Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
7 contributors

Users who have contributed to this file

@ihorman @sych74 @dfateyev @siruslan @dzotic9 @vlobzakov @SlavaKatiukha
286 lines (254 sloc) 12.1 KB
type: install
version: 1.5
id: kubernetes
baseUrl: https://raw.githubusercontent.com/jelastic-jps/kubernetes/master
description:
text: /text/description-kube.md
short: Kubernetes Cluster
categories:
- apps/clusters
- apps/dev-and-admin-tools
logo: /images/k8s-logo.png
name: Kubernetes Cluster
targetRegions:
type: vz7
ssl: true
onBeforeInit: /scripts/beforeinit.js
onBeforeInstall: /scripts/beforeinstall.js
nodes: definedInOnBeforeInstall
skipNodeEmails: true
globals:
dashboardUrl: https://${env.domain}/kubernetes-dashboard/
onInstall:
- block-masters-scaling
- init-main-master
- forEach(node:nodes.k8sm):
if (!${@node.ismaster}):
init-slave-master:
id: ${@node.id}
ip: ${@node.intIP}
- connect-workers: cp
- setup-overlay
- install-components
- install-helm
- install-traefik
- manage-ingress-routes
- generate-admin-token
- connect-storage
- deploy
- install-conf-addon
- remove-attr
- if ('${env.protocol}' == 'http'):
- api: env.control.AddEndpoint
nodeId: ${nodes.cp.master.id}
privatePort: 30777
protocol: TCP
name: Dashboard Self-Sighed HTTPS
- setGlobals:
dashboardUrl: https://node${nodes.cp.master.id}-${env.domain}:${response.object.publicPort}/
onAfterScaleOut[cp]:
forEach(event.response.nodes):
connect-workers: ${@i.id}
onBeforeScaleIn[cp]:
forEach(event.response.nodes):
removeWorker:
workerHostname: node${@i.id}-${env.domain}
onBeforeClone: stopEvent
actions:
block-masters-scaling:
env.control.ApplyNodeGroupData[k8sm]:
data:
validation:
minCount: ${nodes.k8sm.length}
maxCount: ${nodes.k8sm.length}
init-main-master:
- if (${nodes.mbl.length:0}):
cmd[mbl]: |-
sed -i '/^<\/mappings>.*/i \\t<pair frontend_port="6443" backend_port="6443" description="CPlane balancing" option="tcp-check" params="check fall 3 rise 2">' /etc/haproxy/tcpmaps/mappings.xml
sed -i 's/^bind :::80/#bind :::80/g' /etc/haproxy/haproxy.cfg
sed -i '/^daemon$/a stats socket /var/run/haproxy.sock mode 660 level admin' /etc/haproxy/haproxy.cfg
sed -i '/^daemon$/a stats timeout 2m' /etc/haproxy/haproxy.cfg
echo '${nodes.k8sm.master.intIP}' > /etc/haproxy/hosts
jem balancer rebuildCommon
user: root
- cmd[${nodes.k8sm.master.id}]: |-
systemctl daemon-reload > /dev/null 2>&1
entryPoint=$((( ${nodes.mbl.length:0} > 0 )) && echo mbl || echo k8sm)
sed -i "s/^controlPlaneEndpoint:.*/controlPlaneEndpoint: \"${entryPoint}.${env.domain}:6443\"/g" /etc/kubernetes/custom-kubeadm.yaml
kubeadm init --config /etc/kubernetes/custom-kubeadm.yaml --upload-certs --ignore-preflight-errors=swap | tee /var/log/kubeadm-init.log
sed -n '/kubeadm join/,/^$/{/./p}' /var/log/kubeadm-init.log | sed ':a;N;$!ba;s/\\\n//g' | grep 'control-plane' > /var/lib/connect/settings-master
sed -n '/kubeadm join/,/^$/{/./p}' /var/log/kubeadm-init.log | sed ':a;N;$!ba;s/\\\n//g' | grep -v 'control-plane' > /var/lib/connect/settings
printf "0 1 * * * kubeadm token create --print-join-command > /var/lib/connect/settings\n\n\n" > /var/spool/cron/root
- configure-master: ${nodes.k8sm.master.id}
- if (${settings.api:true}):
cmd[${nodes.k8sm.master.id}]: |-
kubectl apply -f ${baseUrl}/addons/api-ingress.yaml
init-slave-master:
- cmd[${this.id}]: |-
systemctl daemon-reload > /dev/null 2>&1
$(cat /var/lib/connect/settings-master) --ignore-preflight-errors=swap > /dev/null 2>&1
- configure-master: ${this.id}
- cmd[mbl]: |-
echo '${this.ip}' >> /etc/haproxy/hosts
jem balancer rebuildCommon
user: root
configure-master:
cmd[${this}]: |-
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown root:root $HOME/.kube/config
wget -qO- https://github.com/derailed/k9s/releases/download/0.7.11/k9s_0.7.11_Linux_x86_64.tar.gz | tar xz -C /usr/bin k9s
wget -qO- https://github.com/derailed/popeye/releases/download/v0.3.12/popeye_0.3.12_Linux_x86_64.tar.gz | tar xz -C /usr/bin popeye
wget https://github.com/wercker/stern/releases/download/1.10.0/stern_linux_amd64 -O /usr/bin/stern
chmod +x /usr/bin/stern
kubectx_version=0.6.3
wget -qO- https://github.com/ahmetb/kubectx/archive/v${kubectx_version}.tar.gz | tar xz --strip-components=1 -C /usr/bin kubectx-${kubectx_version}/kubectx kubectx-${kubectx_version}/kubens
wget -qO- https://github.com/ahmetb/kubectx/archive/v${kubectx_version}.tar.gz | tar xz --strip-components=2 -C /etc/bash_completion.d kubectx-${kubectx_version}/completion/kubens.bash kubectx-${kubectx_version}/completion/kubectx.bash
iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
service iptables save
systemctl enable docker.service
systemctl enable kubelet.service
manage-ingress-routes:
cmd[${nodes.k8sm.master.id}]: |-
kubectl apply -f ${baseUrl}/addons/dashboard-ingress.yaml
connect-workers:
cmd[${this}]: |-
rm -f /etc/machine-id
systemd-machine-id-setup
systemctl daemon-reload > /dev/null 2>&1
systemctl restart kubelet.service
$(cat /var/lib/connect/settings) --ignore-preflight-errors=swap > /dev/null 2>&1
sleep 5
iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
service iptables save
systemctl enable docker.service
systemctl enable kubelet.service
setup-overlay:
cmd[${nodes.k8sm.master.id}]: |-
kubectl apply -f ${baseUrl}/addons/weave-pack.yaml
wget https://github.com/weaveworks/weave/releases/download/v2.5.2/weave -O /usr/bin/weave
chmod +x /usr/bin/weave
install-components:
- cmd[${nodes.k8sm.master.id}]: |-
kubectl create -f ${baseUrl}/addons/metrics-server/aggregated-metrics-reader.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/auth-delegator.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/auth-reader.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/metrics-apiservice.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/metrics-server-deployment.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/metrics-server-service.yaml
kubectl create -f ${baseUrl}/addons/metrics-server/resource-reader.yaml
kubectl create -f ${baseUrl}/addons/kubernetes-dashboard.yaml
kubectl create -f ${baseUrl}/addons/create-admin.yaml
kubectl create -f ${baseUrl}/addons/grant-privileges.yaml
install-helm:
cmd[${nodes.k8sm.master.id}]: |-
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash > /dev/null 2>&1
helm init --upgrade
helm repo update
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
while true; do kubectl get pods --field-selector=status.phase=Running -n kube-system | grep tiller && break ; done
sleep 5
install-traefik:
cmd[${nodes.k8sm.master.id}]: |-
kubectl apply -f ${baseUrl}/addons/traefik-rbac.yaml
kubectl apply -f ${baseUrl}/addons/traefik-ds.yaml
kubectl apply -f ${baseUrl}/addons/traefik-ui.yaml
generate-admin-token:
- cmd[${nodes.k8sm.master.id}]: kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep fulladmin | awk '{print $1}') | grep 'token:' | sed -e's/token:\| //g'
- setGlobals:
token: ${response.out}
deploy:
- if ('${settings.deploy}' == 'cc'):
cmd[${nodes.k8sm.master.id}]: |-
kubectl apply -f ${baseUrl}/addons/helloworld.yaml
- if ('${settings.deploy}' == 'cmd'):
cmd[${nodes.k8sm.master.id}]: ${settings.cmd}
- if ('${settings.deploy}' == 'yml'):
cmd[${nodes.k8sm.master.id}]: kubectl apply -f ${settings.yml}
connect-storage:
if (${settings.storage:false}):
cmd[${nodes.k8sm.master.id}]: helm install stable/nfs-client-provisioner --set nfs.server=${nodes.storage.master.address} --set nfs.path=/data --set replicaCount=3 --set storageClass.defaultClass=true --set storageClass.allowVolumeExpansion=true --set storageClass.name=jelastic-dynamic-volume
removeWorker:
cmd[${nodes.k8sm.master.id}]: |-
/usr/bin/kubectl drain ${this.workerHostname} --ignore-daemonsets --delete-local-data || exit 8;
/usr/bin/kubectl delete node ${this.workerHostname} || exit 9;
remove-attr:
cmd[*]: |-
chattr -i -a /root/.bash_*
user: root
install-conf-addon:
install:
envName: ${env.envName}
nodeGroup: k8sm
jps:
id: upgrade-k8s-addon
type: update
baseUrl: ${baseUrl}
name: Kubernetes Cluster Configuration
description: Press "Remote API" to enable or disable remote access or "Upgrade" to initiate upgrade procedure.
logo: /images/k8s-logo.png
settings:
fields:
- type: displayfield
caption: Useful info
hideLabel: true
markup: Access and manage the cluster remotely via API
- type: checkbox
name: remote
caption: Enable Remote API Access
value: ${settings.api}
buttons:
- caption: Remote API
settings: main
action: remoteApi
loadingText: Updating...
confirmText: Are you sure?
successText: Remote API Access was successfully updated!
- caption: Upgrade
action: upgrade
loadingText: Updating...
confirmText: Do you want to upgrade Kubernetes Cluster?
successText: Kubernetes Cluster has been successfully upgraded!
actions:
upgrade:
script: |
var envName = "${env.envName}", nodeId = "${nodes.k8sm.master.id}";
var resp = jelastic.env.control.GetNodeInfo(envName, session, nodeId);
if (resp.result != 0) return resp;
var version = resp.node.version;
var image = resp.node.name;
resp = jelastic.env.control.GetContainerNodeTags(envName, session, nodeId);
if (resp.result != 0) return resp;
var tags = resp.object;
var upgrades = [];
for (var i = 0; i < tags.length; i++) if (tags[i] > version) upgrades.push(tags[i]);
var message = "Current version " + version + " is the latest. No upgrades are available.";
if (upgrades.length) {
upgrades.sort();
var next = upgrades.shift();
var baseUrl = "${baseUrl}".split("/"); baseUrl.pop(); baseUrl = baseUrl.join("/");
var url = baseUrl+"/"+next+"/addons/upgrade.jps"
var huc = new java.net.URL(url).openConnection();
huc.setRequestMethod("HEAD");
var code = huc.getResponseCode();
if (code == 200){
return {result:0, onAfterReturn:{execUpgrade:{current:version, next:next, avail:upgrades.join(", "), jps: url}}};
} else {
message = "The next version is " + next + ". However, automated upgrade procedure is not available yet. Please check it later, or contact support team if upgrade is required urgently.";
return {result:"info", message:message};
}
} else {
return {result:"info", message:message};
}
execUpgrade:
install: ${this.jps}
envName: ${env.envName}
settings:
version: ${this.next}
remoteApi:
cmd[${nodes.k8sm.master.id}]: |-
action=$([ "${settings.remote}" == "true" ] && echo "apply" || echo "delete")
kubectl $action -f ${baseUrl}/addons/api-ingress.yaml
success: /text/success.md
You can’t perform that action at this time.