Merge "Drop k8s_fedora_ironic_v1 driver"
This commit is contained in:
commit
c2567f202a
@ -296,12 +296,6 @@ function magnum_register_image {
|
||||
if [ ! -z "$fedora_coreos" ]; then
|
||||
magnum_image_property=$magnum_image_property"fedora-coreos"
|
||||
fi
|
||||
# os_distro property for fedora ironic image
|
||||
local fedora_ironic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -i "ironic" \
|
||||
| grep -io "fedora" || true;)"
|
||||
if [ ! -z "$fedora_ironic" ]; then
|
||||
magnum_image_property=$magnum_image_property"fedora"
|
||||
fi
|
||||
|
||||
# get the image name
|
||||
local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL")
|
||||
|
@ -2733,17 +2733,6 @@ The following software are managed as systemd services:
|
||||
|
||||
The login user for this image is *core*.
|
||||
|
||||
Kubernetes on Ironic
|
||||
--------------------
|
||||
|
||||
This image is built manually using diskimagebuilder. The scripts and
|
||||
instructions are included in `Magnum code repo
|
||||
<https://opendev.org/openstack/magnum/src/branch/master/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes>`_.
|
||||
Currently Ironic is not fully supported yet, therefore more details will be
|
||||
provided when this driver has been fully tested.
|
||||
|
||||
|
||||
|
||||
Notification
|
||||
============
|
||||
|
||||
|
@ -271,10 +271,6 @@ class ClusterTemplatesController(base.Controller):
|
||||
"driver. Please migrate to the fedora_coreos driver. fedora_atomic "
|
||||
"driver will be removed in a future Magnum version.")
|
||||
|
||||
_fedora_ironic_deprecation_note = (
|
||||
"The fedora ironic driver is deprecated. "
|
||||
"The driver will be removed in a future Magnum version.")
|
||||
|
||||
def _generate_name_for_cluster_template(self, context):
|
||||
"""Generate a random name like: zeta-22-model."""
|
||||
|
||||
@ -441,13 +437,6 @@ class ClusterTemplatesController(base.Controller):
|
||||
DeprecationWarning)
|
||||
LOG.warning(self._coreos_deprecation_note)
|
||||
|
||||
if (cluster_template_dict['coe'] == 'kubernetes' and
|
||||
cluster_template_dict['cluster_distro'] == 'fedora' and
|
||||
cluster_template_dict['server_type'] == 'bm'):
|
||||
warnings.warn(self._fedora_ironic_deprecation_note,
|
||||
DeprecationWarning)
|
||||
LOG.warning(self._fedora_ironic_deprecation_note)
|
||||
|
||||
# NOTE(yuywz): We will generate a random human-readable name for
|
||||
# cluster_template if the name is not specified by user.
|
||||
arg_name = cluster_template_dict.get('name')
|
||||
|
@ -1,30 +0,0 @@
|
||||
# Copyright 2016 Rackspace Inc. All rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from magnum.drivers.heat import driver
|
||||
from magnum.drivers.k8s_fedora_ironic_v1 import template_def
|
||||
|
||||
|
||||
class Driver(driver.KubernetesDriver):
|
||||
|
||||
@property
|
||||
def provides(self):
|
||||
return [
|
||||
{'server_type': 'bm',
|
||||
'os': 'fedora',
|
||||
'coe': 'kubernetes'},
|
||||
]
|
||||
|
||||
def get_template_definition(self):
|
||||
return template_def.FedoraK8sIronicTemplateDefinition()
|
@ -1,45 +0,0 @@
|
||||
Kubernetes elements
|
||||
===================
|
||||
|
||||
This directory contains `[diskimage-builder](https://github.com/openstack/diskimage-builder)`
|
||||
elements to build an image which contains kubernetes required to use kubecluster-fedora-ironic.yaml.
|
||||
|
||||
An example fedora based image and uploaded to glance with the following:
|
||||
|
||||
# Install diskimage-builder in virtual environment
|
||||
virtualenv .
|
||||
. bin/activate
|
||||
pip install diskimage-builder
|
||||
git clone https://git.openstack.org/openstack/magnum
|
||||
git clone https://git.openstack.org/openstack/dib-utils.git
|
||||
export PATH="${PWD}/dib-utils/bin:$PATH"
|
||||
export ELEMENTS_PATH=$(python -c 'import os, diskimage_builder, pkg_resources;print(os.path.abspath(pkg_resources.resource_filename(diskimage_builder.__name__, "elements")))')
|
||||
export ELEMENTS_PATH=${ELEMENTS_PATH}:magnum/magnum/drivers/k8s_fedora_ironic_v1/image
|
||||
export DIB_RELEASE=25
|
||||
disk-image-create baremetal \
|
||||
fedora selinux-permissive \
|
||||
kubernetes \
|
||||
-o fedora-25-kubernetes.qcow2
|
||||
|
||||
KERNEL_ID=`glance image-create --name fedora-k8s-kernel \
|
||||
--visibility public \
|
||||
--disk-format=aki \
|
||||
--container-format=aki \
|
||||
--file=fedora-25-kubernetes.vmlinuz \
|
||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
||||
RAMDISK_ID=`glance image-create --name fedora-k8s-ramdisk \
|
||||
--visibility public \
|
||||
--disk-format=ari \
|
||||
--container-format=ari \
|
||||
--file=fedora-25-kubernetes.initrd \
|
||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
||||
BASE_ID=`glance image-create --name fedora-k8s \
|
||||
--os-distro fedora \
|
||||
--visibility public \
|
||||
--disk-format=qcow2 \
|
||||
--container-format=bare \
|
||||
--property kernel_id=$KERNEL_ID \
|
||||
--property ramdisk_id=$RAMDISK_ID \
|
||||
--file=fedora-25-kubernetes.qcow2 \
|
||||
| grep -v kernel | grep -v ramdisk \
|
||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
@ -1 +0,0 @@
|
||||
package-installs
|
@ -1,5 +0,0 @@
|
||||
kubernetes:
|
||||
etcd:
|
||||
flannel:
|
||||
docker-io:
|
||||
python2:
|
@ -1,75 +0,0 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutronclient.common import exceptions as n_exception
|
||||
from neutronclient.neutron import v2_0 as neutronV20
|
||||
import os
|
||||
|
||||
from magnum.common import exception
|
||||
from magnum.drivers.heat import k8s_fedora_template_def as kftd
|
||||
from oslo_config import cfg
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
class FedoraK8sIronicTemplateDefinition(kftd.K8sFedoraTemplateDefinition):
|
||||
"""Kubernetes template for a Fedora Baremetal."""
|
||||
|
||||
def __init__(self):
|
||||
super(FedoraK8sIronicTemplateDefinition, self).__init__()
|
||||
self.add_parameter('fixed_subnet',
|
||||
cluster_template_attr='fixed_subnet',
|
||||
param_type=str,
|
||||
required=True)
|
||||
|
||||
def get_fixed_network_id(self, osc, cluster_template):
|
||||
try:
|
||||
subnet = neutronV20.find_resource_by_name_or_id(
|
||||
osc.neutron(),
|
||||
'subnet',
|
||||
cluster_template.fixed_subnet
|
||||
)
|
||||
except n_exception.NeutronException as e:
|
||||
# NOTE(yuanying): NeutronCLIError doesn't have status_code
|
||||
# if subnet name is duplicated, NeutronClientNoUniqueMatch
|
||||
# (which is kind of NeutronCLIError) will be raised.
|
||||
if getattr(e, 'status_code', 400) < 500:
|
||||
raise exception.InvalidSubnet(message=("%s" % e))
|
||||
else:
|
||||
raise e
|
||||
|
||||
if subnet['ip_version'] != 4:
|
||||
raise exception.InvalidSubnet(
|
||||
message="Subnet IP version should be 4"
|
||||
)
|
||||
|
||||
return subnet['network_id']
|
||||
|
||||
def get_params(self, context, cluster_template, cluster, **kwargs):
|
||||
ep = kwargs.pop('extra_params', {})
|
||||
|
||||
osc = self.get_osc(context)
|
||||
ep['fixed_network'] = self.get_fixed_network_id(osc, cluster_template)
|
||||
|
||||
return super(FedoraK8sIronicTemplateDefinition,
|
||||
self).get_params(context, cluster_template, cluster,
|
||||
extra_params=ep,
|
||||
**kwargs)
|
||||
|
||||
@property
|
||||
def driver_module_path(self):
|
||||
return __name__[:__name__.rindex('.')]
|
||||
|
||||
@property
|
||||
def template_path(self):
|
||||
return os.path.join(os.path.dirname(os.path.realpath(__file__)),
|
||||
'templates/kubecluster.yaml')
|
@ -1,733 +0,0 @@
|
||||
heat_template_version: 2014-10-16
|
||||
|
||||
description: >
|
||||
This template will boot a Kubernetes cluster with one or more
|
||||
minions (as specified by the number_of_minions parameter, which
|
||||
defaults to 1).
|
||||
|
||||
parameters:
|
||||
|
||||
is_cluster_stack:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
master_role:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
worker_role:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
ssh_key_name:
|
||||
type: string
|
||||
description: name of ssh key to be provisioned on our server
|
||||
default: ""
|
||||
|
||||
ssh_public_key:
|
||||
type: string
|
||||
description: The public ssh key to add in all nodes
|
||||
default: ""
|
||||
|
||||
external_network:
|
||||
type: string
|
||||
description: uuid/name of a network to use for floating ip addresses
|
||||
default: public
|
||||
|
||||
fixed_network:
|
||||
type: string
|
||||
description: >
|
||||
name of private network into which servers get deployed
|
||||
Important: the Load Balancer feature in Kubernetes requires that
|
||||
the name for the fixed_network must be "private" for the
|
||||
address lookup in Kubernetes to work properly
|
||||
|
||||
fixed_subnet:
|
||||
type: string
|
||||
description: Sub network from which to allocate fixed addresses.
|
||||
default: private-subnet
|
||||
|
||||
master_image:
|
||||
type: string
|
||||
description: glance image used to boot the server
|
||||
|
||||
minion_image:
|
||||
type: string
|
||||
description: glance image used to boot the server
|
||||
|
||||
master_flavor:
|
||||
type: string
|
||||
default: m1.small
|
||||
description: flavor to use when booting the server
|
||||
|
||||
minion_flavor:
|
||||
type: string
|
||||
default: baremetal
|
||||
description: flavor to use when booting the server
|
||||
|
||||
master_nodegroup_name:
|
||||
type: string
|
||||
default: ""
|
||||
description: the name of the nodegroup where the node belongs
|
||||
|
||||
worker_nodegroup_name:
|
||||
type: string
|
||||
default: ""
|
||||
description: the name of the nodegroup where the node belongs
|
||||
|
||||
prometheus_monitoring:
|
||||
type: boolean
|
||||
default: false
|
||||
description: >
|
||||
whether or not to have the grafana-prometheus-cadvisor monitoring setup
|
||||
|
||||
grafana_admin_passwd:
|
||||
type: string
|
||||
default: admin
|
||||
hidden: true
|
||||
description: >
|
||||
admin user password for the Grafana monitoring interface
|
||||
|
||||
dns_nameserver:
|
||||
type: comma_delimited_list
|
||||
description: address of a dns nameserver reachable in your environment
|
||||
default: 8.8.8.8
|
||||
|
||||
number_of_masters:
|
||||
type: number
|
||||
description: how many kubernetes masters to spawn
|
||||
default: 1
|
||||
|
||||
number_of_minions:
|
||||
type: number
|
||||
description: how many kubernetes minions to spawn
|
||||
default: 1
|
||||
|
||||
portal_network_cidr:
|
||||
type: string
|
||||
description: >
|
||||
address range used by kubernetes for service portals
|
||||
default: 10.254.0.0/16
|
||||
|
||||
network_driver:
|
||||
type: string
|
||||
description: network driver to use for instantiating container networks
|
||||
default: flannel
|
||||
|
||||
flannel_network_cidr:
|
||||
type: string
|
||||
description: network range for flannel overlay network
|
||||
default: 10.100.0.0/16
|
||||
|
||||
flannel_network_subnetlen:
|
||||
type: number
|
||||
description: size of subnet assigned to each minion
|
||||
default: 24
|
||||
|
||||
flannel_backend:
|
||||
type: string
|
||||
description: >
|
||||
specify the backend for flannel, default udp backend
|
||||
default: "udp"
|
||||
constraints:
|
||||
- allowed_values: ["udp", "vxlan", "host-gw"]
|
||||
|
||||
system_pods_initial_delay:
|
||||
type: number
|
||||
description: >
|
||||
health check, time to wait for system pods (podmaster, scheduler) to boot
|
||||
(in seconds)
|
||||
default: 30
|
||||
|
||||
system_pods_timeout:
|
||||
type: number
|
||||
description: >
|
||||
health check, timeout for system pods (podmaster, scheduler) to answer.
|
||||
(in seconds)
|
||||
default: 5
|
||||
|
||||
admission_control_list:
|
||||
type: string
|
||||
description: >
|
||||
List of admission control plugins to activate
|
||||
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
description: >
|
||||
whether or not kubernetes should permit privileged containers.
|
||||
default: "true"
|
||||
constraints:
|
||||
- allowed_values: ["true", "false"]
|
||||
|
||||
etcd_volume_size:
|
||||
type: number
|
||||
description: >
|
||||
size of the cinder volume for etcd storage
|
||||
default: 0
|
||||
|
||||
docker_volume_size:
|
||||
type: number
|
||||
description: >
|
||||
size of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
default: 0
|
||||
|
||||
docker_volume_type:
|
||||
type: string
|
||||
description: >
|
||||
type of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
|
||||
docker_storage_driver:
|
||||
type: string
|
||||
description: docker storage driver name
|
||||
default: "devicemapper"
|
||||
|
||||
wait_condition_timeout:
|
||||
type: number
|
||||
description: >
|
||||
timeout for the Wait Conditions
|
||||
default: 6000
|
||||
|
||||
minions_to_remove:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
List of minions to be removed when doing an update. Individual minion may
|
||||
be referenced several ways: (1) The resource name (e.g. ['1', '3']),
|
||||
(2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should
|
||||
be empty when doing an create.
|
||||
default: []
|
||||
|
||||
discovery_url:
|
||||
type: string
|
||||
description: >
|
||||
Discovery URL used for bootstrapping the etcd cluster.
|
||||
|
||||
registry_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
Indicates whether the docker registry is enabled.
|
||||
default: false
|
||||
|
||||
registry_port:
|
||||
type: number
|
||||
description: port of registry service
|
||||
default: 5000
|
||||
|
||||
swift_region:
|
||||
type: string
|
||||
description: region of swift service
|
||||
default: ""
|
||||
|
||||
registry_container:
|
||||
type: string
|
||||
description: >
|
||||
name of swift container which docker registry stores images in
|
||||
default: "container"
|
||||
|
||||
registry_insecure:
|
||||
type: boolean
|
||||
description: >
|
||||
indicates whether to skip TLS verification between registry and backend storage
|
||||
default: true
|
||||
|
||||
registry_chunksize:
|
||||
type: number
|
||||
description: >
|
||||
size fo the data segments for the swift dynamic large objects
|
||||
default: 5242880
|
||||
|
||||
volume_driver:
|
||||
type: string
|
||||
description: volume driver to use for container storage
|
||||
default: ""
|
||||
|
||||
region_name:
|
||||
type: string
|
||||
description: A logically separate section of the cluster
|
||||
|
||||
username:
|
||||
type: string
|
||||
description: >
|
||||
user account
|
||||
|
||||
password:
|
||||
type: string
|
||||
description: >
|
||||
user password, not set in current implementation, only used to
|
||||
fill in for Kubernetes config file
|
||||
default:
|
||||
ChangeMe
|
||||
hidden: true
|
||||
|
||||
loadbalancing_protocol:
|
||||
type: string
|
||||
description: >
|
||||
The protocol which is used for load balancing. If you want to change
|
||||
tls_disabled option to 'True', please change this to "HTTP".
|
||||
default: TCP
|
||||
constraints:
|
||||
- allowed_values: ["TCP", "HTTP"]
|
||||
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to disable TLS
|
||||
default: False
|
||||
|
||||
kube_dashboard_enabled:
|
||||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
default: True
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
default: False
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
default: 6443
|
||||
|
||||
cluster_uuid:
|
||||
type: string
|
||||
description: identifier for the cluster this template is generating
|
||||
|
||||
magnum_url:
|
||||
type: string
|
||||
description: endpoint to retrieve TLS certs from
|
||||
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
default: ""
|
||||
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
default: ""
|
||||
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
default: ""
|
||||
|
||||
trustee_domain_id:
|
||||
type: string
|
||||
description: domain id of the trustee
|
||||
default: ""
|
||||
|
||||
trustee_user_id:
|
||||
type: string
|
||||
description: user id of the trustee
|
||||
default: ""
|
||||
|
||||
trustee_username:
|
||||
type: string
|
||||
description: username of the trustee
|
||||
default: ""
|
||||
|
||||
trustee_password:
|
||||
type: string
|
||||
description: password of the trustee
|
||||
default: ""
|
||||
hidden: true
|
||||
|
||||
trust_id:
|
||||
type: string
|
||||
description: id of the trust which is used by the trustee
|
||||
default: ""
|
||||
hidden: true
|
||||
|
||||
auth_url:
|
||||
type: string
|
||||
description: url for keystone
|
||||
|
||||
kube_tag:
|
||||
type: string
|
||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||
default: v1.11.1
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
default: v1.11.1
|
||||
|
||||
kube_dashboard_version:
|
||||
type: string
|
||||
description: version of kubernetes dashboard used for kubernetes cluster
|
||||
default: v1.5.1
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
description: insecure registry url
|
||||
default: ""
|
||||
|
||||
container_infra_prefix:
|
||||
type: string
|
||||
description: >
|
||||
prefix of container images used in the cluster, kubernetes components,
|
||||
kubernetes-dashboard, coredns etc
|
||||
constraints:
|
||||
- allowed_pattern: "^$|.*/"
|
||||
default: ""
|
||||
|
||||
openstack_ca:
|
||||
type: string
|
||||
hidden: true
|
||||
description: The OpenStack CA certificate to install on the node.
|
||||
|
||||
nodes_affinity_policy:
|
||||
type: string
|
||||
description: >
|
||||
affinity policy for nodes server group
|
||||
constraints:
|
||||
- allowed_values: ["affinity", "anti-affinity", "soft-affinity",
|
||||
"soft-anti-affinity"]
|
||||
|
||||
octavia_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
whether or not to use Octavia for LoadBalancer type service.
|
||||
default: False
|
||||
|
||||
resources:
|
||||
|
||||
api_lb:
|
||||
type: ../../common/templates/lb_api.yaml
|
||||
properties:
|
||||
fixed_subnet: {get_param: fixed_subnet}
|
||||
external_network: {get_param: external_network}
|
||||
protocol: {get_param: loadbalancing_protocol}
|
||||
port: {get_param: kubernetes_port}
|
||||
|
||||
etcd_lb:
|
||||
type: ../../common/templates/lb_etcd.yaml
|
||||
properties:
|
||||
fixed_subnet: {get_param: fixed_subnet}
|
||||
protocol: {get_param: loadbalancing_protocol}
|
||||
port: 2379
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# security groups. we need to permit network traffic of various
|
||||
# sorts.
|
||||
#
|
||||
|
||||
secgroup_base:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
|
||||
secgroup_kube_master:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: tcp
|
||||
port_range_min: 7080
|
||||
port_range_max: 7080
|
||||
- protocol: tcp
|
||||
port_range_min: 8080
|
||||
port_range_max: 8080
|
||||
- protocol: tcp
|
||||
port_range_min: 2379
|
||||
port_range_max: 2379
|
||||
- protocol: tcp
|
||||
port_range_min: 2380
|
||||
port_range_max: 2380
|
||||
- protocol: tcp
|
||||
port_range_min: 6443
|
||||
port_range_max: 6443
|
||||
- protocol: tcp
|
||||
port_range_min: 9100
|
||||
port_range_max: 9100
|
||||
- protocol: tcp
|
||||
port_range_min: 30000
|
||||
port_range_max: 32767
|
||||
|
||||
secgroup_kube_minion:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
- protocol: udp
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# resources that expose the IPs of either the kube master or a given
|
||||
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
||||
#
|
||||
|
||||
api_address_lb_switch:
|
||||
type: Magnum::ApiGatewaySwitcher
|
||||
properties:
|
||||
pool_public_ip: {get_attr: [api_lb, floating_address]}
|
||||
pool_private_ip: {get_attr: [api_lb, address]}
|
||||
master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]}
|
||||
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
||||
|
||||
etcd_address_lb_switch:
|
||||
type: Magnum::ApiGatewaySwitcher
|
||||
properties:
|
||||
pool_private_ip: {get_attr: [etcd_lb, address]}
|
||||
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# resources that expose the IPs of either floating ip or a given
|
||||
# fixed ip depending on whether FloatingIP is enabled for the cluster.
|
||||
#
|
||||
|
||||
api_address_floating_switch:
|
||||
type: Magnum::FloatingIPAddressSwitcher
|
||||
properties:
|
||||
public_ip: {get_attr: [api_address_lb_switch, public_ip]}
|
||||
private_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# resources that expose one server group for each master and worker nodes
|
||||
# separately.
|
||||
#
|
||||
|
||||
master_nodes_server_group:
|
||||
type: OS::Nova::ServerGroup
|
||||
properties:
|
||||
policies: [{get_param: nodes_affinity_policy}]
|
||||
|
||||
worker_nodes_server_group:
|
||||
type: OS::Nova::ServerGroup
|
||||
properties:
|
||||
policies: [{get_param: nodes_affinity_policy}]
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# kubernetes masters. This is a resource group that will create
|
||||
# <number_of_masters> masters.
|
||||
#
|
||||
|
||||
kube_masters:
|
||||
type: OS::Heat::ResourceGroup
|
||||
properties:
|
||||
count: {get_param: number_of_masters}
|
||||
resource_def:
|
||||
type: kubemaster.yaml
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '-'
|
||||
- [{ get_param: 'OS::stack_name' }, 'master', '%index%']
|
||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
||||
api_public_address: {get_attr: [api_lb, floating_address]}
|
||||
api_private_address: {get_attr: [api_lb, address]}
|
||||
ssh_key_name: {get_param: ssh_key_name}
|
||||
server_image: {get_param: master_image}
|
||||
master_flavor: {get_param: master_flavor}
|
||||
external_network: {get_param: external_network}
|
||||
kube_allow_priv: {get_param: kube_allow_priv}
|
||||
docker_volume_size: {get_param: docker_volume_size}
|
||||
docker_storage_driver: {get_param: docker_storage_driver}
|
||||
network_driver: {get_param: network_driver}
|
||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
|
||||
flannel_backend: {get_param: flannel_backend}
|
||||
system_pods_initial_delay: {get_param: system_pods_initial_delay}
|
||||
system_pods_timeout: {get_param: system_pods_timeout}
|
||||
portal_network_cidr: {get_param: portal_network_cidr}
|
||||
admission_control_list: {get_param: admission_control_list}
|
||||
discovery_url: {get_param: discovery_url}
|
||||
cluster_uuid: {get_param: cluster_uuid}
|
||||
magnum_url: {get_param: magnum_url}
|
||||
fixed_network: {get_param: fixed_network}
|
||||
fixed_subnet: {get_param: fixed_subnet}
|
||||
api_pool_id: {get_attr: [api_lb, pool_id]}
|
||||
etcd_pool_id: {get_attr: [etcd_lb, pool_id]}
|
||||
username: {get_param: username}
|
||||
password: {get_param: password}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
||||
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
https_proxy: {get_param: https_proxy}
|
||||
no_proxy: {get_param: no_proxy}
|
||||
kube_tag: {get_param: kube_tag}
|
||||
kube_version: {get_param: kube_version}
|
||||
kube_dashboard_version: {get_param: kube_dashboard_version}
|
||||
trustee_user_id: {get_param: trustee_user_id}
|
||||
trustee_password: {get_param: trustee_password}
|
||||
trust_id: {get_param: trust_id}
|
||||
auth_url: {get_param: auth_url}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
container_infra_prefix: {get_param: container_infra_prefix}
|
||||
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||
openstack_ca: {get_param: openstack_ca}
|
||||
nodes_server_group_id: {get_resource: master_nodes_server_group}
|
||||
octavia_enabled: {get_param: octavia_enabled}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# wait condition handler for kubernetes master
|
||||
#
|
||||
|
||||
master_wait_handle:
|
||||
type: OS::Heat::WaitConditionHandle
|
||||
|
||||
master_wait_condition:
|
||||
type: OS::Heat::WaitCondition
|
||||
properties:
|
||||
count: {get_param: number_of_masters}
|
||||
handle: {get_resource: master_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# kubernetes minions. This is an resource group that will initially
|
||||
# create <number_of_minions> minions, and needs to be manually scaled.
|
||||
#
|
||||
|
||||
kube_minions:
|
||||
type: OS::Heat::ResourceGroup
|
||||
properties:
|
||||
count: {get_param: number_of_minions}
|
||||
removal_policies: [{resource_list: {get_param: minions_to_remove}}]
|
||||
resource_def:
|
||||
type: kubeminion.yaml
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '-'
|
||||
- [{ get_param: 'OS::stack_name' }, 'minion', '%index%']
|
||||
ssh_key_name: {get_param: ssh_key_name}
|
||||
server_image: {get_param: minion_image}
|
||||
minion_flavor: {get_param: minion_flavor}
|
||||
fixed_network: {get_param: fixed_network}
|
||||
fixed_subnet: {get_param: fixed_subnet}
|
||||
secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
|
||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||
external_network: {get_param: external_network}
|
||||
kube_software_configs: {get_attr: [kubeminion_software_configs, kube_minion_init]}
|
||||
nodes_server_group_id: {get_resource: worker_nodes_server_group}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# Software configs for kubernetes minions
|
||||
#
|
||||
|
||||
kubeminion_software_configs:
|
||||
type: kubeminion_software_configs.yaml
|
||||
properties:
|
||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||
network_driver: {get_param: network_driver}
|
||||
kube_master_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
||||
etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
|
||||
kube_allow_priv: {get_param: kube_allow_priv}
|
||||
docker_volume_size: {get_param: docker_volume_size}
|
||||
docker_storage_driver: {get_param: docker_storage_driver}
|
||||
registry_enabled: {get_param: registry_enabled}
|
||||
registry_port: {get_param: registry_port}
|
||||
swift_region: {get_param: swift_region}
|
||||
registry_container: {get_param: registry_container}
|
||||
registry_insecure: {get_param: registry_insecure}
|
||||
registry_chunksize: {get_param: registry_chunksize}
|
||||
cluster_uuid: {get_param: cluster_uuid}
|
||||
magnum_url: {get_param: magnum_url}
|
||||
volume_driver: {get_param: volume_driver}
|
||||
region_name: {get_param: region_name}
|
||||
auth_url: {get_param: auth_url}
|
||||
username: {get_param: username}
|
||||
password: {get_param: password}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
https_proxy: {get_param: https_proxy}
|
||||
no_proxy: {get_param: no_proxy}
|
||||
kube_tag: {get_param: kube_tag}
|
||||
kube_version: {get_param: kube_version}
|
||||
trustee_user_id: {get_param: trustee_user_id}
|
||||
trustee_username: {get_param: trustee_username}
|
||||
trustee_password: {get_param: trustee_password}
|
||||
trustee_domain_id: {get_param: trustee_domain_id}
|
||||
trust_id: {get_param: trust_id}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
container_infra_prefix: {get_param: container_infra_prefix}
|
||||
wc_curl_cli: {get_attr: [minion_wait_handle, curl_cli]}
|
||||
openstack_ca: {get_param: openstack_ca}
|
||||
octavia_enabled: {get_param: octavia_enabled}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# wait condition handler for kubernetes minions
|
||||
#
|
||||
|
||||
minion_wait_handle:
|
||||
type: OS::Heat::WaitConditionHandle
|
||||
|
||||
minion_wait_condition:
|
||||
type: OS::Heat::WaitCondition
|
||||
properties:
|
||||
count: {get_param: number_of_minions}
|
||||
handle: {get_resource: minion_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
outputs:
|
||||
|
||||
api_address:
|
||||
value:
|
||||
str_replace:
|
||||
template: api_ip_address
|
||||
params:
|
||||
api_ip_address: {get_attr: [api_address_floating_switch, ip_address]}
|
||||
description: >
|
||||
This is the API endpoint of the Kubernetes cluster. Use this to access
|
||||
the Kubernetes API.
|
||||
|
||||
registry_address:
|
||||
value:
|
||||
str_replace:
|
||||
template: localhost:port
|
||||
params:
|
||||
port: {get_param: registry_port}
|
||||
description:
|
||||
This is the url of docker registry server where you can store docker
|
||||
images.
|
||||
|
||||
kube_masters_private:
|
||||
value: {get_attr: [kube_masters, kube_master_ip]}
|
||||
description: >
|
||||
This is a list of the "private" IP addresses of all the Kubernetes masters.
|
||||
|
||||
kube_masters:
|
||||
value: {get_attr: [kube_masters, kube_master_external_ip]}
|
||||
description: >
|
||||
This is a list of the "public" IP addresses of all the Kubernetes masters.
|
||||
Use these IP addresses to log in to the Kubernetes masters via ssh.
|
||||
|
||||
kube_minions_private:
|
||||
value: {get_attr: [kube_minions, kube_minion_ip]}
|
||||
description: >
|
||||
This is a list of the "private" IP addresses of all the Kubernetes minions.
|
||||
|
||||
kube_minions:
|
||||
value: {get_attr: [kube_minions, kube_minion_external_ip]}
|
||||
description: >
|
||||
This is a list of the "public" IP addresses of all the Kubernetes minions.
|
||||
Use these IP addresses to log in to the Kubernetes minions via ssh.
|
@ -1,559 +0,0 @@
|
||||
heat_template_version: 2014-10-16
|
||||
|
||||
description: >
|
||||
This is a nested stack that defines a single Kubernetes master, This stack is
|
||||
included by an ResourceGroup resource in the parent template
|
||||
(kubecluster.yaml).
|
||||
|
||||
parameters:
|
||||
|
||||
name:
|
||||
type: string
|
||||
description: server name
|
||||
|
||||
server_image:
|
||||
type: string
|
||||
description: glance image used to boot the server
|
||||
|
||||
master_flavor:
|
||||
type: string
|
||||
description: flavor to use when booting the server
|
||||
|
||||
ssh_key_name:
|
||||
type: string
|
||||
description: name of ssh key to be provisioned on our server
|
||||
|
||||
external_network:
|
||||
type: string
|
||||
description: uuid/name of a network to use for floating ip addresses
|
||||
|
||||
portal_network_cidr:
|
||||
type: string
|
||||
description: >
|
||||
address range used by kubernetes for service portals
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
description: >
|
||||
whether or not kubernetes should permit privileged containers.
|
||||
constraints:
|
||||
- allowed_values: ["true", "false"]
|
||||
|
||||
docker_volume_size:
|
||||
type: number
|
||||
description: >
|
||||
size of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
|
||||
docker_storage_driver:
|
||||
type: string
|
||||
description: docker storage driver name
|
||||
default: "devicemapper"
|
||||
|
||||
flannel_network_cidr:
|
||||
type: string
|
||||
description: network range for flannel overlay network
|
||||
|
||||
flannel_network_subnetlen:
|
||||
type: number
|
||||
description: size of subnet assigned to each master
|
||||
|
||||
flannel_backend:
|
||||
type: string
|
||||
description: >
|
||||
specify the backend for flannel, default udp backend
|
||||
constraints:
|
||||
- allowed_values: ["udp", "vxlan", "host-gw"]
|
||||
|
||||
system_pods_initial_delay:
|
||||
type: number
|
||||
description: >
|
||||
health check, time to wait for system pods (podmaster, scheduler) to boot
|
||||
(in seconds)
|
||||
default: 30
|
||||
|
||||
system_pods_timeout:
|
||||
type: number
|
||||
description: >
|
||||
health check, timeout for system pods (podmaster, scheduler) to answer.
|
||||
(in seconds)
|
||||
default: 5
|
||||
|
||||
admission_control_list:
|
||||
type: string
|
||||
description: >
|
||||
List of admission control plugins to activate
|
||||
|
||||
discovery_url:
|
||||
type: string
|
||||
description: >
|
||||
Discovery URL used for bootstrapping the etcd cluster.
|
||||
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to enable TLS
|
||||
|
||||
kube_dashboard_enabled:
|
||||
type: boolean
|
||||
description: whether or not to disable kubernetes dashboard
|
||||
|
||||
influx_grafana_dashboard_enabled:
|
||||
type: boolean
|
||||
description: Enable influxdb with grafana dashboard for data from heapster
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
|
||||
cluster_uuid:
|
||||
type: string
|
||||
description: identifier for the cluster this template is generating
|
||||
|
||||
magnum_url:
|
||||
type: string
|
||||
description: endpoint to retrieve TLS certs from
|
||||
|
||||
prometheus_monitoring:
|
||||
type: boolean
|
||||
description: >
|
||||
whether or not to have prometheus and grafana deployed
|
||||
|
||||
grafana_admin_passwd:
|
||||
type: string
|
||||
hidden: true
|
||||
description: >
|
||||
admin user password for the Grafana monitoring interface
|
||||
|
||||
api_public_address:
|
||||
type: string
|
||||
description: Public IP address of the Kubernetes master server.
|
||||
default: ""
|
||||
|
||||
api_private_address:
|
||||
type: string
|
||||
description: Private IP address of the Kubernetes master server.
|
||||
default: ""
|
||||
|
||||
fixed_network:
|
||||
type: string
|
||||
description: Network from which to allocate fixed addresses.
|
||||
|
||||
fixed_subnet:
|
||||
type: string
|
||||
description: Subnet from which to allocate fixed addresses.
|
||||
|
||||
network_driver:
|
||||
type: string
|
||||
description: network driver to use for instantiating container networks
|
||||
|
||||
secgroup_base_id:
|
||||
type: string
|
||||
description: ID of the security group for base.
|
||||
|
||||
secgroup_kube_master_id:
|
||||
type: string
|
||||
description: ID of the security group for kubernetes master.
|
||||
|
||||
api_pool_id:
|
||||
type: string
|
||||
description: ID of the load balancer pool of k8s API server.
|
||||
|
||||
etcd_pool_id:
|
||||
type: string
|
||||
description: ID of the load balancer pool of etcd server.
|
||||
|
||||
auth_url:
|
||||
type: string
|
||||
description: >
|
||||
url for kubernetes to authenticate
|
||||
|
||||
username:
|
||||
type: string
|
||||
description: >
|
||||
user account
|
||||
|
||||
password:
|
||||
type: string
|
||||
description: >
|
||||
user password
|
||||
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
|
||||
kube_tag:
|
||||
type: string
|
||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
|
||||
kube_dashboard_version:
|
||||
type: string
|
||||
description: version of kubernetes dashboard used for kubernetes cluster
|
||||
|
||||
trustee_user_id:
|
||||
type: string
|
||||
description: user id of the trustee
|
||||
|
||||
trustee_password:
|
||||
type: string
|
||||
description: password of the trustee
|
||||
hidden: true
|
||||
|
||||
trust_id:
|
||||
type: string
|
||||
description: id of the trust which is used by the trustee
|
||||
hidden: true
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
description: insecure registry url
|
||||
|
||||
container_infra_prefix:
|
||||
type: string
|
||||
description: >
|
||||
prefix of container images used in the cluster, kubernetes components,
|
||||
kubernetes-dashboard, coredns etc
|
||||
|
||||
wc_curl_cli:
|
||||
type: string
|
||||
description : >
|
||||
Wait condition notify command for Master.
|
||||
|
||||
etcd_lb_vip:
|
||||
type: string
|
||||
description: >
|
||||
etcd lb vip private used to generate certs on master.
|
||||
default: ""
|
||||
|
||||
openstack_ca:
|
||||
type: string
|
||||
description: The OpenStack CA certificate to install on the node.
|
||||
|
||||
nodes_server_group_id:
|
||||
type: string
|
||||
description: ID of the server group for kubernetes cluster nodes.
|
||||
|
||||
octavia_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
whether or not to use Octavia for LoadBalancer type service.
|
||||
default: False
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# resource that exposes the IPs of either the kube master or the API
|
||||
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
||||
#
|
||||
|
||||
api_address_switch:
|
||||
type: Magnum::ApiGatewaySwitcher
|
||||
properties:
|
||||
pool_public_ip: {get_param: api_public_address}
|
||||
pool_private_ip: {get_param: api_private_address}
|
||||
master_public_ip: {get_attr: [kube_master_floating, floating_ip_address]}
|
||||
master_private_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# software configs. these are components that are combined into
|
||||
# a multipart MIME user-data archive.
|
||||
#
|
||||
|
||||
write_heat_params:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params-master.yaml}
|
||||
params:
|
||||
"$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring}
|
||||
"$KUBE_API_PUBLIC_ADDRESS": {get_attr: [api_address_switch, public_ip]}
|
||||
"$KUBE_API_PRIVATE_ADDRESS": {get_attr: [api_address_switch, private_ip]}
|
||||
"$KUBE_API_PORT": {get_param: kubernetes_port}
|
||||
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
||||
"$DOCKER_VOLUME": 'None'
|
||||
"$DOCKER_VOLUME_SIZE": {get_param: docker_volume_size}
|
||||
"$DOCKER_STORAGE_DRIVER": {get_param: docker_storage_driver}
|
||||
"$NETWORK_DRIVER": {get_param: network_driver}
|
||||
"$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
|
||||
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
||||
"$FLANNEL_BACKEND": {get_param: flannel_backend}
|
||||
"$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay}
|
||||
"$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout}
|
||||
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
|
||||
"$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
|
||||
"$ETCD_DISCOVERY_URL": {get_param: discovery_url}
|
||||
"$AUTH_URL": {get_param: auth_url}
|
||||
"$USERNAME": {get_param: username}
|
||||
"$PASSWORD": {get_param: password}
|
||||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
||||
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
|
||||
"$VERIFY_CA": {get_param: verify_ca}
|
||||
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
"$HTTP_PROXY": {get_param: http_proxy}
|
||||
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||
"$NO_PROXY": {get_param: no_proxy}
|
||||
"$KUBE_TAG": {get_param: kube_tag}
|
||||
"$KUBE_VERSION": {get_param: kube_version}
|
||||
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
|
||||
"$WAIT_CURL": {get_param: wc_curl_cli}
|
||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||
"$TRUST_ID": {get_param: trust_id}
|
||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||
"$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
|
||||
"$ENABLE_CINDER": "False"
|
||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||
"$OCTAVIA_ENABLED": {get_param: octavia_enabled}
|
||||
|
||||
install_openstack_ca:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
params:
|
||||
$OPENSTACK_CA: {get_param: openstack_ca}
|
||||
template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/make-cert.sh}
|
||||
|
||||
configure_docker_storage:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
params:
|
||||
$configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
|
||||
template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
|
||||
|
||||
configure_etcd:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-etcd.sh}
|
||||
|
||||
write_kube_os_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh}
|
||||
|
||||
configure_kubernetes:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-master.sh}
|
||||
|
||||
write_flannel_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-flannel-config.sh}
|
||||
|
||||
flannel_config_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-master.sh}
|
||||
|
||||
flannel_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
||||
|
||||
enable_kube_controller_manager_scheduler:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-controller-manager-scheduler.sh}
|
||||
|
||||
kube_apiserver_to_kubelet_role:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh}
|
||||
|
||||
kube_ui_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
||||
|
||||
enable_kube_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
|
||||
|
||||
master_wc_notify:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/wc-notify-master.sh}
|
||||
|
||||
disable_selinux:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh}
|
||||
|
||||
add_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh}
|
||||
|
||||
start_container_agent:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh}
|
||||
|
||||
kube_master_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
parts:
|
||||
- config: {get_resource: install_openstack_ca}
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: configure_etcd}
|
||||
- config: {get_resource: write_kube_os_config}
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_kubernetes}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: write_flannel_config}
|
||||
- config: {get_resource: flannel_config_service}
|
||||
- config: {get_resource: flannel_service}
|
||||
- config: {get_resource: kube_apiserver_to_kubelet_role}
|
||||
- config: {get_resource: enable_kube_controller_manager_scheduler}
|
||||
- config: {get_resource: enable_kube_proxy}
|
||||
- config: {get_resource: kube_ui_service}
|
||||
- config: {get_resource: start_container_agent}
|
||||
- config: {get_resource: master_wc_notify}
|
||||
|
||||
enable_prometheus_monitoring:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: script
|
||||
config:
|
||||
str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
|
||||
params:
|
||||
"$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
|
||||
|
||||
enable_prometheus_monitoring_deployment:
|
||||
type: OS::Heat::SoftwareDeployment
|
||||
properties:
|
||||
signal_transport: HEAT_SIGNAL
|
||||
config: {get_resource: enable_prometheus_monitoring}
|
||||
server: {get_resource: kube-master}
|
||||
actions: ['CREATE']
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# a single kubernetes master.
|
||||
#
|
||||
|
||||
# do NOT use "_" (underscore) in the Nova server name
|
||||
# it creates a mismatch between the generated Nova name and its hostname
|
||||
# which can lead to weird problems
|
||||
kube-master:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
name: {get_param: name}
|
||||
image: {get_param: server_image}
|
||||
flavor: {get_param: master_flavor}
|
||||
key_name: {get_param: ssh_key_name}
|
||||
user_data_format: SOFTWARE_CONFIG
|
||||
software_config_transport: POLL_SERVER_HEAT
|
||||
user_data: {get_resource: kube_master_init}
|
||||
networks:
|
||||
- port: {get_resource: kube_master_eth0}
|
||||
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
||||
|
||||
kube_master_eth0:
|
||||
type: "OS::Neutron::Port"
|
||||
properties:
|
||||
network_id:
|
||||
get_param: fixed_network
|
||||
security_groups:
|
||||
- {get_param: secgroup_kube_master_id}
|
||||
fixed_ips:
|
||||
- subnet_id:
|
||||
get_param: fixed_subnet
|
||||
allowed_address_pairs:
|
||||
- ip_address: {get_param: flannel_network_cidr}
|
||||
|
||||
kube_master_floating:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network:
|
||||
get_param: external_network
|
||||
port_id:
|
||||
get_resource: kube_master_eth0
|
||||
|
||||
api_pool_member:
|
||||
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
||||
properties:
|
||||
pool: {get_param: api_pool_id}
|
||||
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||
subnet: { get_param: fixed_subnet }
|
||||
protocol_port: {get_param: kubernetes_port}
|
||||
|
||||
etcd_pool_member:
|
||||
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
||||
properties:
|
||||
pool: {get_param: etcd_pool_id}
|
||||
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||
subnet: { get_param: fixed_subnet }
|
||||
protocol_port: 2379
|
||||
|
||||
outputs:
|
||||
|
||||
kube_master_ip:
|
||||
value: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||
description: >
|
||||
This is the "private" IP address of the Kubernetes master node.
|
||||
|
||||
kube_master_external_ip:
|
||||
value: {get_attr: [kube_master_floating, floating_ip_address]}
|
||||
description: >
|
||||
This is the "public" IP address of the Kubernetes master node.
|
@ -1,125 +0,0 @@
|
||||
heat_template_version: 2014-10-16
|
||||
|
||||
description: >
|
||||
This is a nested stack that defines a single Kubernetes minion, This stack is
|
||||
included by an AutoScalingGroup resource in the parent template
|
||||
(kubecluster.yaml).
|
||||
|
||||
parameters:
|
||||
|
||||
name:
|
||||
type: string
|
||||
description: server name
|
||||
|
||||
server_image:
|
||||
type: string
|
||||
description: glance image used to boot the server
|
||||
|
||||
minion_flavor:
|
||||
type: string
|
||||
description: flavor to use when booting the server
|
||||
|
||||
ssh_key_name:
|
||||
type: string
|
||||
description: name of ssh key to be provisioned on our server
|
||||
|
||||
external_network:
|
||||
type: string
|
||||
description: uuid/name of a network to use for floating ip addresses
|
||||
|
||||
fixed_network:
|
||||
type: string
|
||||
description: Network from which to allocate fixed addresses.
|
||||
|
||||
fixed_subnet:
|
||||
type: string
|
||||
description: Subnet from which to allocate fixed addresses.
|
||||
|
||||
secgroup_kube_minion_id:
|
||||
type: string
|
||||
description: ID of the security group for kubernetes minion.
|
||||
|
||||
flannel_network_cidr:
|
||||
type: string
|
||||
description: network range for flannel overlay network
|
||||
|
||||
kube_software_configs:
|
||||
type: string
|
||||
description : >
|
||||
ID of the multipart mime.
|
||||
|
||||
nodes_server_group_id:
|
||||
type: string
|
||||
description: ID of the server group for kubernetes cluster nodes.
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# a single kubernetes minion.
|
||||
#
|
||||
|
||||
# do NOT use "_" (underscore) in the Nova server name
|
||||
# it creates a mismatch between the generated Nova name and its hostname
|
||||
# which can lead to weird problems
|
||||
kube-minion:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
name: {get_param: name}
|
||||
image: {get_param: server_image}
|
||||
flavor: {get_param: minion_flavor}
|
||||
key_name: {get_param: ssh_key_name}
|
||||
user_data_format: RAW
|
||||
user_data: {get_param: kube_software_configs}
|
||||
networks:
|
||||
- port: {get_resource: kube_minion_eth0}
|
||||
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
||||
|
||||
kube_minion_eth0:
|
||||
type: "OS::Neutron::Port"
|
||||
properties:
|
||||
network_id:
|
||||
get_param: fixed_network
|
||||
security_groups:
|
||||
- {get_param: secgroup_kube_minion_id}
|
||||
fixed_ips:
|
||||
- subnet_id:
|
||||
get_param: fixed_subnet
|
||||
allowed_address_pairs:
|
||||
- ip_address: {get_param: flannel_network_cidr}
|
||||
|
||||
kube_minion_floating:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network:
|
||||
get_param: external_network
|
||||
port_id:
|
||||
get_resource: kube_minion_eth0
|
||||
|
||||
outputs:
|
||||
|
||||
kube_minion_ip:
|
||||
value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
|
||||
description: >
|
||||
This is the "public" IP address of the Kubernetes minion node.
|
||||
|
||||
kube_minion_external_ip:
|
||||
value: {get_attr: [kube_minion_floating, floating_ip_address]}
|
||||
description: >
|
||||
This is the "public" IP address of the Kubernetes minion node.
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# NOTE(flwang): Returning the minion node server ID here so that
|
||||
# consumer can send API request to Heat to remove a particular
|
||||
# node with removal_policies. Otherwise, the consumer (e.g. AutoScaler)
|
||||
# has to use index to do the remove which is confusing out of the
|
||||
# OpenStack world.
|
||||
# https://storyboard.openstack.org/#!/story/2005054
|
||||
#
|
||||
######################################################################
|
||||
|
||||
OS::stack_id:
|
||||
value: { get_resource: kube-minion }
|
||||
description: >
|
||||
This is the Ironic server id of the node.
|
@ -1,355 +0,0 @@
|
||||
heat_template_version: 2014-10-16
|
||||
|
||||
description: >
|
||||
This is a nested stack that defines software configs for Kubernetes minions.
|
||||
|
||||
parameters:
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
description: >
|
||||
whether or not kubernetes should permit privileged containers.
|
||||
constraints:
|
||||
- allowed_values: ["true", "false"]
|
||||
|
||||
docker_volume_size:
|
||||
type: number
|
||||
description: >
|
||||
size of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
|
||||
docker_storage_driver:
|
||||
type: string
|
||||
description: docker storage driver name
|
||||
default: "devicemapper"
|
||||
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to enable TLS
|
||||
|
||||
verify_ca:
|
||||
type: boolean
|
||||
description: whether or not to validate certificate authority
|
||||
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
|
||||
cluster_uuid:
|
||||
type: string
|
||||
description: identifier for the cluster this template is generating
|
||||
|
||||
magnum_url:
|
||||
type: string
|
||||
description: endpoint to retrieve TLS certs from
|
||||
|
||||
prometheus_monitoring:
|
||||
type: boolean
|
||||
description: >
|
||||
whether or not to have the node-exporter running on the node
|
||||
|
||||
kube_master_ip:
|
||||
type: string
|
||||
description: IP address of the Kubernetes master server.
|
||||
|
||||
etcd_server_ip:
|
||||
type: string
|
||||
description: IP address of the Etcd server.
|
||||
|
||||
network_driver:
|
||||
type: string
|
||||
description: network driver to use for instantiating container networks
|
||||
|
||||
registry_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
Indicates whether the docker registry is enabled.
|
||||
|
||||
registry_port:
|
||||
type: number
|
||||
description: port of registry service
|
||||
|
||||
swift_region:
|
||||
type: string
|
||||
description: region of swift service
|
||||
|
||||
registry_container:
|
||||
type: string
|
||||
description: >
|
||||
name of swift container which docker registry stores images in
|
||||
|
||||
registry_insecure:
|
||||
type: boolean
|
||||
description: >
|
||||
indicates whether to skip TLS verification between registry and backend storage
|
||||
|
||||
registry_chunksize:
|
||||
type: number
|
||||
description: >
|
||||
size fo the data segments for the swift dynamic large objects
|
||||
|
||||
volume_driver:
|
||||
type: string
|
||||
description: volume driver to use for container storage
|
||||
|
||||
region_name:
|
||||
type: string
|
||||
description: A logically separate section of the cluster
|
||||
|
||||
username:
|
||||
type: string
|
||||
description: >
|
||||
user account
|
||||
|
||||
password:
|
||||
type: string
|
||||
description: >
|
||||
user password, not set in current implementation, only used to
|
||||
fill in for Kubernetes config file
|
||||
hidden: true
|
||||
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
|
||||
kube_tag:
|
||||
type: string
|
||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
||||
|
||||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
|
||||
trustee_domain_id:
|
||||
type: string
|
||||
description: domain id of the trustee
|
||||
|
||||
trustee_user_id:
|
||||
type: string
|
||||
description: user id of the trustee
|
||||
|
||||
trustee_username:
|
||||
type: string
|
||||
description: username of the trustee
|
||||
|
||||
trustee_password:
|
||||
type: string
|
||||
description: password of the trustee
|
||||
hidden: true
|
||||
|
||||
trust_id:
|
||||
type: string
|
||||
description: id of the trust which is used by the trustee
|
||||
hidden: true
|
||||
|
||||
auth_url:
|
||||
type: string
|
||||
description: >
|
||||
url for keystone, must be v2 since k8s backend only support v2
|
||||
at this point
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
description: insecure registry url
|
||||
|
||||
container_infra_prefix:
|
||||
type: string
|
||||
description: >
|
||||
prefix of container images used in the cluster, kubernetes components,
|
||||
kubernetes-dashboard, coredns etc
|
||||
|
||||
wc_curl_cli:
|
||||
type: string
|
||||
description : >
|
||||
Wait condition notify command for Minion.
|
||||
|
||||
openstack_ca:
|
||||
type: string
|
||||
description: The OpenStack CA certificate to install on the node.
|
||||
|
||||
octavia_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
whether or not to use Octavia for LoadBalancer type service.
|
||||
default: False
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# software configs. these are components that are combined into
|
||||
# a multipart MIME user-data archive.
|
||||
#
|
||||
|
||||
write_heat_params:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params.yaml}
|
||||
params:
|
||||
$PROMETHEUS_MONITORING: {get_param: prometheus_monitoring}
|
||||
$KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
|
||||
$KUBE_MASTER_IP: {get_param: kube_master_ip}
|
||||
$KUBE_API_PORT: {get_param: kubernetes_port}
|
||||
$ETCD_SERVER_IP: {get_param: etcd_server_ip}
|
||||
$DOCKER_VOLUME: 'None'
|
||||
$DOCKER_VOLUME_SIZE: {get_param: docker_volume_size}
|
||||
$DOCKER_STORAGE_DRIVER: {get_param: docker_storage_driver}
|
||||
$NETWORK_DRIVER: {get_param: network_driver}
|
||||
$REGISTRY_ENABLED: {get_param: registry_enabled}
|
||||
$REGISTRY_PORT: {get_param: registry_port}
|
||||
$SWIFT_REGION: {get_param: swift_region}
|
||||
$REGISTRY_CONTAINER: {get_param: registry_container}
|
||||
$REGISTRY_INSECURE: {get_param: registry_insecure}
|
||||
$REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
|
||||
$TLS_DISABLED: {get_param: tls_disabled}
|
||||
$VERIFY_CA: {get_param: verify_ca}
|
||||
$CLUSTER_UUID: {get_param: cluster_uuid}
|
||||
$MAGNUM_URL: {get_param: magnum_url}
|
||||
$USERNAME: {get_param: username}
|
||||
$PASSWORD: {get_param: password}
|
||||
$VOLUME_DRIVER: {get_param: volume_driver}
|
||||
$REGION_NAME: {get_param: region_name}
|
||||
$HTTP_PROXY: {get_param: http_proxy}
|
||||
$HTTPS_PROXY: {get_param: https_proxy}
|
||||
$NO_PROXY: {get_param: no_proxy}
|
||||
$KUBE_TAG: {get_param: kube_tag}
|
||||
$KUBE_VERSION: {get_param: kube_version}
|
||||
$WAIT_CURL: {get_param: wc_curl_cli}
|
||||
$TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id}
|
||||
$TRUSTEE_USER_ID: {get_param: trustee_user_id}
|
||||
$TRUSTEE_USERNAME: {get_param: trustee_username}
|
||||
$TRUSTEE_PASSWORD: {get_param: trustee_password}
|
||||
$TRUST_ID: {get_param: trust_id}
|
||||
$AUTH_URL: {get_param: auth_url}
|
||||
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
|
||||
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
||||
$ENABLE_CINDER: "False"
|
||||
$OCTAVIA_ENABLED: {get_param: octavia_enabled}
|
||||
|
||||
install_openstack_ca:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
params:
|
||||
$OPENSTACK_CA: {get_param: openstack_ca}
|
||||
template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh}
|
||||
|
||||
configure_docker_storage:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
params:
|
||||
$configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
|
||||
template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
|
||||
|
||||
configure_docker_registry:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh}
|
||||
|
||||
configure_kubernetes_minion:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh}
|
||||
|
||||
flannel_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-minion.sh}
|
||||
|
||||
enable_docker_registry:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
|
||||
|
||||
enable_kube_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh}
|
||||
|
||||
minion_wc_notify:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -v
|
||||
if [ "verify_ca" == "True" ]; then
|
||||
VERIFY_CA=""
|
||||
else
|
||||
VERIFY_CA="-k"
|
||||
fi
|
||||
wc_notify $VERIFY_CA --data-binary '{"status": "SUCCESS"}'
|
||||
params:
|
||||
wc_notify: {get_param: wc_curl_cli}
|
||||
verify_ca: {get_param: verify_ca}
|
||||
|
||||
disable_selinux:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh}
|
||||
|
||||
add_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh}
|
||||
|
||||
kube_minion_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
parts:
|
||||
- config: {get_resource: install_openstack_ca}
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_docker_registry}
|
||||
- config: {get_resource: configure_kubernetes_minion}
|
||||
- config: {get_resource: flannel_service}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: enable_kube_proxy}
|
||||
- config: {get_resource: enable_docker_registry}
|
||||
- config: {get_resource: minion_wc_notify}
|
||||
|
||||
outputs:
|
||||
kube_minion_init:
|
||||
value: {get_resource: kube_minion_init}
|
||||
description: ID of the multipart mime for kubeminion.
|
@ -1,17 +0,0 @@
|
||||
# Copyright 2016 - Rackspace Hosting
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
version = '1.0.0'
|
||||
driver = 'k8s_fedora_ironic_v1'
|
||||
container_version = '1.12.6'
|
@ -41,51 +41,6 @@ if [[ -e /etc/ci/mirror_info.sh ]]; then
|
||||
source /etc/ci/mirror_info.sh
|
||||
fi
|
||||
|
||||
if [ "${coe}${special}" = "k8s-ironic" ]; then
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-kubernetes-ironic-latest.tar.gz'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-kubernetes-ironic-latest'"
|
||||
|
||||
export DEVSTACK_GATE_VIRT_DRIVER="ironic"
|
||||
# NOTE(strigazi) keep cinder
|
||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service cinder c-sch c-api c-vol"
|
||||
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin ironic https://git.openstack.org/openstack/ironic"
|
||||
|
||||
# NOTE(TheJulia): Ironic switched to "hardware types" in Queens and
|
||||
# removed legacy "drivers" in Rocky. "ipmi" superceeds *_ipmitool drivers.
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_DEPLOY_DRIVER=ipmi"
|
||||
# NOTE(ykarel) Ironic to work with magnum, requires devstack to be configured with IP_VERSION=4
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IP_VERSION=4"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BAREMETAL_BASIC_OPS=True"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_LOG_DIR=/opt/stack/new/ironic-bm-logs"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"DEFAULT_INSTANCE_TYPE=baremetal"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"BUILD_TIMEOUT=600"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_CALLBACK_TIMEOUT=600"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_AGENT=openvswitch"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_ML2_TENANT_NETWORK_TYPE=vxlan"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BUILD_DEPLOY_RAMDISK=False"
|
||||
|
||||
# We don't enable swift in Gate Jobs so not required
|
||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_ENABLE_TEMPURLS=True"
|
||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_TEMPURL_KEY=password"
|
||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_HASH=password"
|
||||
# NOTE(TheJulia): Enable interface order will result in the iscsi
|
||||
# deployment method being used by default.
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DEPLOY_INTERFACES=iscsi,direct"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"VOLUME_BACKING_FILE_SIZE=24G"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"FORCE_CONFIG_DRIVE=True"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_RAMDISK_TYPE=tinyipa"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_IPXE_ENABLED=False"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_COUNT=2"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SSH_PORT=22"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_RAM=1024"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
|
||||
else
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-35.20220116.3.0-openstack.x86_64'"
|
||||
fi
|
||||
|
||||
# Enable magnum plugin in the last step
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin magnum https://git.openstack.org/openstack/magnum"
|
||||
|
||||
|
@ -27,23 +27,8 @@ function create_test_data {
|
||||
# First we test Magnum's command line to see if we can stand up
|
||||
# a cluster_template, cluster and a pod
|
||||
|
||||
coe=$1
|
||||
special=$2
|
||||
if [ "${coe}${special}" == 'k8s-ironic' ]; then
|
||||
local bm_flavor_id=$(openstack flavor show baremetal -f value -c id)
|
||||
die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor"
|
||||
# NOTE(TheJulia): This issue was fixed in Feb 2018 as part of change
|
||||
# Ifb9a49d4258a559cf2175d902e9424a3f98065c5. Commented out in Oct 2018.
|
||||
# NOTE(yuanying): Workaround fix for ironic issue
|
||||
# cf. https://bugs.launchpad.net/ironic/+bug/1596421
|
||||
# echo "alter table ironic.nodes modify instance_info LONGTEXT;" | mysql -uroot -p${MYSQL_PASSWORD} ironic
|
||||
# NOTE(yuanying): Ironic instances need to connect to Internet
|
||||
openstack subnet set private-subnet --dns-nameserver 8.8.8.8
|
||||
local container_format="ami"
|
||||
else
|
||||
local image_name="fedora-coreos"
|
||||
local container_format="bare"
|
||||
fi
|
||||
local image_name="fedora-coreos"
|
||||
local container_format="bare"
|
||||
|
||||
# if we have the MAGNUM_IMAGE_NAME setting, use it instead
|
||||
# of the default one. In combination with MAGNUM_GUEST_IMAGE_URL
|
||||
@ -161,10 +146,6 @@ echo "Running magnum functional test suite for $1"
|
||||
coe=$1
|
||||
special=$2
|
||||
|
||||
if [[ "-ironic" != "$special" ]]; then
|
||||
add_flavor
|
||||
fi
|
||||
|
||||
# Get admin credentials
|
||||
pushd ../devstack
|
||||
source openrc admin admin
|
||||
@ -182,13 +163,6 @@ EXIT_CODE=$?
|
||||
echo_summary "Running keypair-delete"
|
||||
openstack keypair delete default
|
||||
|
||||
if [[ "-ironic" != "$special" ]]; then
|
||||
# Delete the flavor used in the functional test.
|
||||
echo_summary "Running flavor-delete"
|
||||
openstack flavor delete m1.magnum
|
||||
openstack flavor delete s1.magnum
|
||||
fi
|
||||
|
||||
# Save functional testing log
|
||||
sudo cp $MAGNUM_DIR/functional-tests.log /opt/stack/logs/
|
||||
|
||||
|
@ -13,7 +13,6 @@
|
||||
# under the License.
|
||||
|
||||
import abc
|
||||
from neutronclient.common import exceptions as n_exception
|
||||
from unittest import mock
|
||||
|
||||
from magnum.common import exception
|
||||
@ -24,8 +23,6 @@ from magnum.drivers.k8s_fedora_atomic_v1 import driver as k8sa_dr
|
||||
from magnum.drivers.k8s_fedora_atomic_v1 import template_def as k8sa_tdef
|
||||
from magnum.drivers.k8s_fedora_coreos_v1 import driver as k8s_fcos_dr
|
||||
from magnum.drivers.k8s_fedora_coreos_v1 import template_def as k8s_fcos_tdef
|
||||
from magnum.drivers.k8s_fedora_ironic_v1 import driver as k8s_i_dr
|
||||
from magnum.drivers.k8s_fedora_ironic_v1 import template_def as k8si_tdef
|
||||
from magnum.tests import base
|
||||
|
||||
from requests import exceptions as req_exceptions
|
||||
@ -60,17 +57,6 @@ class TemplateDefinitionTestCase(base.TestCase):
|
||||
self.assertIsInstance(definition,
|
||||
k8sa_tdef.AtomicK8sTemplateDefinition)
|
||||
|
||||
@mock.patch('magnum.drivers.common.driver.Driver.get_driver')
|
||||
def test_get_bm_fedora_kubernetes_ironic_definition(self, mock_driver):
|
||||
mock_driver.return_value = k8s_i_dr.Driver()
|
||||
cluster_driver = driver.Driver.get_driver('bm',
|
||||
'fedora',
|
||||
'kubernetes')
|
||||
definition = cluster_driver.get_template_definition()
|
||||
|
||||
self.assertIsInstance(definition,
|
||||
k8si_tdef.FedoraK8sIronicTemplateDefinition)
|
||||
|
||||
@mock.patch('magnum.drivers.common.driver.Driver.get_driver')
|
||||
def test_get_vm_fcos_kubernetes_definition(self, mock_driver):
|
||||
mock_driver.return_value = k8s_fcos_dr.Driver()
|
||||
@ -1550,107 +1536,3 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
||||
|
||||
self.assertEqual(extra_params["master_lb_allowed_cidrs"],
|
||||
"192.168.0.0/16,172.24.0.0/16")
|
||||
|
||||
|
||||
class FedoraK8sIronicTemplateDefinitionTestCase(base.TestCase):
|
||||
|
||||
def get_definition(self):
|
||||
return k8s_i_dr.Driver().get_template_definition()
|
||||
|
||||
def assert_neutron_find(self, mock_neutron_v20_find,
|
||||
osc, cluster_template):
|
||||
mock_neutron_v20_find.assert_called_once_with(
|
||||
osc.neutron(),
|
||||
'subnet',
|
||||
cluster_template.fixed_subnet
|
||||
)
|
||||
|
||||
def assert_raises_from_get_fixed_network_id(
|
||||
self,
|
||||
mock_neutron_v20_find,
|
||||
exeption_from_neutron_client,
|
||||
expected_exception_class
|
||||
):
|
||||
definition = self.get_definition()
|
||||
osc = mock.MagicMock()
|
||||
cluster_template = mock.MagicMock()
|
||||
mock_neutron_v20_find.side_effect = exeption_from_neutron_client
|
||||
|
||||
self.assertRaises(
|
||||
expected_exception_class,
|
||||
definition.get_fixed_network_id,
|
||||
osc,
|
||||
cluster_template
|
||||
)
|
||||
|
||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
||||
def test_get_fixed_network_id(self, mock_neutron_v20_find):
|
||||
expected_network_id = 'expected_network_id'
|
||||
|
||||
osc = mock.MagicMock()
|
||||
cluster_template = mock.MagicMock()
|
||||
definition = self.get_definition()
|
||||
mock_neutron_v20_find.return_value = {
|
||||
'ip_version': 4,
|
||||
'network_id': expected_network_id,
|
||||
}
|
||||
|
||||
self.assertEqual(
|
||||
expected_network_id,
|
||||
definition.get_fixed_network_id(osc, cluster_template)
|
||||
)
|
||||
self.assert_neutron_find(mock_neutron_v20_find, osc, cluster_template)
|
||||
|
||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
||||
def test_get_fixed_network_id_with_invalid_ip_ver(self,
|
||||
mock_neutron_v20_find):
|
||||
osc = mock.MagicMock()
|
||||
cluster_template = mock.MagicMock()
|
||||
definition = self.get_definition()
|
||||
mock_neutron_v20_find.return_value = {
|
||||
'ip_version': 6,
|
||||
'network_id': 'expected_network_id',
|
||||
}
|
||||
|
||||
self.assertRaises(
|
||||
exception.InvalidSubnet,
|
||||
definition.get_fixed_network_id,
|
||||
osc,
|
||||
cluster_template
|
||||
)
|
||||
|
||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
||||
def test_get_fixed_network_id_with_duplicated_name(self,
|
||||
mock_neutron_v20_find):
|
||||
ex = n_exception.NeutronClientNoUniqueMatch(
|
||||
resource='subnet',
|
||||
name='duplicated-name'
|
||||
)
|
||||
|
||||
self.assert_raises_from_get_fixed_network_id(
|
||||
mock_neutron_v20_find,
|
||||
ex,
|
||||
exception.InvalidSubnet,
|
||||
)
|
||||
|
||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
||||
def test_get_fixed_network_id_with_client_error(self,
|
||||
mock_neutron_v20_find):
|
||||
ex = n_exception.BadRequest()
|
||||
|
||||
self.assert_raises_from_get_fixed_network_id(
|
||||
mock_neutron_v20_find,
|
||||
ex,
|
||||
exception.InvalidSubnet,
|
||||
)
|
||||
|
||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
||||
def test_get_fixed_network_id_with_server_error(self,
|
||||
mock_neutron_v20_find):
|
||||
ex = n_exception.ServiceUnavailable()
|
||||
|
||||
self.assert_raises_from_get_fixed_network_id(
|
||||
mock_neutron_v20_find,
|
||||
ex,
|
||||
n_exception.ServiceUnavailable,
|
||||
)
|
||||
|
@ -49,16 +49,6 @@
|
||||
export DEVSTACK_SUBNODE_CONFIG+=$'\n'"disable_service tempest"
|
||||
fi
|
||||
|
||||
if [ "{{ ironic }}" -eq 1 ] ; then
|
||||
export PROJECTS="openstack/ironic $PROJECTS"
|
||||
export PROJECTS="openstack/ironic-lib $PROJECTS"
|
||||
export PROJECTS="openstack/ironic-python-agent $PROJECTS"
|
||||
export PROJECTS="openstack/python-ironicclient $PROJECTS"
|
||||
export PROJECTS="x/pyghmi $PROJECTS"
|
||||
export PROJECTS="openstack/virtualbmc $PROJECTS"
|
||||
export MAGNUM_GATE_SPECIAL="-ironic"
|
||||
fi
|
||||
|
||||
if [ "{{ horizon }}" -eq 0 ] ; then
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service horizon"
|
||||
else
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
``k8s_fedora_ironic_v1`` driver has been dropped.
|
@ -53,7 +53,6 @@ oslo.policy.policies =
|
||||
magnum.drivers =
|
||||
k8s_fedora_atomic_v1 = magnum.drivers.k8s_fedora_atomic_v1.driver:Driver
|
||||
k8s_fedora_coreos_v1 = magnum.drivers.k8s_fedora_coreos_v1.driver:Driver
|
||||
k8s_fedora_ironic_v1 = magnum.drivers.k8s_fedora_ironic_v1.driver:Driver
|
||||
|
||||
magnum.database.migration_backend =
|
||||
sqlalchemy = magnum.db.sqlalchemy.migration
|
||||
|
11
tox.ini
11
tox.ini
@ -37,17 +37,6 @@ commands =
|
||||
find . -type f -name "*.py[c|o]" -delete
|
||||
stestr run {posargs}
|
||||
|
||||
[testenv:functional-k8s-ironic]
|
||||
sitepackages = True
|
||||
setenv = {[testenv]setenv}
|
||||
OS_TEST_PATH=./magnum/tests/functional/k8s_ironic
|
||||
OS_TEST_TIMEOUT=7200
|
||||
deps =
|
||||
{[testenv]deps}
|
||||
commands =
|
||||
find . -type f -name "*.py[c|o]" -delete
|
||||
stestr run {posargs}
|
||||
|
||||
[testenv:functional-k8s-coreos]
|
||||
sitepackages = True
|
||||
setenv = {[testenv]setenv}
|
||||
|
Loading…
Reference in New Issue
Block a user