPath: /armada/.kube
- name: ipc
mountPath: /ipc
- name: log
mountPath: /tmp/log
- name: monitor
image: {{ config['HostSystem:images.kubernetes.kubectl'] }}
command:
- /bin/sh
- -c
- |-
set -x
while ! [ -e /ipc/armada-done ]; do
sleep 5
done
rm -f /etc/kubernetes/manifests/bootstrap-armada.yaml
sleep 10000
volumeMounts:
- name: ipc
mountPath: /ipc
- name: manifest
mountPath: /etc/kubernetes/manifests
- name: kubectl-apiserver
image: {{ config['Genesis:images.kubernetes.apiserver'] }}
command:
{%- for argument in config.bootstrap_apiserver_prefix() %}
- "{{ argument }}"
{%- endfor %}
- --advertise-address={{ config['Genesis:ip'] }}
- --authorization-mode=Node,RBAC
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- --anonymous-auth=true
- --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem
- --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
- --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem
- --kubelet-client-key=/etc/kubernetes/apiserver/pki/apiserver-key.pem
- --insecure-port=8080
- --secure-port=6444
- --bind-address=0.0.0.0
- --runtime-config=batch/v2alpha1=true
- --allow-privileged=true
- --etcd-servers=https://localhost:12379
- --etcd-cafile=/etc/kubernetes/apiserver/pki/etcd-client-ca.pem
- --etcd-certfile=/etc/kubernetes/apiserver/pki/etcd-client.pem
- --etcd-keyfile=/etc/kubernetes/apiserver/pki/etcd-client-key.pem
- --service-cluster-ip-range={{ config['KubernetesNetwork:kubernetes.service_cidr'] }}
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub
- --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem
env:
- name: KUBECONFIG
value: /etc/kubernetes/admin/config
volumeMounts:
- name: auth
mountPath: /etc/kubernetes/admin
- name: config
mountPath: /etc/kubernetes/apiserver
readOnly: true
volumes:
- name: assets
hostPath:
path: /etc/genesis/armada/assets
- name: auth
hostPath:
path: /etc/genesis/armada/auth
- name: manifest
hostPath:
path: /etc/kubernetes/manifests
- name: ipc
emptyDir: {}
- name: log
hostPath:
path: /var/log/armada
- name: config
hostPath:
path: /etc/genesis/apiserver
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30