From e20fe150953b0cdc13a1e115ad9a4f47fbfbea7a Mon Sep 17 00:00:00 2001 From: Bart Wensley Date: Mon, 28 May 2018 13:32:23 -0500 Subject: [PATCH] Initial kubernetes config on controller Support the deployment of kubernetes on controller-0 through a new "--kubernetes" option on the config_controller command. This is just an early version of the code to allow other to build on it. Change-Id: I8514ca35606d5573de3f52b56551395618cca79b --- .../controllerconfig/configassistant.py | 7 +- .../controllerconfig/systemconfig.py | 4 + puppet-manifests/src/manifests/controller.pp | 1 + .../modules/platform/manifests/kubernetes.pp | 116 ++++++++++++++++++ sysinv/sysinv/sysinv/sysinv/puppet/base.py | 7 ++ .../sysinv/sysinv/sysinv/puppet/kubernetes.py | 28 +++++ sysinv/sysinv/sysinv/sysinv/puppet/puppet.py | 3 + 7 files changed, 164 insertions(+), 2 deletions(-) create mode 100644 puppet-manifests/src/modules/platform/manifests/kubernetes.pp create mode 100644 sysinv/sysinv/sysinv/sysinv/puppet/kubernetes.py diff --git a/controllerconfig/controllerconfig/controllerconfig/configassistant.py b/controllerconfig/controllerconfig/controllerconfig/configassistant.py index 104d29e70a..e527590494 100644 --- a/controllerconfig/controllerconfig/controllerconfig/configassistant.py +++ b/controllerconfig/controllerconfig/controllerconfig/configassistant.py @@ -300,7 +300,7 @@ def get_tboot_info(): class ConfigAssistant(): """Allow user to do the initial configuration.""" - def __init__(self, labmode=False, **kwargs): + def __init__(self, labmode=False, kubernetes=False, **kwargs): """Constructor The values assigned here are used as the defaults if the user does not @@ -308,6 +308,8 @@ class ConfigAssistant(): """ self.labmode = labmode + # Temporary flag to be removed once kubernetes installs are the default + self.kubernetes = kubernetes self.config_uuid = "install" @@ -3643,7 +3645,8 @@ class ConfigAssistant(): 'vswitch_type': str(self.vswitch_type), 'shared_services': str(self.shared_services), 'sdn_enabled': self.enable_sdn, - 'https_enabled': self.enable_https} + 'https_enabled': self.enable_https, + 'kubernetes_enabled': self.kubernetes} system_type = utils.get_system_type() diff --git a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py index 74bac759d1..27a4bacbba 100644 --- a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py +++ b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py @@ -414,6 +414,10 @@ def main(): do_provision = True elif sys.argv[arg] == "--allow-ssh": allow_ssh = True + elif sys.argv[arg] == "--kubernetes": + # This is a temporary flag for use during development. Once things + # are stable, we will remove it and make kubernetes the default. + options['kubernetes'] = True else: print "Invalid option. Use --help for more information." exit(1) diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp index 562aee4943..a66e5de68f 100644 --- a/puppet-manifests/src/manifests/controller.pp +++ b/puppet-manifests/src/manifests/controller.pp @@ -30,6 +30,7 @@ include ::platform::amqp::rabbitmq include ::platform::postgresql::server include ::platform::haproxy::server include ::platform::grub +include ::platform::kubernetes::master include ::platform::patching include ::platform::patching::api diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp new file mode 100644 index 0000000000..affe8cd614 --- /dev/null +++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp @@ -0,0 +1,116 @@ +class platform::kubernetes::params ( + $enabled = false, + $pod_network_cidr = undef, + $apiserver_advertise_address = undef, +) { } + +class platform::kubernetes::master::init + inherits ::platform::kubernetes::params { + + Class['::platform::kubernetes::master'] -> Class[$name] + + # This init only needs to be done once. Only controller-0 is supported for + # now... + if str2bool($::is_initial_config_primary) { + $resolv_conf = '/etc/resolv.conf' + + # Add a DNS server to allow access to kubernetes repo. This will no longer + # be required once we are using our own internal repo. + file_line { "${resolv_conf} nameserver 8.8.8.8": + path => $resolv_conf, + line => 'nameserver 8.8.8.8', + } -> + + # Configure the master node. May want to use a config file instead of + # command line parameters. + exec { "configure master node": + command => "kubeadm init --pod-network-cidr=$pod_network_cidr --apiserver-advertise-address=$apiserver_advertise_address", + logoutput => true, + } -> + + # Configure calico networking. This is just for prototyping - see the + # following for proper deployment: + # https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation + exec { "configure calico networking": + command => + "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml", + logoutput => true, + } -> + + # Remove the taint from the master node + exec { "remove taint from master node": + command => + "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-", + logoutput => true, + } + } +} + +class platform::kubernetes::master + inherits ::platform::kubernetes::params { + + if $enabled { + include ::platform::kubernetes::master::init + + $repo_file = "[kubernetes] + name=Kubernetes + baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" + $iptables_file = "net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1" + $kubeadm_conf = '/etc/systemd/system/kubelet.service.d/kubeadm.conf' + + # Configure the kubernetes repo to allow us to download docker images for + # the kubernetes components. This will disappear once we have our own + # repo. + file { '/etc/yum.repos.d/kubernetes.repo': + ensure => file, + content => "$repo_file", + owner => 'root', + group => 'root', + mode => '0644', + } -> + + # Update iptables config. This is required based on: + # https://kubernetes.io/docs/tasks/tools/install-kubeadm + # This probably belongs somewhere else - initscripts package? + file { '/etc/sysctl.d/k8s.conf': + ensure => file, + content => "$iptables_file", + owner => 'root', + group => 'root', + mode => '0644', + } -> + exec { "update kernel parameters for iptables": + command => "sysctl --system", + } -> + + # Start docker - will move to another manifest. + service { 'docker': + ensure => 'running', + enable => true, + } -> + + # Update kubelet configuration. Should probably just patch the kubelet + # package to fix these things. + file_line { "${kubeadm_conf} KUBELET_EXTRA_ARGS": + path => $kubeadm_conf, + line => 'Environment="KUBELET_EXTRA_ARGS=--cgroup-driver=cgroupfs"', + match => '^Environment="KUBELET_EXTRA_ARGS=', + } -> + file_line { "${kubeadm_conf} KUBELET_NETWORK_ARGS": + path => $kubeadm_conf, + line => 'Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"', + match => '^Environment="KUBELET_NETWORK_ARGS=', + } -> + + # Start kubelet. + service { 'kubelet': + ensure => 'running', + enable => true, + } + } +} diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/base.py b/sysinv/sysinv/sysinv/sysinv/puppet/base.py index b4b852824c..d78368a363 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/base.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/base.py @@ -72,6 +72,13 @@ class BasePuppet(object): system = self._get_system() return system.capabilities.get('sdn_enabled', False) + def _kubernetes_enabled(self): + if self.dbapi is None: + return False + + system = self._get_system() + return system.capabilities.get('kubernetes_enabled', False) + def _https_enabled(self): if self.dbapi is None: return False diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/kubernetes.py b/sysinv/sysinv/sysinv/sysinv/puppet/kubernetes.py new file mode 100644 index 0000000000..1f2f5f054c --- /dev/null +++ b/sysinv/sysinv/sysinv/sysinv/puppet/kubernetes.py @@ -0,0 +1,28 @@ +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.openstack.common import log as logging + +from . import base + +LOG = logging.getLogger(__name__) + + +class KubernetesPuppet(base.BasePuppet): + """Class to encapsulate puppet operations for kubernetes configuration""" + + def get_system_config(self): + config = {} + if self._kubernetes_enabled(): + config.update( + {'platform::kubernetes::params::enabled': True, + 'platform::kubernetes::params::pod_network_cidr': + '192.168.0.0/16', + 'platform::kubernetes::params::apiserver_advertise_address': + self._get_management_address(), + }) + + return config diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py b/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py index fe5a5deabc..9cd9236e84 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py @@ -47,6 +47,7 @@ from . import platform from . import storage from . import device from . import service_parameter +from . import kubernetes LOG = logging.getLogger(__name__) @@ -98,6 +99,7 @@ class PuppetOperator(object): self.sysinv = inventory.SystemInventoryPuppet(self) self.device = device.DevicePuppet(self) self.ironic = ironic.IronicPuppet(self) + self.kubernetes = kubernetes.KubernetesPuppet(self) self.service_parameter = service_parameter.ServiceParamPuppet(self) @property @@ -217,6 +219,7 @@ class PuppetOperator(object): config.update(self.panko.get_system_config()) config.update(self.dcmanager.get_system_config()) config.update(self.dcorch.get_system_config()) + config.update(self.kubernetes.get_system_config()) # service_parameter must be last to permit overrides config.update(self.service_parameter.get_system_config())