From 4a17de8c6aefd6943d47f551de53da4df413913f Mon Sep 17 00:00:00 2001
From: Ton Ngo <ton@us.ibm.com>
Date: Tue, 16 Jun 2015 20:12:35 +0000
Subject: [PATCH] Configure Ironic for Kubernetes load balancer feature

Kubernetes service provides the LoadBalancer feature

This is supported through an OpenStack plugin in Kubernetes code.
Enabling this features require configuring the cluster properly for
Kubernetes to interface with Neutron.  Kubernetes backend will then
create the Neutron load balancer pool, members, VIP and monitor,
and manage the pool members as pods are added/removed from the
service.

This patch updates the Ironic heat templates to adjust the minion
name and private network name to match what Kubernetes expects.

Additional scripts are from the patch for Fedora Atomic which
this patch has a dependency on.

Partially-Implements: blueprint external-lb
Change-Id: I74eaffe280b8ed20fce432d92fa6fc29048de8a5
---
 .../kubecluster-fedora-ironic.yaml            | 33 ++++++++++++++++++-
 .../kubemaster-fedora-ironic.yaml             | 33 +++++++++++++++++++
 .../kubeminion-fedora-ironic.yaml             | 17 +++++++---
 3 files changed, 77 insertions(+), 6 deletions(-)

diff --git a/magnum/templates/heat-kubernetes/kubecluster-fedora-ironic.yaml b/magnum/templates/heat-kubernetes/kubecluster-fedora-ironic.yaml
index 893cc2dc47..f8e1f2a523 100644
--- a/magnum/templates/heat-kubernetes/kubecluster-fedora-ironic.yaml
+++ b/magnum/templates/heat-kubernetes/kubecluster-fedora-ironic.yaml
@@ -17,7 +17,11 @@ parameters:
 
   fixed_network:
     type: string
-    description: name of private network into which servers get deployed
+    description: >
+      name of private network into which servers get deployed
+      Important: the Load Balancer feature in Kubernetes requires that
+      the name for the fixed_network must be "private" for the
+      address lookup in Kubernetes to work properly
 
   server_image:
     type: string
@@ -82,6 +86,29 @@ parameters:
       timeout for the Wait Conditions
     default: 6000
 
+  auth_url:
+    type: string
+    description: >
+      url for kubernetes to authenticate before sending request to neutron
+
+  username:
+    type: string
+    description: >
+      user account
+
+  password:
+    type: string
+    description: >
+      user password, not set in current implementation, only used to
+      fill in for Kubernetes config file
+    default:
+      ChangeMe
+
+  tenant_name:
+    type: string
+    description: >
+      tenant name
+
 resources:
 
   ######################################################################
@@ -110,6 +137,10 @@ resources:
           flannel_use_vxlan: {get_param: flannel_use_vxlan}
           portal_network_cidr: {get_param: portal_network_cidr}
           fixed_network: {get_resource: fixed_network}
+          auth_url: {get_param: auth_url}
+          username: {get_param: username}
+          password: {get_param: password}
+          tenant_name: {get_param: tenant_name}
 
   kube_minions:
     type: OS::Heat::ResourceGroup
diff --git a/magnum/templates/heat-kubernetes/kubemaster-fedora-ironic.yaml b/magnum/templates/heat-kubernetes/kubemaster-fedora-ironic.yaml
index 23878d6b49..4d2f4ba416 100644
--- a/magnum/templates/heat-kubernetes/kubemaster-fedora-ironic.yaml
+++ b/magnum/templates/heat-kubernetes/kubemaster-fedora-ironic.yaml
@@ -68,6 +68,27 @@ parameters:
       timeout for the Wait Conditions
     default: 6000
 
+  auth_url:
+    type: string
+    description: >
+      url for kubernetes to authenticate before sending request to neutron
+      must be v2 since kubernetes backend only suppor v2 at this point
+
+  username:
+    type: string
+    description: >
+      user account
+
+  password:
+    type: string
+    description: >
+      user password
+
+  tenant_name:
+    type: string
+    description: >
+      tenant name
+
 resources:
 
   master_wait_handle:
@@ -97,6 +118,7 @@ resources:
         - config: {get_resource: disable_selinux}
         - config: {get_resource: write_heat_params}
         - config: {get_resource: enable_etcd}
+        - config: {get_resource: write_kube_os_config}
         - config: {get_resource: configure_kubernetes}
         - config: {get_resource: enable_services}
         - config: {get_resource: configure_flannel}
@@ -127,6 +149,11 @@ resources:
             "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
             "$FLANNEL_USE_VXLAN": {get_param: flannel_use_vxlan}
             "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
+            "$AUTH_URL": {get_param: auth_url}
+            "$USERNAME": {get_param: username}
+            "$PASSWORD": {get_param: password}
+            "$TENANT_NAME": {get_param: tenant_name}
+            "$CLUSTER_SUBNET": {get_param: fixed_subnet}
 
   configure_kubernetes:
     type: OS::Heat::SoftwareConfig
@@ -146,6 +173,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/configure-flannel.sh}
 
+  write_kube_os_config:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/write-kube-os-config.sh}
+
   enable_services:
     type: OS::Heat::SoftwareConfig
     properties:
diff --git a/magnum/templates/heat-kubernetes/kubeminion-fedora-ironic.yaml b/magnum/templates/heat-kubernetes/kubeminion-fedora-ironic.yaml
index d6fcd15e55..24021a6e6e 100644
--- a/magnum/templates/heat-kubernetes/kubeminion-fedora-ironic.yaml
+++ b/magnum/templates/heat-kubernetes/kubeminion-fedora-ironic.yaml
@@ -53,7 +53,7 @@ resources:
 
   minion_wait_condition:
     type: OS::Heat::WaitCondition
-    depends_on: kube_minion
+    depends_on: kube-minion
     properties:
       handle: {get_resource: minion_wait_handle}
       timeout: {get_param: wait_condition_timeout}
@@ -144,7 +144,14 @@ resources:
         - config: {get_resource: enable_services}
         - config: {get_resource: minion_wc_notify}
 
-  kube_minion:
+  # Important:  the name for the heat resource kube-minion below must
+  # not contain "_" (underscore) because it will be used in the
+  # hostname.  Because DNS domain name does not allow "_", the "_"
+  # will be converted to a "-" and this will make the hostname different
+  # from the Nova instance name.  This in turn will break the load
+  # balancer feature in Kubernetes.
+
+  kube-minion:
     type: OS::Nova::Server
     properties:
       image: {get_param: server_image}
@@ -160,15 +167,15 @@ resources:
     properties:
       floating_network: {get_param: external_network}
       port_id:
-        get_attr: [kube_minion, addresses, {get_param: fixed_network}, 0, port]
+        get_attr: [kube-minion, addresses, {get_param: fixed_network}, 0, port]
 
 outputs:
 
   kube_minion_ip:
-    value: {get_attr: [kube_minion, networks, private, 0]}
+    value: {get_attr: [kube-minion, networks, private, 0]}
 
   kube_minion_external_ip:
     value: {get_attr: [kube_minion_floating, floating_ip_address]}
 
   OS::stack_id:
-    value: {get_attr: [kube_minion, networks, private, 0]}
+    value: {get_attr: [kube-minion, networks, private, 0]}