❗ This project is inactive due to a new project which supersedes this project's functionality. You can find it at https://github.com/pblaas/nagoya.
KiOTO is my take on a tool to deploy a high available Kubernetes cluster on OpenStack.
KiOTO is an acronym for Kubernetes Openstack Terraform generatOr.
This project consists of the python script kioto.py and several template files. Through the Jinja2 templating engine a Terraform file is generated which is used to spin up a kubernetes cluster. The cloudinit files which are injected in the CoreOS Container Linux Terraformed nodes are generated by the python script.
- OpenStack
- Terraform
- Python2.7
- Jinja2 python module
- git
- Openstack 'allow-all' security group for SNAT ports.
usage: kioto.py [-h] [--corepassword COREPASSWORD] [--username USERNAME]
[--projectname PROJECTNAME] [--clustername CLUSTERNAME]
[--subnetcidr SUBNETCIDR] [--calicocidr CALICOCIDR]
[--managers MANAGERS] [--workers WORKERS]
[--managerimageflavor MANAGERIMAGEFLAVOR]
[--workerimageflavor WORKERIMAGEFLAVOR]
[--glanceimagename GLANCEIMAGENAME] [--dnsserver DNSSERVER]
[--cloudprovider CLOUDPROVIDER] [--k8sver K8SVER]
[--flannelver FLANNELVER] [--netoverlay NETOVERLAY]
[--authmode AUTHMODE] [--alphafeatures ALPHAFEATURES]
[--availabilityzone AVAILABILITYZONE]
[--externalnetid EXTERNALNETID]
keypair floatingip1 floatingip2
positional arguments:
keypair Keypair ID
floatingip1 Floatingip 1 for API calls
floatingip2 Floatingip 2 for public access to cluster
optional arguments:
-h, --help show this help message and exit
--corepassword COREPASSWORD
Password to authenticate with core user
--username USERNAME Openstack username - (OS_USERNAME environment
variable)
--projectname PROJECTNAME
Openstack project Name - (OS_TENANT_NAME environment
variable)
--clustername CLUSTERNAME
Clustername - (k8scluster)
--subnetcidr SUBNETCIDR
Private subnet CIDR - (192.168.3.0/24)
--calicocidr CALICOCIDR
Calico subnet CIDR - (10.244.0.0/16)
--managers MANAGERS Number of k8s managers - (3)
--workers WORKERS Number of k8s workers - (0)
--managerimageflavor MANAGERIMAGEFLAVOR
Manager image flavor ID - (2004)
--workerimageflavor WORKERIMAGEFLAVOR
Worker image flavor ID - (2008)
--glanceimagename GLANCEIMAGENAME
Glance image name ID - (Container Linux CoreOS (third-
party))
--dnsserver DNSSERVER
DNS server - (8.8.8.8)
--cloudprovider CLOUDPROVIDER
Cloud provider support - (openstack)
--k8sver K8SVER Hyperkube version - (v1.8.7_coreos.0)
--flannelver FLANNELVER
Flannel image version - (v0.8.0)
--netoverlay NETOVERLAY
Network overlay - (flannel)
--authmode AUTHMODE Authorization mode - (AlwaysAllow)
--alphafeatures ALPHAFEATURES
enable alpha feature - (false)
--availabilityzone AVAILABILITYZONE
Availability zone - (AMS-EQ1)
--externalnetid EXTERNALNETID
External network id - (f9c73cd5-9e7b-4bfd-89eb-
c2f4f584c326)
- HA master K8S setup.
- PKI on ETCD cluster.
- PKI on K8S nodes.
- RBAC authorization mode.
- NodeRestriction admission control.
- OpenStack provider for Storage through Cinder plugin.
- Loadbalancing k8s managers through OpenStack (LBAAS).
- Loadbalancing k8s workers (up to first three) through OpenStack (LBAAS) for ingress.
- Flannel network overlay support.
- Calico network overlay support.
- Private network support.
- All managers nodes are part of etcd2 cluster.
If you are using this script without my managment container (pblaas/openstack-cli) make sure you set the following environment variables:
- export OS_TENANT_ID=$OS_PROJECT_ID
- export OS_TENANT_NAME=$OS_PROJECT_NAME
You're environment may use other defaults. Please let me know if you need to change anything to make this work on your end, not being on cloudvps.com so I can update the scripts and define this in provided params.