6e81ed7b40
1) Kubernetes Template (Bootstrap) 2) Other charts within Promenade Repo Change-Id: I872802112587bdff84d3630a5b2542dc4b3f77f8
178 lines
5.3 KiB
YAML
178 lines
5.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: bootstrap-armada
|
|
namespace: kube-system
|
|
labels:
|
|
application: promenade
|
|
component: genesis-tiller
|
|
spec:
|
|
dnsPolicy: Default
|
|
hostNetwork: true
|
|
containers:
|
|
- env:
|
|
- name: TILLER_NAMESPACE
|
|
value: kube-system
|
|
image: {{ config['Genesis:images.helm.tiller'] }}
|
|
command:
|
|
- /tiller
|
|
- -logtostderr
|
|
- -v
|
|
- "99"
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /liveness
|
|
port: 44135
|
|
scheme: HTTP
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
name: tiller
|
|
ports:
|
|
- containerPort: 44134
|
|
name: tiller
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /readiness
|
|
port: 44135
|
|
scheme: HTTP
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources: {}
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
- name: armada
|
|
image: {{ config['Genesis:images.armada'] }}
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- |-
|
|
set -x
|
|
|
|
while true; do
|
|
sleep 10
|
|
if armada \
|
|
apply \
|
|
--target-manifest {{ config.get_path('Genesis:armada.target_manifest', 'cluster-bootstrap') }} \
|
|
--tiller-host 127.0.0.1 \
|
|
/etc/genesis/armada/assets/manifest.yaml &>> "${ARMADA_LOGFILE}"; then
|
|
break
|
|
fi
|
|
done
|
|
|
|
touch /ipc/armada-done
|
|
sleep 10000
|
|
env:
|
|
- name: ARMADA_LOGFILE
|
|
value: /tmp/log/bootstrap-armada.log
|
|
{%- if config['KubernetesNetwork:proxy.url'] is defined %}
|
|
- name: HTTP_PROXY
|
|
value: {{ config['KubernetesNetwork:proxy.url'] }}
|
|
- name: HTTPS_PROXY
|
|
value: {{ config['KubernetesNetwork:proxy.url'] }}
|
|
- name: NO_PROXY
|
|
value: {{ config.get(kind='KubernetesNetwork') | fill_no_proxy }}
|
|
- name: http_proxy
|
|
value: {{ config['KubernetesNetwork:proxy.url'] }}
|
|
- name: https_proxy
|
|
value: {{ config['KubernetesNetwork:proxy.url'] }}
|
|
- name: no_proxy
|
|
value: {{ config.get(kind='KubernetesNetwork') | fill_no_proxy }}
|
|
{%- endif %}
|
|
volumeMounts:
|
|
- name: assets
|
|
mountPath: /etc/genesis/armada/assets
|
|
- name: auth
|
|
mountPath: /armada/.kube
|
|
- name: ipc
|
|
mountPath: /ipc
|
|
- name: log
|
|
mountPath: /tmp/log
|
|
- name: monitor
|
|
image: {{ config['HostSystem:images.kubernetes.kubectl'] }}
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |-
|
|
set -x
|
|
|
|
while ! [ -e /ipc/armada-done ]; do
|
|
sleep 5
|
|
done
|
|
|
|
rm -f /etc/kubernetes/manifests/bootstrap-armada.yaml
|
|
sleep 10000
|
|
volumeMounts:
|
|
- name: ipc
|
|
mountPath: /ipc
|
|
- name: manifest
|
|
mountPath: /etc/kubernetes/manifests
|
|
- name: kubectl-apiserver
|
|
image: {{ config['Genesis:images.kubernetes.apiserver'] }}
|
|
command:
|
|
{%- for argument in config.bootstrap_apiserver_prefix() %}
|
|
- "{{ argument }}"
|
|
{%- endfor %}
|
|
- --advertise-address={{ config['Genesis:ip'] }}
|
|
- --authorization-mode=Node,RBAC
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
|
|
- --anonymous-auth=false
|
|
- --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem
|
|
- --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
|
|
- --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem
|
|
- --kubelet-client-key=/etc/kubernetes/apiserver/pki/apiserver-key.pem
|
|
- --insecure-port=8080
|
|
- --secure-port=6444
|
|
- --bind-address=0.0.0.0
|
|
- --runtime-config=batch/v2alpha1=true
|
|
- --allow-privileged=true
|
|
- --etcd-servers=https://localhost:12379
|
|
- --etcd-cafile=/etc/kubernetes/apiserver/pki/etcd-client-ca.pem
|
|
- --etcd-certfile=/etc/kubernetes/apiserver/pki/etcd-client.pem
|
|
- --etcd-keyfile=/etc/kubernetes/apiserver/pki/etcd-client-key.pem
|
|
- --service-cluster-ip-range={{ config['KubernetesNetwork:kubernetes.service_cidr'] }}
|
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
|
- --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub
|
|
- --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem
|
|
- --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem
|
|
env:
|
|
- name: KUBECONFIG
|
|
value: /etc/kubernetes/admin/config
|
|
volumeMounts:
|
|
- name: auth
|
|
mountPath: /etc/kubernetes/admin
|
|
- name: config
|
|
mountPath: /etc/kubernetes/apiserver
|
|
readOnly: true
|
|
volumes:
|
|
- name: assets
|
|
hostPath:
|
|
path: /etc/genesis/armada/assets
|
|
- name: auth
|
|
hostPath:
|
|
path: /etc/genesis/armada/auth
|
|
- name: manifest
|
|
hostPath:
|
|
path: /etc/kubernetes/manifests
|
|
- name: ipc
|
|
emptyDir: {}
|
|
- name: log
|
|
hostPath:
|
|
path: /var/log/armada
|
|
- name: config
|
|
hostPath:
|
|
path: /etc/genesis/apiserver
|
|
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
securityContext: {}
|
|
terminationGracePeriodSeconds: 30
|