Drop k8s_fedora_ironic_v1 driver
Change-Id: Ic7114e5923b74a4202a043388701826b4e47326e
This commit is contained in:
parent
5c0c27807a
commit
fa5aa8f625
@ -296,12 +296,6 @@ function magnum_register_image {
|
|||||||
if [ ! -z "$fedora_coreos" ]; then
|
if [ ! -z "$fedora_coreos" ]; then
|
||||||
magnum_image_property=$magnum_image_property"fedora-coreos"
|
magnum_image_property=$magnum_image_property"fedora-coreos"
|
||||||
fi
|
fi
|
||||||
# os_distro property for fedora ironic image
|
|
||||||
local fedora_ironic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -i "ironic" \
|
|
||||||
| grep -io "fedora" || true;)"
|
|
||||||
if [ ! -z "$fedora_ironic" ]; then
|
|
||||||
magnum_image_property=$magnum_image_property"fedora"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# get the image name
|
# get the image name
|
||||||
local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL")
|
local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL")
|
||||||
|
@ -2735,17 +2735,6 @@ The following software are managed as systemd services:
|
|||||||
|
|
||||||
The login user for this image is *core*.
|
The login user for this image is *core*.
|
||||||
|
|
||||||
Kubernetes on Ironic
|
|
||||||
--------------------
|
|
||||||
|
|
||||||
This image is built manually using diskimagebuilder. The scripts and
|
|
||||||
instructions are included in `Magnum code repo
|
|
||||||
<https://opendev.org/openstack/magnum/src/branch/master/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes>`_.
|
|
||||||
Currently Ironic is not fully supported yet, therefore more details will be
|
|
||||||
provided when this driver has been fully tested.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Notification
|
Notification
|
||||||
============
|
============
|
||||||
|
|
||||||
|
@ -272,10 +272,6 @@ class ClusterTemplatesController(base.Controller):
|
|||||||
"driver. Please migrate to the fedora_coreos driver. fedora_atomic "
|
"driver. Please migrate to the fedora_coreos driver. fedora_atomic "
|
||||||
"driver will be removed in a future Magnum version.")
|
"driver will be removed in a future Magnum version.")
|
||||||
|
|
||||||
_fedora_ironic_deprecation_note = (
|
|
||||||
"The fedora ironic driver is deprecated. "
|
|
||||||
"The driver will be removed in a future Magnum version.")
|
|
||||||
|
|
||||||
def _generate_name_for_cluster_template(self, context):
|
def _generate_name_for_cluster_template(self, context):
|
||||||
"""Generate a random name like: zeta-22-model."""
|
"""Generate a random name like: zeta-22-model."""
|
||||||
|
|
||||||
@ -442,13 +438,6 @@ class ClusterTemplatesController(base.Controller):
|
|||||||
DeprecationWarning)
|
DeprecationWarning)
|
||||||
LOG.warning(self._coreos_deprecation_note)
|
LOG.warning(self._coreos_deprecation_note)
|
||||||
|
|
||||||
if (cluster_template_dict['coe'] == 'kubernetes' and
|
|
||||||
cluster_template_dict['cluster_distro'] == 'fedora' and
|
|
||||||
cluster_template_dict['server_type'] == 'bm'):
|
|
||||||
warnings.warn(self._fedora_ironic_deprecation_note,
|
|
||||||
DeprecationWarning)
|
|
||||||
LOG.warning(self._fedora_ironic_deprecation_note)
|
|
||||||
|
|
||||||
# NOTE(yuywz): We will generate a random human-readable name for
|
# NOTE(yuywz): We will generate a random human-readable name for
|
||||||
# cluster_template if the name is not specified by user.
|
# cluster_template if the name is not specified by user.
|
||||||
arg_name = cluster_template_dict.get('name')
|
arg_name = cluster_template_dict.get('name')
|
||||||
|
@ -1,30 +0,0 @@
|
|||||||
# Copyright 2016 Rackspace Inc. All rights reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from magnum.drivers.heat import driver
|
|
||||||
from magnum.drivers.k8s_fedora_ironic_v1 import template_def
|
|
||||||
|
|
||||||
|
|
||||||
class Driver(driver.KubernetesDriver):
|
|
||||||
|
|
||||||
@property
|
|
||||||
def provides(self):
|
|
||||||
return [
|
|
||||||
{'server_type': 'bm',
|
|
||||||
'os': 'fedora',
|
|
||||||
'coe': 'kubernetes'},
|
|
||||||
]
|
|
||||||
|
|
||||||
def get_template_definition(self):
|
|
||||||
return template_def.FedoraK8sIronicTemplateDefinition()
|
|
@ -1,45 +0,0 @@
|
|||||||
Kubernetes elements
|
|
||||||
===================
|
|
||||||
|
|
||||||
This directory contains `[diskimage-builder](https://github.com/openstack/diskimage-builder)`
|
|
||||||
elements to build an image which contains kubernetes required to use kubecluster-fedora-ironic.yaml.
|
|
||||||
|
|
||||||
An example fedora based image and uploaded to glance with the following:
|
|
||||||
|
|
||||||
# Install diskimage-builder in virtual environment
|
|
||||||
virtualenv .
|
|
||||||
. bin/activate
|
|
||||||
pip install diskimage-builder
|
|
||||||
git clone https://git.openstack.org/openstack/magnum
|
|
||||||
git clone https://git.openstack.org/openstack/dib-utils.git
|
|
||||||
export PATH="${PWD}/dib-utils/bin:$PATH"
|
|
||||||
export ELEMENTS_PATH=$(python -c 'import os, diskimage_builder, pkg_resources;print(os.path.abspath(pkg_resources.resource_filename(diskimage_builder.__name__, "elements")))')
|
|
||||||
export ELEMENTS_PATH=${ELEMENTS_PATH}:magnum/magnum/drivers/k8s_fedora_ironic_v1/image
|
|
||||||
export DIB_RELEASE=25
|
|
||||||
disk-image-create baremetal \
|
|
||||||
fedora selinux-permissive \
|
|
||||||
kubernetes \
|
|
||||||
-o fedora-25-kubernetes.qcow2
|
|
||||||
|
|
||||||
KERNEL_ID=`glance image-create --name fedora-k8s-kernel \
|
|
||||||
--visibility public \
|
|
||||||
--disk-format=aki \
|
|
||||||
--container-format=aki \
|
|
||||||
--file=fedora-25-kubernetes.vmlinuz \
|
|
||||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
|
||||||
RAMDISK_ID=`glance image-create --name fedora-k8s-ramdisk \
|
|
||||||
--visibility public \
|
|
||||||
--disk-format=ari \
|
|
||||||
--container-format=ari \
|
|
||||||
--file=fedora-25-kubernetes.initrd \
|
|
||||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
|
||||||
BASE_ID=`glance image-create --name fedora-k8s \
|
|
||||||
--os-distro fedora \
|
|
||||||
--visibility public \
|
|
||||||
--disk-format=qcow2 \
|
|
||||||
--container-format=bare \
|
|
||||||
--property kernel_id=$KERNEL_ID \
|
|
||||||
--property ramdisk_id=$RAMDISK_ID \
|
|
||||||
--file=fedora-25-kubernetes.qcow2 \
|
|
||||||
| grep -v kernel | grep -v ramdisk \
|
|
||||||
| grep id | tr -d '| ' | cut --bytes=3-57`
|
|
@ -1 +0,0 @@
|
|||||||
package-installs
|
|
@ -1,5 +0,0 @@
|
|||||||
kubernetes:
|
|
||||||
etcd:
|
|
||||||
flannel:
|
|
||||||
docker-io:
|
|
||||||
python2:
|
|
@ -1,75 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from neutronclient.common import exceptions as n_exception
|
|
||||||
from neutronclient.neutron import v2_0 as neutronV20
|
|
||||||
import os
|
|
||||||
|
|
||||||
from magnum.common import exception
|
|
||||||
from magnum.drivers.heat import k8s_fedora_template_def as kftd
|
|
||||||
from oslo_config import cfg
|
|
||||||
|
|
||||||
CONF = cfg.CONF
|
|
||||||
|
|
||||||
|
|
||||||
class FedoraK8sIronicTemplateDefinition(kftd.K8sFedoraTemplateDefinition):
|
|
||||||
"""Kubernetes template for a Fedora Baremetal."""
|
|
||||||
|
|
||||||
def __init__(self):
|
|
||||||
super(FedoraK8sIronicTemplateDefinition, self).__init__()
|
|
||||||
self.add_parameter('fixed_subnet',
|
|
||||||
cluster_template_attr='fixed_subnet',
|
|
||||||
param_type=str,
|
|
||||||
required=True)
|
|
||||||
|
|
||||||
def get_fixed_network_id(self, osc, cluster_template):
|
|
||||||
try:
|
|
||||||
subnet = neutronV20.find_resource_by_name_or_id(
|
|
||||||
osc.neutron(),
|
|
||||||
'subnet',
|
|
||||||
cluster_template.fixed_subnet
|
|
||||||
)
|
|
||||||
except n_exception.NeutronException as e:
|
|
||||||
# NOTE(yuanying): NeutronCLIError doesn't have status_code
|
|
||||||
# if subnet name is duplicated, NeutronClientNoUniqueMatch
|
|
||||||
# (which is kind of NeutronCLIError) will be raised.
|
|
||||||
if getattr(e, 'status_code', 400) < 500:
|
|
||||||
raise exception.InvalidSubnet(message=("%s" % e))
|
|
||||||
else:
|
|
||||||
raise e
|
|
||||||
|
|
||||||
if subnet['ip_version'] != 4:
|
|
||||||
raise exception.InvalidSubnet(
|
|
||||||
message="Subnet IP version should be 4"
|
|
||||||
)
|
|
||||||
|
|
||||||
return subnet['network_id']
|
|
||||||
|
|
||||||
def get_params(self, context, cluster_template, cluster, **kwargs):
|
|
||||||
ep = kwargs.pop('extra_params', {})
|
|
||||||
|
|
||||||
osc = self.get_osc(context)
|
|
||||||
ep['fixed_network'] = self.get_fixed_network_id(osc, cluster_template)
|
|
||||||
|
|
||||||
return super(FedoraK8sIronicTemplateDefinition,
|
|
||||||
self).get_params(context, cluster_template, cluster,
|
|
||||||
extra_params=ep,
|
|
||||||
**kwargs)
|
|
||||||
|
|
||||||
@property
|
|
||||||
def driver_module_path(self):
|
|
||||||
return __name__[:__name__.rindex('.')]
|
|
||||||
|
|
||||||
@property
|
|
||||||
def template_path(self):
|
|
||||||
return os.path.join(os.path.dirname(os.path.realpath(__file__)),
|
|
||||||
'templates/kubecluster.yaml')
|
|
@ -1,733 +0,0 @@
|
|||||||
heat_template_version: 2014-10-16
|
|
||||||
|
|
||||||
description: >
|
|
||||||
This template will boot a Kubernetes cluster with one or more
|
|
||||||
minions (as specified by the number_of_minions parameter, which
|
|
||||||
defaults to 1).
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
|
|
||||||
is_cluster_stack:
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
|
|
||||||
master_role:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
worker_role:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
ssh_key_name:
|
|
||||||
type: string
|
|
||||||
description: name of ssh key to be provisioned on our server
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
ssh_public_key:
|
|
||||||
type: string
|
|
||||||
description: The public ssh key to add in all nodes
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
external_network:
|
|
||||||
type: string
|
|
||||||
description: uuid/name of a network to use for floating ip addresses
|
|
||||||
default: public
|
|
||||||
|
|
||||||
fixed_network:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
name of private network into which servers get deployed
|
|
||||||
Important: the Load Balancer feature in Kubernetes requires that
|
|
||||||
the name for the fixed_network must be "private" for the
|
|
||||||
address lookup in Kubernetes to work properly
|
|
||||||
|
|
||||||
fixed_subnet:
|
|
||||||
type: string
|
|
||||||
description: Sub network from which to allocate fixed addresses.
|
|
||||||
default: private-subnet
|
|
||||||
|
|
||||||
master_image:
|
|
||||||
type: string
|
|
||||||
description: glance image used to boot the server
|
|
||||||
|
|
||||||
minion_image:
|
|
||||||
type: string
|
|
||||||
description: glance image used to boot the server
|
|
||||||
|
|
||||||
master_flavor:
|
|
||||||
type: string
|
|
||||||
default: m1.small
|
|
||||||
description: flavor to use when booting the server
|
|
||||||
|
|
||||||
minion_flavor:
|
|
||||||
type: string
|
|
||||||
default: baremetal
|
|
||||||
description: flavor to use when booting the server
|
|
||||||
|
|
||||||
master_nodegroup_name:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
description: the name of the nodegroup where the node belongs
|
|
||||||
|
|
||||||
worker_nodegroup_name:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
description: the name of the nodegroup where the node belongs
|
|
||||||
|
|
||||||
prometheus_monitoring:
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
description: >
|
|
||||||
whether or not to have the grafana-prometheus-cadvisor monitoring setup
|
|
||||||
|
|
||||||
grafana_admin_passwd:
|
|
||||||
type: string
|
|
||||||
default: admin
|
|
||||||
hidden: true
|
|
||||||
description: >
|
|
||||||
admin user password for the Grafana monitoring interface
|
|
||||||
|
|
||||||
dns_nameserver:
|
|
||||||
type: comma_delimited_list
|
|
||||||
description: address of a dns nameserver reachable in your environment
|
|
||||||
default: 8.8.8.8
|
|
||||||
|
|
||||||
number_of_masters:
|
|
||||||
type: number
|
|
||||||
description: how many kubernetes masters to spawn
|
|
||||||
default: 1
|
|
||||||
|
|
||||||
number_of_minions:
|
|
||||||
type: number
|
|
||||||
description: how many kubernetes minions to spawn
|
|
||||||
default: 1
|
|
||||||
|
|
||||||
portal_network_cidr:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
address range used by kubernetes for service portals
|
|
||||||
default: 10.254.0.0/16
|
|
||||||
|
|
||||||
network_driver:
|
|
||||||
type: string
|
|
||||||
description: network driver to use for instantiating container networks
|
|
||||||
default: flannel
|
|
||||||
|
|
||||||
flannel_network_cidr:
|
|
||||||
type: string
|
|
||||||
description: network range for flannel overlay network
|
|
||||||
default: 10.100.0.0/16
|
|
||||||
|
|
||||||
flannel_network_subnetlen:
|
|
||||||
type: number
|
|
||||||
description: size of subnet assigned to each minion
|
|
||||||
default: 24
|
|
||||||
|
|
||||||
flannel_backend:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
specify the backend for flannel, default udp backend
|
|
||||||
default: "udp"
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["udp", "vxlan", "host-gw"]
|
|
||||||
|
|
||||||
system_pods_initial_delay:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
health check, time to wait for system pods (podmaster, scheduler) to boot
|
|
||||||
(in seconds)
|
|
||||||
default: 30
|
|
||||||
|
|
||||||
system_pods_timeout:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
health check, timeout for system pods (podmaster, scheduler) to answer.
|
|
||||||
(in seconds)
|
|
||||||
default: 5
|
|
||||||
|
|
||||||
admission_control_list:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
List of admission control plugins to activate
|
|
||||||
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
|
|
||||||
|
|
||||||
kube_allow_priv:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
whether or not kubernetes should permit privileged containers.
|
|
||||||
default: "true"
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["true", "false"]
|
|
||||||
|
|
||||||
etcd_volume_size:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size of the cinder volume for etcd storage
|
|
||||||
default: 0
|
|
||||||
|
|
||||||
docker_volume_size:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size of a cinder volume to allocate to docker for container/image
|
|
||||||
storage
|
|
||||||
default: 0
|
|
||||||
|
|
||||||
docker_volume_type:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
type of a cinder volume to allocate to docker for container/image
|
|
||||||
storage
|
|
||||||
|
|
||||||
docker_storage_driver:
|
|
||||||
type: string
|
|
||||||
description: docker storage driver name
|
|
||||||
default: "devicemapper"
|
|
||||||
|
|
||||||
wait_condition_timeout:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
timeout for the Wait Conditions
|
|
||||||
default: 6000
|
|
||||||
|
|
||||||
minions_to_remove:
|
|
||||||
type: comma_delimited_list
|
|
||||||
description: >
|
|
||||||
List of minions to be removed when doing an update. Individual minion may
|
|
||||||
be referenced several ways: (1) The resource name (e.g. ['1', '3']),
|
|
||||||
(2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should
|
|
||||||
be empty when doing an create.
|
|
||||||
default: []
|
|
||||||
|
|
||||||
discovery_url:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
Discovery URL used for bootstrapping the etcd cluster.
|
|
||||||
|
|
||||||
registry_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
Indicates whether the docker registry is enabled.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
registry_port:
|
|
||||||
type: number
|
|
||||||
description: port of registry service
|
|
||||||
default: 5000
|
|
||||||
|
|
||||||
swift_region:
|
|
||||||
type: string
|
|
||||||
description: region of swift service
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
registry_container:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
name of swift container which docker registry stores images in
|
|
||||||
default: "container"
|
|
||||||
|
|
||||||
registry_insecure:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
indicates whether to skip TLS verification between registry and backend storage
|
|
||||||
default: true
|
|
||||||
|
|
||||||
registry_chunksize:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size fo the data segments for the swift dynamic large objects
|
|
||||||
default: 5242880
|
|
||||||
|
|
||||||
volume_driver:
|
|
||||||
type: string
|
|
||||||
description: volume driver to use for container storage
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
region_name:
|
|
||||||
type: string
|
|
||||||
description: A logically separate section of the cluster
|
|
||||||
|
|
||||||
username:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user account
|
|
||||||
|
|
||||||
password:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user password, not set in current implementation, only used to
|
|
||||||
fill in for Kubernetes config file
|
|
||||||
default:
|
|
||||||
ChangeMe
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
loadbalancing_protocol:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
The protocol which is used for load balancing. If you want to change
|
|
||||||
tls_disabled option to 'True', please change this to "HTTP".
|
|
||||||
default: TCP
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["TCP", "HTTP"]
|
|
||||||
|
|
||||||
tls_disabled:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to disable TLS
|
|
||||||
default: False
|
|
||||||
|
|
||||||
kube_dashboard_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to disable kubernetes dashboard
|
|
||||||
default: True
|
|
||||||
|
|
||||||
influx_grafana_dashboard_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: Enable influxdb with grafana dashboard for data from heapster
|
|
||||||
default: False
|
|
||||||
|
|
||||||
verify_ca:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to validate certificate authority
|
|
||||||
|
|
||||||
kubernetes_port:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
The port which are used by kube-apiserver to provide Kubernetes
|
|
||||||
service.
|
|
||||||
default: 6443
|
|
||||||
|
|
||||||
cluster_uuid:
|
|
||||||
type: string
|
|
||||||
description: identifier for the cluster this template is generating
|
|
||||||
|
|
||||||
magnum_url:
|
|
||||||
type: string
|
|
||||||
description: endpoint to retrieve TLS certs from
|
|
||||||
|
|
||||||
http_proxy:
|
|
||||||
type: string
|
|
||||||
description: http proxy address for docker
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
https_proxy:
|
|
||||||
type: string
|
|
||||||
description: https proxy address for docker
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
no_proxy:
|
|
||||||
type: string
|
|
||||||
description: no proxies for docker
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
trustee_domain_id:
|
|
||||||
type: string
|
|
||||||
description: domain id of the trustee
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
trustee_user_id:
|
|
||||||
type: string
|
|
||||||
description: user id of the trustee
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
trustee_username:
|
|
||||||
type: string
|
|
||||||
description: username of the trustee
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
trustee_password:
|
|
||||||
type: string
|
|
||||||
description: password of the trustee
|
|
||||||
default: ""
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
trust_id:
|
|
||||||
type: string
|
|
||||||
description: id of the trust which is used by the trustee
|
|
||||||
default: ""
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
auth_url:
|
|
||||||
type: string
|
|
||||||
description: url for keystone
|
|
||||||
|
|
||||||
kube_tag:
|
|
||||||
type: string
|
|
||||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
|
||||||
default: v1.11.1
|
|
||||||
|
|
||||||
kube_version:
|
|
||||||
type: string
|
|
||||||
description: version of kubernetes used for kubernetes cluster
|
|
||||||
default: v1.11.1
|
|
||||||
|
|
||||||
kube_dashboard_version:
|
|
||||||
type: string
|
|
||||||
description: version of kubernetes dashboard used for kubernetes cluster
|
|
||||||
default: v1.5.1
|
|
||||||
|
|
||||||
insecure_registry_url:
|
|
||||||
type: string
|
|
||||||
description: insecure registry url
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
container_infra_prefix:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
prefix of container images used in the cluster, kubernetes components,
|
|
||||||
kubernetes-dashboard, coredns etc
|
|
||||||
constraints:
|
|
||||||
- allowed_pattern: "^$|.*/"
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
openstack_ca:
|
|
||||||
type: string
|
|
||||||
hidden: true
|
|
||||||
description: The OpenStack CA certificate to install on the node.
|
|
||||||
|
|
||||||
nodes_affinity_policy:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
affinity policy for nodes server group
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["affinity", "anti-affinity", "soft-affinity",
|
|
||||||
"soft-anti-affinity"]
|
|
||||||
|
|
||||||
octavia_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
whether or not to use Octavia for LoadBalancer type service.
|
|
||||||
default: False
|
|
||||||
|
|
||||||
resources:
|
|
||||||
|
|
||||||
api_lb:
|
|
||||||
type: ../../common/templates/lb_api.yaml
|
|
||||||
properties:
|
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
|
||||||
external_network: {get_param: external_network}
|
|
||||||
protocol: {get_param: loadbalancing_protocol}
|
|
||||||
port: {get_param: kubernetes_port}
|
|
||||||
|
|
||||||
etcd_lb:
|
|
||||||
type: ../../common/templates/lb_etcd.yaml
|
|
||||||
properties:
|
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
|
||||||
protocol: {get_param: loadbalancing_protocol}
|
|
||||||
port: 2379
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# security groups. we need to permit network traffic of various
|
|
||||||
# sorts.
|
|
||||||
#
|
|
||||||
|
|
||||||
secgroup_base:
|
|
||||||
type: OS::Neutron::SecurityGroup
|
|
||||||
properties:
|
|
||||||
rules:
|
|
||||||
- protocol: icmp
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 22
|
|
||||||
port_range_max: 22
|
|
||||||
|
|
||||||
secgroup_kube_master:
|
|
||||||
type: OS::Neutron::SecurityGroup
|
|
||||||
properties:
|
|
||||||
rules:
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 7080
|
|
||||||
port_range_max: 7080
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 8080
|
|
||||||
port_range_max: 8080
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 2379
|
|
||||||
port_range_max: 2379
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 2380
|
|
||||||
port_range_max: 2380
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 6443
|
|
||||||
port_range_max: 6443
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 9100
|
|
||||||
port_range_max: 9100
|
|
||||||
- protocol: tcp
|
|
||||||
port_range_min: 30000
|
|
||||||
port_range_max: 32767
|
|
||||||
|
|
||||||
secgroup_kube_minion:
|
|
||||||
type: OS::Neutron::SecurityGroup
|
|
||||||
properties:
|
|
||||||
rules:
|
|
||||||
- protocol: icmp
|
|
||||||
- protocol: tcp
|
|
||||||
- protocol: udp
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# resources that expose the IPs of either the kube master or a given
|
|
||||||
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
|
||||||
#
|
|
||||||
|
|
||||||
api_address_lb_switch:
|
|
||||||
type: Magnum::ApiGatewaySwitcher
|
|
||||||
properties:
|
|
||||||
pool_public_ip: {get_attr: [api_lb, floating_address]}
|
|
||||||
pool_private_ip: {get_attr: [api_lb, address]}
|
|
||||||
master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]}
|
|
||||||
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
|
||||||
|
|
||||||
etcd_address_lb_switch:
|
|
||||||
type: Magnum::ApiGatewaySwitcher
|
|
||||||
properties:
|
|
||||||
pool_private_ip: {get_attr: [etcd_lb, address]}
|
|
||||||
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# resources that expose the IPs of either floating ip or a given
|
|
||||||
# fixed ip depending on whether FloatingIP is enabled for the cluster.
|
|
||||||
#
|
|
||||||
|
|
||||||
api_address_floating_switch:
|
|
||||||
type: Magnum::FloatingIPAddressSwitcher
|
|
||||||
properties:
|
|
||||||
public_ip: {get_attr: [api_address_lb_switch, public_ip]}
|
|
||||||
private_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# resources that expose one server group for each master and worker nodes
|
|
||||||
# separately.
|
|
||||||
#
|
|
||||||
|
|
||||||
master_nodes_server_group:
|
|
||||||
type: OS::Nova::ServerGroup
|
|
||||||
properties:
|
|
||||||
policies: [{get_param: nodes_affinity_policy}]
|
|
||||||
|
|
||||||
worker_nodes_server_group:
|
|
||||||
type: OS::Nova::ServerGroup
|
|
||||||
properties:
|
|
||||||
policies: [{get_param: nodes_affinity_policy}]
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# kubernetes masters. This is a resource group that will create
|
|
||||||
# <number_of_masters> masters.
|
|
||||||
#
|
|
||||||
|
|
||||||
kube_masters:
|
|
||||||
type: OS::Heat::ResourceGroup
|
|
||||||
properties:
|
|
||||||
count: {get_param: number_of_masters}
|
|
||||||
resource_def:
|
|
||||||
type: kubemaster.yaml
|
|
||||||
properties:
|
|
||||||
name:
|
|
||||||
list_join:
|
|
||||||
- '-'
|
|
||||||
- [{ get_param: 'OS::stack_name' }, 'master', '%index%']
|
|
||||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
|
||||||
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
|
||||||
api_public_address: {get_attr: [api_lb, floating_address]}
|
|
||||||
api_private_address: {get_attr: [api_lb, address]}
|
|
||||||
ssh_key_name: {get_param: ssh_key_name}
|
|
||||||
server_image: {get_param: master_image}
|
|
||||||
master_flavor: {get_param: master_flavor}
|
|
||||||
external_network: {get_param: external_network}
|
|
||||||
kube_allow_priv: {get_param: kube_allow_priv}
|
|
||||||
docker_volume_size: {get_param: docker_volume_size}
|
|
||||||
docker_storage_driver: {get_param: docker_storage_driver}
|
|
||||||
network_driver: {get_param: network_driver}
|
|
||||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
|
||||||
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
|
|
||||||
flannel_backend: {get_param: flannel_backend}
|
|
||||||
system_pods_initial_delay: {get_param: system_pods_initial_delay}
|
|
||||||
system_pods_timeout: {get_param: system_pods_timeout}
|
|
||||||
portal_network_cidr: {get_param: portal_network_cidr}
|
|
||||||
admission_control_list: {get_param: admission_control_list}
|
|
||||||
discovery_url: {get_param: discovery_url}
|
|
||||||
cluster_uuid: {get_param: cluster_uuid}
|
|
||||||
magnum_url: {get_param: magnum_url}
|
|
||||||
fixed_network: {get_param: fixed_network}
|
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
|
||||||
api_pool_id: {get_attr: [api_lb, pool_id]}
|
|
||||||
etcd_pool_id: {get_attr: [etcd_lb, pool_id]}
|
|
||||||
username: {get_param: username}
|
|
||||||
password: {get_param: password}
|
|
||||||
kubernetes_port: {get_param: kubernetes_port}
|
|
||||||
tls_disabled: {get_param: tls_disabled}
|
|
||||||
kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
|
|
||||||
influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
|
|
||||||
verify_ca: {get_param: verify_ca}
|
|
||||||
secgroup_base_id: {get_resource: secgroup_base}
|
|
||||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
|
||||||
http_proxy: {get_param: http_proxy}
|
|
||||||
https_proxy: {get_param: https_proxy}
|
|
||||||
no_proxy: {get_param: no_proxy}
|
|
||||||
kube_tag: {get_param: kube_tag}
|
|
||||||
kube_version: {get_param: kube_version}
|
|
||||||
kube_dashboard_version: {get_param: kube_dashboard_version}
|
|
||||||
trustee_user_id: {get_param: trustee_user_id}
|
|
||||||
trustee_password: {get_param: trustee_password}
|
|
||||||
trust_id: {get_param: trust_id}
|
|
||||||
auth_url: {get_param: auth_url}
|
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
|
||||||
container_infra_prefix: {get_param: container_infra_prefix}
|
|
||||||
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
|
||||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
|
||||||
openstack_ca: {get_param: openstack_ca}
|
|
||||||
nodes_server_group_id: {get_resource: master_nodes_server_group}
|
|
||||||
octavia_enabled: {get_param: octavia_enabled}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# wait condition handler for kubernetes master
|
|
||||||
#
|
|
||||||
|
|
||||||
master_wait_handle:
|
|
||||||
type: OS::Heat::WaitConditionHandle
|
|
||||||
|
|
||||||
master_wait_condition:
|
|
||||||
type: OS::Heat::WaitCondition
|
|
||||||
properties:
|
|
||||||
count: {get_param: number_of_masters}
|
|
||||||
handle: {get_resource: master_wait_handle}
|
|
||||||
timeout: {get_param: wait_condition_timeout}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# kubernetes minions. This is an resource group that will initially
|
|
||||||
# create <number_of_minions> minions, and needs to be manually scaled.
|
|
||||||
#
|
|
||||||
|
|
||||||
kube_minions:
|
|
||||||
type: OS::Heat::ResourceGroup
|
|
||||||
properties:
|
|
||||||
count: {get_param: number_of_minions}
|
|
||||||
removal_policies: [{resource_list: {get_param: minions_to_remove}}]
|
|
||||||
resource_def:
|
|
||||||
type: kubeminion.yaml
|
|
||||||
properties:
|
|
||||||
name:
|
|
||||||
list_join:
|
|
||||||
- '-'
|
|
||||||
- [{ get_param: 'OS::stack_name' }, 'minion', '%index%']
|
|
||||||
ssh_key_name: {get_param: ssh_key_name}
|
|
||||||
server_image: {get_param: minion_image}
|
|
||||||
minion_flavor: {get_param: minion_flavor}
|
|
||||||
fixed_network: {get_param: fixed_network}
|
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
|
||||||
secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
|
|
||||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
|
||||||
external_network: {get_param: external_network}
|
|
||||||
kube_software_configs: {get_attr: [kubeminion_software_configs, kube_minion_init]}
|
|
||||||
nodes_server_group_id: {get_resource: worker_nodes_server_group}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# Software configs for kubernetes minions
|
|
||||||
#
|
|
||||||
|
|
||||||
kubeminion_software_configs:
|
|
||||||
type: kubeminion_software_configs.yaml
|
|
||||||
properties:
|
|
||||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
|
||||||
network_driver: {get_param: network_driver}
|
|
||||||
kube_master_ip: {get_attr: [api_address_lb_switch, private_ip]}
|
|
||||||
etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
|
|
||||||
kube_allow_priv: {get_param: kube_allow_priv}
|
|
||||||
docker_volume_size: {get_param: docker_volume_size}
|
|
||||||
docker_storage_driver: {get_param: docker_storage_driver}
|
|
||||||
registry_enabled: {get_param: registry_enabled}
|
|
||||||
registry_port: {get_param: registry_port}
|
|
||||||
swift_region: {get_param: swift_region}
|
|
||||||
registry_container: {get_param: registry_container}
|
|
||||||
registry_insecure: {get_param: registry_insecure}
|
|
||||||
registry_chunksize: {get_param: registry_chunksize}
|
|
||||||
cluster_uuid: {get_param: cluster_uuid}
|
|
||||||
magnum_url: {get_param: magnum_url}
|
|
||||||
volume_driver: {get_param: volume_driver}
|
|
||||||
region_name: {get_param: region_name}
|
|
||||||
auth_url: {get_param: auth_url}
|
|
||||||
username: {get_param: username}
|
|
||||||
password: {get_param: password}
|
|
||||||
kubernetes_port: {get_param: kubernetes_port}
|
|
||||||
tls_disabled: {get_param: tls_disabled}
|
|
||||||
verify_ca: {get_param: verify_ca}
|
|
||||||
http_proxy: {get_param: http_proxy}
|
|
||||||
https_proxy: {get_param: https_proxy}
|
|
||||||
no_proxy: {get_param: no_proxy}
|
|
||||||
kube_tag: {get_param: kube_tag}
|
|
||||||
kube_version: {get_param: kube_version}
|
|
||||||
trustee_user_id: {get_param: trustee_user_id}
|
|
||||||
trustee_username: {get_param: trustee_username}
|
|
||||||
trustee_password: {get_param: trustee_password}
|
|
||||||
trustee_domain_id: {get_param: trustee_domain_id}
|
|
||||||
trust_id: {get_param: trust_id}
|
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
|
||||||
container_infra_prefix: {get_param: container_infra_prefix}
|
|
||||||
wc_curl_cli: {get_attr: [minion_wait_handle, curl_cli]}
|
|
||||||
openstack_ca: {get_param: openstack_ca}
|
|
||||||
octavia_enabled: {get_param: octavia_enabled}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# wait condition handler for kubernetes minions
|
|
||||||
#
|
|
||||||
|
|
||||||
minion_wait_handle:
|
|
||||||
type: OS::Heat::WaitConditionHandle
|
|
||||||
|
|
||||||
minion_wait_condition:
|
|
||||||
type: OS::Heat::WaitCondition
|
|
||||||
properties:
|
|
||||||
count: {get_param: number_of_minions}
|
|
||||||
handle: {get_resource: minion_wait_handle}
|
|
||||||
timeout: {get_param: wait_condition_timeout}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
|
|
||||||
api_address:
|
|
||||||
value:
|
|
||||||
str_replace:
|
|
||||||
template: api_ip_address
|
|
||||||
params:
|
|
||||||
api_ip_address: {get_attr: [api_address_floating_switch, ip_address]}
|
|
||||||
description: >
|
|
||||||
This is the API endpoint of the Kubernetes cluster. Use this to access
|
|
||||||
the Kubernetes API.
|
|
||||||
|
|
||||||
registry_address:
|
|
||||||
value:
|
|
||||||
str_replace:
|
|
||||||
template: localhost:port
|
|
||||||
params:
|
|
||||||
port: {get_param: registry_port}
|
|
||||||
description:
|
|
||||||
This is the url of docker registry server where you can store docker
|
|
||||||
images.
|
|
||||||
|
|
||||||
kube_masters_private:
|
|
||||||
value: {get_attr: [kube_masters, kube_master_ip]}
|
|
||||||
description: >
|
|
||||||
This is a list of the "private" IP addresses of all the Kubernetes masters.
|
|
||||||
|
|
||||||
kube_masters:
|
|
||||||
value: {get_attr: [kube_masters, kube_master_external_ip]}
|
|
||||||
description: >
|
|
||||||
This is a list of the "public" IP addresses of all the Kubernetes masters.
|
|
||||||
Use these IP addresses to log in to the Kubernetes masters via ssh.
|
|
||||||
|
|
||||||
kube_minions_private:
|
|
||||||
value: {get_attr: [kube_minions, kube_minion_ip]}
|
|
||||||
description: >
|
|
||||||
This is a list of the "private" IP addresses of all the Kubernetes minions.
|
|
||||||
|
|
||||||
kube_minions:
|
|
||||||
value: {get_attr: [kube_minions, kube_minion_external_ip]}
|
|
||||||
description: >
|
|
||||||
This is a list of the "public" IP addresses of all the Kubernetes minions.
|
|
||||||
Use these IP addresses to log in to the Kubernetes minions via ssh.
|
|
@ -1,559 +0,0 @@
|
|||||||
heat_template_version: 2014-10-16
|
|
||||||
|
|
||||||
description: >
|
|
||||||
This is a nested stack that defines a single Kubernetes master, This stack is
|
|
||||||
included by an ResourceGroup resource in the parent template
|
|
||||||
(kubecluster.yaml).
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
|
|
||||||
name:
|
|
||||||
type: string
|
|
||||||
description: server name
|
|
||||||
|
|
||||||
server_image:
|
|
||||||
type: string
|
|
||||||
description: glance image used to boot the server
|
|
||||||
|
|
||||||
master_flavor:
|
|
||||||
type: string
|
|
||||||
description: flavor to use when booting the server
|
|
||||||
|
|
||||||
ssh_key_name:
|
|
||||||
type: string
|
|
||||||
description: name of ssh key to be provisioned on our server
|
|
||||||
|
|
||||||
external_network:
|
|
||||||
type: string
|
|
||||||
description: uuid/name of a network to use for floating ip addresses
|
|
||||||
|
|
||||||
portal_network_cidr:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
address range used by kubernetes for service portals
|
|
||||||
|
|
||||||
kube_allow_priv:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
whether or not kubernetes should permit privileged containers.
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["true", "false"]
|
|
||||||
|
|
||||||
docker_volume_size:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size of a cinder volume to allocate to docker for container/image
|
|
||||||
storage
|
|
||||||
|
|
||||||
docker_storage_driver:
|
|
||||||
type: string
|
|
||||||
description: docker storage driver name
|
|
||||||
default: "devicemapper"
|
|
||||||
|
|
||||||
flannel_network_cidr:
|
|
||||||
type: string
|
|
||||||
description: network range for flannel overlay network
|
|
||||||
|
|
||||||
flannel_network_subnetlen:
|
|
||||||
type: number
|
|
||||||
description: size of subnet assigned to each master
|
|
||||||
|
|
||||||
flannel_backend:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
specify the backend for flannel, default udp backend
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["udp", "vxlan", "host-gw"]
|
|
||||||
|
|
||||||
system_pods_initial_delay:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
health check, time to wait for system pods (podmaster, scheduler) to boot
|
|
||||||
(in seconds)
|
|
||||||
default: 30
|
|
||||||
|
|
||||||
system_pods_timeout:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
health check, timeout for system pods (podmaster, scheduler) to answer.
|
|
||||||
(in seconds)
|
|
||||||
default: 5
|
|
||||||
|
|
||||||
admission_control_list:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
List of admission control plugins to activate
|
|
||||||
|
|
||||||
discovery_url:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
Discovery URL used for bootstrapping the etcd cluster.
|
|
||||||
|
|
||||||
tls_disabled:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to enable TLS
|
|
||||||
|
|
||||||
kube_dashboard_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to disable kubernetes dashboard
|
|
||||||
|
|
||||||
influx_grafana_dashboard_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: Enable influxdb with grafana dashboard for data from heapster
|
|
||||||
|
|
||||||
verify_ca:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to validate certificate authority
|
|
||||||
|
|
||||||
kubernetes_port:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
The port which are used by kube-apiserver to provide Kubernetes
|
|
||||||
service.
|
|
||||||
|
|
||||||
cluster_uuid:
|
|
||||||
type: string
|
|
||||||
description: identifier for the cluster this template is generating
|
|
||||||
|
|
||||||
magnum_url:
|
|
||||||
type: string
|
|
||||||
description: endpoint to retrieve TLS certs from
|
|
||||||
|
|
||||||
prometheus_monitoring:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
whether or not to have prometheus and grafana deployed
|
|
||||||
|
|
||||||
grafana_admin_passwd:
|
|
||||||
type: string
|
|
||||||
hidden: true
|
|
||||||
description: >
|
|
||||||
admin user password for the Grafana monitoring interface
|
|
||||||
|
|
||||||
api_public_address:
|
|
||||||
type: string
|
|
||||||
description: Public IP address of the Kubernetes master server.
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
api_private_address:
|
|
||||||
type: string
|
|
||||||
description: Private IP address of the Kubernetes master server.
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
fixed_network:
|
|
||||||
type: string
|
|
||||||
description: Network from which to allocate fixed addresses.
|
|
||||||
|
|
||||||
fixed_subnet:
|
|
||||||
type: string
|
|
||||||
description: Subnet from which to allocate fixed addresses.
|
|
||||||
|
|
||||||
network_driver:
|
|
||||||
type: string
|
|
||||||
description: network driver to use for instantiating container networks
|
|
||||||
|
|
||||||
secgroup_base_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the security group for base.
|
|
||||||
|
|
||||||
secgroup_kube_master_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the security group for kubernetes master.
|
|
||||||
|
|
||||||
api_pool_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the load balancer pool of k8s API server.
|
|
||||||
|
|
||||||
etcd_pool_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the load balancer pool of etcd server.
|
|
||||||
|
|
||||||
auth_url:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
url for kubernetes to authenticate
|
|
||||||
|
|
||||||
username:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user account
|
|
||||||
|
|
||||||
password:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user password
|
|
||||||
|
|
||||||
http_proxy:
|
|
||||||
type: string
|
|
||||||
description: http proxy address for docker
|
|
||||||
|
|
||||||
https_proxy:
|
|
||||||
type: string
|
|
||||||
description: https proxy address for docker
|
|
||||||
|
|
||||||
no_proxy:
|
|
||||||
type: string
|
|
||||||
description: no proxies for docker
|
|
||||||
|
|
||||||
kube_tag:
|
|
||||||
type: string
|
|
||||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
|
||||||
|
|
||||||
kube_version:
|
|
||||||
type: string
|
|
||||||
description: version of kubernetes used for kubernetes cluster
|
|
||||||
|
|
||||||
kube_dashboard_version:
|
|
||||||
type: string
|
|
||||||
description: version of kubernetes dashboard used for kubernetes cluster
|
|
||||||
|
|
||||||
trustee_user_id:
|
|
||||||
type: string
|
|
||||||
description: user id of the trustee
|
|
||||||
|
|
||||||
trustee_password:
|
|
||||||
type: string
|
|
||||||
description: password of the trustee
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
trust_id:
|
|
||||||
type: string
|
|
||||||
description: id of the trust which is used by the trustee
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
insecure_registry_url:
|
|
||||||
type: string
|
|
||||||
description: insecure registry url
|
|
||||||
|
|
||||||
container_infra_prefix:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
prefix of container images used in the cluster, kubernetes components,
|
|
||||||
kubernetes-dashboard, coredns etc
|
|
||||||
|
|
||||||
wc_curl_cli:
|
|
||||||
type: string
|
|
||||||
description : >
|
|
||||||
Wait condition notify command for Master.
|
|
||||||
|
|
||||||
etcd_lb_vip:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
etcd lb vip private used to generate certs on master.
|
|
||||||
default: ""
|
|
||||||
|
|
||||||
openstack_ca:
|
|
||||||
type: string
|
|
||||||
description: The OpenStack CA certificate to install on the node.
|
|
||||||
|
|
||||||
nodes_server_group_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the server group for kubernetes cluster nodes.
|
|
||||||
|
|
||||||
octavia_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
whether or not to use Octavia for LoadBalancer type service.
|
|
||||||
default: False
|
|
||||||
|
|
||||||
resources:
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# resource that exposes the IPs of either the kube master or the API
|
|
||||||
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
|
|
||||||
#
|
|
||||||
|
|
||||||
api_address_switch:
|
|
||||||
type: Magnum::ApiGatewaySwitcher
|
|
||||||
properties:
|
|
||||||
pool_public_ip: {get_param: api_public_address}
|
|
||||||
pool_private_ip: {get_param: api_private_address}
|
|
||||||
master_public_ip: {get_attr: [kube_master_floating, floating_ip_address]}
|
|
||||||
master_private_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# software configs. these are components that are combined into
|
|
||||||
# a multipart MIME user-data archive.
|
|
||||||
#
|
|
||||||
|
|
||||||
write_heat_params:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params-master.yaml}
|
|
||||||
params:
|
|
||||||
"$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring}
|
|
||||||
"$KUBE_API_PUBLIC_ADDRESS": {get_attr: [api_address_switch, public_ip]}
|
|
||||||
"$KUBE_API_PRIVATE_ADDRESS": {get_attr: [api_address_switch, private_ip]}
|
|
||||||
"$KUBE_API_PORT": {get_param: kubernetes_port}
|
|
||||||
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
|
||||||
"$DOCKER_VOLUME": 'None'
|
|
||||||
"$DOCKER_VOLUME_SIZE": {get_param: docker_volume_size}
|
|
||||||
"$DOCKER_STORAGE_DRIVER": {get_param: docker_storage_driver}
|
|
||||||
"$NETWORK_DRIVER": {get_param: network_driver}
|
|
||||||
"$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
|
|
||||||
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
|
||||||
"$FLANNEL_BACKEND": {get_param: flannel_backend}
|
|
||||||
"$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay}
|
|
||||||
"$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout}
|
|
||||||
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
|
|
||||||
"$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
|
|
||||||
"$ETCD_DISCOVERY_URL": {get_param: discovery_url}
|
|
||||||
"$AUTH_URL": {get_param: auth_url}
|
|
||||||
"$USERNAME": {get_param: username}
|
|
||||||
"$PASSWORD": {get_param: password}
|
|
||||||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
|
||||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
|
||||||
"$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
|
|
||||||
"$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
|
|
||||||
"$VERIFY_CA": {get_param: verify_ca}
|
|
||||||
"$CLUSTER_UUID": {get_param: cluster_uuid}
|
|
||||||
"$MAGNUM_URL": {get_param: magnum_url}
|
|
||||||
"$HTTP_PROXY": {get_param: http_proxy}
|
|
||||||
"$HTTPS_PROXY": {get_param: https_proxy}
|
|
||||||
"$NO_PROXY": {get_param: no_proxy}
|
|
||||||
"$KUBE_TAG": {get_param: kube_tag}
|
|
||||||
"$KUBE_VERSION": {get_param: kube_version}
|
|
||||||
"$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
|
|
||||||
"$WAIT_CURL": {get_param: wc_curl_cli}
|
|
||||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
|
||||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
|
||||||
"$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
|
|
||||||
"$ENABLE_CINDER": "False"
|
|
||||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
|
||||||
"$OCTAVIA_ENABLED": {get_param: octavia_enabled}
|
|
||||||
|
|
||||||
install_openstack_ca:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
params:
|
|
||||||
$OPENSTACK_CA: {get_param: openstack_ca}
|
|
||||||
template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
|
|
||||||
|
|
||||||
make_cert:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/make-cert.sh}
|
|
||||||
|
|
||||||
configure_docker_storage:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
params:
|
|
||||||
$configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
|
|
||||||
template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
|
|
||||||
|
|
||||||
configure_etcd:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-etcd.sh}
|
|
||||||
|
|
||||||
write_kube_os_config:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh}
|
|
||||||
|
|
||||||
configure_kubernetes:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-master.sh}
|
|
||||||
|
|
||||||
write_flannel_config:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-flannel-config.sh}
|
|
||||||
|
|
||||||
flannel_config_service:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh}
|
|
||||||
|
|
||||||
enable_services:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-master.sh}
|
|
||||||
|
|
||||||
flannel_service:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
|
||||||
|
|
||||||
enable_kube_controller_manager_scheduler:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-controller-manager-scheduler.sh}
|
|
||||||
|
|
||||||
kube_apiserver_to_kubelet_role:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh}
|
|
||||||
|
|
||||||
kube_ui_service:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
|
||||||
|
|
||||||
enable_kube_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
|
|
||||||
|
|
||||||
master_wc_notify:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/wc-notify-master.sh}
|
|
||||||
|
|
||||||
disable_selinux:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh}
|
|
||||||
|
|
||||||
add_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh}
|
|
||||||
|
|
||||||
start_container_agent:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh}
|
|
||||||
|
|
||||||
kube_master_init:
|
|
||||||
type: OS::Heat::MultipartMime
|
|
||||||
properties:
|
|
||||||
parts:
|
|
||||||
- config: {get_resource: install_openstack_ca}
|
|
||||||
- config: {get_resource: disable_selinux}
|
|
||||||
- config: {get_resource: write_heat_params}
|
|
||||||
- config: {get_resource: configure_etcd}
|
|
||||||
- config: {get_resource: write_kube_os_config}
|
|
||||||
- config: {get_resource: make_cert}
|
|
||||||
- config: {get_resource: configure_docker_storage}
|
|
||||||
- config: {get_resource: configure_kubernetes}
|
|
||||||
- config: {get_resource: add_proxy}
|
|
||||||
- config: {get_resource: enable_services}
|
|
||||||
- config: {get_resource: write_flannel_config}
|
|
||||||
- config: {get_resource: flannel_config_service}
|
|
||||||
- config: {get_resource: flannel_service}
|
|
||||||
- config: {get_resource: kube_apiserver_to_kubelet_role}
|
|
||||||
- config: {get_resource: enable_kube_controller_manager_scheduler}
|
|
||||||
- config: {get_resource: enable_kube_proxy}
|
|
||||||
- config: {get_resource: kube_ui_service}
|
|
||||||
- config: {get_resource: start_container_agent}
|
|
||||||
- config: {get_resource: master_wc_notify}
|
|
||||||
|
|
||||||
enable_prometheus_monitoring:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: script
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
|
|
||||||
params:
|
|
||||||
"$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
|
|
||||||
|
|
||||||
enable_prometheus_monitoring_deployment:
|
|
||||||
type: OS::Heat::SoftwareDeployment
|
|
||||||
properties:
|
|
||||||
signal_transport: HEAT_SIGNAL
|
|
||||||
config: {get_resource: enable_prometheus_monitoring}
|
|
||||||
server: {get_resource: kube-master}
|
|
||||||
actions: ['CREATE']
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# a single kubernetes master.
|
|
||||||
#
|
|
||||||
|
|
||||||
# do NOT use "_" (underscore) in the Nova server name
|
|
||||||
# it creates a mismatch between the generated Nova name and its hostname
|
|
||||||
# which can lead to weird problems
|
|
||||||
kube-master:
|
|
||||||
type: OS::Nova::Server
|
|
||||||
properties:
|
|
||||||
name: {get_param: name}
|
|
||||||
image: {get_param: server_image}
|
|
||||||
flavor: {get_param: master_flavor}
|
|
||||||
key_name: {get_param: ssh_key_name}
|
|
||||||
user_data_format: SOFTWARE_CONFIG
|
|
||||||
software_config_transport: POLL_SERVER_HEAT
|
|
||||||
user_data: {get_resource: kube_master_init}
|
|
||||||
networks:
|
|
||||||
- port: {get_resource: kube_master_eth0}
|
|
||||||
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
|
||||||
|
|
||||||
kube_master_eth0:
|
|
||||||
type: "OS::Neutron::Port"
|
|
||||||
properties:
|
|
||||||
network_id:
|
|
||||||
get_param: fixed_network
|
|
||||||
security_groups:
|
|
||||||
- {get_param: secgroup_kube_master_id}
|
|
||||||
fixed_ips:
|
|
||||||
- subnet_id:
|
|
||||||
get_param: fixed_subnet
|
|
||||||
allowed_address_pairs:
|
|
||||||
- ip_address: {get_param: flannel_network_cidr}
|
|
||||||
|
|
||||||
kube_master_floating:
|
|
||||||
type: OS::Neutron::FloatingIP
|
|
||||||
properties:
|
|
||||||
floating_network:
|
|
||||||
get_param: external_network
|
|
||||||
port_id:
|
|
||||||
get_resource: kube_master_eth0
|
|
||||||
|
|
||||||
api_pool_member:
|
|
||||||
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
|
||||||
properties:
|
|
||||||
pool: {get_param: api_pool_id}
|
|
||||||
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
subnet: { get_param: fixed_subnet }
|
|
||||||
protocol_port: {get_param: kubernetes_port}
|
|
||||||
|
|
||||||
etcd_pool_member:
|
|
||||||
type: Magnum::Optional::Neutron::LBaaS::PoolMember
|
|
||||||
properties:
|
|
||||||
pool: {get_param: etcd_pool_id}
|
|
||||||
address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
subnet: { get_param: fixed_subnet }
|
|
||||||
protocol_port: 2379
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
|
|
||||||
kube_master_ip:
|
|
||||||
value: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
description: >
|
|
||||||
This is the "private" IP address of the Kubernetes master node.
|
|
||||||
|
|
||||||
kube_master_external_ip:
|
|
||||||
value: {get_attr: [kube_master_floating, floating_ip_address]}
|
|
||||||
description: >
|
|
||||||
This is the "public" IP address of the Kubernetes master node.
|
|
@ -1,125 +0,0 @@
|
|||||||
heat_template_version: 2014-10-16
|
|
||||||
|
|
||||||
description: >
|
|
||||||
This is a nested stack that defines a single Kubernetes minion, This stack is
|
|
||||||
included by an AutoScalingGroup resource in the parent template
|
|
||||||
(kubecluster.yaml).
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
|
|
||||||
name:
|
|
||||||
type: string
|
|
||||||
description: server name
|
|
||||||
|
|
||||||
server_image:
|
|
||||||
type: string
|
|
||||||
description: glance image used to boot the server
|
|
||||||
|
|
||||||
minion_flavor:
|
|
||||||
type: string
|
|
||||||
description: flavor to use when booting the server
|
|
||||||
|
|
||||||
ssh_key_name:
|
|
||||||
type: string
|
|
||||||
description: name of ssh key to be provisioned on our server
|
|
||||||
|
|
||||||
external_network:
|
|
||||||
type: string
|
|
||||||
description: uuid/name of a network to use for floating ip addresses
|
|
||||||
|
|
||||||
fixed_network:
|
|
||||||
type: string
|
|
||||||
description: Network from which to allocate fixed addresses.
|
|
||||||
|
|
||||||
fixed_subnet:
|
|
||||||
type: string
|
|
||||||
description: Subnet from which to allocate fixed addresses.
|
|
||||||
|
|
||||||
secgroup_kube_minion_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the security group for kubernetes minion.
|
|
||||||
|
|
||||||
flannel_network_cidr:
|
|
||||||
type: string
|
|
||||||
description: network range for flannel overlay network
|
|
||||||
|
|
||||||
kube_software_configs:
|
|
||||||
type: string
|
|
||||||
description : >
|
|
||||||
ID of the multipart mime.
|
|
||||||
|
|
||||||
nodes_server_group_id:
|
|
||||||
type: string
|
|
||||||
description: ID of the server group for kubernetes cluster nodes.
|
|
||||||
|
|
||||||
resources:
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# a single kubernetes minion.
|
|
||||||
#
|
|
||||||
|
|
||||||
# do NOT use "_" (underscore) in the Nova server name
|
|
||||||
# it creates a mismatch between the generated Nova name and its hostname
|
|
||||||
# which can lead to weird problems
|
|
||||||
kube-minion:
|
|
||||||
type: OS::Nova::Server
|
|
||||||
properties:
|
|
||||||
name: {get_param: name}
|
|
||||||
image: {get_param: server_image}
|
|
||||||
flavor: {get_param: minion_flavor}
|
|
||||||
key_name: {get_param: ssh_key_name}
|
|
||||||
user_data_format: RAW
|
|
||||||
user_data: {get_param: kube_software_configs}
|
|
||||||
networks:
|
|
||||||
- port: {get_resource: kube_minion_eth0}
|
|
||||||
scheduler_hints: { group: { get_param: nodes_server_group_id }}
|
|
||||||
|
|
||||||
kube_minion_eth0:
|
|
||||||
type: "OS::Neutron::Port"
|
|
||||||
properties:
|
|
||||||
network_id:
|
|
||||||
get_param: fixed_network
|
|
||||||
security_groups:
|
|
||||||
- {get_param: secgroup_kube_minion_id}
|
|
||||||
fixed_ips:
|
|
||||||
- subnet_id:
|
|
||||||
get_param: fixed_subnet
|
|
||||||
allowed_address_pairs:
|
|
||||||
- ip_address: {get_param: flannel_network_cidr}
|
|
||||||
|
|
||||||
kube_minion_floating:
|
|
||||||
type: OS::Neutron::FloatingIP
|
|
||||||
properties:
|
|
||||||
floating_network:
|
|
||||||
get_param: external_network
|
|
||||||
port_id:
|
|
||||||
get_resource: kube_minion_eth0
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
|
|
||||||
kube_minion_ip:
|
|
||||||
value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
description: >
|
|
||||||
This is the "public" IP address of the Kubernetes minion node.
|
|
||||||
|
|
||||||
kube_minion_external_ip:
|
|
||||||
value: {get_attr: [kube_minion_floating, floating_ip_address]}
|
|
||||||
description: >
|
|
||||||
This is the "public" IP address of the Kubernetes minion node.
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# NOTE(flwang): Returning the minion node server ID here so that
|
|
||||||
# consumer can send API request to Heat to remove a particular
|
|
||||||
# node with removal_policies. Otherwise, the consumer (e.g. AutoScaler)
|
|
||||||
# has to use index to do the remove which is confusing out of the
|
|
||||||
# OpenStack world.
|
|
||||||
# https://storyboard.openstack.org/#!/story/2005054
|
|
||||||
#
|
|
||||||
######################################################################
|
|
||||||
|
|
||||||
OS::stack_id:
|
|
||||||
value: { get_resource: kube-minion }
|
|
||||||
description: >
|
|
||||||
This is the Ironic server id of the node.
|
|
@ -1,355 +0,0 @@
|
|||||||
heat_template_version: 2014-10-16
|
|
||||||
|
|
||||||
description: >
|
|
||||||
This is a nested stack that defines software configs for Kubernetes minions.
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
|
|
||||||
kube_allow_priv:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
whether or not kubernetes should permit privileged containers.
|
|
||||||
constraints:
|
|
||||||
- allowed_values: ["true", "false"]
|
|
||||||
|
|
||||||
docker_volume_size:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size of a cinder volume to allocate to docker for container/image
|
|
||||||
storage
|
|
||||||
|
|
||||||
docker_storage_driver:
|
|
||||||
type: string
|
|
||||||
description: docker storage driver name
|
|
||||||
default: "devicemapper"
|
|
||||||
|
|
||||||
tls_disabled:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to enable TLS
|
|
||||||
|
|
||||||
verify_ca:
|
|
||||||
type: boolean
|
|
||||||
description: whether or not to validate certificate authority
|
|
||||||
|
|
||||||
kubernetes_port:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
The port which are used by kube-apiserver to provide Kubernetes
|
|
||||||
service.
|
|
||||||
|
|
||||||
cluster_uuid:
|
|
||||||
type: string
|
|
||||||
description: identifier for the cluster this template is generating
|
|
||||||
|
|
||||||
magnum_url:
|
|
||||||
type: string
|
|
||||||
description: endpoint to retrieve TLS certs from
|
|
||||||
|
|
||||||
prometheus_monitoring:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
whether or not to have the node-exporter running on the node
|
|
||||||
|
|
||||||
kube_master_ip:
|
|
||||||
type: string
|
|
||||||
description: IP address of the Kubernetes master server.
|
|
||||||
|
|
||||||
etcd_server_ip:
|
|
||||||
type: string
|
|
||||||
description: IP address of the Etcd server.
|
|
||||||
|
|
||||||
network_driver:
|
|
||||||
type: string
|
|
||||||
description: network driver to use for instantiating container networks
|
|
||||||
|
|
||||||
registry_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
Indicates whether the docker registry is enabled.
|
|
||||||
|
|
||||||
registry_port:
|
|
||||||
type: number
|
|
||||||
description: port of registry service
|
|
||||||
|
|
||||||
swift_region:
|
|
||||||
type: string
|
|
||||||
description: region of swift service
|
|
||||||
|
|
||||||
registry_container:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
name of swift container which docker registry stores images in
|
|
||||||
|
|
||||||
registry_insecure:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
indicates whether to skip TLS verification between registry and backend storage
|
|
||||||
|
|
||||||
registry_chunksize:
|
|
||||||
type: number
|
|
||||||
description: >
|
|
||||||
size fo the data segments for the swift dynamic large objects
|
|
||||||
|
|
||||||
volume_driver:
|
|
||||||
type: string
|
|
||||||
description: volume driver to use for container storage
|
|
||||||
|
|
||||||
region_name:
|
|
||||||
type: string
|
|
||||||
description: A logically separate section of the cluster
|
|
||||||
|
|
||||||
username:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user account
|
|
||||||
|
|
||||||
password:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
user password, not set in current implementation, only used to
|
|
||||||
fill in for Kubernetes config file
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
http_proxy:
|
|
||||||
type: string
|
|
||||||
description: http proxy address for docker
|
|
||||||
|
|
||||||
https_proxy:
|
|
||||||
type: string
|
|
||||||
description: https proxy address for docker
|
|
||||||
|
|
||||||
no_proxy:
|
|
||||||
type: string
|
|
||||||
description: no proxies for docker
|
|
||||||
|
|
||||||
kube_tag:
|
|
||||||
type: string
|
|
||||||
description: tag of the k8s containers used to provision the kubernetes cluster
|
|
||||||
|
|
||||||
kube_version:
|
|
||||||
type: string
|
|
||||||
description: version of kubernetes used for kubernetes cluster
|
|
||||||
|
|
||||||
trustee_domain_id:
|
|
||||||
type: string
|
|
||||||
description: domain id of the trustee
|
|
||||||
|
|
||||||
trustee_user_id:
|
|
||||||
type: string
|
|
||||||
description: user id of the trustee
|
|
||||||
|
|
||||||
trustee_username:
|
|
||||||
type: string
|
|
||||||
description: username of the trustee
|
|
||||||
|
|
||||||
trustee_password:
|
|
||||||
type: string
|
|
||||||
description: password of the trustee
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
trust_id:
|
|
||||||
type: string
|
|
||||||
description: id of the trust which is used by the trustee
|
|
||||||
hidden: true
|
|
||||||
|
|
||||||
auth_url:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
url for keystone, must be v2 since k8s backend only support v2
|
|
||||||
at this point
|
|
||||||
|
|
||||||
insecure_registry_url:
|
|
||||||
type: string
|
|
||||||
description: insecure registry url
|
|
||||||
|
|
||||||
container_infra_prefix:
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
prefix of container images used in the cluster, kubernetes components,
|
|
||||||
kubernetes-dashboard, coredns etc
|
|
||||||
|
|
||||||
wc_curl_cli:
|
|
||||||
type: string
|
|
||||||
description : >
|
|
||||||
Wait condition notify command for Minion.
|
|
||||||
|
|
||||||
openstack_ca:
|
|
||||||
type: string
|
|
||||||
description: The OpenStack CA certificate to install on the node.
|
|
||||||
|
|
||||||
octavia_enabled:
|
|
||||||
type: boolean
|
|
||||||
description: >
|
|
||||||
whether or not to use Octavia for LoadBalancer type service.
|
|
||||||
default: False
|
|
||||||
|
|
||||||
resources:
|
|
||||||
|
|
||||||
######################################################################
|
|
||||||
#
|
|
||||||
# software configs. these are components that are combined into
|
|
||||||
# a multipart MIME user-data archive.
|
|
||||||
#
|
|
||||||
|
|
||||||
write_heat_params:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params.yaml}
|
|
||||||
params:
|
|
||||||
$PROMETHEUS_MONITORING: {get_param: prometheus_monitoring}
|
|
||||||
$KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
|
|
||||||
$KUBE_MASTER_IP: {get_param: kube_master_ip}
|
|
||||||
$KUBE_API_PORT: {get_param: kubernetes_port}
|
|
||||||
$ETCD_SERVER_IP: {get_param: etcd_server_ip}
|
|
||||||
$DOCKER_VOLUME: 'None'
|
|
||||||
$DOCKER_VOLUME_SIZE: {get_param: docker_volume_size}
|
|
||||||
$DOCKER_STORAGE_DRIVER: {get_param: docker_storage_driver}
|
|
||||||
$NETWORK_DRIVER: {get_param: network_driver}
|
|
||||||
$REGISTRY_ENABLED: {get_param: registry_enabled}
|
|
||||||
$REGISTRY_PORT: {get_param: registry_port}
|
|
||||||
$SWIFT_REGION: {get_param: swift_region}
|
|
||||||
$REGISTRY_CONTAINER: {get_param: registry_container}
|
|
||||||
$REGISTRY_INSECURE: {get_param: registry_insecure}
|
|
||||||
$REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
|
|
||||||
$TLS_DISABLED: {get_param: tls_disabled}
|
|
||||||
$VERIFY_CA: {get_param: verify_ca}
|
|
||||||
$CLUSTER_UUID: {get_param: cluster_uuid}
|
|
||||||
$MAGNUM_URL: {get_param: magnum_url}
|
|
||||||
$USERNAME: {get_param: username}
|
|
||||||
$PASSWORD: {get_param: password}
|
|
||||||
$VOLUME_DRIVER: {get_param: volume_driver}
|
|
||||||
$REGION_NAME: {get_param: region_name}
|
|
||||||
$HTTP_PROXY: {get_param: http_proxy}
|
|
||||||
$HTTPS_PROXY: {get_param: https_proxy}
|
|
||||||
$NO_PROXY: {get_param: no_proxy}
|
|
||||||
$KUBE_TAG: {get_param: kube_tag}
|
|
||||||
$KUBE_VERSION: {get_param: kube_version}
|
|
||||||
$WAIT_CURL: {get_param: wc_curl_cli}
|
|
||||||
$TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id}
|
|
||||||
$TRUSTEE_USER_ID: {get_param: trustee_user_id}
|
|
||||||
$TRUSTEE_USERNAME: {get_param: trustee_username}
|
|
||||||
$TRUSTEE_PASSWORD: {get_param: trustee_password}
|
|
||||||
$TRUST_ID: {get_param: trust_id}
|
|
||||||
$AUTH_URL: {get_param: auth_url}
|
|
||||||
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
|
|
||||||
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
|
||||||
$ENABLE_CINDER: "False"
|
|
||||||
$OCTAVIA_ENABLED: {get_param: octavia_enabled}
|
|
||||||
|
|
||||||
install_openstack_ca:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
params:
|
|
||||||
$OPENSTACK_CA: {get_param: openstack_ca}
|
|
||||||
template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
|
|
||||||
|
|
||||||
make_cert:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh}
|
|
||||||
|
|
||||||
configure_docker_storage:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
params:
|
|
||||||
$configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
|
|
||||||
template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
|
|
||||||
|
|
||||||
configure_docker_registry:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh}
|
|
||||||
|
|
||||||
configure_kubernetes_minion:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh}
|
|
||||||
|
|
||||||
flannel_service:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
|
||||||
|
|
||||||
enable_services:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-minion.sh}
|
|
||||||
|
|
||||||
enable_docker_registry:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
|
|
||||||
|
|
||||||
enable_kube_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh}
|
|
||||||
|
|
||||||
minion_wc_notify:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config:
|
|
||||||
str_replace:
|
|
||||||
template: |
|
|
||||||
#!/bin/bash -v
|
|
||||||
if [ "verify_ca" == "True" ]; then
|
|
||||||
VERIFY_CA=""
|
|
||||||
else
|
|
||||||
VERIFY_CA="-k"
|
|
||||||
fi
|
|
||||||
wc_notify $VERIFY_CA --data-binary '{"status": "SUCCESS"}'
|
|
||||||
params:
|
|
||||||
wc_notify: {get_param: wc_curl_cli}
|
|
||||||
verify_ca: {get_param: verify_ca}
|
|
||||||
|
|
||||||
disable_selinux:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh}
|
|
||||||
|
|
||||||
add_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh}
|
|
||||||
|
|
||||||
kube_minion_init:
|
|
||||||
type: OS::Heat::MultipartMime
|
|
||||||
properties:
|
|
||||||
parts:
|
|
||||||
- config: {get_resource: install_openstack_ca}
|
|
||||||
- config: {get_resource: disable_selinux}
|
|
||||||
- config: {get_resource: write_heat_params}
|
|
||||||
- config: {get_resource: make_cert}
|
|
||||||
- config: {get_resource: configure_docker_storage}
|
|
||||||
- config: {get_resource: configure_docker_registry}
|
|
||||||
- config: {get_resource: configure_kubernetes_minion}
|
|
||||||
- config: {get_resource: flannel_service}
|
|
||||||
- config: {get_resource: add_proxy}
|
|
||||||
- config: {get_resource: enable_services}
|
|
||||||
- config: {get_resource: enable_kube_proxy}
|
|
||||||
- config: {get_resource: enable_docker_registry}
|
|
||||||
- config: {get_resource: minion_wc_notify}
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
kube_minion_init:
|
|
||||||
value: {get_resource: kube_minion_init}
|
|
||||||
description: ID of the multipart mime for kubeminion.
|
|
@ -1,17 +0,0 @@
|
|||||||
# Copyright 2016 - Rackspace Hosting
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
version = '1.0.0'
|
|
||||||
driver = 'k8s_fedora_ironic_v1'
|
|
||||||
container_version = '1.12.6'
|
|
@ -41,51 +41,6 @@ if [[ -e /etc/ci/mirror_info.sh ]]; then
|
|||||||
source /etc/ci/mirror_info.sh
|
source /etc/ci/mirror_info.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${coe}${special}" = "k8s-ironic" ]; then
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-kubernetes-ironic-latest.tar.gz'"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-kubernetes-ironic-latest'"
|
|
||||||
|
|
||||||
export DEVSTACK_GATE_VIRT_DRIVER="ironic"
|
|
||||||
# NOTE(strigazi) keep cinder
|
|
||||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service cinder c-sch c-api c-vol"
|
|
||||||
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin ironic https://git.openstack.org/openstack/ironic"
|
|
||||||
|
|
||||||
# NOTE(TheJulia): Ironic switched to "hardware types" in Queens and
|
|
||||||
# removed legacy "drivers" in Rocky. "ipmi" superceeds *_ipmitool drivers.
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_DEPLOY_DRIVER=ipmi"
|
|
||||||
# NOTE(ykarel) Ironic to work with magnum, requires devstack to be configured with IP_VERSION=4
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IP_VERSION=4"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BAREMETAL_BASIC_OPS=True"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_LOG_DIR=/opt/stack/new/ironic-bm-logs"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"DEFAULT_INSTANCE_TYPE=baremetal"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"BUILD_TIMEOUT=600"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_CALLBACK_TIMEOUT=600"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_AGENT=openvswitch"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"Q_ML2_TENANT_NETWORK_TYPE=vxlan"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_BUILD_DEPLOY_RAMDISK=False"
|
|
||||||
|
|
||||||
# We don't enable swift in Gate Jobs so not required
|
|
||||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_ENABLE_TEMPURLS=True"
|
|
||||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_TEMPURL_KEY=password"
|
|
||||||
# export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_HASH=password"
|
|
||||||
# NOTE(TheJulia): Enable interface order will result in the iscsi
|
|
||||||
# deployment method being used by default.
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DEPLOY_INTERFACES=iscsi,direct"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"VOLUME_BACKING_FILE_SIZE=24G"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"FORCE_CONFIG_DRIVE=True"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_RAMDISK_TYPE=tinyipa"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_IPXE_ENABLED=False"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_COUNT=2"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SSH_PORT=22"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_RAM=1024"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
|
|
||||||
else
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz'"
|
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-35.20220116.3.0-openstack.x86_64'"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Enable magnum plugin in the last step
|
# Enable magnum plugin in the last step
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin magnum https://git.openstack.org/openstack/magnum"
|
export DEVSTACK_LOCAL_CONFIG+=$'\n'"enable_plugin magnum https://git.openstack.org/openstack/magnum"
|
||||||
|
|
||||||
|
@ -27,23 +27,8 @@ function create_test_data {
|
|||||||
# First we test Magnum's command line to see if we can stand up
|
# First we test Magnum's command line to see if we can stand up
|
||||||
# a cluster_template, cluster and a pod
|
# a cluster_template, cluster and a pod
|
||||||
|
|
||||||
coe=$1
|
|
||||||
special=$2
|
|
||||||
if [ "${coe}${special}" == 'k8s-ironic' ]; then
|
|
||||||
local bm_flavor_id=$(openstack flavor show baremetal -f value -c id)
|
|
||||||
die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor"
|
|
||||||
# NOTE(TheJulia): This issue was fixed in Feb 2018 as part of change
|
|
||||||
# Ifb9a49d4258a559cf2175d902e9424a3f98065c5. Commented out in Oct 2018.
|
|
||||||
# NOTE(yuanying): Workaround fix for ironic issue
|
|
||||||
# cf. https://bugs.launchpad.net/ironic/+bug/1596421
|
|
||||||
# echo "alter table ironic.nodes modify instance_info LONGTEXT;" | mysql -uroot -p${MYSQL_PASSWORD} ironic
|
|
||||||
# NOTE(yuanying): Ironic instances need to connect to Internet
|
|
||||||
openstack subnet set private-subnet --dns-nameserver 8.8.8.8
|
|
||||||
local container_format="ami"
|
|
||||||
else
|
|
||||||
local image_name="fedora-coreos"
|
local image_name="fedora-coreos"
|
||||||
local container_format="bare"
|
local container_format="bare"
|
||||||
fi
|
|
||||||
|
|
||||||
# if we have the MAGNUM_IMAGE_NAME setting, use it instead
|
# if we have the MAGNUM_IMAGE_NAME setting, use it instead
|
||||||
# of the default one. In combination with MAGNUM_GUEST_IMAGE_URL
|
# of the default one. In combination with MAGNUM_GUEST_IMAGE_URL
|
||||||
@ -161,10 +146,6 @@ echo "Running magnum functional test suite for $1"
|
|||||||
coe=$1
|
coe=$1
|
||||||
special=$2
|
special=$2
|
||||||
|
|
||||||
if [[ "-ironic" != "$special" ]]; then
|
|
||||||
add_flavor
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Get admin credentials
|
# Get admin credentials
|
||||||
pushd ../devstack
|
pushd ../devstack
|
||||||
source openrc admin admin
|
source openrc admin admin
|
||||||
@ -182,13 +163,6 @@ EXIT_CODE=$?
|
|||||||
echo_summary "Running keypair-delete"
|
echo_summary "Running keypair-delete"
|
||||||
openstack keypair delete default
|
openstack keypair delete default
|
||||||
|
|
||||||
if [[ "-ironic" != "$special" ]]; then
|
|
||||||
# Delete the flavor used in the functional test.
|
|
||||||
echo_summary "Running flavor-delete"
|
|
||||||
openstack flavor delete m1.magnum
|
|
||||||
openstack flavor delete s1.magnum
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Save functional testing log
|
# Save functional testing log
|
||||||
sudo cp $MAGNUM_DIR/functional-tests.log /opt/stack/logs/
|
sudo cp $MAGNUM_DIR/functional-tests.log /opt/stack/logs/
|
||||||
|
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import abc
|
import abc
|
||||||
from neutronclient.common import exceptions as n_exception
|
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
import six
|
import six
|
||||||
@ -26,8 +25,6 @@ from magnum.drivers.k8s_fedora_atomic_v1 import driver as k8sa_dr
|
|||||||
from magnum.drivers.k8s_fedora_atomic_v1 import template_def as k8sa_tdef
|
from magnum.drivers.k8s_fedora_atomic_v1 import template_def as k8sa_tdef
|
||||||
from magnum.drivers.k8s_fedora_coreos_v1 import driver as k8s_fcos_dr
|
from magnum.drivers.k8s_fedora_coreos_v1 import driver as k8s_fcos_dr
|
||||||
from magnum.drivers.k8s_fedora_coreos_v1 import template_def as k8s_fcos_tdef
|
from magnum.drivers.k8s_fedora_coreos_v1 import template_def as k8s_fcos_tdef
|
||||||
from magnum.drivers.k8s_fedora_ironic_v1 import driver as k8s_i_dr
|
|
||||||
from magnum.drivers.k8s_fedora_ironic_v1 import template_def as k8si_tdef
|
|
||||||
from magnum.tests import base
|
from magnum.tests import base
|
||||||
|
|
||||||
from requests import exceptions as req_exceptions
|
from requests import exceptions as req_exceptions
|
||||||
@ -62,17 +59,6 @@ class TemplateDefinitionTestCase(base.TestCase):
|
|||||||
self.assertIsInstance(definition,
|
self.assertIsInstance(definition,
|
||||||
k8sa_tdef.AtomicK8sTemplateDefinition)
|
k8sa_tdef.AtomicK8sTemplateDefinition)
|
||||||
|
|
||||||
@mock.patch('magnum.drivers.common.driver.Driver.get_driver')
|
|
||||||
def test_get_bm_fedora_kubernetes_ironic_definition(self, mock_driver):
|
|
||||||
mock_driver.return_value = k8s_i_dr.Driver()
|
|
||||||
cluster_driver = driver.Driver.get_driver('bm',
|
|
||||||
'fedora',
|
|
||||||
'kubernetes')
|
|
||||||
definition = cluster_driver.get_template_definition()
|
|
||||||
|
|
||||||
self.assertIsInstance(definition,
|
|
||||||
k8si_tdef.FedoraK8sIronicTemplateDefinition)
|
|
||||||
|
|
||||||
@mock.patch('magnum.drivers.common.driver.Driver.get_driver')
|
@mock.patch('magnum.drivers.common.driver.Driver.get_driver')
|
||||||
def test_get_vm_fcos_kubernetes_definition(self, mock_driver):
|
def test_get_vm_fcos_kubernetes_definition(self, mock_driver):
|
||||||
mock_driver.return_value = k8s_fcos_dr.Driver()
|
mock_driver.return_value = k8s_fcos_dr.Driver()
|
||||||
@ -1553,107 +1539,3 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||||||
|
|
||||||
self.assertEqual(extra_params["master_lb_allowed_cidrs"],
|
self.assertEqual(extra_params["master_lb_allowed_cidrs"],
|
||||||
"192.168.0.0/16,172.24.0.0/16")
|
"192.168.0.0/16,172.24.0.0/16")
|
||||||
|
|
||||||
|
|
||||||
class FedoraK8sIronicTemplateDefinitionTestCase(base.TestCase):
|
|
||||||
|
|
||||||
def get_definition(self):
|
|
||||||
return k8s_i_dr.Driver().get_template_definition()
|
|
||||||
|
|
||||||
def assert_neutron_find(self, mock_neutron_v20_find,
|
|
||||||
osc, cluster_template):
|
|
||||||
mock_neutron_v20_find.assert_called_once_with(
|
|
||||||
osc.neutron(),
|
|
||||||
'subnet',
|
|
||||||
cluster_template.fixed_subnet
|
|
||||||
)
|
|
||||||
|
|
||||||
def assert_raises_from_get_fixed_network_id(
|
|
||||||
self,
|
|
||||||
mock_neutron_v20_find,
|
|
||||||
exeption_from_neutron_client,
|
|
||||||
expected_exception_class
|
|
||||||
):
|
|
||||||
definition = self.get_definition()
|
|
||||||
osc = mock.MagicMock()
|
|
||||||
cluster_template = mock.MagicMock()
|
|
||||||
mock_neutron_v20_find.side_effect = exeption_from_neutron_client
|
|
||||||
|
|
||||||
self.assertRaises(
|
|
||||||
expected_exception_class,
|
|
||||||
definition.get_fixed_network_id,
|
|
||||||
osc,
|
|
||||||
cluster_template
|
|
||||||
)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
|
||||||
def test_get_fixed_network_id(self, mock_neutron_v20_find):
|
|
||||||
expected_network_id = 'expected_network_id'
|
|
||||||
|
|
||||||
osc = mock.MagicMock()
|
|
||||||
cluster_template = mock.MagicMock()
|
|
||||||
definition = self.get_definition()
|
|
||||||
mock_neutron_v20_find.return_value = {
|
|
||||||
'ip_version': 4,
|
|
||||||
'network_id': expected_network_id,
|
|
||||||
}
|
|
||||||
|
|
||||||
self.assertEqual(
|
|
||||||
expected_network_id,
|
|
||||||
definition.get_fixed_network_id(osc, cluster_template)
|
|
||||||
)
|
|
||||||
self.assert_neutron_find(mock_neutron_v20_find, osc, cluster_template)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
|
||||||
def test_get_fixed_network_id_with_invalid_ip_ver(self,
|
|
||||||
mock_neutron_v20_find):
|
|
||||||
osc = mock.MagicMock()
|
|
||||||
cluster_template = mock.MagicMock()
|
|
||||||
definition = self.get_definition()
|
|
||||||
mock_neutron_v20_find.return_value = {
|
|
||||||
'ip_version': 6,
|
|
||||||
'network_id': 'expected_network_id',
|
|
||||||
}
|
|
||||||
|
|
||||||
self.assertRaises(
|
|
||||||
exception.InvalidSubnet,
|
|
||||||
definition.get_fixed_network_id,
|
|
||||||
osc,
|
|
||||||
cluster_template
|
|
||||||
)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
|
||||||
def test_get_fixed_network_id_with_duplicated_name(self,
|
|
||||||
mock_neutron_v20_find):
|
|
||||||
ex = n_exception.NeutronClientNoUniqueMatch(
|
|
||||||
resource='subnet',
|
|
||||||
name='duplicated-name'
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assert_raises_from_get_fixed_network_id(
|
|
||||||
mock_neutron_v20_find,
|
|
||||||
ex,
|
|
||||||
exception.InvalidSubnet,
|
|
||||||
)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
|
||||||
def test_get_fixed_network_id_with_client_error(self,
|
|
||||||
mock_neutron_v20_find):
|
|
||||||
ex = n_exception.BadRequest()
|
|
||||||
|
|
||||||
self.assert_raises_from_get_fixed_network_id(
|
|
||||||
mock_neutron_v20_find,
|
|
||||||
ex,
|
|
||||||
exception.InvalidSubnet,
|
|
||||||
)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.v2_0.find_resource_by_name_or_id')
|
|
||||||
def test_get_fixed_network_id_with_server_error(self,
|
|
||||||
mock_neutron_v20_find):
|
|
||||||
ex = n_exception.ServiceUnavailable()
|
|
||||||
|
|
||||||
self.assert_raises_from_get_fixed_network_id(
|
|
||||||
mock_neutron_v20_find,
|
|
||||||
ex,
|
|
||||||
n_exception.ServiceUnavailable,
|
|
||||||
)
|
|
||||||
|
@ -49,16 +49,6 @@
|
|||||||
export DEVSTACK_SUBNODE_CONFIG+=$'\n'"disable_service tempest"
|
export DEVSTACK_SUBNODE_CONFIG+=$'\n'"disable_service tempest"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "{{ ironic }}" -eq 1 ] ; then
|
|
||||||
export PROJECTS="openstack/ironic $PROJECTS"
|
|
||||||
export PROJECTS="openstack/ironic-lib $PROJECTS"
|
|
||||||
export PROJECTS="openstack/ironic-python-agent $PROJECTS"
|
|
||||||
export PROJECTS="openstack/python-ironicclient $PROJECTS"
|
|
||||||
export PROJECTS="x/pyghmi $PROJECTS"
|
|
||||||
export PROJECTS="openstack/virtualbmc $PROJECTS"
|
|
||||||
export MAGNUM_GATE_SPECIAL="-ironic"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "{{ horizon }}" -eq 0 ] ; then
|
if [ "{{ horizon }}" -eq 0 ] ; then
|
||||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service horizon"
|
export DEVSTACK_LOCAL_CONFIG+=$'\n'"disable_service horizon"
|
||||||
else
|
else
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
``k8s_fedora_ironic_v1`` driver has been dropped.
|
@ -53,7 +53,6 @@ oslo.policy.policies =
|
|||||||
magnum.drivers =
|
magnum.drivers =
|
||||||
k8s_fedora_atomic_v1 = magnum.drivers.k8s_fedora_atomic_v1.driver:Driver
|
k8s_fedora_atomic_v1 = magnum.drivers.k8s_fedora_atomic_v1.driver:Driver
|
||||||
k8s_fedora_coreos_v1 = magnum.drivers.k8s_fedora_coreos_v1.driver:Driver
|
k8s_fedora_coreos_v1 = magnum.drivers.k8s_fedora_coreos_v1.driver:Driver
|
||||||
k8s_fedora_ironic_v1 = magnum.drivers.k8s_fedora_ironic_v1.driver:Driver
|
|
||||||
|
|
||||||
magnum.database.migration_backend =
|
magnum.database.migration_backend =
|
||||||
sqlalchemy = magnum.db.sqlalchemy.migration
|
sqlalchemy = magnum.db.sqlalchemy.migration
|
||||||
|
11
tox.ini
11
tox.ini
@ -37,17 +37,6 @@ commands =
|
|||||||
find . -type f -name "*.py[c|o]" -delete
|
find . -type f -name "*.py[c|o]" -delete
|
||||||
stestr run {posargs}
|
stestr run {posargs}
|
||||||
|
|
||||||
[testenv:functional-k8s-ironic]
|
|
||||||
sitepackages = True
|
|
||||||
setenv = {[testenv]setenv}
|
|
||||||
OS_TEST_PATH=./magnum/tests/functional/k8s_ironic
|
|
||||||
OS_TEST_TIMEOUT=7200
|
|
||||||
deps =
|
|
||||||
{[testenv]deps}
|
|
||||||
commands =
|
|
||||||
find . -type f -name "*.py[c|o]" -delete
|
|
||||||
stestr run {posargs}
|
|
||||||
|
|
||||||
[testenv:functional-k8s-coreos]
|
[testenv:functional-k8s-coreos]
|
||||||
sitepackages = True
|
sitepackages = True
|
||||||
setenv = {[testenv]setenv}
|
setenv = {[testenv]setenv}
|
||||||
|
Loading…
Reference in New Issue
Block a user