New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
external etcd support #68
Conversation
Certificate setup seems to have some issue on kubeadm side: kubernetes/kubeadm#730 |
4724368
to
e3caf38
Compare
add some specs for master config generator add etcd cert support use certs for external etcd
e3caf38
to
c37eee6
Compare
Should we wait for official 1.10 kubeadm or merge this with the "hack" to get 1.10.beta kubeadm in and have separate issue to fix that when official release comes out? |
Gemfile.lock
Outdated
@@ -0,0 +1,130 @@ | |||
PATH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably should not be part of this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, I'll take it out
user: vagrant | ||
role: master | ||
ssh_key_path: ~/.vagrant.d/insecure_private_key | ||
container_runtime: docker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to define container_runtime, it defaults to docker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but does not hurt either :)
options << "--apiserver-advertise-address #{@master.address}" | ||
end | ||
cfg = generate_config | ||
tmp_file = File.join('/tmp', 'kubeadm.cfg.' + SecureRandom.hex(16)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be removed after init?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I'll make it happen
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@ssh.upload(StringIO.new(cfg.to_yaml), tmp_file) | ||
|
||
# Copy etcd certs over if needed | ||
exec_script('configure-etcd-certs.sh', { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the reasoning behind this vs using scp to transfer files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't scp into /etc/...
. This makes it happen without scp+exec('sudo mv ...')
lib/kupo/scripts/configure-kube.sh
Outdated
# See: https://github.com/kubernetes/kubernetes/pull/59057 | ||
# FIXME Remove when we're using official 1.10 kubeadm | ||
curl -o /usr/bin/kubeadm https://storage.googleapis.com/kubernetes-release/release/v1.10.0-beta.3/bin/linux/amd64/kubeadm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
amd64
is hardcoded.. should probably be <%= arch.name %>
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And if we download binary we don't need kubeadm
from repos?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to figure out the arch in the script itself as it is running on the actual host. Makes it more robust IMO.
We need also some kubeadm version override to hande this kind of case where we run different versions of kubeadm and kube itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -0,0 +1,116 @@ | |||
require "kupo/config" | |||
require "kupo/phases/configure_master" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
leftovers from earlier style of cert handling, removed now
|
||
|
||
describe '#call' do | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something missing here?
fixed all the commented issues, PTAL @jakolehm |
lib/kupo/scripts/configure-kube.sh
Outdated
curl -o /usr/bin/kubeadm https://storage.googleapis.com/kubernetes-release/release/v1.10.0-beta.3/bin/linux/amd64/kubeadm | ||
# Get kubeadm binary directly | ||
arch=`uname -m` | ||
case "$arch" in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant that arch
should come as a variable from phase. We already collect host.cpu_arch
information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docs missing (README).
README.md
Outdated
@@ -50,6 +50,25 @@ You can view full sample of cluster.yml [here](./cluster.example.yml). | |||
- `pod_network_cidr` - IP address range for the pod network. (default "10.32.0.0/12") | |||
- `trusted_subnets` - array of trusted subnets where overlay network can be used without IPSEC. | |||
|
|||
## Using external Etcd | |||
|
|||
Kupo can spin up Kubernetes using an externally managed Etcd. In this case you need to define the external etcd details in your `cluster.yml` file: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Etcd -> etcd (lowercase)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Support for external etcd configuration, needs top level
etcd
config in the cluster yaml.TODOs:
fixes #46