cri-o/vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/kubecluster.yaml

454 lines
13 KiB
YAML
Raw Normal View History

heat_template_version: 2014-10-16
description: >
Kubernetes cluster with one master and one or more worker nodes
(as specified by the number_of_minions parameter, which defaults to 3).
parameters:
ssh_key_name:
type: string
description: name of ssh key to be provisioned on our server
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
default: public
lbaas_version:
type: string
description: version of OpenStack LBaaS service. not specifying means auto detect
server_image:
type: string
description: glance image used to boot the server
master_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
minion_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
dns_nameserver:
type: string
description: address of a dns nameserver reachable in your environment
default: 8.8.8.8
number_of_minions:
type: number
description: how many kubernetes minions to spawn initially
default: 3
max_number_of_minions:
type: number
description: maximum number of kubernetes minions to spawn
default: 10
fixed_network_cidr:
type: string
description: network range for fixed ip network
default: 10.0.0.0/24
cluster_cidr:
type: string
description: network range for pod IPs
default: 10.244.0.0/16
service_cluster_cidr:
type: string
description: network range for service IPs
default: 10.10.0.0/16
master_pod_cidr:
type: string
description: >-
network range for master pod IPs (ignored, but must not conflict
with other subnets)
default: 10.245.1.0/24
kubernetes_server_url:
type: string
description: URL of kubernetes server binary. Must be tar.gz.
kubernetes_salt_url:
type: string
description: URL of kubernetes salt scripts. Must be tar.gz.
apiserver_user:
type: string
description: User name used for api-server
default: user
apiserver_password:
type: string
description: Password used for api-server
default: password
token_kubelet:
type: string
description: Token used by kubelet
default: TokenKubelet
token_kube_proxy:
type: string
description: Token used by kube-proxy
default: TokenKubeproxy
wait_condition_timeout:
type: number
description : >
timeout for the Wait Conditions
default: 6000
os_auth_url:
type: string
description: OpenStack Auth URL
default: false
os_username:
type: string
description: OpenStack Username
default: false
os_password:
type: string
description: OpenStack Password
default: false
os_region_name:
type: string
description: OpenStack Region Name
default: false
os_tenant_name:
type: string
description: OpenStack Tenant Name
default: false
enable_proxy:
type: string
description: Whether or not to enable proxy settings
default: false
ftp_proxy:
type: string
description: FTP Proxy URL
default: localhost
http_proxy:
type: string
description: HTTP Proxy URL
default: localhost
https_proxy:
type: string
description: HTTPS Proxy URL
default: localhost
socks_proxy:
type: string
description: SOCKS Proxy URL
default: localhost
no_proxy:
type: string
description: Comma seperated list of domains/addresses that bypass proxying.
default: localhost
resources:
master_wait_handle:
type: OS::Heat::WaitConditionHandle
master_wait_condition:
type: OS::Heat::WaitCondition
depends_on: kube_master
properties:
handle: {get_resource: master_wait_handle}
timeout: {get_param: wait_condition_timeout}
######################################################################
#
# network resources. allocate a network and router for our server.
#
fixed_network:
type: OS::Neutron::Net
fixed_subnet:
type: OS::Neutron::Subnet
properties:
cidr: {get_param: fixed_network_cidr}
network: {get_resource: fixed_network}
dns_nameservers:
- {get_param: dns_nameserver}
extrouter:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: {get_param: external_network}
extrouter_inside:
type: OS::Neutron::RouterInterface
properties:
router_id: {get_resource: extrouter}
subnet: {get_resource: fixed_subnet}
######################################################################
#
# security groups. we need to permit network traffic of various
# sorts.
#
secgroup_base:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: icmp
- protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_mode: remote_group_id
secgroup_master:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp # api-server
port_range_min: 443
port_range_max: 443
secgroup_node:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: icmp
- protocol: tcp
- protocol: udp
######################################################################
#
# software configs. these are components that are combined into
# a multipart MIME user-data archive.
#
write_heat_params:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-heat-params.yaml}
params:
"$KUBERNETES_SERVER_URL": {get_param: kubernetes_server_url}
"$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
proxy_config:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-proxy.sh}
params:
"$ENABLE_PROXY": {get_param: enable_proxy }
"$FTP_PROXY": {get_param: ftp_proxy }
"$HTTP_PROXY": {get_param: http_proxy }
"$HTTPS_PROXY": {get_param: https_proxy }
"$SOCKS_PROXY": {get_param: socks_proxy }
"$NO_PROXY": {get_param: no_proxy }
hostname_hack:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.yaml}
hostname_hack_script:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.sh}
kube_user:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/kube-user.yaml}
provision_network_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/provision-network-master.sh}
deploy_kube_auth_files_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/deploy-kube-auth-files-master.yaml}
params:
"$apiserver_user": {get_param: apiserver_user}
"$apiserver_password": {get_param: apiserver_password}
"$token_kubelet": {get_param: token_kubelet}
"$token_kube_proxy": {get_param: token_kube_proxy}
configure_salt_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-salt.yaml}
params:
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
"$OS_AUTH_URL": {get_param: os_auth_url}
"$OS_USERNAME": {get_param: os_username}
"$OS_PASSWORD": {get_param: os_password}
"$OS_REGION_NAME": {get_param: os_region_name}
"$OS_TENANT_NAME": {get_param: os_tenant_name}
"$LBAAS_VERSION": {get_param: lbaas_version}
"$SUBNET_ID": {get_resource: fixed_subnet}
"$FLOATING_NETWORK_ID": {get_attr: [kube_master_floating, floating_network_id]}
"$role": "kubernetes-master"
"$router_id": {get_resource: extrouter}
"$cluster_cidr": {get_param: cluster_cidr}
"$MASTER_IP_RANGE": {get_param: master_pod_cidr}
run_salt:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/run-salt.sh}
params:
"$$wc_notify": {get_attr: [master_wait_handle, curl_cli]}
kube_master_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: write_heat_params}
- config: {get_resource: proxy_config}
- config: {get_resource: hostname_hack}
- config: {get_resource: hostname_hack_script}
- config: {get_resource: kube_user}
- config: {get_resource: provision_network_master}
- config: {get_resource: deploy_kube_auth_files_master}
- config: {get_resource: configure_salt_master}
- config: {get_resource: run_salt}
######################################################################
#
# kubernetes master server.
#
kube_master:
type: OS::Nova::Server
depends_on:
- extrouter_inside
properties:
image: {get_param: server_image}
flavor: {get_param: master_flavor}
key_name: {get_param: ssh_key_name}
user_data_format: RAW
user_data: {get_resource: kube_master_init}
networks:
- port: {get_resource: kube_master_eth0}
name:
list_join: [-, [{get_param: "OS::stack_name"}, master]]
kube_master_eth0:
type: OS::Neutron::Port
properties:
network: {get_resource: fixed_network}
security_groups:
- {get_resource: secgroup_base}
- {get_resource: secgroup_master}
fixed_ips:
- subnet: {get_resource: fixed_subnet}
allowed_address_pairs:
- ip_address: 10.246.0.0/16
replacement_policy: AUTO
kube_master_floating:
type: OS::Neutron::FloatingIP
properties:
floating_network: {get_param: external_network}
port_id: {get_resource: kube_master_eth0}
######################################################################
#
# kubernetes minions. This is an autoscaling group that will initially
# create <number_of_minions> minions, and will scale up to
# <max_number_of_minions> based on CPU utilization.
#
kube_minions:
type: OS::Heat::AutoScalingGroup
depends_on:
- extrouter_inside
- master_wait_condition
properties:
resource:
type: kubeminion.yaml
properties:
kubernetes_server_url: {get_param: kubernetes_server_url}
kubernetes_salt_url: {get_param: kubernetes_salt_url}
ssh_key_name: {get_param: ssh_key_name}
server_image: {get_param: server_image}
minion_flavor: {get_param: minion_flavor}
token_kubelet: {get_param: token_kubelet}
token_kube_proxy: {get_param: token_kube_proxy}
fixed_network: {get_resource: fixed_network}
fixed_subnet: {get_resource: fixed_subnet}
cluster_cidr: {get_param: cluster_cidr}
kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
external_network: {get_param: external_network}
wait_condition_timeout: {get_param: wait_condition_timeout}
metadata: {"metering.stack": {get_param: "OS::stack_id"}}
cluster_name: {get_param: "OS::stack_name"}
secgroup_base: {get_resource: secgroup_base}
secgroup_node: {get_resource: secgroup_node}
os_auth_url: {get_param: os_auth_url}
os_username: {get_param: os_username}
os_password: {get_param: os_password}
os_region_name: {get_param: os_region_name}
os_tenant_name: {get_param: os_tenant_name}
enable_proxy: {get_param: enable_proxy }
ftp_proxy: {get_param: ftp_proxy }
http_proxy: {get_param: http_proxy }
https_proxy: {get_param: https_proxy }
socks_proxy: {get_param: socks_proxy }
no_proxy: {get_param: no_proxy }
min_size: {get_param: number_of_minions}
desired_capacity: {get_param: number_of_minions}
max_size: {get_param: max_number_of_minions}
outputs:
kube_master:
value: {get_attr: [kube_master_floating, floating_ip_address]}
description: >
This is the "public" IP address of the Kubernetes master node. Use this IP address
to log in to the Kubernetes master via ssh or to access the Kubernetes API
from outside the cluster.
kube_minions:
value: {get_attr: [kube_minions, outputs_list, kube_minion_ip]}
description: >
Here is the list of the "private" addresses of all Kubernetes worker nodes.
kube_minions_external:
value: {get_attr: [kube_minions, outputs_list, kube_minion_external_ip]}
description: >
Here is the list of the "public" addresses of all Kubernetes worker nodes.