mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 02:43:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

vendor files

Browse Source
This commit is contained in:
Serguei Bezverkhi
2018-01-09 13:57:14 -05:00
parent 558bc6c02a
commit 7b24313bd6
16547 changed files with 4527373 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/configure-proxy.sh generated vendored Normal file
View File

@ -0,0 +1,70 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
# The contents of these variables swapped in by heat via environments presented to kube-up.sh
export ETC_ENVIRONMENT='FTP_PROXY=$FTP_PROXY
HTTP_PROXY=$HTTP_PROXY
HTTPS_PROXY=$HTTPS_PROXY
SOCKS_PROXY=$SOCKS_PROXY
NO_PROXY=$NO_PROXY
ftp_proxy=$FTP_PROXY
http_proxy=$HTTP_PROXY
https_proxy=$HTTPS_PROXY
socks_proxy=$SOCKS_PROXY
no_proxy=$NO_PROXY
'
export ETC_PROFILE_D='export FTP_PROXY=$FTP_PROXY
export HTTP_PROXY=$HTTP_PROXY
export HTTPS_PROXY=$HTTPS_PROXY
export SOCKS_PROXY=$SOCKS_PROXY
export NO_PROXY=$NO_PROXY
export ftp_proxy=$FTP_PROXY
export http_proxy=$HTTP_PROXY
export https_proxy=$HTTPS_PROXY
export socks_proxy=$SOCKS_PROXY
export no_proxy=$NO_PROXY
'
export DOCKER_PROXY='[Service]
Environment="HTTP_PROXY=$HTTP_PROXY"
Environment="HTTPS_PROXY=$HTTPS_PROXY"
Environment="SOCKS_PROXY=$SOCKS_PROXY"
Environment="NO_PROXY=$NO_PROXY"
Environment="ftp_proxy=$FTP_PROXY"
Environment="http_proxy=$HTTP_PROXY"
Environment="https_proxy=$HTTPS_PROXY"
Environment="socks_proxy=$SOCKS_PROXY"
Environment="no_proxy=$NO_PROXY"
'
# This again is set by heat
ENABLE_PROXY='$ENABLE_PROXY'
# Heat itself doesn't have conditionals, so this is how we set up our proxy without breaking non-proxy setups.
if [[ "${ENABLE_PROXY}" == "true" ]]; then
mkdir -p /etc/systemd/system/docker.service.d/
echo "${ETC_ENVIRONMENT}" >> /etc/environment
echo "${ETC_PROFILE_D}" > /etc/profile.d/proxy_config.sh
echo "${DOCKER_PROXY}" > etc/systemd/system/docker.service.d/http-proxy.conf
echo "proxy=$HTTP_PROXY" >> /etc/yum.conf
fi

68
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/configure-salt.yaml generated vendored Normal file
View File

@ -0,0 +1,68 @@
#cloud-config
merge_how: dict(recurse_array)+list(append)
bootcmd:
- mkdir -p /etc/salt/minion.d
- mkdir -p /srv/salt-overlay/pillar
write_files:
- path: /etc/salt/minion.d/log-level-debug.conf
content: |
log_level: warning
log_level_logfile: warning
- path: /etc/salt/minion.d/grains.conf
content: |
grains:
node_ip: $MASTER_IP
cbr-cidr: $MASTER_IP_RANGE
publicAddressOverride: $MASTER_IP
network_mode: openvswitch
networkInterfaceName: eth0
api_servers: $MASTER_IP
kubelet_kubeconfig: /srv/salt-overlay/salt/kubelet/kubeconfig
cloud: openstack
cloud_config: /srv/kubernetes/openstack.conf
roles:
- $role
runtime_config: ""
docker_opts: "--bridge=cbr0 --iptables=false --ip-masq=false"
master_extra_sans: "DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local,DNS:kubernetes-master"
keep_host_etcd: true
kube_user: $KUBE_USER
- path: /srv/kubernetes/openstack.conf
content: |
[Global]
auth-url=$OS_AUTH_URL
username=$OS_USERNAME
password=$OS_PASSWORD
region=$OS_REGION_NAME
tenant-name=$OS_TENANT_NAME
domain-name=$OS_USER_DOMAIN_NAME
[LoadBalancer]
lb-version=$LBAAS_VERSION
subnet-id=$SUBNET_ID
floating-network-id=$FLOATING_NETWORK_ID
[Route]
router-id=$router_id
- path: /srv/salt-overlay/pillar/cluster-params.sls
content: |
allocate_node_cidrs: "true"
service_cluster_ip_range: 10.246.0.0/16
cert_ip: 10.246.0.1
enable_cluster_monitoring: influxdb
enable_cluster_logging: "true"
enable_cluster_ui: "true"
enable_node_logging: "true"
logging_destination: elasticsearch
elasticsearch_replicas: "1"
enable_cluster_dns: "true"
dns_server: 10.246.0.10
dns_domain: cluster.local
enable_dns_horizontal_autoscaler: "false"
instance_prefix: kubernetes
admission_control: Initializers,NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota
enable_cpu_cfs_quota: "true"
network_provider: none
cluster_cidr: "$cluster_cidr"
opencontrail_tag: R2.20
opencontrail_kubernetes_tag: master
opencontrail_public_subnet: 10.1.0.0/16
e2e_storage_test_environment: "false"

44
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-master.yaml generated vendored Normal file
View File

@ -0,0 +1,44 @@
#cloud-config
merge_how: dict(recurse_array)+list(append)
bootcmd:
- mkdir -p /srv/salt-overlay/salt/kube-apiserver
- mkdir -p /srv/salt-overlay/salt/kubelet
write_files:
- path: /srv/salt-overlay/salt/kube-apiserver/basic_auth.csv
permissions: "0600"
content: |
$apiserver_password,$apiserver_user,admin
- path: /srv/salt-overlay/salt/kube-apiserver/known_tokens.csv
permissions: "0600"
content: |
$token_kubelet,kubelet,kubelet
$token_kube_proxy,kube_proxy,kube_proxy
TokenSystemScheduler,system:scheduler,system:scheduler
TokenSystemControllerManager,system:controller_manager,system:controller_manager
TokenSystemLogging,system:logging,system:logging
TokenSystemMonitoring,system:monitoring,system:monitoring
TokenSystemDns,system:dns,system:dns
- path: /srv/salt-overlay/salt/kubelet/kubernetes_auth
permissions: "0600"
content: |
{"BearerToken": "$token_kubelet", "Insecure": true }
- path: /srv/salt-overlay/salt/kubelet/kubeconfig
permissions: "0600"
content: |
apiVersion: v1
kind: Config
users:
- name: kubelet
user:
token: $token_kubelet
clusters:
- name: local
cluster:
server: https://$MASTER_IP
insecure-skip-tls-verify: true
contexts:
- context:
cluster: local
user: kubelet
name: service-account-context
current-context: service-account-context

45
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-node.yaml generated vendored Normal file
View File

@ -0,0 +1,45 @@
#cloud-config
merge_how: dict(recurse_array)+list(append)
bootcmd:
- mkdir -p /srv/salt-overlay/salt/kubelet
- mkdir -p /srv/salt-overlay/salt/kube-proxy
write_files:
- path: /srv/salt-overlay/salt/kubelet/kubeconfig
permissions: "0600"
content: |
apiVersion: v1
kind: Config
users:
- name: kubelet
user:
token: $token_kubelet
clusters:
- name: local
cluster:
server: https://$MASTER_IP
insecure-skip-tls-verify: true
contexts:
- context:
cluster: local
user: kubelet
name: service-account-context
current-context: service-account-context
- path: /srv/salt-overlay/salt/kube-proxy/kubeconfig
permissions: "0600"
content: |
apiVersion: v1
kind: Config
users:
- name: kube-proxy
user:
token: $token_kube_proxy
clusters:
- name: local
cluster:
insecure-skip-tls-verify: true
contexts:
- context:
cluster: local
user: kube-proxy
name: service-account-context
current-context: service-account-context

23
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/hostname-hack.sh generated vendored Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
# Workaround for this, which has been fixed but not widely distributed: https://bugs.launchpad.net/cloud-init/+bug/1246485
# See also http://blog.oddbit.com/2014/12/10/cloudinit-and-the-case-of-the-changing-hostname/
hostname > /etc/hostname

9
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/hostname-hack.yaml generated vendored Normal file
View File

@ -0,0 +1,9 @@
#cloud-config
merge_how: dict(recurse_array)+list(append)
write_files:
- path: /etc/cloud/cloud.cfg.d/99_hostname.cfg
owner: "root:root"
permissions: "0644"
content: |
preserve_hostname: true

10
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/kube-user.yaml generated vendored Normal file
View File

@ -0,0 +1,10 @@
#cloud-config
system_info:
default_user:
name: minion
lock_passwd: true
gecos: Kubernetes Interactive User
groups: [wheel, adm, systemd-journal]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash

23
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/provision-network-master.sh generated vendored Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
. /etc/sysconfig/heat-params
# nothing to do

25
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/provision-network-node.sh generated vendored Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
# Kubernetes node shoud be able to resolve its hostname.
# In some cloud providers, myhostname is not enabled by default.
grep '^hosts:.*myhostname' /etc/nsswitch.conf || (
sed -e 's/^hosts:\(.*\)/hosts:\1 myhostname/' -i /etc/nsswitch.conf
)

53
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/run-salt.sh generated vendored Normal file
View File

@ -0,0 +1,53 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
. /etc/sysconfig/heat-params
#Reads in profile, need to relax restrictions for some OSes.
set +o nounset
. /etc/profile
set -o nounset
rm -rf /kube-install
mkdir -p /kube-install
cd /kube-install
curl "${KUBERNETES_SERVER_URL}" -o kubernetes-server.tar.gz
curl "${KUBERNETES_SALT_URL}" -o kubernetes-salt.tar.gz
tar xzf kubernetes-salt.tar.gz
./kubernetes/saltbase/install.sh kubernetes-server.tar.gz
if ! which salt-call >/dev/null 2>&1; then
echo "+++ Install salt binaries from https://bootstrap.saltstack.com"
# Install salt binaries but do not start daemon after installation
curl -sS -L --connect-timeout 20 --retry 6 --retry-delay 10 https://bootstrap.saltstack.com | sh -s -- "-X"
fi
# Salt server runs at locahost
echo "127.0.0.1 salt" >> /etc/hosts
echo "+++ run salt-call and finalize installation"
# Run salt-call
# salt-call wants to start docker daemon but is unable to.
# See <https://github.com/projectatomic/docker-storage-setup/issues/77>.
# Run salt-call in background and make cloud-final finished.
# Salt-call might be unstable in some environments, execute it twice.
salt-call --local state.highstate && salt-call --local state.highstate && $$wc_notify --data-binary '{"status": "SUCCESS"}' || $$wc_notify --data-binary '{"status": "FAILURE"}' &

11
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/write-heat-params.yaml generated vendored Normal file
View File

@ -0,0 +1,11 @@
#cloud-config
merge_how: dict(recurse_array)+list(append)
write_files:
- path: /etc/sysconfig/heat-params
owner: "root:root"
permissions: "0644"
content: |
KUBERNETES_SERVER_URL="$KUBERNETES_SERVER_URL"
KUBERNETES_SALT_URL="$KUBERNETES_SALT_URL"
MASTER_IP=$MASTER_IP
CONTAINER_SUBNET=10.246.0.0/16

465
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/kubecluster.yaml generated vendored Normal file
View File

@ -0,0 +1,465 @@
heat_template_version: 2016-10-14
description: >
Kubernetes cluster with one master and one or more worker nodes
(as specified by the number_of_minions parameter, which defaults to 3).
parameters:
ssh_key_name:
type: string
description: name of ssh key to be provisioned on our server
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
default: public
lbaas_version:
type: string
description: version of OpenStack LBaaS service. not specifying means auto detect
server_image:
type: string
description: glance image used to boot the server
master_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
minion_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
dns_nameserver:
type: string
description: address of a dns nameserver reachable in your environment
default: 8.8.8.8
number_of_minions:
type: number
description: how many kubernetes minions to spawn initially
default: 3
max_number_of_minions:
type: number
description: maximum number of kubernetes minions to spawn
default: 10
fixed_network_cidr:
type: string
description: network range for fixed ip network
default: 10.0.0.0/24
cluster_cidr:
type: string
description: network range for pod IPs
default: 10.244.0.0/16
service_cluster_cidr:
type: string
description: network range for service IPs
default: 10.10.0.0/16
master_pod_cidr:
type: string
description: >-
network range for master pod IPs (ignored, but must not conflict
with other subnets)
default: 10.245.1.0/24
kubernetes_server_url:
type: string
description: URL of kubernetes server binary. Must be tar.gz.
kubernetes_salt_url:
type: string
description: URL of kubernetes salt scripts. Must be tar.gz.
apiserver_user:
type: string
description: User name used for api-server
default: user
apiserver_password:
type: string
description: Password used for api-server
default: password
token_kubelet:
type: string
description: Token used by kubelet
default: TokenKubelet
token_kube_proxy:
type: string
description: Token used by kube-proxy
default: TokenKubeproxy
wait_condition_timeout:
type: number
description : >
timeout for the Wait Conditions
default: 6000
os_auth_url:
type: string
description: OpenStack Auth URL
default: false
os_username:
type: string
description: OpenStack Username
default: false
os_password:
type: string
description: OpenStack Password
default: false
os_region_name:
type: string
description: OpenStack Region Name
default: false
os_tenant_name:
type: string
description: OpenStack Tenant Name
default: false
os_user_domain_name:
type: string
description: OpenStack User Domain Name (Domain-level authorization scope for keystone v3)
enable_proxy:
type: string
description: Whether or not to enable proxy settings
default: false
ftp_proxy:
type: string
description: FTP Proxy URL
default: localhost
http_proxy:
type: string
description: HTTP Proxy URL
default: localhost
https_proxy:
type: string
description: HTTPS Proxy URL
default: localhost
socks_proxy:
type: string
description: SOCKS Proxy URL
default: localhost
no_proxy:
type: string
description: Comma seperated list of domains/addresses that bypass proxying.
default: localhost
assign_floating_ip:
type: boolean
description: Indicates whether floating IPs will be generated for minions
default: true
resources:
master_wait_handle:
type: OS::Heat::WaitConditionHandle
master_wait_condition:
type: OS::Heat::WaitCondition
depends_on: kube_master
properties:
handle: {get_resource: master_wait_handle}
timeout: {get_param: wait_condition_timeout}
######################################################################
#
# network resources. allocate a network and router for our server.
#
fixed_network:
type: OS::Neutron::Net
fixed_subnet:
type: OS::Neutron::Subnet
properties:
cidr: {get_param: fixed_network_cidr}
network: {get_resource: fixed_network}
dns_nameservers:
- {get_param: dns_nameserver}
extrouter:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: {get_param: external_network}
extrouter_inside:
type: OS::Neutron::RouterInterface
properties:
router_id: {get_resource: extrouter}
subnet: {get_resource: fixed_subnet}
######################################################################
#
# security groups. we need to permit network traffic of various
# sorts.
#
secgroup_base:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: icmp
- protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_mode: remote_group_id
secgroup_master:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp # api-server
port_range_min: 443
port_range_max: 443
secgroup_node:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: icmp
- protocol: tcp
- protocol: udp
######################################################################
#
# software configs. these are components that are combined into
# a multipart MIME user-data archive.
#
write_heat_params:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-heat-params.yaml}
params:
"$KUBERNETES_SERVER_URL": {get_param: kubernetes_server_url}
"$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
proxy_config:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-proxy.sh}
params:
"$ENABLE_PROXY": {get_param: enable_proxy }
"$FTP_PROXY": {get_param: ftp_proxy }
"$HTTP_PROXY": {get_param: http_proxy }
"$HTTPS_PROXY": {get_param: https_proxy }
"$SOCKS_PROXY": {get_param: socks_proxy }
"$NO_PROXY": {get_param: no_proxy }
hostname_hack:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.yaml}
hostname_hack_script:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.sh}
kube_user:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/kube-user.yaml}
provision_network_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/provision-network-master.sh}
deploy_kube_auth_files_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/deploy-kube-auth-files-master.yaml}
params:
"$apiserver_user": {get_param: apiserver_user}
"$apiserver_password": {get_param: apiserver_password}
"$token_kubelet": {get_param: token_kubelet}
"$token_kube_proxy": {get_param: token_kube_proxy}
configure_salt_master:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-salt.yaml}
params:
"$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
"$OS_AUTH_URL": {get_param: os_auth_url}
"$OS_USERNAME": {get_param: os_username}
"$OS_PASSWORD": {get_param: os_password}
"$OS_REGION_NAME": {get_param: os_region_name}
"$OS_TENANT_NAME": {get_param: os_tenant_name}
"$OS_USER_DOMAIN_NAME": {get_param: os_user_domain_name}
"$LBAAS_VERSION": {get_param: lbaas_version}
"$SUBNET_ID": {get_resource: fixed_subnet}
"$FLOATING_NETWORK_ID": {get_attr: [kube_master_floating, floating_network_id]}
"$role": "kubernetes-master"
"$router_id": {get_resource: extrouter}
"$cluster_cidr": {get_param: cluster_cidr}
"$MASTER_IP_RANGE": {get_param: master_pod_cidr}
run_salt:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/run-salt.sh}
params:
"$$wc_notify": {get_attr: [master_wait_handle, curl_cli]}
kube_master_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: write_heat_params}
- config: {get_resource: proxy_config}
- config: {get_resource: hostname_hack}
- config: {get_resource: hostname_hack_script}
- config: {get_resource: kube_user}
- config: {get_resource: provision_network_master}
- config: {get_resource: deploy_kube_auth_files_master}
- config: {get_resource: configure_salt_master}
- config: {get_resource: run_salt}
######################################################################
#
# kubernetes master server.
#
kube_master:
type: OS::Nova::Server
depends_on:
- extrouter_inside
properties:
image: {get_param: server_image}
flavor: {get_param: master_flavor}
key_name: {get_param: ssh_key_name}
user_data_format: RAW
user_data: {get_resource: kube_master_init}
networks:
- port: {get_resource: kube_master_eth0}
name:
list_join: [-, [{get_param: "OS::stack_name"}, master]]
kube_master_eth0:
type: OS::Neutron::Port
properties:
network: {get_resource: fixed_network}
security_groups:
- {get_resource: secgroup_base}
- {get_resource: secgroup_master}
fixed_ips:
- subnet: {get_resource: fixed_subnet}
allowed_address_pairs:
- ip_address: 10.246.0.0/16
replacement_policy: AUTO
kube_master_floating:
type: OS::Neutron::FloatingIP
properties:
floating_network: {get_param: external_network}
port_id: {get_resource: kube_master_eth0}
######################################################################
#
# kubernetes minions. This is an autoscaling group that will initially
# create <number_of_minions> minions, and will scale up to
# <max_number_of_minions> based on CPU utilization.
#
kube_minions:
type: OS::Heat::AutoScalingGroup
depends_on:
- extrouter_inside
- master_wait_condition
properties:
resource:
type: kubeminion.yaml
properties:
kubernetes_server_url: {get_param: kubernetes_server_url}
kubernetes_salt_url: {get_param: kubernetes_salt_url}
ssh_key_name: {get_param: ssh_key_name}
server_image: {get_param: server_image}
minion_flavor: {get_param: minion_flavor}
token_kubelet: {get_param: token_kubelet}
token_kube_proxy: {get_param: token_kube_proxy}
fixed_network: {get_resource: fixed_network}
fixed_subnet: {get_resource: fixed_subnet}
cluster_cidr: {get_param: cluster_cidr}
kube_master_ip: {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
external_network: {get_param: external_network}
wait_condition_timeout: {get_param: wait_condition_timeout}
metadata: {"metering.stack": {get_param: "OS::stack_id"}}
cluster_name: {get_param: "OS::stack_name"}
secgroup_base: {get_resource: secgroup_base}
secgroup_node: {get_resource: secgroup_node}
os_auth_url: {get_param: os_auth_url}
os_username: {get_param: os_username}
os_password: {get_param: os_password}
os_region_name: {get_param: os_region_name}
os_tenant_name: {get_param: os_tenant_name}
os_user_domain_name: {get_param: os_user_domain_name}
enable_proxy: {get_param: enable_proxy }
ftp_proxy: {get_param: ftp_proxy }
http_proxy: {get_param: http_proxy }
https_proxy: {get_param: https_proxy }
socks_proxy: {get_param: socks_proxy }
no_proxy: {get_param: no_proxy }
assign_floating_ip: {get_param: assign_floating_ip }
min_size: {get_param: number_of_minions}
desired_capacity: {get_param: number_of_minions}
max_size: {get_param: max_number_of_minions}
outputs:
kube_master:
value: {get_attr: [kube_master_floating, floating_ip_address]}
description: >
This is the "public" IP address of the Kubernetes master node. Use this IP address
to log in to the Kubernetes master via ssh or to access the Kubernetes API
from outside the cluster.
kube_minions:
value: {get_attr: [kube_minions, outputs_list, kube_minion_ip]}
description: >
Here is the list of the "private" addresses of all Kubernetes worker nodes.
kube_minions_external:
value: {get_attr: [kube_minions, outputs_list, kube_minion_external_ip]}
description: >
Here is the list of the "public" addresses of all Kubernetes worker nodes.

314
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/kubeminion.yaml generated vendored Normal file
View File

@ -0,0 +1,314 @@
heat_template_version: 2016-10-14
description: >
This is a nested stack that defines a single Kubernetes minion, This stack is
included by an AutoScalingGroup resource in the parent template
(kubecluster.yaml).
parameters:
server_image:
type: string
description: glance image used to boot the server
minion_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
ssh_key_name:
type: string
description: name of ssh key to be provisioned on our server
default: lars
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
kubernetes_server_url:
type: string
description: URL of kubernetes server binary. Must be tar.gz.
kubernetes_salt_url:
type: string
description: URL of kubernetes salt scripts. Must be tar.gz.
token_kubelet:
type: string
description: Token used by kubelet
token_kube_proxy:
type: string
description: Token used by kube-proxy
os_auth_url:
type: string
description: OpenStack Auth URL
default: false
os_username:
type: string
description: OpenStack Username
default: false
os_password:
type: string
description: OpenStack Password
default: false
os_region_name:
type: string
description: OpenStack Region Name
default: false
os_tenant_name:
type: string
description: OpenStack Tenant Name
default: false
os_user_domain_name:
type: string
description: OpenStack User Domain Name (Domain-level authorization scope for keystone v3)
enable_proxy:
type: string
description: Whether or not to enable proxy settings
default: false
ftp_proxy:
type: string
description: FTP Proxy URL
default: localhost
http_proxy:
type: string
description: HTTP Proxy URL
default: localhost
https_proxy:
type: string
description: HTTPS Proxy URL
default: localhost
socks_proxy:
type: string
description: SOCKS Proxy URL
default: localhost
no_proxy:
type: string
description: Comma seperated list of domains/addresses that bypass proxying.
default: localhost
assign_floating_ip:
type: boolean
description: Indicates whether floating IPs will be generated for minions
default: true
# The following are all generated in the parent template.
kube_master_ip:
type: string
description: IP address of the Kubernetes master server.
fixed_network:
type: string
description: Network from which to allocate fixed addresses.
fixed_subnet:
type: string
description: Subnet from which to allocate fixed addresses.
cluster_cidr:
type: string
description: Subnet from which to allocate pod subnets.
wait_condition_timeout:
type: number
description : >
timeout for the Wait Conditions
metadata:
type: json
description: metadata for ceilometer query
cluster_name:
type: string
secgroup_base:
type: string
secgroup_node:
type: string
conditions:
assign_floating_ip: {equals : [{get_param: assign_floating_ip}, true]}
resources:
minion_wait_handle:
type: OS::Heat::WaitConditionHandle
minion_wait_condition:
type: OS::Heat::WaitCondition
depends_on: kube_minion
properties:
handle: {get_resource: minion_wait_handle}
timeout: {get_param: wait_condition_timeout}
######################################################################
#
# software configs. these are components that are combined into
# a multipart MIME user-data archive.
#
write_heat_params:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-heat-params.yaml}
params:
"$KUBERNETES_SERVER_URL": {get_param: kubernetes_server_url}
"$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
"$MASTER_IP": {get_param: kube_master_ip}
proxy_config:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-proxy.sh}
params:
"$ENABLE_PROXY": {get_param: enable_proxy }
"$FTP_PROXY": {get_param: ftp_proxy }
"$HTTP_PROXY": {get_param: http_proxy }
"$HTTPS_PROXY": {get_param: https_proxy }
"$SOCKS_PROXY": {get_param: socks_proxy }
"$NO_PROXY": {get_param: no_proxy }
hostname_hack:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.yaml}
hostname_hack_script:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/hostname-hack.sh}
kube_user:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/kube-user.yaml}
provision_network_node:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/provision-network-node.sh}
deploy_kube_auth_files_node:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/deploy-kube-auth-files-node.yaml}
params:
"$token_kubelet": {get_param: token_kubelet}
"$token_kube_proxy": {get_param: token_kube_proxy}
configure_salt_node:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/configure-salt.yaml}
params:
"$MASTER_IP": {get_param: kube_master_ip}
"$OS_AUTH_URL": {get_param: os_auth_url}
"$OS_USERNAME": {get_param: os_username}
"$OS_PASSWORD": {get_param: os_password}
"$OS_REGION_NAME": {get_param: os_region_name}
"$OS_TENANT_NAME": {get_param: os_tenant_name}
"$OS_USER_DOMAIN_NAME": {get_param: os_user_domain_name}
"$role": "kubernetes-pool"
"$cluster_cidr": {get_param: cluster_cidr}
run_salt:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/run-salt.sh}
params:
"$$wc_notify": {get_attr: [minion_wait_handle, curl_cli]}
kube_minion_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: write_heat_params}
- config: {get_resource: proxy_config}
- config: {get_resource: hostname_hack}
- config: {get_resource: hostname_hack_script}
- config: {get_resource: kube_user}
- config: {get_resource: provision_network_node}
- config: {get_resource: deploy_kube_auth_files_node}
- config: {get_resource: configure_salt_node}
- config: {get_resource: run_salt}
######################################################################
#
# a single kubernetes minion.
#
server_name_post_fix:
type: OS::Heat::RandomString
properties:
character_classes: [{'class': 'lowercase', 'min': 1}]
length: 8
character_classes:
- class: lowercase
- class: digits
kube_minion:
type: OS::Nova::Server
properties:
image: {get_param: server_image}
flavor: {get_param: minion_flavor}
key_name: {get_param: ssh_key_name}
metadata: {get_param: metadata}
user_data_format: RAW
user_data: {get_resource: kube_minion_init}
networks:
- port: {get_resource: kube_minion_eth0}
name:
list_join: [-, [{get_param: cluster_name}, node, {get_resource: server_name_post_fix}]]
kube_minion_eth0:
type: OS::Neutron::Port
properties:
network: {get_param: fixed_network}
security_groups:
- {get_param: secgroup_base}
- {get_param: secgroup_node}
fixed_ips:
- subnet: {get_param: fixed_subnet}
allowed_address_pairs:
- ip_address: 10.246.0.0/16
replacement_policy: AUTO
kube_minion_floating:
type: OS::Neutron::FloatingIP
properties:
floating_network: {get_param: external_network}
port_id: {get_resource: kube_minion_eth0}
condition: assign_floating_ip
outputs:
kube_minion_ip:
value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
kube_minion_external_ip:
value: {get_attr: [kube_minion_floating, floating_ip_address]}
condition: assign_floating_ip