Container Infrastructure Management Service for OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

869 lines
27 KiB

  1. heat_template_version: queens
  2. description: >
  3. This is a nested stack that defines a single Kubernetes master, This stack is
  4. included by an ResourceGroup resource in the parent template
  5. (kubecluster.yaml).
  6. parameters:
  7. name:
  8. type: string
  9. description: server name
  10. server_image:
  11. type: string
  12. description: glance image used to boot the server
  13. master_flavor:
  14. type: string
  15. description: flavor to use when booting the server
  16. nodegroup_role:
  17. type: string
  18. description: the role of the nodegroup
  19. nodegroup_name:
  20. type: string
  21. description: the name of the nodegroup where the node belongs
  22. ssh_key_name:
  23. type: string
  24. description: name of ssh key to be provisioned on our server
  25. external_network:
  26. type: string
  27. description: uuid of a network to use for floating ip addresses
  28. portal_network_cidr:
  29. type: string
  30. description: >
  31. address range used by kubernetes for service portals
  32. kube_allow_priv:
  33. type: string
  34. description: >
  35. whether or not kubernetes should permit privileged containers.
  36. constraints:
  37. - allowed_values: ["true", "false"]
  38. boot_volume_size:
  39. type: number
  40. description: >
  41. size of the cinder boot volume for nodes root volume
  42. default: 0
  43. boot_volume_type:
  44. type: string
  45. description: >
  46. type of the cinder boot volume for nodes root volume
  47. etcd_volume_size:
  48. type: number
  49. description: >
  50. size of a cinder volume to allocate for etcd storage
  51. etcd_volume_type:
  52. type: string
  53. description: >
  54. type of a cinder volume to allocate for etcd storage
  55. docker_volume_size:
  56. type: number
  57. description: >
  58. size of a cinder volume to allocate to docker for container/image
  59. storage
  60. docker_volume_type:
  61. type: string
  62. description: >
  63. type of a cinder volume to allocate to docker for container/image
  64. storage
  65. docker_storage_driver:
  66. type: string
  67. description: docker storage driver name
  68. default: "devicemapper"
  69. cgroup_driver:
  70. type: string
  71. description: >
  72. cgroup driver name that kubelet should use, ideally the same as
  73. the docker cgroup driver.
  74. default: "cgroupfs"
  75. volume_driver:
  76. type: string
  77. description: volume driver to use for container storage
  78. region_name:
  79. type: string
  80. description: A logically separate section of the cluster
  81. flannel_network_cidr:
  82. type: string
  83. description: network range for flannel overlay network
  84. flannel_network_subnetlen:
  85. type: number
  86. description: size of subnet assigned to each master
  87. flannel_backend:
  88. type: string
  89. description: >
  90. specify the backend for flannel, default udp backend
  91. constraints:
  92. - allowed_values: ["udp", "vxlan", "host-gw"]
  93. system_pods_initial_delay:
  94. type: number
  95. description: >
  96. health check, time to wait for system pods (podmaster, scheduler) to boot
  97. (in seconds)
  98. default: 30
  99. system_pods_timeout:
  100. type: number
  101. description: >
  102. health check, timeout for system pods (podmaster, scheduler) to answer.
  103. (in seconds)
  104. default: 5
  105. admission_control_list:
  106. type: string
  107. description: >
  108. List of admission control plugins to activate
  109. discovery_url:
  110. type: string
  111. description: >
  112. Discovery URL used for bootstrapping the etcd cluster.
  113. tls_disabled:
  114. type: boolean
  115. description: whether or not to enable TLS
  116. traefik_ingress_controller_tag:
  117. type: string
  118. description: tag of the traefik containers to be used.
  119. kube_dashboard_enabled:
  120. type: boolean
  121. description: whether or not to disable kubernetes dashboard
  122. influx_grafana_dashboard_enabled:
  123. type: boolean
  124. description: Enable influxdb with grafana dashboard for data from heapster
  125. verify_ca:
  126. type: boolean
  127. description: whether or not to validate certificate authority
  128. kubernetes_port:
  129. type: number
  130. description: >
  131. The port which are used by kube-apiserver to provide Kubernetes
  132. service.
  133. cluster_uuid:
  134. type: string
  135. description: identifier for the cluster this template is generating
  136. magnum_url:
  137. type: string
  138. description: endpoint to retrieve TLS certs from
  139. prometheus_monitoring:
  140. type: boolean
  141. description: >
  142. whether or not to have prometheus and grafana deployed
  143. grafana_admin_passwd:
  144. type: string
  145. hidden: true
  146. description: >
  147. admin user password for the Grafana monitoring interface
  148. api_public_address:
  149. type: string
  150. description: Public IP address of the Kubernetes master server.
  151. default: ""
  152. api_private_address:
  153. type: string
  154. description: Private IP address of the Kubernetes master server.
  155. default: ""
  156. fixed_network:
  157. type: string
  158. description: Network from which to allocate fixed addresses.
  159. fixed_network_name:
  160. type: string
  161. description: Network from which to allocate fixed addresses.
  162. fixed_subnet:
  163. type: string
  164. description: Subnet from which to allocate fixed addresses.
  165. network_driver:
  166. type: string
  167. description: network driver to use for instantiating container networks
  168. secgroup_kube_master_id:
  169. type: string
  170. description: ID of the security group for kubernetes master.
  171. api_pool_id:
  172. type: string
  173. description: ID of the load balancer pool of k8s API server.
  174. etcd_pool_id:
  175. type: string
  176. description: ID of the load balancer pool of etcd server.
  177. auth_url:
  178. type: string
  179. description: >
  180. url for kubernetes to authenticate
  181. username:
  182. type: string
  183. description: >
  184. user account
  185. password:
  186. type: string
  187. description: >
  188. user password
  189. http_proxy:
  190. type: string
  191. description: http proxy address for docker
  192. https_proxy:
  193. type: string
  194. description: https proxy address for docker
  195. no_proxy:
  196. type: string
  197. description: no proxies for docker
  198. kube_tag:
  199. type: string
  200. description: tag of the k8s containers used to provision the kubernetes cluster
  201. cloud_provider_tag:
  202. type: string
  203. description:
  204. tag of the kubernetes/cloud-provider-openstack
  205. https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags/
  206. cloud_provider_enabled:
  207. type: boolean
  208. description: Enable or disable the openstack kubernetes cloud provider
  209. etcd_tag:
  210. type: string
  211. description: tag of the etcd system container
  212. coredns_tag:
  213. type: string
  214. description: tag of the coredns container
  215. flannel_tag:
  216. type: string
  217. description: tag of the flannel system containers
  218. flannel_cni_tag:
  219. type: string
  220. description: tag of the flannel cni container
  221. kube_version:
  222. type: string
  223. description: version of kubernetes used for kubernetes cluster
  224. kube_dashboard_version:
  225. type: string
  226. description: version of kubernetes dashboard used for kubernetes cluster
  227. trustee_user_id:
  228. type: string
  229. description: user id of the trustee
  230. trustee_password:
  231. type: string
  232. description: password of the trustee
  233. hidden: true
  234. trust_id:
  235. type: string
  236. description: id of the trust which is used by the trustee
  237. hidden: true
  238. insecure_registry_url:
  239. type: string
  240. description: insecure registry url
  241. container_infra_prefix:
  242. type: string
  243. description: >
  244. prefix of container images used in the cluster, kubernetes components,
  245. kubernetes-dashboard, coredns etc
  246. etcd_lb_vip:
  247. type: string
  248. description: >
  249. etcd lb vip private used to generate certs on master.
  250. default: ""
  251. dns_service_ip:
  252. type: string
  253. description: >
  254. address used by Kubernetes DNS service
  255. dns_cluster_domain:
  256. type: string
  257. description: >
  258. domain name for cluster DNS
  259. openstack_ca:
  260. type: string
  261. description: The OpenStack CA certificate to install on the node.
  262. nodes_server_group_id:
  263. type: string
  264. description: ID of the server group for kubernetes cluster nodes.
  265. availability_zone:
  266. type: string
  267. description: >
  268. availability zone for master and nodes
  269. default: ""
  270. ca_key:
  271. type: string
  272. description: key of internal ca for the kube certificate api manager
  273. hidden: true
  274. cert_manager_api:
  275. type: boolean
  276. description: true if the kubernetes cert api manager should be enabled
  277. default: false
  278. calico_tag:
  279. type: string
  280. description: tag of the calico containers used to provision the calico node
  281. calico_kube_controllers_tag:
  282. type: string
  283. description: tag of the kube_controllers used to provision the calico node
  284. calico_ipv4pool:
  285. type: string
  286. description: Configure the IP pool from which Pod IPs will be chosen
  287. pods_network_cidr:
  288. type: string
  289. description: Configure the IP pool/range from which pod IPs will be chosen
  290. ingress_controller:
  291. type: string
  292. description: >
  293. ingress controller backend to use
  294. ingress_controller_role:
  295. type: string
  296. description: >
  297. node role where the ingress controller should run
  298. octavia_ingress_controller_tag:
  299. type: string
  300. description: Octavia ingress controller docker image tag.
  301. kubelet_options:
  302. type: string
  303. description: >
  304. additional options to be passed to the kubelet
  305. kubeapi_options:
  306. type: string
  307. description: >
  308. additional options to be passed to the api
  309. kubecontroller_options:
  310. type: string
  311. description: >
  312. additional options to be passed to the controller manager
  313. kubeproxy_options:
  314. type: string
  315. description: >
  316. additional options to be passed to the kube proxy
  317. kubescheduler_options:
  318. type: string
  319. description: >
  320. additional options to be passed to the scheduler
  321. octavia_enabled:
  322. type: boolean
  323. description: >
  324. whether or not to use Octavia for LoadBalancer type service.
  325. default: False
  326. kube_service_account_key:
  327. type: string
  328. hidden: true
  329. description: >
  330. The signed cert will be used to verify the k8s service account tokens
  331. during authentication.
  332. kube_service_account_private_key:
  333. type: string
  334. hidden: true
  335. description: >
  336. The private key will be used to sign generated k8s service account
  337. tokens.
  338. prometheus_tag:
  339. type: string
  340. description: tag of prometheus container
  341. grafana_tag:
  342. type: string
  343. description: tag of grafana container
  344. heat_container_agent_tag:
  345. type: string
  346. description: tag of the heat_container_agent system container
  347. keystone_auth_enabled:
  348. type: boolean
  349. description: >
  350. true if the keystone authN and authZ should be enabled
  351. default:
  352. false
  353. k8s_keystone_auth_tag:
  354. type: string
  355. description: tag of the k8s_keystone_auth container
  356. monitoring_enabled:
  357. type: boolean
  358. description: Enable or disable prometheus-operator monitoring solution.
  359. default: false
  360. prometheus_operator_chart_tag:
  361. type: string
  362. description: The stable/prometheus-operator chart version to use.
  363. default: 5.12.3
  364. project_id:
  365. type: string
  366. description: >
  367. project id of current project
  368. tiller_enabled:
  369. type: string
  370. description: Whether to enable tiller or not
  371. tiller_tag:
  372. type: string
  373. description: tag of tiller container
  374. tiller_namespace:
  375. type: string
  376. description: namespace where tiller will be installed
  377. auto_healing_enabled:
  378. type: boolean
  379. description: >
  380. true if the auto healing feature should be enabled
  381. auto_healing_controller:
  382. type: string
  383. description: >
  384. The service to be deployed for auto-healing.
  385. default: "draino"
  386. magnum_auto_healer_tag:
  387. type: string
  388. description: tag of the magnum-auto-healer service.
  389. default: "v1.15.0"
  390. auto_scaling_enabled:
  391. type: boolean
  392. description: >
  393. true if the auto scaling feature should be enabled
  394. node_problem_detector_tag:
  395. type: string
  396. description: tag of the node problem detector container
  397. nginx_ingress_controller_tag:
  398. type: string
  399. description: nginx ingress controller docker image tag
  400. draino_tag:
  401. type: string
  402. description: tag of the draino container
  403. autoscaler_tag:
  404. type: string
  405. description: tag of the autoscaler container
  406. min_node_count:
  407. type: number
  408. description: >
  409. minimum node count of cluster workers when doing scale down
  410. max_node_count:
  411. type: number
  412. description: >
  413. maximum node count of cluster workers when doing scale up
  414. npd_enabled:
  415. type: boolean
  416. description: >
  417. true if the npd service should be launched
  418. default:
  419. true
  420. conditions:
  421. image_based: {equals: [{get_param: boot_volume_size}, 0]}
  422. volume_based:
  423. not:
  424. equals:
  425. - get_param: boot_volume_size
  426. - 0
  427. resources:
  428. ######################################################################
  429. #
  430. # resource that exposes the IPs of either the kube master or the API
  431. # LBaaS pool depending on whether LBaaS is enabled for the cluster.
  432. #
  433. api_address_switch:
  434. type: Magnum::ApiGatewaySwitcher
  435. properties:
  436. pool_public_ip: {get_param: api_public_address}
  437. pool_private_ip: {get_param: api_private_address}
  438. master_public_ip: {get_attr: [kube_master_floating, floating_ip_address]}
  439. master_private_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
  440. ######################################################################
  441. #
  442. # software configs. these are components that are combined into
  443. # a multipart MIME user-data archive.
  444. #
  445. agent_config:
  446. type: OS::Heat::SoftwareConfig
  447. properties:
  448. group: ungrouped
  449. config:
  450. list_join:
  451. - "\n"
  452. -
  453. - str_replace:
  454. template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
  455. params:
  456. $OPENSTACK_CA: {get_param: openstack_ca}
  457. - str_replace:
  458. template: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh}
  459. params:
  460. $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
  461. $HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
  462. - get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh
  463. master_config:
  464. type: OS::Heat::SoftwareConfig
  465. properties:
  466. group: script
  467. config:
  468. list_join:
  469. - "\n"
  470. -
  471. - str_replace:
  472. template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params-master.sh}
  473. params:
  474. "$INSTANCE_NAME": {get_param: name}
  475. "$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring}
  476. "$KUBE_API_PUBLIC_ADDRESS": {get_attr: [api_address_switch, public_ip]}
  477. "$KUBE_API_PRIVATE_ADDRESS": {get_attr: [api_address_switch, private_ip]}
  478. "$KUBE_API_PORT": {get_param: kubernetes_port}
  479. "$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_master_floating, floating_ip_address]}
  480. "$KUBE_NODE_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
  481. "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
  482. "$ETCD_VOLUME": {get_resource: etcd_volume}
  483. "$ETCD_VOLUME_SIZE": {get_param: etcd_volume_size}
  484. "$DOCKER_VOLUME": {get_resource: docker_volume}
  485. "$DOCKER_VOLUME_SIZE": {get_param: docker_volume_size}
  486. "$DOCKER_STORAGE_DRIVER": {get_param: docker_storage_driver}
  487. "$CGROUP_DRIVER": {get_param: cgroup_driver}
  488. "$NETWORK_DRIVER": {get_param: network_driver}
  489. "$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
  490. "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
  491. "$FLANNEL_BACKEND": {get_param: flannel_backend}
  492. "$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay}
  493. "$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout}
  494. "$PODS_NETWORK_CIDR": {get_param: pods_network_cidr}
  495. "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
  496. "$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
  497. "$ETCD_DISCOVERY_URL": {get_param: discovery_url}
  498. "$AUTH_URL": {get_param: auth_url}
  499. "$USERNAME": {get_param: username}
  500. "$PASSWORD": {get_param: password}
  501. "$CLUSTER_NETWORK": {get_param: fixed_network}
  502. "$CLUSTER_NETWORK_NAME": {get_param: fixed_network_name}
  503. "$CLUSTER_SUBNET": {get_param: fixed_subnet}
  504. "$TLS_DISABLED": {get_param: tls_disabled}
  505. "$TRAEFIK_INGRESS_CONTROLLER_TAG": {get_param: traefik_ingress_controller_tag}
  506. "$KUBE_DASHBOARD_ENABLED": {get_param: kube_dashboard_enabled}
  507. "$INFLUX_GRAFANA_DASHBOARD_ENABLED": {get_param: influx_grafana_dashboard_enabled}
  508. "$VERIFY_CA": {get_param: verify_ca}
  509. "$CLUSTER_UUID": {get_param: cluster_uuid}
  510. "$MAGNUM_URL": {get_param: magnum_url}
  511. "$VOLUME_DRIVER": {get_param: volume_driver}
  512. "$REGION_NAME": {get_param: region_name}
  513. "$HTTP_PROXY": {get_param: http_proxy}
  514. "$HTTPS_PROXY": {get_param: https_proxy}
  515. "$NO_PROXY": {get_param: no_proxy}
  516. "$KUBE_TAG": {get_param: kube_tag}
  517. "$CLOUD_PROVIDER_TAG": {get_param: cloud_provider_tag}
  518. "$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
  519. "$ETCD_TAG": {get_param: etcd_tag}
  520. "$COREDNS_TAG": {get_param: coredns_tag}
  521. "$FLANNEL_TAG": {get_param: flannel_tag}
  522. "$FLANNEL_CNI_TAG": {get_param: flannel_cni_tag}
  523. "$KUBE_VERSION": {get_param: kube_version}
  524. "$KUBE_DASHBOARD_VERSION": {get_param: kube_dashboard_version}
  525. "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
  526. "$TRUSTEE_PASSWORD": {get_param: trustee_password}
  527. "$TRUST_ID": {get_param: trust_id}
  528. "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
  529. "$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
  530. "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
  531. "$DNS_SERVICE_IP": {get_param: dns_service_ip}
  532. "$DNS_CLUSTER_DOMAIN": {get_param: dns_cluster_domain}
  533. "$CERT_MANAGER_API": {get_param: cert_manager_api}
  534. "$CA_KEY": {get_param: ca_key}
  535. "$CALICO_TAG": {get_param: calico_tag}
  536. "$CALICO_KUBE_CONTROLLERS_TAG": {get_param: calico_kube_controllers_tag}
  537. "$CALICO_IPV4POOL": {get_param: calico_ipv4pool}
  538. "$INGRESS_CONTROLLER": {get_param: ingress_controller}
  539. "$INGRESS_CONTROLLER_ROLE": {get_param: ingress_controller_role}
  540. "$OCTAVIA_INGRESS_CONTROLLER_TAG": {get_param: octavia_ingress_controller_tag}
  541. "$KUBELET_OPTIONS": {get_param: kubelet_options}
  542. "$KUBEAPI_OPTIONS": {get_param: kubeapi_options}
  543. "$KUBECONTROLLER_OPTIONS": {get_param: kubecontroller_options}
  544. "$KUBEPROXY_OPTIONS": {get_param: kubeproxy_options}
  545. "$KUBESCHEDULER_OPTIONS": {get_param: kubescheduler_options}
  546. "$OCTAVIA_ENABLED": {get_param: octavia_enabled}
  547. "$KUBE_SERVICE_ACCOUNT_KEY": {get_param: kube_service_account_key}
  548. "$KUBE_SERVICE_ACCOUNT_PRIVATE_KEY": {get_param: kube_service_account_private_key}
  549. "$PROMETHEUS_TAG": {get_param: prometheus_tag}
  550. "$GRAFANA_TAG": {get_param: grafana_tag}
  551. "$HEAT_CONTAINER_AGENT_TAG": {get_param: heat_container_agent_tag}
  552. "$KEYSTONE_AUTH_ENABLED": {get_param: keystone_auth_enabled}
  553. "$K8S_KEYSTONE_AUTH_TAG": {get_param: k8s_keystone_auth_tag}
  554. "$MONITORING_ENABLED": {get_param: monitoring_enabled}
  555. "$PROMETHEUS_OPERATOR_CHART_TAG": {get_param: prometheus_operator_chart_tag}
  556. "$PROJECT_ID": {get_param: project_id}
  557. "$EXTERNAL_NETWORK_ID": {get_param: external_network}
  558. "$TILLER_ENABLED": {get_param: tiller_enabled}
  559. "$TILLER_TAG": {get_param: tiller_tag}
  560. "$TILLER_NAMESPACE": {get_param: tiller_namespace}
  561. "$NODE_PROBLEM_DETECTOR_TAG": {get_param: node_problem_detector_tag}
  562. "$NGINX_INGRESS_CONTROLLER_TAG": {get_param: nginx_ingress_controller_tag}
  563. "$AUTO_HEALING_ENABLED": {get_param: auto_healing_enabled}
  564. "$AUTO_HEALING_CONTROLLER": {get_param: auto_healing_controller}
  565. "$MAGNUM_AUTO_HEALER_TAG": {get_param: magnum_auto_healer_tag}
  566. "$AUTO_SCALING_ENABLED": {get_param: auto_scaling_enabled}
  567. "$DRAINO_TAG": {get_param: draino_tag}
  568. "$AUTOSCALER_TAG": {get_param: autoscaler_tag}
  569. "$MIN_NODE_COUNT": {get_param: min_node_count}
  570. "$MAX_NODE_COUNT": {get_param: max_node_count}
  571. "$NPD_ENABLED": {get_param: npd_enabled}
  572. "$NODEGROUP_ROLE": {get_param: nodegroup_role}
  573. "$NODEGROUP_NAME": {get_param: nodegroup_name}
  574. - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
  575. - get_file: ../../common/templates/kubernetes/fragments/configure-etcd.sh
  576. - get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh
  577. - get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-master.sh
  578. - str_replace:
  579. template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
  580. params:
  581. $configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
  582. - get_file: ../../common/templates/kubernetes/fragments/enable-services-master.sh
  583. - get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh
  584. master_config_deployment:
  585. type: OS::Heat::SoftwareDeployment
  586. properties:
  587. signal_transport: HEAT_SIGNAL
  588. config: {get_resource: master_config}
  589. server: {if: ["volume_based", {get_resource: kube-master-bfv}, {get_resource: kube-master}]}
  590. actions: ['CREATE']
  591. ######################################################################
  592. #
  593. # a single kubernetes master.
  594. #
  595. kube_node_volume:
  596. type: OS::Cinder::Volume
  597. condition: volume_based
  598. properties:
  599. image: {get_param: server_image}
  600. size: {get_param: boot_volume_size}
  601. volume_type: {get_param: boot_volume_type}
  602. # do NOT use "_" (underscore) in the Nova server name
  603. # it creates a mismatch between the generated Nova name and its hostname
  604. # which can lead to weird problems
  605. kube-master:
  606. type: OS::Nova::Server
  607. condition: image_based
  608. properties:
  609. name: {get_param: name}
  610. image: {get_param: server_image}
  611. flavor: {get_param: master_flavor}
  612. key_name: {get_param: ssh_key_name}
  613. user_data_format: SOFTWARE_CONFIG
  614. software_config_transport: POLL_SERVER_HEAT
  615. user_data: {get_resource: agent_config}
  616. networks:
  617. - port: {get_resource: kube_master_eth0}
  618. scheduler_hints: { group: { get_param: nodes_server_group_id }}
  619. availability_zone: {get_param: availability_zone}
  620. kube-master-bfv:
  621. type: OS::Nova::Server
  622. condition: volume_based
  623. properties:
  624. name: {get_param: name}
  625. flavor: {get_param: master_flavor}
  626. key_name: {get_param: ssh_key_name}
  627. user_data_format: SOFTWARE_CONFIG
  628. software_config_transport: POLL_SERVER_HEAT
  629. user_data: {get_resource: agent_config}
  630. networks:
  631. - port: {get_resource: kube_master_eth0}
  632. scheduler_hints: { group: { get_param: nodes_server_group_id }}
  633. availability_zone: {get_param: availability_zone}
  634. block_device_mapping_v2:
  635. - boot_index: 0
  636. volume_id: {get_resource: kube_node_volume}
  637. delete_on_termination: true
  638. kube_master_eth0:
  639. type: OS::Neutron::Port
  640. properties:
  641. network: {get_param: fixed_network}
  642. security_groups:
  643. - {get_param: secgroup_kube_master_id}
  644. fixed_ips:
  645. - subnet: {get_param: fixed_subnet}
  646. allowed_address_pairs:
  647. - ip_address: {get_param: pods_network_cidr}
  648. replacement_policy: AUTO
  649. kube_master_floating:
  650. type: Magnum::Optional::KubeMaster::Neutron::FloatingIP
  651. properties:
  652. floating_network: {get_param: external_network}
  653. port_id: {get_resource: kube_master_eth0}
  654. depends_on: kube-master
  655. api_pool_member:
  656. type: Magnum::Optional::Neutron::LBaaS::PoolMember
  657. properties:
  658. pool: {get_param: api_pool_id}
  659. address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
  660. subnet: { get_param: fixed_subnet }
  661. protocol_port: {get_param: kubernetes_port}
  662. etcd_pool_member:
  663. type: Magnum::Optional::Neutron::LBaaS::PoolMember
  664. properties:
  665. pool: {get_param: etcd_pool_id}
  666. address: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
  667. subnet: { get_param: fixed_subnet }
  668. protocol_port: 2379
  669. ######################################################################
  670. #
  671. # etcd storage. This allocates a cinder volume and attaches it
  672. # to the master.
  673. #
  674. etcd_volume:
  675. type: Magnum::Optional::Etcd::Volume
  676. properties:
  677. size: {get_param: etcd_volume_size}
  678. volume_type: {get_param: etcd_volume_type}
  679. etcd_volume_attach:
  680. type: Magnum::Optional::Etcd::VolumeAttachment
  681. properties:
  682. instance_uuid: {if: ["volume_based", {get_resource: kube-master-bfv}, {get_resource: kube-master}]}
  683. volume_id: {get_resource: etcd_volume}
  684. mountpoint: /dev/vdc
  685. ######################################################################
  686. #
  687. # docker storage. This allocates a cinder volume and attaches it
  688. # to the minion.
  689. #
  690. docker_volume:
  691. type: Magnum::Optional::Cinder::Volume
  692. properties:
  693. size: {get_param: docker_volume_size}
  694. volume_type: {get_param: docker_volume_type}
  695. docker_volume_attach:
  696. type: Magnum::Optional::Cinder::VolumeAttachment
  697. properties:
  698. instance_uuid: {if: ["volume_based", {get_resource: kube-master-bfv}, {get_resource: kube-master}]}
  699. volume_id: {get_resource: docker_volume}
  700. mountpoint: /dev/vdb
  701. upgrade_kubernetes:
  702. type: OS::Heat::SoftwareConfig
  703. properties:
  704. group: script
  705. inputs:
  706. - name: kube_tag_input
  707. config:
  708. get_file: ../../common/templates/kubernetes/fragments/upgrade-kubernetes.sh
  709. upgrade_kubernetes_deployment:
  710. type: OS::Heat::SoftwareDeployment
  711. properties:
  712. signal_transport: HEAT_SIGNAL
  713. config: {get_resource: upgrade_kubernetes}
  714. server: {if: ["volume_based", {get_resource: kube-master-bfv}, {get_resource: kube-master}]}
  715. actions: ['UPDATE']
  716. input_values:
  717. kube_tag_input: {get_param: kube_tag}
  718. outputs:
  719. OS::stack_id:
  720. value: {if: ["volume_based", {get_resource: kube-master-bfv}, {get_resource: kube-master}]}
  721. kube_master_ip:
  722. value: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
  723. description: >
  724. This is the "private" IP address of the Kubernetes master node.
  725. kube_master_external_ip:
  726. value: {get_attr: [kube_master_floating, floating_ip_address]}
  727. description: >
  728. This is the "public" IP address of the Kubernetes master node.