-
Notifications
You must be signed in to change notification settings - Fork 38.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #21737 from FujitsuEnablingSoftwareTechnologyGmbH/…
…openstack-provider Automatic merge from submit-queue Openstack provider Our pull request delivers solution to create Kubernetes cluster on the top of OpenStack. Heat OpenStack Orchestration engine describes the infrastructure for Kubernetes cluster. CentoOS images are used for Kubernetes host machines. We tested our solution with DevStack and Citycloud provider. We believe that our solution will fill the gap that which is on the market. <!-- Reviewable:start --> --- This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/21737) <!-- Reviewable:end -->
- Loading branch information
Showing
28 changed files
with
1,632 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2015 The Kubernetes Authors All rights reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
## Contains configuration values for the Openstack cluster | ||
|
||
# Stack name | ||
STACK_NAME=${STACK_NAME:-KubernetesStack} | ||
|
||
# Keypair for kubernetes stack | ||
KUBERNETES_KEYPAIR_NAME=${KUBERNETES_KEYPAIR_NAME:-kubernetes_keypair} | ||
|
||
# Kubernetes release tar file | ||
KUBERNETES_RELEASE_TAR=${KUBERNETES_RELEASE_TAR:-kubernetes-server-linux-amd64.tar.gz} | ||
|
||
NUMBER_OF_MINIONS=${NUMBER_OF_MINIONS-3} | ||
|
||
MAX_NUMBER_OF_MINIONS=${MAX_NUMBER_OF_MINIONS:-3} | ||
|
||
MASTER_FLAVOR=${MASTER_FLAVOR:-m1.medium} | ||
|
||
MINION_FLAVOR=${MINION_FLAVOR:-m1.medium} | ||
|
||
EXTERNAL_NETWORK=${EXTERNAL_NETWORK:-public} | ||
|
||
SWIFT_SERVER_URL=${SWIFT_SERVER_URL:-} | ||
|
||
# Flag indicates if new image must be created. If 'false' then image with IMAGE_ID will be used. | ||
# If 'true' then new image will be created from file config-image.sh | ||
CREATE_IMAGE=${CREATE_IMAGE:-true} # use "true" for devstack | ||
|
||
# Flag indicates if image should be downloaded | ||
DOWNLOAD_IMAGE=${DOWNLOAD_IMAGE:-true} | ||
|
||
# Image id which will be used for kubernetes stack | ||
IMAGE_ID=${IMAGE_ID:-f0f394b1-5546-4b68-b2bc-8abe8a7e6b8b} | ||
|
||
# DNS server address | ||
DNS_SERVER=${DNS_SERVER:-8.8.8.8} | ||
|
||
# Public RSA key path | ||
CLIENT_PUBLIC_KEY_PATH=${CLIENT_PUBLIC_KEY_PATH:-~/.ssh/id_rsa.pub} | ||
|
||
# Max time period for stack provisioning. Time in minutes. | ||
STACK_CREATE_TIMEOUT=${STACK_CREATE_TIMEOUT:-60} | ||
|
||
# Enable Proxy, if true kube-up will apply your current proxy settings(defined by *_PROXY environment variables) to the deployment. | ||
ENABLE_PROXY=${ENABLE_PROXY:-false} | ||
|
||
# Per-protocol proxy settings. | ||
FTP_PROXY=${FTP_PROXY:-} | ||
HTTP_PROXY=${HTTP_PROXY:-} | ||
HTTPS_PROXY=${HTTPS_PROXY:-} | ||
SOCKS_PROXY=${SOCKS_PROXY:-} | ||
|
||
# IPs and Domains that bypass the proxy. | ||
NO_PROXY=${NO_PROXY:-} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2015 The Kubernetes Authors All rights reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
## Contains configuration values for new image. It is skip when CREATE_IMAGE=false | ||
|
||
# Image name which will be displayed in OpenStack | ||
OPENSTACK_IMAGE_NAME=${OPENSTACK_IMAGE_NAME:-CentOS7} | ||
|
||
# Downloaded image name for Openstack project | ||
IMAGE_FILE=${IMAGE_FILE:-CentOS-7-x86_64-GenericCloud-1510.qcow2} | ||
|
||
# Absolute path where image file is stored. | ||
IMAGE_PATH=${IMAGE_PATH:-~/Downloads/openstack} | ||
|
||
# The URL basepath for downloading the image | ||
IMAGE_URL_PATH=${IMAGE_URL_PATH:-http://cloud.centos.org/centos/7/images} | ||
|
||
# The disk format of the image. Acceptable formats are ami, ari, aki, vhd, vmdk, raw, qcow2, vdi, and iso. | ||
IMAGE_FORMAT=${IMAGE_FORMAT:-qcow2} | ||
|
||
# The container format of the image. Acceptable formats are ami, ari, aki, bare, docker, and ovf. | ||
CONTAINER_FORMAT=${CONTAINER_FORMAT:-bare} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2015 The Kubernetes Authors All rights reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
## Contains configuration values for interacting with the Ubuntu cluster in test mode | ||
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../.. | ||
source "${KUBE_ROOT}/cluster/openstack-heat/config-default.sh" |
70 changes: 70 additions & 0 deletions
70
cluster/openstack-heat/kubernetes-heat/fragments/configure-proxy.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2015 The Kubernetes Authors All rights reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
# The contents of these variables swapped in by heat via environments presented to kube-up.sh | ||
|
||
export ETC_ENVIRONMENT='FTP_PROXY=$FTP_PROXY | ||
HTTP_PROXY=$HTTP_PROXY | ||
HTTPS_PROXY=$HTTPS_PROXY | ||
SOCKS_PROXY=$SOCKS_PROXY | ||
NO_PROXY=$NO_PROXY | ||
ftp_proxy=$FTP_PROXY | ||
http_proxy=$HTTP_PROXY | ||
https_proxy=$HTTPS_PROXY | ||
socks_proxy=$SOCKS_PROXY | ||
no_proxy=$NO_PROXY | ||
' | ||
|
||
export ETC_PROFILE_D='export FTP_PROXY=$FTP_PROXY | ||
export HTTP_PROXY=$HTTP_PROXY | ||
export HTTPS_PROXY=$HTTPS_PROXY | ||
export SOCKS_PROXY=$SOCKS_PROXY | ||
export NO_PROXY=$NO_PROXY | ||
export ftp_proxy=$FTP_PROXY | ||
export http_proxy=$HTTP_PROXY | ||
export https_proxy=$HTTPS_PROXY | ||
export socks_proxy=$SOCKS_PROXY | ||
export no_proxy=$NO_PROXY | ||
' | ||
|
||
export DOCKER_PROXY='[Service] | ||
Environment="HTTP_PROXY=$HTTP_PROXY" | ||
Environment="HTTPS_PROXY=$HTTPS_PROXY" | ||
Environment="SOCKS_PROXY=$SOCKS_PROXY" | ||
Environment="NO_PROXY=$NO_PROXY" | ||
Environment="ftp_proxy=$FTP_PROXY" | ||
Environment="http_proxy=$HTTP_PROXY" | ||
Environment="https_proxy=$HTTPS_PROXY" | ||
Environment="socks_proxy=$SOCKS_PROXY" | ||
Environment="no_proxy=$NO_PROXY" | ||
' | ||
|
||
# This again is set by heat | ||
ENABLE_PROXY='$ENABLE_PROXY' | ||
|
||
# Heat itself doesn't have conditionals, so this is how we set up our proxy without breaking non-proxy setups. | ||
if [[ "${ENABLE_PROXY}" == "true" ]]; then | ||
mkdir -p /etc/systemd/system/docker.service.d/ | ||
|
||
echo "${ETC_ENVIRONMENT}" >> /etc/environment | ||
echo "${ETC_PROFILE_D}" > /etc/profile.d/proxy_config.sh | ||
echo "${DOCKER_PROXY}" > etc/systemd/system/docker.service.d/http-proxy.conf | ||
echo "proxy=$HTTP_PROXY" >> /etc/yum.conf | ||
fi |
56 changes: 56 additions & 0 deletions
56
cluster/openstack-heat/kubernetes-heat/fragments/configure-salt.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#cloud-config | ||
merge_how: dict(recurse_array)+list(append) | ||
bootcmd: | ||
- mkdir -p /etc/salt/minion.d | ||
- mkdir -p /srv/salt-overlay/pillar | ||
write_files: | ||
- path: /etc/salt/minion.d/log-level-debug.conf | ||
content: | | ||
log_level: warning | ||
log_level_logfile: warning | ||
- path: /etc/salt/minion.d/grains.conf | ||
content: | | ||
grains: | ||
node_ip: $MASTER_IP | ||
publicAddressOverride: $MASTER_IP | ||
network_mode: openvswitch | ||
networkInterfaceName: eth0 | ||
api_servers: $MASTER_IP | ||
cloud: openstack | ||
cloud_config: /srv/kubernetes/openstack.conf | ||
roles: | ||
- $role | ||
runtime_config: "" | ||
docker_opts: "" | ||
master_extra_sans: "DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local,DNS:kubernetes-master" | ||
keep_host_etcd: true | ||
- path: /srv/kubernetes/openstack.conf | ||
content: | | ||
[Global] | ||
auth-url=$OS_AUTH_URL | ||
username=$OS_USERNAME | ||
password=$OS_PASSWORD | ||
region=$OS_REGION_NAME | ||
tenant-id=$OS_TENANT_ID | ||
- path: /srv/salt-overlay/pillar/cluster-params.sls | ||
content: | | ||
service_cluster_ip_range: 10.246.0.0/16 | ||
cert_ip: 10.246.0.1 | ||
enable_cluster_monitoring: influxdb | ||
enable_cluster_logging: "true" | ||
enable_cluster_ui: "true" | ||
enable_node_logging: "true" | ||
logging_destination: elasticsearch | ||
elasticsearch_replicas: "1" | ||
enable_cluster_dns: "true" | ||
dns_replicas: "1" | ||
dns_server: 10.246.0.10 | ||
dns_domain: cluster.local | ||
instance_prefix: kubernetes | ||
admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota | ||
enable_cpu_cfs_quota: "true" | ||
network_provider: none | ||
opencontrail_tag: R2.20 | ||
opencontrail_kubernetes_tag: master | ||
opencontrail_public_subnet: 10.1.0.0/16 | ||
e2e_storage_test_environment: "false" |
43 changes: 43 additions & 0 deletions
43
cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-master.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
#cloud-config | ||
merge_how: dict(recurse_array)+list(append) | ||
bootcmd: | ||
- mkdir -p /srv/salt-overlay/salt/kube-apiserver | ||
- mkdir -p /srv/salt-overlay/salt/kubelet | ||
write_files: | ||
- path: /srv/salt-overlay/salt/kube-apiserver/basic_auth.csv | ||
permissions: "0600" | ||
content: | | ||
$apiserver_password,$apiserver_user,admin | ||
- path: /srv/salt-overlay/salt/kube-apiserver/known_tokens.csv | ||
permissions: "0600" | ||
content: | | ||
$token_kubelet,kubelet,kubelet | ||
$token_kube_proxy,kube_proxy,kube_proxy | ||
TokenSystemScheduler,system:scheduler,system:scheduler | ||
TokenSystemControllerManager,system:controller_manager,system:controller_manager | ||
TokenSystemLogging,system:logging,system:logging | ||
TokenSystemMonitoring,system:monitoring,system:monitoring | ||
TokenSystemDns,system:dns,system:dns | ||
- path: /srv/salt-overlay/salt/kubelet/kubernetes_auth | ||
permissions: "0600" | ||
content: | | ||
{"BearerToken": "$token_kubelet", "Insecure": true } | ||
- path: /srv/salt-overlay/salt/kubelet/kubeconfig | ||
permissions: "0600" | ||
content: | | ||
apiVersion: v1 | ||
kind: Config | ||
users: | ||
- name: kubelet | ||
user: | ||
token: $token_kubelet | ||
clusters: | ||
- name: local | ||
cluster: | ||
insecure-skip-tls-verify: true | ||
contexts: | ||
- context: | ||
cluster: local | ||
user: kubelet | ||
name: service-account-context | ||
current-context: service-account-context |
44 changes: 44 additions & 0 deletions
44
cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-node.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
#cloud-config | ||
merge_how: dict(recurse_array)+list(append) | ||
bootcmd: | ||
- mkdir -p /srv/salt-overlay/salt/kubelet | ||
- mkdir -p /srv/salt-overlay/salt/kube-proxy | ||
write_files: | ||
- path: /srv/salt-overlay/salt/kubelet/kubeconfig | ||
permissions: "0600" | ||
content: | | ||
apiVersion: v1 | ||
kind: Config | ||
users: | ||
- name: kubelet | ||
user: | ||
token: $token_kubelet | ||
clusters: | ||
- name: local | ||
cluster: | ||
insecure-skip-tls-verify: true | ||
contexts: | ||
- context: | ||
cluster: local | ||
user: kubelet | ||
name: service-account-context | ||
current-context: service-account-context | ||
- path: /srv/salt-overlay/salt/kube-proxy/kubeconfig | ||
permissions: "0600" | ||
content: | | ||
apiVersion: v1 | ||
kind: Config | ||
users: | ||
- name: kube-proxy | ||
user: | ||
token: $token_kube_proxy | ||
clusters: | ||
- name: local | ||
cluster: | ||
insecure-skip-tls-verify: true | ||
contexts: | ||
- context: | ||
cluster: local | ||
user: kube-proxy | ||
name: service-account-context | ||
current-context: service-account-context |
23 changes: 23 additions & 0 deletions
23
cluster/openstack-heat/kubernetes-heat/fragments/hostname-hack.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2015 The Kubernetes Authors All rights reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
# Workaround for this, which has been fixed but not widely distributed: https://bugs.launchpad.net/cloud-init/+bug/1246485 | ||
# See also http://blog.oddbit.com/2014/12/10/cloudinit-and-the-case-of-the-changing-hostname/ | ||
hostname > /etc/hostname |
Oops, something went wrong.