"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml" (6 Dec 2019, 16926 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "kubeminion.yaml": 8.1.0_vs_8.2.0.

    1 heat_template_version: 2014-10-16
    2 
    3 description: >
    4   This is a nested stack that defines a single Kubernetes minion, This stack is
    5   included by an AutoScalingGroup resource in the parent template
    6   (kubecluster.yaml).
    7 
    8 parameters:
    9 
   10   name:
   11     type: string
   12     description: server name
   13 
   14   server_image:
   15     type: string
   16     description: glance image used to boot the server
   17 
   18   minion_flavor:
   19     type: string
   20     description: flavor to use when booting the server
   21 
   22   ssh_key_name:
   23     type: string
   24     description: name of ssh key to be provisioned on our server
   25 
   26   external_network:
   27     type: string
   28     description: uuid/name of a network to use for floating ip addresses
   29 
   30   kube_allow_priv:
   31     type: string
   32     description: >
   33       whether or not kubernetes should permit privileged containers.
   34     constraints:
   35       - allowed_values: ["true", "false"]
   36 
   37   docker_volume_size:
   38     type: number
   39     description: >
   40       size of a cinder volume to allocate to docker for container/image
   41       storage
   42 
   43   docker_volume_type:
   44     type: string
   45     description: >
   46       type of a cinder volume to allocate to docker for container/image
   47       storage
   48 
   49   docker_storage_driver:
   50     type: string
   51     description: docker storage driver name
   52     default: "devicemapper"
   53 
   54   cgroup_driver:
   55     type: string
   56     description: >
   57       cgroup driver name that kubelet should use, ideally the same as
   58       the docker cgroup driver.
   59     default: "cgroupfs"
   60 
   61   tls_disabled:
   62     type: boolean
   63     description: whether or not to enable TLS
   64 
   65   verify_ca:
   66     type: boolean
   67     description: whether or not to validate certificate authority
   68 
   69   kubernetes_port:
   70     type: number
   71     description: >
   72       The port which are used by kube-apiserver to provide Kubernetes
   73       service.
   74 
   75   cluster_uuid:
   76     type: string
   77     description: identifier for the cluster this template is generating
   78 
   79   magnum_url:
   80     type: string
   81     description: endpoint to retrieve TLS certs from
   82 
   83   prometheus_monitoring:
   84     type: boolean
   85     description: >
   86       whether or not to have the node-exporter running on the node
   87 
   88   kube_master_ip:
   89     type: string
   90     description: IP address of the Kubernetes master server.
   91 
   92   etcd_server_ip:
   93     type: string
   94     description: IP address of the Etcd server.
   95 
   96   fixed_network:
   97     type: string
   98     description: Network from which to allocate fixed addresses.
   99 
  100   fixed_subnet:
  101     type: string
  102     description: Subnet from which to allocate fixed addresses.
  103 
  104   network_driver:
  105     type: string
  106     description: network driver to use for instantiating container networks
  107 
  108   flannel_network_cidr:
  109     type: string
  110     description: network range for flannel overlay network
  111 
  112   wait_condition_timeout:
  113     type: number
  114     description : >
  115       timeout for the Wait Conditions
  116 
  117   registry_enabled:
  118     type: boolean
  119     description: >
  120       Indicates whether the docker registry is enabled.
  121 
  122   registry_port:
  123     type: number
  124     description: port of registry service
  125 
  126   swift_region:
  127     type: string
  128     description: region of swift service
  129 
  130   registry_container:
  131     type: string
  132     description: >
  133       name of swift container which docker registry stores images in
  134 
  135   registry_insecure:
  136     type: boolean
  137     description: >
  138       indicates whether to skip TLS verification between registry and backend storage
  139 
  140   registry_chunksize:
  141     type: number
  142     description: >
  143       size fo the data segments for the swift dynamic large objects
  144 
  145   secgroup_kube_minion_id:
  146     type: string
  147     description: ID of the security group for kubernetes minion.
  148 
  149   volume_driver:
  150     type: string
  151     description: volume driver to use for container storage
  152 
  153   region_name:
  154     type: string
  155     description: A logically separate section of the cluster
  156 
  157   username:
  158     type: string
  159     description: >
  160       user account
  161 
  162   password:
  163     type: string
  164     description: >
  165       user password, not set in current implementation, only used to
  166       fill in for Kubernetes config file
  167     hidden: true
  168 
  169   http_proxy:
  170     type: string
  171     description: http proxy address for docker
  172 
  173   https_proxy:
  174     type: string
  175     description: https proxy address for docker
  176 
  177   no_proxy:
  178     type: string
  179     description: no proxies for docker
  180 
  181   kube_tag:
  182     type: string
  183     description: tag of the k8s containers used to provision the kubernetes cluster
  184 
  185   kube_version:
  186     type: string
  187     description: version of kubernetes used for kubernetes cluster
  188 
  189   trustee_domain_id:
  190     type: string
  191     description: domain id of the trustee
  192 
  193   trustee_user_id:
  194     type: string
  195     description: user id of the trustee
  196 
  197   trustee_username:
  198     type: string
  199     description: username of the trustee
  200 
  201   trustee_password:
  202     type: string
  203     description: password of the trustee
  204     hidden: true
  205 
  206   trust_id:
  207     type: string
  208     description: id of the trust which is used by the trustee
  209     hidden: true
  210 
  211   auth_url:
  212     type: string
  213     description: >
  214       url for keystone, must be v2 since k8s backend only support v2
  215       at this point
  216 
  217   insecure_registry_url:
  218     type: string
  219     description: insecure registry url
  220 
  221   container_infra_prefix:
  222     type: string
  223     description: >
  224       prefix of container images used in the cluster, kubernetes components,
  225       kubernetes-dashboard, coredns etc
  226 
  227   dns_service_ip:
  228     type: string
  229     description: >
  230       address used by Kubernetes DNS service
  231 
  232   dns_cluster_domain:
  233     type: string
  234     description: >
  235       domain name for cluster DNS
  236 
  237   openstack_ca:
  238     type: string
  239     description: The OpenStack CA certificate to install on the node.
  240 
  241   nodes_server_group_id:
  242     type: string
  243     description: ID of the server group for kubernetes cluster nodes.
  244 
  245   availability_zone:
  246     type: string
  247     description: >
  248       availability zone for master and nodes
  249     default: ""
  250 
  251   pods_network_cidr:
  252     type: string
  253     description: Configure the IP pool/range from which pod IPs will be chosen
  254 
  255   kubelet_options:
  256     type: string
  257     description: >
  258       additional options to be passed to the kubelet
  259 
  260   kubeproxy_options:
  261     type: string
  262     description: >
  263       additional options to be passed to the kube proxy
  264 
  265   octavia_enabled:
  266     type: boolean
  267     description: >
  268       whether or not to use Octavia for LoadBalancer type service.
  269     default: False
  270 
  271   cloud_provider_enabled:
  272     type: boolean
  273     description: Enable or disable the openstack kubernetes cloud provider
  274 
  275   heat_container_agent_tag:
  276     type: string
  277     description: tag of the heat_container_agent system container
  278 
  279   auto_healing_enabled:
  280     type: boolean
  281     description: >
  282       true if the auto healing feature should be enabled
  283 
  284 resources:
  285 
  286   start_container_agent:
  287     type: OS::Heat::SoftwareConfig
  288     properties:
  289       group: ungrouped
  290       config: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh}
  291 
  292   minion_wait_handle:
  293     type: OS::Heat::WaitConditionHandle
  294 
  295   minion_wait_condition:
  296     type: OS::Heat::WaitCondition
  297     depends_on: kube-minion
  298     properties:
  299       handle: {get_resource: minion_wait_handle}
  300       timeout: {get_param: wait_condition_timeout}
  301 
  302   ######################################################################
  303   #
  304   # software configs.  these are components that are combined into
  305   # a multipart MIME user-data archive.
  306   #
  307 
  308   write_heat_params:
  309     type: OS::Heat::SoftwareConfig
  310     properties:
  311       group: ungrouped
  312       config:
  313         str_replace:
  314           template: {get_file: ../../common/templates/kubernetes/fragments/write-heat-params.yaml}
  315           params:
  316             $INSTANCE_NAME: {get_param: name}
  317             $PROMETHEUS_MONITORING: {get_param: prometheus_monitoring}
  318             $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
  319             $KUBE_MASTER_IP: {get_param: kube_master_ip}
  320             $KUBE_API_PORT: {get_param: kubernetes_port}
  321             $KUBE_NODE_PUBLIC_IP: {get_attr: [kube_minion_floating, floating_ip_address]}
  322             $KUBE_NODE_IP: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
  323             $ETCD_SERVER_IP: {get_param: etcd_server_ip}
  324             $DOCKER_VOLUME: {get_resource: docker_volume}
  325             $DOCKER_VOLUME_SIZE: {get_param: docker_volume_size}
  326             $DOCKER_STORAGE_DRIVER: {get_param: docker_storage_driver}
  327             $CGROUP_DRIVER: {get_param: cgroup_driver}
  328             $NETWORK_DRIVER: {get_param: network_driver}
  329             $REGISTRY_ENABLED: {get_param: registry_enabled}
  330             $REGISTRY_PORT: {get_param: registry_port}
  331             $SWIFT_REGION: {get_param: swift_region}
  332             $REGISTRY_CONTAINER: {get_param: registry_container}
  333             $REGISTRY_INSECURE: {get_param: registry_insecure}
  334             $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
  335             $TLS_DISABLED: {get_param: tls_disabled}
  336             $VERIFY_CA: {get_param: verify_ca}
  337             $CLUSTER_UUID: {get_param: cluster_uuid}
  338             $MAGNUM_URL: {get_param: magnum_url}
  339             $USERNAME: {get_param: username}
  340             $PASSWORD: {get_param: password}
  341             $VOLUME_DRIVER: {get_param: volume_driver}
  342             $REGION_NAME: {get_param: region_name}
  343             $HTTP_PROXY: {get_param: http_proxy}
  344             $HTTPS_PROXY: {get_param: https_proxy}
  345             $NO_PROXY: {get_param: no_proxy}
  346             $KUBE_TAG: {get_param: kube_tag}
  347             $FLANNEL_NETWORK_CIDR: {get_param: flannel_network_cidr}
  348             $PODS_NETWORK_CIDR: {get_param: pods_network_cidr}
  349             $KUBE_VERSION: {get_param: kube_version}
  350             $WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
  351             $TRUSTEE_USER_ID: {get_param: trustee_user_id}
  352             $TRUSTEE_USERNAME: {get_param: trustee_username}
  353             $TRUSTEE_PASSWORD: {get_param: trustee_password}
  354             $TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id}
  355             $TRUST_ID: {get_param: trust_id}
  356             $AUTH_URL: {get_param: auth_url}
  357             $CLOUD_PROVIDER_ENABLED: {get_param: cloud_provider_enabled}
  358             $INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
  359             $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
  360             $DNS_SERVICE_IP: {get_param: dns_service_ip}
  361             $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
  362             $KUBELET_OPTIONS: {get_param: kubelet_options}
  363             $KUBEPROXY_OPTIONS: {get_param: kubeproxy_options}
  364             $OCTAVIA_ENABLED: {get_param: octavia_enabled}
  365             $HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
  366             $AUTO_HEALING_ENABLED: {get_param: auto_healing_enabled}
  367 
  368 
  369   install_openstack_ca:
  370     type: OS::Heat::SoftwareConfig
  371     properties:
  372       group: ungrouped
  373       config:
  374         str_replace:
  375           params:
  376             $OPENSTACK_CA: {get_param: openstack_ca}
  377           template: {get_file: ../../common/templates/fragments/atomic-install-openstack-ca.sh}
  378 
  379   write_kube_os_config:
  380     type: OS::Heat::SoftwareConfig
  381     properties:
  382       group: ungrouped
  383       config: {get_file: ../../common/templates/kubernetes/fragments/write-kube-os-config.sh}
  384 
  385   make_cert:
  386     type: OS::Heat::SoftwareConfig
  387     properties:
  388       group: ungrouped
  389       config: {get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh}
  390 
  391   configure_docker_storage:
  392     type: OS::Heat::SoftwareConfig
  393     properties:
  394       group: ungrouped
  395       config:
  396         str_replace:
  397           params:
  398             $configure_docker_storage_driver: {get_file: ../../common/templates/fragments/configure_docker_storage_driver_atomic.sh}
  399           template: {get_file: ../../common/templates/fragments/configure-docker-storage.sh}
  400 
  401   configure_docker_registry:
  402     type: OS::Heat::SoftwareConfig
  403     properties:
  404       group: ungrouped
  405       config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh}
  406 
  407   configure_kubernetes_minion:
  408     type: OS::Heat::SoftwareConfig
  409     properties:
  410       group: ungrouped
  411       config: {get_file: ../../common/templates/kubernetes/fragments/configure-kubernetes-minion.sh}
  412 
  413   enable_services:
  414     type: OS::Heat::SoftwareConfig
  415     properties:
  416       group: ungrouped
  417       config: {get_file: ../../common/templates/kubernetes/fragments/enable-services-minion.sh}
  418 
  419   enable_docker_registry:
  420     type: OS::Heat::SoftwareConfig
  421     properties:
  422       group: ungrouped
  423       config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
  424 
  425   minion_wc_notify:
  426     type: OS::Heat::SoftwareConfig
  427     properties:
  428       group: ungrouped
  429       config:
  430         str_replace:
  431           template: |
  432             #!/bin/bash -v
  433             if [ "verify_ca" == "True" ]; then
  434                 VERIFY_CA=""
  435             else
  436                 VERIFY_CA="-k"
  437             fi
  438             wc_notify $VERIFY_CA --data-binary '{"status": "SUCCESS"}'
  439           params:
  440             wc_notify: {get_attr: [minion_wait_handle, curl_cli]}
  441             verify_ca: {get_param: verify_ca}
  442 
  443   disable_selinux:
  444     type: OS::Heat::SoftwareConfig
  445     properties:
  446       group: ungrouped
  447       config: {get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh}
  448 
  449   add_proxy:
  450     type: OS::Heat::SoftwareConfig
  451     properties:
  452       group: ungrouped
  453       config: {get_file: ../../common/templates/kubernetes/fragments/add-proxy.sh}
  454 
  455   kube_minion_init:
  456     type: OS::Heat::MultipartMime
  457     properties:
  458       parts:
  459         - config: {get_resource: install_openstack_ca}
  460         - config: {get_resource: disable_selinux}
  461         - config: {get_resource: write_heat_params}
  462         - config: {get_resource: start_container_agent}
  463         - config: {get_resource: write_kube_os_config}
  464         - config: {get_resource: make_cert}
  465         - config: {get_resource: configure_docker_storage}
  466         - config: {get_resource: configure_docker_registry}
  467         - config: {get_resource: configure_kubernetes_minion}
  468         - config: {get_resource: add_proxy}
  469         - config: {get_resource: enable_services}
  470         - config: {get_resource: enable_docker_registry}
  471         - config: {get_resource: minion_wc_notify}
  472 
  473   ######################################################################
  474   #
  475   # a single kubernetes minion.
  476   #
  477 
  478   # do NOT use "_" (underscore) in the Nova server name
  479   # it creates a mismatch between the generated Nova name and its hostname
  480   # which can lead to weird problems
  481   kube-minion:
  482     type: OS::Nova::Server
  483     properties:
  484       name: {get_param: name}
  485       image: {get_param: server_image}
  486       flavor: {get_param: minion_flavor}
  487       key_name: {get_param: ssh_key_name}
  488       user_data_format: RAW
  489       user_data: {get_resource: kube_minion_init}
  490       networks:
  491         - port: {get_resource: kube_minion_eth0}
  492       scheduler_hints: { group: { get_param: nodes_server_group_id }}
  493       availability_zone: {get_param: availability_zone}
  494 
  495   kube_minion_eth0:
  496     type: OS::Neutron::Port
  497     properties:
  498       network: {get_param: fixed_network}
  499       security_groups:
  500         - get_param: secgroup_kube_minion_id
  501       fixed_ips:
  502         - subnet: {get_param: fixed_subnet}
  503       allowed_address_pairs:
  504         - ip_address: {get_param: pods_network_cidr}
  505       replacement_policy: AUTO
  506 
  507   kube_minion_floating:
  508     type: Magnum::Optional::KubeMinion::Neutron::FloatingIP
  509     properties:
  510       floating_network: {get_param: external_network}
  511       port_id: {get_resource: kube_minion_eth0}
  512 
  513   ######################################################################
  514   #
  515   # docker storage.  This allocates a cinder volume and attaches it
  516   # to the minion.
  517   #
  518 
  519   docker_volume:
  520     type: Magnum::Optional::Cinder::Volume
  521     properties:
  522       size: {get_param: docker_volume_size}
  523       volume_type: {get_param: docker_volume_type}
  524 
  525   docker_volume_attach:
  526     type: Magnum::Optional::Cinder::VolumeAttachment
  527     properties:
  528       instance_uuid: {get_resource: kube-minion}
  529       volume_id: {get_resource: docker_volume}
  530       mountpoint: /dev/vdb
  531 
  532 outputs:
  533 
  534   kube_minion_ip:
  535     value: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
  536     description: >
  537       This is the "public" IP address of the Kubernetes minion node.
  538 
  539   kube_minion_external_ip:
  540     value: {get_attr: [kube_minion_floating, floating_ip_address]}
  541     description: >
  542       This is the "public" IP address of the Kubernetes minion node.
  543 
  544   ######################################################################
  545   #
  546   # NOTE(flwang): Returning the minion node server ID here so that
  547   # consumer can send API request to Heat to remove a particular
  548   # node with removal_policies. Otherwise, the consumer (e.g. AutoScaler)
  549   # has to use index to do the remove which is confusing out of the
  550   # OpenStack world.
  551   # https://storyboard.openstack.org/#!/story/2005054
  552   #
  553   ######################################################################
  554 
  555   OS::stack_id:
  556     value: { get_resource: kube-minion }
  557     description: >
  558       This is the Nova server id of the node.