454 lines
13 KiB
YAML
454 lines
13 KiB
YAML
|
heat_template_version: 2014-10-16
|
||
|
|
||
|
description: >
|
||
|
Kubernetes cluster with one master and one or more worker nodes
|
||
|
(as specified by the number_of_minions parameter, which defaults to 3).
|
||
|
|
||
|
parameters:
|
||
|
ssh_key_name:
|
||
|
type: string
|
||
|
description: name of ssh key to be provisioned on our server
|
||
|
|
||
|
external_network:
|
||
|
type: string
|
||
|
description: uuid/name of a network to use for floating ip addresses
|
||
|
default: public
|
||
|
|
||
|
lbaas_version:
|
||
|
type: string
|
||
|
description: version of OpenStack LBaaS service. not specifying means auto detect
|
||
|
|
||
|
server_image:
|
||
|
type: string
|
||
|
description: glance image used to boot the server
|
||
|
|
||
|
master_flavor:
|
||
|
type: string
|
||
|
default: m1.small
|
||
|
description: flavor to use when booting the server
|
||
|
|
||
|
minion_flavor:
|
||
|
type: string
|
||
|
default: m1.small
|
||
|
description: flavor to use when booting the server
|
||
|
|
||
|
dns_nameserver:
|
||
|
type: string
|
||
|
description: address of a dns nameserver reachable in your environment
|
||
|
default: 8.8.8.8
|
||
|
|
||
|
number_of_minions:
|
||
|
type: number
|
||
|
description: how many kubernetes minions to spawn initially
|
||
|
default: 3
|
||
|
|
||
|
max_number_of_minions:
|
||
|
type: number
|
||
|
description: maximum number of kubernetes minions to spawn
|
||
|
default: 10
|
||
|
|
||
|
fixed_network_cidr:
|
||
|
type: string
|
||
|
description: network range for fixed ip network
|
||
|
default: 10.0.0.0/24
|
||
|
|
||
|
cluster_cidr:
|
||
|
type: string
|
||
|
description: network range for pod IPs
|
||
|
default: 10.244.0.0/16
|
||
|
|
||
|
service_cluster_cidr:
|
||
|
type: string
|
||
|
description: network range for service IPs
|
||
|
default: 10.10.0.0/16
|
||
|
|
||
|
master_pod_cidr:
|
||
|
type: string
|
||
|
description: >-
|
||
|
network range for master pod IPs (ignored, but must not conflict
|
||
|
with other subnets)
|
||
|
default: 10.245.1.0/24
|
||
|
|
||
|
kubernetes_server_url:
|
||
|
type: string
|
||
|
description: URL of kubernetes server binary. Must be tar.gz.
|
||
|
|
||
|
kubernetes_salt_url:
|
||
|
type: string
|
||
|
description: URL of kubernetes salt scripts. Must be tar.gz.
|
||
|
|
||
|
apiserver_user:
|
||
|
type: string
|
||
|
description: User name used for api-server
|
||
|
default: user
|
||
|
|
||
|
apiserver_password:
|
||
|
type: string
|
||
|
description: Password used for api-server
|
||
|
default: password
|
||
|
|
||
|
token_kubelet:
|
||
|
type: string
|
||
|
description: Token used by kubelet
|
||
|
default: TokenKubelet
|
||
|
|
||
|
token_kube_proxy:
|
||
|
type: string
|
||
|
description: Token used by kube-proxy
|
||
|
default: TokenKubeproxy
|
||
|
|
||
|
wait_condition_timeout:
|
||
|
type: number
|
||
|
description : >
|
||
|
timeout for the Wait Conditions
|
||
|
default: 6000
|
||
|
|
||
|
os_auth_url:
|
||
|
type: string
|
||
|
description: OpenStack Auth URL
|
||
|
default: false
|
||
|
|
||
|
os_username:
|
||
|
type: string
|
||
|
description: OpenStack Username
|
||
|
default: false
|
||
|
|
||
|
os_password:
|
||
|
type: string
|
||
|
description: OpenStack Password
|
||
|
default: false
|
||
|
|
||
|
os_region_name:
|
||
|
type: string
|
||
|
description: OpenStack Region Name
|
||
|
default: false
|
||
|
|
||
|
os_tenant_name:
|
||
|
type: string
|
||
|
description: OpenStack Tenant Name
|
||
|
default: false
|
||
|
|
||
|
enable_proxy:
|
||
|
type: string
|
||
|
description: Whether or not to enable proxy settings
|
||
|
default: false
|
||
|
|
||
|
ftp_proxy:
|
||
|
type: string
|
||
|
description: FTP Proxy URL
|
||
|
default: localhost
|
||
|
|
||
|
http_proxy:
|
||
|
type: string
|
||
|
description: HTTP Proxy URL
|
||
|
default: localhost
|
||
|
|
||
|
https_proxy:
|
||
|
type: string
|
||
|
description: HTTPS Proxy URL
|
||
|
default: localhost
|
||
|
|
||
|
socks_proxy:
|
||
|
type: string
|
||
|
description: SOCKS Proxy URL
|
||
|
default: localhost
|
||
|
|
||
|
no_proxy:
|
||
|
type: string
|
||
|
description: Comma seperated list of domains/addresses that bypass proxying.
|
||
|
default: localhost
|
||
|
|
||
|
resources:
|
||
|
|
||
|
master_wait_handle:
|
||
|
type: OS::Heat::WaitConditionHandle
|
||
|
|
||
|
master_wait_condition:
|
||
|
type: OS::Heat::WaitCondition
|
||
|
depends_on: kube_master
|
||
|
properties:
|
||
|
handle: {get_resource: master_wait_handle}
|
||
|
timeout: {get_param: wait_condition_timeout}
|
||
|
|
||
|
######################################################################
|
||
|
#
|
||
|
# network resources. allocate a network and router for our server.
|
||
|
#
|
||
|
|
||
|
fixed_network:
|
||
|
type: OS::Neutron::Net
|
||
|
|
||
|
fixed_subnet:
|
||
|
type: OS::Neutron::Subnet
|
||
|
properties:
|
||
|
cidr: {get_param: fixed_network_cidr}
|
||
|
network: {get_resource: fixed_network}
|
||
|
dns_nameservers:
|
||
|
- {get_param: dns_nameserver}
|
||
|
|
||
|
extrouter:
|
||
|
type: OS::Neutron::Router
|
||
|
properties:
|
||
|
external_gateway_info:
|
||
|
network: {get_param: external_network}
|
||
|
|
||
|
extrouter_inside:
|
||
|
type: OS::Neutron::RouterInterface
|
||
|
properties:
|
||
|
router_id: {get_resource: extrouter}
|
||
|
subnet: {get_resource: fixed_subnet}
|
||
|
|
||
|
######################################################################
|
||
|
#
|
||
|
# security groups. we need to permit network traffic of various
|
||
|
# sorts.
|
||
|
#
|
||
|
|
||
|
secgroup_base:
|
||
|
type: OS::Neutron::SecurityGroup
|
||
|
properties:
|
||
|
rules:
|
||
|
- protocol: icmp
|
||
|
- protocol: tcp
|
||
|
port_range_min: 22
|
||
|
port_range_max: 22
|
||
|
- remote_mode: remote_group_id
|
||
|
|
||
|
secgroup_master:
|
||
|
type: OS::Neutron::SecurityGroup
|
||
|
properties:
|
||
|
rules:
|
||
|
- protocol: tcp # api-server
|
||
|
port_range_min: 443
|
||
|
port_range_max: 443
|
||
|
|
||
|
secgroup_node:
|
||
|
type: OS::Neutron::SecurityGroup
|
||
|
properties:
|
||
|
rules:
|
||
|
- protocol: icmp
|
||
|
- protocol: tcp
|
||
|
- protocol: udp
|
||
|
|
||
|
######################################################################
|
||
|
#
|
||
|
# software configs. these are components that are combined into
|
||
|
# a multipart MIME user-data archive.
|
||
|
#
|
||
|
|
||
|
write_heat_params:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config:
|
||
|
str_replace:
|
||
|
template: {get_file: fragments/write-heat-params.yaml}
|
||
|
params:
|
||
|
"$KUBERNETES_SERVER_URL": {get_param: kubernetes_server_url}
|
||
|
"$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
|
||
|
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||
|
|
||
|
proxy_config:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config:
|
||
|
str_replace:
|
||
|
template: {get_file: fragments/configure-proxy.sh}
|
||
|
params:
|
||
|
"$ENABLE_PROXY": {get_param: enable_proxy }
|
||
|
"$FTP_PROXY": {get_param: ftp_proxy }
|
||
|
"$HTTP_PROXY": {get_param: http_proxy }
|
||
|
"$HTTPS_PROXY": {get_param: https_proxy }
|
||
|
"$SOCKS_PROXY": {get_param: socks_proxy }
|
||
|
"$NO_PROXY": {get_param: no_proxy }
|
||
|
|
||
|
hostname_hack:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config: {get_file: fragments/hostname-hack.yaml}
|
||
|
|
||
|
hostname_hack_script:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config: {get_file: fragments/hostname-hack.sh}
|
||
|
|
||
|
kube_user:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config: {get_file: fragments/kube-user.yaml}
|
||
|
|
||
|
provision_network_master:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config: {get_file: fragments/provision-network-master.sh}
|
||
|
|
||
|
deploy_kube_auth_files_master:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config:
|
||
|
str_replace:
|
||
|
template: {get_file: fragments/deploy-kube-auth-files-master.yaml}
|
||
|
params:
|
||
|
"$apiserver_user": {get_param: apiserver_user}
|
||
|
"$apiserver_password": {get_param: apiserver_password}
|
||
|
"$token_kubelet": {get_param: token_kubelet}
|
||
|
"$token_kube_proxy": {get_param: token_kube_proxy}
|
||
|
|
||
|
configure_salt_master:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config:
|
||
|
str_replace:
|
||
|
template: {get_file: fragments/configure-salt.yaml}
|
||
|
params:
|
||
|
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||
|
"$OS_AUTH_URL": {get_param: os_auth_url}
|
||
|
"$OS_USERNAME": {get_param: os_username}
|
||
|
"$OS_PASSWORD": {get_param: os_password}
|
||
|
"$OS_REGION_NAME": {get_param: os_region_name}
|
||
|
"$OS_TENANT_NAME": {get_param: os_tenant_name}
|
||
|
"$LBAAS_VERSION": {get_param: lbaas_version}
|
||
|
"$SUBNET_ID": {get_resource: fixed_subnet}
|
||
|
"$FLOATING_NETWORK_ID": {get_attr: [kube_master_floating, floating_network_id]}
|
||
|
"$role": "kubernetes-master"
|
||
|
"$router_id": {get_resource: extrouter}
|
||
|
"$cluster_cidr": {get_param: cluster_cidr}
|
||
|
"$MASTER_IP_RANGE": {get_param: master_pod_cidr}
|
||
|
|
||
|
run_salt:
|
||
|
type: OS::Heat::SoftwareConfig
|
||
|
properties:
|
||
|
group: ungrouped
|
||
|
config:
|
||
|
str_replace:
|
||
|
template: {get_file: fragments/run-salt.sh}
|
||
|
params:
|
||
|
"$$wc_notify": {get_attr: [master_wait_handle, curl_cli]}
|
||
|
|
||
|
kube_master_init:
|
||
|
type: OS::Heat::MultipartMime
|
||
|
properties:
|
||
|
parts:
|
||
|
- config: {get_resource: write_heat_params}
|
||
|
- config: {get_resource: proxy_config}
|
||
|
- config: {get_resource: hostname_hack}
|
||
|
- config: {get_resource: hostname_hack_script}
|
||
|
- config: {get_resource: kube_user}
|
||
|
- config: {get_resource: provision_network_master}
|
||
|
- config: {get_resource: deploy_kube_auth_files_master}
|
||
|
- config: {get_resource: configure_salt_master}
|
||
|
- config: {get_resource: run_salt}
|
||
|
|
||
|
######################################################################
|
||
|
#
|
||
|
# kubernetes master server.
|
||
|
#
|
||
|
|
||
|
kube_master:
|
||
|
type: OS::Nova::Server
|
||
|
depends_on:
|
||
|
- extrouter_inside
|
||
|
properties:
|
||
|
image: {get_param: server_image}
|
||
|
flavor: {get_param: master_flavor}
|
||
|
key_name: {get_param: ssh_key_name}
|
||
|
user_data_format: RAW
|
||
|
user_data: {get_resource: kube_master_init}
|
||
|
networks:
|
||
|
- port: {get_resource: kube_master_eth0}
|
||
|
name:
|
||
|
list_join: [-, [{get_param: "OS::stack_name"}, master]]
|
||
|
|
||
|
kube_master_eth0:
|
||
|
type: OS::Neutron::Port
|
||
|
properties:
|
||
|
network: {get_resource: fixed_network}
|
||
|
security_groups:
|
||
|
- {get_resource: secgroup_base}
|
||
|
- {get_resource: secgroup_master}
|
||
|
fixed_ips:
|
||
|
- subnet: {get_resource: fixed_subnet}
|
||
|
allowed_address_pairs:
|
||
|
- ip_address: 10.246.0.0/16
|
||
|
replacement_policy: AUTO
|
||
|
|
||
|
kube_master_floating:
|
||
|
type: OS::Neutron::FloatingIP
|
||
|
properties:
|
||
|
floating_network: {get_param: external_network}
|
||
|
port_id: {get_resource: kube_master_eth0}
|
||
|
|
||
|
######################################################################
|
||
|
#
|
||
|
# kubernetes minions. This is an autoscaling group that will initially
|
||
|
# create <number_of_minions> minions, and will scale up to
|
||
|
# <max_number_of_minions> based on CPU utilization.
|
||
|
#
|
||
|
|
||
|
kube_minions:
|
||
|
type: OS::Heat::AutoScalingGroup
|
||
|
depends_on:
|
||
|
- extrouter_inside
|
||
|
- master_wait_condition
|
||
|
properties:
|
||
|
resource:
|
||
|
type: kubeminion.yaml
|
||
|
properties:
|
||
|
kubernetes_server_url: {get_param: kubernetes_server_url}
|
||
|
kubernetes_salt_url: {get_param: kubernetes_salt_url}
|
||
|
ssh_key_name: {get_param: ssh_key_name}
|
||
|
server_image: {get_param: server_image}
|
||
|
minion_flavor: {get_param: minion_flavor}
|
||
|
token_kubelet: {get_param: token_kubelet}
|
||
|
token_kube_proxy: {get_param: token_kube_proxy}
|
||
|
fixed_network: {get_resource: fixed_network}
|
||
|
fixed_subnet: {get_resource: fixed_subnet}
|
||
|
cluster_cidr: {get_param: cluster_cidr}
|
||
|
kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||
|
external_network: {get_param: external_network}
|
||
|
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||
|
metadata: {"metering.stack": {get_param: "OS::stack_id"}}
|
||
|
cluster_name: {get_param: "OS::stack_name"}
|
||
|
secgroup_base: {get_resource: secgroup_base}
|
||
|
secgroup_node: {get_resource: secgroup_node}
|
||
|
os_auth_url: {get_param: os_auth_url}
|
||
|
os_username: {get_param: os_username}
|
||
|
os_password: {get_param: os_password}
|
||
|
os_region_name: {get_param: os_region_name}
|
||
|
os_tenant_name: {get_param: os_tenant_name}
|
||
|
enable_proxy: {get_param: enable_proxy }
|
||
|
ftp_proxy: {get_param: ftp_proxy }
|
||
|
http_proxy: {get_param: http_proxy }
|
||
|
https_proxy: {get_param: https_proxy }
|
||
|
socks_proxy: {get_param: socks_proxy }
|
||
|
no_proxy: {get_param: no_proxy }
|
||
|
min_size: {get_param: number_of_minions}
|
||
|
desired_capacity: {get_param: number_of_minions}
|
||
|
max_size: {get_param: max_number_of_minions}
|
||
|
|
||
|
outputs:
|
||
|
|
||
|
kube_master:
|
||
|
value: {get_attr: [kube_master_floating, floating_ip_address]}
|
||
|
description: >
|
||
|
This is the "public" IP address of the Kubernetes master node. Use this IP address
|
||
|
to log in to the Kubernetes master via ssh or to access the Kubernetes API
|
||
|
from outside the cluster.
|
||
|
|
||
|
kube_minions:
|
||
|
value: {get_attr: [kube_minions, outputs_list, kube_minion_ip]}
|
||
|
description: >
|
||
|
Here is the list of the "private" addresses of all Kubernetes worker nodes.
|
||
|
|
||
|
kube_minions_external:
|
||
|
value: {get_attr: [kube_minions, outputs_list, kube_minion_external_ip]}
|
||
|
description: >
|
||
|
Here is the list of the "public" addresses of all Kubernetes worker nodes.
|