164 lines
5.4 KiB
Puppet
164 lines
5.4 KiB
Puppet
class platform::kubernetes::params (
|
|
$enabled = false,
|
|
$pod_network_cidr = undef,
|
|
$apiserver_advertise_address = undef,
|
|
$etcd_endpoint = undef,
|
|
) { }
|
|
|
|
class platform::kubernetes::kubeadm {
|
|
$repo_file = "[kubernetes]
|
|
name=Kubernetes
|
|
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
|
|
enabled=1
|
|
gpgcheck=1
|
|
repo_gpgcheck=1
|
|
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg"
|
|
$iptables_file = "net.bridge.bridge-nf-call-ip6tables = 1
|
|
net.bridge.bridge-nf-call-iptables = 1"
|
|
$kubeadm_conf = '/etc/systemd/system/kubelet.service.d/kubeadm.conf'
|
|
|
|
# Configure the kubernetes repo to allow us to download docker images for
|
|
# the kubernetes components. This will disappear once we have our own
|
|
# repo.
|
|
file { '/etc/yum.repos.d/kubernetes.repo':
|
|
ensure => file,
|
|
content => "$repo_file",
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
} ->
|
|
|
|
# Update iptables config. This is required based on:
|
|
# https://kubernetes.io/docs/tasks/tools/install-kubeadm
|
|
# This probably belongs somewhere else - initscripts package?
|
|
file { '/etc/sysctl.d/k8s.conf':
|
|
ensure => file,
|
|
content => "$iptables_file",
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
} ->
|
|
exec { "update kernel parameters for iptables":
|
|
command => "sysctl --system",
|
|
} ->
|
|
|
|
# Update kubelet configuration. Should probably just patch the kubelet
|
|
# package to fix these things. Looks like newer versions of the package
|
|
# have some of these changes already.
|
|
file_line { "${kubeadm_conf} KUBELET_EXTRA_ARGS":
|
|
path => $kubeadm_conf,
|
|
line => 'Environment="KUBELET_EXTRA_ARGS=--cgroup-driver=cgroupfs"',
|
|
match => '^Environment="KUBELET_EXTRA_ARGS=',
|
|
} ->
|
|
file_line { "${kubeadm_conf} KUBELET_NETWORK_ARGS":
|
|
path => $kubeadm_conf,
|
|
line => 'Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"',
|
|
match => '^Environment="KUBELET_NETWORK_ARGS=',
|
|
} ->
|
|
file_line { "${kubeadm_conf} KUBELET_KUBECONFIG_ARGS":
|
|
path => $kubeadm_conf,
|
|
line => 'Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --fail-swap-on=false"',
|
|
match => '^Environment="KUBELET_KUBECONFIG_ARGS=',
|
|
} ->
|
|
|
|
# Start kubelet.
|
|
service { 'kubelet':
|
|
ensure => 'running',
|
|
enable => true,
|
|
} ->
|
|
# A seperate enable is required since we have modified the service resource
|
|
# to never enable services.
|
|
exec { 'enable-kubelet':
|
|
command => '/usr/bin/systemctl enable kubelet.service',
|
|
}
|
|
}
|
|
|
|
class platform::kubernetes::master::init
|
|
inherits ::platform::kubernetes::params {
|
|
|
|
# This init only needs to be done once. Only controller-0 is supported for
|
|
# now...
|
|
if str2bool($::is_initial_config_primary) {
|
|
$resolv_conf = '/etc/resolv.conf'
|
|
|
|
# Add a DNS server to allow access to kubernetes repo. This will no longer
|
|
# be required once we are using our own internal repo.
|
|
file_line { "${resolv_conf} nameserver 8.8.8.8":
|
|
path => $resolv_conf,
|
|
line => 'nameserver 8.8.8.8',
|
|
} ->
|
|
|
|
# Configure the master node.
|
|
file { "/etc/kubernetes/kubeadm.yaml":
|
|
ensure => 'present',
|
|
replace => true,
|
|
content => template('platform/kubeadm.yaml.erb'),
|
|
} ->
|
|
|
|
exec { "configure master node":
|
|
command => "kubeadm init --config=/etc/kubernetes/kubeadm.yaml",
|
|
logoutput => true,
|
|
} ->
|
|
|
|
# Configure calico networking. This is just for prototyping - see the
|
|
# following for proper deployment:
|
|
# https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation
|
|
exec { "configure calico networking":
|
|
command =>
|
|
"kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml",
|
|
logoutput => true,
|
|
} ->
|
|
|
|
# Remove the taint from the master node
|
|
exec { "remove taint from master node":
|
|
command =>
|
|
"kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-",
|
|
logoutput => true,
|
|
}
|
|
}
|
|
}
|
|
|
|
class platform::kubernetes::master
|
|
inherits ::platform::kubernetes::params {
|
|
|
|
if $enabled {
|
|
contain ::platform::kubernetes::kubeadm
|
|
contain ::platform::kubernetes::master::init
|
|
|
|
Class['::platform::etcd'] -> Class[$name]
|
|
Class['::platform::docker::config'] -> Class[$name]
|
|
Class['::platform::kubernetes::kubeadm'] ->
|
|
Class['::platform::kubernetes::master::init']
|
|
}
|
|
}
|
|
|
|
class platform::kubernetes::worker::params (
|
|
$join_cmd = undef,
|
|
) { }
|
|
|
|
class platform::kubernetes::worker::init
|
|
inherits ::platform::kubernetes::worker::params {
|
|
|
|
Class['::platform::docker::config'] -> Class[$name]
|
|
|
|
# Configure the worker node. Only do this once, so check whether the
|
|
# kubelet.conf file has already been created (by the join).
|
|
exec { "configure worker node":
|
|
command => "$join_cmd",
|
|
logoutput => true,
|
|
unless => 'test -f /etc/kubernetes/kubelet.conf',
|
|
}
|
|
}
|
|
|
|
class platform::kubernetes::worker
|
|
inherits ::platform::kubernetes::params {
|
|
|
|
if $enabled {
|
|
contain ::platform::kubernetes::kubeadm
|
|
contain ::platform::kubernetes::worker::init
|
|
|
|
Class['::platform::kubernetes::kubeadm'] ->
|
|
Class['::platform::kubernetes::worker::init']
|
|
}
|
|
}
|