heat_template_version: 2013-05-23 description: > This is a nested stack that defines a single Kubernetes minion, This stack is included by an AutoScalingGroup resource in the parent template (kubecluster-jeos.yaml). parameters: server_image: type: string description: glance image used to boot the server minion_flavor: type: string default: m1.small description: flavor to use when booting the server ssh_key_name: type: string description: name of ssh key to be provisioned on our server default: lars external_network: type: string description: uuid/name of a network to use for floating ip addresses kube_allow_priv: type: string description: > whether or not kubernetes should permit privileged containers. default: "false" constraints: - allowed_values: ["true", "false"] docker_volume_size: type: number description: > size of a cinder volume to allocate to docker for container/image storage default: 25 tls_disabled: type: boolean description: whether or not to enable TLS default: False kubernetes_port: type: number description: > The port which are used by kube-apiserver to provide Kubernetes service. default: 6443 cluster_uuid: type: string description: identifier for the cluster this template is generating magnum_url: type: string description: endpoint to retrieve TLS certs from # The following are all generated in the parent template. kube_master_ip: type: string description: IP address of the Kubernetes master server. etcd_server_ip: type: string description: IP address of the Etcd server. fixed_network: type: string description: Network from which to allocate fixed addresses. fixed_subnet: type: string description: Subnet from which to allocate fixed addresses. network_driver: type: string description: network driver to use for instantiating container networks wait_condition_timeout: type: number description : > timeout for the Wait Conditions registry_enabled: type: boolean description: > Indicates whether the docker registry is enabled. default: false registry_port: type: number description: port of registry service default: 5000 registry_username: type: string description: username used by docker registry default: "username" registry_password: type: string description: password used by docker registry default: "password" registry_domain: type: string description: domain used by docker registry default: "domain" registry_trust_id: type: string description: trust_id used by docker registry default: "trust_id" registry_auth_url: type: string description: auth_url for keystone default: "auth_url" registry_region: type: string description: region of swift service default: "region" registry_container: type: string description: > name of swift container which docker registry stores images in default: "container" registry_insecure: type: boolean description: > indicates whether to skip TLS verification between registry and backend storage default: true registry_chunksize: type: number description: > size fo the data segments for the swift dynamic large objects default: 5242880 secgroup_kube_minion_id: type: string description: ID of the security group for kubernetes minion. kube_minion_id: type: string description: ID of for kubernetes minion. resources: minion_wait_handle: type: OS::Heat::WaitConditionHandle minion_wait_condition: type: OS::Heat::WaitCondition depends_on: kube-minion properties: handle: {get_resource: minion_wait_handle} timeout: {get_param: wait_condition_timeout} ###################################################################### # # software configs. these are components that are combined into # a multipart MIME user-data archive. # write_heat_params: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: str_replace: template: {get_file: fragments/write-heat-params.yaml} params: $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv} $KUBE_MASTER_IP: {get_param: kube_master_ip} $KUBE_API_PORT: {get_param: kubernetes_port} $ETCD_SERVER_IP: {get_param: etcd_server_ip} $DOCKER_VOLUME: {get_resource: docker_volume} $NETWORK_DRIVER: {get_param: network_driver} $REGISTRY_ENABLED: {get_param: registry_enabled} $REGISTRY_PORT: {get_param: registry_port} $REGISTRY_AUTH_URL: {get_param: registry_auth_url} $REGISTRY_REGION: {get_param: registry_region} $REGISTRY_USERNAME: {get_param: registry_username} $REGISTRY_PASSWORD: {get_param: registry_password} $REGISTRY_DOMAIN: {get_param: registry_domain} $REGISTRY_TRUST_ID: {get_param: registry_trust_id} $REGISTRY_CONTAINER: {get_param: registry_container} $REGISTRY_INSECURE: {get_param: registry_insecure} $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize} $TLS_DISABLED: {get_param: tls_disabled} $CLUSTER_UUID: {get_param: cluster_uuid} $MAGNUM_URL: {get_param: magnum_url} $NODE_FIXED_IP: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]} configure_flanneld: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: {get_file: fragments/configure-flanneld-minion.sh} configure_docker: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: {get_file: fragments/configure-docker.sh} create_kubernetes_user: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: {get_file: fragments/create-kubernetes-user.yaml} configure_kubernetes: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: {get_file: fragments/configure-kubernetes-minion.sh} minion_wc_notify: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: str_replace: template: | #!/bin/bash -v wc_notify --data-binary '{"status": "SUCCESS"}' params: wc_notify: {get_attr: [minion_wait_handle, curl_cli]} kube_minion_init: type: OS::Heat::MultipartMime properties: parts: - config: {get_resource: write_heat_params} - config: {get_resource: configure_flanneld} - config: {get_resource: configure_docker} - config: {get_resource: create_kubernetes_user} - config: {get_resource: configure_kubernetes} - config: {get_resource: minion_wc_notify} ###################################################################### # # a single kubernetes minion. # Important: the name for the heat resource kube-minion below must # not contain "_" (underscore) because it will be used in the # hostname. Because DNS domain name does not allow "_", the "_" # will be converted to a "-" and this will make the hostname different # from the Nova instance name. This in turn will break the load # balancer feature in Kubernetes. # kube-minion: type: OS::Nova::Server properties: name: {get_param: kube_minion_id} image: {get_param: server_image} flavor: {get_param: minion_flavor} key_name: {get_param: ssh_key_name} user_data_format: RAW user_data: {get_resource: kube_minion_init} networks: - port: {get_resource: kube_minion_eth0} kube_minion_eth0: type: OS::Neutron::Port properties: network: {get_param: fixed_network} security_groups: - get_param: secgroup_kube_minion_id fixed_ips: - subnet: {get_param: fixed_subnet} replacement_policy: AUTO kube_minion_floating: type: OS::Neutron::FloatingIP properties: floating_network: {get_param: external_network} port_id: {get_resource: kube_minion_eth0} ###################################################################### # # docker storage. This allocates a cinder volume and attaches it # to the minion. # docker_volume: type: OS::Cinder::Volume properties: size: {get_param: docker_volume_size} docker_volume_attach: type: OS::Cinder::VolumeAttachment properties: instance_uuid: {get_resource: kube-minion} volume_id: {get_resource: docker_volume} mountpoint: /dev/vdb outputs: kube_minion_ip: value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]} kube_minion_external_ip: value: {get_attr: [kube_minion_floating, floating_ip_address]} OS::stack_id: value: {get_param: "OS::stack_id"}