external etcd support #68
Conversation
|
Certificate setup seems to have some issue on kubeadm side: kubernetes/kubeadm#730 |
jnummelin
force-pushed
the
feature/external-etcd
branch
from
4724368
to
e3caf38
Compare
add some specs for master config generator add etcd cert support use certs for external etcd
jnummelin
force-pushed
the
feature/external-etcd
branch
from
e3caf38
to
c37eee6
Compare
|
Should we wait for official 1.10 kubeadm or merge this with the "hack" to get 1.10.beta kubeadm in and have separate issue to fix that when official release comes out? |
Gemfile.lock
Outdated
| @@ -0,0 +1,130 @@ | |||
| PATH | |||
There was a problem hiding this comment.
Probably should not be part of this PR?
There was a problem hiding this comment.
yeah, I'll take it out
| user: vagrant | ||
| role: master | ||
| ssh_key_path: ~/.vagrant.d/insecure_private_key | ||
| container_runtime: docker |
There was a problem hiding this comment.
No need to define container_runtime, it defaults to docker.
There was a problem hiding this comment.
but does not hurt either :)
| options << "--apiserver-advertise-address #{@master.address}" | ||
| end | ||
| cfg = generate_config | ||
| tmp_file = File.join('/tmp', 'kubeadm.cfg.' + SecureRandom.hex(16)) |
There was a problem hiding this comment.
This should be removed after init?
There was a problem hiding this comment.
Yes, I'll make it happen
| @ssh.upload(StringIO.new(cfg.to_yaml), tmp_file) | ||
|
|
||
| # Copy etcd certs over if needed | ||
| exec_script('configure-etcd-certs.sh', { |
There was a problem hiding this comment.
What is the reasoning behind this vs using scp to transfer files?
There was a problem hiding this comment.
We can't scp into /etc/.... This makes it happen without scp+exec('sudo mv ...')
lib/kupo/scripts/configure-kube.sh
Outdated
| # See: https://github.com/kubernetes/kubernetes/pull/59057 | ||
| # FIXME Remove when we're using official 1.10 kubeadm | ||
| curl -o /usr/bin/kubeadm https://storage.googleapis.com/kubernetes-release/release/v1.10.0-beta.3/bin/linux/amd64/kubeadm |
There was a problem hiding this comment.
amd64 is hardcoded.. should probably be <%= arch.name %>.
There was a problem hiding this comment.
And if we download binary we don't need kubeadm from repos?
There was a problem hiding this comment.
I think we need to figure out the arch in the script itself as it is running on the actual host. Makes it more robust IMO.
We need also some kubeadm version override to hande this kind of case where we run different versions of kubeadm and kube itself.
| @@ -0,0 +1,116 @@ | |||
| require "kupo/config" | |||
| require "kupo/phases/configure_master" | |||
|
|
|||
There was a problem hiding this comment.
leftovers from earlier style of cert handling, removed now
|
|
||
|
|
||
| describe '#call' do | ||
|
|
|
fixed all the commented issues, PTAL @jakolehm |
lib/kupo/scripts/configure-kube.sh
Outdated
| curl -o /usr/bin/kubeadm https://storage.googleapis.com/kubernetes-release/release/v1.10.0-beta.3/bin/linux/amd64/kubeadm | ||
| # Get kubeadm binary directly | ||
| arch=`uname -m` | ||
| case "$arch" in |
There was a problem hiding this comment.
I meant that arch should come as a variable from phase. We already collect host.cpu_arch information.
README.md
Outdated
| @@ -50,6 +50,25 @@ You can view full sample of cluster.yml [here](./cluster.example.yml). | |||
| - `pod_network_cidr` - IP address range for the pod network. (default "10.32.0.0/12") | |||
| - `trusted_subnets` - array of trusted subnets where overlay network can be used without IPSEC. | |||
|
|
|||
| ## Using external Etcd | |||
|
|
|||
| Kupo can spin up Kubernetes using an externally managed Etcd. In this case you need to define the external etcd details in your `cluster.yml` file: | |||
Support for external etcd configuration, needs top level
etcdconfig in the cluster yaml.TODOs:
fixes #46