"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml" (6 Dec 2019, 34829 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "kubecluster.yaml": 8.1.0_vs_8.2.0.

    1 heat_template_version: 2014-10-16
    2 
    3 description: >
    4   This template will boot a Kubernetes cluster with one or more
    5   minions (as specified by the number_of_minions parameter, which
    6   defaults to 1).
    7 
    8 parameters:
    9 
   10   ssh_key_name:
   11     type: string
   12     description: name of ssh key to be provisioned on our server
   13     default: ""
   14 
   15   external_network:
   16     type: string
   17     description: uuid of a network to use for floating ip addresses
   18 
   19   fixed_network:
   20     type: string
   21     description: uuid/name of an existing network to use to provision machines
   22     default: ""
   23 
   24   fixed_subnet:
   25     type: string
   26     description: uuid/name of an existing subnet to use to provision machines
   27     default: ""
   28 
   29   server_image:
   30     type: string
   31     description: glance image used to boot the server
   32 
   33   master_flavor:
   34     type: string
   35     default: m1.small
   36     description: flavor to use when booting the server for master nodes
   37 
   38   minion_flavor:
   39     type: string
   40     default: m1.small
   41     description: flavor to use when booting the server for minions
   42 
   43   prometheus_monitoring:
   44     type: boolean
   45     default: false
   46     description: >
   47       whether or not to have the grafana-prometheus-cadvisor monitoring setup
   48 
   49   grafana_admin_passwd:
   50     type: string
   51     default: admin
   52     hidden: true
   53     description: >
   54       admin user password for the Grafana monitoring interface
   55 
   56   dns_nameserver:
   57     type: comma_delimited_list
   58     description: address of a DNS nameserver reachable in your environment
   59     default: 8.8.8.8
   60 
   61   number_of_masters:
   62     type: number
   63     description: how many kubernetes masters to spawn
   64     default: 1
   65 
   66   number_of_minions:
   67     type: number
   68     description: how many kubernetes minions to spawn
   69     default: 1
   70 
   71   fixed_network_cidr:
   72     type: string
   73     description: network range for fixed ip network
   74     default: 10.0.0.0/24
   75 
   76   portal_network_cidr:
   77     type: string
   78     description: >
   79       address range used by kubernetes for service portals
   80     default: 10.254.0.0/16
   81 
   82   network_driver:
   83     type: string
   84     description: network driver to use for instantiating container networks
   85     default: flannel
   86 
   87   flannel_network_cidr:
   88     type: string
   89     description: network range for flannel overlay network
   90     default: 10.100.0.0/16
   91 
   92   flannel_network_subnetlen:
   93     type: number
   94     description: size of subnet assigned to each minion
   95     default: 24
   96 
   97   flannel_backend:
   98     type: string
   99     description: >
  100       specify the backend for flannel, default vxlan backend
  101     default: "vxlan"
  102     constraints:
  103       - allowed_values: ["udp", "vxlan", "host-gw"]
  104 
  105   system_pods_initial_delay:
  106     type: number
  107     description: >
  108       health check, time to wait for system pods (podmaster, scheduler) to boot
  109       (in seconds)
  110     default: 30
  111 
  112   system_pods_timeout:
  113     type: number
  114     description: >
  115       health check, timeout for system pods (podmaster, scheduler) to answer.
  116       (in seconds)
  117     default: 5
  118 
  119   admission_control_list:
  120     type: string
  121     description: >
  122       List of admission control plugins to activate
  123     default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
  124 
  125   kube_allow_priv:
  126     type: string
  127     description: >
  128       whether or not kubernetes should permit privileged containers.
  129     default: "true"
  130     constraints:
  131       - allowed_values: ["true", "false"]
  132 
  133   etcd_volume_size:
  134     type: number
  135     description: >
  136       size of the cinder volume for etcd storage
  137     default: 0
  138 
  139   docker_volume_size:
  140     type: number
  141     description: >
  142       size of a cinder volume to allocate to docker for container/image
  143       storage
  144     default: 0
  145 
  146   docker_volume_type:
  147     type: string
  148     description: >
  149       type of a cinder volume to allocate to docker for container/image
  150       storage
  151 
  152   docker_storage_driver:
  153     type: string
  154     description: docker storage driver name
  155     default: "devicemapper"
  156 
  157   cgroup_driver:
  158     type: string
  159     description: >
  160       cgroup driver name that kubelet should use, ideally the same as
  161       the docker cgroup driver.
  162     default: "cgroupfs"
  163 
  164   traefik_ingress_controller_tag:
  165     type: string
  166     description: tag of the traefik containers to be used.
  167     default: v1.7.10
  168 
  169   wait_condition_timeout:
  170     type: number
  171     description: >
  172       timeout for the Wait Conditions
  173     default: 6000
  174 
  175   minions_to_remove:
  176     type: comma_delimited_list
  177     description: >
  178       List of minions to be removed when doing an update. Individual minion may
  179       be referenced several ways: (1) The resource name (e.g. ['1', '3']),
  180       (2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should
  181       be empty when doing an create.
  182     default: []
  183 
  184   discovery_url:
  185     type: string
  186     description: >
  187       Discovery URL used for bootstrapping the etcd cluster.
  188 
  189   registry_enabled:
  190     type: boolean
  191     description: >
  192       Indicates whether the docker registry is enabled.
  193     default: false
  194 
  195   registry_port:
  196     type: number
  197     description: port of registry service
  198     default: 5000
  199 
  200   swift_region:
  201     type: string
  202     description: region of swift service
  203     default: ""
  204 
  205   registry_container:
  206     type: string
  207     description: >
  208       name of swift container which docker registry stores images in
  209     default: "container"
  210 
  211   registry_insecure:
  212     type: boolean
  213     description: >
  214       indicates whether to skip TLS verification between registry and backend storage
  215     default: true
  216 
  217   registry_chunksize:
  218     type: number
  219     description: >
  220       size fo the data segments for the swift dynamic large objects
  221     default: 5242880
  222 
  223   volume_driver:
  224     type: string
  225     description: volume driver to use for container storage
  226     default: ""
  227 
  228   region_name:
  229     type: string
  230     description: A logically separate section of the cluster
  231 
  232   username:
  233     type: string
  234     description: >
  235       user account
  236 
  237   password:
  238     type: string
  239     description: >
  240       user password, not set in current implementation, only used to
  241       fill in for Kubernetes config file
  242     default:
  243       ChangeMe
  244     hidden: true
  245 
  246   loadbalancing_protocol:
  247     type: string
  248     description: >
  249       The protocol which is used for load balancing. If you want to change
  250       tls_disabled option to 'True', please change this to "HTTP".
  251     default: TCP
  252     constraints:
  253       - allowed_values: ["TCP", "HTTP"]
  254 
  255   tls_disabled:
  256     type: boolean
  257     description: whether or not to disable TLS
  258     default: False
  259 
  260   kube_dashboard_enabled:
  261     type: boolean
  262     description: whether or not to enable kubernetes dashboard
  263     default: True
  264 
  265   influx_grafana_dashboard_enabled:
  266     type: boolean
  267     description: Enable influxdb with grafana dashboard for data from heapster
  268     default: False
  269 
  270   verify_ca:
  271     type: boolean
  272     description: whether or not to validate certificate authority
  273 
  274   kubernetes_port:
  275     type: number
  276     description: >
  277       The port which are used by kube-apiserver to provide Kubernetes
  278       service.
  279     default: 6443
  280 
  281   cluster_uuid:
  282     type: string
  283     description: identifier for the cluster this template is generating
  284 
  285   magnum_url:
  286     type: string
  287     description: endpoint to retrieve TLS certs from
  288 
  289   http_proxy:
  290     type: string
  291     description: http proxy address for docker
  292     default: ""
  293 
  294   https_proxy:
  295     type: string
  296     description: https proxy address for docker
  297     default: ""
  298 
  299   no_proxy:
  300     type: string
  301     description: no proxies for docker
  302     default: ""
  303 
  304   trustee_domain_id:
  305     type: string
  306     description: domain id of the trustee
  307 
  308   trustee_user_id:
  309     type: string
  310     description: user id of the trustee
  311 
  312   trustee_username:
  313     type: string
  314     description: username of the trustee
  315 
  316   trustee_password:
  317     type: string
  318     description: password of the trustee
  319     hidden: true
  320 
  321   trust_id:
  322     type: string
  323     description: id of the trust which is used by the trustee
  324     hidden: true
  325 
  326   auth_url:
  327     type: string
  328     description: url for keystone
  329 
  330   kube_tag:
  331     type: string
  332     description: tag of the k8s containers used to provision the kubernetes cluster
  333     default: v1.11.6
  334 
  335   # FIXME update cloud_provider_tag when a fix for PVC is released
  336   # https://github.com/kubernetes/cloud-provider-openstack/pull/405
  337   cloud_provider_tag:
  338     type: string
  339     description:
  340       tag of the kubernetes/cloud-provider-openstack
  341       https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags/
  342     default: v0.2.0
  343 
  344   cloud_provider_enabled:
  345     type: boolean
  346     description: Enable or disable the openstack kubernetes cloud provider
  347 
  348   etcd_tag:
  349     type: string
  350     description: tag of the etcd system container
  351     default: v3.2.7
  352 
  353   flannel_tag:
  354     type: string
  355     description: tag of the flannel container
  356     default: v0.11.0-amd64
  357 
  358   flannel_cni_tag:
  359     type: string
  360     description: tag of the flannel cni container
  361     default: v0.3.0
  362 
  363   kube_version:
  364     type: string
  365     description: version of kubernetes used for kubernetes cluster
  366     default: v1.11.6
  367 
  368   kube_dashboard_version:
  369     type: string
  370     description: version of kubernetes dashboard used for kubernetes cluster
  371     default: v1.8.3
  372 
  373   insecure_registry_url:
  374     type: string
  375     description: insecure registry url
  376     default: ""
  377 
  378   container_infra_prefix:
  379     type: string
  380     description: >
  381       prefix of container images used in the cluster, kubernetes components,
  382       kubernetes-dashboard, coredns etc
  383     constraints:
  384       - allowed_pattern: "^$|.*/"
  385     default: ""
  386 
  387   dns_service_ip:
  388     type: string
  389     description: >
  390       address used by Kubernetes DNS service
  391     default: 10.254.0.10
  392 
  393   dns_cluster_domain:
  394     type: string
  395     description: >
  396       domain name for cluster DNS
  397     default: "cluster.local"
  398 
  399   openstack_ca:
  400     type: string
  401     hidden: true
  402     description: The OpenStack CA certificate to install on the node.
  403 
  404   nodes_affinity_policy:
  405     type: string
  406     description: >
  407       affinity policy for nodes server group
  408     constraints:
  409       - allowed_values: ["affinity", "anti-affinity", "soft-affinity",
  410                          "soft-anti-affinity"]
  411 
  412   availability_zone:
  413     type: string
  414     description: >
  415       availability zone for master and nodes
  416     default: ""
  417 
  418   cert_manager_api:
  419     type: boolean
  420     description: true if the kubernetes cert api manager should be enabled
  421     default: false
  422 
  423   ca_key:
  424     type: string
  425     description: key of internal ca for the kube certificate api manager
  426     default: ""
  427     hidden: true
  428 
  429   calico_tag:
  430     type: string
  431     description: tag of the calico containers used to provision the calico node
  432     default: v2.6.7
  433 
  434   calico_cni_tag:
  435     type: string
  436     description: tag of the cni used to provision the calico node
  437     default: v1.11.2
  438 
  439   calico_kube_controllers_tag:
  440     type: string
  441     description: tag of the kube_controllers used to provision the calico node
  442     default: v1.0.3
  443 
  444   calico_ipv4pool:
  445     type: string
  446     description: Configure the IP pool from which Pod IPs will be chosen
  447     default: "192.168.0.0/16"
  448 
  449   pods_network_cidr:
  450     type: string
  451     description: Configure the IP pool/range from which pod IPs will be chosen
  452 
  453   ingress_controller:
  454     type: string
  455     description: >
  456       ingress controller backend to use
  457     default: ""
  458 
  459   ingress_controller_role:
  460     type: string
  461     description: >
  462       node role where the ingress controller backend should run
  463     default: "ingress"
  464 
  465   octavia_ingress_controller_tag:
  466     type: string
  467     description: Octavia ingress controller docker image tag.
  468     default: "1.13.2-alpha"
  469 
  470   kubelet_options:
  471     type: string
  472     description: >
  473       additional options to be passed to the kubelet
  474     default: ""
  475 
  476   kubeapi_options:
  477     type: string
  478     description: >
  479       additional options to be passed to the api
  480     default: ""
  481 
  482   kubecontroller_options:
  483     type: string
  484     description: >
  485       additional options to be passed to the controller manager
  486     default: ""
  487 
  488   kubeproxy_options:
  489     type: string
  490     description: >
  491       additional options to be passed to the kube proxy
  492     default: ""
  493 
  494   kubescheduler_options:
  495     type: string
  496     description: >
  497       additional options to be passed to the scheduler
  498     default: ""
  499 
  500   octavia_enabled:
  501     type: boolean
  502     description: >
  503       whether or not to use Octavia for LoadBalancer type service.
  504     default: False
  505 
  506   kube_service_account_key:
  507     type: string
  508     hidden: true
  509     description: >
  510       The signed cert will be used to verify the k8s service account tokens
  511       during authentication.
  512 
  513   kube_service_account_private_key:
  514     type: string
  515     hidden: true
  516     description: >
  517       The private key will be used to sign generated k8s service account
  518       tokens.
  519 
  520   prometheus_tag:
  521     type: string
  522     description: tag of the prometheus container
  523     default: v1.8.2
  524 
  525   grafana_tag:
  526     type: string
  527     description: tag of grafana container
  528     default: 5.1.5
  529 
  530   heat_container_agent_tag:
  531     type: string
  532     description: tag of the heat_container_agent system container
  533     default: stein-dev
  534 
  535   keystone_auth_enabled:
  536     type: boolean
  537     description: >
  538       true if the keystone authN and authZ should be enabled
  539     default:
  540       true
  541 
  542   k8s_keystone_auth_tag:
  543     type: string
  544     description: tag of the k8s_keystone_auth container
  545     default: 1.13.0
  546 
  547   monitoring_enabled:
  548     type: boolean
  549     description: Enable or disable prometheus-operator monitoring solution.
  550     default: false
  551 
  552   project_id:
  553     type: string
  554     description: >
  555       project id of current project
  556 
  557   tiller_enabled:
  558     type: boolean
  559     description: Choose whether to install tiller or not.
  560     default: false
  561 
  562   tiller_tag:
  563     type: string
  564     description: tag of tiller container
  565     default: "v2.12.3"
  566 
  567   tiller_namespace:
  568     type: string
  569     description: namespace where tiller will be installed.
  570     default: "magnum-tiller"
  571 
  572   auto_healing_enabled:
  573     type: boolean
  574     description: >
  575       true if the auto healing feature should be enabled
  576     default:
  577       false
  578 
  579   auto_scaling_enabled:
  580     type: boolean
  581     description: >
  582       true if the auto scaling feature should be enabled
  583     default:
  584       false
  585 
  586   node_problem_detector_tag:
  587     type: string
  588     description: tag of the node problem detector container
  589     default: v0.6.2
  590 
  591   draino_tag:
  592     type: string
  593     description: tag of the draino container
  594     default: abf028a
  595 
  596   autoscaler_tag:
  597     type: string
  598     description: tag of the autoscaler container
  599     default: v1.0
  600 
  601   min_node_count:
  602     type: number
  603     description: >
  604       minimum node count of cluster workers when doing scale down
  605     default: 1
  606 
  607   max_node_count:
  608     type: number
  609     description: >
  610       maximum node count of cluster workers when doing scale up
  611 
  612   nginx_ingress_controller_tag:
  613     type: string
  614     description: nginx ingress controller docker image tag
  615     default: 0.23.0
  616 
  617 resources:
  618 
  619   ######################################################################
  620   #
  621   # network resources.  allocate a network and router for our server.
  622   # Important: the Load Balancer feature in Kubernetes requires that
  623   # the name for the fixed_network must be "private" for the
  624   # address lookup in Kubernetes to work properly
  625   #
  626 
  627   network:
  628     type: ../../common/templates/network.yaml
  629     properties:
  630       existing_network: {get_param: fixed_network}
  631       existing_subnet: {get_param: fixed_subnet}
  632       private_network_cidr: {get_param: fixed_network_cidr}
  633       dns_nameserver: {get_param: dns_nameserver}
  634       external_network: {get_param: external_network}
  635       private_network_name: private
  636 
  637   api_lb:
  638     type: ../../common/templates/lb_api.yaml
  639     properties:
  640       fixed_subnet: {get_attr: [network, fixed_subnet]}
  641       external_network: {get_param: external_network}
  642       protocol: {get_param: loadbalancing_protocol}
  643       port: {get_param: kubernetes_port}
  644 
  645   etcd_lb:
  646     type: ../../common/templates/lb_etcd.yaml
  647     properties:
  648       fixed_subnet: {get_attr: [network, fixed_subnet]}
  649       protocol: {get_param: loadbalancing_protocol}
  650       port: 2379
  651 
  652   ######################################################################
  653   #
  654   # security groups.  we need to permit network traffic of various
  655   # sorts.
  656   #
  657 
  658   secgroup_kube_master:
  659     type: OS::Neutron::SecurityGroup
  660     properties:
  661       rules:
  662         - protocol: icmp
  663         - protocol: tcp
  664           port_range_min: 22
  665           port_range_max: 22
  666         - protocol: tcp
  667           port_range_min: 7080
  668           port_range_max: 7080
  669         - protocol: tcp
  670           port_range_min: 8080
  671           port_range_max: 8080
  672         - protocol: tcp
  673           port_range_min: 2379
  674           port_range_max: 2379
  675         - protocol: tcp
  676           port_range_min: 2380
  677           port_range_max: 2380
  678         - protocol: tcp
  679           port_range_min: 6443
  680           port_range_max: 6443
  681         - protocol: tcp
  682           port_range_min: 9100
  683           port_range_max: 9100
  684         - protocol: tcp
  685           port_range_min: 10250
  686           port_range_max: 10250
  687         - protocol: tcp
  688           port_range_min: 30000
  689           port_range_max: 32767
  690         - protocol: udp
  691           port_range_min: 8472
  692           port_range_max: 8472
  693 
  694   secgroup_kube_minion:
  695     type: OS::Neutron::SecurityGroup
  696     properties:
  697       rules:
  698         - protocol: icmp
  699         # Default port range for external service ports.
  700         # In future, if the option `manage-security-groups` for ccm works
  701         # well, we could remove this rule here.
  702         # The PR in ccm is
  703         # https://github.com/kubernetes/cloud-provider-openstack/pull/491
  704         - protocol: tcp
  705           port_range_min: 30000
  706           port_range_max: 32767
  707         # allow any traffic from master nodes
  708         - protocol: tcp
  709           port_range_min: 1
  710           port_range_max: 65535
  711           remote_mode: 'remote_group_id'
  712           remote_group_id: {get_resource: secgroup_kube_master}
  713         - protocol: udp
  714           port_range_min: 1
  715           port_range_max: 65535
  716           remote_mode: 'remote_group_id'
  717           remote_group_id: {get_resource: secgroup_kube_master}
  718 
  719   # allow any traffic between worker nodes
  720   secgroup_rule_tcp_kube_minion:
  721     type: OS::Neutron::SecurityGroupRule
  722     properties:
  723       protocol: tcp
  724       port_range_min: 1
  725       port_range_max: 65535
  726       security_group: {get_resource: secgroup_kube_minion}
  727       remote_group: {get_resource: secgroup_kube_minion}
  728   secgroup_rule_udp_kube_minion:
  729     type: OS::Neutron::SecurityGroupRule
  730     properties:
  731       protocol: udp
  732       port_range_min: 1
  733       port_range_max: 65535
  734       security_group: {get_resource: secgroup_kube_minion}
  735       remote_group: {get_resource: secgroup_kube_minion}
  736 
  737   ######################################################################
  738   #
  739   # resources that expose the IPs of either the kube master or a given
  740   # LBaaS pool depending on whether LBaaS is enabled for the cluster.
  741   #
  742 
  743   api_address_lb_switch:
  744     type: Magnum::ApiGatewaySwitcher
  745     properties:
  746       pool_public_ip: {get_attr: [api_lb, floating_address]}
  747       pool_private_ip: {get_attr: [api_lb, address]}
  748       master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]}
  749       master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
  750 
  751   etcd_address_lb_switch:
  752     type: Magnum::ApiGatewaySwitcher
  753     properties:
  754       pool_private_ip: {get_attr: [etcd_lb, address]}
  755       master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]}
  756 
  757   ######################################################################
  758   #
  759   # resources that expose the IPs of either floating ip or a given
  760   # fixed ip depending on whether FloatingIP is enabled for the cluster.
  761   #
  762 
  763   api_address_floating_switch:
  764     type: Magnum::FloatingIPAddressSwitcher
  765     properties:
  766       public_ip: {get_attr: [api_address_lb_switch, public_ip]}
  767       private_ip: {get_attr: [api_address_lb_switch, private_ip]}
  768 
  769   ######################################################################
  770   #
  771   # resources that expose one server group for each master and worker nodes
  772   # separately.
  773   #
  774 
  775   master_nodes_server_group:
  776     type: OS::Nova::ServerGroup
  777     properties:
  778       policies: [{get_param: nodes_affinity_policy}]
  779 
  780   worker_nodes_server_group:
  781     type: OS::Nova::ServerGroup
  782     properties:
  783       policies: [{get_param: nodes_affinity_policy}]
  784 
  785   ######################################################################
  786   #
  787   # kubernetes masters. This is a resource group that will create
  788   # <number_of_masters> masters.
  789   #
  790 
  791   kube_masters:
  792     type: OS::Heat::ResourceGroup
  793     depends_on:
  794       - network
  795     properties:
  796       count: {get_param: number_of_masters}
  797       resource_def:
  798         type: kubemaster.yaml
  799         properties:
  800           name:
  801             list_join:
  802               - '-'
  803               - [{ get_param: 'OS::stack_name' }, 'master', '%index%']
  804           prometheus_monitoring: {get_param: prometheus_monitoring}
  805           grafana_admin_passwd: {get_param: grafana_admin_passwd}
  806           api_public_address: {get_attr: [api_lb, floating_address]}
  807           api_private_address: {get_attr: [api_lb, address]}
  808           ssh_key_name: {get_param: ssh_key_name}
  809           server_image: {get_param: server_image}
  810           master_flavor: {get_param: master_flavor}
  811           external_network: {get_param: external_network}
  812           kube_allow_priv: {get_param: kube_allow_priv}
  813           etcd_volume_size: {get_param: etcd_volume_size}
  814           docker_volume_size: {get_param: docker_volume_size}
  815           docker_volume_type: {get_param: docker_volume_type}
  816           docker_storage_driver: {get_param: docker_storage_driver}
  817           cgroup_driver: {get_param: cgroup_driver}
  818           network_driver: {get_param: network_driver}
  819           flannel_network_cidr: {get_param: flannel_network_cidr}
  820           flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
  821           flannel_backend: {get_param: flannel_backend}
  822           system_pods_initial_delay: {get_param: system_pods_initial_delay}
  823           system_pods_timeout: {get_param: system_pods_timeout}
  824           portal_network_cidr: {get_param: portal_network_cidr}
  825           admission_control_list: {get_param: admission_control_list}
  826           discovery_url: {get_param: discovery_url}
  827           cluster_uuid: {get_param: cluster_uuid}
  828           magnum_url: {get_param: magnum_url}
  829           traefik_ingress_controller_tag: {get_param: traefik_ingress_controller_tag}
  830           volume_driver: {get_param: volume_driver}
  831           region_name: {get_param: region_name}
  832           fixed_network: {get_attr: [network, fixed_network]}
  833           fixed_subnet: {get_attr: [network, fixed_subnet]}
  834           api_pool_id: {get_attr: [api_lb, pool_id]}
  835           etcd_pool_id: {get_attr: [etcd_lb, pool_id]}
  836           username: {get_param: username}
  837           password: {get_param: password}
  838           kubernetes_port: {get_param: kubernetes_port}
  839           tls_disabled: {get_param: tls_disabled}
  840           kube_dashboard_enabled: {get_param: kube_dashboard_enabled}
  841           influx_grafana_dashboard_enabled: {get_param: influx_grafana_dashboard_enabled}
  842           verify_ca: {get_param: verify_ca}
  843           secgroup_kube_master_id: {get_resource: secgroup_kube_master}
  844           http_proxy: {get_param: http_proxy}
  845           https_proxy: {get_param: https_proxy}
  846           no_proxy: {get_param: no_proxy}
  847           kube_tag: {get_param: kube_tag}
  848           cloud_provider_tag: {get_param: cloud_provider_tag}
  849           cloud_provider_enabled: {get_param: cloud_provider_enabled}
  850           kube_version: {get_param: kube_version}
  851           etcd_tag: {get_param: etcd_tag}
  852           flannel_tag: {get_param: flannel_tag}
  853           flannel_cni_tag: {get_param: flannel_cni_tag}
  854           kube_dashboard_version: {get_param: kube_dashboard_version}
  855           trustee_user_id: {get_param: trustee_user_id}
  856           trustee_password: {get_param: trustee_password}
  857           trust_id: {get_param: trust_id}
  858           auth_url: {get_param: auth_url}
  859           insecure_registry_url: {get_param: insecure_registry_url}
  860           container_infra_prefix: {get_param: container_infra_prefix}
  861           etcd_lb_vip: {get_attr: [etcd_lb, address]}
  862           dns_service_ip: {get_param: dns_service_ip}
  863           dns_cluster_domain: {get_param: dns_cluster_domain}
  864           openstack_ca: {get_param: openstack_ca}
  865           nodes_server_group_id: {get_resource: master_nodes_server_group}
  866           availability_zone: {get_param: availability_zone}
  867           ca_key: {get_param: ca_key}
  868           cert_manager_api: {get_param: cert_manager_api}
  869           calico_tag: {get_param: calico_tag}
  870           calico_cni_tag: {get_param: calico_cni_tag}
  871           calico_kube_controllers_tag: {get_param: calico_kube_controllers_tag}
  872           calico_ipv4pool: {get_param: calico_ipv4pool}
  873           pods_network_cidr: {get_param: pods_network_cidr}
  874           ingress_controller: {get_param: ingress_controller}
  875           ingress_controller_role: {get_param: ingress_controller_role}
  876           octavia_ingress_controller_tag: {get_param: octavia_ingress_controller_tag}
  877           kubelet_options: {get_param: kubelet_options}
  878           kubeapi_options: {get_param: kubeapi_options}
  879           kubeproxy_options: {get_param: kubeproxy_options}
  880           kubecontroller_options: {get_param: kubecontroller_options}
  881           kubescheduler_options: {get_param: kubescheduler_options}
  882           octavia_enabled: {get_param: octavia_enabled}
  883           kube_service_account_key: {get_param: kube_service_account_key}
  884           kube_service_account_private_key: {get_param: kube_service_account_private_key}
  885           prometheus_tag: {get_param: prometheus_tag}
  886           grafana_tag: {get_param: grafana_tag}
  887           heat_container_agent_tag: {get_param: heat_container_agent_tag}
  888           keystone_auth_enabled: {get_param: keystone_auth_enabled}
  889           k8s_keystone_auth_tag: {get_param: k8s_keystone_auth_tag}
  890           monitoring_enabled: {get_param: monitoring_enabled}
  891           project_id: {get_param: project_id}
  892           tiller_enabled: {get_param: tiller_enabled}
  893           tiller_tag: {get_param: tiller_tag}
  894           tiller_namespace: {get_param: tiller_namespace}
  895           node_problem_detector_tag: {get_param: node_problem_detector_tag}
  896           auto_healing_enabled: {get_param: auto_healing_enabled}
  897           auto_scaling_enabled: {get_param: auto_scaling_enabled}
  898           draino_tag: {get_param: draino_tag}
  899           autoscaler_tag: {get_param: autoscaler_tag}
  900           min_node_count: {get_param: min_node_count}
  901           max_node_count: {get_param: max_node_count}
  902           nginx_ingress_controller_tag: {get_param: nginx_ingress_controller_tag}
  903 
  904   kube_cluster_config:
  905     type: OS::Heat::SoftwareConfig
  906     properties:
  907       group: script
  908       config:
  909         list_join:
  910           - "\n"
  911           -
  912             - str_replace:
  913                 template: {get_file: ../../common/templates/kubernetes/fragments/enable-cert-api-manager.sh}
  914                 params:
  915                   "$CA_KEY": {get_param: ca_key}
  916             - get_file: ../../common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
  917             - get_file: ../../common/templates/kubernetes/fragments/core-dns-service.sh
  918             - get_file: ../../common/templates/kubernetes/fragments/calico-service.sh
  919             - get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh
  920             - get_file: ../../common/templates/kubernetes/fragments/enable-helm-tiller.sh
  921             - str_replace:
  922                 template: {get_file: ../../common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh}
  923                 params:
  924                   "$ADMIN_PASSWD": {get_param: grafana_admin_passwd}
  925             - str_replace:
  926                 params:
  927                   $enable-ingress-traefik: {get_file: ../../common/templates/kubernetes/fragments/enable-ingress-traefik.sh}
  928                   $enable-ingress-octavia: {get_file: ../../common/templates/kubernetes/fragments/enable-ingress-octavia.sh}
  929                 template: {get_file: ../../common/templates/kubernetes/fragments/enable-ingress-controller.sh}
  930             - get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh
  931             - get_file: ../../common/templates/kubernetes/fragments/enable-keystone-auth.sh
  932             - get_file: ../../common/templates/kubernetes/fragments/enable-auto-healing.sh
  933             - get_file: ../../common/templates/kubernetes/fragments/enable-auto-scaling.sh
  934             # Helm Based Installation Configuration Scripts
  935             - get_file: ../../common/templates/kubernetes/helm/metrics-server.sh
  936             - str_replace:
  937                 template: {get_file:  ../../common/templates/kubernetes/helm/prometheus-operator.sh}
  938                 params:
  939                   "${ADMIN_PASSWD}": {get_param: grafana_admin_passwd}
  940             - get_file: ../../common/templates/kubernetes/helm/ingress-nginx.sh
  941             - get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh
  942 
  943   kube_cluster_deploy:
  944     type: OS::Heat::SoftwareDeployment
  945     properties:
  946       actions: ['CREATE']
  947       signal_transport: HEAT_SIGNAL
  948       config:
  949         get_resource: kube_cluster_config
  950       server:
  951         get_attr: [kube_masters, resource.0]
  952 
  953 
  954   ######################################################################
  955   #
  956   # kubernetes minions. This is an resource group that will initially
  957   # create <number_of_minions> minions, and needs to be manually scaled.
  958   #
  959 
  960   kube_minions:
  961     type: OS::Heat::ResourceGroup
  962     depends_on:
  963       - network
  964     properties:
  965       count: {get_param: number_of_minions}
  966       removal_policies: [{resource_list: {get_param: minions_to_remove}}]
  967       resource_def:
  968         type: kubeminion.yaml
  969         properties:
  970           name:
  971             list_join:
  972               - '-'
  973               - [{ get_param: 'OS::stack_name' }, 'minion', '%index%']
  974           prometheus_monitoring: {get_param: prometheus_monitoring}
  975           ssh_key_name: {get_param: ssh_key_name}
  976           server_image: {get_param: server_image}
  977           minion_flavor: {get_param: minion_flavor}
  978           fixed_network: {get_attr: [network, fixed_network]}
  979           fixed_subnet: {get_attr: [network, fixed_subnet]}
  980           network_driver: {get_param: network_driver}
  981           flannel_network_cidr: {get_param: flannel_network_cidr}
  982           kube_master_ip: {get_attr: [api_address_lb_switch, private_ip]}
  983           etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
  984           external_network: {get_param: external_network}
  985           kube_allow_priv: {get_param: kube_allow_priv}
  986           docker_volume_size: {get_param: docker_volume_size}
  987           docker_volume_type: {get_param: docker_volume_type}
  988           docker_storage_driver: {get_param: docker_storage_driver}
  989           cgroup_driver: {get_param: cgroup_driver}
  990           wait_condition_timeout: {get_param: wait_condition_timeout}
  991           registry_enabled: {get_param: registry_enabled}
  992           registry_port: {get_param: registry_port}
  993           swift_region: {get_param: swift_region}
  994           registry_container: {get_param: registry_container}
  995           registry_insecure: {get_param: registry_insecure}
  996           registry_chunksize: {get_param: registry_chunksize}
  997           cluster_uuid: {get_param: cluster_uuid}
  998           magnum_url: {get_param: magnum_url}
  999           volume_driver: {get_param: volume_driver}
 1000           region_name: {get_param: region_name}
 1001           auth_url: {get_param: auth_url}
 1002           username: {get_param: username}
 1003           password: {get_param: password}
 1004           kubernetes_port: {get_param: kubernetes_port}
 1005           tls_disabled: {get_param: tls_disabled}
 1006           verify_ca: {get_param: verify_ca}
 1007           secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
 1008           http_proxy: {get_param: http_proxy}
 1009           https_proxy: {get_param: https_proxy}
 1010           no_proxy: {get_param: no_proxy}
 1011           kube_tag: {get_param: kube_tag}
 1012           kube_version: {get_param: kube_version}
 1013           trustee_user_id: {get_param: trustee_user_id}
 1014           trustee_username: {get_param: trustee_username}
 1015           trustee_password: {get_param: trustee_password}
 1016           trustee_domain_id: {get_param: trustee_domain_id}
 1017           trust_id: {get_param: trust_id}
 1018           cloud_provider_enabled: {get_param: cloud_provider_enabled}
 1019           insecure_registry_url: {get_param: insecure_registry_url}
 1020           container_infra_prefix: {get_param: container_infra_prefix}
 1021           dns_service_ip: {get_param: dns_service_ip}
 1022           dns_cluster_domain: {get_param: dns_cluster_domain}
 1023           openstack_ca: {get_param: openstack_ca}
 1024           nodes_server_group_id: {get_resource: worker_nodes_server_group}
 1025           availability_zone: {get_param: availability_zone}
 1026           pods_network_cidr: {get_param: pods_network_cidr}
 1027           kubelet_options: {get_param: kubelet_options}
 1028           kubeproxy_options: {get_param: kubeproxy_options}
 1029           octavia_enabled: {get_param: octavia_enabled}
 1030           heat_container_agent_tag: {get_param: heat_container_agent_tag}
 1031           auto_healing_enabled: {get_param: auto_healing_enabled}
 1032 
 1033 outputs:
 1034 
 1035   api_address:
 1036     value:
 1037       str_replace:
 1038         template: api_ip_address
 1039         params:
 1040           api_ip_address: {get_attr: [api_address_floating_switch, ip_address]}
 1041     description: >
 1042       This is the API endpoint of the Kubernetes cluster. Use this to access
 1043       the Kubernetes API.
 1044 
 1045   registry_address:
 1046     value:
 1047       str_replace:
 1048         template: localhost:port
 1049         params:
 1050           port: {get_param: registry_port}
 1051     description:
 1052       This is the url of docker registry server where you can store docker
 1053       images.
 1054 
 1055   kube_masters_private:
 1056     value: {get_attr: [kube_masters, kube_master_ip]}
 1057     description: >
 1058       This is a list of the "private" IP addresses of all the Kubernetes masters.
 1059 
 1060   kube_masters:
 1061     value: {get_attr: [kube_masters, kube_master_external_ip]}
 1062     description: >
 1063       This is a list of the "public" IP addresses of all the Kubernetes masters.
 1064       Use these IP addresses to log in to the Kubernetes masters via ssh.
 1065 
 1066   kube_minions_private:
 1067     value: {get_attr: [kube_minions, kube_minion_ip]}
 1068     description: >
 1069       This is a list of the "private" IP addresses of all the Kubernetes minions.
 1070 
 1071   kube_minions:
 1072     value: {get_attr: [kube_minions, kube_minion_external_ip]}
 1073     description: >
 1074       This is a list of the "public" IP addresses of all the Kubernetes minions.
 1075       Use these IP addresses to log in to the Kubernetes minions via ssh.