1 change: 1 addition & 0 deletions .puppet-lint.rc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
--relative
2 changes: 1 addition & 1 deletion .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ GetText:
GetText/DecorateString:
Description: We don't want to decorate test output.
Exclude:
- spec/*
- spec/**/*
RSpec/BeforeAfterAll:
Description: Beware of using after(:all) as it may cause state to leak between tests.
A necessary evil in acceptance testing.
Expand Down
1 change: 1 addition & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
dist: xenial
language: ruby
cache: bundler
before_install:
Expand Down
6 changes: 6 additions & 0 deletions .vscode/extensions.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"recommendations": [
"jpogran.puppet-vscode",
"rebornix.Ruby"
]
}
20 changes: 20 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,26 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).

## [v5.0.0](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/v5.0.0) (2019-07-24)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-kubernetes/compare/v4.0.1...v5.0.0)

### Changed

- \(FM-8100\) Update minimum supported Puppet version to 5.5.10 [\#291](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/291) ([sheenaajay](https://github.com/sheenaajay))

### Added

- Modify config\_version to kubernetes\_version mapping. Pre-req to supporting Kube 1.15 [\#308](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/308) ([nickperry](https://github.com/nickperry))
- add support for cilium network provider [\#265](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/265) ([SimonHoenscheid](https://github.com/SimonHoenscheid))

### Fixed

- Manage front-proxy ca certs - fixes \#275 [\#321](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/321) ([nickperry](https://github.com/nickperry))
- Expose ttl duration parameter [\#313](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/313) ([carabasdaniel](https://github.com/carabasdaniel))
- make proxy mode configurable [\#297](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/297) ([mrwulf](https://github.com/mrwulf))
- Fixed duplicate tlsBootstrapToken in config\_worker.yaml.erb for kubernetes 1.14 [\#287](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/287) ([Hillkorn](https://github.com/Hillkorn))

## [v4.0.1](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/v4.0.1) (2019-05-13)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-kubernetes/compare/4.0.0...v4.0.1)
Expand Down
21 changes: 17 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,15 +58,16 @@ docker run --rm -v $(pwd):/mnt --env-file env puppet/kubetool:{$module_version}
The `docker run` command above includes an `env` file which is included in the root folder of this repo.

```
docker run --rm -v $(pwd):/mnt -e OS=debian -e VERSION=1.10.2 -e CONTAINER_RUNTIME=docker -e CNI_PROVIDER=weave -e ETCD_INITIAL_CLUSTER=kube-master:172.17.10.101,kube-replica-master-01:172.17.10.210,kube-replica-master-02:172.17.10.220 -e ETCD_IP="%{::ipaddress_eth1}" -e KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_eth1}" -e INSTALL_DASHBOARD=true puppet/kubetool:{$module-version}
docker run --rm -v $(pwd):/mnt -e OS=debian -e VERSION=1.10.2 -e CONTAINER_RUNTIME=docker -e CNI_PROVIDER=cilium -e CNI_PROVIDER_VERSION=1.4.3 -e ETCD_INITIAL_CLUSTER=kube-master:172.17.10.101,kube-replica-master-01:172.17.10.210,kube-replica-master-02:172.17.10.220 -e ETCD_IP="%{::ipaddress_eth1}" -e KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_eth1}" -e INSTALL_DASHBOARD=true puppet/kubetool:{$module-version}
```

The above parameters are:

* `OS`: The operating system Kubernetes runs on.
* `VERSION`: The version of Kubernetes to deploy.
* `CONTAINER_RUNTIME`: The container runtime Kubernetes uses. Set this value to `docker` (officially supported) or `cri_containerd`. Advanced Kubernetes users can use `cri_containerd`, however this requires an increased understanding of Kubernetes, specifically when running applications in a HA cluster. To run a HA cluster and access your applications, an external load balancer is required in front of your cluster. Setting this up is beyond the scope of this module. For more information, see the Kubernetes [documentation](https://kubernetes-v1-4.github.io/docs/user-guide/load-balancer/).
* `CNI_PROVIDER`: The CNI network to install. Set this value to `weave` or `flannel`.
* `CNI_PROVIDER`: The CNI network to install. Set this value to `weave`, `flannel`, `calico` or `cilium`.
* `CNI_PROVIDER_VERSION` The CNI version to use `calico` and `cilium` use this variable to reference the correct deployment file. Current version for `calico` is `3.6` and `cilium` is `1.4.3`
* `ETCD_INITIAL_CLUSTER`: The server hostnames and IPs in the form of `hostname:ip`. When in production, include three, five, or seven nodes for etcd.
* `ETCD_IP`: The IP each etcd member listens on. We recommend passing the fact for the interface to be used by the cluster.
* `KUBE_API_ADVERTISE_ADDRESS`: The IP each etcd/apiserver instance uses on each controller. We recommend passing the fact for the interface to be used by the cluster.
Expand Down Expand Up @@ -526,7 +527,19 @@ Defaults to `undef`.

#### `kubernetes_ca_key`

The clusters CA key. Must be passed as a string and not a file.
The cluster's CA key. Must be passed as a string and not a file.

Defaults to `undef`.

#### `kubernetes_front_proxy_ca_crt`

The cluster's front-proxy CA certificate. Must be passed as a string and not a file.

Defaults to `undef`.

#### `kubernetes_front_proxy_ca_key`

The cluster's front-proxy CA key. Must be passed as a string and not a file.

Defaults to `undef`.

Expand Down Expand Up @@ -702,7 +715,7 @@ Docker is the supported container runtime for this module.

## Development

If you would like to contribute to this module, please follow the rules in the [CONTRIBUTING.md](https://github.com/puppetlabs/puppetlabs-kubernetes/blob/master/CONTRIBUTING.md).
If you would like to contribute to this module, please follow the rules in the [CONTRIBUTING.md](https://github.com/puppetlabs/puppetlabs-kubernetes/blob/master/CONTRIBUTING.md). For more information, see our [module contribution guide.](https://puppet.com/docs/puppet/latest/contributing.html)

## Examples

Expand Down
1 change: 1 addition & 0 deletions Rakefile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
Expand Down
15 changes: 12 additions & 3 deletions manifests/config/kubeadm.pp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Class kubernetes config kubeadm, populates kubeadm config file with params to bootstrap cluster
class kubernetes::config::kubeadm (
String $config_file = $kubernetes::config_file,
String $controller_address = $kubernetes::controller_address,
Boolean $manage_etcd = $kubernetes::manage_etcd,
String $etcd_install_method = $kubernetes::etcd_install_method,
String $kubernetes_version = $kubernetes::kubernetes_version,
Expand All @@ -23,9 +24,12 @@
Integer $api_server_count = $kubernetes::api_server_count,
String $etcd_version = $kubernetes::etcd_version,
String $token = $kubernetes::token,
String $ttl_duration = $kubernetes::ttl_duration,
String $discovery_token_hash = $kubernetes::discovery_token_hash,
String $kubernetes_ca_crt = $kubernetes::kubernetes_ca_crt,
String $kubernetes_ca_key = $kubernetes::kubernetes_ca_key,
String $kubernetes_front_proxy_ca_crt = $kubernetes::kubernetes_front_proxy_ca_crt,
String $kubernetes_front_proxy_ca_key = $kubernetes::kubernetes_front_proxy_ca_key,
String $container_runtime = $kubernetes::container_runtime,
String $sa_pub = $kubernetes::sa_pub,
String $sa_key = $kubernetes::sa_key,
Expand All @@ -43,11 +47,16 @@
Optional[Hash] $kubelet_extra_config = $kubernetes::kubelet_extra_config,
String $image_repository = $kubernetes::image_repository,
String $cgroup_driver = $kubernetes::cgroup_driver,
String $proxy_mode = $kubernetes::proxy_mode,
) {

if !($proxy_mode in ['', 'userspace', 'iptables', 'ipvs', 'kernelspace']) {
fail('Invalid kube-proxy mode! Must be one of "", userspace, iptables, ipvs, kernelspace.')
}

$kube_dirs = ['/etc/kubernetes','/etc/kubernetes/manifests','/etc/kubernetes/pki','/etc/kubernetes/pki/etcd']
$etcd = ['ca.crt', 'ca.key', 'client.crt', 'client.key','peer.crt', 'peer.key', 'server.crt', 'server.key']
$pki = ['ca.crt', 'ca.key','sa.pub','sa.key']
$pki = ['ca.crt','ca.key','front-proxy-ca.crt','front-proxy-ca.key','sa.pub','sa.key']
$kube_dirs.each | String $dir | {
file { $dir :
ensure => directory,
Expand Down Expand Up @@ -132,8 +141,8 @@

$config_version = $kubernetes_version ? {
/1.1(0|1)/ => 'v1alpha1',
/1.1(3|4)/ => 'v1beta1',
default => 'v1alpha3',
/1.12/ => 'v1alpha3',
default => 'v1beta1',
}

file { $config_file:
Expand Down
21 changes: 14 additions & 7 deletions manifests/config/worker.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,22 @@
$kubelet_extra_config_yaml = regsubst(to_yaml($kubelet_extra_config), '^---\n', '')

$template = $kubernetes_version ? {
/1.1(3|4)/ => 'v1beta1',
default => 'v1alpha3',
/1.12/ => 'v1alpha3',
default => 'v1beta1',
}

file { '/etc/kubernetes':
ensure => directory,
mode => '0600',
recurse => true,
}

file { $config_file:
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template("kubernetes/${template}/config_worker.yaml.erb"),
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template("kubernetes/${template}/config_worker.yaml.erb"),
show_diff => false,
}
}
38 changes: 29 additions & 9 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
# [*containerd_version*]
# This is the version of the containerd runtime the module will install.
# Defaults to 1.1.0
#
#
# [*containerd_archive*]
# The name of the containerd archive
# Defaults to containerd-${containerd_version}.linux-amd64.tar.gz
Expand Down Expand Up @@ -57,15 +57,15 @@
#
# [*cni_rbac_binding*]
# The URL get the cni providers rbac rules. This is for use with Calico only.
# Defaults to `undef`.
# Defaults to `undef`.
#
# [*controller*]
# This is a bool that sets the node as a Kubernetes controller
# Defaults to false
#
# [*worker*]
# This is a bool that sets a node to a worker.
# defaults to false
# defaults to false
#
# [*manage_docker*]
# Whether or not to install Docker repositories and packages via this module.
Expand Down Expand Up @@ -95,7 +95,7 @@
# [*etcd_install_method*]
# The method on how to install etcd. Can be either wget (using etcd_source) or package (using $etcd_package_name)
# Defaults to wget
#
#
# [*etcd_package_name*]
# The system package name for installing etcd
# Defaults to etcd-server
Expand All @@ -120,10 +120,10 @@
#
# [*etcd_peers*]
# This will tell etcd how the list of peers to connect to into the cluster.
# An example with hiera would be kubernetes::etcd_peers:
# An example with hiera would be kubernetes::etcd_peers:
# - 172.17.10.101
# - 172.17.10.102
# - 172.17.10.103
# - 172.17.10.103
# Defaults to undef
#
# [*etcd_initial_cluster*]
Expand Down Expand Up @@ -196,6 +196,14 @@
# The clusters ca key. Must be passed as a string not a file.
# Defaults to undef
#
# [*kubernetes_front_proxy_ca_crt*]
# The clusters front-proxy ca certificate. Must be passed as a string not a file.
# Defaults to undef
#
# [*kubernetes_front_proxy_ca_key*]
# The clusters front-proxy ca key. Must be passed as a string not a file.
# Defaults to undef
#
# [*sa_key*]
# The service account key. Must be passed as string not a file.
# Defaults to undef
Expand All @@ -205,8 +213,8 @@
# Defaults to undef
#
# [*node_label*]
# The name to assign the node in the cluster.
# Defaults to hostname.
# The name to assign the node in the cluster.
# Defaults to hostname.
# NOTE: Ignored when cloud_provider is AWS, until this lands fixed https://github.com/kubernetes/kubernetes/pull/61878
#
# [*token*]
Expand Down Expand Up @@ -269,6 +277,10 @@
# Use this for critical Kubelet settings such as `pod-infra-container-image` which may be problematic to configure via kubelet_extra_config
# Defaults to []
#
# [*proxy_mode*]
# The mode for kubeproxy to run. It should be one of: "" (default), "userspace", "kernelspace", "iptables", or "ipvs".
# Defaults to ""
#
# [*kubernetes_apt_location*]
# The APT repo URL for the Kubernetes packages.
# Defaults to https://apt.kubernetes.io
Expand Down Expand Up @@ -324,7 +336,7 @@
# [*docker_yum_gpgkey*]
# The URL for the Docker yum repo gpg key
# Defaults to https://yum.dockerproject.org/gpg
#
#
# [*create_repos*]
# A flag to install the upstream Kubernetes and Docker repos
# Defaults to true
Expand Down Expand Up @@ -352,6 +364,10 @@
# [*environment*]
# The environment passed to kubectl commands.
# Defaults to setting HOME and KUBECONFIG variables
#
# [*ttl_duration*]
# Availability of the token
# Default to 24h
#
# Authors
# -------
Expand Down Expand Up @@ -404,7 +420,10 @@
Integer $api_server_count = undef,
String $kubernetes_ca_crt = undef,
String $kubernetes_ca_key = undef,
String $kubernetes_front_proxy_ca_crt = undef,
String $kubernetes_front_proxy_ca_key = undef,
String $token = undef,
String $ttl_duration = '24h',
String $discovery_token_hash = undef,
String $sa_pub = undef,
String $sa_key = undef,
Expand All @@ -421,6 +440,7 @@
Optional[Hash] $kubeadm_extra_config = undef,
Optional[Hash] $kubelet_extra_config = undef,
Optional[Array] $kubelet_extra_arguments = [],
Optional[String] $proxy_mode = '',
Optional[String] $runc_version = '1.0.0-rc5',
Optional[String] $runc_source =
"https://github.com/opencontainers/runc/releases/download/v${runc_version}/runc.amd64",
Expand Down
2 changes: 1 addition & 1 deletion manifests/kube_addons.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
exec { 'Install cni network provider':
command => "kubectl apply -f ${shellsafe_provider}",
onlyif => 'kubectl get nodes',
unless => "kubectl -n kube-system get daemonset | egrep '(flannel|weave|calico-node)'",
unless => "kubectl -n kube-system get daemonset | egrep '(flannel|weave|calico-node|cilium)'",
environment => $env,
}

Expand Down
15 changes: 8 additions & 7 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-kubernetes",
"version": "4.0.1",
"version": "5.0.0",
"author": "Puppet",
"summary": "The module installs and configures a Kubernetes cluster",
"license": "Apache-2.0",
Expand All @@ -22,7 +22,7 @@
},
{
"name": "puppetlabs-translate",
"version_requirement": ">= 0.0.1 <= 1.2.0"
"version_requirement": ">= 1.0.0 < 3.0.0"
},
{
"name": "herculesteam-augeasproviders_sysctl",
Expand All @@ -41,7 +41,8 @@
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7"
"7",
"8"
]
},
{
Expand All @@ -60,10 +61,10 @@
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 4.2.1 < 7.0.0"
"version_requirement": ">= 5.5.10 < 7.0.0"
}
],
"pdk-version": "1.8.0",
"template-url": "https://github.com/puppetlabs/pdk-templates",
"template-ref": "heads/master-0-g46a1deb"
"pdk-version": "1.11.1",
"template-url": "https://github.com/puppetlabs/pdk-templates#master",
"template-ref": "heads/master-0-gb096033"
}
Loading