openstack/tripleo-heat-templates
Code Issues Proposed changes
93d1ce3a5d
tripleo-heat-templates/extraconfig/services/kubernetes-master.yaml
Alex Schultz fb0e8f62fc Convert dynamic lookups to use colon notation 
With the upgrade to puppet 5, we can no longer use dots in the hieradata
key lookups. This change updates the THT for firewall_rules,
haproxy_endpoints and haproxy_userlists to use the colon notation.

Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878
Related-Bug: #1803024
2018-11-12 21:21:49 -07:00

182 lines
7.2 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: Triggers a Mistral workflow for the deployment of Kubernetes
parameters:
RoleNetIpMap:
default: {}
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
KubesprayIgnoreAssertErrors:
default: false
description: Ignore kubespray pre-flight checks. Useful for deploying
on environments with swap enabled.
type: boolean
outputs:
role_data:
description: Role data for the Kubernetes Service
value:
service_name: kubernetes_master
config_settings:
tripleo::kubernetes_master::firewall_rules:
'200 kubernetes-master api':
dport: 6443
proto: tcp
'200 kubernetes-master etcd':
dport:
- 2379
- 2380
proto: tcp
'200 kubernetes-master flannel':
dport:
- 8285
- 8472
proto: udp
upgrade_tasks: []
step_config: ''
external_deploy_tasks:
# FIXME: remove this block when kubespray is packaged
- name: kubernetes_master step 2 kubespray repository
when: step|int == 2
block:
- name: check kubespray directory existence
stat:
path: /usr/share/kubespray
register: kubespray_stat
- set_fact:
kubespray_dir: >-
{%- if kubespray_stat.stat.exists -%}
/usr/share/kubespray
{%- elif ansible_user_id == 'mistral' -%}
/var/lib/mistral/kubespray
{%- else -%}
{{ ansible_user_dir }}/kubespray
{%- endif -%}
- name: check cloned kubespray directory existence
stat:
path: "{{ kubespray_dir }}"
register: kubespray_cloned_stat
when: not kubespray_stat.stat.exists
- name: download kubespray source
shell: |
set -eux
mkdir '{{ kubespray_dir }}'
cd '{{ kubespray_dir }}'
curl -Lo kubespray.tar.gz 'https://github.com/kubernetes-incubator/kubespray/archive/master.tar.gz'
tar --strip-components 1 -xzvf kubespray.tar.gz
# do not overwrite existing contents
when: not kubespray_stat.stat.exists and not kubespray_cloned_stat.stat.exists
- name: kubernetes_master step 2
when: step|int == 2
block:
- name: create kubespray temp dirs
file:
path: "{{item}}"
state: directory
with_items:
- "{{playbook_dir}}/kubespray"
- "{{playbook_dir}}/kubespray/artifacts"
- name: generate kubespray inventory
copy:
dest: "{{playbook_dir}}/kubespray/inventory.yml"
content: |
kube-master:
hosts:
{% for host in groups['kubernetes_master'] -%}
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
kube-node:
hosts:
{% for host in groups['kubernetes_worker'] -%}
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
etcd:
children:
kube-master: {}
k8s-cluster:
children:
kube-master: {}
kube-node: {}
- name: generate kubespray global vars
copy:
dest: "{{playbook_dir}}/kubespray/global_vars.yml"
content:
str_replace:
template: |
kubeconfig_localhost: true
artifacts_dir: '{{playbook_dir}}/kubespray/artifacts'
ignore_assert_errors: IGNORE_ASSERT_ERRORS
kubelet_fail_swap_on: KUBELET_FAIL_SWAP_ON
params:
IGNORE_ASSERT_ERRORS: {get_param: KubesprayIgnoreAssertErrors}
KUBELET_FAIL_SWAP_ON:
yaql:
expression: not $.data
data: {get_param: KubesprayIgnoreAssertErrors}
- name: generate kubespray playbook
copy:
dest: "{{playbook_dir}}/kubespray/playbook.yml"
content: |
- include: {{ kubespray_dir|default('/usr/share/kubespray') }}/cluster.yml
- name: set kubespray command
set_fact:
# NOTE: We could let kubespray configure docker
# (remove --skip-tags docker) and run it in step 1
# when this RFE is implemented:
# https://github.com/kubernetes-incubator/kubespray/issues/1836
kubespray_command: >-
{%- if kubespray_command is defined -%}
{{kubespray_command}}
{%- else -%}
ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook
-i '{{playbook_dir}}/kubespray/inventory.yml'
--skip-tags docker,bastion-ssh-config
--extra-vars '@{{playbook_dir}}/kubespray/global_vars.yml'
{% if ansible_ssh_private_key_file is defined %}--private-key '{{ansible_ssh_private_key_file}}'{% endif %}
'{{playbook_dir}}/kubespray/playbook.yml'
{%- endif -%}
- name: print kubespray command
debug:
var: kubespray_command
- name: run kubespray (immediate log at {{playbook_dir}}/kubespray/playbook.log)
shell: |
{{kubespray_command}} 2>&1 | tee {{playbook_dir}}/kubespray/playbook.log
exit ${PIPESTATUS[0]}
View Git Blame Copy Permalink