heat_template_version: 2013-05-23 description: > This template will boot a coreos cluster with one or more minions (as specified by the number_of_minions parameter, which defaults to 1) and one master node. Mutliple masters is work in progress. parameters: ssh_key_name: type: string description: name of ssh key to be provisioned on our server external_network: type: string description: uuid/name of a network to use for floating ip addresses default: public server_image: type: string default: CoreOS description: glance image used to boot the server master_flavor: type: string default: m1.small description: flavor to use when booting the server minion_flavor: type: string default: m1.small description: flavor to use when booting the server discovery_url: type: string description: > Discovery URL used for bootstrapping the etcd cluster. dns_nameserver: type: string description: address of a dns nameserver reachable in your environment default: 8.8.8.8 number_of_masters: type: number description: how many kubernetes masters to spawn default: 1 number_of_minions: type: number description: how many kubernetes minions to spawn default: 1 fixed_network_cidr: type: string description: network range for fixed ip network default: 10.0.0.0/24 portal_network_cidr: type: string description: > address range used by kubernetes for service portals default: 10.254.0.0/16 flannel_network_cidr: type: string description: network range for flannel overlay network default: 10.100.0.0/16 flannel_network_subnetlen: type: number description: size of subnet assigned to each minion default: 24 flannel_backend: type: string description: > specify the backend for flannel, default udp backend default: "udp" constraints: - allowed_values: ["udp", "vxlan", "host-gw"] kube_allow_priv: type: string description: > whether or not kubernetes should permit privileged containers. default: "true" constraints: - allowed_values: ["true", "false"] minions_to_remove: type: comma_delimited_list description: > List of minions to be removed when doing an update. Individual minion may be referenced several ways: (1) The resource name (e.g. ['1', '3']), (2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should be empty when doing a create. default: [] network_driver: type: string description: network driver to use for instantiating container networks default: flannel tls_disabled: type: boolean description: whether or not to disable TLS default: False loadbalancing_protocol: type: string description: > The protocol which is used for load balancing. If you want to change tls_disabled option to 'True', please change this to "HTTP". default: TCP constraints: - allowed_values: ["TCP", "HTTP"] kubernetes_port: type: number description: > The port which are used by kube-apiserver to provide Kubernetes service. default: 6443 bay_uuid: type: string description: identifier for the bay this template is generating magnum_url: type: string description: endpoint to retrieve TLS certs from trustee_domain_id: type: string description: domain id of the trustee default: "" trustee_user_id: type: string description: user id of the trustee default: "" trustee_username: type: string description: username of the trustee default: "" trustee_password: type: string description: password of the trustee default: "" hidden: true trust_id: type: string description: id of the trust which is used by the trustee default: "" hidden: true auth_url: type: string description: url for keystone kube_version: type: string description: version of kubernetes used for kubernetes cluster default: v1.2.0 registry_enabled: type: boolean description: > Indicates whether the docker registry is enabled. default: false registry_port: type: number description: port of registry service default: 5000 wait_condition_timeout: type: number description: > timeout for the Wait Conditions default: 6000 resources: ###################################################################### # # network resources. allocate a network and router for our server. # Important: the Load Balancer feature in Kubernetes requires that # the name for the fixed_network must be "private" for the # address lookup in Kubernetes to work properly # fixed_network: type: OS::Neutron::Net properties: name: private fixed_subnet: type: OS::Neutron::Subnet properties: cidr: {get_param: fixed_network_cidr} network: {get_resource: fixed_network} dns_nameservers: - {get_param: dns_nameserver} extrouter: type: OS::Neutron::Router properties: external_gateway_info: network: {get_param: external_network} extrouter_inside: type: OS::Neutron::RouterInterface properties: router_id: {get_resource: extrouter} subnet: {get_resource: fixed_subnet} ###################################################################### # # kubernetes masters. This is a resource group that will create # 1 master. # kube_master: type: OS::Heat::ResourceGroup depends_on: - extrouter_inside properties: count: 1 resource_def: type: kubemaster-coreos.yaml properties: ssh_key_name: {get_param: ssh_key_name} server_image: {get_param: server_image} master_flavor: {get_param: master_flavor} external_network: {get_param: external_network} kube_allow_priv: {get_param: kube_allow_priv} flannel_network_cidr: {get_param: flannel_network_cidr} flannel_network_subnetlen: {get_param: flannel_network_subnetlen} flannel_backend: {get_param: flannel_backend} portal_network_cidr: {get_param: portal_network_cidr} fixed_network: {get_resource: fixed_network} fixed_subnet: {get_resource: fixed_subnet} discovery_url: {get_param: discovery_url} network_driver: {get_param: network_driver} kubernetes_port: {get_param: kubernetes_port} tls_disabled: {get_param: tls_disabled} kube_version: {get_param: kube_version} wait_condition_timeout: {get_param: wait_condition_timeout} bay_uuid: {get_param: bay_uuid} magnum_url: {get_param: magnum_url} trustee_user_id: {get_param: trustee_user_id} trustee_password: {get_param: trustee_password} trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} ###################################################################### # # kubernetes minions. This is a resource group that will initially # create minions, and needs to be manually scaled. # kube_minions: type: OS::Heat::ResourceGroup depends_on: - extrouter_inside - kube_master properties: count: {get_param: number_of_minions} removal_policies: [{resource_list: {get_param: minions_to_remove}}] resource_def: type: kubeminion-coreos.yaml properties: ssh_key_name: {get_param: ssh_key_name} server_image: {get_param: server_image} minion_flavor: {get_param: minion_flavor} fixed_network: {get_resource: fixed_network} fixed_subnet: {get_resource: fixed_subnet} flannel_network_cidr: {get_param: flannel_network_cidr} kube_master_ip: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_ip]}]} external_network: {get_param: external_network} kube_allow_priv: {get_param: kube_allow_priv} network_driver: {get_param: network_driver} kubernetes_port: {get_param: kubernetes_port} tls_disabled: {get_param: tls_disabled} kube_version: {get_param: kube_version} etcd_server_ip: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_ip]}]} wait_condition_timeout: {get_param: wait_condition_timeout} bay_uuid: {get_param: bay_uuid} magnum_url: {get_param: magnum_url} trustee_user_id: {get_param: trustee_user_id} trustee_password: {get_param: trustee_password} trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} outputs: api_address: value: {"Fn::Select": [0, {get_attr: [kube_master, kube_master_external_ip]}]} description: > This is the API endpoint of the Kubernetes cluster. Use this to access the Kubernetes API. kube_masters_private: value: {get_attr: [kube_master, kube_master_ip]} description: > This is a list of the "private" IP addresses of all the Kubernetes masters. kube_masters: value: {get_attr: [kube_master, kube_master_external_ip]} description: > This is a list of the "public" IP addresses of all the Kubernetes masters. Use these IP addresses to log in to the Kubernetes masters via ssh or to access the Kubernetes API. kube_minions_private: value: {get_attr: [kube_minions, kube_minion_ip]} description: > This is a list of the "private" IP addresses of all the Kubernetes minions. kube_minions: value: {get_attr: [kube_minions, kube_minion_external_ip]} description: > This is a list of the "public" IP addresses of all the Kubernetes minions. Use these IP addresses to log in to the Kubernetes minions via ssh.