Container Infrastructure Management Service for OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

446 lines
13 KiB

heat_template_version: 2014-10-16
description: >
This template will boot a coreos cluster with one or more minions (as
specified by the number_of_minions parameter, which defaults to 1) and one
master node. Allowing multiple masters is a work in progress.
parameters:
ssh_key_name:
type: string
description: name of ssh key to be provisioned on the servers
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
default: public
server_image:
type: string
default: CoreOS
description: glance image used to boot the servers
master_flavor:
type: string
default: m1.small
description: flavor to use when booting the server for master node
minion_flavor:
type: string
default: m1.small
description: flavor to use when booting the servers for minions
discovery_url:
type: string
description: >
Discovery URL used for bootstrapping the etcd cluster.
dns_nameserver:
type: string
description: address of a dns nameserver reachable in your environment
default: 8.8.8.8
number_of_masters:
type: number
description: how many kubernetes masters to spawn
default: 1
number_of_minions:
type: number
description: how many kubernetes minions to spawn
default: 1
fixed_network_cidr:
type: string
description: network range for fixed ip network
default: 10.0.0.0/24
portal_network_cidr:
type: string
description: >
address range used by kubernetes for service portals
default: 10.254.0.0/16
flannel_network_cidr:
type: string
description: network range for flannel overlay network
default: 10.100.0.0/16
flannel_network_subnetlen:
type: number
description: size of subnet assigned to each minion
default: 24
flannel_backend:
type: string
description: >
specify the backend for flannel, default udp backend
default: "udp"
constraints:
- allowed_values: ["udp", "vxlan", "host-gw"]
kube_allow_priv:
type: string
description: >
whether or not kubernetes should permit privileged containers.
default: "true"
constraints:
- allowed_values: ["true", "false"]
minions_to_remove:
type: comma_delimited_list
description: >
List of minions to be removed when doing an update. Individual minion may
be referenced several ways: (1) The resource name (e.g. ['1', '3']),
(2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should
be empty when doing a create.
default: []
network_driver:
type: string
description: network driver to use for instantiating container networks
default: flannel
tls_disabled:
type: boolean
description: whether or not to disable TLS
default: False
loadbalancing_protocol:
type: string
description: >
The protocol which is used for load balancing. If you want to change
tls_disabled option to 'True', please change this to "HTTP".
default: TCP
constraints:
- allowed_values: ["TCP", "HTTP"]
kubernetes_port:
type: number
description: >
The port which are used by kube-apiserver to provide Kubernetes
service.
default: 6443
cluster_uuid:
type: string
description: identifier for the cluster this template is generating
magnum_url:
type: string
description: endpoint to retrieve TLS certs from
http_proxy:
type: string
description: http proxy address for docker
default: ""
https_proxy:
type: string
description: https proxy address for docker
default: ""
no_proxy:
type: string
description: no proxies for docker
default: ""
trustee_domain_id:
type: string
description: domain id of the trustee
default: ""
trustee_user_id:
type: string
description: user id of the trustee
default: ""
trustee_username:
type: string
description: username of the trustee
default: ""
trustee_password:
type: string
description: password of the trustee
default: ""
hidden: true
trust_id:
type: string
description: id of the trust which is used by the trustee
default: ""
hidden: true
auth_url:
type: string
description: url for keystone
kube_version:
type: string
description: version of kubernetes used for kubernetes cluster
default: v1.2.0
registry_enabled:
type: boolean
description: >
Indicates whether the docker registry is enabled.
default: false
registry_port:
type: number
description: port of registry service
default: 5000
wait_condition_timeout:
type: number
description: >
timeout for the Wait Conditions
default: 6000
resources:
######################################################################
#
# network resources. allocate a network and router for our server.
# Important: the Load Balancer feature in Kubernetes requires that
# the name for the fixed_network must be "private" for the
# address lookup in Kubernetes to work properly
#
fixed_network:
type: OS::Neutron::Net
properties:
name: private
fixed_subnet:
type: OS::Neutron::Subnet
properties:
cidr: {get_param: fixed_network_cidr}
network: {get_resource: fixed_network}
dns_nameservers:
- {get_param: dns_nameserver}
extrouter:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: {get_param: external_network}
extrouter_inside:
type: OS::Neutron::RouterInterface
properties:
router_id: {get_resource: extrouter}
subnet: {get_resource: fixed_subnet}
######################################################################
#
# load balancers.
#
api_loadbalancer:
type: Magnum::Optional::Neutron::LBaaS::LoadBalancer
properties:
vip_subnet: {get_resource: fixed_subnet}
api_listener:
type: Magnum::Optional::Neutron::LBaaS::Listener
properties:
loadbalancer: {get_resource: api_loadbalancer}
protocol: {get_param: loadbalancing_protocol}
protocol_port: {get_param: kubernetes_port}
api_pool:
type: Magnum::Optional::Neutron::LBaaS::Pool
properties:
lb_algorithm: ROUND_ROBIN
listener: {get_resource: api_listener}
protocol: {get_param: loadbalancing_protocol}
api_monitor:
type: Magnum::Optional::Neutron::LBaaS::HealthMonitor
properties:
type: TCP
delay: 5
max_retries: 5
timeout: 5
pool: { get_resource: api_pool }
api_pool_floating:
type: Magnum::Optional::Neutron::FloatingIP
depends_on:
- extrouter_inside
properties:
floating_network: {get_param: external_network}
port_id: {get_attr: [api_loadbalancer, vip_port_id]}
etcd_loadbalancer:
type: Magnum::Optional::Neutron::LBaaS::LoadBalancer
properties:
vip_subnet: {get_resource: fixed_subnet}
etcd_listener:
type: Magnum::Optional::Neutron::LBaaS::Listener
properties:
loadbalancer: {get_resource: etcd_loadbalancer}
protocol: HTTP
protocol_port: 2379
etcd_pool:
type: Magnum::Optional::Neutron::LBaaS::Pool
properties:
lb_algorithm: ROUND_ROBIN
listener: {get_resource: etcd_listener}
protocol: HTTP
etcd_monitor:
type: Magnum::Optional::Neutron::LBaaS::HealthMonitor
properties:
type: TCP
delay: 5
max_retries: 5
timeout: 5
pool: { get_resource: etcd_pool }
######################################################################
#
# resources that expose the IPs of either the kube master or a given
# LBaaS pool depending on whether LBaaS is enabled for the cluster.
#
api_address_switch:
type: Magnum::ApiGatewaySwitcher
properties:
pool_public_ip: {get_attr: [api_pool_floating, floating_ip_address]}
pool_private_ip: {get_attr: [api_loadbalancer, vip_address]}
master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]}
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
etcd_address_switch:
type: Magnum::ApiGatewaySwitcher
properties:
pool_private_ip: {get_attr: [etcd_loadbalancer, vip_address]}
master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
######################################################################
#
# kubernetes masters. This is a resource group that will create
# <number_of_masters> master.
#
kube_masters:
type: OS::Heat::ResourceGroup
depends_on:
- extrouter_inside
properties:
count: {get_param: number_of_masters}
resource_def:
type: kubemaster.yaml
properties:
api_public_address: {get_attr: [api_pool_floating, floating_ip_address]}
api_private_address: {get_attr: [api_loadbalancer, vip_address]}
ssh_key_name: {get_param: ssh_key_name}
server_image: {get_param: server_image}
master_flavor: {get_param: master_flavor}
external_network: {get_param: external_network}
kube_allow_priv: {get_param: kube_allow_priv}
flannel_network_cidr: {get_param: flannel_network_cidr}
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
flannel_backend: {get_param: flannel_backend}
portal_network_cidr: {get_param: portal_network_cidr}
fixed_network: {get_resource: fixed_network}
fixed_subnet: {get_resource: fixed_subnet}
discovery_url: {get_param: discovery_url}
network_driver: {get_param: network_driver}
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
http_proxy: {get_param: http_proxy}
https_proxy: {get_param: https_proxy}
no_proxy: {get_param: no_proxy}
kube_version: {get_param: kube_version}
wait_condition_timeout: {get_param: wait_condition_timeout}
cluster_uuid: {get_param: cluster_uuid}
api_pool_id: {get_resource: api_pool}
etcd_pool_id: {get_resource: etcd_pool}
magnum_url: {get_param: magnum_url}
trustee_user_id: {get_param: trustee_user_id}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
######################################################################
#
# kubernetes minions. This is a resource group that will initially
# create <number_of_minions> minions, and needs to be manually scaled.
#
kube_minions:
type: OS::Heat::ResourceGroup
depends_on:
- extrouter_inside
- kube_masters
properties:
count: {get_param: number_of_minions}
removal_policies: [{resource_list: {get_param: minions_to_remove}}]
resource_def:
type: kubeminion.yaml
properties:
ssh_key_name: {get_param: ssh_key_name}
server_image: {get_param: server_image}
minion_flavor: {get_param: minion_flavor}
fixed_network: {get_resource: fixed_network}
fixed_subnet: {get_resource: fixed_subnet}
flannel_network_cidr: {get_param: flannel_network_cidr}
kube_master_ip: {get_attr: [api_address_switch, private_ip]}
external_network: {get_param: external_network}
kube_allow_priv: {get_param: kube_allow_priv}
network_driver: {get_param: network_driver}
kubernetes_port: {get_param: kubernetes_port}
tls_disabled: {get_param: tls_disabled}
http_proxy: {get_param: http_proxy}
https_proxy: {get_param: https_proxy}
no_proxy: {get_param: no_proxy}
kube_version: {get_param: kube_version}
etcd_server_ip: {get_attr: [etcd_address_switch, private_ip]}
wait_condition_timeout: {get_param: wait_condition_timeout}
cluster_uuid: {get_param: cluster_uuid}
magnum_url: {get_param: magnum_url}
trustee_user_id: {get_param: trustee_user_id}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
outputs:
api_address:
value:
str_replace:
template: api_ip_address
params:
api_ip_address: {get_attr: [api_address_switch, public_ip]}
description: >
This is the API endpoint of the Kubernetes cluster. Use this to access
the Kubernetes API.
kube_masters_private:
value: {get_attr: [kube_masters, kube_master_ip]}
description: >
This is a list of the "private" IP addresses of all the Kubernetes masters.
kube_masters:
value: {get_attr: [kube_masters, kube_master_external_ip]}
description: >
This is a list of the "public" IP addresses of all the Kubernetes masters.
Use these IP addresses to log in to the Kubernetes masters via ssh or to access
the Kubernetes API.
kube_minions_private:
value: {get_attr: [kube_minions, kube_minion_ip]}
description: >
This is a list of the "private" IP addresses of all the Kubernetes minions.
kube_minions:
value: {get_attr: [kube_minions, kube_minion_external_ip]}
description: >
This is a list of the "public" IP addresses of all the Kubernetes minions.
Use these IP addresses to log in to the Kubernetes minions via ssh.