[WIP] Support Fedora CoreOS 30
Task: 29968 Story: 2005201 Change-Id: Iffcaa68d385b1b829b577ebce2df465073dfb5a1
This commit is contained in:
parent
13e017a80c
commit
198a99bef6
|
@ -0,0 +1,30 @@
|
||||||
|
# Copyright 2019 Catalyst Cloud Ltd.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
from magnum.common import clients
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
|
||||||
|
def get_ssh_key(context, key_name):
|
||||||
|
try:
|
||||||
|
n_client = clients.OpenStackClients(context).nova()
|
||||||
|
keypair = n_client.keypairs.get(key_name)
|
||||||
|
return keypair.public_key.strip()
|
||||||
|
except Exception:
|
||||||
|
return ""
|
|
@ -149,6 +149,8 @@ class CoreOSK8sTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
||||||
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
|
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
|
||||||
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
|
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
|
||||||
|
|
||||||
|
extra_params['project_id'] = cluster.project_id
|
||||||
|
|
||||||
return super(CoreOSK8sTemplateDefinition,
|
return super(CoreOSK8sTemplateDefinition,
|
||||||
self).get_params(context, cluster_template, cluster,
|
self).get_params(context, cluster_template, cluster,
|
||||||
extra_params=extra_params,
|
extra_params=extra_params,
|
||||||
|
|
|
@ -105,7 +105,8 @@ class OutputMapping(object):
|
||||||
Magnum understands.
|
Magnum understands.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, heat_output, cluster_attr=None):
|
def __init__(self, heat_output, cluster_attr=None, nodegroup_attr=None,
|
||||||
|
nodegroup_uuid=None, is_stack_param=False):
|
||||||
self.cluster_attr = cluster_attr
|
self.cluster_attr = cluster_attr
|
||||||
self.heat_output = heat_output
|
self.heat_output = heat_output
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Copyright 2016 Rackspace Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from magnum.drivers.heat import driver
|
||||||
|
from magnum.drivers.k8s_fedora_coreos_v1 import template_def
|
||||||
|
|
||||||
|
|
||||||
|
class Driver(driver.KubernetesDriver):
|
||||||
|
|
||||||
|
@property
|
||||||
|
def provides(self):
|
||||||
|
return [
|
||||||
|
{'server_type': 'vm',
|
||||||
|
'os': 'fedora-coreos',
|
||||||
|
'coe': 'kubernetes'},
|
||||||
|
]
|
||||||
|
|
||||||
|
def get_template_definition(self):
|
||||||
|
return template_def.FedoraCoreOSK8sTemplateDefinition()
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Copyright 2016 Rackspace Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
import os
|
||||||
|
|
||||||
|
from magnum.common import nova
|
||||||
|
import magnum.conf
|
||||||
|
from magnum.drivers.heat import k8s_coreos_template_def as kctd
|
||||||
|
|
||||||
|
|
||||||
|
CONF = magnum.conf.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class FedoraCoreOSK8sTemplateDefinition(kctd.CoreOSK8sTemplateDefinition):
|
||||||
|
"""Kubernetes template for a Fedora CoreOS VM."""
|
||||||
|
|
||||||
|
@property
|
||||||
|
def driver_module_path(self):
|
||||||
|
return __name__[:__name__.rindex('.')]
|
||||||
|
|
||||||
|
@property
|
||||||
|
def template_path(self):
|
||||||
|
return os.path.join(os.path.dirname(os.path.realpath(__file__)),
|
||||||
|
'templates/kubecluster.yaml')
|
||||||
|
|
||||||
|
def get_params(self, context, cluster_template, cluster, **kwargs):
|
||||||
|
extra_params = kwargs.pop('extra_params', {})
|
||||||
|
extra_params["ssh_key_value"] = nova.get_ssh_key(context,
|
||||||
|
cluster.keypair)
|
||||||
|
|
||||||
|
return super(FedoraCoreOSK8sTemplateDefinition,
|
||||||
|
self).get_params(context, cluster_template, cluster,
|
||||||
|
extra_params=extra_params,
|
||||||
|
**kwargs)
|
|
@ -0,0 +1,202 @@
|
||||||
|
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright [yyyy] [name of copyright owner]
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
|
@ -0,0 +1,77 @@
|
||||||
|
{
|
||||||
|
"ignition": {
|
||||||
|
"config": {
|
||||||
|
"replace": {
|
||||||
|
"source": null,
|
||||||
|
"verification": {}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"security": {
|
||||||
|
"tls": {}
|
||||||
|
},
|
||||||
|
"timeouts": {},
|
||||||
|
"version": "3.0.0"
|
||||||
|
},
|
||||||
|
"passwd": {
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"name": "core",
|
||||||
|
"sshAuthorizedKeys": [
|
||||||
|
"$SSH_KEY_VALUE"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"storage": {
|
||||||
|
"directories":[
|
||||||
|
{
|
||||||
|
"path": "/var/lib/cloud/data",
|
||||||
|
"group": {"name": "root"},
|
||||||
|
"user": {"name": "root"},
|
||||||
|
"mode": 644
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"files": [
|
||||||
|
{
|
||||||
|
"filesystem": "root",
|
||||||
|
"path": "/etc/hostname",
|
||||||
|
"mode": 420,
|
||||||
|
"contents": { "source": "data:,$HOSTNAME" }
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"filesystem": "root",
|
||||||
|
"group": {"name": "root"},
|
||||||
|
"path": "/etc/ssl/certs/openstack-ca.pem",
|
||||||
|
"user": {"name": "root"},
|
||||||
|
"contents": {
|
||||||
|
"source": "data:,$OPENSTACK_CA",
|
||||||
|
"verification": {}
|
||||||
|
},
|
||||||
|
"mode": 644
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"filesystem": "root",
|
||||||
|
"path": "/usr/local/bin/configure-heat-container-agent.sh",
|
||||||
|
"contents": {
|
||||||
|
"source": "data:,%23!%2Fbin%2Fbash%0Aset%20%2Bx%0Adocker%20run%20--detach%20$CONTAINER_INFRA_PREFIXheat-container-agent%3A$HEAT_CONTAINER_AGENT_TAG%0A",
|
||||||
|
"verification": {}
|
||||||
|
},
|
||||||
|
"mode": 777
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"systemd": {
|
||||||
|
"units": [
|
||||||
|
{
|
||||||
|
"name": "configure-openstack-ca.service",
|
||||||
|
"enabled": true,
|
||||||
|
"contents": "[Unit]\nDescription=Install custom CA certificates\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/update-ca-trust\n[Install]\nWantedBy=multi-user.target"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "configure-heat-container-agent.service",
|
||||||
|
"enabled": true,
|
||||||
|
"contents": "[Unit]\nDescription=Install heat container agent\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/configure-heat-container-agent.sh\n[Install]\nWantedBy=multi-user.target"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,116 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo "START: write-heat-params"
|
||||||
|
|
||||||
|
HEAT_PARAMS=/etc/sysconfig/heat-params
|
||||||
|
[ -f ${HEAT_PARAMS} ] || {
|
||||||
|
echo "Writing File: $HEAT_PARAMS"
|
||||||
|
mkdir -p "$(dirname ${HEAT_PARAMS})"
|
||||||
|
cat > ${HEAT_PARAMS} <<EOF
|
||||||
|
INSTANCE_NAME="$INSTANCE_NAME"
|
||||||
|
PROMETHEUS_MONITORING="$PROMETHEUS_MONITORING"
|
||||||
|
KUBE_API_PUBLIC_ADDRESS="$KUBE_API_PUBLIC_ADDRESS"
|
||||||
|
KUBE_API_PRIVATE_ADDRESS="$KUBE_API_PRIVATE_ADDRESS"
|
||||||
|
KUBE_API_PORT="$KUBE_API_PORT"
|
||||||
|
KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
|
||||||
|
KUBE_NODE_IP="$KUBE_NODE_IP"
|
||||||
|
KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
|
||||||
|
TRAEFIK_INGRESS_CONTROLLER_TAG="$TRAEFIK_INGRESS_CONTROLLER_TAG"
|
||||||
|
ENABLE_CINDER="$ENABLE_CINDER"
|
||||||
|
ETCD_VOLUME="$ETCD_VOLUME"
|
||||||
|
ETCD_VOLUME_SIZE="$ETCD_VOLUME_SIZE"
|
||||||
|
DOCKER_VOLUME="$DOCKER_VOLUME"
|
||||||
|
DOCKER_VOLUME_SIZE="$DOCKER_VOLUME_SIZE"
|
||||||
|
DOCKER_STORAGE_DRIVER="$DOCKER_STORAGE_DRIVER"
|
||||||
|
CGROUP_DRIVER="$CGROUP_DRIVER"
|
||||||
|
NETWORK_DRIVER="$NETWORK_DRIVER"
|
||||||
|
FLANNEL_NETWORK_CIDR="$FLANNEL_NETWORK_CIDR"
|
||||||
|
FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
|
||||||
|
FLANNEL_BACKEND="$FLANNEL_BACKEND"
|
||||||
|
PODS_NETWORK_CIDR="$PODS_NETWORK_CIDR"
|
||||||
|
PORTAL_NETWORK_CIDR="$PORTAL_NETWORK_CIDR"
|
||||||
|
ADMISSION_CONTROL_LIST="$ADMISSION_CONTROL_LIST"
|
||||||
|
ETCD_DISCOVERY_URL="$ETCD_DISCOVERY_URL"
|
||||||
|
USERNAME="$USERNAME"
|
||||||
|
PASSWORD="$PASSWORD"
|
||||||
|
CLUSTER_NETWORK="$CLUSTER_NETWORK"
|
||||||
|
CLUSTER_NETWORK_NAME="$CLUSTER_NETWORK_NAME"
|
||||||
|
CLUSTER_SUBNET="$CLUSTER_SUBNET"
|
||||||
|
TLS_DISABLED="$TLS_DISABLED"
|
||||||
|
KUBE_DASHBOARD_ENABLED="$KUBE_DASHBOARD_ENABLED"
|
||||||
|
INFLUX_GRAFANA_DASHBOARD_ENABLED="$INFLUX_GRAFANA_DASHBOARD_ENABLED"
|
||||||
|
VERIFY_CA="$VERIFY_CA"
|
||||||
|
CLUSTER_UUID="$CLUSTER_UUID"
|
||||||
|
MAGNUM_URL="$MAGNUM_URL"
|
||||||
|
MONITORING_ENABLED="$MONITORING_ENABLED"
|
||||||
|
PROMETHEUS_OPERATOR_CHART_TAG="$PROMETHEUS_OPERATOR_CHART_TAG"
|
||||||
|
VOLUME_DRIVER="$VOLUME_DRIVER"
|
||||||
|
REGION_NAME="$REGION_NAME"
|
||||||
|
HTTP_PROXY="$HTTP_PROXY"
|
||||||
|
HTTPS_PROXY="$HTTPS_PROXY"
|
||||||
|
NO_PROXY="$NO_PROXY"
|
||||||
|
KUBE_TAG="$KUBE_TAG"
|
||||||
|
CLOUD_PROVIDER_TAG="$CLOUD_PROVIDER_TAG"
|
||||||
|
CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
|
||||||
|
ETCD_TAG="$ETCD_TAG"
|
||||||
|
COREDNS_TAG="$COREDNS_TAG"
|
||||||
|
FLANNEL_TAG="$FLANNEL_TAG"
|
||||||
|
FLANNEL_CNI_TAG="$FLANNEL_CNI_TAG"
|
||||||
|
KUBE_VERSION="$KUBE_VERSION"
|
||||||
|
KUBE_DASHBOARD_VERSION="$KUBE_DASHBOARD_VERSION"
|
||||||
|
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
||||||
|
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||||
|
TRUST_ID="$TRUST_ID"
|
||||||
|
AUTH_URL="$AUTH_URL"
|
||||||
|
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||||
|
CONTAINER_INFRA_PREFIX="$CONTAINER_INFRA_PREFIX"
|
||||||
|
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||||
|
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
||||||
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
|
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||||
|
DNS_CLUSTER_DOMAIN="$DNS_CLUSTER_DOMAIN"
|
||||||
|
CERT_MANAGER_API="$CERT_MANAGER_API"
|
||||||
|
CA_KEY="$CA_KEY"
|
||||||
|
CALICO_TAG="$CALICO_TAG"
|
||||||
|
CALICO_CNI_TAG="$CALICO_CNI_TAG"
|
||||||
|
CALICO_KUBE_CONTROLLERS_TAG="$CALICO_KUBE_CONTROLLERS_TAG"
|
||||||
|
CALICO_IPV4POOL="$CALICO_IPV4POOL"
|
||||||
|
INGRESS_CONTROLLER="$INGRESS_CONTROLLER"
|
||||||
|
INGRESS_CONTROLLER_ROLE="$INGRESS_CONTROLLER_ROLE"
|
||||||
|
OCTAVIA_INGRESS_CONTROLLER_TAG="$OCTAVIA_INGRESS_CONTROLLER_TAG"
|
||||||
|
KUBELET_OPTIONS="$KUBELET_OPTIONS"
|
||||||
|
KUBECONTROLLER_OPTIONS="$KUBECONTROLLER_OPTIONS"
|
||||||
|
KUBEAPI_OPTIONS="$KUBEAPI_OPTIONS"
|
||||||
|
KUBEPROXY_OPTIONS="$KUBEPROXY_OPTIONS"
|
||||||
|
KUBESCHEDULER_OPTIONS="$KUBESCHEDULER_OPTIONS"
|
||||||
|
OCTAVIA_ENABLED="$OCTAVIA_ENABLED"
|
||||||
|
KUBE_SERVICE_ACCOUNT_KEY="$KUBE_SERVICE_ACCOUNT_KEY"
|
||||||
|
KUBE_SERVICE_ACCOUNT_PRIVATE_KEY="$KUBE_SERVICE_ACCOUNT_PRIVATE_KEY"
|
||||||
|
PROMETHEUS_TAG="$PROMETHEUS_TAG"
|
||||||
|
GRAFANA_TAG="$GRAFANA_TAG"
|
||||||
|
HEAT_CONTAINER_AGENT_TAG="$HEAT_CONTAINER_AGENT_TAG"
|
||||||
|
KEYSTONE_AUTH_ENABLED="$KEYSTONE_AUTH_ENABLED"
|
||||||
|
K8S_KEYSTONE_AUTH_TAG="$K8S_KEYSTONE_AUTH_TAG"
|
||||||
|
PROJECT_ID="$PROJECT_ID"
|
||||||
|
EXTERNAL_NETWORK_ID="$EXTERNAL_NETWORK_ID"
|
||||||
|
TILLER_ENABLED="$TILLER_ENABLED"
|
||||||
|
TILLER_TAG="$TILLER_TAG"
|
||||||
|
TILLER_NAMESPACE="$TILLER_NAMESPACE"
|
||||||
|
NODE_PROBLEM_DETECTOR_TAG="$NODE_PROBLEM_DETECTOR_TAG"
|
||||||
|
NGINX_INGRESS_CONTROLLER_TAG="$NGINX_INGRESS_CONTROLLER_TAG"
|
||||||
|
AUTO_HEALING_ENABLED="$AUTO_HEALING_ENABLED"
|
||||||
|
AUTO_HEALING_CONTROLLER="$AUTO_HEALING_CONTROLLER"
|
||||||
|
AUTO_SCALING_ENABLED="$AUTO_SCALING_ENABLED"
|
||||||
|
DRAINO_TAG="$DRAINO_TAG"
|
||||||
|
MAGNUM_AUTO_HEALER_TAG="$MAGNUM_AUTO_HEALER_TAG"
|
||||||
|
AUTOSCALER_TAG="$AUTOSCALER_TAG"
|
||||||
|
MIN_NODE_COUNT="$MIN_NODE_COUNT"
|
||||||
|
MAX_NODE_COUNT="$MAX_NODE_COUNT"
|
||||||
|
NPD_ENABLED="$NPD_ENABLED"
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
chown root:root "${HEAT_PARAMS}"
|
||||||
|
chmod 600 "${HEAT_PARAMS}"
|
||||||
|
|
||||||
|
echo "END: write-heat-params"
|
|
@ -0,0 +1,877 @@
|
||||||
|
heat_template_version: 2014-10-16
|
||||||
|
|
||||||
|
description: >
|
||||||
|
This template will boot a Kubernetes cluster with one or more
|
||||||
|
minions (as specified by the number_of_minions parameter, which
|
||||||
|
defaults to 1).
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
|
||||||
|
octavia_enabled:
|
||||||
|
type: string
|
||||||
|
default: true
|
||||||
|
|
||||||
|
ssh_key_name:
|
||||||
|
type: string
|
||||||
|
description: name of ssh key to be provisioned on our server
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
external_network:
|
||||||
|
type: string
|
||||||
|
description: uuid/name of a network to use for floating ip addresses
|
||||||
|
default: public
|
||||||
|
|
||||||
|
fixed_network_name:
|
||||||
|
type: string
|
||||||
|
description: Network from which to allocate fixed addresses.
|
||||||
|
default: "private"
|
||||||
|
|
||||||
|
fixed_network:
|
||||||
|
type: string
|
||||||
|
description: uuid/name of an existing network to use to provision machines
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
fixed_subnet:
|
||||||
|
type: string
|
||||||
|
description: uuid/name of an existing subnet to use to provision machines
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
server_image:
|
||||||
|
type: string
|
||||||
|
description: glance image used to boot the server
|
||||||
|
|
||||||
|
master_flavor:
|
||||||
|
type: string
|
||||||
|
default: m1.small
|
||||||
|
description: flavor to use when booting the server for master nodes
|
||||||
|
|
||||||
|
minion_flavor:
|
||||||
|
type: string
|
||||||
|
default: m1.small
|
||||||
|
description: flavor to use when booting the server for minions
|
||||||
|
|
||||||
|
prometheus_monitoring:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
description: >
|
||||||
|
whether or not to have the grafana-prometheus-cadvisor monitoring setup
|
||||||
|
|
||||||
|
grafana_admin_passwd:
|
||||||
|
type: string
|
||||||
|
default: admin
|
||||||
|
hidden: true
|
||||||
|
description: >
|
||||||
|
admin user password for the Grafana monitoring interface
|
||||||
|
|
||||||
|
dns_nameserver:
|
||||||
|
type: comma_delimited_list
|
||||||
|
description: address of a DNS nameserver reachable in your environment
|
||||||
|
default: 8.8.8.8
|
||||||
|
|
||||||
|
number_of_masters:
|
||||||
|
type: number
|
||||||
|
description: how many kubernetes masters to spawn
|
||||||
|
default: 1
|
||||||
|
|
||||||
|
number_of_minions:
|
||||||
|
type: number
|
||||||
|
description: how many kubernetes minions to spawn
|
||||||
|
default: 1
|
||||||
|
|
||||||
|
fixed_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: network range for fixed ip network
|
||||||
|
default: 10.0.0.0/24
|
||||||
|
|
||||||
|
portal_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address range used by kubernetes for service portals
|
||||||
|
default: 10.254.0.0/16
|
||||||
|
|
||||||
|
network_driver:
|
||||||
|
type: string
|
||||||
|
description: network driver to use for instantiating container networks
|
||||||
|
default: flannel
|
||||||
|
|
||||||
|
flannel_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: network range for flannel overlay network
|
||||||
|
default: 10.100.0.0/16
|
||||||
|
|
||||||
|
flannel_network_subnetlen:
|
||||||
|
type: number
|
||||||
|
description: size of subnet assigned to each minion
|
||||||
|
default: 24
|
||||||
|
|
||||||
|
flannel_backend:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
specify the backend for flannel, default udp backend
|
||||||
|
default: "udp"
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["udp", "vxlan", "host-gw"]
|
||||||
|
|
||||||
|
system_pods_initial_delay:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
health check, time to wait for system pods (podmaster, scheduler) to boot
|
||||||
|
(in seconds)
|
||||||
|
default: 30
|
||||||
|
|
||||||
|
system_pods_timeout:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
health check, timeout for system pods (podmaster, scheduler) to answer.
|
||||||
|
(in seconds)
|
||||||
|
default: 5
|
||||||
|
|
||||||
|
admission_control_list:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
List of admission control plugins to activate
|
||||||
|
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
|
||||||
|
|
||||||
|
kube_allow_priv:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
whether or not kubernetes should permit privileged containers.
|
||||||
|
default: "true"
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["true", "false"]
|
||||||
|
|
||||||
|
etcd_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of the cinder volume for etcd storage
|
||||||
|
default: 0
|
||||||
|
|
||||||
|
docker_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
default: 0
|
||||||
|
|
||||||
|
docker_volume_type:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
type of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
|
||||||
|
docker_storage_driver:
|
||||||
|
type: string
|
||||||
|
description: docker storage driver name
|
||||||
|
default: "devicemapper"
|
||||||
|
|
||||||
|
wait_condition_timeout:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
timeout for the Wait Conditions
|
||||||
|
default: 6000
|
||||||
|
|
||||||
|
minions_to_remove:
|
||||||
|
type: comma_delimited_list
|
||||||
|
description: >
|
||||||
|
List of minions to be removed when doing an update. Individual minion may
|
||||||
|
be referenced several ways: (1) The resource name (e.g. ['1', '3']),
|
||||||
|
(2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should
|
||||||
|
be empty when doing an create.
|
||||||
|
default: []
|
||||||
|
|
||||||
|
discovery_url:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Discovery URL used for bootstrapping the etcd cluster.
|
||||||
|
|
||||||
|
registry_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
Indicates whether the docker registry is enabled.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
registry_port:
|
||||||
|
type: number
|
||||||
|
description: port of registry service
|
||||||
|
default: 5000
|
||||||
|
|
||||||
|
swift_region:
|
||||||
|
type: string
|
||||||
|
description: region of swift service
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
registry_container:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
name of swift container which docker registry stores images in
|
||||||
|
default: "container"
|
||||||
|
|
||||||
|
registry_insecure:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
indicates whether to skip TLS verification between registry and backend storage
|
||||||
|
default: true
|
||||||
|
|
||||||
|
registry_chunksize:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size fo the data segments for the swift dynamic large objects
|
||||||
|
default: 5242880
|
||||||
|
|
||||||
|
volume_driver:
|
||||||
|
type: string
|
||||||
|
description: volume driver to use for container storage
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
region_name:
|
||||||
|
type: string
|
||||||
|
description: A logically separate section of the cluster
|
||||||
|
|
||||||
|
username:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user account
|
||||||
|
|
||||||
|
password:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user password, not set in current implementation, only used to
|
||||||
|
fill in for Kubernetes config file
|
||||||
|
default:
|
||||||
|
ChangeMe
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
loadbalancing_protocol:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
The protocol which is used for load balancing. If you want to change
|
||||||
|
tls_disabled option to 'True', please change this to "HTTP".
|
||||||
|
default: TCP
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["TCP", "HTTP"]
|
||||||
|
|
||||||
|
tls_disabled:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to disable TLS
|
||||||
|
default: False
|
||||||
|
|
||||||
|
kube_dashboard_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to enable kubernetes dashboard
|
||||||
|
default: True
|
||||||
|
|
||||||
|
influx_grafana_dashboard_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: Enable influxdb with grafana dashboard for data from heapster
|
||||||
|
default: False
|
||||||
|
|
||||||
|
verify_ca:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to validate certificate authority
|
||||||
|
|
||||||
|
kubernetes_port:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
The port which are used by kube-apiserver to provide Kubernetes
|
||||||
|
service.
|
||||||
|
default: 6443
|
||||||
|
|
||||||
|
cluster_uuid:
|
||||||
|
type: string
|
||||||
|
description: identifier for the cluster this template is generating
|
||||||
|
|
||||||
|
magnum_url:
|
||||||
|
type: string
|
||||||
|
description: endpoint to retrieve TLS certs from
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
trustee_domain_id:
|
||||||
|
type: string
|
||||||
|
description: domain id of the trustee
|
||||||
|
|
||||||
|
trustee_user_id:
|
||||||
|
type: string
|
||||||
|
description: user id of the trustee
|
||||||
|
|
||||||
|
trustee_username:
|
||||||
|
type: string
|
||||||
|
description: username of the trustee
|
||||||
|
|
||||||
|
trustee_password:
|
||||||
|
type: string
|
||||||
|
description: password of the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
trust_id:
|
||||||
|
type: string
|
||||||
|
description: id of the trust which is used by the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
auth_url:
|
||||||
|
type: string
|
||||||
|
description: url for keystone
|
||||||
|
|
||||||
|
kube_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||||
|
default: v1.9.3
|
||||||
|
|
||||||
|
etcd_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the etcd system container
|
||||||
|
default: v3.2.7
|
||||||
|
|
||||||
|
coredns_tag:
|
||||||
|
type: string
|
||||||
|
description: tag for coredns
|
||||||
|
default: 1.3.1
|
||||||
|
|
||||||
|
flannel_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the flannel system containers
|
||||||
|
default: v0.9.0
|
||||||
|
|
||||||
|
kube_version:
|
||||||
|
type: string
|
||||||
|
description: version of kubernetes used for kubernetes cluster
|
||||||
|
default: v1.10.3_coreos.0
|
||||||
|
|
||||||
|
kube_dashboard_version:
|
||||||
|
type: string
|
||||||
|
description: version of kubernetes dashboard used for kubernetes cluster
|
||||||
|
default: v1.8.3
|
||||||
|
|
||||||
|
hyperkube_image:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Docker registry used for hyperkube image
|
||||||
|
default: quay.io/coreos/hyperkube
|
||||||
|
|
||||||
|
insecure_registry_url:
|
||||||
|
type: string
|
||||||
|
description: insecure registry url
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
container_infra_prefix:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
prefix of container images used in the cluster, kubernetes components,
|
||||||
|
kubernetes-dashboard, coredns etc
|
||||||
|
constraints:
|
||||||
|
- allowed_pattern: "^$|.*/"
|
||||||
|
default: "docker.io/openstackmagnum/"
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
default: 10.254.0.10
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
default: "cluster.local"
|
||||||
|
|
||||||
|
etcd_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of the cinder volume for etcd storage
|
||||||
|
default: 0
|
||||||
|
|
||||||
|
openstack_ca:
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
description: The OpenStack CA certificate to install on the node.
|
||||||
|
|
||||||
|
openstack_ca_coreos:
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
description: The OpenStack CA certificate to install on the node.
|
||||||
|
|
||||||
|
nodes_affinity_policy:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
affinity policy for nodes server group
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["affinity", "anti-affinity", "soft-affinity",
|
||||||
|
"soft-anti-affinity"]
|
||||||
|
|
||||||
|
availability_zone:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
availability zone for master and nodes
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
cert_manager_api:
|
||||||
|
type: boolean
|
||||||
|
description: true if the kubernetes cert api manager should be enabled
|
||||||
|
default: false
|
||||||
|
|
||||||
|
ca_key:
|
||||||
|
type: string
|
||||||
|
description: key of internal ca for the kube certificate api manager
|
||||||
|
default: ""
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
calico_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the calico containers used to provision the calico node
|
||||||
|
default: v2.6.7
|
||||||
|
|
||||||
|
calico_cni_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the cni used to provision the calico node
|
||||||
|
default: v1.11.2
|
||||||
|
|
||||||
|
calico_kube_controllers_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the kube_controllers used to provision the calico node
|
||||||
|
default: v1.0.3
|
||||||
|
|
||||||
|
calico_ipv4pool:
|
||||||
|
type: string
|
||||||
|
description: Configure the IP pool from which Pod IPs will be chosen
|
||||||
|
default: "192.168.0.0/16"
|
||||||
|
|
||||||
|
pods_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: Configure the IP pool/range from which pod IPs will be chosen
|
||||||
|
|
||||||
|
ingress_controller:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
ingress controller backend to use
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
ingress_controller_role:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
node role where the ingress controller backend should run
|
||||||
|
default: "ingress"
|
||||||
|
|
||||||
|
kubelet_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kubelet
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
kubeapi_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the api
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
kubecontroller_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the controller manager
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
kubeproxy_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kube proxy
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
kubescheduler_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the scheduler
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
container_runtime:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Container runtime to use with Kubernetes.
|
||||||
|
default: "docker"
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["docker"]
|
||||||
|
|
||||||
|
octavia_ingress_controller_tag:
|
||||||
|
type: string
|
||||||
|
description: Octavia ingress controller docker image tag.
|
||||||
|
default: "1.13.2-alpha"
|
||||||
|
|
||||||
|
master_kube_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||||
|
default: v1.14.3
|
||||||
|
|
||||||
|
minion_kube_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||||
|
default: v1.14.3
|
||||||
|
|
||||||
|
heat_container_agent_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the heat_container_agent system container
|
||||||
|
default: train-dev
|
||||||
|
|
||||||
|
ssh_key_value:
|
||||||
|
type: string
|
||||||
|
description: public key of ssh key to be provisioned on the server
|
||||||
|
|
||||||
|
project_id:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
project id of current project
|
||||||
|
|
||||||
|
|
||||||
|
resources:
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# network resources. allocate a network and router for our server.
|
||||||
|
# Important: the Load Balancer feature in Kubernetes requires that
|
||||||
|
# the name for the fixed_network must be "private" for the
|
||||||
|
# address lookup in Kubernetes to work properly
|
||||||
|
#
|
||||||
|
|
||||||
|
network:
|
||||||
|
type: ../../common/templates/network.yaml
|
||||||
|
properties:
|
||||||
|
existing_network: {get_param: fixed_network}
|
||||||
|
existing_subnet: {get_param: fixed_subnet}
|
||||||
|
private_network_cidr: {get_param: fixed_network_cidr}
|
||||||
|
dns_nameserver: {get_param: dns_nameserver}
|
||||||
|
external_network: {get_param: external_network}
|
||||||
|
private_network_name: {get_param: fixed_network_name}
|
||||||
|
|
||||||
|
|
||||||
|
api_lb:
|
||||||
|
type: ../../common/templates/lb_api.yaml
|
||||||
|
properties:
|
||||||
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
|
external_network: {get_param: external_network}
|
||||||
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
|
port: {get_param: kubernetes_port}
|
||||||
|
|
||||||
|
etcd_lb:
|
||||||
|
type: ../../common/templates/lb_etcd.yaml
|
||||||
|
properties:
|
||||||
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
|
port: 2379
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# security groups. we need to permit network traffic of various
|
||||||
|
# sorts.
|
||||||
|
#
|
||||||
|
|
||||||
|
secgroup_kube_master:
|
||||||
|
type: OS::Neutron::SecurityGroup
|
||||||
|
properties:
|
||||||
|
rules:
|
||||||
|
- protocol: icmp
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 22
|
||||||
|
port_range_max: 22
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 7080
|
||||||
|
port_range_max: 7080
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 8080
|
||||||
|
port_range_max: 8080
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 2379
|
||||||
|
port_range_max: 2379
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 2380
|
||||||
|
port_range_max: 2380
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 6443
|
||||||
|
port_range_max: 6443
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 30000
|
||||||
|
port_range_max: 32767
|
||||||
|
|
||||||
|
secgroup_kube_minion:
|
||||||
|
type: OS::Neutron::SecurityGroup
|
||||||
|
properties:
|
||||||
|
rules:
|
||||||
|
- protocol: icmp
|
||||||
|
- protocol: tcp
|
||||||
|
- protocol: udp
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# resources that expose the IPs of either the kube master or a given
|
||||||
|
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
||||||
|
#
|
||||||
|
|
||||||
|
api_address_lb_switch:
|
||||||
|
type: Magnum::ApiGatewaySwitcher
|
||||||
|
properties:
|
||||||
|
pool_public_ip: {get_attr: [api_lb, floating_address]}
|
||||||
|
pool_private_ip: {get_attr: [api_lb, address]}
|
||||||
|
master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]}
|
||||||
|
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
||||||
|
|
||||||
|
etcd_address_lb_switch:
|
||||||
|
type: Magnum::ApiGatewaySwitcher
|
||||||
|
properties:
|
||||||
|
pool_private_ip: {get_attr: [etcd_lb, address]}
|
||||||
|
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# resources that expose the IPs of either floating ip or a given
|
||||||
|
# fixed ip depending on whether FloatingIP is enabled for the cluster.
|
||||||
|
#
|
||||||
|
|
||||||
|
api_address_floating_switch:
|
||||||
|
type: Magnum::FloatingIPAddressSwitcher
|
||||||
|
properties:
|
||||||
|
public_ip: {get_attr: [api_address_lb_switch, public_ip]}
|
||||||
|
private_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# resources that expose one server group for each master and worker nodes
|
||||||
|
# separately.
|
||||||
|
#
|
||||||
|
|
||||||
|
master_nodes_server_group:
|
||||||
|
type: OS::Nova::ServerGroup
|
||||||
|
properties:
|
||||||
|
policies: [{get_param: nodes_affinity_policy}]
|
||||||
|
|
||||||
|
worker_nodes_server_group:
|
||||||
|
type: OS::Nova::ServerGroup
|
||||||
|
properties:
|
||||||
|
policies: [{get_param: nodes_affinity_policy}]
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# kubernetes masters. This is a resource group that will create
|
||||||
|
# <number_of_masters> masters.
|
||||||
|
#
|
||||||
|
|
||||||
|
kube_masters:
|
||||||
|
type: OS::Heat::ResourceGroup
|
||||||
|
depends_on:
|
||||||
|
- network
|
||||||
|
properties:
|
||||||
|
count: {get_param: number_of_masters}
|
||||||
|
resource_def:
|
||||||
|
type: kubemaster.yaml
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
list_join:
|
||||||
|
- '-'
|
||||||
|
- [{ get_param: 'OS::stack_name' }, 'master', '%index%']
|
||||||
|
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||||
|
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
||||||
|
api_public_address: {get_attr: [api_lb, floating_address]}
|
||||||
|
api_private_address: {get_attr: [api_lb, address]}
|
||||||
|
ssh_key_name: {get_param: ssh_key_name}
|
||||||
|
ssh_key_value: {get_param: ssh_key_value}
|
||||||
|
server_image: {get_param: server_image}
|
||||||
|
master_flavor: {get_param: master_flavor}
|
||||||
|
external_network: {get_param: external_network}
|
||||||
|
kube_allow_priv: {get_param: kube_allow_priv}
|
||||||
|
etcd_volume_size: {get_param: etcd_volume_size}
|
||||||
|
docker_volume_size: {get_param: docker_volume_size}
|
||||||
|
docker_volume_type: {get_param: docker_volume_type}
|
||||||
|
docker_storage_driver: {get_param: docker_storage_driver}
|
||||||
|
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||||||
|
network_driver: {get_param: network_driver}
|
||||||
|
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||||
|
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
|
||||||
|
flannel_backend: {get_param: flannel_backend}
|
||||||
|
system_pods_initial_delay: {get_param: system_pods_initial_delay}
|
||||||
|
system_pods_timeout: {get_param: system_pods_timeout}
|
||||||
|
portal_network_cidr: {get_param: portal_network_cidr}
|
||||||
|
admission_control_list: {get_param: admission_control_list}
|
||||||
|
discovery_url: {get_param: discovery_url}
|
||||||
|
cluster_uuid: {get_param: cluster_uuid}
|
||||||
|
magnum_url: {get_param: magnum_url}
|
||||||
|
volume_driver: {get_param: volume_driver}
|
||||||
|
fixed_network_name: {get_param: fixed_network_name}
|
||||||
|
fixed_network: {get_attr: [network, fixed_network]}
|
||||||
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
|
api_pool_id: {get_attr: [api_lb, pool_id]}
|
||||||
|
etcd_pool_id: {get_attr: [etcd_lb, pool_id]}
|
||||||
|
username: {get_param: username}
|
||||||
|
password: {get_param: password}
|
||||||
|
kubernetes_port: {get_param: kubernetes_port}
|
||||||
|
tls_disabled: {get_param: tls_disabled}
|
||||||
|
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
||||||
|
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
||||||
|
verify_ca: {get_param: verify_ca}
|
||||||
|
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||||
|
http_proxy: {get_param: http_proxy}
|
||||||
|
https_proxy: {get_param: https_proxy}
|
||||||
|
no_proxy: {get_param: no_proxy}
|
||||||
|
kube_tag: {get_param: kube_tag}
|
||||||
|
kube_version: {get_param: kube_version}
|
||||||
|
etcd_tag: {get_param: etcd_tag}
|
||||||
|
coredns_tag: {get_param: coredns_tag}
|
||||||
|
kube_dashboard_version: {get_param: kube_dashboard_version}
|
||||||
|
trustee_user_id: {get_param: trustee_user_id}
|
||||||
|
trustee_password: {get_param: trustee_password}
|
||||||
|
trust_id: {get_param: trust_id}
|
||||||
|
auth_url: {get_param: auth_url}
|
||||||
|
hyperkube_image: {get_param: hyperkube_image}
|
||||||
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
|
container_runtime: {get_param: container_runtime}
|
||||||
|
container_infra_prefix: {get_param: container_infra_prefix}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
openstack_ca: {get_param: openstack_ca_coreos}
|
||||||
|
nodes_server_group_id: {get_resource: master_nodes_server_group}
|
||||||
|
availability_zone: {get_param: availability_zone}
|
||||||
|
ca_key: {get_param: ca_key}
|
||||||
|
cert_manager_api: {get_param: cert_manager_api}
|
||||||
|
calico_tag: {get_param: calico_tag}
|
||||||
|
calico_cni_tag: {get_param: calico_cni_tag}
|
||||||
|
calico_kube_controllers_tag: {get_param: calico_kube_controllers_tag}
|
||||||
|
calico_ipv4pool: {get_param: calico_ipv4pool}
|
||||||
|
pods_network_cidr: {get_param: pods_network_cidr}
|
||||||
|
ingress_controller: {get_param: ingress_controller}
|
||||||
|
ingress_controller_role: {get_param: ingress_controller_role}
|
||||||
|
kubelet_options: {get_param: kubelet_options}
|
||||||
|
kubeapi_options: {get_param: kubeapi_options}
|
||||||
|
kubeproxy_options: {get_param: kubeproxy_options}
|
||||||
|
kubecontroller_options: {get_param: kubecontroller_options}
|
||||||
|
kubescheduler_options: {get_param: kubescheduler_options}
|
||||||
|
project_id: {get_param: project_id}
|
||||||
|
region_name: {get_param: region_name}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# kubernetes minions. This is an resource group that will initially
|
||||||
|
# create <number_of_minions> minions, and needs to be manually scaled.
|
||||||
|
#
|
||||||
|
|
||||||
|
kube_minions:
|
||||||
|
type: OS::Heat::ResourceGroup
|
||||||
|
depends_on:
|
||||||
|
- network
|
||||||
|
properties:
|
||||||
|
count: {get_param: number_of_minions}
|
||||||
|
removal_policies: [{resource_list: {get_param: minions_to_remove}}]
|
||||||
|
resource_def:
|
||||||
|
type: kubeminion.yaml
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
list_join:
|
||||||
|
- '-'
|
||||||
|
- [{ get_param: 'OS::stack_name' }, 'minion', '%index%']
|
||||||
|
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||||
|
ssh_key_name: {get_param: ssh_key_name}
|
||||||
|
server_image: {get_param: server_image}
|
||||||
|
minion_flavor: {get_param: minion_flavor}
|
||||||
|
fixed_network: {get_attr: [network, fixed_network]}
|
||||||
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
|
network_driver: {get_param: network_driver}
|
||||||
|
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||||
|
kube_master_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
||||||
|
etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
|
||||||
|
external_network: {get_param: external_network}
|
||||||
|
kube_allow_priv: {get_param: kube_allow_priv}
|
||||||
|
docker_volume_size: {get_param: docker_volume_size}
|
||||||
|
docker_volume_type: {get_param: docker_volume_type}
|
||||||
|
docker_storage_driver: {get_param: docker_storage_driver}
|
||||||
|
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||||||
|
registry_enabled: {get_param: registry_enabled}
|
||||||
|
registry_port: {get_param: registry_port}
|
||||||
|
swift_region: {get_param: swift_region}
|
||||||
|
registry_container: {get_param: registry_container}
|
||||||
|
registry_insecure: {get_param: registry_insecure}
|
||||||
|
registry_chunksize: {get_param: registry_chunksize}
|
||||||
|
cluster_uuid: {get_param: cluster_uuid}
|
||||||
|
magnum_url: {get_param: magnum_url}
|
||||||
|
volume_driver: {get_param: volume_driver}
|
||||||
|
region_name: {get_param: region_name}
|
||||||
|
auth_url: {get_param: auth_url}
|
||||||
|
hyperkube_image: {get_param: hyperkube_image}
|
||||||
|
username: {get_param: username}
|
||||||
|
password: {get_param: password}
|
||||||
|
kubernetes_port: {get_param: kubernetes_port}
|
||||||
|
tls_disabled: {get_param: tls_disabled}
|
||||||
|
verify_ca: {get_param: verify_ca}
|
||||||
|
secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
|
||||||
|
http_proxy: {get_param: http_proxy}
|
||||||
|
https_proxy: {get_param: https_proxy}
|
||||||
|
no_proxy: {get_param: no_proxy}
|
||||||
|
kube_tag: {get_param: kube_tag}
|
||||||
|
kube_version: {get_param: kube_version}
|
||||||
|
flannel_tag: {get_param: flannel_tag}
|
||||||
|
trustee_user_id: {get_param: trustee_user_id}
|
||||||
|
trustee_username: {get_param: trustee_username}
|
||||||
|
trustee_password: {get_param: trustee_password}
|
||||||
|
trustee_domain_id: {get_param: trustee_domain_id}
|
||||||
|
trust_id: {get_param: trust_id}
|
||||||
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
|
container_runtime: {get_param: container_runtime}
|
||||||
|
container_infra_prefix: {get_param: container_infra_prefix}
|
||||||
|
dns_service_ip: {get_param: dns_service_ip}
|
||||||
|
dns_cluster_domain: {get_param: dns_cluster_domain}
|
||||||
|
openstack_ca: {get_param: openstack_ca_coreos}
|
||||||
|
nodes_server_group_id: {get_resource: worker_nodes_server_group}
|
||||||
|
availability_zone: {get_param: availability_zone}
|
||||||
|
pods_network_cidr: {get_param: pods_network_cidr}
|
||||||
|
kubelet_options: {get_param: kubelet_options}
|
||||||
|
kubeproxy_options: {get_param: kubeproxy_options}
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
|
||||||
|
api_address:
|
||||||
|
value:
|
||||||
|
str_replace:
|
||||||
|
template: api_ip_address
|
||||||
|
params:
|
||||||
|
api_ip_address: {get_attr: [api_address_floating_switch, ip_address]}
|
||||||
|
description: >
|
||||||
|
This is the API endpoint of the Kubernetes cluster. Use this to access
|
||||||
|
the Kubernetes API.
|
||||||
|
|
||||||
|
registry_address:
|
||||||
|
value:
|
||||||
|
str_replace:
|
||||||
|
template: localhost:port
|
||||||
|
params:
|
||||||
|
port: {get_param: registry_port}
|
||||||
|
description:
|
||||||
|
This is the url of docker registry server where you can store docker
|
||||||
|
images.
|
||||||
|
|
||||||
|
kube_masters_private:
|
||||||
|
value: {get_attr: [kube_masters, kube_master_ip]}
|
||||||
|
description: >
|
||||||
|
This is a list of the "private" IP addresses of all the Kubernetes masters.
|
||||||
|
|
||||||
|
kube_masters:
|
||||||
|
value: {get_attr: [kube_masters, kube_master_external_ip]}
|
||||||
|
description: >
|
||||||
|
This is a list of the "public" IP addresses of all the Kubernetes masters.
|
||||||
|
Use these IP addresses to log in to the Kubernetes masters via ssh.
|
||||||
|
|
||||||
|
kube_minions_private:
|
||||||
|
value: {get_attr: [kube_minions, kube_minion_ip]}
|
||||||
|
description: >
|
||||||
|
This is a list of the "private" IP addresses of all the Kubernetes minions.
|
||||||
|
|
||||||
|
kube_minions:
|
||||||
|
value: {get_attr: [kube_minions, kube_minion_external_ip]}
|
||||||
|
description: >
|
||||||
|
This is a list of the "public" IP addresses of all the Kubernetes minions.
|
||||||
|
Use these IP addresses to log in to the Kubernetes minions via ssh.
|
|
@ -0,0 +1,664 @@
|
||||||
|
heat_template_version: 2014-10-16
|
||||||
|
|
||||||
|
description: >
|
||||||
|
This is a nested stack that defines a single Kubernetes master, This stack is
|
||||||
|
included by an ResourceGroup resource in the parent template
|
||||||
|
(kubecluster.yaml).
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: server name
|
||||||
|
|
||||||
|
server_image:
|
||||||
|
type: string
|
||||||
|
description: glance image used to boot the server
|
||||||
|
|
||||||
|
master_flavor:
|
||||||
|
type: string
|
||||||
|
description: flavor to use when booting the server
|
||||||
|
|
||||||
|
ssh_key_name:
|
||||||
|
type: string
|
||||||
|
description: name of ssh key to be provisioned on our server
|
||||||
|
|
||||||
|
external_network:
|
||||||
|
type: string
|
||||||
|
description: uuid/name of a network to use for floating ip addresses
|
||||||
|
|
||||||
|
portal_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address range used by kubernetes for service portals
|
||||||
|
|
||||||
|
kube_allow_priv:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
whether or not kubernetes should permit privileged containers.
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["true", "false"]
|
||||||
|
|
||||||
|
etcd_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of a cinder volume to allocate for etcd storage
|
||||||
|
|
||||||
|
docker_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
|
||||||
|
docker_volume_type:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
type of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
|
||||||
|
docker_storage_driver:
|
||||||
|
type: string
|
||||||
|
description: docker storage driver name
|
||||||
|
default: "devicemapper"
|
||||||
|
|
||||||
|
volume_driver:
|
||||||
|
type: string
|
||||||
|
description: volume driver to use for container storage
|
||||||
|
|
||||||
|
flannel_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: network range for flannel overlay network
|
||||||
|
|
||||||
|
flannel_network_subnetlen:
|
||||||
|
type: number
|
||||||
|
description: size of subnet assigned to each master
|
||||||
|
|
||||||
|
flannel_backend:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
specify the backend for flannel, default udp backend
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["udp", "vxlan", "host-gw"]
|
||||||
|
|
||||||
|
system_pods_initial_delay:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
health check, time to wait for system pods (podmaster, scheduler) to boot
|
||||||
|
(in seconds)
|
||||||
|
default: 30
|
||||||
|
|
||||||
|
system_pods_timeout:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
health check, timeout for system pods (podmaster, scheduler) to answer.
|
||||||
|
(in seconds)
|
||||||
|
default: 5
|
||||||
|
|
||||||
|
admission_control_list:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
List of admission control plugins to activate
|
||||||
|
|
||||||
|
discovery_url:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Discovery URL used for bootstrapping the etcd cluster.
|
||||||
|
|
||||||
|
tls_disabled:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to enable TLS
|
||||||
|
|
||||||
|
kube_dashboard_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to disable kubernetes dashboard
|
||||||
|
|
||||||
|
influx_grafana_dashboard_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: Enable influxdb with grafana dashboard for data from heapster
|
||||||
|
|
||||||
|
verify_ca:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to validate certificate authority
|
||||||
|
|
||||||
|
kubernetes_port:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
The port which are used by kube-apiserver to provide Kubernetes
|
||||||
|
service.
|
||||||
|
|
||||||
|
cluster_uuid:
|
||||||
|
type: string
|
||||||
|
description: identifier for the cluster this template is generating
|
||||||
|
|
||||||
|
magnum_url:
|
||||||
|
type: string
|
||||||
|
description: endpoint to retrieve TLS certs from
|
||||||
|
|
||||||
|
prometheus_monitoring:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
whether or not to have prometheus and grafana deployed
|
||||||
|
|
||||||
|
grafana_admin_passwd:
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
description: >
|
||||||
|
admin user password for the Grafana monitoring interface
|
||||||
|
|
||||||
|
api_public_address:
|
||||||
|
type: string
|
||||||
|
description: Public IP address of the Kubernetes master server.
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
api_private_address:
|
||||||
|
type: string
|
||||||
|
description: Private IP address of the Kubernetes master server.
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
fixed_network_name:
|
||||||
|
type: string
|
||||||
|
description: Network from which to allocate fixed addresses.
|
||||||
|
|
||||||
|
fixed_network:
|
||||||
|
type: string
|
||||||
|
description: Network from which to allocate fixed addresses.
|
||||||
|
|
||||||
|
fixed_subnet:
|
||||||
|
type: string
|
||||||
|
description: Subnet from which to allocate fixed addresses.
|
||||||
|
|
||||||
|
network_driver:
|
||||||
|
type: string
|
||||||
|
description: network driver to use for instantiating container networks
|
||||||
|
|
||||||
|
wait_condition_timeout:
|
||||||
|
type: number
|
||||||
|
description : >
|
||||||
|
timeout for the Wait Conditions
|
||||||
|
|
||||||
|
secgroup_kube_master_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the security group for kubernetes master.
|
||||||
|
|
||||||
|
api_pool_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the load balancer pool of k8s API server.
|
||||||
|
|
||||||
|
etcd_pool_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the load balancer pool of etcd server.
|
||||||
|
|
||||||
|
auth_url:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
url for kubernetes to authenticate
|
||||||
|
|
||||||
|
username:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user account
|
||||||
|
|
||||||
|
password:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user password
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
|
||||||
|
kube_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||||
|
|
||||||
|
etcd_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the etcd system container
|
||||||
|
|
||||||
|
coredns_tag:
|
||||||
|
type: string
|
||||||
|
description: tag for coredns
|
||||||
|
|
||||||
|
kube_version:
|
||||||
|
type: string
|
||||||
|
description: version of kubernetes used for kubernetes cluster
|
||||||
|
|
||||||
|
kube_dashboard_version:
|
||||||
|
type: string
|
||||||
|
description: version of kubernetes dashboard used for kubernetes cluster
|
||||||
|
|
||||||
|
trustee_user_id:
|
||||||
|
type: string
|
||||||
|
description: user id of the trustee
|
||||||
|
|
||||||
|
trustee_password:
|
||||||
|
type: string
|
||||||
|
description: password of the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
trust_id:
|
||||||
|
type: string
|
||||||
|
description: id of the trust which is used by the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
insecure_registry_url:
|
||||||
|
type: string
|
||||||
|
description: insecure registry url
|
||||||
|
|
||||||
|
container_infra_prefix:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
prefix of container images used in the cluster, kubernetes components,
|
||||||
|
kubernetes-dashboard, coredns etc
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
|
openstack_ca:
|
||||||
|
type: string
|
||||||
|
description: The OpenStack CA certificate to install on the node.
|
||||||
|
|
||||||
|
nodes_server_group_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the server group for kubernetes cluster nodes.
|
||||||
|
|
||||||
|
availability_zone:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
availability zone for master and nodes
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
ca_key:
|
||||||
|
type: string
|
||||||
|
description: key of internal ca for the kube certificate api manager
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
cert_manager_api:
|
||||||
|
type: boolean
|
||||||
|
description: true if the kubernetes cert api manager should be enabled
|
||||||
|
default: false
|
||||||
|
|
||||||
|
calico_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the calico containers used to provision the calico node
|
||||||
|
|
||||||
|
calico_cni_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the cni used to provision the calico node
|
||||||
|
|
||||||
|
calico_kube_controllers_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the kube_controllers used to provision the calico node
|
||||||
|
|
||||||
|
calico_ipv4pool:
|
||||||
|
type: string
|
||||||
|
description: Configure the IP pool from which Pod IPs will be chosen
|
||||||
|
|
||||||
|
pods_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: Configure the IP pool/range from which pod IPs will be chosen
|
||||||
|
|
||||||
|
ingress_controller:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
ingress controller backend to use
|
||||||
|
|
||||||
|
ingress_controller_role:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
node role where the ingress controller should run
|
||||||
|
|
||||||
|
kubelet_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kubelet
|
||||||
|
|
||||||
|
kubeapi_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the api
|
||||||
|
|
||||||
|
kubecontroller_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the controller manager
|
||||||
|
|
||||||
|
kubeproxy_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kube proxy
|
||||||
|
|
||||||
|
kubescheduler_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the scheduler
|
||||||
|
|
||||||
|
octavia_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
whether or not to use Octavia for LoadBalancer type service.
|
||||||
|
default: False
|
||||||
|
|
||||||
|
container_runtime:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Container runtime to use with Kubernetes.
|
||||||
|
|
||||||
|
hyperkube_image:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Docker registry used for hyperkube image
|
||||||
|
|
||||||
|
heat_container_agent_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the heat_container_agent system container
|
||||||
|
default: train-dev
|
||||||
|
|
||||||
|
ssh_key_value:
|
||||||
|
type: string
|
||||||
|
description: public key of ssh key to be provisioned on the server
|
||||||
|
|
||||||
|
project_id:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
project id of current project
|
||||||
|
|
||||||
|
region_name:
|
||||||
|
type: string
|
||||||
|
description: A logically separate section of the cluster
|
||||||
|
|
||||||
|
|
||||||
|
resources:
|
||||||
|
|
||||||
|
master_wait_handle:
|
||||||
|
type: OS::Heat::WaitConditionHandle
|
||||||
|
|
||||||
|
master_wait_condition:
|
||||||
|
type: OS::Heat::WaitCondition
|
||||||
|
depends_on: kube-master
|
||||||
|
properties:
|
||||||
|
handle: {get_resource: master_wait_handle}
|
||||||
|
timeout: {get_param: wait_condition_timeout}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# resource that exposes the IPs of either the kube master or the API
|
||||||
|
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
||||||
|
#
|
||||||
|
|
||||||
|
api_address_switch:
|
||||||
|
type: Magnum::ApiGatewaySwitcher
|
||||||
|
properties:
|
||||||
|
pool_public_ip: {get_param: api_public_address}
|
||||||
|
pool_private_ip: {get_param: api_private_address}
|
||||||
|
master_public_ip: {get_attr: [kube_master_floating, floating_ip_address]}
|
||||||
|
master_private_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# software configs. these are components that are combined into
|
||||||
|
# a multipart MIME user-data archive.
|
||||||
|
#
|
||||||
|
|
||||||
|
agent_config:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config:
|
||||||
|
list_join:
|
||||||
|
- "\n"
|
||||||
|
-
|
||||||
|
- str_replace:
|
||||||
|
template: {get_file: fragments/configure-agent.ign}
|
||||||
|
params:
|
||||||
|
$SSH_KEY_VALUE: {get_param: ssh_key_value}
|
||||||
|
$HOSTNAME: {get_param: name}
|
||||||
|
$OPENSTACK_CA: {get_param: openstack_ca}
|
||||||
|
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
||||||
|
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
|
||||||
|
|
||||||
|
master_config:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: script
|
||||||
|
config:
|
||||||
|
list_join:
|
||||||
|
- "\n"
|
||||||
|
-
|
||||||
|
- str_replace:
|
||||||
|
template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params-master.sh}
|
||||||
|
params:
|
||||||
|
"$INSTANCE_NAME": {get_param: name}
|
||||||
|
"$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring}
|
||||||
|
"$KUBE_API_PUBLIC_ADDRESS": {get_attr: [api_address_switch, public_ip]}
|
||||||
|
"$KUBE_API_PRIVATE_ADDRESS": {get_attr: [api_address_switch, private_ip]}
|
||||||
|
"$KUBE_API_PORT": {get_param: kubernetes_port}
|
||||||
|
"$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_master_floating, floating_ip_address]}
|
||||||
|
"$KUBE_NODE_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
||||||
|
"$ETCD_VOLUME": {get_resource: etcd_volume}
|
||||||
|
"$ETCD_VOLUME_SIZE": {get_param: etcd_volume_size}
|
||||||
|
"$DOCKER_VOLUME": {get_resource: docker_volume}
|
||||||
|
"$DOCKER_VOLUME_SIZE": {get_param: docker_volume_size}
|
||||||
|
"$DOCKER_STORAGE_DRIVER": {get_param: docker_storage_driver}
|
||||||
|
"$CGROUP_DRIVER": {get_param: cgroup_driver}
|
||||||
|
"$NETWORK_DRIVER": {get_param: network_driver}
|
||||||
|
"$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
|
||||||
|
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
||||||
|
"$FLANNEL_BACKEND": {get_param: flannel_backend}
|
||||||
|
"$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay}
|
||||||
|
"$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout}
|
||||||
|
"$PODS_NETWORK_CIDR": {get_param: pods_network_cidr}
|
||||||
|
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
|
||||||
|
"$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
|
||||||
|
"$ETCD_DISCOVERY_URL": {get_param: discovery_url}
|
||||||
|
"$AUTH_URL": {get_param: auth_url}
|
||||||
|
"$USERNAME": {get_param: username}
|
||||||
|
"$PASSWORD": {get_param: password}
|
||||||
|
"$CLUSTER_NETWORK": {get_param: fixed_network}
|
||||||
|
"$CLUSTER_NETWORK_NAME": {get_param: fixed_network_name}
|
||||||
|
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||||
|
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||||
|
"$TRAEFIK_INGRESS_CONTROLLER_TAG": {get_param: traefik_ingress_controller_tag}
|
||||||
|
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
||||||
|
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
|
||||||
|
"$VERIFY_CA": {get_param: verify_ca}
|
||||||
|
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
||||||
|
"$MAGNUM_URL": {get_param: magnum_url}
|
||||||
|
"$VOLUME_DRIVER": {get_param: volume_driver}
|
||||||
|
"$REGION_NAME": {get_param: region_name}
|
||||||
|
"$HTTP_PROXY": {get_param: http_proxy}
|
||||||
|
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||||
|
"$NO_PROXY": {get_param: no_proxy}
|
||||||
|
"$KUBE_TAG": {get_param: kube_tag}
|
||||||
|
"$CLOUD_PROVIDER_TAG": {get_param: cloud_provider_tag}
|
||||||
|
"$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
|
||||||
|
"$ETCD_TAG": {get_param: etcd_tag}
|
||||||
|
"$COREDNS_TAG": {get_param: coredns_tag}
|
||||||
|
"$FLANNEL_TAG": {get_param: flannel_tag}
|
||||||
|
"$FLANNEL_CNI_TAG": {get_param: flannel_cni_tag}
|
||||||
|
"$KUBE_VERSION": {get_param: kube_version}
|
||||||
|
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
|
||||||
|
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||||
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
|
"$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
"$DNS_SERVICE_IP": {get_param: dns_service_ip}
|
||||||
|
"$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
|
||||||
|
"$CERT_MANAGER_API": {get_param: cert_manager_api}
|
||||||
|
"$CA_KEY": {get_param: ca_key}
|
||||||
|
"$CALICO_TAG": {get_param: calico_tag}
|
||||||
|
"$CALICO_CNI_TAG": {get_param: calico_cni_tag}
|
||||||
|
"$CALICO_KUBE_CONTROLLERS_TAG": {get_param: calico_kube_controllers_tag}
|
||||||
|
"$CALICO_IPV4POOL": {get_param: calico_ipv4pool}
|
||||||
|
"$INGRESS_CONTROLLER": {get_param: ingress_controller}
|
||||||
|
"$INGRESS_CONTROLLER_ROLE": {get_param: ingress_controller_role}
|
||||||
|
"$OCTAVIA_INGRESS_CONTROLLER_TAG": {get_param: octavia_ingress_controller_tag}
|
||||||
|
"$KUBELET_OPTIONS": {get_param: kubelet_options}
|
||||||
|
"$KUBEAPI_OPTIONS": {get_param: kubeapi_options}
|
||||||
|
"$KUBECONTROLLER_OPTIONS": {get_param: kubecontroller_options}
|
||||||
|
"$KUBEPROXY_OPTIONS": {get_param: kubeproxy_options}
|
||||||
|
"$KUBESCHEDULER_OPTIONS": {get_param: kubescheduler_options}
|
||||||
|
"$OCTAVIA_ENABLED": {get_param: octavia_enabled}
|
||||||
|
"$KUBE_SERVICE_ACCOUNT_KEY": {get_param: kube_service_account_key}
|
||||||
|
"$KUBE_SERVICE_ACCOUNT_PRIVATE_KEY": {get_param: kube_service_account_private_key}
|
||||||
|
"$PROMETHEUS_TAG": {get_param: prometheus_tag}
|
||||||
|
"$GRAFANA_TAG": {get_param: grafana_tag}
|
||||||
|
"$HEAT_CONTAINER_AGENT_TAG": {get_param: heat_container_agent_tag}
|
||||||
|
"$KEYSTONE_AUTH_ENABLED": {get_param: keystone_auth_enabled}
|
||||||
|
"$K8S_KEYSTONE_AUTH_TAG": {get_param: k8s_keystone_auth_tag}
|
||||||
|
"$MONITORING_ENABLED": {get_param: monitoring_enabled}
|
||||||
|
"$PROMETHEUS_OPERATOR_CHART_TAG": {get_param: prometheus_operator_chart_tag}
|
||||||
|
"$PROJECT_ID": {get_param: project_id}
|
||||||
|
"$EXTERNAL_NETWORK_ID": {get_param: external_network}
|
||||||
|
"$TILLER_ENABLED": {get_param: tiller_enabled}
|
||||||
|
"$TILLER_TAG": {get_param: tiller_tag}
|
||||||
|
"$TILLER_NAMESPACE": {get_param: tiller_namespace}
|
||||||
|
"$NODE_PROBLEM_DETECTOR_TAG": {get_param: node_problem_detector_tag}
|
||||||
|
"$NGINX_INGRESS_CONTROLLER_TAG": {get_param: nginx_ingress_controller_tag}
|
||||||
|
"$AUTO_HEALING_ENABLED": {get_param: auto_healing_enabled}
|
||||||
|
"$AUTO_HEALING_CONTROLLER": {get_param: auto_healing_controller}
|
||||||
|
"$MAGNUM_AUTO_HEALER_TAG": {get_param: magnum_auto_healer_tag}
|
||||||
|
"$AUTO_SCALING_ENABLED": {get_param: auto_scaling_enabled}
|
||||||
|
"$DRAINO_TAG": {get_param: draino_tag}
|
||||||
|
"$AUTOSCALER_TAG": {get_param: autoscaler_tag}
|
||||||
|
"$MIN_NODE_COUNT": {get_param: min_node_count}
|
||||||
|
"$MAX_NODE_COUNT": {get_param: max_node_count}
|
||||||
|
"$NPD_ENABLED": {get_param: npd_enabled}
|
||||||
|
|
||||||
|
master_config_deployment:
|
||||||
|
type: OS::Heat::SoftwareDeployment
|
||||||
|
properties:
|
||||||
|
signal_transport: HEAT_SIGNAL
|
||||||
|
config: {get_resource: master_config}
|
||||||
|
server: {get_resource: kube-master}
|
||||||
|
actions: ['CREATE']
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# a single kubernetes master.
|
||||||
|
#
|
||||||
|
|
||||||
|
# do NOT use "_" (underscore) in the Nova server name
|
||||||
|
# it creates a mismatch between the generated Nova name and its hostname
|
||||||
|
# which can lead to weird problems
|
||||||
|
kube-master:
|
||||||
|
type: OS::Nova::Server
|
||||||
|
properties:
|
||||||
|
name: {get_param: name}
|
||||||
|
image: {get_param: server_image}
|
||||||
|
flavor: {get_param: master_flavor}
|
||||||
|
user_data_format: SOFTWARE_CONFIG
|
||||||
|
software_config_transport: POLL_SERVER_HEAT
|
||||||
|
user_data: {get_resource: agent_config}
|
||||||
|
networks:
|
||||||
|
- port: {get_resource: kube_master_eth0}
|
||||||
|
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
||||||
|
availability_zone: {get_param: availability_zone}
|
||||||
|
|
||||||
|
kube_master_eth0:
|
||||||
|
type: OS::Neutron::Port
|
||||||
|
properties:
|
||||||
|
network: {get_param: fixed_network}
|
||||||
|
security_groups:
|
||||||
|
- {get_param: secgroup_kube_master_id}
|
||||||
|
fixed_ips:
|
||||||
|
- subnet: {get_param: fixed_subnet}
|
||||||
|
allowed_address_pairs:
|
||||||
|
- ip_address: {get_param: flannel_network_cidr}
|
||||||
|
replacement_policy: AUTO
|
||||||
|
|
||||||
|
kube_master_floating:
|
||||||
|
type: Magnum::Optional::KubeMaster::Neutron::FloatingIP
|
||||||
|
properties:
|
||||||
|
floating_network: {get_param: external_network}
|
||||||
|
port_id: {get_resource: kube_master_eth0}
|
||||||
|
|
||||||
|
api_pool_member:
|
||||||
|
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
||||||
|
properties:
|
||||||
|
pool: {get_param: api_pool_id}
|
||||||
|
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
subnet: { get_param: fixed_subnet }
|
||||||
|
protocol_port: {get_param: kubernetes_port}
|
||||||
|
|
||||||
|
etcd_pool_member:
|
||||||
|
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
||||||
|
properties:
|
||||||
|
pool: {get_param: etcd_pool_id}
|
||||||
|
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
subnet: { get_param: fixed_subnet }
|
||||||
|
protocol_port: 2379
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# etcd storage. This allocates a cinder volume and attaches it
|
||||||
|
# to the master.
|
||||||
|
#
|
||||||
|
|
||||||
|
etcd_volume:
|
||||||
|
type: Magnum::Optional::Etcd::Volume
|
||||||
|
properties:
|
||||||
|
size: {get_param: etcd_volume_size}
|
||||||
|
|
||||||
|
etcd_volume_attach:
|
||||||
|
type: Magnum::Optional::Etcd::VolumeAttachment
|
||||||
|
properties:
|
||||||
|
instance_uuid: {get_resource: kube-master}
|
||||||
|
volume_id: {get_resource: etcd_volume}
|
||||||
|
mountpoint: /dev/vdc
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# docker storage. This allocates a cinder volume and attaches it
|
||||||
|
# to the minion.
|
||||||
|
#
|
||||||
|
|
||||||
|
docker_volume:
|
||||||
|
type: Magnum::Optional::Cinder::Volume
|
||||||
|
properties:
|
||||||
|
size: {get_param: docker_volume_size}
|
||||||
|
volume_type: {get_param: docker_volume_type}
|
||||||
|
|
||||||
|
docker_volume_attach:
|
||||||
|
type: Magnum::Optional::Cinder::VolumeAttachment
|
||||||
|
properties:
|
||||||
|
instance_uuid: {get_resource: kube-master}
|
||||||
|
volume_id: {get_resource: docker_volume}
|
||||||
|
mountpoint: /dev/vdb
|
||||||
|
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
|
||||||
|
kube_master_ip:
|
||||||
|
value: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
description: >
|
||||||
|
This is the "private" IP address of the Kubernetes master node.
|
||||||
|
|
||||||
|
kube_master_external_ip:
|
||||||
|
value: {get_attr: [kube_master_floating, floating_ip_address]}
|
||||||
|
description: >
|
||||||
|
This is the "public" IP address of the Kubernetes master node.
|
|
@ -0,0 +1,400 @@
|
||||||
|
heat_template_version: 2014-10-16
|
||||||
|
|
||||||
|
description: >
|
||||||
|
This is a nested stack that defines a single Kubernetes minion, This stack is
|
||||||
|
included by an AutoScalingGroup resource in the parent template
|
||||||
|
(kubecluster.yaml).
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: server name
|
||||||
|
|
||||||
|
server_image:
|
||||||
|
type: string
|
||||||
|
description: glance image used to boot the server
|
||||||
|
|
||||||
|
minion_flavor:
|
||||||
|
type: string
|
||||||
|
description: flavor to use when booting the server
|
||||||
|
|
||||||
|
ssh_key_name:
|
||||||
|
type: string
|
||||||
|
description: name of ssh key to be provisioned on our server
|
||||||
|
|
||||||
|
external_network:
|
||||||
|
type: string
|
||||||
|
description: uuid/name of a network to use for floating ip addresses
|
||||||
|
|
||||||
|
kube_allow_priv:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
whether or not kubernetes should permit privileged containers.
|
||||||
|
constraints:
|
||||||
|
- allowed_values: ["true", "false"]
|
||||||
|
|
||||||
|
docker_volume_size:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
|
||||||
|
docker_volume_type:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
type of a cinder volume to allocate to docker for container/image
|
||||||
|
storage
|
||||||
|
|
||||||
|
docker_storage_driver:
|
||||||
|
type: string
|
||||||
|
description: docker storage driver name
|
||||||
|
default: "devicemapper"
|
||||||
|
|
||||||
|
tls_disabled:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to enable TLS
|
||||||
|
|
||||||
|
verify_ca:
|
||||||
|
type: boolean
|
||||||
|
description: whether or not to validate certificate authority
|
||||||
|
|
||||||
|
kubernetes_port:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
The port which are used by kube-apiserver to provide Kubernetes
|
||||||
|
service.
|
||||||
|
|
||||||
|
cluster_uuid:
|
||||||
|
type: string
|
||||||
|
description: identifier for the cluster this template is generating
|
||||||
|
|
||||||
|
magnum_url:
|
||||||
|
type: string
|
||||||
|
description: endpoint to retrieve TLS certs from
|
||||||
|
|
||||||
|
prometheus_monitoring:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
whether or not to have the node-exporter running on the node
|
||||||
|
|
||||||
|
kube_master_ip:
|
||||||
|
type: string
|
||||||
|
description: IP address of the Kubernetes master server.
|
||||||
|
|
||||||
|
etcd_server_ip:
|
||||||
|
type: string
|
||||||
|
description: IP address of the Etcd server.
|
||||||
|
|
||||||
|
fixed_network:
|
||||||
|
type: string
|
||||||
|
description: Network from which to allocate fixed addresses.
|
||||||
|
|
||||||
|
fixed_subnet:
|
||||||
|
type: string
|
||||||
|
description: Subnet from which to allocate fixed addresses.
|
||||||
|
|
||||||
|
network_driver:
|
||||||
|
type: string
|
||||||
|
description: network driver to use for instantiating container networks
|
||||||
|
|
||||||
|
flannel_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: network range for flannel overlay network
|
||||||
|
|
||||||
|
wait_condition_timeout:
|
||||||
|
type: number
|
||||||
|
description : >
|
||||||
|
timeout for the Wait Conditions
|
||||||
|
|
||||||
|
registry_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
Indicates whether the docker registry is enabled.
|
||||||
|
|
||||||
|
registry_port:
|
||||||
|
type: number
|
||||||
|
description: port of registry service
|
||||||
|
|
||||||
|
swift_region:
|
||||||
|
type: string
|
||||||
|
description: region of swift service
|
||||||
|
|
||||||
|
registry_container:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
name of swift container which docker registry stores images in
|
||||||
|
|
||||||
|
registry_insecure:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
indicates whether to skip TLS verification between registry and backend storage
|
||||||
|
|
||||||
|
registry_chunksize:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size fo the data segments for the swift dynamic large objects
|
||||||
|
|
||||||
|
secgroup_kube_minion_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the security group for kubernetes minion.
|
||||||
|
|
||||||
|
volume_driver:
|
||||||
|
type: string
|
||||||
|
description: volume driver to use for container storage
|
||||||
|
|
||||||
|
region_name:
|
||||||
|
type: string
|
||||||
|
description: A logically separate section of the cluster
|
||||||
|
|
||||||
|
username:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user account
|
||||||
|
|
||||||
|
password:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
user password, not set in current implementation, only used to
|
||||||
|
fill in for Kubernetes config file
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
|
||||||
|
kube_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||||
|
|
||||||
|
flannel_tag:
|
||||||
|
type: string
|
||||||
|
description: tag of the flannel system containers
|
||||||
|
|
||||||
|
kube_version:
|
||||||
|
type: string
|
||||||
|
description: version of kubernetes used for kubernetes cluster
|
||||||
|
|
||||||
|
trustee_domain_id:
|
||||||
|
type: string
|
||||||
|
description: domain id of the trustee
|
||||||
|
|
||||||
|
trustee_user_id:
|
||||||
|
type: string
|
||||||
|
description: user id of the trustee
|
||||||
|
|
||||||
|
trustee_username:
|
||||||
|
type: string
|
||||||
|
description: username of the trustee
|
||||||
|
|
||||||
|
trustee_password:
|
||||||
|
type: string
|
||||||
|
description: password of the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
trust_id:
|
||||||
|
type: string
|
||||||
|
description: id of the trust which is used by the trustee
|
||||||
|
hidden: true
|
||||||
|
|
||||||
|
auth_url:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
url for keystone, must be v2 since k8s backend only support v2
|
||||||
|
at this point
|
||||||
|
|
||||||
|
insecure_registry_url:
|
||||||
|
type: string
|
||||||
|
description: insecure registry url
|
||||||
|
|
||||||
|
container_infra_prefix:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
prefix of container images used in the cluster, kubernetes components,
|
||||||
|
kubernetes-dashboard, coredns etc
|
||||||
|
|
||||||
|
dns_service_ip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
address used by Kubernetes DNS service
|
||||||
|
|
||||||
|
dns_cluster_domain:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
domain name for cluster DNS
|
||||||
|
|
||||||
|
openstack_ca:
|
||||||
|
type: string
|
||||||
|
description: The OpenStack CA certificate to install on the node.
|
||||||
|
|
||||||
|
nodes_server_group_id:
|
||||||
|
type: string
|
||||||
|
description: ID of the server group for kubernetes cluster nodes.
|
||||||
|
|
||||||
|
availability_zone:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
availability zone for master and nodes
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
pods_network_cidr:
|
||||||
|
type: string
|
||||||
|
description: Configure the IP pool/range from which pod IPs will be chosen
|
||||||
|
|
||||||
|
kubelet_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kubelet
|
||||||
|
|
||||||
|
kubeproxy_options:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
additional options to be passed to the kube proxy
|
||||||
|
|
||||||
|
octavia_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
whether or not to use Octavia for LoadBalancer type service.
|
||||||
|
default: False
|
||||||
|
|
||||||
|
container_runtime:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Container runtime to use with Kubernetes.
|
||||||
|
|
||||||
|
hyperkube_image:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
Docker registry used for hyperkube image
|
||||||
|
|
||||||
|
resources:
|
||||||
|
|
||||||
|
|
||||||
|
minion_wait_handle:
|
||||||
|
type: OS::Heat::WaitConditionHandle
|
||||||
|
|
||||||
|
minion_wait_condition:
|
||||||
|
type: OS::Heat::WaitCondition
|
||||||
|
depends_on: kube-minion
|
||||||
|
properties:
|
||||||
|
handle: {get_resource: minion_wait_handle}
|
||||||
|
timeout: {get_param: wait_condition_timeout}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# software configs. these are components that are combined into
|
||||||
|
# a multipart MIME user-data archive.
|
||||||
|
#
|
||||||
|
|
||||||
|
agent_config:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config:
|
||||||
|
list_join:
|
||||||
|
- "\n"
|
||||||
|
-
|
||||||
|
- str_replace:
|
||||||
|
template: {get_file: fragments/configure-agent.ign}
|
||||||
|
params:
|
||||||
|
$SSH_KEY_VALUE: {get_param: ssh_key_value}
|
||||||
|
$HOSTNAME: {get_param: name}
|
||||||
|
$OPENSTACK_CA: {get_param: openstack_ca}
|
||||||
|
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
||||||
|
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
|
||||||
|
$TRUSTEE_USER_ID: {get_param: trustee_user_id}
|
||||||
|
$TRUSTEE_PASSWORD: {get_param: trustee_password}
|
||||||
|
$AUTH_URL: {get_param: auth_url}
|
||||||
|
$PROJECT_ID: {get_param: project_id}
|
||||||
|
$REGION_NAME: {get_param: region_name}
|
||||||
|
$RESOURCE_NAME: "kube_master"
|
||||||
|
$STACK_ID: "ID"
|
||||||
|
|
||||||
|
# do NOT use "_" (underscore) in the Nova server name
|
||||||
|
# it creates a mismatch between the generated Nova name and its hostname
|
||||||
|
# which can lead to weird problems
|
||||||
|
kube-minion:
|
||||||
|
type: OS::Nova::Server
|
||||||
|
properties:
|
||||||
|
name: {get_param: name}
|
||||||
|
image: {get_param: server_image}
|
||||||
|
flavor: {get_param: minion_flavor}
|
||||||
|
key_name: {get_param: ssh_key_name}
|
||||||
|
user_data_format: RAW
|
||||||
|
user_data: {get_resource: agent_config}
|
||||||
|
networks:
|
||||||
|
- port: {get_resource: kube_minion_eth0}
|
||||||
|
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
||||||
|
|
||||||
|
kube_minion_eth0:
|
||||||
|
type: OS::Neutron::Port
|
||||||
|
properties:
|
||||||
|
network: {get_param: fixed_network}
|
||||||
|
security_groups:
|
||||||
|
- {get_param: secgroup_kube_minion_id}
|
||||||
|
fixed_ips:
|
||||||
|
- subnet: {get_param: fixed_subnet}
|
||||||
|
allowed_address_pairs:
|
||||||
|
- ip_address: {get_param: flannel_network_cidr}
|
||||||
|
replacement_policy: AUTO
|
||||||
|
|
||||||
|
kube_minion_floating:
|
||||||
|
type: Magnum::Optional::KubeMinion::Neutron::FloatingIP
|
||||||
|
properties:
|
||||||
|
floating_network: {get_param: external_network}
|
||||||
|
port_id: {get_resource: kube_minion_eth0}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# docker storage. This allocates a cinder volume and attaches it
|
||||||
|
# to the minion.
|
||||||
|
#
|
||||||
|
|
||||||
|
docker_volume:
|
||||||
|
type: Magnum::Optional::Cinder::Volume
|
||||||
|
properties:
|
||||||
|
size: {get_param: docker_volume_size}
|
||||||
|
volume_type: {get_param: docker_volume_type}
|
||||||
|
|
||||||
|
docker_volume_attach:
|
||||||
|
type: Magnum::Optional::Cinder::VolumeAttachment
|
||||||
|
properties:
|
||||||
|
instance_uuid: {get_resource: kube-minion}
|
||||||
|
volume_id: {get_resource: docker_volume}
|
||||||
|
mountpoint: /dev/vdb
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
|
||||||
|
kube_minion_ip:
|
||||||
|
value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
|
||||||
|
description: >
|
||||||
|
This is the "public" IP address of the Kubernetes minion node.
|
||||||
|
|
||||||
|
kube_minion_external_ip:
|
||||||
|
value: {get_attr: [kube_minion_floating, floating_ip_address]}
|
||||||
|
description: >
|
||||||
|
This is the "public" IP address of the Kubernetes minion node.
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# NOTE(flwang): Returning the minion node server ID here so that
|
||||||
|
# consumer can send API request to Heat to remove a particular
|
||||||
|
# node with removal_policies. Otherwise, the consumer (e.g. AutoScaler)
|
||||||
|
# has to use index to do the remove which is confusing out of the
|
||||||
|
# OpenStack world.
|
||||||
|
# https://storyboard.openstack.org/#!/story/2005054
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
OS::stack_id:
|
||||||
|
value: { get_resource: kube-minion }
|
||||||
|
description: >
|
||||||
|
This is the Nova server id of the node.
|
|
@ -0,0 +1,17 @@
|
||||||
|
# Copyright 2016 - Rackspace Hosting
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
version = '1.0.0'
|
||||||
|
driver = 'k8s_fedora_coreos_v1'
|
||||||
|
container_version = '1.11.2'
|
|
@ -66,6 +66,7 @@ magnum.drivers =
|
||||||
swarm_fedora_atomic_v2 = magnum.drivers.swarm_fedora_atomic_v2.driver:Driver
|
swarm_fedora_atomic_v2 = magnum.drivers.swarm_fedora_atomic_v2.driver:Driver
|
||||||
mesos_ubuntu_v1 = magnum.drivers.mesos_ubuntu_v1.driver:Driver
|
mesos_ubuntu_v1 = magnum.drivers.mesos_ubuntu_v1.driver:Driver
|
||||||
k8s_fedora_ironic_v1 = magnum.drivers.k8s_fedora_ironic_v1.driver:Driver
|
k8s_fedora_ironic_v1 = magnum.drivers.k8s_fedora_ironic_v1.driver:Driver
|
||||||
|
k8s_fedora_coreos_v1 = magnum.drivers.k8s_fedora_coreos_v1.driver:Driver
|
||||||
|
|
||||||
magnum.database.migration_backend =
|
magnum.database.migration_backend =
|
||||||
sqlalchemy = magnum.db.sqlalchemy.migration
|
sqlalchemy = magnum.db.sqlalchemy.migration
|
||||||
|
|
Loading…
Reference in New Issue