From d7f96d14441eafda776d3c6475b8b0d93d91de39 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Thu, 7 Mar 2019 18:57:49 +0400 Subject: Bring in kubernetes scenario Change-Id: I2b41ce2e275bb053fa2590654ea7fa432b0c857f Signed-off-by: Michael Polenchuk --- .../mcp-k8s-calico-noha/kubernetes/common.yml.j2 | 76 +++++++++++++++ .../mcp-k8s-calico-noha/kubernetes/compute.yml | 12 +++ .../mcp-k8s-calico-noha/kubernetes/control.yml | 99 +++++++++++++++++++ .../mcp-k8s-calico-noha/kubernetes/init.yml.j2 | 108 +++++++++++++++++++++ 4 files changed, 295 insertions(+) create mode 100644 mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 create mode 100644 mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml create mode 100644 mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml create mode 100644 mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 (limited to 'mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes') diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 new file mode 100644 index 000000000..4367d318c --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 @@ -0,0 +1,76 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +classes: + - system.linux.system.repo.mcp.apt_mirantis.docker + - system.linux.system.repo.mcp.apt_mirantis.update.docker + - system.linux.system.repo.mcp.apt_mirantis.kubernetes_extra + - system.linux.system.repo.mcp.apt_mirantis.update.kubernetes_extra + - system.kubernetes.pool.single + - system.salt.minion.cert.k8s_client_single + - system.salt.minion.cert.etcd_client_single + - cluster.mcp-common-noha.openstack_compute_pdf +parameters: + kubernetes: + common: + hyperkube: + source: ${_param:kubernetes_hyperkube_source} + source_hash: ${_param:kubernetes_hyperkube_source_hash} + pause_image: ${_param:kubernetes_pause_image} + pool: + proxy: + daemon_opts: + cluster-cidr: ${_param:calico_private_network}/${_param:calico_private_netmask} + kubelet: + address: ${_param:single_address} + fail_on_swap: ${_param:kubelet_fail_on_swap} + network: + calico: + enabled: true + no_default_pools: false + image: ${_param:kubernetes_calico_image} + calicoctl_image: ${_param:kubernetes_calico_calicoctl_image} + cni_image: ${_param:kubernetes_calico_cni_image} + kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image} + birdcl_source: ${_param:kubernetes_calico_birdcl_source} + birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash} + calicoctl_source: ${_param:kubernetes_calico_calicoctl_source} + calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash} + cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source} + cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash} + cni_source: ${_param:kubernetes_calico_cni_source} + cni_source_hash: ${_param:kubernetes_calico_cni_source_hash} + etcd: + ssl: + enabled: true + policy: + enabled: ${_param:kubernetes_calico_policy_enabled} + linux: + system: + kernel: + sysctl: + # The default operating system limits on mmap counts is likely to be too low, + # which may result in out of memory exceptions. + vm.max_map_count: 262144 + network: + interface: + br-mgmt: + post_up_cmds: + - ip r rep 10.254.0.0/16 via ${_param:single_address} + pxe_admin_int: + gateway: {{ nm.net_admin_gw }} + name_servers: + - {{ nm.net_admin_gw }} + storage: + enabled: true + swap: + img: + enabled: false + engine: file + device: /swap.img diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml new file mode 100644 index 000000000..f2ab4e9e8 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.linux.network.hosts + - cluster.mcp-k8s-calico-noha.kubernetes.common + - cluster.mcp-k8s-calico-noha diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml new file mode 100644 index 000000000..25c17dc65 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml @@ -0,0 +1,99 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - service.etcd.server.single + - service.kubernetes.control.cluster + - system.salt.minion.cert.etcd_server_single + - system.kubernetes.master.single + - system.kubernetes.master.auth.rbac + - system.kubernetes.control.roles.cluster-admin + - cluster.mcp-k8s-calico-noha.kubernetes.common + - cluster.mcp-k8s-calico-noha +parameters: + _param: + docker_image_etcd: quay.io/coreos/etcd:v3.3.12 + kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download + kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz + kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e + etcd: + server: + image: ${_param:docker_image_etcd} + source: + engine: archive + etcd_source: ${_param:kubernetes_etcd_source} + etcd_source_hash: ${_param:kubernetes_etcd_source_hash} + setup: + calico: + key: /calico/ipam/v2/assignment/ipv4/block/${_param:calico_private_network}-${_param:calico_private_netmask} + value: '{"masquerade":true,"cidr":"${_param:calico_private_network}/${_param:calico_private_netmask}"}' + ssl: + enabled: true + kubernetes: + common: + addons: + virtlet: + enabled: ${_param:kubernetes_virtlet_enabled} + namespace: ${_param:kubernetes_addon_namespace} + image: ${_param:kubernetes_virtlet_image} + criproxy_version: ${_param:kubernetes_criproxy_version} + criproxy_source: ${_param:kubernetes_criproxy_checksum} + hosts: + - ${_param:kubernetes_compute01_hostname} + dashboard: + enabled: ${_param:kubernetes_dashboard} + image: ${_param:kubernetes_dashboard_image} + helm: + enabled: ${_param:kubernetes_helm_enabled} + netchecker: + enabled: ${_param:kubernetes_netchecker_enabled} + agent_probeurls: ${_param:kubernetes_netchecker_agent_probeurls} + externaldns: + enabled: ${_param:kubernetes_externaldns_enabled} + image: ${_param:kubernetes_externaldns_image} + provider: ${_param:kubernetes_externaldns_provider} + metallb: + enabled: ${_param:kubernetes_metallb_enabled} + addresses: + - ${_param:kubernetes_metallb_addresses_pool} + ingress-nginx: + enabled: ${_param:kubernetes_ingressnginx_enabled} + metrics-server: + enabled: ${_param:kubernetes_metrics_server_enabled} + master: + apiserver: + insecure_address: 0.0.0.0 + kubelet: + address: ${_param:single_address} + fail_on_swap: ${_param:kubelet_fail_on_swap} + etcd: + ssl: + enabled: true + network: + calico: + enabled: true + image: ${_param:kubernetes_calico_image} + calicoctl_image: ${_param:kubernetes_calico_calicoctl_image} + cni_image: ${_param:kubernetes_calico_cni_image} + kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image} + birdcl_source: ${_param:kubernetes_calico_birdcl_source} + birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash} + calicoctl_source: ${_param:kubernetes_calico_calicoctl_source} + calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash} + cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source} + cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash} + cni_source: ${_param:kubernetes_calico_cni_source} + cni_source_hash: ${_param:kubernetes_calico_cni_source_hash} + etcd: + ssl: + enabled: true + policy: + enabled: ${_param:kubernetes_calico_policy_enabled} + namespace: + netchecker: + enabled: true diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 new file mode 100644 index 000000000..ef8785aa4 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 @@ -0,0 +1,108 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +parameters: + _param: + salt_minion_ca_authority: salt_master_ca + + # kubelet + kubelet_fail_on_swap: true + + # kubernetes settings + kubernetes_admin_user: admin + kubernetes_admin_password: sbPfel23ZigJF3Bm + kubernetes_admin_token: PpP6Mm3pAoPVqcKOKUu0x1dh7b1959Fi + kubernetes_kubelet_token: JJ2PKHxjiU6EYvIt18BqwdSK1HvWh8pt + kubernetes_kube-proxy_token: jT0hJk9L6cIw5UpYDNhsRwcj3Z2n62B6 + kubernetes_scheduler_token: VgkUHfrW07zNxrb0ucFyX7NBnSJN9Xp6 + kubernetes_controller-manager_token: uXrdZ1YKF6qlYm3sHje2iEXMGAGDWOIU + kubernetes_dns_token: 0S1I4iJeFjq5fopPwwCwTp3xFpEZfeUl + etcd_initial_token: IN7KaRMSo3xkGxkjAAPtkRkAgqN4ZNRq + kubernetes_netchecker_agent_probeurls: "http://ipinfo.io" + + # addresses and hostnames + kubernetes_internal_api_address: 10.254.0.1 + kubernetes_internal_dns_address: 10.254.0.10 + kubernetes_control_hostname: ctl + kubernetes_control_node01_hostname: ctl01 + kubernetes_compute01_hostname: cmp001 + kubernetes_compute02_hostname: cmp002 + kubernetes_control_node01_address: ${_param:openstack_control_address} + kubernetes_control_address: ${_param:kubernetes_control_node01_address} + master_address: ${_param:kubernetes_control_node01_address} + cluster_local_address: ${_param:single_address} + + # cert + control_address: ${_param:kubernetes_control_node01_address} + + # etcd stuff + node_hostname: ${_param:kubernetes_control_node01_hostname} + node_address: ${_param:kubernetes_control_node01_address} + node_port: 4001 + + # calico + calico_private_network: 192.168.0.0 + calico_private_netmask: 16 + + # coredns + kubernetes_externaldns_provider: coredns + kubernetes_metallb_addresses_pool: 172.16.10.70-172.16.10.95 + + # switches of addons + kubernetes_kubedns_enabled: false + kubernetes_externaldns_enabled: false + kubernetes_coredns_enabled: true + kubernetes_dashboard: false + kubernetes_virtlet_enabled: false + kubernetes_flannel_enabled: false + kubernetes_genie_enabled: false + kubernetes_calico_enabled: true + kubernetes_opencontrail_enabled: false + kubernetes_contrail_network_controller_enabled: false + kubernetes_metallb_enabled: false + kubernetes_ingressnginx_enabled: false + kubernetes_rbd_enabled: false + kubernetes_helm_enabled: false + kubernetes_netchecker_enabled: true + kubernetes_calico_policy_enabled: false + kubernetes_metrics_server_enabled: false + + kubernetes_ingressnginx_controller_replicas: 1 + kubernetes_virtlet_use_apparmor: false + + kubernetes_addon_namespace: kube-system + + + # Cloud providers parameters + kubernetes_cloudprovider_enabled: false + kubernetes_cloudprovider_type: 'openstack' + + linux: + system: + kernel: + sysctl: + net.ipv4.tcp_congestion_control: yeah + net.ipv4.tcp_slow_start_after_idle: 0 + net.ipv4.tcp_fin_timeout: 30 + network: + host: + ctl01: + address: ${_param:kubernetes_control_node01_address} + names: + - ctl01 + - ctl01.${_param:cluster_domain} +{%- for cmp in range(1, nm.cmp_nodes + 1) %} + {%- set h = 'cmp%03d' | format(cmp) %} + {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %} + {{ h }}: + address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} + names: + - {{ h }} + - {{ h }}.${_param:cluster_domain} +{%- endfor %} -- cgit 1.2.3-korg