Merge "Enable netchecker to use etcd"
diff --git a/kubernetes/files/calico/network-environment.pool b/kubernetes/files/calico/network-environment.pool
index c834b3f..5607e65 100644
--- a/kubernetes/files/calico/network-environment.pool
+++ b/kubernetes/files/calico/network-environment.pool
@@ -4,7 +4,7 @@
DEFAULT_IPV4={{ pool.address }}
# The Kubernetes master IP
-KUBERNETES_MASTER={{ pool.apiserver.host }}:{{ pool.apiserver.get('port', '443') }}
+KUBERNETES_MASTER={{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
# IP and port of etcd instance used by Calico
ETCD_ENDPOINTS={% for member in pool.network.etcd.members %}http://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %}
diff --git a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
index 01eae39..c34a1a1 100644
--- a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
+++ b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
@@ -81,7 +81,7 @@
initialDelaySeconds: 3
timeoutSeconds: 5
args:
- - --domain={{ common.addons.dns.domain }}.
+ - --domain={{ common.addons.dns.domain|replace('_', '-') }}.
- --dns-port=10053
- --config-map=kube-dns
- -v=2
@@ -141,8 +141,8 @@
args:
- --v=2
- --logtostderr
- - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ common.addons.dns.domain }},5,A
- - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ common.addons.dns.domain }},5,A
+ - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ common.addons.dns.domain|replace('_', '-') }},5,A
+ - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ common.addons.dns.domain|replace('_', '-') }},5,A
ports:
- containerPort: 10054
name: metrics
diff --git a/kubernetes/files/kube-controller-manager/controller-manager.kubeconfig b/kubernetes/files/kube-controller-manager/controller-manager.kubeconfig
index d65c770..9ec6761 100644
--- a/kubernetes/files/kube-controller-manager/controller-manager.kubeconfig
+++ b/kubernetes/files/kube-controller-manager/controller-manager.kubeconfig
@@ -8,7 +8,7 @@
clusters:
- cluster:
certificate-authority: /etc/kubernetes/ssl/ca-kubernetes.crt
- server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.get('port', '443') }}
+ server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
name: {{ common.cluster_name }}
contexts:
- context:
diff --git a/kubernetes/files/kube-proxy/proxy.kubeconfig b/kubernetes/files/kube-proxy/proxy.kubeconfig
index 773c177..307daf8 100644
--- a/kubernetes/files/kube-proxy/proxy.kubeconfig
+++ b/kubernetes/files/kube-proxy/proxy.kubeconfig
@@ -8,7 +8,7 @@
clusters:
- cluster:
certificate-authority: /etc/kubernetes/ssl/ca-kubernetes.crt
- server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.get('port', '443') }}
+ server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
name: {{ common.cluster_name }}
contexts:
- context:
diff --git a/kubernetes/files/kube-scheduler/scheduler.kubeconfig b/kubernetes/files/kube-scheduler/scheduler.kubeconfig
index 26ba1de..8a87e39 100644
--- a/kubernetes/files/kube-scheduler/scheduler.kubeconfig
+++ b/kubernetes/files/kube-scheduler/scheduler.kubeconfig
@@ -7,7 +7,7 @@
clusters:
- cluster:
certificate-authority: /etc/kubernetes/ssl/ca-kubernetes.crt
- server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.port|default('443') }}
+ server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
name: {{ common.cluster_name }}
contexts:
- context:
diff --git a/kubernetes/files/kubelet/default.master b/kubernetes/files/kubelet/default.master
index 5367da1..1543200 100644
--- a/kubernetes/files/kubelet/default.master
+++ b/kubernetes/files/kubelet/default.master
@@ -6,7 +6,7 @@
--pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged={{ master.kubelet.allow_privileged }} \
--cluster_dns={{ common.addons.dns.server }} \
---cluster_domain={{ common.addons.dns.domain }} \
+--cluster_domain={{ common.addons.dns.domain|replace('_', '-') }} \
--cni-bin-dir={{ master.apiserver.get('cni_bin_dir', '/opt/cni/bin') }} \
--v={{ master.get('verbosity', 2) }} \
--node-labels=node-role.kubernetes.io/master=true \
diff --git a/kubernetes/files/kubelet/default.pool b/kubernetes/files/kubelet/default.pool
index 987c7e4..1bbeb1a 100644
--- a/kubernetes/files/kubelet/default.pool
+++ b/kubernetes/files/kubelet/default.pool
@@ -8,7 +8,7 @@
--pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged={{ pool.kubelet.allow_privileged }} \
--cluster_dns={{ common.addons.dns.server }} \
---cluster_domain={{ common.addons.dns.domain }} \
+--cluster_domain={{ common.addons.dns.domain|replace('_', '-') }} \
--cni-bin-dir={{ pool.apiserver.get('cni_bin_dir', '/opt/cni/bin') }} \
--v={{ pool.get('verbosity', 2) }} \
--node-labels=node-role.kubernetes.io/node=true \
diff --git a/kubernetes/files/kubelet/kubelet.kubeconfig.master b/kubernetes/files/kubelet/kubelet.kubeconfig.master
index 7cd76dc..3c70ded 100644
--- a/kubernetes/files/kubelet/kubelet.kubeconfig.master
+++ b/kubernetes/files/kubelet/kubelet.kubeconfig.master
@@ -7,7 +7,7 @@
clusters:
- cluster:
certificate-authority: /etc/kubernetes/ssl/ca-kubernetes.crt
- server: https://{{ master.apiserver.address }}:{{ master.apiserver.get('secure_port', '443') }}
+ server: https://{{ master.apiserver.address }}:{{ master.apiserver.secure_port }}
name: {{ common.cluster_name }}
contexts:
- context:
diff --git a/kubernetes/files/kubelet/kubelet.kubeconfig.pool b/kubernetes/files/kubelet/kubelet.kubeconfig.pool
index 37ce67e..3228ea6 100644
--- a/kubernetes/files/kubelet/kubelet.kubeconfig.pool
+++ b/kubernetes/files/kubelet/kubelet.kubeconfig.pool
@@ -7,7 +7,7 @@
clusters:
- cluster:
certificate-authority: /etc/kubernetes/ssl/ca-kubernetes.crt
- server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.get('port', '443') }}
+ server: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
name: {{ common.cluster_name }}
contexts:
- context:
diff --git a/kubernetes/files/manifest/kube-apiserver.manifest b/kubernetes/files/manifest/kube-apiserver.manifest
index 353cea1..b363766 100644
--- a/kubernetes/files/manifest/kube-apiserver.manifest
+++ b/kubernetes/files/manifest/kube-apiserver.manifest
@@ -24,7 +24,7 @@
--basic-auth-file=/srv/kubernetes/basic_auth.csv
--tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt
--tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
- --secure-port={{ master.apiserver.get('secure_port', '443') }}
+ --secure-port={{ master.apiserver.secure_port }}
--bind-address={{ master.apiserver.address }}
--token-auth-file=/srv/kubernetes/known_tokens.csv
--apiserver-count={{ master.apiserver.get('count', 1) }}
@@ -43,17 +43,17 @@
httpGet:
host: 127.0.0.1
path: /healthz
- port: {{ master.apiserver.get('insecure_port', '8080') }}
+ port: {{ master.apiserver.insecure_port }}
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
ports:
- - containerPort: {{ master.apiserver.get('secure_port', '443') }}
- hostPort: {{ master.apiserver.get('secure_port', '443') }}
+ - containerPort: {{ master.apiserver.secure_port }}
+ hostPort: {{ master.apiserver.secure_port }}
name: https
protocol: TCP
- - containerPort: {{ master.apiserver.get('insecure_port', '8080') }}
- hostPort: {{ master.apiserver.get('insecure_port', '8080') }}
+ - containerPort: {{ master.apiserver.insecure_port }}
+ hostPort: {{ master.apiserver.insecure_port }}
name: local
protocol: TCP
resources:
diff --git a/kubernetes/files/manifest/kube-proxy.manifest.pool b/kubernetes/files/manifest/kube-proxy.manifest.pool
index 7044c7c..2fb1118 100644
--- a/kubernetes/files/manifest/kube-proxy.manifest.pool
+++ b/kubernetes/files/manifest/kube-proxy.manifest.pool
@@ -19,7 +19,8 @@
--logtostderr=true
--v={{ pool.get('verbosity', 2) }}
--kubeconfig=/etc/kubernetes/proxy.kubeconfig
- --master={%- if pool.apiserver.insecure.enabled %}http://{{ pool.apiserver.host }}:8080{%- else %}https://{{ pool.apiserver.host }}:{{ pool.apiserver.get('port', '443') }}{%- endif %}
+ --master={%- if pool.apiserver.insecure.enabled %}http://{{
+pool.apiserver.host }}:{{ pool.apiserver.insecure_port }}{%- else %}https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}{%- endif %}
{%- if pool.network.engine == 'calico' %}
--proxy-mode=iptables
{%- endif %}
diff --git a/kubernetes/files/opencontrail/4.0/contrail-kubernetes.conf b/kubernetes/files/opencontrail/4.0/contrail-kubernetes.conf
index 16a68d5..14aafbe 100644
--- a/kubernetes/files/opencontrail/4.0/contrail-kubernetes.conf
+++ b/kubernetes/files/opencontrail/4.0/contrail-kubernetes.conf
@@ -2,7 +2,7 @@
[KUBERNETES]
kubernetes_api_server={{ master.apiserver.insecure_address }}
kubernetes_api_port={{ master.apiserver.insecure_port }}
-kubernetes_api_secure_port=443
+kubernetes_api_secure_port={{ master.apiserver.secure_port }}
service_subnets={{ master.network.get('service_subnets', '10.96.0.0/12') }}
pod_subnets={{ master.network.get('pod_subnets', '10.32.0.0/12') }}
cluster_name={{ master.network.get('cluster_name', 'default') }}
@@ -56,4 +56,4 @@
auth_token_url={{ master.network.identity.get('auth_token_url', None) }}
auth_user={{ master.network.identity.get('auth_user', 'admin') }}
auth_password={{ master.network.identity.get('auth_token_url', 'admin') }}
-auth_tenant={{ master.network.identity.get('auth_token_url', 'admin') }}
\ No newline at end of file
+auth_tenant={{ master.network.identity.get('auth_token_url', 'admin') }}
diff --git a/kubernetes/files/virtlet/kubelet.conf b/kubernetes/files/virtlet/kubelet.conf
index db0baa4..f8cf16d 100644
--- a/kubernetes/files/virtlet/kubelet.conf
+++ b/kubernetes/files/virtlet/kubelet.conf
@@ -32,7 +32,7 @@
"clusterDNS": [
"10.254.0.10"
],
- "clusterDomain": "{{ common.cluster_domain }}",
+ "clusterDomain": "{{ common.cluster_domain|replace('_', '-') }}",
"cniBinDir": "/opt/cni/bin",
"cniConfDir": "",
"containerRuntime": "docker",
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index d15ab32..9e79926 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -86,8 +86,8 @@
--client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
--etcd-quorum-read=true
--insecure-bind-address={{ master.apiserver.insecure_address }}
- --insecure-port={{ master.apiserver.get('insecure_port', '8080') }}
- --secure-port={{ master.apiserver.get('secure_port', '443') }}
+ --insecure-port={{ master.apiserver.insecure_port }}
+ --secure-port={{ master.apiserver.secure_port }}
--service-cluster-ip-range={{ master.service_addresses }}
--tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt
--tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
diff --git a/kubernetes/master/setup.sls b/kubernetes/master/setup.sls
index 7c852ec..82af347 100644
--- a/kubernetes/master/setup.sls
+++ b/kubernetes/master/setup.sls
@@ -64,7 +64,7 @@
- name: {{ label.key }}
- value: {{ label.value }}
- node: {{ label.node }}
- - apiserver: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.get('insecure_port', '8080') }}
+ - apiserver: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.insecure_port }}
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
@@ -75,7 +75,7 @@
k8s.label_absent:
- name: {{ label.key }}
- node: {{ label.node }}
- - apiserver: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.get('insecure_port', '8080') }}
+ - apiserver: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.insecure_port }}
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
diff --git a/kubernetes/meta/collectd.yml b/kubernetes/meta/collectd.yml
index 38baf4f..50ebbe9 100644
--- a/kubernetes/meta/collectd.yml
+++ b/kubernetes/meta/collectd.yml
@@ -31,7 +31,7 @@
apiserver:
expected_code: 200
expected_content: ok
- url: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.get('insecure_port', '8080') }}/healthz
+ url: http://{{ master.apiserver.insecure_address }}:{{ master.apiserver.insecure_port }}/healthz
metric_name: k8s_service_health
scheduler:
expected_code: 200
@@ -101,7 +101,7 @@
verify: false
client_cert: /etc/kubernetes/ssl/kubelet-client.crt
client_key: /etc/kubernetes/ssl/kubelet-client.key
- url: https://{{ pool.apiserver.host }}:{{ pool.apiserver.port|default('443') }}/healthz
+ url: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}/healthz
metric_name: k8s_service_health_vip
collectd_k8s_get:
plugin: python
@@ -111,5 +111,5 @@
verify: false
client_cert: /etc/kubernetes/ssl/kubelet-client.crt
client_key: /etc/kubernetes/ssl/kubelet-client.key
- endpoint: https://{{ pool.apiserver.host }}:{{ pool.apiserver.port|default('443') }}
+ endpoint: https://{{ pool.apiserver.host }}:{{ pool.apiserver.secure_port }}
{%- endif %}
diff --git a/kubernetes/meta/prometheus.yml b/kubernetes/meta/prometheus.yml
index a8f71cc..df0ee76 100644
--- a/kubernetes/meta/prometheus.yml
+++ b/kubernetes/meta/prometheus.yml
@@ -11,6 +11,11 @@
server:
{%- if network.get('engine', '') == 'calico' and network.get('prometheus', {}).get('enabled', False) %}
target:
+ kubernetes:
+ enabled: true
+ api_ip: ${_param:kubernetes_control_address}
+ cert_name: prometheus-server.crt
+ key_name: prometheus-server.key
static:
calico:
endpoint:
diff --git a/metadata/service/pool/cluster.yml b/metadata/service/pool/cluster.yml
index 26122f0..b529623 100644
--- a/metadata/service/pool/cluster.yml
+++ b/metadata/service/pool/cluster.yml
@@ -13,9 +13,10 @@
name: ${linux:system:name}
apiserver:
host: ${_param:cluster_vip_address}
- port: 443
+ secure_port: 443
insecure:
enabled: True
+ insecure_port: 8080
members:
- host: ${_param:cluster_vip_address}
# Temporary disabled until kubelet HA would be fixed
diff --git a/metadata/service/pool/single.yml b/metadata/service/pool/single.yml
index 4e7a736..0d4085b 100644
--- a/metadata/service/pool/single.yml
+++ b/metadata/service/pool/single.yml
@@ -13,15 +13,16 @@
name: ${linux:system:name}
apiserver:
host: ${_param:master_address}
- port: 443
+ secure_port: 443
insecure:
enabled: True
+ insecure_port: 8080
members:
- host: ${_param:master_address}
address: 0.0.0.0
cluster_dns: 10.254.0.10
allow_privileged: True
- cluster_domain: ${param:kubernetes_cluster_domain}
+ cluster_domain: ${_param:kubernetes_cluster_domain}
kubelet:
config: /etc/kubernetes/manifests
allow_privileged: True
diff --git a/tests/pillar/pool_cluster.sls b/tests/pillar/pool_cluster.sls
index 34e62d5..b9e7840 100644
--- a/tests/pillar/pool_cluster.sls
+++ b/tests/pillar/pool_cluster.sls
@@ -29,8 +29,10 @@
name: ${linux:system:name}
apiserver:
host: 127.0.0.1
+ secure_port: 443
insecure:
enabled: True
+ insecure_port: 8080
members:
- host: 127.0.0.1
- host: 127.0.0.1
diff --git a/tests/pillar/pool_contrail4_0.sls b/tests/pillar/pool_contrail4_0.sls
index 0426faf..ea4426a 100644
--- a/tests/pillar/pool_contrail4_0.sls
+++ b/tests/pillar/pool_contrail4_0.sls
@@ -29,8 +29,10 @@
name: ${linux:system:name}
apiserver:
host: 127.0.0.1
+ secure_port: 443
insecure:
enabled: True
+ insecure_port: 8080
members:
- host: 127.0.0.1
- host: 127.0.0.1