Showing with 141 additions and 44 deletions.
  1. +3 −0 CHANGELOG.md
  2. +56 −35 README.md
  3. +1 −1 metadata.json
  4. +2 −0 tooling/.dockerignore
  5. +28 −0 tooling/Dockerfile
  6. +51 −8 tooling/kube_tool.rb
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
#Version 0.1.3
Provide cli switches for kubetool, and add Dockerfile

# Version 0.1.2
Supports Kubernetes up to 1.8.x

Expand Down
91 changes: 56 additions & 35 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,45 +28,69 @@ It groups containers that make up an application into logical units for easy man

### Setup Requirements

The included configuration tool, `kube_tools` auto generates all the security parameters, the bootstrap token, and other configurations for your cluster into a file. The `kube_tool` requires Ruby 2.3 and above.
The included configuration tool `kube_tools` auto generates all the security parameters, the bootstrap token, and other configurations for your cluster into a file. The `kube_tool` requires Ruby 2.3 and above.

First install the module `puppet module install puppetlabs-kubernetes --version 0.1.0`. We would suggest doing this on a local machine and not a Puppet server as you need cfssl installed.
1. cfssl is a requirement, so we recommend you install the module on a local machine and not a Puppet server by running this command:

To install cfssl, see Cloudflare's [cfssl documentation](https://github.com/cloudflare/cfssl). Change directory into the root of the module and issue `bundle install`.
Then cd into the [tools](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/master/tooling) directory. You will now be able to run the `kube_tool`.
```puppet
puppet module install puppetlabs-kubernetes --version 0.1.3
```

To look at the kube_tools help menu. Just issue `./kube_tool.rb` this will print out:
2. Install cfssl. See Cloudflare's [cfssl documentation](https://github.com/cloudflare/cfssl).

```puppet
3. Change directory into the root of the module, and run the `bundle install` command.

Commands:
kube_tool.rb build_hiera FQDN, IP, BOOTSTRAP_CONTROLLER_IP, ETCD_INITIAL_CLUSTER, ETCD_IP, KUBE_API_ADVERTISE_ADDRESS, INSTALL_DASHBOARD # Pass the cluster params to build your hiera configuration
kube_tool.rb help [COMMAND] # Describe available commands or one specific command
```
4. Change directory into the [tools](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/master/tooling) directory, and run the `kube_tool` command.

5. To view the help menu, run the `./kube_tool.rb -h` command.

So to generate the hiera file for my cluster I would use:
The kube_tools help menu:

```puppet
Usage: kube_tool [options]
-f, --fqdn fqdn fqdn
-i, --ip ip ip
-b bootstrap, the bootstrap controller ip address
--bootstrap-controller-ip
-e etcd_initial_cluster, members of the initial etcd cluster
--etcd-initial-cluster
-t, --etcd-ip etcd_ip ip address of etcd
-a, --api-address api_address the ip address that kube api will listen on
-d dashboard, install the kube dashboard
--install-dashboard
-h, --help Displays Help
```

So to generate the hiera file for my cluster I use:

./kube_tool.rb build_hiera kubernetes 172.17.10.101 172.17.10.101 "etcd-kube-master=http://172.17.10.101:2380,etcd-kube-replica-master-01=http://172.17.10.210:2380,etcd-kube-replica-master-02=http://172.17.10.220:2380" "%{::ipaddress_enp0s8}" "%{::ipaddress_enp0s8}" true
```puppet
./kube_tool.rb -f kubernetes -i 172.17.10.101 -b 172.17.10.101 -e "etcd-kube-master=http://172.17.10.101:2380,etcd-kube-replica-master-01=http://172.17.10.210:2380,etcd-kube-replica-master-02=http://172.17.10.220:2380" -t "%{::ipaddress_enp0s8}" -a "%{::ipaddress_enp0s8}" -d true
```

The parameters are:

* `FQDN`: the cluster fqdn.
* `BOOTSTRAP_CONTROLLER_IP`: the ip address of the controller puppet will use to create things like cluster role bindings, kube dns, and the Kubernetes dashboard.
* `ETCD_INITIAL_CLUSTER`: the server addresses. When in production, include three, five, or seven nodes for etcd.
* `ETCD_IP` and `ETCD_IP KUBE_API_ADVERTISE_ADDRESS`: we recommend passing the fact for the interface to be used by the cluster.
* `ETCD_INITIAL_CLUSTER`: the server addresses. When in production, include three, five, or seven nodes for etcd.
* `ETCD_IP` and `ETCD_IP KUBE_API_ADVERTISE_ADDRESS`: we recommend passing the fact for the interface to be used by the cluster.
* `INSTALL_DASHBOARD`: a boolean to install the dashboard or not.

The tool creates a `kubernetes.yaml` file. To view the file contents on screen, run the `cat` command.

Add the `kubernetes.yaml` file to the Hiera directory on your Puppet server.
6. Add the `kubernetes.yaml` file to the Hiera directory on your Puppet server.

The tool also creates a bootstrap token and base64 encodes any values that need to be encoded for Kubernetes. If you run the `cat` command again, all the values are re-generated, including the certificates and tokens. You can then use Jenkins or Bamboo to add the Hiera file to your control repository or version control application.

If you don't want to use the `kube_tools` configuration tool and want to manually configure the module, all of the parameters are listed in the [Reference](#reference) section and in the [init.pp](https://github.com/puppetlabs/puppetlabs-kubernetes/blob/master/manifests/init.pp) file.

If you don't want to install the dependencies in your local environment, a Dockerfile is included. To build, change directory into the tooling directory, and run the `docker build -t puppet/kubetool` command.

The docker image takes each of the parameters as environment variables. When run as follows it will output a kubernetes.yaml file in your current working directory:

```puppet
docker run -v $(pwd):/mnt -e FQDN=kubernetes -e IP=172.17.10.101 -e BOOTSTRAP_CONTROLLER_IP=172.17.10.101 -e ETCD_INITIAL_CLUSTER="etcd-kube-master=http://172.17.10.101:2380" -e ETCD_IP="%{::ipaddress_enp0s8}" -e KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_enp0s8}" -e INSTALL_DASHBOARD=true puppetlabs/kubetool
```


### Begininning with kubernetes

Expand All @@ -83,7 +107,6 @@ A bootstrap controller is the node a cluster uses to add cluster addons (such as
To make a node a bootstrap controller, add the following code to the manifest:

```puppet
class {'kubernetes':
controller => true,
bootstrap_controller => true,
Expand All @@ -97,7 +120,6 @@ A controller in Kubernetes contains the control plane and `etcd`. In a productio
To make a node a controller, add the following code to the manifest:

```puppet
class {'kubernetes':
controller => true,
}
Expand All @@ -110,7 +132,6 @@ A worker node runs your applications. You can add as many of these as Kubernetes
To make a node a worker node, add the following code to the manifest:

```puppet
class {'kubernetes':
worker => true,
}
Expand Down Expand Up @@ -186,11 +207,11 @@ Defaults to `false`.

#### `kube_api_advertise_address`

The IP address you want exposed by the API server.
The IP address you want exposed by the API server.

An example with hiera would be `kubernetes::kube_api_advertise_address:"%{::ipaddress_enp0s8}"`.

Defaults to `undef`.
Defaults to `undef`.

#### `etcd_version`

Expand Down Expand Up @@ -234,7 +255,7 @@ Defaults to `undef`.

The base64 encoded description of the bootstrap token.

A Hiera example is `kubernetes::bootstrap_token_description: VGhlIGRlZmF1bHQgYm9vdHN0cmFwIHRva2VuIHBhc3NlZCB0byB0aGUgY2x1c3RlciB2aWEgUHVwcGV0Lg== # lint:ignore:140chars`.
A Hiera example is `kubernetes::bootstrap_token_description: VGhlIGRlZmF1bHQgYm9vdHN0cmFwIHRva2VuIHBhc3NlZCB0byB0aGUgY2x1c3RlciB2aWEgUHVwcGV0Lg== # lint:ignore:140chars`.

#### `bootstrap_token_id`

Expand All @@ -259,7 +280,7 @@ The base64 encoded bool which uses the bootstrap token. (true = dHJ1ZQ==)
An example with hiera would be `kubernetes::bootstrap_token_usage_bootstrap_authentication: dHJ1ZQ==`.

Defaults to `undef`.

#### `bootstrap_token_usage_bootstrap_signing`

The base64 encoded bool which uses the bootstrap signing. (true = dHJ1ZQ==)
Expand All @@ -276,49 +297,49 @@ Defaults to `undef`.

#### `client_certificate_data_controller`

The client certificate for the controller. Must be a string value.
The client certificate for the controller. Must be a string value.

Defaults to `undef`.

#### `client_certificate_data_controller_manager`

The client certificate for the controller manager. Must be a string value.
The client certificate for the controller manager. Must be a string value.

Defaults to `undef`.

#### `client_certificate_data_scheduler`

The client certificate for the scheduler. Must be a string value.
The client certificate for the scheduler. Must be a string value.

Defaults to `undef`.

#### `client_certificate_data_worker`

The client certificate for the kubernetes worker. Must be a string value.
The client certificate for the kubernetes worker. Must be a string value.

Defaults to `undef`.

#### `client_key_data_controller`

The client certificate key for the controller. Must be a string value.
The client certificate key for the controller. Must be a string value.

Defaults to `undef`.

#### `client_key_data_controller_manager`

The client certificate key for the controller manager. Must be a string value.
The client certificate key for the controller manager. Must be a string value.

Defaults to `undef`.

#### `client_key_data_scheduler`

The client certificate key for the scheduler. Must be a string value.
The client certificate key for the scheduler. Must be a string value.

Defaults to `undef`.

#### `client_key_data_worker`

The client certificate key for the kubernetes worker. Must be a string value.
The client certificate key for the kubernetes worker. Must be a string value.

Defaults to `undef`.

Expand All @@ -330,7 +351,7 @@ Defaults to `undef`.

#### `apiserver_kubelet_client_key`

The client key for the kubelet api server. Must be a certificate value and not a file.
The client key for the kubelet api server. Must be a certificate value and not a file.

Defaults to `undef`.

Expand Down Expand Up @@ -384,7 +405,7 @@ Defaults to `undef`.

#### `sa_key`

The key for the service account. Must be a certificate value and not a file.
The key for the service account. Must be a certificate value and not a file.

Defaults to `undef`.

Expand Down Expand Up @@ -418,9 +439,9 @@ This module supports only Puppet 4 and above.

This module has been tested on the following OS

RedHat 7.x
CentOS 7.x
Ubuntu 16.04
RedHat 7.x
CentOS 7.x
Ubuntu 16.04

## Development

Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-kubernetes",
"version": "0.1.2",
"version": "0.1.3",
"author": "Puppet",
"summary": "The module installs and configures a Kubernetes cluster",
"license": "Apache-2.0",
Expand Down
2 changes: 2 additions & 0 deletions tooling/.dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Dockerfile
kubernetes.yaml
28 changes: 28 additions & 0 deletions tooling/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
FROM golang:1.9.2-alpine3.6

ENV GOPATH /go
ENV USER root

RUN set -x && \
apk --no-cache add git gcc libc-dev && \
go get github.com/cloudflare/cfssl/cmd/... && \
cd /go/src/github.com/cloudflare/cfssl && \
go get github.com/GeertJohan/go.rice/rice && rice embed-go -i=./cli/serve && \
mkdir bin && cd bin && \
go build ../cmd/cfssl && \
go build ../cmd/cfssljson && \
go build ../cmd/mkbundle && \
go build ../cmd/multirootca && \
echo "Build complete."

FROM ruby:2.3.5-alpine
COPY --from=0 /go/src/github.com/cloudflare/cfssl/vendor/github.com/cloudflare/cfssl_trust /etc/cfssl
COPY --from=0 /go/src/github.com/cloudflare/cfssl/bin/ /usr/bin
COPY . /etc/k8s

RUN set -x && \
apk --no-cache add git

WORKDIR /mnt

ENTRYPOINT ["sh", "-c", "/etc/k8s/kube_tool.rb -f ${FQDN} -i ${IP} -b ${BOOTSTRAP_CONTROLLER_IP} -e ${ETCD_INITIAL_CLUSTER} -t ${ETCD_IP} -a ${KUBE_API_ADVERTISE_ADDRESS} -d ${INSTALL_DASHBOARD}"]
59 changes: 51 additions & 8 deletions tooling/kube_tool.rb
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,57 @@
#!/usr/bin/env ruby

require 'thor'
require 'optparse'
require_relative 'kube_tool/pre_checks.rb'
require_relative 'kube_tool/create_certs.rb'
require_relative 'kube_tool/create_token.rb'
require_relative 'kube_tool/clean_up.rb'
require_relative 'kube_tool/other_params.rb'

class Kube_tool < Thor
desc "build_hiera FQDN, IP, BOOTSTRAP_CONTROLLER_IP, ETCD_INITIAL_CLUSTER, ETCD_IP, KUBE_API_ADVERTISE_ADDRESS, INSTALL_DASHBOARD", "Pass the cluster params to build your hiera configuration"
def build_hiera(fqdn, ip, bootstrap_controller_ip, etcd_initial_cluster, etcd_ip, kube_api_advertise_address, install_dashboard)
options = {:fqdn => nil, :ip => nil, :bootstrap_controller_ip => nil, :etcd_initial_cluster => nil, :etcd_ip => nil, :kube_api_advertise_address => nil, :install_dashboard => nil}

parser = OptionParser.new do|opts|
opts.on('-f', '--fqdn fqdn', 'fqdn') do |fqdn|
options[:fqdn] = fqdn;
end

opts.on('-i', '--ip ip', 'ip') do |ip|
options[:ip] = ip;
end

opts.on('-b', '--bootstrap-controller-ip bootstrap', 'the bootstrap controller ip address') do |bootstrap|
options[:bootstrap_controller_ip] = bootstrap;
end

opts.on('-e', '--etcd-initial-cluster etcd_initial_cluster', 'members of the initial etcd cluster') do |etcd_initial_cluster|
options[:etcd_initial_cluster] = etcd_initial_cluster;
end

opts.on('-t', '--etcd-ip etcd_ip', 'ip address of etcd') do |etcd_ip|
options[:etcd_ip] = etcd_ip;
end

opts.on('-a', '--api-address api_address', 'the ip address that kube api will listen on') do |api_address|
options[:kube_api_advertise_address] = api_address;
end

opts.on('-d', '--install-dashboard dashboard', 'install the kube dashboard') do |dashboard|
options[:install_dashboard] = dashboard;
end

opts.on('-h', '--help', 'Displays Help') do
puts opts
exit
end
end

parser.parse!


class Kube_tool
def build_hiera(hash)
PreChecks.checks
CreateCerts.ca
CreateCerts.api_servers(fqdn, ip)
CreateCerts.api_servers(hash[:fqdn], hash[:ip])
PreChecks.checks
CreateCerts.sa
CreateCerts.admin
Expand All @@ -24,8 +63,12 @@ def build_hiera(fqdn, ip, bootstrap_controller_ip, etcd_initial_cluster, etcd_ip
CreateCerts.kube_scheduler
CreateCerts.kube_workers
CreateToken.bootstrap
OtherParams.create(bootstrap_controller_ip, fqdn, etcd_initial_cluster, etcd_ip, kube_api_advertise_address, install_dashboard)
OtherParams.create(hash[:bootstrap_controller_ip], hash[:fqdn], hash[:etcd_initial_cluster], hash[:etcd_ip], hash[:kube_api_advertise_address], hash[:install_dashboard])
CleanUp.remove_files
end
end
end
Kube_tool.start(ARGV)

generate = Kube_tool.new

generate.build_hiera(options)