Introduce a coreos for heat-kubernetes in magnum.

Below are the changes added. 1. Added heat-templates for coreos(micro OS). 2. Removed whitespaces. Implements part of bp introduce-coreos Change-Id: Id519c6b32b8bcfcc6c152e68bb988268be308ece
2015-02-27 11:25:36 +05:30 · 2015-02-27 11:25:36 +05:30 · de38fc4d3f
parent fde19eca43
commit de38fc4d3f
4 changed files with 610 additions and 0 deletions
--- a/etc/magnum/templates/heat-kubernetes/beaker.yaml
+++ b/etc/magnum/templates/heat-kubernetes/beaker.yaml
@ -5,3 +5,5 @@ parameters:
  external_network_id: 59bcbd61-f5ed-4c77-8b60-b7a004ed40b3
  dns_nameserver: 10.16.36.29
  fixed_network_cidr: 192.168.113.0/24
+  token: 1cf43303da52ca09964158d40d5248de
+  ssh_authorized_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB
--- a/etc/magnum/templates/heat-kubernetes/fragments/coreos.params.yaml
+++ b/etc/magnum/templates/heat-kubernetes/fragments/coreos.params.yaml
@ -0,0 +1,16 @@
+#cloud-config
+
+coreos:
+  etcd:
+    # generate a new token for each cluster from https://discovery.etcd.io/new
+    discovery: https://discovery.etcd.io/$token
+    # multi-region and multi-cloud deployments need to use $public_ipv4
+    addr: $private_ipv4:4001
+    peer-addr: $private_ipv4:7001
+  units:
+    - name: etcd.service
+      command: start
+    - name: fleet.service
+      command: start
+  ssh_authorized_key:
+  - $ssh_authorized_key
--- a/etc/magnum/templates/heat-kubernetes/kubecluster-coreos.yaml
+++ b/etc/magnum/templates/heat-kubernetes/kubecluster-coreos.yaml
@ -0,0 +1,348 @@
+heat_template_version: 2013-05-23
+
+description: >
+  This template will boot a coreos cluster with one or more
+  minions (as specified by the number_of_minions parameter, which
+  defaults to "2").
+
+parameters:
+
+  #
+  # REQUIRED PARAMETERS
+  #
+  ssh_key_name:
+    type: string
+    description: name of ssh key to be provisioned on our server
+
+  external_network_id:
+    type: string
+    description: uuid of a network to use for floating ip addresses
+
+  #
+  # OPTIONAL PARAMETERS
+  #
+  server_image:
+    type: string
+    default: CoreOS
+    description: glance image used to boot the server
+
+  server_flavor:
+    type: string
+    default: m1.small
+    description: flavor to use when booting the server
+
+  token:
+    type: string
+    description: token is generated from https://discovery.etcd.io/new
+
+  ssh_authorized_key:
+    type: string
+    description: complete ssh key.
+
+  dns_nameserver:
+    type: string
+    description: address of a dns nameserver reachable in your environment
+    default: 8.8.8.8
+
+  number_of_minions:
+    type: string
+    description: how many kubernetes minions to spawn
+    default: 1
+
+  fixed_network_cidr:
+    type: string
+    description: network range for fixed ip network
+    default: "10.0.0.0/24"
+
+  portal_network_cidr:
+    type: string
+    description: >
+      address range used by kubernetes for service portals
+    default: "10.254.0.0/16"
+
+  flannel_network_cidr:
+    type: string
+    description: network range for flannel overlay network
+    default: "10.100.0.0/16"
+
+  flannel_network_subnetlen:
+    type: string
+    description: size of subnet assigned to each minion
+    default: 24
+
+  flannel_use_vxlan:
+    type: string
+    description: >
+      if true use the vxlan backend, otherwise use the default
+      udp backend
+    default: "false"
+    constraints:
+      - allowed_values: ["true", "false"]
+
+  kube_allow_priv:
+    type: string
+    description: >
+      whether or not kubernetes should permit privileged containers.
+    default: "true"
+    constraints:
+      - allowed_values: ["true", "false"]
+
+resources:
+
+  master_wait_handle:
+    type: "AWS::CloudFormation::WaitConditionHandle"
+
+  master_wait_condition:
+    type: "AWS::CloudFormation::WaitCondition"
+    depends_on:
+      - kube_master
+    properties:
+      Handle:
+        get_resource: master_wait_handle
+      Timeout: "6000"
+
+  ######################################################################
+  #
+  # network resources.  allocate a network and router for our server.
+  # it would also be possible to take advantage of existing network
+  # resources (and have the deployer provide network and subnet ids,
+  # etc, as parameters), but I wanted to minmize the amount of
+  # configuration necessary to make this go.
+
+  fixed_network:
+    type: "OS::Neutron::Net"
+
+  # This is the subnet on which we will deploy our server.
+  fixed_subnet:
+    type: "OS::Neutron::Subnet"
+    properties:
+      cidr: {get_param: fixed_network_cidr}
+      network_id:
+        get_resource: fixed_network
+      dns_nameservers:
+        - get_param: dns_nameserver
+
+  # create a router attached to the external network provided as a
+  # parameter to this stack.
+  extrouter:
+    type: "OS::Neutron::Router"
+    properties:
+      external_gateway_info:
+        network:
+          get_param: external_network_id
+
+  # attached fixed_subnet to our extrouter router.
+  extrouter_inside:
+    type: "OS::Neutron::RouterInterface"
+    properties:
+      router_id:
+        get_resource: extrouter
+      subnet_id:
+        get_resource:
+          fixed_subnet
+
+  ######################################################################
+  #
+  # security groups.  we need to permit network traffic of various
+  # sorts.
+  #
+
+  # permit ssh access
+  secgroup_base:
+    type: "OS::Neutron::SecurityGroup"
+    properties:
+      rules:
+        - protocol: icmp
+        - protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+
+  # open ports for kubernetes and etcd
+  secgroup_kubernetes:
+    type: "OS::Neutron::SecurityGroup"
+    properties:
+      rules:
+        - protocol: tcp
+          port_range_min: 7080
+          port_range_max: 7080
+        - protocol: tcp
+          port_range_min: 8080
+          port_range_max: 8080
+        - protocol: tcp
+          port_range_min: 4001
+          port_range_max: 4001
+        - protocol: tcp
+          port_range_min: 7001
+          port_range_max: 7001
+
+  ######################################################################
+  #
+  # software configs.  these are components that are combined into
+  # a multipart MIME user-data archive.
+  #
+
+  write_heat_params:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/write-heat-params-master.yaml}
+          params:
+            "$MINION_ADDRESSES": {"Fn::Join": [",", {get_attr: [kube_minions, kube_node_ip]}]}
+            "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
+            "$WAIT_HANDLE": {get_resource: master_wait_handle}
+            "$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
+            "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
+            "$FLANNEL_USE_VXLAN": {get_param: flannel_use_vxlan}
+            "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
+
+  configure_kubernetes:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/configure-kubernetes-master.sh}
+
+  write_flannel_config:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/write-flannel-config.sh}
+
+  flannel_config_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/flannel-config.service.yaml}
+
+  enable_services:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/enable-services-master.sh}
+
+  kube_user:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/kube-user.yaml}
+
+  kube_examples:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/kube-examples.yaml}
+
+  cfn_signal:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/cfn-signal.sh}
+
+  disable_selinux:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/disable-selinux.sh}
+
+  coreos_params:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/coreos.params.yaml}
+          params:
+            token: {get_param: token}
+            ssh_authorized_key: {get_param: ssh_authorized_key}
+
+  kube_master_init:
+    type: "OS::Heat::MultipartMime"
+    properties:
+      parts:
+        - config: {get_resource: disable_selinux}
+        - config: {get_resource: write_heat_params}
+        - config: {get_resource: kube_user}
+        - config: {get_resource: configure_kubernetes}
+        - config: {get_resource: enable_services}
+        - config: {get_resource: write_flannel_config}
+        - config: {get_resource: flannel_config_service}
+        - config: {get_resource: kube_examples}
+        - config: {get_resource: cfn_signal}
+        - config: {get_resource: coreos_params}
+
+  ######################################################################
+  #
+  # databases server.  this sets up a Kubernetes server
+  #
+  kube_master:
+    type: "OS::Nova::Server"
+    depends_on:
+      - extrouter_inside
+    properties:
+      image:
+        get_param: server_image
+      flavor:
+        get_param: server_flavor
+      key_name:
+        get_param: ssh_key_name
+      user_data_format: RAW
+      user_data: {get_resource: kube_master_init}
+      networks:
+        - port:
+            get_resource: kube_master_eth0
+
+  kube_master_eth0:
+    type: "OS::Neutron::Port"
+    properties:
+      network_id:
+        get_resource: fixed_network
+      security_groups:
+        - get_resource: secgroup_base
+        - get_resource: secgroup_kubernetes
+      fixed_ips:
+        - subnet_id:
+            get_resource: fixed_subnet
+      replacement_policy: AUTO
+
+  kube_master_floating:
+    type: "OS::Neutron::FloatingIP"
+    depends_on:
+      - extrouter_inside
+    properties:
+      floating_network_id:
+        get_param: external_network_id
+      port_id:
+        get_resource: kube_master_eth0
+
+  kube_minions:
+    type: "OS::Heat::ResourceGroup"
+    depends_on:
+      - extrouter_inside
+    properties:
+      count: {get_param: number_of_minions}
+      resource_def:
+        type: kubenode-coreos.yaml
+        properties:
+          ssh_key_name: {get_param: ssh_key_name}
+          server_image: {get_param: server_image}
+          server_flavor: {get_param: server_flavor}
+          fixed_network_id: {get_resource: fixed_network}
+          fixed_subnet_id: {get_resource: fixed_subnet}
+          kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
+          external_network_id: {get_param: external_network_id}
+          kube_allow_priv: {get_param: kube_allow_priv}
+          token: {get_param: token}
+          ssh_authorized_key: {get_param: ssh_authorized_key}
+
+outputs:
+
+  kube_master:
+    value: {get_attr: [kube_master_floating, floating_ip_address]}
+
+  kube_minions:
+    value: {get_attr: [kube_minions, kube_node_ip]}
+
+  kube_minions_external:
+    value: {get_attr: [kube_minions, kube_node_external_ip]}
+
--- a/etc/magnum/templates/heat-kubernetes/kubenode-coreos.yaml
+++ b/etc/magnum/templates/heat-kubernetes/kubenode-coreos.yaml
@ -0,0 +1,244 @@
+heat_template_version: 2013-05-23
+
+description: >
+  This is a nested stack that defines a single Kubernetes minion,
+  based on a vanilla Fedora 20 cloud image.  This stack is included by
+  a ResourceGroup resource in the parent template (kubecluster-coreos.yaml).
+
+parameters:
+
+  server_image:
+    type: string
+    default: CoreOS
+    description: glance image used to boot the server
+
+  server_flavor:
+    type: string
+    default: m1.small
+    description: flavor to use when booting the server
+
+  ssh_key_name:
+    type: string
+    description: name of ssh key to be provisioned on our server
+    default: testkey
+
+  external_network_id:
+    type: string
+    description: uuid of a network to use for floating ip addresses
+
+  token:
+    type: string
+    description: token is generated from https://discovery.etcd.io/new
+
+  ssh_authorized_key:
+    type: string
+    description: complete ssh key.
+
+  kube_allow_priv:
+    type: string
+    description: >
+      whether or not kubernetes should permit privileged containers.
+    default: "false"
+    constraints:
+      - allowed_values: ["true", "false"]
+
+  docker_volume_size:
+    type: string
+    description: >
+      size of a cinder volume to allocate to docker for container/image
+      storage
+    default: 25
+
+  # The following are all generated in the parent template.
+  kube_master_ip:
+    type: string
+    description: IP address of the Kubernetes master server.
+  fixed_network_id:
+    type: string
+    description: Network from which to allocate fixed addresses.
+  fixed_subnet_id:
+    type: string
+    description: Subnet from which to allocate fixed addresses.
+
+resources:
+
+  node_wait_handle:
+    type: "AWS::CloudFormation::WaitConditionHandle"
+
+  node_wait_condition:
+    type: "AWS::CloudFormation::WaitCondition"
+    depends_on:
+      - kube_node
+    properties:
+      Handle:
+        get_resource: node_wait_handle
+      Timeout: "6000"
+
+  ######################################################################
+  #
+  # security groups.  we need to permit network traffic of various
+  # sorts.
+  #
+
+  secgroup_all_open:
+    type: "OS::Neutron::SecurityGroup"
+    properties:
+      rules:
+        - protocol: icmp
+        - protocol: tcp
+        - protocol: udp
+
+  ######################################################################
+  #
+  # software configs.  these are components that are combined into
+  # a multipart MIME user-data archive.
+  #
+
+  write_heat_params:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/write-heat-params.yaml}
+          params:
+            "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
+            "$KUBE_MASTER_IP": {get_param: kube_master_ip}
+            "$WAIT_HANDLE": {get_resource: node_wait_handle}
+            "$DOCKER_VOLUME": {get_resource: docker_volume}
+
+  coreos_params:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/coreos.params.yaml}
+          params:
+            token: {get_param: token}
+            ssh_authorized_key: {get_param: ssh_authorized_key}
+
+  add_to_docker_group:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/add-to-docker-group.sh}
+
+  configure_docker_storage:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/configure-docker-storage.sh}
+
+  configure_kubernetes_minion:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/configure-kubernetes-minion.sh}
+
+  kube_user:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/kube-user.yaml}
+
+  kube_examples:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/kube-examples.yaml}
+
+  docker_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/docker.service.yaml}
+
+  enable_services:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/enable-services-minion.sh}
+
+  cfn_signal:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/cfn-signal.sh}
+
+  disable_selinux:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/disable-selinux.sh}
+
+  kube_node_init:
+    type: "OS::Heat::MultipartMime"
+    properties:
+      parts:
+        - config: {get_resource: disable_selinux}
+        - config: {get_resource: write_heat_params}
+        - config: {get_resource: kube_user}
+        - config: {get_resource: kube_examples}
+        - config: {get_resource: add_to_docker_group}
+        - config: {get_resource: configure_docker_storage}
+        - config: {get_resource: configure_kubernetes_minion}
+        - config: {get_resource: docker_service}
+        - config: {get_resource: enable_services}
+        - config: {get_resource: cfn_signal}
+        - config: {get_resource: coreos_params}
+
+  kube_node:
+    type: "OS::Nova::Server"
+    properties:
+      image:
+        get_param: server_image
+      flavor:
+        get_param: server_flavor
+      key_name:
+        get_param: ssh_key_name
+      user_data_format: RAW
+      user_data: {get_resource: kube_node_init}
+      networks:
+        - port:
+            get_resource: kube_node_eth0
+
+  kube_node_eth0:
+    type: "OS::Neutron::Port"
+    properties:
+      network_id:
+        get_param: fixed_network_id
+      security_groups:
+        - get_resource: secgroup_all_open
+      fixed_ips:
+        - subnet_id:
+            get_param: fixed_subnet_id
+      replacement_policy: AUTO
+
+  kube_node_floating:
+    type: "OS::Neutron::FloatingIP"
+    properties:
+      floating_network_id:
+        get_param: external_network_id
+      port_id:
+        get_resource: kube_node_eth0
+
+  docker_volume:
+    type: "OS::Cinder::Volume"
+    properties:
+      size: {get_param: docker_volume_size}
+
+  docker_volume_attach:
+    type: "OS::Cinder::VolumeAttachment"
+    properties:
+      instance_uuid: {get_resource: kube_node}
+      volume_id: {get_resource: docker_volume}
+
+outputs:
+
+  kube_node_ip:
+    value: {get_attr: [kube_node_eth0, fixed_ips, 0, ip_address]}
+
+  kube_node_external_ip:
+    value: {get_attr: [kube_node_floating, floating_ip_address]}
+