Fix the CoreOS Heat templates
This patch follows the CoreOS guidance for kubernetes: https://coreos.com/kubernetes/docs/latest/getting-started.html CoreOS doesn't support multi-part mime user-data, so we cannot pack multiple scripts into one (which we did in Atomic). The major work of this patch is to wrap each cloud-init script with a systemd unit, which will be executed one-by-one at the first boot. Note that this patch only enable a basic CoreOS support. Advanced features (i.e. TLS, Cinder volume, HA, external load balancing) are not included. These features need to be ported from Atomic as a future work. Partially-Implements: blueprint coreos-k8s-bay Change-Id: Ib6fe76718ac9b198e0aae57618d3edd98792f15d
This commit is contained in:
parent
b4abeeafa7
commit
dc1eacee60
|
@ -0,0 +1,46 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/configure-etcd.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Configure etcd
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/configure-etcd.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/configure-etcd.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
DROP_IN_FILE=/etc/systemd/system/etcd2.service.d/20-configure-etcd.conf
|
||||
mkdir -p $(dirname $DROP_IN_FILE)
|
||||
cat > $DROP_IN_FILE <<EOF
|
||||
[Service]
|
||||
Environment=ETCD_NAME=$myip
|
||||
Environment=ETCD_DATA_DIR=/var/lib/etcd/default.etcd
|
||||
Environment=ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
|
||||
Environment=ETCD_LISTEN_PEER_URLS=http://$myip:2380
|
||||
|
||||
Environment=ETCD_ADVERTISE_CLIENT_URLS=http://$myip:2379
|
||||
Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=http://$myip:2380
|
||||
Environment=ETCD_DISCOVERY=$ETCD_DISCOVERY_URL
|
||||
EOF
|
||||
|
||||
if [ -n "$HTTP_PROXY" ]; then
|
||||
echo "Environment=ETCD_DISCOVERY_PROXY=$HTTP_PROXY" >> $DROP_IN_FILE
|
||||
fi
|
||||
|
||||
systemctl enable etcd2
|
||||
systemctl --no-block start etcd2
|
|
@ -1,16 +0,0 @@
|
|||
#cloud-config
|
||||
|
||||
coreos:
|
||||
etcd:
|
||||
# generate a new token for each cluster from https://discovery.etcd.io/new
|
||||
discovery: https://discovery.etcd.io/$token
|
||||
# multi-region and multi-cloud deployments need to use $public_ipv4
|
||||
addr: $private_ipv4:2379
|
||||
peer-addr: $private_ipv4:2380
|
||||
units:
|
||||
- name: etcd.service
|
||||
command: start
|
||||
- name: fleet.service
|
||||
command: start
|
||||
ssh_authorized_key:
|
||||
- $ssh_authorized_key
|
|
@ -0,0 +1,47 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/create-kube-namespace.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
After=kubelet.service
|
||||
Requires=kubelet.service
|
||||
Description=Create kube-system namespace
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/create-kube-namespace.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/create-kube-namespace.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
until curl -sf "http://127.0.0.1:8080/healthz"
|
||||
do
|
||||
echo "Waiting for Kubernetes API..."
|
||||
sleep 5
|
||||
done
|
||||
|
||||
KUBE_SYSTEM_JSON=/srv/kubernetes/kube-system-namespace.json
|
||||
mkdir -p $(dirname ${KUBE_SYSTEM_JSON})
|
||||
cat > ${KUBE_SYSTEM_JSON} <<EOF
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Namespace",
|
||||
"metadata": {
|
||||
"name": "kube-system"
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
curl -XPOST -d@${KUBE_SYSTEM_JSON} "http://127.0.0.1:8080/api/v1/namespaces"
|
|
@ -0,0 +1,84 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-apiserver.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Configure Kubernetes API Server
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-apiserver.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-apiserver.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
# TODO(hongbin): enable TLS
|
||||
TLS_CERT_FILE=
|
||||
TLS_PRIVATE_KEY_FILE=
|
||||
CLIENT_CA_FILE=
|
||||
INSECURE_PORT=${KUBE_API_PORT}
|
||||
SECURE_PORT=0
|
||||
BIND_ADDRESS_CMD="--insecure-bind-address=0.0.0.0"
|
||||
KUBE_CERTS_PATH=/etc/kubernetes/ssl
|
||||
HOST_CERTS_PATH=/usr/share/ca-certificates
|
||||
|
||||
TEMPLATE=/etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
cat > $TEMPLATE <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-apiserver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-apiserver
|
||||
image: gcr.io/google_containers/hyperkube:v1.0.6
|
||||
command:
|
||||
- /hyperkube
|
||||
- apiserver
|
||||
- ${BIND_ADDRESS_CMD}
|
||||
- --etcd_servers=http://127.0.0.1:2379
|
||||
- --allow-privileged=true
|
||||
- --service-cluster-ip-range=${PORTAL_NETWORK_CIDR}
|
||||
- --secure_port=${SECURE_PORT}
|
||||
- --insecure-port=${INSECURE_PORT}
|
||||
- --tls-cert-file=${TLS_CERT_FILE}
|
||||
- --tls-private-key-file=${TLS_PRIVATE_KEY_FILE}
|
||||
- --client-ca-file=${CLIENT_CA_FILE}
|
||||
- --service-account-key-file=${TLS_PRIVATE_KEY_FILE}
|
||||
ports:
|
||||
- containerPort: 6443
|
||||
hostPort: 6443
|
||||
name: https
|
||||
- containerPort: 8080
|
||||
hostPort: 8080
|
||||
name: local
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: ${KUBE_CERTS_PATH}
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: ${HOST_CERTS_PATH}
|
||||
name: ssl-certs-host
|
||||
EOF
|
|
@ -0,0 +1,70 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-controller-manager.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable Kubernetes Controller Manager
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-controller-manager.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-controller-manager.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
# TODO(hongbin): enable TLS
|
||||
KUBE_CERTS_PATH=/etc/kubernetes/ssl
|
||||
HOST_CERTS_PATH=/usr/share/ca-certificates
|
||||
|
||||
TEMPLATE=/srv/kubernetes/manifests/kube-controller-manager.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
|
||||
cat > ${TEMPLATE} <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-controller-manager
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-controller-manager
|
||||
image: gcr.io/google_containers/hyperkube:v1.0.6
|
||||
command:
|
||||
- /hyperkube
|
||||
- controller-manager
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --service-account-private-key-file=${SERVICE_ACCOUNT_PRIVATE_KEY_FILE}
|
||||
- --root-ca-file=${ROOT_CA_FILE}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10252
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: ${KUBE_CERTS_PATH}
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: ${HOST_CERTS_PATH}
|
||||
name: ssl-certs-host
|
||||
EOF
|
|
@ -0,0 +1,77 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-podmaster.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Configure Kubernetes Podmaster
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-podmaster.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-podmaster.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
TEMPLATE=/etc/kubernetes/manifests/kube-podmaster.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
|
||||
cat > ${TEMPLATE} <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-podmaster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: scheduler-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers=http://127.0.0.1:2379
|
||||
- --key=scheduler
|
||||
- --whoami=${ADVERTISE_IP}
|
||||
- --source-file=/src/manifests/kube-scheduler.yaml
|
||||
- --dest-file=/dst/manifests/kube-scheduler.yaml
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
- name: controller-manager-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers=http://127.0.0.1:2379
|
||||
- --key=controller
|
||||
- --whoami=${myip}
|
||||
- --source-file=/src/manifests/kube-controller-manager.yaml
|
||||
- --dest-file=/dst/manifests/kube-controller-manager.yaml
|
||||
terminationMessagePath: /dev/termination-log
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/manifests
|
||||
name: manifest-src
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/manifests
|
||||
name: manifest-dst
|
||||
EOF
|
|
@ -0,0 +1,59 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-proxy.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Configure Kubernetes Proxy
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-proxy-master.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-proxy-master.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
# TODO(hongbin): enable TLS
|
||||
HOST_CERTS_PATH=/usr/share/ca-certificates
|
||||
|
||||
TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
cat > ${TEMPLATE} <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: gcr.io/google_containers/hyperkube:v1.0.6
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --logtostderr=true
|
||||
- --v=0
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: ${HOST_CERTS_PATH}
|
||||
name: ssl-certs-host
|
||||
EOF
|
|
@ -0,0 +1,67 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-proxy.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Configure Kubernetes Proxy
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-proxy-minion.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-proxy-minion.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
# TODO(hongbin): enable TLS
|
||||
HOST_CERTS_PATH=/usr/share/ca-certificates
|
||||
KUBE_CERTS_PATH=/etc/kubernetes/ssl
|
||||
KUBE_PROTOCOL="http"
|
||||
KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
|
||||
|
||||
TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
cat > ${TEMPLATE} <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: gcr.io/google_containers/hyperkube:v1.0.6
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master=${KUBE_MASTER_URI}
|
||||
- --logtostderr=true
|
||||
- --v=0
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: "ssl-certs"
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: "etc-kube-ssl"
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: "ssl-certs"
|
||||
hostPath:
|
||||
path: ${HOST_CERTS_PATH}
|
||||
- name: "etc-kube-ssl"
|
||||
hostPath:
|
||||
path: ${KUBE_CERTS_PATH}
|
||||
EOF
|
|
@ -0,0 +1,50 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kube-scheduler.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable Kubernetes Scheduler
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kube-scheduler.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kube-scheduler.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
TEMPLATE=/srv/kubernetes/manifests/kube-scheduler.yaml
|
||||
mkdir -p $(dirname ${TEMPLATE})
|
||||
|
||||
cat > ${TEMPLATE} <<EOF
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-scheduler
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-scheduler
|
||||
image: gcr.io/google_containers/hyperkube:v1.0.6
|
||||
command:
|
||||
- /hyperkube
|
||||
- scheduler
|
||||
- --master=http://127.0.0.1:8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10251
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
EOF
|
|
@ -0,0 +1,46 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kubelet.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable Kubelet
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kubelet-master.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kubelet-master.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
CONF_FILE=/etc/systemd/system/kubelet.service
|
||||
cat > $CONF_FILE <<EOF
|
||||
[Service]
|
||||
ExecStart=/usr/bin/kubelet \
|
||||
--api_servers=http://127.0.0.1:8080 \
|
||||
--address=0.0.0.0 \
|
||||
--register-node=false \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override=${myip} \
|
||||
--logtostderr=true \
|
||||
--v=0
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable kubelet
|
||||
systemctl --no-block start kubelet
|
|
@ -0,0 +1,50 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-kubelet.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable Kubelet
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-kubelet-minion.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-kubelet-minion.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
|
||||
KUBE_PROTOCOL="http"
|
||||
KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
|
||||
|
||||
CONF_FILE=/etc/systemd/system/kubelet.service
|
||||
cat > $CONF_FILE <<EOF
|
||||
[Service]
|
||||
ExecStart=/usr/bin/kubelet \
|
||||
--api_servers=${KUBE_MASTER_URI} \
|
||||
--address=0.0.0.0 \
|
||||
--register-node=true \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override=${myip} \
|
||||
--logtostderr=true \
|
||||
--v=0
|
||||
--cadvisor-port=4194
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable kubelet
|
||||
systemctl --no-block start kubelet
|
|
@ -0,0 +1,55 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/enable-network-service.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Enable Network Service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/enable-network-service.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/enable-network-service.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
if [ "$NETWORK_DRIVER" != "flannel" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
myip=$(ip addr show eth0 |
|
||||
awk '$1 == "inet" {print $2}' | cut -f1 -d/)
|
||||
ETCD_SERVER_IP=${ETCD_SERVER_IP:-127.0.0.1}
|
||||
|
||||
ENV_FILE=/etc/flannel/options.env
|
||||
mkdir -p $(dirname $ENV_FILE)
|
||||
cat > $ENV_FILE <<EOF
|
||||
FLANNELD_IFACE=$myip
|
||||
FLANNELD_ETCD_ENDPOINTS=http://${ETCD_SERVER_IP}:2379
|
||||
EOF
|
||||
|
||||
DROP_IN_FILE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf
|
||||
mkdir -p $(dirname $DROP_IN_FILE)
|
||||
cat > $DROP_IN_FILE <<EOF
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
|
||||
EOF
|
||||
|
||||
DOCKER_FLANNEL_CONF=/etc/systemd/system/docker.service.d/40-flannel.conf
|
||||
mkdir -p $(dirname $DOCKER_FLANNEL_CONF)
|
||||
cat > $DOCKER_FLANNEL_CONF <<EOF
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
EOF
|
||||
|
||||
systemctl enable flanneld
|
||||
systemctl --no-block start flanneld
|
|
@ -0,0 +1,24 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/wc-notify.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Notify Heat
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/wc-notify.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/wc-notify.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/bash -v
|
||||
. /etc/sysconfig/heat-params
|
||||
command="$WAIT_CURL --data-binary '{\"status\": \"SUCCESS\"}'"
|
||||
eval $(echo "$command")
|
|
@ -27,3 +27,4 @@ write_files:
|
|||
HTTP_PROXY="$HTTP_PROXY"
|
||||
HTTPS_PROXY="$HTTPS_PROXY"
|
||||
NO_PROXY="$NO_PROXY"
|
||||
WAIT_CURL="$WAIT_CURL"
|
||||
|
|
|
@ -29,3 +29,4 @@ write_files:
|
|||
HTTP_PROXY="$HTTP_PROXY"
|
||||
HTTPS_PROXY="$HTTPS_PROXY"
|
||||
NO_PROXY="$NO_PROXY"
|
||||
WAIT_CURL="$WAIT_CURL"
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/write-network-config.service
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Write Network Config
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/sysconfig/write-network-config.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- path: /etc/sysconfig/write-network-config.sh
|
||||
owner: "root:root"
|
||||
permissions: "0755"
|
||||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
if [ "$NETWORK_DRIVER" != "flannel" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
backend_type=udp
|
||||
if [ "$FLANNEL_USE_VXLAN" == "true" ]; then
|
||||
backend_type=vxlan
|
||||
fi
|
||||
|
||||
FLANNEL_JSON=/etc/sysconfig/flannel-network.json
|
||||
cat > $FLANNEL_JSON <<EOF
|
||||
{
|
||||
"Network": "$FLANNEL_NETWORK_CIDR",
|
||||
"Subnetlen": $FLANNEL_NETWORK_SUBNETLEN,
|
||||
"Backend": {
|
||||
"Type": "$backend_type"
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
FLANNEL_ETCD="http://127.0.0.1:2379"
|
||||
FLANNEL_ETCD_KEY="/coreos.com/network"
|
||||
while ! curl -sf -L ${FLANNEL_ETCD}/v2/keys${FLANNEL_ETCD_KEY}/config \
|
||||
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
|
||||
echo "waiting for etcd"
|
||||
sleep 1
|
||||
done
|
|
@ -31,19 +31,21 @@ parameters:
|
|||
default: m1.small
|
||||
description: flavor to use when booting the server
|
||||
|
||||
token:
|
||||
discovery_url:
|
||||
type: string
|
||||
description: token is generated from https://discovery.etcd.io/new
|
||||
|
||||
ssh_authorized_key:
|
||||
type: string
|
||||
description: complete ssh key.
|
||||
description: >
|
||||
Discovery URL used for bootstrapping the etcd cluster.
|
||||
|
||||
dns_nameserver:
|
||||
type: string
|
||||
description: address of a dns nameserver reachable in your environment
|
||||
default: 8.8.8.8
|
||||
|
||||
number_of_masters:
|
||||
type: number
|
||||
description: how many kubernetes masters to spawn
|
||||
default: 1
|
||||
|
||||
number_of_minions:
|
||||
type: number
|
||||
description: how many kubernetes minions to spawn
|
||||
|
@ -87,13 +89,6 @@ parameters:
|
|||
constraints:
|
||||
- allowed_values: ["true", "false"]
|
||||
|
||||
docker_volume_size:
|
||||
type: number
|
||||
description: >
|
||||
size of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
default: 25
|
||||
|
||||
minions_to_remove:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
|
@ -103,28 +98,22 @@ parameters:
|
|||
be empty when doing a create.
|
||||
default: []
|
||||
|
||||
auth_url:
|
||||
network_driver:
|
||||
type: string
|
||||
description: >
|
||||
url for kubernetes to authenticate before sending request to neutron
|
||||
description: network driver to use for instantiating container networks
|
||||
default: flannel
|
||||
|
||||
username:
|
||||
type: string
|
||||
description: >
|
||||
user account
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to disable TLS
|
||||
default: False
|
||||
|
||||
password:
|
||||
type: string
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
user password, not set in current implementation, only used to
|
||||
fill in for Kubernetes config file
|
||||
default:
|
||||
ChangeMe
|
||||
|
||||
tenant_name:
|
||||
type: string
|
||||
description: >
|
||||
tenant name
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
default: 8080
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -187,12 +176,10 @@ resources:
|
|||
portal_network_cidr: {get_param: portal_network_cidr}
|
||||
fixed_network: {get_resource: fixed_network}
|
||||
fixed_subnet: {get_resource: fixed_subnet}
|
||||
token: {get_param: token}
|
||||
ssh_authorized_key: {get_param: ssh_authorized_key}
|
||||
auth_url: {get_param: auth_url}
|
||||
username: {get_param: username}
|
||||
password: {get_param: password}
|
||||
tenant_name: {get_param: tenant_name}
|
||||
discovery_url: {get_param: discovery_url}
|
||||
network_driver: {get_param: network_driver}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -216,17 +203,18 @@ resources:
|
|||
minion_flavor: {get_param: minion_flavor}
|
||||
fixed_network: {get_resource: fixed_network}
|
||||
fixed_subnet: {get_resource: fixed_subnet}
|
||||
kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||
kube_master_ip: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_ip]}]}
|
||||
external_network: {get_param: external_network}
|
||||
kube_allow_priv: {get_param: kube_allow_priv}
|
||||
docker_volume_size: {get_param: docker_volume_size}
|
||||
token: {get_param: token}
|
||||
ssh_authorized_key: {get_param: ssh_authorized_key}
|
||||
network_driver: {get_param: network_driver}
|
||||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
etcd_server_ip: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_ip]}]}
|
||||
|
||||
outputs:
|
||||
|
||||
api_address:
|
||||
value: {get_attr: [kube_master, kube_master_external_ip]}
|
||||
value: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_external_ip]}]}
|
||||
|
||||
kube_masters_private:
|
||||
value: {get_attr: [kube_master, kube_master_ip]}
|
||||
|
|
|
@ -25,13 +25,10 @@ parameters:
|
|||
description: uuid/name of a network to use for floating ip addresses
|
||||
default: public
|
||||
|
||||
token:
|
||||
discovery_url:
|
||||
type: string
|
||||
description: token is generated from https://discovery.etcd.io/new
|
||||
|
||||
ssh_authorized_key:
|
||||
type: string
|
||||
description: complete ssh key.
|
||||
description: >
|
||||
Discovery URL used for bootstrapping the etcd cluster.
|
||||
|
||||
dns_nameserver:
|
||||
type: string
|
||||
|
@ -85,40 +82,33 @@ parameters:
|
|||
description : >
|
||||
timeout for the Wait Conditions
|
||||
|
||||
auth_url:
|
||||
network_driver:
|
||||
type: string
|
||||
description: >
|
||||
url for kubernetes to authenticate before sending request to neutron
|
||||
description: network driver to use for instantiating container networks
|
||||
|
||||
username:
|
||||
type: string
|
||||
description: >
|
||||
user account
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to enable TLS
|
||||
default: False
|
||||
|
||||
password:
|
||||
type: string
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
user password
|
||||
|
||||
tenant_name:
|
||||
type: string
|
||||
description: >
|
||||
tenant name
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
default: 8080
|
||||
|
||||
resources:
|
||||
|
||||
master_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
type: OS::Heat::WaitConditionHandle
|
||||
|
||||
master_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on:
|
||||
- kube_master
|
||||
type: OS::Heat::WaitCondition
|
||||
depends_on: kube_master
|
||||
properties:
|
||||
Handle:
|
||||
get_resource: master_wait_handle
|
||||
Timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
handle: {get_resource: master_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -174,92 +164,135 @@ resources:
|
|||
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
||||
"$FLANNEL_USE_VXLAN": {get_param: flannel_use_vxlan}
|
||||
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
|
||||
"$AUTH_URL": {get_param: auth_url}
|
||||
"$USERNAME": {get_param: username}
|
||||
"$PASSWORD": {get_param: password}
|
||||
"$TENANT_NAME": {get_param: tenant_name}
|
||||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||
"$ETCD_DISCOVERY_URL": {get_param: discovery_url}
|
||||
"$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]}
|
||||
"$NETWORK_DRIVER": {get_param: network_driver}
|
||||
"$KUBE_API_PORT": {get_param: kubernetes_port}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
|
||||
write_kube_os_config:
|
||||
configure_etcd:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/write-kube-os-config.sh}
|
||||
config: {get_file: fragments/configure-etcd-coreos.yaml}
|
||||
|
||||
configure_kubernetes:
|
||||
write_network_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/configure-kubernetes-master.sh}
|
||||
config: {get_file: fragments/write-network-config-coreos.yaml}
|
||||
|
||||
write_flannel_config:
|
||||
enable_network_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/write-flannel-config.sh}
|
||||
config: {get_file: fragments/enable-network-service-coreos.yaml}
|
||||
|
||||
flannel_config_service:
|
||||
enable_kubelet:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/flannel-config.service.yaml}
|
||||
config: {get_file: fragments/enable-kubelet-master-coreos.yaml}
|
||||
|
||||
enable_services:
|
||||
enable_kube_apiserver:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-services-master.sh}
|
||||
config: {get_file: fragments/enable-kube-apiserver-coreos.yaml}
|
||||
|
||||
kube_user:
|
||||
create_kube_namespace:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/kube-user.yaml}
|
||||
config: {get_file: fragments/create-kube-namespace-coreos.yaml}
|
||||
|
||||
kube_examples:
|
||||
enable_kube_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/kube-examples.yaml}
|
||||
config: {get_file: fragments/enable-kube-proxy-master-coreos.yaml}
|
||||
|
||||
cfn_signal:
|
||||
enable_kube_controller_manager:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/cfn-signal.sh}
|
||||
config: {get_file: fragments/enable-kube-controller-manager-coreos.yaml}
|
||||
|
||||
disable_selinux:
|
||||
enable_kube_scheduler:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/disable-selinux.sh}
|
||||
config: {get_file: fragments/enable-kube-scheduler-coreos.yaml}
|
||||
|
||||
coreos_params:
|
||||
enable_kube_podmaster:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-kube-podmaster-coreos.yaml}
|
||||
|
||||
wc_notify:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/wc-notify-coreos.yaml}
|
||||
|
||||
kube_master_init:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: {get_file: fragments/coreos.params.yaml}
|
||||
template: |
|
||||
$write_heat_params
|
||||
$configure_etcd
|
||||
$write_network_config
|
||||
$enable_network_service
|
||||
$enable_kubelet
|
||||
$enable_kube_apiserver
|
||||
$create_kube_namespace
|
||||
$enable_kube_proxy
|
||||
$enable_kube_podmaster
|
||||
$enable_kube_controller_manager
|
||||
$enable_kube_scheduler
|
||||
$wc_notify
|
||||
coreos:
|
||||
units:
|
||||
- name: "configure-etcd.service"
|
||||
command: "start"
|
||||
- name: "write-network-config.service"
|
||||
command: "start"
|
||||
- name: "enable-network-service.service"
|
||||
command: "start"
|
||||
- name: "enable-kubelet.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-apiserver.service"
|
||||
command: "start"
|
||||
- name: "create-kube-namespace.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-proxy.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-controller-manager.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-scheduler.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-podmaster.service"
|
||||
command: "start"
|
||||
- name: "wc-notify.service"
|
||||
command: "start"
|
||||
params:
|
||||
token: {get_param: token}
|
||||
ssh_authorized_key: {get_param: ssh_authorized_key}
|
||||
|
||||
kube_master_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
parts:
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: kube_user}
|
||||
- config: {get_resource: write_kube_os_config}
|
||||
- config: {get_resource: configure_kubernetes}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: write_flannel_config}
|
||||
- config: {get_resource: flannel_config_service}
|
||||
- config: {get_resource: kube_examples}
|
||||
- config: {get_resource: cfn_signal}
|
||||
- config: {get_resource: coreos_params}
|
||||
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
||||
"$configure_etcd": {get_attr: [configure_etcd, config]}
|
||||
"$write_network_config": {get_attr: [write_network_config, config]}
|
||||
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
||||
"$enable_kubelet": {get_attr: [enable_kubelet, config]}
|
||||
"$enable_kube_apiserver": {get_attr: [enable_kube_apiserver, config]}
|
||||
"$create_kube_namespace": {get_attr: [create_kube_namespace, config]}
|
||||
"$enable_kube_proxy": {get_attr: [enable_kube_proxy, config]}
|
||||
"$enable_kube_controller_manager": {get_attr: [enable_kube_controller_manager, config]}
|
||||
"$enable_kube_scheduler": {get_attr: [enable_kube_scheduler, config]}
|
||||
"$enable_kube_podmaster": {get_attr: [enable_kube_podmaster, config]}
|
||||
"$wc_notify": {get_attr: [wc_notify, config]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
|
@ -196,6 +196,7 @@ resources:
|
|||
"$HTTP_PROXY": {get_param: http_proxy}
|
||||
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||
"$NO_PROXY": {get_param: no_proxy}
|
||||
"$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
|
|
@ -26,14 +26,6 @@ parameters:
|
|||
type: string
|
||||
description: uuid/name of a network to use for floating ip addresses
|
||||
|
||||
token:
|
||||
type: string
|
||||
description: token is generated from https://discovery.etcd.io/new
|
||||
|
||||
ssh_authorized_key:
|
||||
type: string
|
||||
description: complete ssh key.
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
description: >
|
||||
|
@ -42,17 +34,29 @@ parameters:
|
|||
constraints:
|
||||
- allowed_values: ["true", "false"]
|
||||
|
||||
docker_volume_size:
|
||||
network_driver:
|
||||
type: string
|
||||
description: network driver to use for instantiating container networks
|
||||
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to enable TLS
|
||||
default: False
|
||||
|
||||
kubernetes_port:
|
||||
type: number
|
||||
description: >
|
||||
size of a cinder volume to allocate to docker for container/image
|
||||
storage
|
||||
default: 25
|
||||
The port which are used by kube-apiserver to provide Kubernetes
|
||||
service.
|
||||
default: 8080
|
||||
|
||||
# The following are all generated in the parent template.
|
||||
kube_master_ip:
|
||||
type: string
|
||||
description: IP address of the Kubernetes master server.
|
||||
etcd_server_ip:
|
||||
type: string
|
||||
description: IP address of the Etcd server.
|
||||
fixed_network:
|
||||
type: string
|
||||
description: Network from which to allocate fixed addresses.
|
||||
|
@ -63,15 +67,14 @@ parameters:
|
|||
resources:
|
||||
|
||||
minion_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
type: OS::Heat::WaitConditionHandle
|
||||
|
||||
minion_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
type: OS::Heat::WaitCondition
|
||||
depends_on: kube-minion
|
||||
properties:
|
||||
Handle:
|
||||
get_resource: minion_wait_handle
|
||||
Timeout: 6000
|
||||
handle: {get_resource: minion_wait_handle}
|
||||
timeout: 6000
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -103,89 +106,64 @@ resources:
|
|||
params:
|
||||
$KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
|
||||
$KUBE_MASTER_IP: {get_param: kube_master_ip}
|
||||
$WAIT_HANDLE: {get_resource: node_wait_handle}
|
||||
$DOCKER_VOLUME: {get_resource: docker_volume}
|
||||
$WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
|
||||
$KUBE_API_PORT: {get_param: kubernetes_port}
|
||||
$TLS_DISABLED: {get_param: tls_disabled}
|
||||
$NETWORK_DRIVER: {get_param: network_driver}
|
||||
$ETCD_SERVER_IP: {get_param: etcd_server_ip}
|
||||
|
||||
coreos_params:
|
||||
enable_network_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-network-service-coreos.yaml}
|
||||
|
||||
enable_kubelet:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-kubelet-minion-coreos.yaml}
|
||||
|
||||
enable_kube_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-kube-proxy-minion-coreos.yaml}
|
||||
|
||||
wc_notify:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/wc-notify-coreos.yaml}
|
||||
|
||||
kube_minion_init:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: {get_file: fragments/coreos.params.yaml}
|
||||
template: |
|
||||
$write_heat_params
|
||||
$enable_network_service
|
||||
$enable_kubelet
|
||||
$enable_kube_proxy
|
||||
$wc_notify
|
||||
coreos:
|
||||
units:
|
||||
- name: "enable-network-service.service"
|
||||
command: "start"
|
||||
- name: "enable-kubelet.service"
|
||||
command: "start"
|
||||
- name: "enable-kube-proxy.service"
|
||||
command: "start"
|
||||
- name: "wc-notify.service"
|
||||
command: "start"
|
||||
params:
|
||||
token: {get_param: token}
|
||||
ssh_authorized_key: {get_param: ssh_authorized_key}
|
||||
|
||||
add_to_docker_group:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/add-to-docker-group.sh}
|
||||
|
||||
configure_docker_storage:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/configure-docker-storage.sh}
|
||||
|
||||
configure_kubernetes_minion:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/configure-kubernetes-minion.sh}
|
||||
|
||||
kube_user:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/kube-user.yaml}
|
||||
|
||||
kube_examples:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/kube-examples.yaml}
|
||||
|
||||
docker_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/docker.service.yaml}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-services-minion.sh}
|
||||
|
||||
cfn_signal:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/cfn-signal.sh}
|
||||
|
||||
disable_selinux:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/disable-selinux.sh}
|
||||
|
||||
kube_minion_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
parts:
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: kube_user}
|
||||
- config: {get_resource: kube_examples}
|
||||
- config: {get_resource: add_to_docker_group}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_kubernetes_minion}
|
||||
- config: {get_resource: docker_service}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: cfn_signal}
|
||||
- config: {get_resource: coreos_params}
|
||||
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
||||
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
||||
"$enable_kubelet": {get_attr: [enable_kubelet, config]}
|
||||
"$enable_kube_proxy": {get_attr: [enable_kube_proxy, config]}
|
||||
"$wc_notify": {get_attr: [wc_notify, config]}
|
||||
|
||||
# Important: the name for the heat resource kube-minion below must
|
||||
# not contain "_" (underscore) because it will be used in the
|
||||
|
@ -221,18 +199,6 @@ resources:
|
|||
floating_network: {get_param: external_network}
|
||||
port_id: {get_resource: kube_minion_eth0}
|
||||
|
||||
docker_volume:
|
||||
type: OS::Cinder::Volume
|
||||
properties:
|
||||
size: {get_param: docker_volume_size}
|
||||
|
||||
docker_volume_attach:
|
||||
type: OS::Cinder::VolumeAttachment
|
||||
properties:
|
||||
instance_uuid: {get_resource: kube-minion}
|
||||
volume_id: {get_resource: docker_volume}
|
||||
mountpoint: /dev/vdb
|
||||
|
||||
outputs:
|
||||
|
||||
kube_minion_ip:
|
||||
|
|
Loading…
Reference in New Issue